Rendered at 11:06:10 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
icameron 13 hours ago [-]
I was in the space 10 years ago with a product. Primarily Bluetooth, later BLE and WiFi. At that time most consumer devices were constantly discoverable. About 3-5% of traffic would have a disoverable MAC. These days not so many. iPhones never are discoverable unless you are in pairing mode. BLE broadcasts beacons much more consistently and generates a lot of data to filter, but they also change MACs.
Most WiFi chipsets use hardware based MAC layer, so promiscuous monitoring / sniffing is not possible on virtually every embedded module. There were a few chipsets, known as SoftMAC where linux drivers did the MAC layer, in which you could truly sniff the air for all traffic and capture a whole lot of MAC addresses. That was much more useful, but requires more CPU and specific older hardware. If you have a permanent power source like in a ALPR that isn't as much of a concern. I don't know of any companies that really did this though. Almost all our competitors used solutions that only supported the usual device discovery, which relies on BT being discoverable, or AP mode WiFi in order to track a MAC address. It's really easy to market though, it sounds great on paper. In practice the results are less than stellar and with time got even worse as vendors stopped being discoverable by default, and handsets started using used dynamic MAC addresses
ryukoposting 12 hours ago [-]
> BLE broadcasts beacons much more consistently and generates a lot of data to filter, but they also change MACs.
Hah! I wish this were true. The overwhelming majority of BLE widgets don't use resolvable random private addresses. They could, they just don't. A huge share of the industry is just copy-pasting Nordic sample code until they have a shippable product, and last I checked, exactly one (1) Nordic sample project enables RRPAs. Nordic treats it as an edge case, and everyone else follows along.
And that's besides the issue that the RRPA rotation algorithm is pretty contrived. I'd be shocked if some three-letter hasn't already built a tool for tracking devices that use it.
GlitchRider47 13 hours ago [-]
Using AirGuard on Android, I'm able to detect iPhones around me even when they are not in pairing mode.
gruez 12 hours ago [-]
>I'm able to detect iPhones around me even when they are not in pairing mode.
Right, but the mac is randomized every 15 min, which makes tracking hard to pull off.
"Tesla cars with enabled 'Phone Key' feature transmit a unique identifier, that can be detected using Bluetooth® Wireless Technology." ...
analogpixel 12 hours ago [-]
Program your flipper0 to record all wireless identifications for a few weeks. hook broadcaster to amplifier and attach to your car playing all the time. Every time you drive by one of these, it'll look like a parade just went by.
Probably do the same thing when you go into retail stores. just flood the place with every possible identification.
Maybe an easier solution is just write something that spoofs hundreds of fake ids and sends them out constantly where ever you go; bonus points if you can create IDs that can break the devices when they try to parse it.
bigiain 12 hours ago [-]
Flipper Zero (without extra hardware) doesn't do 2.4 GHz for Bluetooth or Wi-Fi (or 5GHz Wi-Fi).
On the other hand, I'd bet for under $10 you could build something with an ESP32 and a battery and solar panel that could spoof signals these things will believe all day.
I'd start with transmitting signals with MAC vendor prefixes identifying Axon Tasers and Bodycams. Make it look like there's thousands of cops going past every day.
I'd love it if someone managed to get a bluetooth and wifi sniffer close enough to the CEO of Flock and publish that fingerprint. Or sneak a sniffer into a Flock board meeting and sniff out all the board members and c suite's devices. Or a meeting of local politicians and cops who're supporting and paying for this. I mean, that can't possibly be illegal or even wrong, if they're doing it wholesale, right?
wolrah 11 hours ago [-]
> Flipper Zero (without extra hardware) doesn't do 2.4 GHz for Bluetooth or Wi-Fi (or 5GHz Wi-Fi).
Flipper Zero has Bluetooth built in, that's how the phone app works.
I don't know how much control the apps have over it, but there were definitely Flipper apps to abuse the BLE auto-pairing feature of a lot of devices and spam popups to nearby phones.
ssl-3 10 hours ago [-]
Your method sounds like a good way to inject noise into the system -- and perhaps it is. Except the article describes integrating this MAC-sniffing business into ALPR camera installations.
In this way: You drive by with your noisemaking-device, and it records that noise along with the presence of your license plate.
It won't take a senior data analyst to correlate the bursts of noise with your proximity. Instead, you'll stand out like a sore thumb and they'll see you coming even before they have optical line-of-sight.
(It could scale, but as a practical matter it simply won't. Most people aren't interested in this kind of obfuscation; it'd be amazing to me if even 1/10,000 people were to actually adopt it. This level of rarity would identify you as one of the 0.01% of troublemakers.)
Peacefulz 2 hours ago [-]
I totally agree with the sentiment that interested parties are few and far between, but they exist. I have several disparate layers of obfuscation on the data I generate that I have control over. I understand that that is a signal in itself, but I'd rather my signal be a fog than rich data points.
My wife calls it paranoia but I call it protest.
ssl-3 2 hours ago [-]
Noises that are easy to identify also tend to be easy to eliminate.
I wish I felt better about this idea, but it seems like it'll be very trivial to erase.
(But that doesn't mean you shouldn't do it!)
puppycodes 12 hours ago [-]
There are very few ways to fight stuff like this and 100% agree this is a good one. I predict we are gonna need so much more of this type of obfuscation to just live our lives normally.
fuzzfactor 9 hours ago [-]
>Every time you drive by one of these, it'll look like a parade just went by.
What's needed is a privacy non-profit that can park it right there and not just drive by.
Peacefulz 2 hours ago [-]
These are the comments I'm here for. We aren't powerless to this shit. We just have to get create with our protest.
stevenhubertron 11 hours ago [-]
Seems like a great use for Fable ;)
AndrewKemendo 12 hours ago [-]
I have a F0 but it’s been sitting in my drawer any links to good scripts to run for this?
I used to go pop teslas all the time but that got old
crumpled 13 hours ago [-]
According to the graphic, all RFID/NFC tags including pet microchips and your company badge will be associated with you too.
I can remember in the late 1990's Berkeley Public Library was considering adding RFID tags to the books as asset tags. The public push-back was significant and surprising at the time. Freedom-loving library patrons were concerned about nefarious tracking. Proponents of the new tags thought that the concept of tracking people or the books they read was rooted in paranoia.
ssl-3 9 hours ago [-]
That's cool.
As a reminder: Broadly speaking, RF-based TPMS systems on cars transmit their unique identities in the clear to anyone within earshot as part of how they work. (Not all use RF, but many do.)
Also: The tires themselves frequently have RFID embedded in them, as part of the inventory management systems used in their production and distribution.
bigiain 11 hours ago [-]
I wonder how theyre going to get that to work at range? I reckon you'd need pretty big and specialised antennas to have and hope of reading RFID or NFC off devices in a car going past a Flock surveillance camera. Even people walking past are going to be more that a few meters away, which is and order of magnitude further away that RFID and NFC are typically read from.
Not impossible, but it feels pretty unlikely that'd work inside the enclosure of a typical ALPR camera and at the distances devices would typically be away from them. Not without national security or military budgets at least. (Although perhaps that have that kind of budget? I mean one insular and NIMBY tech billionaire could pay for that in their San Francisco neighborhood. Possible already has, perhaps that where this company came from?)
m463 8 hours ago [-]
I wonder if they will instrument apps like waze to be promiscuous around these devices.
Then correlate things other places like at the entrance to the mall or at registers.
dabinat 12 hours ago [-]
MAC randomization is all well and good but that extra security is undercut if people name their device with their full name. It seems to be common with Apple devices especially. After seeing just how much data my neighbors were leaking with their device names, I name all of mine with nondescript names that do not identify me or the device.
11 hours ago [-]
mikeocool 13 hours ago [-]
Isn't it not really possible to uniquely identify most modern bluetooth devices this way? Specifically to prevent things like this.
Unless they're hoping my AirPods are in pairing mode all of the time and they're going to track the name "mikeocool's AirPods."
13 hours ago [-]
madaxe_again 13 hours ago [-]
They just need to link a cluster to you in the first place - say at a toll booth or drive-thru - where ANPR is already commonly deployed.
snailmailman 13 hours ago [-]
I thought most modern Bluetooth devices essentially randomize the Bluetooth MAC address periodically, specifically to prevent this sort of tracking? And random MAC addresses too on WiFi.
Rebelgecko 13 hours ago [-]
If someone has a half dozen BT devices on their person/in their car and they randomize MACs hourly (but not all at once) I bet you could still track people pretty accurately.
mikeocool 13 hours ago [-]
I wonder how much that actually helps. A license plate scanner and a camera can easily identify me in my car. What tracking advantage does “there are three (probably) Apple devices” in the car as well confer.
If I’m away from my car later, I’m just a guy walking around with 3 Apple devices (or two if I forget my phone in the car).
therealpygon 10 hours ago [-]
So that they can identify you and your friend ride together frequently and they need to make sure they can link you if you decide not to bring your work cell and AirPods to the “illegal” protest you rode with your friend to as part of your “domestic terror organization” since you and your friend also happened to go shooting at that gun range that one time for his birthday, and you were once in a Walmart with some other “co-conspirator”. The types of allegations that have already been used to smear citizens and officials alike. So yes, it is very helpful…to the “them”, not the “us”.
And all along, the people will say they had no idea what was really happening that they kept voting for, while deep down, they knew exactly what they were voting for and why. And that description doesn’t apply to a single party. If you disagree with either sides totalitarianism and their march toward it, you will eventually be branded and potentially arrested on whatever charge will prevent you from voting in the future. Or at least that’s how it goes any/everywhere else that has gone down that path. Hopefully cooler heads in both parties prevail. It always saddens me that the non-“decision makers” of both parties don’t just band together to get things done they both can agree on (which is a lot). There is a lot more people at the bottom than the top in those houses, yet they both willingly kiss the ring of their leaders.
mschuster91 13 hours ago [-]
> A license plate scanner and a camera can easily identify me in my car.
Sure, but now you can track someone from their car through public transport, shops and god knows wherever else someone placed a sniffer.
And no, randomization doesn't help, because in the end the Find My beacons have to resolve down to some common identifier otherwise the "an unknown device has been following you for 2 hours" warning would not work.
wolrah 11 hours ago [-]
> in the end the Find My beacons have to resolve down to some common identifier otherwise the "an unknown device has been following you for 2 hours" warning would not work.
Not really, this is actually pretty easy. If such a device beacons and a trusted device is within range the trusted device can respond to the beacon and let it know it's nearby, then it just counts up if not. X number of beacons with no response, set the "not near my trusted device" flag. Some other device sees X number of beacons with that flag set while moving around, send alert to the user.
mikeocool 11 hours ago [-]
Doesn’t the Find My stalking tracking work by connecting the the randomized id back to a unique device on Apple’s servers?
So yeah, if they subponea/coerce Apple (or Apple signs up willingly) they could track people individually.
But at that point we’re no longer talking about large scale tracking by an untrusted third party. Apple and my phone company have always been able to track me without getting license plate scanners involved.
josefritzishere 13 hours ago [-]
This feels illegal. If it's not, it probably should be.
RunningDroid 12 hours ago [-]
It should be, but the last time the US got new privacy regulation it was because an employee at a VHS rental store embarrassed a member of Congress by telling people what movies he'd rented.
puppycodes 12 hours ago [-]
This is essentially a wiretap.
It's illegal in most states to place a listening device in public that captures private conversations, this is basically no different.
batch12 10 hours ago [-]
Do they already gather TPMS data too?
0cf8612b2e1e 8 hours ago [-]
That’s usually attached to a rather bulky device with a legally mandated, visible unique identifier.
exabrial 8 hours ago [-]
This came in the name of safety, btw.
eestrada 10 hours ago [-]
Time to invest in a small Faraday bag to keep in the car.
chenster 13 hours ago [-]
Privacy is no more if that is true
PowerElectronix 13 hours ago [-]
Now that I think of it, I'd be surprised if there aren't a few lists of this kind already made by an agency/company or two.
Most WiFi chipsets use hardware based MAC layer, so promiscuous monitoring / sniffing is not possible on virtually every embedded module. There were a few chipsets, known as SoftMAC where linux drivers did the MAC layer, in which you could truly sniff the air for all traffic and capture a whole lot of MAC addresses. That was much more useful, but requires more CPU and specific older hardware. If you have a permanent power source like in a ALPR that isn't as much of a concern. I don't know of any companies that really did this though. Almost all our competitors used solutions that only supported the usual device discovery, which relies on BT being discoverable, or AP mode WiFi in order to track a MAC address. It's really easy to market though, it sounds great on paper. In practice the results are less than stellar and with time got even worse as vendors stopped being discoverable by default, and handsets started using used dynamic MAC addresses
Hah! I wish this were true. The overwhelming majority of BLE widgets don't use resolvable random private addresses. They could, they just don't. A huge share of the industry is just copy-pasting Nordic sample code until they have a shippable product, and last I checked, exactly one (1) Nordic sample project enables RRPAs. Nordic treats it as an edge case, and everyone else follows along.
And that's besides the issue that the RRPA rotation algorithm is pretty contrived. I'd be shocked if some three-letter hasn't already built a tool for tracking devices that use it.
Right, but the mac is randomized every 15 min, which makes tracking hard to pull off.
https://www.teslaradar.com/
"Tesla cars with enabled 'Phone Key' feature transmit a unique identifier, that can be detected using Bluetooth® Wireless Technology." ...
Probably do the same thing when you go into retail stores. just flood the place with every possible identification.
Maybe an easier solution is just write something that spoofs hundreds of fake ids and sends them out constantly where ever you go; bonus points if you can create IDs that can break the devices when they try to parse it.
On the other hand, I'd bet for under $10 you could build something with an ESP32 and a battery and solar panel that could spoof signals these things will believe all day.
I'd start with transmitting signals with MAC vendor prefixes identifying Axon Tasers and Bodycams. Make it look like there's thousands of cops going past every day.
I'd love it if someone managed to get a bluetooth and wifi sniffer close enough to the CEO of Flock and publish that fingerprint. Or sneak a sniffer into a Flock board meeting and sniff out all the board members and c suite's devices. Or a meeting of local politicians and cops who're supporting and paying for this. I mean, that can't possibly be illegal or even wrong, if they're doing it wholesale, right?
Flipper Zero has Bluetooth built in, that's how the phone app works.
I don't know how much control the apps have over it, but there were definitely Flipper apps to abuse the BLE auto-pairing feature of a lot of devices and spam popups to nearby phones.
In this way: You drive by with your noisemaking-device, and it records that noise along with the presence of your license plate.
It won't take a senior data analyst to correlate the bursts of noise with your proximity. Instead, you'll stand out like a sore thumb and they'll see you coming even before they have optical line-of-sight.
(It could scale, but as a practical matter it simply won't. Most people aren't interested in this kind of obfuscation; it'd be amazing to me if even 1/10,000 people were to actually adopt it. This level of rarity would identify you as one of the 0.01% of troublemakers.)
My wife calls it paranoia but I call it protest.
I wish I felt better about this idea, but it seems like it'll be very trivial to erase.
(But that doesn't mean you shouldn't do it!)
What's needed is a privacy non-profit that can park it right there and not just drive by.
I used to go pop teslas all the time but that got old
I can remember in the late 1990's Berkeley Public Library was considering adding RFID tags to the books as asset tags. The public push-back was significant and surprising at the time. Freedom-loving library patrons were concerned about nefarious tracking. Proponents of the new tags thought that the concept of tracking people or the books they read was rooted in paranoia.
As a reminder: Broadly speaking, RF-based TPMS systems on cars transmit their unique identities in the clear to anyone within earshot as part of how they work. (Not all use RF, but many do.)
Also: The tires themselves frequently have RFID embedded in them, as part of the inventory management systems used in their production and distribution.
Not impossible, but it feels pretty unlikely that'd work inside the enclosure of a typical ALPR camera and at the distances devices would typically be away from them. Not without national security or military budgets at least. (Although perhaps that have that kind of budget? I mean one insular and NIMBY tech billionaire could pay for that in their San Francisco neighborhood. Possible already has, perhaps that where this company came from?)
Then correlate things other places like at the entrance to the mall or at registers.
Unless they're hoping my AirPods are in pairing mode all of the time and they're going to track the name "mikeocool's AirPods."
If I’m away from my car later, I’m just a guy walking around with 3 Apple devices (or two if I forget my phone in the car).
And all along, the people will say they had no idea what was really happening that they kept voting for, while deep down, they knew exactly what they were voting for and why. And that description doesn’t apply to a single party. If you disagree with either sides totalitarianism and their march toward it, you will eventually be branded and potentially arrested on whatever charge will prevent you from voting in the future. Or at least that’s how it goes any/everywhere else that has gone down that path. Hopefully cooler heads in both parties prevail. It always saddens me that the non-“decision makers” of both parties don’t just band together to get things done they both can agree on (which is a lot). There is a lot more people at the bottom than the top in those houses, yet they both willingly kiss the ring of their leaders.
Sure, but now you can track someone from their car through public transport, shops and god knows wherever else someone placed a sniffer.
And no, randomization doesn't help, because in the end the Find My beacons have to resolve down to some common identifier otherwise the "an unknown device has been following you for 2 hours" warning would not work.
Not really, this is actually pretty easy. If such a device beacons and a trusted device is within range the trusted device can respond to the beacon and let it know it's nearby, then it just counts up if not. X number of beacons with no response, set the "not near my trusted device" flag. Some other device sees X number of beacons with that flag set while moving around, send alert to the user.
So yeah, if they subponea/coerce Apple (or Apple signs up willingly) they could track people individually.
But at that point we’re no longer talking about large scale tracking by an untrusted third party. Apple and my phone company have always been able to track me without getting license plate scanners involved.
It's illegal in most states to place a listening device in public that captures private conversations, this is basically no different.