Using Bluetooth Beacons for Jungle Vehicle Poacher Tracking

There’s new research by Karan Juj and Charith Perera of Cardiff University on Exploring the Suitability of BLE Beacons to Track Poacher Vehicles in Harsh Jungle Terrains (pdf). The paper describes a real world study conducted in a Malaysian jungle that tracks poacher vehicles.

Deep jungle terrain has challenges because GPS doesn’t work, there’s no cellular connection and 100% humidity can hinder wireless signal.

The study mounted Bluetooth beacons beside a road and placed a concealed receiver inside a vehicle:

The researchers tested various types of obstructions that would be faced in deployment and measured the reliability of detecting beacons from under bonnet:

After extensive evaluation, the researchers found that Bluetooth LE beacons can be successfully used in jungle terrains to a track vehicle.

What is Bluetooth Beacon Technology?

Bluetooth beacons use Bluetooth LE, a low power version of Bluetooth to repeatedly send out a short amount of data typically up to 50m but in some cases hundreds of metres. The data usually includes an identifier in various standard formats such as iBeacon or Eddystone. It can also include sensor data.

The beacon advertising can be picked up by other Bluetooth LE devices such as smartphones, WiFi gateways to send to a server and single board computers such as the Raspberry Pi.

The key features are:

  • Low power and hence can work for up to years on battery power
  • Interoperability with a large number of other Bluetooth LE devices
  • The underlying Bluetooth LE protocol is resilient to electrical interference
  • Sensing without the need for soldering or custom electronics

To learn more about the physical aspects of beacons and the actual advertising, see our article on What are Beacons?

Read more about beacons for IoT sensing.

Wireshark Supports Bluetooth Mesh

Wireshark has announced support for the Bluetooth Mesh Beacon, PB-ADV, Provisioning PDU and Proxy Bluetooth mesh protocols.

Wireshark is a protocol analyser that takes packets and decodes into human readable data. It’s usually used with other hardware and software as the last stage in processing captured data. For example, you can use Wireshark with the Nordic nRF sniffer, on Adafruit hardware and on Linux.

In the case of Bluetooth mesh, data packets are encrypted. In fact, data is double encrypted in that first the data is encrypted and then the packets. This means that while you can capture packets you can only see the packet types and Bluetooth mesh metadata. You won’t be able to decrypt the actual data. It’s more useful for determining the type and size of traffic for mesh traffic optimisation.

Read about Beacons and the Bluetooth Mesh

A Push for Bluetooth 5 Long Range

There’s a push by the Bluetooth SIG at the moment, promoting long range Bluetooth that appeared with Bluetooth 5 in June 2016. This is presumably because, to date, there haven’t been many long range end-user products. There aren’t many devices out there because you need Bluetooth 5 hardware at both ends of communication and existing devices can’t be upgraded.

Device manufacturers have been waiting for the ‘device at the other end of the communication’ (beacons, sensors, smartphones, single board computers) to become compatible before creating new products using Bluetooth 5 which is a chicken and egg situation. There are also tradeoffs around backwards compatibility and battery power. It’s more complex to create a device that supports Bluetooth 5 and is backwards compatible with Bluetooth 4. Advertising both at the same time uses more power and hence reduces the battery lifetime.

In order to validate Bluetooth 5’s long range claims, Nordic have a new blog post testing long range. The post gives a good explanation of path loss, outside vs inside and deterioration of the signal due to precipitation, humidity and reflected signals. Nordic also have an older post comparing the range of BLE, ZigBee and Thread Protocols.

Read more about Bluetooth 5

iBeacons for Android, iBeacons for iOS

We often gets asked what are the best beacons for iOS and/or Android. As mentioned in our post on Which Beacons Are The Most Compatible, all beacons, whether iBeacon or Eddystone, are compatible with iOS and Android.

The universal compatibility comes about because all beacons are slight derivations of a few standard circuit designs and firmware provided by Texas Instruments, Dialog and Nordic who produce the System On a Chip (SoC) inside beacons.

Instead, you should be looking at more physical aspects such as battery size, battery life, range, on-off buttons, waterproofing and included sensors.

View iBeacons

Tesla Model 3 is an iBeacon

There’s an article at The Parallax on how the Tesla Model 3 constantly sends out iBeacon advertising. This allows the Android/iOS app to see the car and consequently unlock and start the car without a key. Martin Herfurt, a security expert for Austria, claims this is a security and privacy vulnerability.

Tesla’s response has been:

“BLE tracking is something we’ve discussed internally, and we revisited this discussion after receiving your report. However, our current assessment is that randomizing BLE identifiers would not result in significant privacy gains due to the ubiquity of automated license plate readers”

What Tesla is saying is that there are other ways to track cars so they believe it’s not a issue.

The security researcher can detect cars up to 50m away and said…

“… the range can be easily extended with a directional antenna, possibly to reach up to a mile away”

We would like to know how to ‘easily’ get such a directional antenna as, to our knowledge, no such thing exists. 50m range advertising is just that and can’t be extended significantly by changing the receiver antenna.

However, the Tesla Model 3 being an iBeacon raises the question whether this is a significant privacy concern. Indeed, anything or anyone advertising Bluetooth can turn into a privacy concern. In the article, connected-car security researcher Tim Brom says it can be a concern if you’re a high-value target of any kind or worried about a stalker.

Even when id’s or randomized or cycled, as in the case of Eddystone EID, the mere presence of Bluetooth advertising can reveal the presence of something that needs to be concealed. For example, Wired recently wrote Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones.

The learning is that you shouldn’t blindly implement Bluetooth without considering the security implications and providing mitigations. In the case of Tesla, they could have had an option for security conscious users to turn off Bluetooth and instead use a key.

Changing the Battery in the F4 Tracker Beacon

We recently started selling the Minew F4, a quality tracking beacon with external on/off button, 85dBm buzzer and range of up to 50m. The battery last about 6 months. Minew have a video how to change the battery:

There’s a T-Finder iOS and Android app on the app stores but the intention is that this beacon will be used with your own apps and solutions using the supplied Android and iOS SDK.

View Tracker Beacons

iBeacon App Development Companies

There are a large number of offshore development companies currently spamming social media, claiming to do iBeacon development. We recommend you do your due dilligence before engaging development as many like to say ‘yes’ to anything and it’s often companies such as ours that have to pick up the pieces.

Here’s are some things to consider when looking for an iBeacon app developer:

  • Can they give examples of iBeacon apps they have written?
  • Can they give you references to past work who you can talk to?
  • Do they release development versions regularly so you can test and gauge progress? If everything is released at the end, it’s likely you are going to end up disappointed.
  • Who will actually be doing the development? There can be intermediaries in the development ecosystem that confuse and compound communications problems. Right from the start, you need to be talking direct with the person who will be doing the development.
  • Do they really understand you? Many aren’t native English speakers and if you are getting misunderstandings during initial engagement, this doesn’t bode well for the development.
  • Have they provided constructive comments on your proposed app rather than just saying ‘yes’? Developers should be able to improve on your ideas so as to get the best out of iOS and Android.
  • Getting iBeacon apps through Apple approval can be difficult. Can they give you examples why and the possible mitigations?

App development is an area where cheapest isn’t usually the best. Compromised development will cost you in the longer term through late or aborted development, tricky problems, significant end user support, poor app reviews and difficulty adapting the apps in the future for future phones and new features.

Beaconzone was founded by app developers in 2015 after we had previously created several iBeacon art gallery apps. We have since written many more iBeacon and Bluetooth LE apps on iOS and Android.
Read about beaconzone solutions

What’s Wrong with Bluetooth Mesh?

Researchers from TU Darmstadt, Germany have a new paper Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept that looks into weaknesses in the security model underlying the Bluetooth mesh friendship mechanism.

Friendship allows a low-power IoT device to go to sleep with a separate higher-power node caching packets until the lower power device wakes up. The paper provides an overview of friendship and the Friendship Security Material(FSM) unique to this type of communication.

The researchers found three flaws in the Bluetooth friendship mechanism related to:

  • The possibility of eavesdropping on communication and selectively jamming based on size of the control messages.
  • The lack of protection of the friend security keys against an insider attack.
  • The possibility of misuse of Friend Clear messages to cause a form of denial of service attack through flattening the battery.

The paper includes a reference to tools that demonstrate these problems and discusses possible mitigations.

The Bluetooth SIG responded:

Compromise of the friendship relationship results only in a compromise of the availability of the low power node to the other nodes in the subnet.

It is the conclusion of the working group that the friendship relationship between an LPN and its friend within a mesh subnet is not intended to be secured against attack by a party already in possession of the network key.

It is the position of the Mesh Working Group and the Bluetooth SIG that neither scenario provides additional security risk for a user of the Mesh profile

In other words, the risks are appropriate to the level to which the mesh is expected to be used or attacked.

We have yet to come across any devices using friendship. Friendship is an edge case that isn’t required in most instances. Also, most existing low power devices can’t be upgraded to use mesh due to the higher memory requirement of Bluetooth Mesh.

Read about Beacons and the Bluetooth Mesh

nRF Connect Features

Nordic, the manufacturer of the System on a Chip (SoC) in most beacons, has a new blog post on Five Things You Didn’t Know About Nordic’s Mobile Development Apps. The post mentions less visible features of nRF Connect on iOS and Android. For example, you can get a useful RSSI graph by dragging the screen towards the right from the centre:

nRF Connect is the main app we recommend for testing beacons. iOS recently received a completely new version. nRF Connect also has macros that can speed up testing.