Security researchers have revealed that the privacy of smartphone and fitness tracker users is at risk due to leaky Bluetooth Low Enegry (BLE) technology.
Researchers from security firm Context have revealed that devices using embedded BLE technology, such as the iPhone and numerous fitness trackers, can be easily tracked from up to 100m way.
Scott Lester, a senior researcher at Context, said: "Many people wearing fitness devices don't realise that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device."
"Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device - that may belong to a celebrity, politician or senior business executive - within 100 metres in the open air.
"This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples' movements."
The firm has developed an app that scans, detects and logs wearable devices in an attempt to show how easy it is to track signals transmitted by gadgets.
One exec using the app, called Ramble, managed to collect data from almost 150 unique devices in a 30 minute period. These devices included fitness trackers out of FitBit and Jawbone, and the iPhone, which users BLE for its iBeacon technology.
However, the company points out that BLE technology is also used in smartphones running Android 4.3 and above, BlackBerry 10, Windows 8 and Windows 8.1.
Context cannot confirm whether the Apple Watch is also at risk, but says that the wearable "presumably supports" BLE.
This leak of information likely comes due to the fact that the MAC address doesn't change for BLE devices in most cases.
"My own fitness tracker has had the same MAC address since we started the investigation, even though it's completely run out of battery once," Lester said.
"Sometimes the transmitted packets also contain the device name, which may be unique, such as the 'Garmin Vivosmart #12345678', or even give the name of the user, such as 'Scott's Watch'."
"While the ability to detect and track devices may not present a serious risk in itself, it certainly has the potential to compromise privacy and could be part of a wider social engineering threat," Lester concludes.
Bluetooth SIG, which developed the BLE technology, has yet to comment on the report.
However, the firm has said that it predicts that, bu 2018, more than 90 percent of Bluetooth-enabled smartphones will feature embedded BLE.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal