JFYI: These devices are also installed on cars before it arrives at the dealer or by the dealer itself, but not necessarily by the manufacturer. Rumors are that it is installed by larger dealer groups and is obscured or just failed to be disclosed to the end dealer. Either as part of their LoJak(?) sales upsell or tracking for insurance purposes.
It's usually plugged into your OBD port. If your car has API features, some EV owners have graphed their electricity usage and shown drain/spikes at intervals and led them to find these devices. The consumption from the 12v battery causes the larger EV battery to charge the 12v battery, showing these charging/discharge spikes. There's also sometimes a sticker next to your tire pressure label on the driver's side door mentioning the installation of such a device.
If you're going to try and track this stuff for real, keep in mind most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move.
Also that some devices log data locally and require manual pickup + review to avoid detection. Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
Since I'm not seeing any other references, here's a timestamp for a YouTube video where an ex-undercover op is interviewed and such thing is mentioned:
How FBI Undercover Agents Actually Work | Authorized Account | Insider https://youtu.be/h6au3ppTm7g?t=1123
> most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move
I've been working with (non-covert!) tracker devices for a project, and use exactly this approach, when stationary the tracker goes into low-power mode and sends position once every 12 hours to preserve battery life. When motion is detected, we send regular updates.
If low cost is the goal, consider a voltage measurement device. ICE engines have electrical systems that run ear 13V when the engine is on, and ~12.5-12.8V when the engine is off
Using the GPS signal to detect motion is the most power-expensive path though.
The cheapest in terms of power consumption is a simple Accelerometer/Gyroscope component.
The difference can be months or even years in longer battery runtime compared to GPS.
Put it in an RF chamber and keep another GPS receiver outside the chamber some distance away to make sure it doesn't lose lock on the real satellites. That's your leakage canary.
We had one of those in an underground parking garage for autonomous vehicle testing at a previous job, but it was a naturally really well shielded room, and it was just repeating surface signals so no one would complain.
Sleeping the CPU until you get an interrupt from an IMU or simple motion detector is a common way to do this. It's not about being stealthy so much as extending battery life.
Hey this is my industry! Teltonika is a major player in the IoT tracking space. They have features designed specifically to handle this situation. I’m told that GPS jamming and radio pinpointing techniques are used to steal vehicles with these kinds of telematics devices installed, especially in Africa
It'd be cheaper to buy an RTL-SDR and an LTE antenna than this tinySA. I'm not convinced that a layman would have enough practical experience with radio's to detect these signals though. The bands used for IoT aren't exclusively used for IoT either - they'll contain "normal" LTE signals too.
They also used to monitor MAC addresses from various wifi access points, the MAC addresses of your computer don’t change. But now I think the vendors started fixing that.
I think per-AP randomisation of wifi mac has been the default on any mobile device I've checked in the past five years at least. Haven't examined bluetooth as closely.
It's been the norm on mobile devices for a while. It isn't as normal on desktop but I think most OSes do it nowadays, it might need to be enabled though.
Wait, why on earth are these wireless? Apparently they're battery powered too??
What possible reason is there for them not to just be plugged into the car's power and computer? I'm sure there is a reason, but it never once occurred to me that that would be the case. What a strange system.
>What possible reason is there for them not to just be plugged into the car's power and computer?
The part where they are a sensor in a wheel and therefore have constant turning. Are you interested in engineering a system that can cheaply and reliably provide power and signal through a constantly and one direction turning joint? That's not a trivial problem, and most solutions are things like contact brushes on a turning bearing surface which would instantly foul in a tire and brake dust filled environment or a sealed puck of mercury channels that nobody wants to install on every single car in the world.
There are two ways tire pressure monitoring is done. The normal way is to piggy back on the tone wheels that ABS uses to monitor wheel rotation speed, as a flat tire has less circumference and therefore rotates faster. This has the down side that you need to "calibrate" it and people suck at doing that, it can't tell you raw pressure values at all, and for a while it wasn't normal for cars to have 4 independent ABS tone wheels so you couldn't always pinpoint which tire was flat. This method has no consumable parts, has no batteries, and sends no radio signals so is not trackable.
The other method is putting a battery powered pressure sensor and radio in the valve stem of each wheel. This method is retrofittable, will always give you raw pressure values and doesn't need any calibration (but does need pairing). However, the parts are more expensive, they are somewhat consumable and make tire changes more expensive and time consuming, and are constantly sending trackable signals that can be automatically dragnet surveilled. Don't buy this method.
I believe the tires themselves have RFID chips in them. There are some various RFID readers embedded in highways and roads that quietly track all tires that go over them.
Way back in the day (2010), I worked for a company using Bluetooth scanners to measure traffic speeds. We could get about a 500' range with custom hardware.
The real fun part at the time was that every Bluetooth device pretty much was always in pairing mode, and that MACs didn't rotate...
Eventually those both happened, but in ways beyond my comprehension (I worked on the software side), the hardware guys could still pick up the signals to track cars.
BLE transmissions go much further last time I experimented with them [0]. However the problem of anonymity comes into play since they frequently generate new MAC addresses.
If you’re referring specifically to cars, you might be right: I’m not sure if they implement the MAC randomization most consumer products do, most of my testing was on those
Simply putting a fake plate would bypass that. Truckers usually have a pulley system on their plates to avoid tolls, so maybe more normal drivers will implement such a system or find a way to create something that messes up their camera OCR.
That would probably flag you immediately for a plate that doesn't match the car, a plate that does match but seen in two places that would be impossible to travel in that time.
That event would go in the same bucket as the other ten million alerts where the system got confused between visually near identical models or some de-badged sports car.
The fact of the matter is that the powers that be can't overtly use the dragnet in the way that the "how dare someone skip a $2 toll" and "muh two ton death machine" crowds would like to see because the other 99.5% of the public will be all "hey WTF" and politicians will pass laws to pander to those people. The dragnet operating powers that be would rather retain the ability to use the dragnet unfettered even in bad ways so they normally reserve its use for "serious" things.
I noticed that in Abrego Garcia's recent indictment they were able to figure out he was in 2022 based on ALPR pulls that showed he was actually putzing around Texas. My understanding was most ALPRs were being stored for no more than 30 days but apparently that isn't the case, since it appears they did not start to build the trafficking case until this year.
There's networks of these things, so you can't trust what is said. The host agency may keep for 30 days, but exchange data with third parties, through organizations like NLETS, private collaborations and informal exchange. I'd assume with NLETS searches that the Feds have an overwatch capability and spy on the spies so to speak.
This stuff started with "drug corridors". Police and Feds can and do track vehicles on the I-95 corridor from Maine (and Plattsburgh to NYC) down to Miami as early as 12 years ago. NYT covered it a few years back -- basically they get multiple LPR hits and are usually able to do facial recognition on front seat passengers. If you driving Florida->NYC and stop for a cheesesteak in Philly, you may get some attention up the road.
There's also a growing network of commercial LPR services. Most tow trucks, many parking garages and some delivery vehicles scan and correlate license plates -- repo guys can find wanted cars in hours these days. Also, most traffic cams are saving 24x7 video with LPR.
Every semi truck these days can be factory equipped with cameras which are all stored in the cloud and analyzed as the service provider sees fit. And if they're not factory equipped they probably have a 3rd party solution in the cab and the same thing is being done.
Why don’t they just use facial and gait and heartbeat recognition everywhere? London and other cities already have CCTV cameras, and an AI can quickly figure out wherr you are. In China it has been deployed at scale!
It probably has, but I have not seen public sources that have reported it.
I’m sure as part of one of our many states of emergency in the United States deployments will be accelerated. NYPD has an extensive camera network in Manhattan that probably does this.
The images and video clips are stored for 30 days. The metadata (OCRed plate, and timestamp) are stored forever. Sorry I mean “may be stored indefinitely”.
Source: the privacy policy of the shopping mall near me, who installed these things even before the city did.
In some of the Fani Willis court proceedings they dredged up ~10yo cell phone location data like it was nothing about people who weren't relevant enough to warrant special attention 10yr ago.
They introduced stuff from a really long time ago as evidince of people knowing each other or dealing with each other. Like "you were at X's house then so clearly you knew them" type thing. I don't recall exactly what the context was because the big takeaway was the retention of records.
In a security interview I was questioned about an interaction on a public payphone 15 years prior, back in 2006 (transcript from 1991). They apparently had transcribed logs of all conversations (on that phone? All public pay phones?) that were part of a searchable database. My involvement at the time in a (tiny, unknown , knowable only in retrospect later from the time of the transcript ) political student organization was apparently enough to get flagged.
And Lowe's (hardware store) has signed an agreement with them to put them on their properties. Vote with your wallets.
"Retail giant Lowe’s is another customer, according to two former Flock employees and confirmed by the company. Scott Draher, vice president of asset protection at Lowe’s, said in a statement that Flock cameras are “just one example of a multifaceted approach” to combat shoplifting. He declined to comment on how many of its stores have Flock cameras or if it provides camera feeds to law enforcement."
Private ANPR in public spaces is unlawful in the entire EU. The US needs to get a GDPR equivalent to protect basic human rights from corporate surveillance.
Interesting I had actually considered getting a job there at one point ha... it's like Anduril you know, seems like a cool company but the purpose... Also doubt I'm qualified but yeah.
I wonder how effective an EMP would be at "sterilising" a vehicle of such trackers. Especially if the vehicle in question has no electronics and uses a mechanically-injected diesel engine.
Certainly an interesting thought if you have a very old diesel. I would wonder if all the metal would hamper an EMP pulse that you could safely generate at home.
Diesel's going back 20+ years still have ECUs as well, not to mention the rest of the vehicle's electronics could be at risk. So it would have to be a properly old or unique vehicle.
It's an interesting idea. The "obvious" route would be to tear down the vehicle and remove all the ECUs you want to save, then administer the zap. But at that point you probably find the tracker hardware anyway, unless it's really buried in some upholstery or something.
I would also want to be able to check for trackers regularly, which excludes a full teardown. I would want to check these particular kinds of cars after every event they go to for example.
That said, whilst it is a known threat vector, I have no data on how often its actually exploited. It might be a lot of work for nothing.
The last car without electronics I drove was a Tavria made in Soviet Ukraine 35 years ago. Then dad installed an aftermarket ignition timing chip. You need to go really far back in time to find vehicles without chips.
These efforts are commendable, but by and large I think our location data is just a commodity by now and it is best not to assume you can reliably hide your location permanently and reliably without spending a lot of effort.
Not that I'd find that idea pleasant, I just think the ship has sailed.
This isn't a generic data privacy counter-measure or concern. This is specifically targeted against stalking, which is pretty much one of only a few cases where this kind of thing would be used against you. Specifically the case where the perpetrator will place a device in or on the victim's car.
I can imagine half a dozen ways to use this data against you in all kinds of settings. Sales, divorce, employment, espionage against your employer, burglary, and basic blackmail.
Sure, but the stalking issue is a subset of the generic data privacy issue or do you believe you can hide from a stalker if everyone else under the sun knows you location. It might be too difficult to use location data brokers for stalking[1] but the whole economy around them makes the app ecosystem weak against location privacy and makes it easy to use a manipulated app for stalking. No special devices needed and certainly no cellular devices needed.
I’m not sure what point you’re really trying to make here. This is a thread about detection methods of an extremely invasive (and rare) method of stalking, which yes is a subset of a data privacy issue. The fact that data brokers can get a lot of location and other data about you is irrelevant to the discussion.
> or do you believe you can hide from a stalker if everyone else under the sun knows you location.
I’m not sure anyone is claiming that the detection methods described in this study are going to make you completely undetectable to any party at all times. Again, not sure what point you’re trying to make here and it feels irrelevant to the larger thread. The original comment seemed to indicate that the article hadn’t been read at all.
My point is that what they are doing is interesting and commendable but if they want to effectively help stalking victims they are barking up
the wrong tree and that there are much better ways to spend time and energy to help the issue at hand.
What? sorry, but this is pure nonsense. better ways like what? This is a study. Did you read it at all? Again, it’s not claiming to be a cure-all solution. It’s studying how to detect low powered LTE devices in a vehicle. Did you read it?
The security nihilism is thinking "why try to defend yourself if there are so many attack vectors". Also, my phone has no malicious apps. (It's a GNU/Linux phone.)
That is true for law enforcement, corps and nation states perhaps, but the threat vector here is just regular people who want to track someone. They're not as saavy and don't (usually) have access to the corp/leo/government databases of locating data.
For me it's about car theft, so all I am defending against is what thiefs have access to. If I can detect a scanner popped on a car at a car show before heading back to storage, I am at a huge advantage.
That ship is more than capable of being put back in a bottle with enough political will. We just need to come together enough to get the message heard.
Sure. But hardware trackers is the least of our problems. We'd need a hard crackdown on location privacy in mobile operating systems and the app ecosystem. Good luck with mobilizing enough "political will" when the economic interests of a whole industry is affected.
I don't think the economics are a problem. I think it'll be the fed they call in to testify that will shed crocodile tears about how some murdering pedophile was brought to justice using this data.
Very similar to how we lost a ton of civil liberties because shows like 24 bombarded the country with ideas that the only way to stop terrorism was torture.
Unfortunately, a good number of people will happily sacrifice liberties that will be abused simply because it might catch a single bad guy.
I live in Europe and helped introducing GDPR. It is good at what it was designed for: being a pain for companies that collect data en masse and cannot tolerate the slightest friction (think Facebook).
For everyone it else there are ways. Read about the six legal bases for processing personal data, especially consent and legitimate interest. You will be surprised.
Interesting research, but the paper does not address the contribution to the arms race of good vs bad. The criminals will likely use this technique to find legitimate car trackers before stealing the vehicle.
At least for motorbikes, the tactic is to abandon a stolen vehicle for a while after the theft to see if anyone comes for it, then take it to home base. I'd guess it all comes down to how professional an operation you're dealing with, last week a haul was recovered due to a tracker: https://www.bbc.co.uk/news/articles/c1denv9eg6wo
There were probably zero arrests from that seizure. There would probably be more seizures if they simply scanned used vehicle VINs going out for export, but there's no resources for that. The whole "export used garbage vehicles to a new home" market is super shady and is a convenient front for theft.
Did you not notice the motion sensor bit? Their technique does not work against a stationary tracker because it's not going to say anything. Thus you can't check out the car before you steal it.
What the bad guys do is steal the car, then leave it somewhere as soon as possible and see if anyone comes for it.
It's usually plugged into your OBD port. If your car has API features, some EV owners have graphed their electricity usage and shown drain/spikes at intervals and led them to find these devices. The consumption from the 12v battery causes the larger EV battery to charge the 12v battery, showing these charging/discharge spikes. There's also sometimes a sticker next to your tire pressure label on the driver's side door mentioning the installation of such a device.
I guess get rid of it if you care to.
reply