📡

Bluehood — Bluetooth Privacy Through a BLE Scanner

Track your neighbor's commute pattern with just a Raspberry Pi?

Living with Bluetooth always on is the norm. Smartphones, earbuds, smartwatches, cars — they all continuously broadcast BLE signals. Bluehood is a Python project that collects these signals and shows exactly what information leaks when Bluetooth is left on.

What can it detect?

Running Bluehood in passive mode reveals:

  • Delivery driver arrival times and whether it's the same driver (same BLE device reappearing)

  • Neighbor's commute patterns (devices appearing and disappearing at the same time daily)

  • Associated device pairs (smartphone + smartwatch = same person)

  • Visitor dwell time and frequency

A Raspberry Pi or laptop is all you need.

Code Architecture Analysis

Bluehood's core has 3 layers:

1. BLE Scanner (scanner.py)

Uses the bleak library to continuously collect BLE advertisement packets. Registers BleakScanner's detection_callback to fire on each device detection. Extracts MAC address, RSSI (signal strength), device name, manufacturer data, and BLE service UUIDs.

from bleak import BleakScanner

async def scan():
    scanner = BleakScanner(detection_callback=on_device_found)
    await scanner.start()

2. Data Storage (database.py)

Stores detection records in SQLite. Schema includes first/last detection timestamps per device, total detection count, and RSSI history. Random MAC addresses (modern device privacy feature) have a filtering option.

3. Pattern Analysis + Web Dashboard

Time-based heatmaps, dwell time graphs, and associated device detection (devices appearing together = likely same person). Flask-based web UI for real-time monitoring. Push notifications via ntfy.sh on new device detection.

Devices you can't turn off

The problem is devices users can't control:

  • Hearing aids: BLE always active for remote adjustment/diagnostics

  • Pacemakers: Medical implants broadcast BLE (community reports of a father's pacemaker showing up in nRF Connect app)

  • Vehicles: Continuous BLE for diagnostics. Tesla tracking sites like teslaradar.com exist

  • TPMS: Tire pressure sensors continuously broadcast unique IDs

The privacy tool paradox

Briar syncs messages via Bluetooth/WiFi mesh even without internet — protecting activists/journalists. But it requires Bluetooth to be on.

BitChat is a fully BLE mesh-based decentralized messenger. No internet, servers, or phone numbers — but BLE must be active.

The protection mechanism simultaneously becomes the exposure vector.

MAC address randomization limitations

BLE already has 'resolvable private address' randomization. It rotates MAC addresses periodically, but tracking rotation timing can still identify the same device. Patterns like iPhone + Apple Watch always appearing together also enable identification.

How to run

Docker or manual install. Any device with a Bluetooth adapter works.

git clone https://github.com/dannymcc/bluehood
cd bluehood
docker compose up -d

Runs with root privileges or as systemd service. Real-time monitoring via web dashboard.

Key Points

1

Continuously collect BLE advertisement packets via bleak → extract MAC, RSSI, device name, service UUIDs

2

Store per-device first/last detection timestamps, count, and RSSI history in SQLite

3

Infer behavioral patterns via time-based heatmaps + associated device analysis

4

Real-time monitoring via Flask web dashboard + ntfy.sh push notifications

Use Cases

Check what information your own BLE devices expose Bluetooth privacy education and demonstration tool Security audit — BLE device inventory within an organization

References

Related

💎
Python for Rubyists — Two Languages That Look Similar but Think Differently
How Ruby blocks, open classes, and implicit returns translate to Python
✳️ Keyword-only Arguments — What `*,` Means and Why You Use It