> All wireless devices have small manufacturing imperfections in the hardware that are unique to each device. These fingerprints are an accidental byproduct of the manufacturing process. These imperfections in Bluetooth hardware result in unique distortions, which can be used as a fingerprint to track a specific device.
>For Bluetooth, this would allow an attacker to circumvent anti-tracking techniques such as constantly changing the address a mobile device uses to connect to Internet networks.
It's like sci fi movies where they track ships based on their engines. Turn off your transponder and they still know who you are, unless you really try to camouflage yourself.
Address randomization helps but it's not enough. The phone still transmits at a regular cadence so it's pretty easy to figure out which old address has changed into which new address and keep tracking the same device.
By tracking all devices, noting when one address disappears and a new one appears, and correlating it with the perceived signal strength to reasonably guess whether this is the same device vs. a new one entering your detection radius. On top of that, there is often a fair amount of information besides the address in the contents of the advertisement packet, the set of services this device implements, battery level, manufacturer data fields, ... - much like browser fingerprinting by checking for fonts and canvas edge cases.
Maybe not easy, but also not hard. The only thing that screws you up is someone playing with the airplane mode toggle of their phone while moving within your detection radius.
>For Bluetooth, this would allow an attacker to circumvent anti-tracking techniques such as constantly changing the address a mobile device uses to connect to Internet networks.