this post was submitted on 19 Sep 2024
124 points (87.8% liked)
Technology
59197 readers
3404 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
(X) Doubt
They mean the Bluetooth MAC address. It'll capture your phone's and can tell who the manufacturer is but the rest of the address is randomized. That said, lots of watches/earbuds/assorted smart Bluetooth things aren't randomized because manufacturers are lazy.
Depends on what your cell or watch is broadcasting publicly and if you are connected to the store wifi.
Yea, no, the most likely route is to pickup a MAC address and associate it with an existing assigned IP address (If that device is connected to the public WiFi, but who even does that these days lol), but modern day Android and iOS randomize MAC addresses on every connection these days by default.
And then you'd still need to correlate that to the physical world, most likely route would be detecting Bluetooth hostname, but it's by no means guaranteed that the device hostname in the public WiFi DHCP table matches the BT one (phones can have different names for each). And again is dependent on the person being connected to store WiFi to begin with. Would also be entirely thwarted of a person's BT is off which is highly likely
It's possible, but would be a useless feature to develop and maintain as it would probably actually work out in the real world like maybe 30% of the time.
Unless they shoved a full stingray unit in it or something (extremely unlikely), this is just a statement from someone parroting a sales brochure that they didn't entirely understand
I suspect it works a lot ore than 30%
As you mentioned, cell ID is there too. Pretty easy to simply capture IMSI data (don't even have to do anything, phones are alway broadcasting their ID).
Combine IMSI, BT, MAC, date/time, and boy you've got one helluva surveillance device.
Add in BT headphones, watches, etc, and you have even more data points to associate.
I wouldn't be shopping there just because of that.
Actually, no. Phones don't always broadcast their IMSI. Most of the time they broadcast a Temporary Mobile Subscriber Identity (TMSI) and only on a location update (For power conservation). Your cell provider knows your IMSI already and uses a TMSI for updates for the express purpose of privacy and security for these exact scenarios
It is part of the initial work flow of a Stingray device to attempt to force your device to disconnect from the network and get it to rebroadcast its actual IMSI. But it is not floating around in the air all the time and it certainly isn't trivial to grab.
BT is really the only viable option, and even that can vary wildly depending on manufacturer.
Does it have a stingray inside? wtf?
You don't need a stingray to simply pickup cell broadcast which has the ID in it. Technically your phone is doing this, as the tower you connect to has an ID.