The “ethical hacker” who created the Bluetooth “signal sniffer” being used to try and track Nancy Guthrie’s pacemaker said he created the high-tech tool specifically for the search to find the missing matriarch — and that he is now creating an app.
David Kennedy, the CEO of TrustedSec, said the sniffer, which has been attached to the Pima County Sheriff’s helicopter hovering over Tucson, Arizona, has a range of up to 800 feet.
The renowned “ethical hacker” and former Marine who conducted cyber missions for the National Security Agency (NSA) told The Post that he knew he had an opportunity to help after it was revealed that the mother of “Today” show host Savannah Guthrie had a pacemaker.
“When this whole Nancy Guthrie case came out, law enforcement said that her pacemaker had disconnected from her phone, which would indicate that she’s using one of the newer brand pacemakers that have Bluetooth connectivity,” Kennedy said.
Kennedy had previously worked with pacemaker companies to test their ability to withstand hacks, ensuring that no one can “drain the battery or cause it to short circuit,” he explained.
“From there, I wrote a software tool that specifically looks for Bluetooth low energy devices,” the tech whiz continued.
“Bluetooth has a very low transmit power. But with signal amplifiers, high gain antennas, and what are called software defined radios, we can really increase the range that we can see that information can transmit to it.”
Through his testing, Kennedy was able to hook a Bluetooth sniffer to a drone and scan for devices up to 800 feet away.
Kennedy then contacted law enforcement and arranged for one of his colleagues to travel to Pima County, Arizona, to aid in the search for the 84-year-old.
Bluetooth communicates at around 2.4 gigahertz, the same as other wireless devices.
In a perfect world, with no obstructions and a clear line of sight, Kennedy believes the sniffer could detect a Bluetooth-enabled pacemaker up to 5,000 feet away.
But every obstacle — such as the pacemaker being inside Nancy, along with any possible walls behind which she is being held — shortens the effectiveness of the sniffer, Kennedy said.
“A Bluetooth low energy device only has about what’s called a 10 milliwatt transmit power, which is about a 30 to 35 foot radius. Now you might be wondering, how do you get 800 feet from that? Well, we’re not trying to communicate in a two-way relationship with that device,” he explained.
“What we’re trying to do is we’re trying to create a massive bubble of energy that is propagating our signal outward as far as we can so that we can hopefully hit that 30-35-foot bubble. It’s how far we can reach to actually hit those devices, which is why it allows you to get to that 800-foot radius,” Kennedy added.
The TrustedSec founder tested the sniffer by holding a Bluetooth device in his armpit to ensure it could reach — and is convinced it represents one of the best hopes of finding Nancy.
“What this sniffer does is it’s only looking for the physical address of Nancy. There are a million devices out there that use Bluetooth. We want to home in just on Nancy,” he told The Post.
“So it filters out all of the noise. If it gets close enough, it can do what’s called active scanning, where it tries to communicate with that device and then get more responses back from it.”
Kennedy said it was fortunate that Nancy’s pacemaker is a newer device that is paired with her phone.
“Because we know it’s paired to her phone, the device itself, when it’s not in range of her phone, will continuously reach out to try to see, ‘Hey, is that phone there? Can I connect to that phone?’
“So we know that this is 100% possible,” Kennedy said, adding that the sniffer is able to “unmask” Nancy’s device even if it is using a protection mechanism known as MAC address randomization, designed to hide the device’s physical address.
Using an identity-resolving key (IRK), the sniffer can unmask Nancy’s device and determine its specific address.
However, the process is not without its challenges.
“It’s going to take a little bit of luck. You have to be over the spot while transmitting to be able to identify it. Then you’re going to have to triangulate where that’s at,” he said.
In addition, if the pacemaker has been damaged, either deliberately or accidentally by Nancy’s kidnappers, that would also prevent the sniffer from working.
That’s why Kennedy’s latest project is an app to track Nancy’s Bluetooth device.
“I also created with one of my co-workers an iPhone app and an Android app. If we were able to get the physical address of the implantable device, we could literally turn that entire community or city into scanning devices,” he explained.
“Everybody could download the app, hit ‘Find Nancy,’ and if they got any hits, it would tell law enforcement the locations of those. We actually put that out as well,” Kennedy said.
“I could literally publish an app tomorrow that every single person could download on their phone, and you literally hit ‘Find Nancy,’ and it will scan in every geographic location where they’re at for that specific address and then tell the FBI, ‘Hey, there’s a hit here. You need to go here to start to triangulate where it’s happening,’” he said.
Nancy was reported missing on Feb. 1. Authorities have received between 40,000 and 50,000 leads in the mystifying case.