What Your Bluetooth Devices Reveal About You

Bluetooth tracking tool goes public

Developer Danny McC released Bluehood, a Python-based Bluetooth scanner that demonstrates how much personal data devices leak through always-on wireless signals. The tool tracks nearby hardware and analyzes presence patterns to show how easily a third party can monitor a user’s movements.

The project arrives shortly after researchers at KU Leuven disclosed a critical vulnerability known as WhisperPair. This flaw, tracked as CVE-2025-36911, affects hundreds of millions of Bluetooth audio devices including headphones and earbuds.

Attackers can use the WhisperPair exploit to hijack audio devices remotely or eavesdrop on private conversations. The vulnerability also allows for location tracking through Google’s Find My Device network, turning standard accessories into beacons for surveillance.

Bluehood operates in a passive mode that requires no active connection to the target devices. It simply listens for the signals that phones, laptops, and smartwatches broadcast by default to maintain their functionality.

The risks of always-on signals

Most modern electronics treat Bluetooth as an essential, always-on utility rather than an optional feature. This normalization creates a constant stream of MAC addresses and device identifiers that anyone with a $35 Raspberry Pi can intercept.

Running Bluehood in a standard residential environment reveals a surprising density of data. The software identifies the manufacturer of the device and the specific Bluetooth Low Energy (BLE) service UUIDs it broadcasts.

Users often assume that "nothing to hide" means they have nothing to fear from these broadcasts. However, Bluehood demonstrates that even without accessing the content of a device, an observer can map out the internal life of a household.

The scanner detects several categories of data points during a standard session:

• Unique hardware identifiers that remain consistent over time
• Manufacturer names like Apple, Samsung, or Garmin
• Device types including smart home hubs and fitness trackers
• Signal strength (RSSI) which indicates the physical distance of the device
• Service records that reveal if a device is a heart rate monitor or a keyboard

This data collection requires no specialized hacking equipment. Any laptop with a standard Bluetooth adapter or a small single-board computer can run the script and begin logging nearby activity.

Devices you cannot turn off

A significant portion of the Bluetooth ecosystem does not allow users to disable the radio. Medical devices represent one of the most sensitive examples of this forced connectivity.

Modern hearing aids use BLE so audiologists can adjust settings via a tablet or phone. Many of these devices broadcast continuously, making the user’s medical status visible to anyone running a scanner in a public space.

Pacemakers and other implanted medical monitors sometimes use similar protocols for remote diagnostics. These signals are often unencrypted or use weak security, creating a permanent digital signature for the patient.

The automotive and logistics sectors also contribute to the sea of unavoidable signals. Delivery vans, police cars, and ambulances utilize Bluetooth for fleet management and integrated diagnostic systems.

Drivers of these vehicles rarely have the administrative permissions to disable these radios. As these vehicles move through a city, they leave a trail of identifiers that can be logged by stationary scanners to track logistics routes or emergency response patterns.

Privacy tools create tracking beacons

A strange tension exists between privacy-focused software and the hardware it relies on. Projects like Briar and BitChat use Bluetooth to protect users from internet-based surveillance, yet they require the radio to remain active.

Briar is a peer-to-peer messaging app designed for activists and journalists. It syncs messages via Bluetooth or Wi-Fi mesh networks when the internet is unavailable or censored by a government.

BitChat operates as a decentralized messaging platform that functions entirely over Bluetooth mesh networks. It does not require servers, phone numbers, or an active cellular data plan to send messages between peers.

While these tools provide vital communication channels in hostile environments, they also make the user’s device more visible. To discover peers and relay messages, the device must broadcast its presence to every other Bluetooth receiver in range.

An adversary does not need to crack the encryption of Briar or BitChat to find the users. They only need to log the MAC addresses of devices broadcasting the specific service UUIDs associated with those apps.

Monitoring patterns in residential areas

Surveillance is rarely about a single data point. Bluehood emphasizes behavioral patterns discovered by monitoring a fixed location over several weeks.

A malicious actor running a scanner in a residential neighborhood can establish a baseline for normal activity. They can identify exactly when a resident leaves for work based on when their phone or car's Bluetooth signal disappears from the log.

Patterns reveal more than just occupancy. The logs can show when a specific dog walker passes by every morning or when a delivery driver arrives on a weekly schedule.

If a property suffers damage or a theft occurs, a historical log of Bluetooth signals provides a list of every digital device that was in range at the time of the incident. This includes smartwatches on passersby or phones in the pockets of people who may not realize they were "present" in a digital log.

The software uses SQLite to store these events, allowing users to query the data for specific timeframes. It also supports ntfy.sh to send push notifications to a phone when a specific "watched" device enters or leaves the area.

Installing and running Bluehood

Bluehood is a Python application that can run on almost any Linux-based system with a compatible Bluetooth adapter. The developer provides a Docker container for quick deployment and a systemd service for permanent monitoring.

To install Bluehood on a system running Debian or Ubuntu, use the following commands:

• sudo apt install bluez python3-pip to install dependencies
• git clone https://github.com/dannymcc/bluehood.git to download the source
• pip install -e . to install the package in editable mode
• sudo bluehood to start the scanner with elevated privileges

Bluetooth scanning requires root privileges or specific kernel capabilities to access the hardware directly. Users can also run the tool via Docker Compose to isolate the environment.

The Docker method maps the host's Bluetooth stack to the container. Once the container is running, the dashboard is accessible via a web browser at http://localhost:8080.

The dashboard provides a visual breakdown of all detected devices. It categorizes them by their last seen timestamp, their signal strength, and any known manufacturer data extracted from the broadcast packets.

The reality of wireless trade-offs

Bluehood is not a tool for exploitation, but a demonstration of the passive surveillance that occurs every day. It highlights the trade-offs between convenience and privacy that most consumers accept without realization.

For some, Bluetooth is an essential tool for accessibility or secure communication. For others, it is a convenience for connecting wireless earbuds that could be replaced by a wired connection to eliminate the tracking vector.

The WhisperPair vulnerability proves that these signals are not just metadata risks, but potential gateways for active attacks. When a device is "discoverable," it is essentially knocking on the door of every receiver in the vicinity.

Awareness of these digital breadcrumbs is the first step toward better operational security. If running Bluehood reveals that your household is broadcasting a dozen unique identifiers to the street, the logical next step is to disable the radios on devices that do not strictly require them.

The project remains open-source on GitHub for those who want to audit the code or contribute to its device identification database. It serves as a stark reminder that in the era of the Internet of Things, your devices are talking even when you are silent.