Former Marine created high-tech Bluetooth signal sniffer to find Nancy Guthrie
The “ethical hacker” behind the Bluetooth “signal sniffer” now being used to search for Nancy Guthrie’s pacemaker says he developed the high-tech tool specifically to aid in the search for the missing matriarch — and that he is now creating an app to expand the effort.
David Kennedy, CEO of TrustedSec, explained that the sniffer, which has been mounted on a Pima County Sheriff’s helicopter hovering over Tucson, Arizona, can detect devices up to 800 feet away.
A former Marine and cyber expert who has conducted missions for the National Security Agency (NSA), Kennedy told The Post that he saw an opportunity to help after learning that Savannah Guthrie’s mother uses a Bluetooth-enabled pacemaker. “When this whole Nancy Guthrie case came out, law enforcement said her pacemaker had disconnected from her phone, which indicated she’s using one of the newer pacemakers with Bluetooth connectivity,” Kennedy said.
Kennedy previously worked with pacemaker companies to test devices against hacks, ensuring no one could drain the battery or cause a short circuit. From that work, he developed software designed to detect Bluetooth low-energy devices.
“Bluetooth has very low transmit power, but with signal amplifiers, high-gain antennas, and software-defined radios, we can significantly extend the range,” Kennedy explained. He tested the system by attaching a Bluetooth sniffer to a drone, scanning for devices up to 800 feet away.
Kennedy then coordinated with law enforcement, sending colleagues to Pima County to assist in the search for the 84-year-old. Bluetooth operates at about 2.4 gigahertz, similar to many other wireless devices. In ideal conditions with no obstacles, Kennedy believes the sniffer could detect a pacemaker up to 5,000 feet away, though walls, terrain, and the fact that the pacemaker is inside a person reduce that range.
“A Bluetooth low-energy device only has about 10 milliwatts of transmit power, roughly a 30-35 foot radius. How do we get 800 feet from that? We’re not trying to communicate in a two-way relationship. Instead, we create a large bubble of energy to reach that small device, which extends the effective radius,” Kennedy said.
The TrustedSec founder tested the sniffer by placing a Bluetooth device under his arm, confirming its ability to detect nearby devices and giving him confidence it could help locate Nancy.
“What this sniffer does is look only for the physical address of Nancy’s device. There are millions of Bluetooth devices out there, but we can home in just on hers,” he said. “It filters out all the noise, and if it gets close enough, it can actively scan for responses from the device.”
Nancy’s pacemaker being paired with her phone makes the approach possible. “When the device is out of range of her phone, it continually reaches out to reconnect. This makes detection feasible,” Kennedy said. Even if the pacemaker uses MAC address randomization — a method meant to hide device addresses — the sniffer can “unmask” it using an identity-resolving key (IRK).
However, challenges remain. “You need to be in the right location while transmitting to identify it, then triangulate the position,” Kennedy said. If the pacemaker has been damaged, intentionally or accidentally, the system may not work.
To expand the search, Kennedy is now developing a mobile app. “With the device’s physical address, the entire community could become scanning devices. People could download the app, press ‘Find Nancy,’ and any hits would notify law enforcement of the device’s location,” he said.
Nancy Guthrie was reported missing on February 1. Authorities say they have received between 40,000 and 50,000 leads in the case.
About Post Author
