AirTags: The New Go-to Tool for Cops

After a viral TikTok trend spurred tens of thousands of car thefts this summer, cops in Washington, DC, started realizing that it was much easier to recover stolen vehicles that could be tracked with Apple AirTags.

Because of this, the Metropolitan Police Department (MPD) rolled out a pilot program this week, doling out free tracking devices to residents in DC areas where cops are seeing "the greatest increase in vehicle theft," according to a press release from the office of DC Mayor Muriel Bowser. more

The Biggest Spies are Now Hiding in Your Car

Cars have undergone a major transformation in recent years.

Traditional models are slowly being replaced by new-age, technology-packed vehicles. Telematics and infotainment that provide convenience, entertainment and security are a driving force behind this revolution.

But they are also turning modern vehicles into one of the biggest threats to personal privacy...

An infotainment system is a collection of hardware and software in automobiles that provides vehicle status information, as well as audio or video entertainment...

In doing so, day after day, these systems generate torrents of data (around 25 gigabytes per hour), a portion of which is transmitted to the manufacturer as well as stored on your car’s storage device. The amount of data recorded is truly impressive and disconcerting, and includes various technical vehicle parameters, GPS location, favorite destinations, speed and so on. 

Once a user connects their smartphone to the console via USB (or wirelessly), the amount of data shared with the car increases even further. By pairing up with the device, the infotainment system downloads (and saves) even more data, adding to its database information that previously existed only on your smartphone. This includes your favorite music, apps, social media, emails, SMS history, voice data and more.

Used cars are even worse. Their data logs contain records of every phone ever connected to them, making them a veritable treasure trove for savvy hackers and government agencies alike. more

Wireless Tech to Steal Luxury Cars in Seconds

As they both walked through a dimly lit parking garage, one of the pair of men peered at a black, laptop-sized device inside his messenger bag. Using buttons on its outer case, he flicked through various options on the device's bright LED screen before landing on his choice....

"EvanConnect," one of the men in the video who goes by a pseudonym online, embodies a bridge between digital and physical crime. These devices he sells for thousands of dollars let other people break into and steal high end vehicles. He claims to have had clients in the U.S., UK, Australia, and a number of South American and European countries.

"Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people." more

Tesla Mod Creates a Mobile Surveillance Station - Possible Bad News for PIs on Surveillance

At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras—the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features—into a system that spots, tracks, and stores license plates and faces over time.

The tool uses open source image recognition software to automatically put an alert on the Tesla's display and the user's phone if it repeatedly sees the same license plate. When the car is parked, it can track nearby faces to see which ones repeatedly appear.

Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver's nearby home. more

Q: "You'll be using this Aston Martin DB5."

James Bond: Ejector seat? You must be joking.

Q: I never joke about my work 007.

If Goldfinger’s henchman Oddjob is coming after you, Aston Martin has just the car you need. It will cost a lot, though.

Ten months ago Aston Martin announced it would build a limited number of 1964 Aston Martin DB5s, just like the one Sean Connery, as James Bond, first drove in the movie “Goldfinger.” Twenty-five of these cars will be sold at a price of £2.75 million, or about $3.5 million. Each car will include a host of dangerous-sounding options, just like the one in the movie, Aston Martin said.

Aston Martin has finally announced what some of those gadgets will be. The cars will have, among other things, rotating license plates that can show three different tags and replica machine guns that poke out from behind the turn signals. Other clever features will include a “smoke screen” device to hide the car from pursuers and... more

Just Like Your Phone - Your Car is Spying on You

If you’re driving a late model car or truck, chances are that the vehicle is mostly computers on wheels, collecting and wirelessly transmitting vast quantities of data to the car manufacturer not just on vehicle performance but personal information, too, such as your weight, the restaurants you visit, your music tastes and places you go.

A car can generate about 25 gigabytes of data every hour and as much as 4,000 gigabytes a day, according to some estimates. The data trove in the hands of car makers could be worth as much as $750 billion by 2030, the consulting firm McKinsey has estimated. But consumer groups, aftermarket repair shops and privacy advocates say the data belongs to the car’s owners and the information should be subject to data privacy laws.

Yet Congress has yet to pass comprehensive federal data privacy legislation. more

Spybusters Tip #847: Stop Car Theft via Key Fob Signal Intercept

By simply wrapping your key FOB in aluminum foil you can prevent a thief from intercepting the signal. 

If you park your car outside at home then you might consider using a foil-lined container or placing your keys in a coffee can.

I’m going to start wrapping mine in aluminum foil when I travel and stay in a hotel. If you doubt that this issue is a serious threat then watch How Thieves Unlock A Car. more

A big thank you to our Blue Blaze Irregular ensconced in Illinois for alerting us to this tip. ~Kevin

Fob-U-Less Auto Theft on the Rise ...and a solution!

As predicted in 2011, and documented in previous Security Scrapbook posts, it is time to remember where to keep your car key fob overnight... in a closed tin (cost $0.93). ~Kevin

CA - Auto theft on the rise in Toronto area, and a security expert thinks he knows why...
According to Markham automotive security specialist Jeff Bates, owner of Lockdown Security, wireless key fobs have a role to play in many recent car thefts, with thieves intercepting and rerouting their signals — even from inside homes — to open and steal cars.

...many of these thieves are using a method called "relay theft."

Key fobs are constantly broadcasting a signal that communicates with a specific vehicle, he said, and when it comes into a close enough range, the vehicle will open and start.

"The way that the thieves are getting around this is they're essentially amplifying that low power signal coming off of the push start fob," he said.

"They will prey upon the general consensus that most people are leaving their key fobs close to the front door of their home and the vehicle will be in the driveway."

The thief will bring a device close to the home's door, close to where most keys are sitting, to boost the fob's signal.

They leave another device near the vehicle, which receives the signal and opens the car.

Many people don't realize it, Bates said, but the thieves don't need the fob in the car to drive it away. more

Many thanks to our Canadian Blue Blaze Irregular (WM) for this latest alert!

No Matter Where You Go, There You Are

Global automakers are feeding real-time location information and dozens of other data points from electric vehicles to Chinese government monitoring centers, potentially adding to China’s rich kit of surveillance tools as President Xi Jinping steps up the use of technology to track Chinese citizens.

Generally, it happens without car owners’ knowledge, The Associated Press found.

More than 200 automakers selling electric vehicles in China — including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed start-up NIO — send at least 61 data points to government-backed monitoring platforms, under rules published in 2016. Automakers say they are merely complying with local laws, which apply only to alternative energy vehicles. more

Richard Simmons: P.I. Who Allegedly Planted Bugging Device Charged

The private investigator who allegedly planted a tracking device on Richard Simmons' car has been charged with a crime.

Scott Brian Matthews was charged with 2 counts of the crime of unlawfully using a tracking device.

Prosecutors say Matthews planted the device on the car Richard bought for his housekeeper, Teresa Reveles. They say he planted it so he could shadow Simmons and see if he was going to doctors or hospitals. more

PI Sued for Planting Tracking Device... on a politician's pick-up truck.

An Oklahoma lawmaker who found a tracking device attached to his pickup truck last month is suing a private investigation company and an investigator who works for the company over the device.

Click to enlarge.

 Discovery of the tracking device has shocked Oklahoma politicians, who are wondering who was spying.

Rep. Mark McBride, a Republican from the Oklahoma City suburb of Moore, is suing Eastridge Investigations and Asset Protection and Eastridge investigator H.L. Christensen for unspecified damages of more than $10,000, according to an attorney for Eastridge. more

Electronic Eavesdropping Confirmed: CEO's Car Was Bugged During Takeover Talks

The head of Stada, the German drugmaker at the centre of a takeover battle, confirmed his car had been bugged last year but reassured investors that the company had not suffered as a result. "I have no reason to assume that any confidential business information went into the wrong hands," Chief Executive Matthias Wiedenfels told a news conference on Wednesday after the group announced annual financial results.

The disclosure comes at a sensitive time as Stada is the subject of a 4.7 billion euro ($5.1 billion) takeover fight between two rival private equity consortia. It was not clear who was responsible for the bugging and no suggestion that it was connected to the takeover battle.

Germany's Manager Magazin reported last week that Wiedenfels found a listening device in his car and that he was also anonymously sent photographs taken of him in confidential business situations and outside of the office.  more

Did you expect him to say, "Oh yes, confidential business information went into the wrong hands. The company has suffered as a result."

When was the last time you checked? Check here.

Even Your Car is Spying on You

You may not know this, but your car is collecting lots of information about your driving habits and history.
Who has access to this data and for what purpose? We speak with Lauren Smith, policy counsel at The Future of Privacy Forum. audio download

McTesla Might be a Good Name

A Chinese company is currently working on an electric supercar to compete directly with the likes of Tesla.

The company, which is called Windbooster Motors, has its sights set on Tesla, the biggest name in the electric car segment. While not much is known about the car they are producing, we have been sent two spy shots of the car as it undergoes development.

From what we can tell, the car appears to be fairly far along in the development process.

Styling wise, the car seems to take a lot of cues from the current crop of cars from McLaren as well as Tesla. (Just coincidence? You decide.) more

The Spy Car You May Not Want

If, while driving, you were also chowing down food, yakking on your phone or getting distracted by the Labrador retriever, would your insurance company know?

A patent issued in August to Allstate mentions using sensors and cameras to record “potential sources of driver distraction within the vehicle (e.g. pets, phone usage, unsecured objects in vehicle).” It also mentions gathering information on the number and types of passengers — whether adults, children or teenagers.

And the insurer, based in suburban Chicago, isn’t just interested in the motoring habits of its own policyholders... more

SPY Act - Senate Bill To Lock Hackers Out Of Connected Cars

As reporter Andy Greenberg recently detailed in Wired, hackers were able to remotely disable a Jeep while he was driving it. In a country where car ownership and the freedom of the open road are closely tied to individual and national identity, losing control over any vehicle you're driving is a nightmarish scenario.

Connecting more devices and vehicles to the Internet has immense economic potential but carries both security and privacy risks. The number of ways cars and trucks can be hacked has grown quickly, as automakers roll out new vehicles more screens and navigation, entertainment and communications systems in response to consumer demand.

Concern about the lack of security in vehicles led Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) to introduce on Tuesday the Security and Privacy in Your Car Act, or the "SPY Act," which would require automobile manufacturers to build IT security standards into connected cars. more

U.S. Spies on Millions of Cars

DEA Uses License-Plate Readers to Build Database for Federal, Local Authorities

The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists, according to current and former officials and government documents.

The primary goal of the license-plate tracking program, run by the Drug Enforcement Administration, is to seize cars, cash and other assets to combat drug trafficking, according to one government document. But the database’s use has expanded to hunt for vehicles associated with numerous other potential crimes, from kidnappings to killings to rape suspects, say people familiar with the matter.
(more)

2 Million Cars Open to Hackers - "Say it ain't so, Flo."

An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.

US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008... According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.


The "Internet of automobiles" may hold promise, but it comes with risks, too."Anything on the bus can talk to anything [else] on the bus," Thuen was quoted as saying in an article from Dark Reading. "You could do a cellular man-in-the-middle attack" assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.
(more)

UK - Former Deputy Prime Minister Finds Car Bugged

UK - John Prescott has turned detective after finding his Jaguar had been bugged.

The former Deputy Prime Minister discovered the device hidden in his car when he took it to a garage because it had problems starting.

Mechanics found a tracker concealed under the driver’s seat that was hooked up to the car battery, draining its power.

The sophisticated device uses mobile phone technology and is capable of reporting the Jag’s movements at all times. It also has an inbuilt microphone enabling it to pick up conversations.

And the 6 inch-square black box is even capable of immobilising the car if instructed to by mobile phone.

Lord Prescott told the Sunday Mirror: “I’ve been told that whoever knows the SIM card that goes with the tracker can send out a signal and stop the engine...

"This type of surveillance breaches our right to privacy – I’ve had my mobile hacked, my phone tapped, and now someone might have been tracking my car.”

But insisting he was calm about the find he joked: “I can only hope whoever listened to my conversations installed an automatic bleeper too.”
(more)

Best guess from here... Installed by the car dealership, or previous owner, to thwart late payments or theft.

FutureWatch - Carhacking

As high-tech features like adaptive cruise control, automatic braking and automatic parallel parking systems make cars smarter, it's also making them more vulnerable to hackers – a risk that an automotive security researcher says carmakers appear to be ignoring.

"There's no culture of security," said Chris Valasek, director of vehicle security research at the computer security consulting firm IOActive, in a keynote speech at the SecTor IT security conference in Toronto this week....

In recent years, security researchers at the University of Washington showed they could hack a car and start it either via the systems used for emissions testing or remotely using things like Bluetooth wireless connectivity or cellular radio to start the car.
Read more about the study

Others showed they could hack a car remotely via a cellular-based car alarm system to unlock the doors and start the engine.

Valasek himself and his research partner Charlie Miller, a security engineer at Twitter, have been starting to experiment with remote attacks after demonstrating that a laptop inside the car can be used to disable brakes and power steering and confuse GPS and speedometers.

Hackers hijack car computers and take the wheel (more)