3

iOS 13 follows "LE privacy" rule, it sends BLE beacon packets with random MAC address, which keep changing periodically. But "hcitool scan" command shows iOS's bluetooth public MAC address. I guess it violates "LE privacy" rule.

I checked BLE sniffer log, iOS just advertise with random MAC address and manufacture data. iOS does not send public MAC address. I cannot find any packet with public MAC address. Do you know how hcitool get iOS's public MAC address?

Scan side: Linux raspberrypi 4.19.93-v7l+, Bluez 5.37

Beacon side: iPhone8, iOS13.3, Setting app, Bluetooth setting screen.

These devices have not paired before.

Youssif Saeed
  • 11,789
  • 4
  • 44
  • 72
user1418067
  • 304
  • 1
  • 8

1 Answers1

2

"hcitool scan" use Bluetooth classic (BR/EDR). "hcitool lescan" use Bluetooth Low Energy(BLE).

On Bluetooth classic, "LE privacy" rule is not applied. Public MAC address is exchanged.

user1418067
  • 304
  • 1
  • 8