'Randomize Mac Address Bluetooth LE Broadcast

As far as I know some android phones today can act as BLE beacon (this feature is usually disabled in most devices ) . When an android device is acting as a beacon and is discoverable , is it's MAC address randomised ? Can we in any way not show the actual MAC id when the device is discoverable ?



Solution 1:[1]

Most newer Android devices with 5.0+ have support for Bluetooth LE peripheral mode, meaning they can transmit as beacons. The feature is present in Android 5.0+, but some manufacturers have chosen to disable support on certain models, especially older models. You can see a list of devices known to support and not support this feature here: http://altbeacon.github.io/android-beacon-library/beacon-transmitter-devices.html

When the feature is enabled, the MAC address is not randomized during transmission, and the transmission includes the device's actual bluetooth MAC address, allowing receiving devices to read this MAC address.

EDIT: Subsequent testing has proven to me that the above statement is incorrect. The MAC address is randomized each time the transmitter is restarted. You can see a proof of this here.

There is no mechanism in Android to change this.

When scanning on Android, the actual MAC address from the transmission is returned. To prove this, I started an iOS beacon transmitter using the Locate app on an iPod Touch 5th Generation with iOS 8.3, and simultaneously scanned for the device on both a Linux device as well as a Nexus 5X with Android 6.0:

Android Locate Beacon App on Nexus 5X with Android 6.0: MAC address: 60:35:48:79:D8:08

Linux Bluez sudo hcitool lescan: MAC address: 60:35:4B:79:D8:0B

As you can see, both devices read the same MAC address, proving that it is not spoofed on scan in either Android or Linux.

Two more notes:

  • The Bluetooth MAC address reported by the iPod Touch with iOS 8.3 in Settings -> General -> Bluetooth reports 2C:FF:EE:xx:xx:xx (last three octets blanked out) differs from the address transmitted. This suggests that iOS randomizes the MAC address when transmitting.

  • The Bluetooth MAC address detected by Linux and Android does not change when you stop and restart advertising on the iOS device, suggesting iOS retains the same randomized address across restarts. After rebooting the iOS device and restarting transmission, both Linux and Android detected a different MAC address: 46:59:C9:CB:0C:D5. This suggests that the randomized transmitted MAC is changes across restarts on iOS.

Solution 2:[2]

Android Locate Beacon App on Nexus 5X with Android 6.0: MAC address: 60:35:48:79:D8:08

Linux Bluez sudo hcitool lescan: MAC address: 60:35:4B:79:D8:0B

As you can see, both devices read the same MAC address, proving that it is not spoofed on scan in either Android or Linux.

Do you not see the difference?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Community
Solution 2 lolz