Is it possible anyone to clone our bluetooth address?

Is it possible that someone can clone a bluetooth address? If so, what methods can be used to verify the "real" bluetooth address? Because I have a keyless project , and my code only verifies from bluetooth address.

This is my code :

#include <BLEDevice.h>
#include <BLEUtils.h>
#include <BLEScan.h>
#include <BLEAdvertisedDevice.h>
String knownBLEAddresses[] = {"xx:yy:zz:aa:bb:cc"};
bool device_found;
int scanTime = 1; //In seconds
bool session = false;
BLEScan* pBLEScan;
class MyAdvertisedDeviceCallbacks: public BLEAdvertisedDeviceCallbacks {
    void onResult(BLEAdvertisedDevice advertisedDevice) {
      for (int i = 0; i < (sizeof(knownBLEAddresses) / sizeof(knownBLEAddresses[0])); i++)
        //Uncomment to Enable Debug Information
        if (strcmp(advertisedDevice.getAddress().toString().c_str(), knownBLEAddresses[i].c_str()) == 0)
          device_found = true;
          device_found = false;
      Serial.printf("Advertised Device: %s \n", advertisedDevice.toString().c_str());
void setup() {
  Serial.begin(115200); //Enable UART on ESP32
  Serial.println("Scanning..."); // Print Scanning
  pinMode(LED_BUILTIN, OUTPUT); //make BUILTIN_LED pin as output
  pBLEScan = BLEDevice::getScan(); //create new scan
  pBLEScan->setAdvertisedDeviceCallbacks(new MyAdvertisedDeviceCallbacks()); //Init Callback Function
  pBLEScan->setActiveScan(true); //active scan uses more power, but get results faster
  pBLEScan->setInterval(100); // set Scan interval
  pBLEScan->setWindow(99);  // less or equal setInterval value
void loop() {
  // put your main code here, to run repeatedly:
  BLEScanResults foundDevices = pBLEScan->start(scanTime, false);  
  if (session == false)
    for (int i = 0; i < foundDevices.getCount(); i++)
      BLEAdvertisedDevice device = foundDevices.getDevice(i);
      int rssi = device.getRSSI();
      Serial.print("RSSI: ");
      if (rssi > RSSI_THRESHOLD && device_found == true)
        session = true;
      if (session == true)
        digitalWrite(LED_BUILTIN, HIGH);
    pBLEScan->clearResults();   // delete results fromBLEScan buffer to release memory

Not a very good idea. First, you can spoof a BLE address. Second, if you're interfacing to an app, some platforms will not provide the "real" address to your code. Apple/iOS has been doing this for some time and I think Android and Microsoft are also doing it now. This is for user privacy to make it harder to track someone by their bluetooth address, so the BLE stack on the device itself will provide a "fake" and variable address to the application.

Lots of processors have a unique ID, maybe try using that?

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.