NoPeek: Detecting smart glasses and VR headsets via immutable BLE manufacturer company IDs — open source Android tool
NoPeek is an open-source Android tool designed to detect smart glasses and VR headsets nearby by scanning immutable Bluetooth Low Energy (BLE) manufacturer company IDs. These company IDs are embedded in every BLE advertisement frame and cannot be randomized or hidden, unlike MAC addresses. The tool uses a three-layer detection approach: primary detection via BLE manufacturer IDs, secondary confirmation via device name keywords, and a low-confidence fallback using MAC OUI prefixes. It targets devices such as Meta Ray-Ban glasses, Snap Spectacles, Meta Quest VR, Apple Vision Pro, and others. NoPeek operates locally on the device without internet connectivity, preserving user privacy. Detection is probabilistic and limited to devices broadcasting BLE signals when powered on. The tool is intended as a privacy awareness aid rather than a comprehensive security solution.
AI Analysis
Technical Summary
NoPeek detects camera-capable smart glasses and VR headsets by leveraging the immutable BLE manufacturer company IDs broadcast in advertisement frames. It overcomes the unreliability of MAC address randomization by focusing on these fixed identifiers assigned by Bluetooth SIG. The detection system includes three layers: primary matching of BLE company IDs unique to manufacturers like Luxottica (Ray-Ban), Snapchat, Meta, and others; secondary device name keyword matching during pairing or power-on; and tertiary MAC OUI prefix matching as a low-confidence fallback. False positives are minimized, for example, by requiring both Apple's company ID and the device name "Vision Pro" to flag Apple devices. The tool estimates device proximity using RSSI thresholds and runs silently in the background on Android 8.0+ devices. It is open source under the MIT license and does not transmit data externally.
Potential Impact
NoPeek itself is not a vulnerability or exploit but a detection tool that enhances user privacy awareness by identifying nearby camera-capable BLE devices that could record without consent. It does not introduce a security risk or exploit a vulnerability. Instead, it helps users detect potential privacy threats from smart glasses and VR headsets broadcasting BLE signals. Detection is probabilistic and limited to devices actively broadcasting BLE. There are no known exploits or attacks associated with NoPeek, and it does not affect device security or operation.
Mitigation Recommendations
NoPeek is a privacy detection tool and does not require patching or remediation. Users interested in detecting nearby smart glasses and VR headsets can deploy NoPeek to gain awareness of such devices. Since it is an open-source Android application, users should obtain it from the official GitHub repository and review the source code for trustworthiness. No vendor advisory or patch is applicable. No action is required to mitigate a vulnerability because none exists in this context.
NoPeek: Detecting smart glasses and VR headsets via immutable BLE manufacturer company IDs — open source Android tool
Description
NoPeek is an open-source Android tool designed to detect smart glasses and VR headsets nearby by scanning immutable Bluetooth Low Energy (BLE) manufacturer company IDs. These company IDs are embedded in every BLE advertisement frame and cannot be randomized or hidden, unlike MAC addresses. The tool uses a three-layer detection approach: primary detection via BLE manufacturer IDs, secondary confirmation via device name keywords, and a low-confidence fallback using MAC OUI prefixes. It targets devices such as Meta Ray-Ban glasses, Snap Spectacles, Meta Quest VR, Apple Vision Pro, and others. NoPeek operates locally on the device without internet connectivity, preserving user privacy. Detection is probabilistic and limited to devices broadcasting BLE signals when powered on. The tool is intended as a privacy awareness aid rather than a comprehensive security solution.
Reddit Discussion
TL;DR: Built an Android app that detects Meta Ray-Ban glasses,
Snap Spectacles, VR headsets and other camera-capable devices
using BLE manufacturer company IDs — which are immutable and
cannot be randomized unlike MAC addresses.
---
**The technical problem**
MAC address randomization has made passive BLE device fingerprinting
unreliable. However, the manufacturer company ID embedded in every
BLE ADV frame (bytes 0-1 of the Manufacturer Specific Data field)
is assigned by the Bluetooth SIG and is immutable — it cannot be
rotated or hidden.
This means even with MAC randomization active, devices still
broadcast their manufacturer identity on every advertisement.
**Detection method**
NoPeek uses a 3-layer detection system:
Layer 1 — BLE Manufacturer Company ID (primary)
Matches against Bluetooth SIG assigned company IDs:
- 0x0D53 — Luxottica (Ray-Ban manufacturer) — unique to Ray-Ban
- 0x03C2 — Snapchat Inc — unique to Spectacles
- 0x01AB — Meta Platforms Inc
- 0x058E — Meta Platforms Technologies
- 0x0BA7 — Pico Technology
- 0x00E0 — HTC Corporation
- 0x07D7 — TCL Communication
Layer 2 — Device name keyword matching
Only reliable during pairing/power-on. Used as confirmation.
Layer 3 — MAC OUI prefix
Low confidence fallback only — randomized on modern devices.
**False positive prevention**
Apple's 0x004C is broadcast by ALL Apple devices. NoPeek requires
BOTH the company ID AND device name "Vision Pro" before flagging
— preventing iPhones from triggering alerts.
**RSSI threshold**
Default -75 dBm per research by Nearby Glasses project
(~10-15m outdoors, 3-10m indoors). User configurable.
**Limitations**
- Devices only broadcast BLE when powered on
- Some devices may disable BLE broadcasting in certain modes
- Detection is probabilistic, not guaranteed
GitHub: https://github.com/getnopeek/nopeek-android
Built with Kotlin. MIT license. Contributions welcome especially
additional company IDs and false positive reports.
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
NoPeek detects camera-capable smart glasses and VR headsets by leveraging the immutable BLE manufacturer company IDs broadcast in advertisement frames. It overcomes the unreliability of MAC address randomization by focusing on these fixed identifiers assigned by Bluetooth SIG. The detection system includes three layers: primary matching of BLE company IDs unique to manufacturers like Luxottica (Ray-Ban), Snapchat, Meta, and others; secondary device name keyword matching during pairing or power-on; and tertiary MAC OUI prefix matching as a low-confidence fallback. False positives are minimized, for example, by requiring both Apple's company ID and the device name "Vision Pro" to flag Apple devices. The tool estimates device proximity using RSSI thresholds and runs silently in the background on Android 8.0+ devices. It is open source under the MIT license and does not transmit data externally.
Potential Impact
NoPeek itself is not a vulnerability or exploit but a detection tool that enhances user privacy awareness by identifying nearby camera-capable BLE devices that could record without consent. It does not introduce a security risk or exploit a vulnerability. Instead, it helps users detect potential privacy threats from smart glasses and VR headsets broadcasting BLE signals. Detection is probabilistic and limited to devices actively broadcasting BLE. There are no known exploits or attacks associated with NoPeek, and it does not affect device security or operation.
Mitigation Recommendations
NoPeek is a privacy detection tool and does not require patching or remediation. Users interested in detecting nearby smart glasses and VR headsets can deploy NoPeek to gain awareness of such devices. Since it is an open-source Android application, users should obtain it from the official GitHub repository and review the source code for trustworthiness. No vendor advisory or patch is applicable. No action is required to mitigate a vulnerability because none exists in this context.
Technical Details
- Source Type
- Subreddit
- blueteamsec+AskNetsec+Information_Security
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":30,"reasons":["external_link","newsworthy_keywords:rce","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a14c530a5ae1af1aaef57d9
Added to database: 5/25/2026, 9:54:56 PM
Last enriched: 5/25/2026, 9:55:04 PM
Last updated: 5/26/2026, 4:05:02 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.