Thieves Are Using Bluetooth to Target Vehicle Break-Ins


Thieves Are Using Bluetooth to Target Vehicle Break-Ins

OutsideOnLine dot com
Dec 9, 2019
Wes Siler

My friend Joe had his MacBook and iPad stolen from the back of a locked car over Thanksgiving. So far, so normal, right? Well, the thieves only broke the small window immediately adjacent to where his devices were hidden and only took the backpack containing them. Police told him it was likely they’d used a Bluetooth scanner to target his car and even located exactly where his devices were before breaking into it.

When he texted me about what happened, I turned to Google to see what a Bluetooth scanner was and immediately found dozens of smartphone apps. The first one I downloaded didn’t just show me the signal strengths it detected, it also listed the specific types of devices and even displayed pictures of them—you know, for easy identification. Using signal strength as a distance meter, I found the phone my fiancée misplaced before she went to work. Another app displayed a live list of the devices commuters had in their cars while driving past my house. These apps are free and take no technical know-how or experience whatsoever to use. While they aren’t designed specifically to aid thieves (developers need tools like these when designing Bluetooth accessories), it’d be hard to imagine a more powerful asset for criminals.

Bluetooth is a wireless transmission standard that a whole host of devices use to transmit data over short distances. It’s what your phone uses to pair with your car stereo and what your AirPods use to connect with your phone. These days all manner of devices use it, including tablets, laptops, cameras, speakers, and phones—basically, most things a thief may want to steal, except for your keys and cold hard cash. (Although if you use a Tile or similar locater dongle on your key chain or in your wallet, then those are discoverable using a Bluetooth scanner, too.) No pairing or security protocols are necessary; the scanners simply locate the signal a device emits and then evaluate its strength and frequency. Comparing that data against a database, they’re able to identify exact devices using a digital fingerprint.

This isn’t just some crazy theory Joe and I have. California, where he was visiting when his car was broken into, is currently experiencing an epidemic of vehicle break-ins, and police there report that thieves are using the technology.

“There are some people, auto burglars, who actually detect that signal and target your car for that,” a San Jose Police Department representative told CBS. San Francisco saw a 24 percent increase in vehicle break-ins between 2016 and 2017, and while 2018 saw a slight decrease, 2019 is on track to be a record year.

This vulnerability has the potential to impact people outside of major cities, too. Where I live in southwest Montana, local web communities around various outdoor activities often light up with reports of vehicle break-ins at popular trailheads. So far those break-ins seem to follow the usual pattern: smash-and-grabs targeting purses, wallets, or anything of value that might turn up. They’re random acts with relatively low payoffs, but an ability to see exactly what your vehicle may be hiding, and calculating that value ahead of time, could encourage thieves to work harder to get into the more inaccessible areas of your vehicle when they know the reward for committing the crime. And because seeing what you’re hiding only requires a smartphone app, those thieves have the ability to do their sleuthing undetected. One more person staring at their phone in a parking area isn’t going to stand out.

So what can you do to keep your stuff safe? Putting a device in airplane mode or entirely powering it off will both work, according to a report in Popular Mechanics. Some devices may still emit trace Bluetooth signals while sleeping, so closing the lid on your laptop isn’t enough. For additional protection, you can place those devices in a Faraday fabric sleeve or wrap them in a blanket made from the same material. Of course, the safest method remains the same as it always has: treat this as yet another reminder that you shouldn’t leave valuables in your car at the trailhead or anywhere else.

Here for a while had a sticky bluetooth automobile car module.  The phone would remain connected to the automobile after it was off and it did drain the battery when the vehicle was new. (3 batteries in fact). I rewired the phone cradle to power off the charging cable when automobile was off and shut off the phone now a days.
Once they understand how to crack the vehicle locking signals we can stop needing the windows replaced.

Sent using Tapatalk
vehicle locking signals
Those already exist.  Easy as sniffing your FOB when you use it and replicating the RF signals to your automobile.
I would hope those would be implemented more securely than GDO systems with their 'rolling code' concept that any third party keyfob can lock onto using a prearranged code sequence table.

I am beginning to think 85% of digital security is a farce.

Sent using Tapatalk
LarrylLix said:
I would hope those would be implemented more securely than GDO systems with their 'rolling code' concept that any third party keyfob can lock onto using a prearranged code sequence table. I am beginning to think 85% of digital security is a farce. Sent using Tapatalk
Most DO use this technology, so they can't just "copy" the signal.  The best they can do is amplify the signal from your FOB in the house, and hope it works.
Motor vehicles thefts were 80K per year in 2004, in 2018 it was 40K.  Certainly stealing new cars with newer technology is getting harder, but there are still so many older cars out there. 
Most DO use this technology, so they can't just "copy" the signal.  The best they can do is amplify the signal from your FOB in the house, and hope it works.
My neighbor purchased one that grabbed my FOB signal (BMW) and was able to utilize it across the street in our court.  This was around 6 years ago.
My Christmas lights have Bluetooth. The app they give you almost never can connect to them, so I only can hope a hacker will connect and make a pretty light pattern.
The codes are stated to be "rolling" but the sequence is well documented and most manufacturers know it and use the same sequence. This makes the "rolling" aspect a joke, and only keeps out the uneducated hackers.
Also, to allow for a second or third FOB to keep enabled, the receiver allows the last (aprox) few dozen codes to be used so away FOBs do not need to be reprogrammed while the code rolls, from the ones being used.
One of the low tech techniques I saw published, was to listen to the user's transmission, while jamming also jamming it. When the next code is used, memorise it, and repeat the first transmission so the user thinks it actually worked. The user retried transmission, is now the next code enabled and the hacker simply has to replay it. No digital hacking or knowledge required.
Thinking now a days that car thieves are very technologically updated and do custom automobile pick ups.
Many late model vehicles now have tracking devices built in and the thieves know this per model of car and will disable it first thing.
A couple of years ago here some thieves broke in to a car dealers show room at 3AM and took all of the show room cars and keys en masse.
My brother in law would leave his company car in the driveway.  One night his neighbors woke him / sister up in the middle of the morning (3 AM) that a flat bed truck had just picked up his company car (in about 5 minutes or so) and had left.
There was some group, a few years back, that discovered how to hack the computer system in Dodge?  vehicles. From a basement computer they connected to an aware volunteer's vehicle computer, and did things like constantly turn his windshield wipers on, wash hi windshield and blast his radio. The driver finally headed for the ditch, feeling he lost control of the vehicle.
They reported they could have turned his radio on full blast, flashed dash lighting, washed his windows, and disabled his braking system, simultaneously but felt it would be too dangerous to prove while on the highway at high speeds.
They indicated their mission was not to develop hacking control over vehicles but make a point to legal bodies that the CPUs had to be on separate busses and not communicate. These days, a CPU is likely the cheapest chip available.