This page discusses the technical background information of BlueScout. It is intended for people with an IT background.


How does an alarm message look like? Alarm types

BlueScout offers two types of alarms:

  1. daily briefing by email
  2. realtime alarms via MQTT

Daily briefing

Each morning a daily briefing arrives in your inbox with the suspicious activity of the last 24 hours.

Below an example daily briefing is show. It contains several blocks. Each block shows the MAC address, the start and end time, brand and type (WLAN or Bluetooth)

  1. smartphones (or other electronic devices) that have been seen during the guard interval (night)
  2. smartphones (or other electronic devices) that are seen multiple days (scouting?)
  3. smartphones (or electronic devices) that are automatically blacklisted, such as on-site WiFi equipment, devices from people that live of work at this location. Those devices will be automatically removed from the blacklist if they are not received for a few weeks.
  4. downtime of the sensor. This section shows per hour interval which sensor has been offline.
daily briefing

Realtime alarms

Realtime alarms are sent via MQTT. MQTT is a protocol for publishing and retrieving sensor data. MQTT allows easy integration into third party dashboards. Also MQTT clients exists for most platforms (like Windows, Linux, Android, iOS)

On the right two example payloads are shown. The message has several fields:

  • project code: a numeric number indicating the project. Sensors are assigned to a project. A project is a location that is guarded by BlueScout. The portal supports having multiple locations/projects.
  • project name: a human readable name of the project, that can be set in the portal.
  • alarm type: there are several alarm types: guard time window, recurrence,  and sensor status.  If a sensor goes offline or online an alarm with type sensor status is generated. If a smartphone is detected within the guard time interval (e.g. night), an alarm with guard time window is generated. The recurrence alarm type is used when smartphones are seen multiple days.
  • data: the payload of the message
  • zone code: a numeric number indicating the zone. One or more sensors are attached to a zone, for instance the zone “garden”.
  • zone name: a human readable name of the zone, that can be set in the portal.
  • timestamp: the time stamp of detection in epoch time.
  • time: the time of detection in human readable format.
  • mac: the mac address of the detected smartphone. Of this is not available, the fingerprint is used instead.
  • brand: the brand of the detected devices
  • rssi: the signal strength of the detected smartphone in dBm. Devices far away have a lower RSSI value (e.g. -90) compared to smartphones close to the sensor (e.g. – 50)

big data Intelligent processing

Wi-Fi/Bluetooth analytics

Recent years two challenges have emerged in processing of collected signals a) random MAC addresses; smartphones like iOS devices often don’t use their real MAC address, but a temporarily (random) one instead. abundance of Wi-Fi/Bluetooth equipment; b) almost all consumer equipment has a Wi-Fi/Bluetooth radio, transmitting signals. Our intelligent processing solves these challenges:


In case a device doesn’t use its real MAC address, recognition of a device is based on auxiliary data, describing the hardware capabilities of that device (supported Wi-Fi substandards, radio capabilities (antennas, transmit power etc). This process is called fingerprinting. Each phone model has its own fingerprint.

Multi-layer blacklisting

Due to the abundance of equipment that transmit Wi-Fi/Bluetooth signals, most detected devices are from equipment installed in the house or from people living/working there. A multi-layer approach is implemented to filter away those signals effectively: automatic blacklisting of devices that are seen too often or too long, blacklisting of vendor equipment, discarding weak signals, identifying real and random MAC addresses and process them accordingly.


Components of BlueScout Product offering


Each customer will receive pre-configured sensors, that only need to be connected to power and internet. Sensors are based on GL.iNet openWRT routers. If a sensor is not needed anymore, the original firmware can be flashed and the device can be used as normal (travel) router.



Price model

The price model consists of buying the sensor and a monthly fee. Typically the sensor will cost around € 100 and the monthly fee will be around € 20 per sensor. There is a price tier for larger quantities.


For every customer, a new portal (docker stack) is created, running in the BlueMark cloud, that can be accessed under Here, the customer can configure the alarms.





It is possible to run the firmware on other openWRT devices and/or run the portal on your own server to meet your requirements. Also the product can be offered as a white label product.