They use a Raspberry Pi to use nearby wireless signals to help determine if you're being followed
During Black Hat 2022, Matt Edmondson, a federal agent who has worked for the US Department of the Interior, I present the development of a team to detect nearby Bluetooth and Wifi devices to make sure you're not being tracked.
To help promote the solution he developed and also help people who might need it, the federal agent presented it at the Black Hat event in Las Vegas in early August. and made the code available on GitHub.
It is mentioned that the decision to design the device it is because after being contacted by a friend his to find out if he could have a device that would let him know if he was being tracked, Matt Edmondson realized after much research that no tool existed that could help his friend.
Seeing the problem that this represents For people who, for reasons of high confidentiality, need to know if they are being traced, Matt Edmondson, who is a hacker and digital forensics expert, embarked on the project of designing a team that meets these needs.
To do it, turned to a Raspberry Pi 3 and installed Kismet on it, which is a wireless network and device detector, a sniffer, a monitoring tool and a WIDS framework (wireless intrusion detection). He then combined it with a battery to make it more functional, because the anti-tracking tool is designed to be used on the go. Finally, it also has a screen that allows the reading of the data analyzed in real time.
To make it work, Edmondson simply encoded instructions in Python which launch an SQLite file with a .kismet extension and build lists of discovered devices at 5-10 minute, 10-15 minute, and 15-20 minute intervals.
Then it analyzes Wifi or Bluetooth connections and logs every minute in its database the new Wi-Fi or Bluetooth devices located in the area in the different time intervals. Every minute, the device compares the detected devices with those registered in the different categories of lists (5-10 minutes, 10-15 minutes and 15-20 minutes) and sends an on-screen alert if a device matches the one already registered in the lists. lists
To avoid false alerts, Edmondson specifies that at any time it is possible to create an exclusion list by entering the MAC addresses that are already contained in the Kismet database. In such a case, the excluded device will be ignored for the rest of the session. Also, you can delete or recreate the list at any time.
One of the obvious problems that the hacker encounters is that when scanning devices, not all devices connect to Wifi or use Bluetooth. Similarly, many devices use MAC address randomization to hide their true address. Therefore, you must go beyond MAC addresses for detection. One solution found by Edmondson is that Kismet also stores discovered device logs in JSON format. These logs can be analyzed later to ensure that one has not been traced. But for real-time detection of devices not connected to Wifi or Bluetooth, a workable solution must be found.
But already, Edmondson explains that he lives near the desert and therefore tested the system in his car while driving in places where no one else was, taking with him several phones that can be detected by the tool. Edmondson says he thinks the tool can be effective because "you always have your phone in your pocket or on the seat next to you." After designing this tool, a friend of his who worked in another ministry used the device and found it useful.
In the future, Edmondson plans to improve its tool to support more Wi-Fi adapters, more wireless protocols and integrate GPS tracking. For those who are also interested in this tool, Edmondson has posted your code on GitHub and notes that the devices used to build it can be easily found.
Finally, if you are interested in being able to know more about it, you can consult the details in the following link.