Last time you were here i bored you with a tale of how the wires and cables of the olden days (as my children would say) were banished from our lives only to be replaced by a silent cacophony of digital signals bleeping their way invisibly about our new modern digiscape.
Is it possible we could make these invisible signals visible? Could we maybe see them with Digital Eyes? Of course it is! i wouldn’t be boring you again if it weren’t. Let’s continue our journey…
Hey There, Blue Eyes!
Before i get into the g33ky details of chips and programming and stuff, let’s start this journey at a place where you can ride along with tools you already have. This is the the part where you can play along at home ;)
Bluetooth. It’s everywhere. Now … i mean like, EVERYWHERE! There are many apps you can install on your “Smart” Android or iPhone which can scan for Bluetooth Low Energy (BLE) devices around you (and i will introduce my favorite in a moment) suffice to say i recently surprised myself with the sheer number of BLE devices i was able to detect in a place where there really be none!
My job has recently involved a lot of interstate travel and this has meant taking more than my fair share of Airline flights. I am secretly proud to tell you — I’m that guy … the one who is going to crash the plane because he doesn’t turn his phone Off or into Airplane-Mode! or so i thought. So, since my phone was already on ;) i decided to do a quick scan for BLE devices mid-flight. Heck, why not.. shits-and-giggles are my thang ;)
I found 232 Bluetooth devices active! MID-FLIGHT!
Now, to be fair, a vast number of them were Watches or Headphones and their associated Tablets and SmartPhones. There were some Apple Pencil’s and a handful of Luggage Tracking tags like the Tile but there were still dozens of devices which were un-identified and i would not be surprised if some of these were used by the airline staff or even in the operation of the aircraft itself! It kind-of makes the whole notion of turning off your phone for saftey reasons a bit of a joke! there are So Many other signals that could interfere with the operation of an aircraft going on that even if every passenger left their phone on it would only add around 150 devices to the 200+ i was able to detect!… I don’t feel so bad for being “that guy” any more .. i am Borg designation 1 of 232 :) If you are interested, you can scan your own world in the same way — the app i have used here is called nRFConnect and it is available for iPhone, Android and Desktop use. Search the inter-webs or your App store and you will be sure to locate a version for your own device.
Once you start scanning and poking around like this you begin to notice many surprising things. For one, you will notice that in many cases you can tell the manufacturer of a device you have found.
Of course, you may ask how that is possible and that’s exactly what i asked as well! Turns out, each device using BLE has a unique address called a MAC address. Furthermore it turns out that the first 3 Octets of that address identify the Manufacturer of that address as registered in a big database called the OUI!!
The two identified devices in the above picture are made by Garmin International, Inc. and are almost certainly GPS watches (Is the pilot flying by watch!?). Looking over the list of devices i found whilst in-flight i found several BOSE and LG devices which almost certainly should be Bluetooth Speakers. Not Headphones — Soundbars and mounted speakers!! Is the Airline using Off-the-shelf BLE entertainment systems? Is the Cockpit Announcement System and that awesome safety speech (and/or Video) being broadcast over BLE? Who knows ;) but again, this little tiggr would not be surprised!
3 Alarm Lamp Scooter!!!
It amazes me all the time how a change in scenery can really show how big and diverse the world is. Whilst travelling recently i decided to pop open my BLE scanner and start looking around with my big, Blue, Digital Eyes and i was a little shocked to find a massive amount of BLE devices as i walked around. All with a common component to their name — “LIME”. As i dug a little deeper it turned out that these devices were eScooters!
In the state where i live, they do not have these. But in Brisbane there are fleets and fleets of these LIME Scooters (and other brands) as well as eBikes; all of which are roaming around blurting out BLE signals! Why? Great question again, my fellow denizen! When you use these devices, you unlock them and pay for their use by connecting to the nearest one with an App on your SmrtPwn! Your Smart device connects over BLE to the Scooter or eBike! The InfoSec consequences of this are Amazeballs! But, i digress, we will talk about that in another post…
Show Me The Landmarks!
Oh what sights i have seen! I have to admit, i am completely addicted to sniffing Wifi and BLE signals wherever i go and in some strange way it has completely (and surprisingly) changed the way i see the world around me. It is almost like i have.. digital eyes.
I look around… and i scan… let’s see what we can “see”… ooooh K .. an LG TV … oh, well that’s easy — it is the TV in the Burger Bar i am sitting at (If you are ever in Brisvegas i highly Recommend “Burger Urge” OMG soooo goood!)… A BOSE soundbar .. hrmmm…ok, hell yeah i can see one over there above the airport announcement lady!
All of these devices are identifiable in the OUI database and are the kind of devices which aren’t likely to move any time soon! If i had an accurate online map (and i do, thanks to esri) then i could easily mark their location down quite accurately… THESE ARE LANDMARKS.
As we scan the BLE space, each device detected also has a “Signal Strength” associated with it telling us how bright the beacon signal we just “saw” is. This is called the RSSI (Relative Signal Strength Indicator) and it is measured in -dBm (Decibel-meters) … the more “negative” this value is the further away it is.
Maths is so amazing! We can actually calculate quite accurately how far away a radio signal like BLE or Wifi is. All we need to know are a few things about the transmitting device and its’ environment, such as its transmission power (TxPower) of the source (how “brightly” it shines it’s beacon) and a value which decries the way in which the signal degrades (dims in brightness) in relation to distance and the surrounding environment.
Remember the first scan image i posted from mid-flight? The one with hundreds of squiggly lines?… Well, that is a graph of this RSSI. As you move around, the lines “move up and down” depending upon if you are moving closer or further from the signal. It is kind of like the “Marauders Map” from Harry Potter! Even if you can’t SEE one of the devices you have detected, you can still hunt it down old-school! Mischief Managed
In the next part of this post i will explore the same approach in the Wifi context and i think you might well be shocked and surprised at what i found!
Much love @MrTiggr
Originally published at https://den1zen.com.
