How Your Bluetooth Headphones Could Be Used to Track You: 'Extremely Concerning'

Some models of Bluetooth headphones could be used to track their users. That was the "extremely concerning" conclusion reached by a Norwegian student who cycled through the city of Oslo, analyzing signals from various devices.

During his 300 km (186 mile) trip, Bjorn Hegnes, a network and IT security student at Norway's Norof University, collected data that consisted of almost 2 million Bluetooth messages. He was able to discover over 9,000 Bluetooth transmitters, including 129 headsets. This allowed the student to analyze signals from at least a dozen models of headphones.

Hegnes found that that none of the headphones he picked up during his project implemented a security measure called media access control (MAC) address randomization.

Because a MAC address is a unique identifier when it appears on a network it could be used to track a device back to its wearer. Over a longer period, it could also potentially be used by third parties to build a pattern of its owner's behavior and habits.

The data collected and Hegnes' analysis of it forms part of his first-year project at Norof University and has demonstrated that Bluetooth technology is vulnerable to tracking and surveillance.

"This report goes through the vulnerabilities of WiFi and Bluetooth in terms of privacy i.e location tracking from 3rd parties without the user's knowledge," Hegnes wrote in his report. "With the ever-increasing use of WIFI and Bluetooth devices in the daily life of the average citizen, many will own at least one device, if not several, which can be used as tracking devices."

Hegnes undertook several bike rides around the city of Oslo over 12 days with the first few used as a way of testing the equipment. His kit included a Raspberry Pi, an omni-directional Wi-Fi antenna that could pick up Bluetooth signals from a distance of 100 meters, and a USB GPS device that could pinpoint locations.

The student named the project "Operation Wardrive" as "wardriving" is the term used to describe gaining unauthorized access to WiFi networks. The project was concentrated in Oslo's Ring 3 area and covered about 20 percent of Oslo's total area.

Hegnes' report suggests it may be easier to track a person's movements using their Bluetooth headset rather than their smartphone. Many companies are already using MAC information and tracking technology in this way.

Helsinki airport, for example, uses Bluetooth MAC address information from passengers' smartphones to estimate the time spent waiting in security queues. Oslo airport does the same, collecting the information from WiFi points located before and after the security desk, which gives the average time passengers took to move through security.

Hegnes' findings have caused some concern, especially in light of revelations from NSA whistleblower Edward Snowden. The information leaked by the former NSA systems administrator, who was notably left off President Donald Trump's pardon list, demonstrated how easy collecting data from cellphones and other devices can be.

"With the boom in smart devices over the last decade," Jake Moore, security specialist at Slovakian infosec firm ESET, told The Register, "it is extremely concerning that this hasn't been considered when privacy is taking a powerful turn currently.

"The post-Snowden era makes these findings even more worrisome too."

bluetooth headphone, stock, getty
A stock image shows a man listening to music on his headphones. A student has revealed bluetooth headphones can be used to track people. Getty Images