The devices meant to make police accountable just became a security liability. A Bluetooth vulnerability in Axon tasers and body-worn cameras means officers can be tracked in real-time through their own equipment.

Researchers in Australia discovered the flaw while analyzing law enforcement equipment for a privacy audit. Axon devices - used by police departments worldwide - broadcast Bluetooth signals with predictable, non-randomized identifiers.

That means anyone with a $30 Bluetooth scanner and basic technical knowledge can identify which devices belong to officers, track their locations, and potentially predict patrol patterns.

The problem is the MAC address. Most modern Bluetooth devices use randomized addresses to prevent tracking. Axon equipment uses static addresses that don't change. Once you map a device ID to an officer, you can track that officer indefinitely.

The researchers built a proof-of-concept using a Raspberry Pi and open-source scanning software. Within hours of deployment in a Melbourne shopping district, they'd identified 47 unique Axon devices and tracked individual officers across a 2km radius.

Worse: the devices broadcast whether they're actively recording. An attacker can tell if a body camera is on or off before making a move.

This exposes the fundamental tension between surveillance for accountability and operational security. Body cameras were introduced to document police interactions. But the same connectivity that enables remote uploads also creates attack vectors.

Axon has known about the issue since late 2025, when the researchers privately disclosed their findings. The company's response has been tepid. They've released a firmware update that partially randomizes addresses but maintains enough static identifiers for existing tracking methods to work with minor modifications.

A full fix would require hardware changes - new Bluetooth chips with proper privacy protections. That's expensive. It means replacing millions of dollars of deployed equipment. So Axon is offering the firmware patch and calling it sufficient.

Law enforcement agencies are in a bind. They can't easily switch vendors - Axon has 80%+ market share, and alternative systems don't integrate with existing infrastructure. They can disable Bluetooth, but that breaks cloud syncing and remote management features they've come to depend on.

The broader issue is the Internet of Things security problem writ large. Devices get deployed with minimal security review because they "just work." Vulnerabilities are discovered years later. Fixes are slow or nonexistent. Users are stuck with compromised equipment.

For police officers, this is more than theoretical. Criminals with technical sophistication - organized crime, cartels, sophisticated gangs - could use this to identify undercover officers, track detectives, or plan ambushes.

For civil liberties advocates, it's a different concern: if criminals can track cops, so can activists, protesters, and journalists. The surveillance cuts both ways.

Axon's statement emphasized that "there have been no known exploitations of this vulnerability in the wild." That's the standard corporate response. It's also irrelevant. Security isn't about what's been exploited, it's about what's exploitable.

The fix is straightforward: implement proper Bluetooth privacy standards, use randomized MAC addresses, and require authenticated pairing for device identification. This is solved technology. Apple and Google figured it out years ago.

The question is whether Axon prioritizes security over cost savings. Based on their response so far, the answer seems clear.

The devices are supposed to protect officers and civilians. Right now, they're doing neither very well.