RU version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
79% Positive
Analyzed from 1364 words in the discussion.
Trending Topics
#devices#mac#car#bluetooth#more#lot#device#already#tracking#ble
Discussion (29 Comments)Read Original on HackerNews
Most WiFi chipsets use hardware based MAC layer, so promiscuous monitoring / sniffing is not possible on virtually every embedded module. There were a few chipsets, known as SoftMAC where linux drivers did the MAC layer, in which you could truly sniff the air for all traffic and capture a whole lot of MAC addresses. That was much more useful, but requires more CPU and specific older hardware. If you have a permanent power source like in a ALPR that isn't as much of a concern. I don't know of any companies that really did this though. Almost all our competitors used solutions that only supported the usual device discovery, which relies on BT being discoverable, or AP mode WiFi in order to track a MAC address. It's really easy to market though, it sounds great on paper. In practice the results are less than stellar and with time got even worse as vendors stopped being discoverable by default, and handsets started using used dynamic MAC addresses
Hah! I wish this were true. The overwhelming majority of BLE widgets don't use resolvable random private addresses. They could, they just don't. A huge share of the industry is just copy-pasting Nordic sample code until they have a shippable product, and last I checked, exactly one (1) Nordic sample project enables RRPAs. Nordic treats it as an edge case, and everyone else follows along.
And that's besides the issue that the RRPA rotation algorithm is pretty contrived. I'd be shocked if some three-letter hasn't already built a tool for tracking devices that use it.
Right, but the mac is randomized every 15 min, which makes tracking hard to pull off.
Probably do the same thing when you go into retail stores. just flood the place with every possible identification.
Maybe an easier solution is just write something that spoofs hundreds of fake ids and sends them out constantly where ever you go; bonus points if you can create IDs that can break the devices when they try to parse it.
On the other hand, I'd bet for under $10 you could build something with an ESP32 and a battery and solar panel that could spoof signals these things will believe all day.
I'd start with transmitting signals with MAC vendor prefixes identifying Axon Tasers and Bodycams. Make it look like there's thousands of cops going past every day.
I'd love it if someone managed to get a bluetooth and wifi sniffer close enough to the CEO of Flock and publish that fingerprint. Or sneak a sniffer into a Flock board meeting and sniff out all the board members and c suite's devices. Or a meeting of local politicians and cops who're supporting and paying for this. I mean, that can't possibly be illegal or even wrong, if they're doing it wholesale, right?
Flipper Zero has Bluetooth built in, that's how the phone app works.
I don't know how much control the apps have over it, but there were definitely Flipper apps to abuse the BLE auto-pairing feature of a lot of devices and spam popups to nearby phones.
I used to go pop teslas all the time but that got old
I can remember in the late 1990's Berkeley Public Library was considering adding RFID tags to the books as asset tags. The public push-back was significant and surprising at the time. Freedom-loving library patrons were concerned about nefarious tracking. Proponents of the new tags thought that the concept of tracking people or the books they read was rooted in paranoia.
Not impossible, but it feels pretty unlikely that'd work inside the enclosure of a typical ALPR camera and at the distances devices would typically be away from them. Not without national security or military budgets at least. (Although perhaps that have that kind of budget? I mean one insular and NIMBY tech billionaire could pay for that in their San Francisco neighborhood. Possible already has, perhaps that where this company came from?)
Unless they're hoping my AirPods are in pairing mode all of the time and they're going to track the name "mikeocool's AirPods."
If I’m away from my car later, I’m just a guy walking around with 3 Apple devices (or two if I forget my phone in the car).
And all along, the people will say they had no idea what was really happening that they kept voting for, while deep down, they knew exactly what they were voting for and why. And that description doesn’t apply to a single party. If you disagree with either sides totalitarianism and their march toward it, you will eventually be branded and potentially arrested on whatever charge will prevent you from voting in the future. Or at least that’s how it goes any/everywhere else that has gone down that path. Hopefully cooler heads in both parties prevail. It always saddens me that the non-“decision makers” of both parties don’t just band together to get things done they both can agree on (which is a lot). There is a lot more people at the bottom than the top in those houses, yet they both willingly kiss the ring of their leaders.
Sure, but now you can track someone from their car through public transport, shops and god knows wherever else someone placed a sniffer.
And no, randomization doesn't help, because in the end the Find My beacons have to resolve down to some common identifier otherwise the "an unknown device has been following you for 2 hours" warning would not work.
It's illegal in most states to place a listening device in public that captures private conversations, this is basically no different.