pith. sign in

arxiv: 2606.21067 · v1 · pith:JPI4CMYCnew · submitted 2026-06-19 · 💻 cs.CR

Snatcher: Apple Find My Network Exposes Your Lost Devices To Strangers

Zhenyu Ren , Yanbo Zhang , Boya Liu , Mo Li This is my paper

Pith reviewed 2026-06-26 14:03 UTC · model grok-4.3

classification 💻 cs.CR
keywords Apple Find MyBLE securitydevice tracking attackphysical theftAndroid implementationMAC address randomizationacoustic trigger
0
0 comments X

The pith

Insecure BLE advertisements in Apple's Find My network allow unauthorized tracking and physical theft of lost devices.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that Apple's Find My network, which connects nearly one billion devices through Bluetooth Low Energy, contains design choices that let strangers discover and steal lost items. It presents Snatcher, a framework that runs entirely on ordinary Android phones and exploits unencrypted advertisements, unauthenticated acoustic signals, and slow address changes. The system locates devices through three escalating stages of tracking in real-world tests. A reader would care because the network is meant to protect belongings yet these flaws create a direct path to theft while trying to prevent stalking.

Core claim

The central claim is that insecure BLE advertisements and design tradeoffs in the Find My network permit unauthorized discovery and physical theft of lost Apple devices. Snatcher demonstrates this by identifying vulnerabilities in unencrypted advertisements, unauthenticated acoustic triggers, and slow MAC address randomization, then using three levels of attack—sound-based direction finding, RSSI-IMU sensor-fusion navigation, and spatial-temporal clustering—to physically track and locate devices from Android smartphones without specialized hardware.

What carries the argument

Snatcher, the Android-based attack framework that executes three-level tracking via sound-based direction finding, RSSI-IMU sensor-fusion navigation, and spatial-temporal clustering to exploit the network's BLE advertisements.

If this is right

  • Unauthorized parties can physically locate and steal lost Apple devices without special equipment.
  • The network's privacy and anti-stalking features create a direct tradeoff with physical security.
  • Slow MAC address randomization extends the window for tracking attacks.
  • The attack succeeds using only standard consumer smartphones running the described software.
  • Apple must address the unencrypted advertisements and unauthenticated triggers to close the exposure.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Other device tracking systems that rely on similar BLE broadcasts may face comparable tracking risks.
  • Device manufacturers could add optional encryption layers to advertisements without breaking core location functions.
  • Users of lost-item networks might combine them with separate physical locks or secondary trackers for better protection.

Load-bearing premise

The Find My network depends on unencrypted BLE advertisements and unauthenticated acoustic triggers for its operation.

What would settle it

A controlled test in which Snatcher running on an Android phone fails to locate or track a lost Apple device despite access to the described BLE advertisements and triggers would disprove the exposure claim.

Figures

Figures reproduced from arXiv: 2606.21067 by Boya Liu, Mo Li, Yanbo Zhang, Zhenyu Ren.

Figure 1
Figure 1. Figure 1: Snatcher investigates the vulnerabilities of Apple Find My network and demonstrates a three-level attack model. propose a Spatial-Temporal Clustering strategy. This algorithm de￾anonymizes the target by correlating signal characteristics (RSSI) with their spatial-temporal context. It effectively stitches together the fragmented identities observed over time, allowing the attacker to maintain a persistent l… view at source ↗
Figure 2
Figure 2. Figure 2: Operation flow of Apple Find My network. My network pairing is complete or whenever the owner’s device reconnects. When the device moves out of range or temporarily loses the Bluetooth connection, it enters the Nearby state. During the Nearby state, the device periodically attempts to re-establish the connec￾tion. This retry behavior allows transient disconnections, such as those caused by environmental in… view at source ↗
Figure 3
Figure 3. Figure 3: Illustration of four scenarios for BLE disconnect distance evaluation (top), and the measured BLE disconnect distance and timeout duration for different devices to enter the Separated (Lost) state (bottom). Access Address (4 bytes) Packet Header Preamble (1 byte) Advertising Address (Indicates the first 6 bytes of public key) ADV Length(0x1E) ADV Type (0xFF) Company ID (0x004C-Apple) Apple Type (0x12) Appl… view at source ↗
Figure 4
Figure 4. Figure 4: The frame structure of Find My BLE advertising [PITH_FULL_IMAGE:figures/full_fig_p003_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Examples demonstrating preliminary validation [PITH_FULL_IMAGE:figures/full_fig_p005_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Physical intuition and verification of human body shadowing. (a) A top-down schematic illustrating the acoustic [PITH_FULL_IMAGE:figures/full_fig_p006_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Heatmap of Directionality Scores (𝑆𝑘 ). The Front direction consistently achieves the highest score across all scenarios. This holds true even in the challenging indoor environment, validating the robustness of our metric. The process operates as an iterative feedback loop. The attacker advances along the estimated heading for a discrete distance and then halts to trigger a single sound feedback. The syste… view at source ↗
Figure 9
Figure 9. Figure 9: Architecture of the RSSI-IMU Navigation System. [PITH_FULL_IMAGE:figures/full_fig_p007_9.png] view at source ↗
Figure 11
Figure 11. Figure 11: Performance of Identity Stitching. (a) Raw data [PITH_FULL_IMAGE:figures/full_fig_p008_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Illustration of the implemented Snatcher. 5.1.1 Implementation of Snatcher. Snatcher is implemented as an integrated Android application [7] that realizes the three-level at￾tack framework [PITH_FULL_IMAGE:figures/full_fig_p009_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: Illustration of indoor and outdoor evaluated sce [PITH_FULL_IMAGE:figures/full_fig_p010_13.png] view at source ↗
Figure 15
Figure 15. Figure 15: Performance of RSSI-IMU navigation and signal [PITH_FULL_IMAGE:figures/full_fig_p010_15.png] view at source ↗
Figure 16
Figure 16. Figure 16: Performance of our spatial-temporal assisted al [PITH_FULL_IMAGE:figures/full_fig_p011_16.png] view at source ↗
Figure 17
Figure 17. Figure 17: Evaluation of average navigation time and distance for different scenarios. For Level 3, the mimicked MAC address [PITH_FULL_IMAGE:figures/full_fig_p012_17.png] view at source ↗
read the original abstract

Apple's Find My network connects nearly one billion devices to locate missing property via Bluetooth Low Energy (BLE). This paper reveals that insecure BLE advertisements and design tradeoffs allow unauthorized discovery and physical theft of lost Apple devices. We develop Snatcher, an attack and analysis framework implemented fully on Android smartphones without specialized hardware. Snatcher identifies vulnerabilities in unencrypted BLE advertisements, unauthenticated acoustic triggers, and slow MAC address randomization. Through three levels - sound-based direction finding, RSSI-IMU sensor-fusion navigation, and spatial-temporal clustering - our Android-based platform physically tracks and locates lost Apple accessories and devices in real-world tests. Our results highlight a crucial conflict between privacy protection, anti-stalking design, and physical security, urging Apple to strengthen Find My defenses.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript presents Snatcher, an attack and analysis framework implemented entirely on commodity Android smartphones. It exploits vulnerabilities in Apple's Find My network—specifically unencrypted BLE advertisements, unauthenticated acoustic triggers, and slow MAC address randomization—to enable unauthorized discovery and physical tracking of lost Apple devices. The attack proceeds through three levels: sound-based direction finding, RSSI-IMU sensor-fusion navigation, and spatial-temporal clustering, with validation claimed via real-world tests on lost devices. The work highlights a design tradeoff between privacy/anti-stalking protections and physical security.

Significance. If the empirical results hold, the work is significant for demonstrating practical, hardware-accessible attacks on a network connecting nearly one billion devices. The commodity-Android implementation without specialized equipment strengthens the practical relevance, and the identification of conflicting design goals (privacy vs. physical security) provides a clear call for defensive improvements in large-scale location networks.

major comments (2)
  1. [Abstract and evaluation section] Abstract and § on evaluation/results: the description of the three-level attack and real-world validation lacks quantitative metrics (e.g., success rates, effective range, false-positive rates, number of trials, or specific test conditions); without these, it is difficult to assess whether the results support the central claim that the vulnerabilities enable reliable physical tracking and theft.
  2. [Snatcher design and attack levels] Attack construction (§ on Snatcher design): the reliance on unauthenticated acoustic triggers and unencrypted BLE advertisements is presented as load-bearing, yet the manuscript provides no concrete analysis of the BLE advertisement format, trigger authentication mechanism, or MAC randomization interval that would allow independent verification of the three-level attack feasibility.
minor comments (2)
  1. The manuscript should include a dedicated related-work section comparing Snatcher to prior BLE tracking or Find My analyses to clarify novelty.
  2. Figure captions and axis labels in any sensor-fusion or clustering diagrams should be expanded for clarity without reference to the main text.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback. We address each major comment below and will revise the manuscript to improve clarity and verifiability.

read point-by-point responses

  1. Referee: [Abstract and evaluation section] Abstract and § on evaluation/results: the description of the three-level attack and real-world validation lacks quantitative metrics (e.g., success rates, effective range, false-positive rates, number of trials, or specific test conditions); without these, it is difficult to assess whether the results support the central claim that the vulnerabilities enable reliable physical tracking and theft.

    Authors: We agree that additional quantitative metrics would strengthen the evaluation section and abstract. The manuscript reports real-world tests, but we will revise to explicitly include success rates, effective ranges, false-positive rates, number of trials, and test conditions (e.g., environment types) drawn from our experimental data to better support the claims of reliable tracking. revision: yes

  2. Referee: [Snatcher design and attack levels] Attack construction (§ on Snatcher design): the reliance on unauthenticated acoustic triggers and unencrypted BLE advertisements is presented as load-bearing, yet the manuscript provides no concrete analysis of the BLE advertisement format, trigger authentication mechanism, or MAC randomization interval that would allow independent verification of the three-level attack feasibility.

    Authors: We will revise the Snatcher design section to include concrete details on the BLE advertisement packet formats (highlighting unencrypted fields), evidence regarding the unauthenticated acoustic triggers, and empirical data on MAC randomization intervals from our measurements. This will support independent verification of the attack feasibility. revision: yes

Circularity Check

0 steps flagged

No significant circularity

full rationale

This is an empirical security paper describing an implemented attack framework (Snatcher) on commodity Android devices, validated through real-world tests on lost Apple devices. No mathematical derivations, equations, predictions, fitted parameters, or self-citation chains appear in the provided text or abstract. The central claims rest on direct implementation and testing of BLE advertisement vulnerabilities, with no reduction of results to inputs by construction. This matches the default expectation of no circularity for non-theoretical papers.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The paper's contribution is the demonstration of the attack rather than new theoretical constructs; rests on stated network design properties.

axioms (1)
  • domain assumption Find My network relies on unencrypted BLE advertisements and unauthenticated acoustic triggers
    This is the core premise stated in the abstract enabling the attack.

pith-pipeline@v0.9.1-grok · 5660 in / 1188 out tokens · 33136 ms · 2026-06-26T14:03:19.408064+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

51 extracted references · 5 canonical work pages

  1. [1]

    2025.AudioRecord | Android Developers

    Android Developers. 2025.AudioRecord | Android Developers. https://developer. android.com/reference/android/media/AudioRecord Accessed: 2026-01-01

    2025

  2. [2]

    2025.ScanSettings | Android Developers

    Android Developers. 2025.ScanSettings | Android Developers. https://developer. android.com/reference/android/bluetooth/le/ScanSettings Accessed: 2026-01-01

    2025

  3. [3]

    2025.SensorManager | Android Developers

    Android Developers. 2025.SensorManager | Android Developers. https://developer. android.com/reference/android/hardware/SensorManager Accessed: 2026-01-01

    2025

  4. [4]

    Apple Inc. 2020. Find My Network Accessory Specification - Re- lease R1. https://images.frandroid.com/wp-content/uploads/2020/06/Find_My_ network_accessory_protocol_specification.pdf. Accessed: 2026-01-01

    2020

  5. [5]

    Apple Inc. 2022. An update on AirTag and unwanted tracking. https://www.apple. com/newsroom/2022/02/an-update-on-airtag-and-unwanted-tracking/. Apple Newsroom, Accessed: 2026-01-14

    2022

  6. [6]

    Apple Inc. 2024. Apple Platform Security. https://help.apple.com/pdf/security/ en_GB/apple-platform-security-guide-b.pdf. Accessed: 2026-01-01

    2024

  7. [7]

    2026.Snatcher

    Anonymous Author(s). 2026.Snatcher. https://anonymous.4open.science/r/ Snatcher-4D25/ Anonymous repository for peer review. Last accessed: 2026-01- 14

    2026

  8. [8]

    Johannes K Becker, David Li, and David Starobinski. 2019. Tracking anonymized bluetooth devices.Proceedings on Privacy Enhancing Technologies(2019)

    2019

  9. [9]

    2015.Bluetooth Technology Protecting Your Privacy

    Bluetooth SIG. 2015.Bluetooth Technology Protecting Your Privacy. https://www. bluetooth.com/blog/bluetooth-technology-protecting-your-privacy/ Accessed: 2026-01-01

    2015

  10. [10]

    2025.Enhancing Device Privacy and Energy Efficiency with Blue- tooth Randomized RPA Updates

    Bluetooth SIG. 2025.Enhancing Device Privacy and Energy Efficiency with Blue- tooth Randomized RPA Updates. https://www.bluetooth.com/blog/enhancing- device-privacy-and-energy-efficiency-with-bluetooth-randomized-rpa- updates/ Accessed: 2026-01-01

    2025

  11. [11]

    2024.Bluetooth Core Specification

    Bluetooth Special Interest Group. 2024.Bluetooth Core Specification. Technical Report. Bluetooth SIG, Inc. https://www.bluetooth.com/specifications/specs/ core-specification-6-0/

    2024

  12. [12]

    Leon Böttger, Alexander Matern, Dennis Arndt, and Matthias Hollick. 2025. Okay Google, Where’s My Tracker? Security, Privacy, and Performance Evaluation of Google’s Find My Device Network.Proceedings on Privacy Enhancing Technologies (2025)

    2025

  13. [13]

    Lukas Burg, Max Granzow, Alexander Heinrich, and Matthias Hollick. 2022. OpenHaystack Mobile-Tracking custom find my accessories on smartphones. In Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 277–279

    2022

  14. [14]

    Albert Fox Cahn. 2021. Apple’s AirTags Are a Gift to Stalkers. https://www.wired. com/story/opinion-apples-air-tags-are-a-gift-to-stalkers/ Accessed: 2026-01-01

    2021

  15. [15]

    Guillaume Celosia and Mathieu Cunche. 2019. Saving private addresses: An analysis of privacy issues in the bluetooth-low-energy advertising mechanism. InProceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services. 444–453

    2019

  16. [16]

    Guillaume Celosia and Mathieu Cunche. 2020. Discontinued privacy: Personal data leaks in apple bluetooth-low-energy continuity protocols.Proceedings on Privacy Enhancing Technologies2020 (2020), 26–46

    2020

  17. [17]

    Junming Chen, Xiaoyue Ma, Lannan Luo, and Qiang Zeng. 2025. Tracking you from a thousand miles away! turning a bluetooth device into an apple AirTag without root privileges. In34th USENIX Security Symposium (USENIX Security 25). 4345–4362

    2025

  18. [18]

    Harry Eldridge, Gabrielle Beck, Matthew Green, Nadia Heninger, and Abhishek Jain. 2024. Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem. In33rd USENIX Security Symposium (USENIX Security 24). 5431–5448

    2024

  19. [19]

    Christopher Ellis, Yue Zhang, Mohit Kumar Jangid, Shixuan Zhao, and Zhiqiang Lin. 2025. Deanonymizing Device Identities via Side-channel Attacks in Exclusive- use IoTs & Mitigation. In2025 Proceedings of the Annual Network and Distributed System Security Symposium

    2025

  20. [20]

    Dañiel Gerhardt, Matthias Fassl, Carolyn Guthoff, Adrian Dabrowski, and Katha- rina Krombholz. 2025. AirTag-Facilitated Stalking Protection: Evaluating Un- wanted Tracking Notifications and Tracker Locating Features. In34th USENIX Security Symposium (USENIX Security 25). 1511–1530

    2025

  21. [21]

    Hadi Givehchian, Nishant Bhaskar, Eliana Rodriguez Herrera, Héctor Ro- drigo López Soto, Christian Dameff, Dinesh Bharadia, and Aaron Schulman

  22. [22]

    In2022 IEEE symposium on security and privacy (SP)

    Evaluating physical-layer ble location tracking attacks on mobile devices. In2022 IEEE symposium on security and privacy (SP). IEEE, 1690–1704

  23. [23]

    2025.Simple Pedometer

    Google. 2025.Simple Pedometer. https://github.com/google/simple-pedometer Accessed: 2026-01-01

    2025

  24. [24]

    Google LLC. 2023. 3 ways unknown tracker alerts on Android help keep you safe. https://blog.google/products-and-platforms/platforms/android/unknown- tracker-alert-google-android/. Google Blog, Accessed: 2026-01-14

    2023

  25. [25]

    Google LLC. 2023. Find Hub Network Accessory Specification (Find My Device Network / Fast Pair Extension), Version 1.3. https://developers.google.com/ nearby/fast-pair/specifications/extensions/fmdn. Version 1.3, December 2023. Accessed: 2026-01-01

    2023

  26. [26]

    Alexander Heinrich, Niklas Bittner, and Matthias Hollick. 2022. AirGuard - Protecting Android Users from Stalking Attacks by Apple Find My Devices. In Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’22). 26–38

    2022

  27. [27]

    Alexander Heinrich, Milan Stute, and Matthias Hollick. 2021. OpenHaystack: a framework for tracking personal bluetooth devices via Apple’s massive find my network. InProceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 374–376

    2021

  28. [28]

    Alexander Heinrich, Milan Stute, Tim Kornhuber, and Matthias Hollick. 2021. Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Blue- tooth Location Tracking System.Proceedings on Privacy Enhancing Technologies CCS ’26, November 15-19, 2026, Hague, Netherlands Ren et al. 2021, 3 (2021), 227–245. https://doi.org/10.2478/popets-2021-0045

    work page doi:10.2478/popets-2021-0045 2021

  29. [29]

    Alexander Heinrich, Leon Würsching, and Matthias Hollick. 2024. Please Unstalk Me: Understanding Stalking with Bluetooth Trackers and Democratizing Anti- Stalking Protection.Proceedings on Privacy Enhancing Technologies(2024)

    2024

  30. [30]

    Apple Inc. 2021. What to do if you get an alert that an AirTag, set of AirPods, Find My network accessory, or compatible Bluetooth location-tracking device is with you. https://support.apple.com/en-us/119874 Accessed: 2026-01-01

    2021

  31. [31]

    Apple Inc. 2025. Find My Network. https://developer.apple.com/find-my/ Accessed: 2026-01-01

    2025

  32. [32]

    Anu Jagannath, Zackary Kane, and Jithin Jagannath. 2022. RF Fingerprinting Needs Attention: Multi-task Approach for Real-World WiFi and Bluetooth. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference. 4607–4612. https://doi.org/10.1109/GLOBECOM48099.2022.10001572

    work page doi:10.1109/globecom48099.2022.10001572 2022

  33. [33]

    Peter Keating and Andrew J King. 2015. Sound localization in a changing world. Current Opinion in Neurobiology35 (2015), 35–43. https://doi.org/10.1016/j.conb. 2015.06.005 Circuit plasticity and memory

    work page doi:10.1016/j.conb 2015

  34. [34]

    Brent Ledvina, Zachary Eddinger, Ben Detwiler, and Siddika Parlak Polatkan. 2026. Detecting Unwanted Location Trackers. Internet-Draft draft-ledvina-apple-google- unwanted-trackers-02. Internet Engineering Task Force. https://datatracker.ietf. org/doc/draft-ledvina-apple-google-unwanted-trackers/02/ Work in Progress

    2026

  35. [35]

    Yeming Li, Hailong Lin, Jiamei Lv, Yi Gao, and Wei Dong. 2024. BLE Location Tracking Attacks by Exploiting Frequency Synthesizer Imperfection. InIEEE INFOCOM 2024-IEEE Conference on Computer Communications. IEEE, 1860–1869

    2024

  36. [36]

    Xiaofeng Liu, Chaoshun Zuo, Qinsheng Hou, Pengcheng Ren, Jianliang Wu, Qingchuan Zhao, and Shanqing Guo. 2025. A Thorough Security Analysis of {BLE} Proximity Tracking Protocols. In34th USENIX Security Symposium (USENIX Security 25). 5347–5364

    2025

  37. [37]

    Ryan Mac and Kashmir Hill. 2021. Are Apple AirTags Being Used to Track People and Steal Cars? https://www.nytimes.com/2021/12/30/technology/apple-airtags- tracking-stalking.html Accessed: 2026-01-01

    2021

  38. [38]

    Rye, Brandon Sipes, and Sam Teplov

    Jeremy Martin, Douglas Alpuche, Kristina Bodeman, Lamont Brown, Ellis Fenske, Lucas Foppe, Travis Mayberry, Erik C. Rye, Brandon Sipes, and Sam Teplov

  39. [39]

    https://api.semanticscholar.org/CorpusID:189928065

    Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol.Proceedings on Privacy Enhancing Technologies2019 (2019), 34 – 53. https://api.semanticscholar.org/CorpusID:189928065

    2019

  40. [40]

    Travis Mayberry, Erik-Oliver Blass, and Ellis Fenske. 2023. Blind My-An Im- proved Cryptographic Protocol to Prevent Stalking in Apple’s Find My Network. Proceedings on Privacy Enhancing Technologies(2023)

    2023

  41. [41]

    Haroon Rashid and Ashok Kumar Turuk. 2015. Dead reckoning localisation technique for mobile wireless sensor networks.IET Wireless Sensor Systems5, 2 (2015), 87–96

    2015

  42. [42]

    Romigh and Brian D

    Griffin D. Romigh and Brian D. Simpson. 2014. Do you hear where I hear?: isolating the individualized sound localization cues.Frontiers in Neuroscience8 (2014), 370. https://doi.org/10.3389/fnins.2014.00370

    work page doi:10.3389/fnins.2014.00370 2014

  43. [43]

    Thomas Roth, Fabian Freyer, Matthias Hollick, and Jiska Classen. 2022. AirTag of the Clones: Shenanigans with Liberated Item Finders. In2022 IEEE Security and Privacy Workshops (SPW). 301–311. https://doi.org/10.1109/SPW54247.2022. 9833881

    work page doi:10.1109/spw54247.2022 2022

  44. [44]

    Samsung Electronics Co., Ltd. 2025. Developing Your SmartThings Find Device. https://developer.smartthings.com/docs/devices/mobile-connected/ developing-your-find-device. Accessed: 2026-01-01

    2025

  45. [45]

    Narmeen Shafqat, Nicole Gerzon, Maggie Van_Nortwick, Victor Sun, Alan Mis- love, and Aanjhan Ranganathan. 2023. Track you: A deep dive into safety alerts for apple airtags.Proceedings on Privacy Enhancing Technologies2023, 4 (2023)

    2023

  46. [46]

    George-Alexandru Stoian, Thiemo Voigt, and Christian Rohner. 2025. Augment- ing BLE Fingerprinting Using Instantaneous Frequency. In18th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 274–279

    2025

  47. [47]

    Kieron Ivy Turk and Alice Hutchings. 2024. Stop Following Me! Evaluating the Malicious Uses of Personal Item Tracking Devices and Their Anti-Stalking Features. InProceedings of the 2024 European Symposium on Usable Security. 277–289

    2024

  48. [48]

    Jianliang Wu, Patrick Traynor, Dongyan Xu, Dave Jing Tian, and Antonio Bianchi

  49. [49]

    In33rd USENIX Security Symposium (USENIX Security 24)

    Finding traceability attacks in the bluetooth low energy specification and its implementations. In33rd USENIX Security Symposium (USENIX Security 24). 4499–4516

  50. [50]

    Tingfeng Yu, James Henderson, Alwen Tiu, and Thomas Haines. 2024. Security and Privacy Analysis of Samsung’s {Crowd-Sourced} Bluetooth Location Track- ing System. In33rd USENIX Security Symposium (USENIX Security 24). 5449–5466

    2024

  51. [51]

    Yue Zhang and Zhiqiang Lin. 2022. When good becomes evil: Tracking bluetooth low energy devices via allowlist-based side channel and its countermeasure. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 3181–3194. A Ethics Considerations All attacks described in this paper were performed on our own de- vices and mim...

    2022