Slashdot Mirror
Tracking People Using Bluetooth
damdam writes "A Dutch guy seems to have set up a small network of bluetooth scanners. He has all the information logged to a central database and you can search it over the web. On his website it says "Some of these matches were only minutes apart. Therefore I could even calculate the approximate speed of someone moving from one location to another.". There are also some interesting statistics on his site showing traffic volume in his hometown (based on bluetooth signals) and he even lists popularity of certain Nokia phones. It's interesting to see how much information an individual can gather using old equipment."
He could just sit and watch people go by and see what they do.
http://twitter.com/OLDTELEGRAM
An excellent example of how the general public has no idea what technology is capable of. Imagine this chap was in the mood to cause a bit of disruption; I wonder how many of these phones would automatically accept a data transmission?
Case in point - a local pub automatically sends a simple java-based football game to your phone (or attempts to) via bluetooth when you enter. Some people have set their bluetooth to accept automatically and wonder what has happened when they discover the application sitting there a few days later.
Mildly amusing at times, but it does highlight the security risks associated with a system that can rely on users thinking about security to work properly.
http://www.bluetoothtracking.org/livedata.php
Wow - that is awesome! Sample:
Date/Time Location MAC address Name
2007-11-11 14:50:01 Orderparkweg 00:12:D2:0C:EA:1F Sexy vixen
2007-11-11 14:50:00 Schotweg 00:16:38:63:58:E3 Wanadoo_c781
2007-11-11 14:50:00 Ugchelen 00:16:38:61:F2:57 Wanadoo_afc9
2007-11-11 14:49:36 Orderparkweg 00:09:DD:50:2D:B1 LUTTIKHUIZEN
2007-11-11 14:49:35 Asselsestraat 00:12:1C:A6:2B:DA Parrot 3200LS
Imagine the range if you put a large exernal antenna on a bluetooth dongle. We got about a range of 1km IIRC. (This was at the Wireless Community Camp 2007 in the Netherlands.)
[0] http://www.wifisoft.org/trac/wcc-2007/attachment/wiki/WikiStart/IMG_0127_mod.jpg
I always wanted to build a bluetooth helicopter with some built in script kiddie software and sent it out to roam the countryside... or better yet, a swarm I can call down upon my enemies (or evil stray dogs)
http://icepick.com/
From toilet flushes to how often the cat eats!!
I confess that I do from time to time look to see who has their bluetooth in discoverable mode. Some cellphones do it, and these have generic names (such as the Verizon WonderPrice Z302). My GPS transceiver doesn't have a non-discoverable mode (If you see a device called "In my pants, not my car", come over and say hi, sugar). But Macintoshes seem to be discoverable by default, and even better, advertise that they are Macintoshes and give the name of the user.
I won't comment on Apple's policy in doing so, and I'll leave you to figure out what kinds of social engineering and hacking exploits this opens the door to. I'm just sayin', that's all.
He should link this up to a network of CCTV cameras. The appropriate database software would give him the ability to not only track a person's movements, but also watch what they were doing at any specific time. A powerful search engine could be used to find meetings between people, digging up CCTV and audio recordings of those meetings. No need to solve the problem of automatically recognising people using CCTV images: the Bluetooth devices that they carry provide that capability.
The next step would be to scale the network up to cover an entire city or country. Perhaps he might like to consider using an RFID scanner in addition to the Bluetooth one, so that RFID chips being carried by people could also be used to identify them. Just in case the people decide they want some privacy. When RFID chips are widely used for stock control, it will be difficult to avoid buying things that contain them, and they can't be turned off. Robust identification could be provided by the "cloud" of RFID chips carried by each person.
It's amazing when you think of what is now technically possible, given a sufficiently large budget.
>north
You're an immobile computer, remember?
It's a quiet Sunday morning here on slashdot, only six replies on this story so far, and yet I think we've overwhelmed his little database:
/home/.guenivere/icepick/public_html/php/livedata.php on line 6
Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'database.icepick.com' (4) in
Error connecting to mysql
Check the books; that's got to be some kind of record.
Oh, yeah, it's not easy to pad these out to 120 characters.
As one of our projects on my course, we're looking at extending this to do without hotspots and be able to show you a list of who's around you right now, pulling their name and picture from facebook and alerting you if one of your friends is near by. We're also looking to be able to store where you've met people and display this using google maps.
I wish to remain anomalous
1. Follow them home from the grocery
2. Tail them from a car/taxi/bicycle
3. Hide out in the donut shop across from their work
4. Pretend to be a jogger/homeless bum in the park
5. Break into the house across the street and set up a stakeout
6. Hide in their backseat under a blanket
7. Put on camouflage and pretend you are a bird
8. Dress up in a gorilla suit
9. Paint yourself 'brick' colored
10. Mini submarines!?!?!?!?
This technology stuff is crap I tell you.
We used Bluetooth for tracking people across London Bridge & displaying the results on Tower Bridge as part of a 1-week lighting festival earlier this year - info at http://www.whitewing.co.uk/switchedon.html I was also recently involved in installng a permanent Bluetooth-responsive light artwork in a bench outside ASDA in Poole, Dorset - this generates colour waves moving along the bench in response to people walking past, using relative signal strengths from 2 sensors to determine direction. (pic at http://www.flickr.com/photos/mannmade/1432286282/)
Animoog.org
In stories past, we've gotten used to the cliche of the endlessly capable killer. If he is not explicitly supernatural and haunting your dreams, he still is capable of performing many feats that would defy logic and credulity. He can always find the victim when she is alone, either terrorizing her and letting her escape or doing away with her then and there. He is able to avoid detection, knows how and where to find her, etc etc. V in the comic operates in a similar fashion. At least the writers came up with a decent enough explanation: the government was so paranoid they wanted to have everything in tight, centralized control with a complicated computer, a computer that V had backdoor access to. That explains how it seems like he has eyes and ears everywhere, how he can slip through security measures as if they weren't even there, etc.
With the kind of electronic surveillance we have going on now, the technology available, it would be so easy to fuck with people. Nevermind the Orwell angle, which we're already well familiar with. Consider the "stalker cop" scenario, someone who is placed in a position of authority which he then abuses. A nut could stalk and terrorize someone without ever leaving the computer. There was a story about Perverted Justice that seemed too outlandish to be true but has not yet been debunked -- the PJ founder had a detractor that he wanted to get revenge against. He posed as a hot chick in chat and carried on an affair with the guy for months, up to and including the guy divorcing his wife and flying out to another state to meet his new lover. Then bang, the PJ guy lowers the boom. Ok, so one part of me says that the guy must have been a credulous boob but the other part of me says even so, the PJ guy sank hundreds of hours into this psycho revenge. That's a scary level of commitment.
I guess what I'm getting at is that all this technology is giving people ways to fuck with other people that haven't even yet been conceptualized. Planting kiddie porn on the soon-to-be-ex's computer and calling the cops is barely scratching the surface.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Reminds me of an experiment I did a while ago. On a whim, I stuck an old USB Bluetooth dongle into a 400MHz Linux box I had set up as a random-task server in the apartment closet. It was recognized and running immediately (wait, what?) so I played around with some of the HCI commands. Long story short, we soon had a tracking system tied to our cell phones. Whenever either of us approached the apartment, the server would log the event on a web page, play a few tones and announce "so-and-so has entered the perimeter" to the apartment. Similar if either of us left. The web page had a status indicator showing whether we were IN or OUT. This was handy in a few ways; you could tell if your roommate was already home from work and give them a call to see if a parcel was delivered, etc.
I also played around with gathering some information and playing it via Festival on arrival, "welcome back so-and-so, you were away for 10 hours and 23 minutes. You have 143 new emails, 132 marked as spam." Could be expanded a lot with other functions; music presets, wake my computers, etc. Anyway, the system fell into disuse after the computer was moved and the cat ate the speaker wire. But it was pretty interesting to see how easy it was to use Bluetooth as a presence detector, with a few lines of shell script. The phones didn't even need to be set in Discoverable mode, once the mac addresses were gathered.
This kind of thing is a piece of cake for the various secretive agencies to do to you on a global level, and they don't even need Bluetooth...every cell phone is a little tracking device. Too bad that power is several orders of magnitude more difficult for the public to obtain, as it is a centralized service much like the government itself. Sure, you can track your kids' phones if you pay Sprint some extra cash...but the head of the NSA can see where everyone with your last name had lunch today, while you can't log in and make sure he didn't skip work and go to the golf course instead. This is just a small example of the ways we're gradually being tagged and tracked, and it's a good think to have people aware and thinking of it. The power may be in the right hands for the most part, but it can be misused so easily.
You could send p2p URIs in it.
I've tried quite a bit to get interactive BT stuff going. There seems to be no way to offer decent options to message recipients. We would like to be able to send them a menu from which they can choose "download image", "download video" or "download music" (or some other choice). All I've managed to work out is discover "client", send message. The client then gets somethign akin to "DrSkwid is trying to send you a message, accept y/n". On my Nokia N80 you can't even choose "reply" and have an SMS style conversation. Anyone got any thoughts ?
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
"2007-11-10 03:13:22 Asselsestraat 00:1D:25:91:E1:9F Rchl & je kan me reet likken. "
Reduce, reuse, cycle
AG.
I wouldn't say this is not new, however it has been done before in a different setting, a smart house, using a grid of blue tooth receivers and a transmitter with lowered power output ... these guys (http://www.emeraldinsight.com/Insight/viewContentItem.do;jsessionid=19F24FABE390002FE57D99D3E08C1724?contentType=Article&hdAction=lnkhtml&contentId=874924) the university I goto, were able to track humans through the room, allowing for a kind of location dependent service from room to room. There was also some talk about getting this into factories where personnel could easily be tracked and located. I will post the exact link once I find it.
Why is it even possible to do this? Shouldn't a wireless device only reveal unique information when it is contacted by devices which can prove that they have paired with the device? Do we have to get Bruce Schneier to design a wireless standard or will someone else get it right? Fucking morons...
http://whereabouts.eecs.umich.edu/
Having played with the system April of 06, all I can say is their website should be updated. They have this great mapping system that will pinpoint where in the building any registered people are standing (and let you do queries). This is variably accurate depending on how close you are to different wifi access points, so with small rooms like a photocopy room on the 4th floor, it will occasionally project your location reflected across the hallway. The system was totally the "people-mapping-radar" as shown in movies except for a robust privacy architecture. Each registrant device tied to a person can have settings based on location and more general rules. You have to explicitly add general groups of users, or specific people to your allow list before they can query the system for your location.
Anyways I figured it was an appropriate link in this topic.
Gravity Sucks
How easy/difficult is it to change/spoof a Bluetooth hardware address? I've been playing around with using hcitool -scan to lock and unlock gnome-screensaver when I walk away from the computer and am curious if this is merely a somewhat bad idea, or a truly epic bad idea.
Fsck the millennium, we want it now.
Millennium Crisis Line: 0890 900 2000 [calls cost 50p/min]
It might be worth checking out the device called "sexy vixen" appearing now in the bluetooth radar:
http://www.bluetoothtracking.org/livedata.php
Quick, someone set their phone ID to ""; DROP TABLE foo; --" :D
:)
In all seriousness I think this looks like a fun project
2007-11-10 03:13:22 Apeldoorn Asselsestraat 00:1D:25:91:E1:9F Rchl & je kan me reet likken
Translation:
Rchl & you can kiss my ass
i can see how this tech could be used for traffic reports and tracking criminals.
say 15% of the people on a large bridge have bluetooth on their phone (stretching it)
set bluetooth hotspots (or whatever they're called, doesn't matter) anywhere from 5-10 feet apart. see how long it takes the phone to go from spot to spot. put in a formula, and voila. on top of that, it could be used to catch speeders. and, if you know the ID of a criminal's bluetooth-enabled phone, you could see where they connect, when, and which way they're headed.
infinite possibilities.
Epic. Just epic.
Like those tollway tags?
(friend of mine keeps his below the dash when he's not actually going through a tollgate)