Previous research demonstrated that Bluetooth Low Energy beacons enable very accurate indoor positioning. This leads to the question whether a Bluetooth Mesh network could inadvertently serve the same purpose, leading to unexpected location privacy violations. We analyze the information broadcasted by a typical Bluetooth Mesh installation and show that it can indeed be utilized by a potentially malicious smartphone app in order to localize a smartphone user within a building. This is facilitated by the unique Bluetooth device address regularly emitted by each mesh node.

Further, we show that implementing address randomization on the side of the mesh network completely prevents this type of positioning without having a negative impact on the functioning of the mesh network.

先前的研究表明，蓝牙低功耗信标可以实现非常精确的室内定位。这就引发了一个问题，即蓝牙网状网络是否会无意间达到相同的目的，从而导致意外的位置隐私侵犯。我们分析了典型Bluetooth Mesh安装所广播的信息，并表明该信息确实可以被潜在的恶意智能手机应用程序利用，以便在建筑物内定位智能手机用户。每个网状节点定期发出的唯一蓝牙设备地址有助于此操作。

此外，我们表明，在网状网络一侧实施地址随机化可以完全防止此类定位，而不会对网状网络的功能产生负面影响。