Remix.run Logo
pixl97 7 hours ago

> even medical devices constantly broadcast their presence

I mean yes, said medical devices are a whole lot less useful to me if they are not transmitting data. For some of this stuff you can't have your cake and eat it too.

0x1ch 7 hours ago | parent | next [-]

I was wardriving my neighborhood and realized my elderly neighbor's CPAP machine is broadcasting some type of BT signal 24/7. I imagine it's transmitting some important stats, but it did make me have a 2nd thought about medical devices being IoT or BT enabled.

wolvoleo 3 minutes ago | parent | next [-]

Yeah I always keep my cpap on airplane mode. It even had 5G. The therapist complains they can't monitor it but I have to come in with the machine and SD card every few months so they can check it then. They don't need 24/7 access.

kccqzy 5 hours ago | parent | prev | next [-]

> being IoT or BT enabled

Please don’t conflate these two. I have lots of BLE wearables and other sensors. They only send data to my own computer which I control, unlike IoT devices which by definition send to a third party on the Internet. To me it is far more important to protect against strangers on the Internet versus someone wardriving the neighborhood.

On a related note, did you know that EU has a Radio Equipment Directive (RED 2014/53/EU) that came into effect in 2025. It all but guarantees that such Bluetooth communication will be encrypted.

bigiain an hour ago | parent [-]

> I have lots of BLE wearables and other sensors. They only send data to my own computer which I control

That's perhaps technically correct, but a naive interpretation of the risk. I don't need to see the data your BLE devices are sending you, all I need is traffic analysis and meta data from the signals they are broadcasting - and they broadcast that to anyone within detection range which includes attackers with much higher gain antennas than you who can likely pick up those broadcasts at ten times the distance any of your devices will communicate at.

"Flying helicopters low and slow over the Tucson desert in Arizona, the FBI has been using "signal sniffers" to try to locate Nancy Guthrie's pacemaker.

As the search for the 84-year-old mother of US Today show anchor Savannah Guthrie entered its third week, investigators took to the sky with advanced bluetooth technology.

They were hoping to pick up signals emitted from the device implanted in Ms Guthrie's chest to help trace her whereabouts, US media outlets NewsNation and Fox News reported."

https://www.abc.net.au/news/2026-02-16/nancy-guthrie-pacemak...

3 hours ago | parent | prev [-]
[deleted]
dietr1ch 6 hours ago | parent | prev | next [-]

What forces devices to constantly stream data? You can batch updates and probably save power thanks to it.

kccqzy 5 hours ago | parent [-]

Because these BLE devices are so cheap that they don’t have storage. And BLE transmission is already very power efficient: the power consumption of BLE is probably the same order of magnitude as powering flash storage.

xanrah 7 hours ago | parent | prev [-]

There’s a middle ground here. There is no technical reason a pacemaker constantly broadcasts itself - there is ways to allow communication to such devices without yelling your name all the time. And there is definitely no reason for such a name to be a unique identifier.

ssl-3 37 minutes ago | parent | next [-]

There are technical reasons, though.

Let's suppose we have a pacemaker, and it has data that is beneficial to read -- maybe even in real-time on their pocket computer, or opportunistically as the patient walks by their reader-device, or however that is done.

So we want this data, and we want it over RF. It probably seems obvious that it should only transmit when it is told to do so, right?

So how do we tell the pacemaker to transmit? On its face, that problem seems solved by integrating a receiver that sits and waits for a valid instruction.

Except: That receiver takes power to run. And since changing batteries inside of a person is problematic, we want them to last as long as they can while still performing the desired task.

Now we get to the not-obvious part: In terms of power, it's often less costly to intermittently transmit a string of data than to continuously operate a radio receiver. And maybe it's a bad idea to have an implanted pacemaker that has an open receiver for anything nearby to try to fuck with, anyway.

But a transmit-only radio? Good luck hacking that.

So... we do intermittent transmission, and this works for pacemakers. It also works for the cheap Zigbee thermometer I have (wherein I don't normally request the temperature; it just delivers it periodically, and it runs for years and years on a coin cell).

(Now: Should that pacemaker data be encrypted? Yes, of course. And so should the ID. In fact, the whole transmission should be indistinguishable from background noise by unrelated devices. In this way, authorized devices can then use pre-shared keys to receive and decode these messages and others receive nothing. That kind of cuts BLE and thus also the pocket computer out of the monitoring mix, but tradeoffs are tradeoffs.)

pixl97 6 hours ago | parent | prev [-]

I mean if not a name, how would a mac id be any different?