Using RF Power Levels to Defeat MAC Address Randomization Enabling Passive Device Tracking

This report presents a proof-of-concept showing that passive correlation of RSSI (signal power) and timing can link randomized MAC addresses in BLE devices across rotation events, enabling persistent tracking despite MAC randomization. The author describes scanning methodology, observed signal behavior when devices appear/disappear, real-world data confirming the technique, and suggests software mitigations (e.g., manipulating signal characteristics at rotation) to reduce the privacy risk.