Bluetooth and its privacy issues: Practical discovery of non-discoverable Bluetooth devices. 🔵🦷🔎😈

A group of researchers from Florida, U.S., conducted and published a study on the Bluetooth protocol and found that devices in non-discoverable mode (the default for the majority of devices) can still be discovered and identified.

The attack was named "Blue's Clue": in 10 seconds, using Software Defined Radio (SDR), the attacker can:

1️⃣ Extract the device's permanent, unique Bluetooth MAC identifier.

2️⃣ Fully characterize the device's capabilities.

3️⃣ Retrieve identifiers that often contain Personally Identifiable Information (PII).

This is an interesting and important finding that was made public back in 2023, but it still hasn’t made the news. I only came across it myself a couple of weeks ago.

Please enjoy and share it with people whom you think are relevant.

More details:

Blue’s Clues: Practical Discovery of Non-Discoverable Bluetooth Devices [PDF]: https://ieeexplore.ieee.org/document/10179358