JFYI: These devices are also installed on cars before it arrives at the dealer or by the dealer itself, but not necessarily by the manufacturer. Rumors are that it is installed by larger dealer groups and is obscured or just failed to be disclosed to the end dealer. Either as part of their LoJak(?) sales upsell or tracking for insurance purposes.
It's usually plugged into your OBD port. If your car has API features, some EV owners have graphed their electricity usage and shown drain/spikes at intervals and led them to find these devices. The consumption from the 12v battery causes the larger EV battery to charge the 12v battery, showing these charging/discharge spikes. There's also sometimes a sticker next to your tire pressure label on the driver's side door mentioning the installation of such a device.
If you're going to try and track this stuff for real, keep in mind most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move.
Also that some devices log data locally and require manual pickup + review to avoid detection. Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
Since I'm not seeing any other references, here's a timestamp for a YouTube video where an ex-undercover op is interviewed and such thing is mentioned:
How FBI Undercover Agents Actually Work | Authorized Account | Insider https://youtu.be/h6au3ppTm7g?t=1123
> most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move
I've been working with (non-covert!) tracker devices for a project, and use exactly this approach, when stationary the tracker goes into low-power mode and sends position once every 12 hours to preserve battery life. When motion is detected, we send regular updates.
If low cost is the goal, consider a voltage measurement device. ICE engines have electrical systems that run ear 13V when the engine is on, and ~12.5-12.8V when the engine is off
Using the GPS signal to detect motion is the most power-expensive path though.
The cheapest in terms of power consumption is a simple Accelerometer/Gyroscope component.
The difference can be months or even years in longer battery runtime compared to GPS.
Put it in an RF chamber and keep another GPS receiver outside the chamber some distance away to make sure it doesn't lose lock on the real satellites. That's your leakage canary.
We had one of those in an underground parking garage for autonomous vehicle testing at a previous job, but it was a naturally really well shielded room, and it was just repeating surface signals so no one would complain.
Sleeping the CPU until you get an interrupt from an IMU or simple motion detector is a common way to do this. It's not about being stealthy so much as extending battery life.
Hey this is my industry! Teltonika is a major player in the IoT tracking space. They have features designed specifically to handle this situation. I’m told that GPS jamming and radio pinpointing techniques are used to steal vehicles with these kinds of telematics devices installed, especially in Africa
It'd be cheaper to buy an RTL-SDR and an LTE antenna than this tinySA. I'm not convinced that a layman would have enough practical experience with radio's to detect these signals though. The bands used for IoT aren't exclusively used for IoT either - they'll contain "normal" LTE signals too.
They also used to monitor MAC addresses from various wifi access points, the MAC addresses of your computer don’t change. But now I think the vendors started fixing that.
I think per-AP randomisation of wifi mac has been the default on any mobile device I've checked in the past five years at least. Haven't examined bluetooth as closely.
It's been the norm on mobile devices for a while. It isn't as normal on desktop but I think most OSes do it nowadays, it might need to be enabled though.
Simply putting a fake plate would bypass that. Truckers usually have a pulley system on their plates to avoid tolls, so maybe more normal drivers will implement such a system or find a way to create something that messes up their camera OCR.
That would probably flag you immediately for a plate that doesn't match the car, a plate that does match but seen in two places that would be impossible to travel in that time.
That event would go in the same bucket as the other ten million alerts where the system got confused between visually near identical models or some de-badged sports car.
The fact of the matter is that the powers that be can't overtly use the dragnet in the way that the "how dare someone skip a $2 toll" and "muh two ton death machine" crowds would like to see because the other 99.5% of the public will be all "hey WTF" and politicians will pass laws to pander to those people. The dragnet operating powers that be would rather retain the ability to use the dragnet unfettered even in bad ways so they normally reserve its use for "serious" things.
And Lowe's (hardware store) has signed an agreement with them to put them on their properties. Vote with your wallets.
"Retail giant Lowe’s is another customer, according to two former Flock employees and confirmed by the company. Scott Draher, vice president of asset protection at Lowe’s, said in a statement that Flock cameras are “just one example of a multifaceted approach” to combat shoplifting. He declined to comment on how many of its stores have Flock cameras or if it provides camera feeds to law enforcement."
I noticed that in Abrego Garcia's recent indictment they were able to figure out he was in 2022 based on ALPR pulls that showed he was actually putzing around Texas. My understanding was most ALPRs were being stored for no more than 30 days but apparently that isn't the case, since it appears they did not start to build the trafficking case until this year.
There's networks of these things, so you can't trust what is said. The host agency may keep for 30 days, but exchange data with third parties, through organizations like NLETS, private collaborations and informal exchange. I'd assume with NLETS searches that the Feds have an overwatch capability and spy on the spies so to speak.
This stuff started with "drug corridors". Police and Feds can and do track vehicles on the I-95 corridor from Maine (and Plattsburgh to NYC) down to Miami as early as 12 years ago. NYT covered it a few years back -- basically they get multiple LPR hits and are usually able to do facial recognition on front seat passengers. If you driving Florida->NYC and stop for a cheesesteak in Philly, you may get some attention up the road.
There's also a growing network of commercial LPR services. Most tow trucks, many parking garages and some delivery vehicles scan and correlate license plates -- repo guys can find wanted cars in hours these days. Also, most traffic cams are saving 24x7 video with LPR.
Every semi truck these days can be factory equipped with cameras which are all stored in the cloud and analyzed as the service provider sees fit. And if they're not factory equipped they probably have a 3rd party solution in the cab and the same thing is being done.
Why don’t they just use facial and gait and heartbeat recognition everywhere? London and other cities already have CCTV cameras, and an AI can quickly figure out wherr you are. In China it has been deployed at scale!
It probably has, but I have not seen public sources that have reported it.
I’m sure as part of one of our many states of emergency in the United States deployments will be accelerated. NYPD has an extensive camera network in Manhattan that probably does this.
The images and video clips are stored for 30 days. The metadata (OCRed plate, and timestamp) are stored forever. Sorry I mean “may be stored indefinitely”.
Source: the privacy policy of the shopping mall near me, who installed these things even before the city did.
In some of the Fani Willis court proceedings they dredged up ~10yo cell phone location data like it was nothing about people who weren't relevant enough to warrant special attention 10yr ago.
They introduced stuff from a really long time ago as evidince of people knowing each other or dealing with each other. Like "you were at X's house then so clearly you knew them" type thing. I don't recall exactly what the context was because the big takeaway was the retention of records.
In a security interview I was questioned about an interaction on a public payphone 15 years prior, back in 2006 (transcript from 1991). They apparently had transcribed logs of all conversations (on that phone? All public pay phones?) that were part of a searchable database. My involvement at the time in a (tiny, unknown , knowable only in retrospect later from the time of the transcript ) political student organization was apparently enough to get flagged.
Private ANPR in public spaces is unlawful in the entire EU. The US needs to get a GDPR equivalent to protect basic human rights from corporate surveillance.
Interesting I had actually considered getting a job there at one point ha... it's like Anduril you know, seems like a cool company but the purpose... Also doubt I'm qualified but yeah.
Wait, why on earth are these wireless? Apparently they're battery powered too??
What possible reason is there for them not to just be plugged into the car's power and computer? I'm sure there is a reason, but it never once occurred to me that that would be the case. What a strange system.
>What possible reason is there for them not to just be plugged into the car's power and computer?
The part where they are a sensor in a wheel and therefore have constant turning. Are you interested in engineering a system that can cheaply and reliably provide power and signal through a constantly and one direction turning joint? That's not a trivial problem, and most solutions are things like contact brushes on a turning bearing surface which would instantly foul in a tire and brake dust filled environment or a sealed puck of mercury channels that nobody wants to install on every single car in the world.
There are two ways tire pressure monitoring is done. The normal way is to piggy back on the tone wheels that ABS uses to monitor wheel rotation speed, as a flat tire has less circumference and therefore rotates faster. This has the down side that you need to "calibrate" it and people suck at doing that, it can't tell you raw pressure values at all, and for a while it wasn't normal for cars to have 4 independent ABS tone wheels so you couldn't always pinpoint which tire was flat. This method has no consumable parts, has no batteries, and sends no radio signals so is not trackable.
The other method is putting a battery powered pressure sensor and radio in the valve stem of each wheel. This method is retrofittable, will always give you raw pressure values and doesn't need any calibration (but does need pairing). However, the parts are more expensive, they are somewhat consumable and make tire changes more expensive and time consuming, and are constantly sending trackable signals that can be automatically dragnet surveilled. Don't buy this method.
I believe the tires themselves have RFID chips in them. There are some various RFID readers embedded in highways and roads that quietly track all tires that go over them.
Way back in the day (2010), I worked for a company using Bluetooth scanners to measure traffic speeds. We could get about a 500' range with custom hardware.
The real fun part at the time was that every Bluetooth device pretty much was always in pairing mode, and that MACs didn't rotate...
Eventually those both happened, but in ways beyond my comprehension (I worked on the software side), the hardware guys could still pick up the signals to track cars.
BLE transmissions go much further last time I experimented with them [0]. However the problem of anonymity comes into play since they frequently generate new MAC addresses.
I wonder how effective an EMP would be at "sterilising" a vehicle of such trackers. Especially if the vehicle in question has no electronics and uses a mechanically-injected diesel engine.
Certainly an interesting thought if you have a very old diesel. I would wonder if all the metal would hamper an EMP pulse that you could safely generate at home.
Diesel's going back 20+ years still have ECUs as well, not to mention the rest of the vehicle's electronics could be at risk. So it would have to be a properly old or unique vehicle.
It's an interesting idea. The "obvious" route would be to tear down the vehicle and remove all the ECUs you want to save, then administer the zap. But at that point you probably find the tracker hardware anyway, unless it's really buried in some upholstery or something.
The last car without electronics I drove was a Tavria made in Soviet Ukraine 35 years ago. Then dad installed an aftermarket ignition timing chip. You need to go really far back in time to find vehicles without chips.
These efforts are commendable, but by and large I think our location data is just a commodity by now and it is best not to assume you can reliably hide your location permanently and reliably without spending a lot of effort.
Not that I'd find that idea pleasant, I just think the ship has sailed.
This isn't a generic data privacy counter-measure or concern. This is specifically targeted against stalking, which is pretty much one of only a few cases where this kind of thing would be used against you. Specifically the case where the perpetrator will place a device in or on the victim's car.
Sure, but the stalking issue is a subset of the generic data privacy issue or do you believe you can hide from a stalker if everyone else under the sun knows you location. It might be too difficult to use location data brokers for stalking[1] but the whole economy around them makes the app ecosystem weak against location privacy and makes it easy to use a manipulated app for stalking. No special devices needed and certainly no cellular devices needed.
I’m not sure what point you’re really trying to make here. This is a thread about detection methods of an extremely invasive (and rare) method of stalking, which yes is a subset of a data privacy issue. The fact that data brokers can get a lot of location and other data about you is irrelevant to the discussion.
> or do you believe you can hide from a stalker if everyone else under the sun knows you location.
I’m not sure anyone is claiming that the detection methods described in this study are going to make you completely undetectable to any party at all times. Again, not sure what point you’re trying to make here and it feels irrelevant to the larger thread. The original comment seemed to indicate that the article hadn’t been read at all.
My point is that what they are doing is interesting and commendable but if they want to effectively help stalking victims they are barking up
the wrong tree and that there are much better ways to spend time and energy to help the issue at hand.
I can imagine half a dozen ways to use this data against you in all kinds of settings. Sales, divorce, employment, espionage against your employer, burglary, and basic blackmail.
The security nihilism is thinking "why try to defend yourself if there are so many attack vectors". Also, my phone has no malicious apps. (It's a GNU/Linux phone.)
That is true for law enforcement, corps and nation states perhaps, but the threat vector here is just regular people who want to track someone. They're not as saavy and don't (usually) have access to the corp/leo/government databases of locating data.
For me it's about car theft, so all I am defending against is what thiefs have access to. If I can detect a scanner popped on a car at a car show before heading back to storage, I am at a huge advantage.
That ship is more than capable of being put back in a bottle with enough political will. We just need to come together enough to get the message heard.
Sure. But hardware trackers is the least of our problems. We'd need a hard crackdown on location privacy in mobile operating systems and the app ecosystem. Good luck with mobilizing enough "political will" when the economic interests of a whole industry is affected.
I don't think the economics are a problem. I think it'll be the fed they call in to testify that will shed crocodile tears about how some murdering pedophile was brought to justice using this data.
Very similar to how we lost a ton of civil liberties because shows like 24 bombarded the country with ideas that the only way to stop terrorism was torture.
Unfortunately, a good number of people will happily sacrifice liberties that will be abused simply because it might catch a single bad guy.
I live in Europe and helped introducing GDPR. It is good at what it was designed for: being a pain for companies that collect data en masse and cannot tolerate the slightest friction (think Facebook).
For everyone it else there are ways. Read about the six legal bases for processing personal data, especially consent and legitimate interest. You will be surprised.
Interesting research, but the paper does not address the contribution to the arms race of good vs bad. The criminals will likely use this technique to find legitimate car trackers before stealing the vehicle.
At least for motorbikes, the tactic is to abandon a stolen vehicle for a while after the theft to see if anyone comes for it, then take it to home base. I'd guess it all comes down to how professional an operation you're dealing with, last week a haul was recovered due to a tracker: https://www.bbc.co.uk/news/articles/c1denv9eg6wo
There were probably zero arrests from that seizure. There would probably be more seizures if they simply scanned used vehicle VINs going out for export, but there's no resources for that. The whole "export used garbage vehicles to a new home" market is super shady and is a convenient front for theft.
Did you not notice the motion sensor bit? Their technique does not work against a stationary tracker because it's not going to say anything. Thus you can't check out the car before you steal it.
What the bad guys do is steal the car, then leave it somewhere as soon as possible and see if anyone comes for it.
JFYI: These devices are also installed on cars before it arrives at the dealer or by the dealer itself, but not necessarily by the manufacturer. Rumors are that it is installed by larger dealer groups and is obscured or just failed to be disclosed to the end dealer. Either as part of their LoJak(?) sales upsell or tracking for insurance purposes.
It's usually plugged into your OBD port. If your car has API features, some EV owners have graphed their electricity usage and shown drain/spikes at intervals and led them to find these devices. The consumption from the 12v battery causes the larger EV battery to charge the 12v battery, showing these charging/discharge spikes. There's also sometimes a sticker next to your tire pressure label on the driver's side door mentioning the installation of such a device.
I guess get rid of it if you care to.
If you're going to try and track this stuff for real, keep in mind most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move.
Also that some devices log data locally and require manual pickup + review to avoid detection. Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
>Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
Any more info on this?
Since I'm not seeing any other references, here's a timestamp for a YouTube video where an ex-undercover op is interviewed and such thing is mentioned: How FBI Undercover Agents Actually Work | Authorized Account | Insider https://youtu.be/h6au3ppTm7g?t=1123
> most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move
I've been working with (non-covert!) tracker devices for a project, and use exactly this approach, when stationary the tracker goes into low-power mode and sends position once every 12 hours to preserve battery life. When motion is detected, we send regular updates.
If low cost is the goal, consider a voltage measurement device. ICE engines have electrical systems that run ear 13V when the engine is on, and ~12.5-12.8V when the engine is off
That would require plugging into the wiring. At that point you no longer need a battery and can just use the car's power.
I'd be wary of draining the battery while the car is off. You don't want to prevent the car from starting
The ~10 or 20mA or so one of these things draws would take months to do that.
Untrue. Imagine a cute convertible car or sportbike in the snow country.
We talking MEMS/inertia detection, vibration detection or auto-geo-fencing?
The absolute cheapest thing is just to never update the position unless it significantly changed. Doesn't require anything except the GPS chip.
Bluetooth beacons would need to add an accelerometer, but that undermines their use in pinpointing an object at rest.
Using the GPS signal to detect motion is the most power-expensive path though.
The cheapest in terms of power consumption is a simple Accelerometer/Gyroscope component. The difference can be months or even years in longer battery runtime compared to GPS.
Probably the most effective technique for detection would be attained by spoofing the GPS signals, like the IRGC did to capture multiple US' drones?
https://www.gpsworld.com/gps-circle-spoofing-discovered-in-i...
I wonder how easily GPS can be spoofed, locally ...
https://rntfnd.org/2021/10/28/cheap-and-easy-gps-gnss-spoofi...
Seems someone already had the idea:
https://www.reddit.com/r/hardwarehacking/comments/10na5c8/sp...
I used to have a GPS repeater installed in our lab for RF testing. The FAA did not like it at all and threatened us with action.
Don't go spoofing or broadcasting your own GPS signals unless you have a decent legal team behind you.
Put it in an RF chamber and keep another GPS receiver outside the chamber some distance away to make sure it doesn't lose lock on the real satellites. That's your leakage canary.
We had one of those in an underground parking garage for autonomous vehicle testing at a previous job, but it was a naturally really well shielded room, and it was just repeating surface signals so no one would complain.
Sleeping the CPU until you get an interrupt from an IMU or simple motion detector is a common way to do this. It's not about being stealthy so much as extending battery life.
Whichever one is cheapest energy-wise. My guess is MEMS.
Hey this is my industry! Teltonika is a major player in the IoT tracking space. They have features designed specifically to handle this situation. I’m told that GPS jamming and radio pinpointing techniques are used to steal vehicles with these kinds of telematics devices installed, especially in Africa
Ham radio guys and gals have been doing this for decades with APRS. It's fun and easy to do.
https://aprs.fi/#!lat=37.25320&lng=-80.43470
https://www.aprs.org/
So that 1979 Ford F150 can be tracked too ;)
It'd be cheaper to buy an RTL-SDR and an LTE antenna than this tinySA. I'm not convinced that a layman would have enough practical experience with radio's to detect these signals though. The bands used for IoT aren't exclusively used for IoT either - they'll contain "normal" LTE signals too.
RTL-SDRs have a typical usable bandwidth only about 2 MHz, so that is going to rule them out of any real usable LTE related decoding and detection
Channel bandwidth for Cat-M is 1.4 MHz.
You won't be doing any decoding w/ a tinySA either.
Better hope your stalker isn't friends with a law enforcement officer either: https://deflock.me/
They also used to monitor MAC addresses from various wifi access points, the MAC addresses of your computer don’t change. But now I think the vendors started fixing that.
To be clear, you absolutely can randomize your Mac on most devices nowadays.
I think per-AP randomisation of wifi mac has been the default on any mobile device I've checked in the past five years at least. Haven't examined bluetooth as closely.
It's been the norm on mobile devices for a while. It isn't as normal on desktop but I think most OSes do it nowadays, it might need to be enabled though.
Simply putting a fake plate would bypass that. Truckers usually have a pulley system on their plates to avoid tolls, so maybe more normal drivers will implement such a system or find a way to create something that messes up their camera OCR.
That would probably flag you immediately for a plate that doesn't match the car, a plate that does match but seen in two places that would be impossible to travel in that time.
That event would go in the same bucket as the other ten million alerts where the system got confused between visually near identical models or some de-badged sports car.
The fact of the matter is that the powers that be can't overtly use the dragnet in the way that the "how dare someone skip a $2 toll" and "muh two ton death machine" crowds would like to see because the other 99.5% of the public will be all "hey WTF" and politicians will pass laws to pander to those people. The dragnet operating powers that be would rather retain the ability to use the dragnet unfettered even in bad ways so they normally reserve its use for "serious" things.
> Truckers usually have a pulley system on their plates to avoid tolls
You mean like James Bond's rotating license plates ? Got a pointer to this stuff ?
Just search for it.
I found video review of $80 in seconds.
There's also videos online of cars flipping it right before they cross a toll by plate.
I would not do this. This is serious fraud and antisocial behavior.
"Usually" is an astonishingly aggressive claim here.
that's not related to flock safety (company) is it?
Yep. Their brand of ALPR cameras have spread like a plague very quickly all over the US
And Lowe's (hardware store) has signed an agreement with them to put them on their properties. Vote with your wallets.
"Retail giant Lowe’s is another customer, according to two former Flock employees and confirmed by the company. Scott Draher, vice president of asset protection at Lowe’s, said in a statement that Flock cameras are “just one example of a multifaceted approach” to combat shoplifting. He declined to comment on how many of its stores have Flock cameras or if it provides camera feeds to law enforcement."
https://ourcommunitynow.com/P/americas-biggest-mall-owner-is...
I noticed that in Abrego Garcia's recent indictment they were able to figure out he was in 2022 based on ALPR pulls that showed he was actually putzing around Texas. My understanding was most ALPRs were being stored for no more than 30 days but apparently that isn't the case, since it appears they did not start to build the trafficking case until this year.
There's networks of these things, so you can't trust what is said. The host agency may keep for 30 days, but exchange data with third parties, through organizations like NLETS, private collaborations and informal exchange. I'd assume with NLETS searches that the Feds have an overwatch capability and spy on the spies so to speak.
This stuff started with "drug corridors". Police and Feds can and do track vehicles on the I-95 corridor from Maine (and Plattsburgh to NYC) down to Miami as early as 12 years ago. NYT covered it a few years back -- basically they get multiple LPR hits and are usually able to do facial recognition on front seat passengers. If you driving Florida->NYC and stop for a cheesesteak in Philly, you may get some attention up the road.
There's also a growing network of commercial LPR services. Most tow trucks, many parking garages and some delivery vehicles scan and correlate license plates -- repo guys can find wanted cars in hours these days. Also, most traffic cams are saving 24x7 video with LPR.
Every semi truck these days can be factory equipped with cameras which are all stored in the cloud and analyzed as the service provider sees fit. And if they're not factory equipped they probably have a 3rd party solution in the cab and the same thing is being done.
Why don’t they just use facial and gait and heartbeat recognition everywhere? London and other cities already have CCTV cameras, and an AI can quickly figure out wherr you are. In China it has been deployed at scale!
It probably has, but I have not seen public sources that have reported it.
I’m sure as part of one of our many states of emergency in the United States deployments will be accelerated. NYPD has an extensive camera network in Manhattan that probably does this.
The images and video clips are stored for 30 days. The metadata (OCRed plate, and timestamp) are stored forever. Sorry I mean “may be stored indefinitely”.
Source: the privacy policy of the shopping mall near me, who installed these things even before the city did.
In some of the Fani Willis court proceedings they dredged up ~10yo cell phone location data like it was nothing about people who weren't relevant enough to warrant special attention 10yr ago.
Is that accurate? The Willis proceedings were about events around 2021, so that's only 4 years at best
They introduced stuff from a really long time ago as evidince of people knowing each other or dealing with each other. Like "you were at X's house then so clearly you knew them" type thing. I don't recall exactly what the context was because the big takeaway was the retention of records.
In a security interview I was questioned about an interaction on a public payphone 15 years prior, back in 2006 (transcript from 1991). They apparently had transcribed logs of all conversations (on that phone? All public pay phones?) that were part of a searchable database. My involvement at the time in a (tiny, unknown , knowable only in retrospect later from the time of the transcript ) political student organization was apparently enough to get flagged.
Back in 2006 that was an eye opener for me.
Government run ones had limited time due to civil liberties concerns. However, since it’s a private company…
https://www.404media.co/a-texas-cop-searched-license-plate-c...
https://docs.flocksafety.com/developer-hub/docs/introduction
https://www.flocksafety.com/devices/flock-nova
UPDATE plate_scan SET soft_deleted = 1 WHERE now() - scan_date > 30
Private ANPR in public spaces is unlawful in the entire EU. The US needs to get a GDPR equivalent to protect basic human rights from corporate surveillance.
For a given definition of "public".
Driving into a supermarket carpark? Most will have time-limits controlled by private ANPR cameras.
True, but they can't track vehicles on public roads, and they cannot store or persist the number plates for any other reason then access control.
Interesting I had actually considered getting a job there at one point ha... it's like Anduril you know, seems like a cool company but the purpose... Also doubt I'm qualified but yeah.
The map of ALPR nodes show that some are installed by "Flock Safety" when you click on a single one and view the details.
So I would assume those two things are directly connected.
Just speculation though. Don't have time to verify currently.
Do you know if they also monitor bluetooth devices?
Like all cars have one and if should be detectable.
Also, most recent cars have DCM which are always sending data, including position to the car maker.
TPMS is also common and detectable.
Wait, why on earth are these wireless? Apparently they're battery powered too??
What possible reason is there for them not to just be plugged into the car's power and computer? I'm sure there is a reason, but it never once occurred to me that that would be the case. What a strange system.
they are basicly integrated with the valve stem, there would be a wiring problem to solve
>What possible reason is there for them not to just be plugged into the car's power and computer?
The part where they are a sensor in a wheel and therefore have constant turning. Are you interested in engineering a system that can cheaply and reliably provide power and signal through a constantly and one direction turning joint? That's not a trivial problem, and most solutions are things like contact brushes on a turning bearing surface which would instantly foul in a tire and brake dust filled environment or a sealed puck of mercury channels that nobody wants to install on every single car in the world.
There are two ways tire pressure monitoring is done. The normal way is to piggy back on the tone wheels that ABS uses to monitor wheel rotation speed, as a flat tire has less circumference and therefore rotates faster. This has the down side that you need to "calibrate" it and people suck at doing that, it can't tell you raw pressure values at all, and for a while it wasn't normal for cars to have 4 independent ABS tone wheels so you couldn't always pinpoint which tire was flat. This method has no consumable parts, has no batteries, and sends no radio signals so is not trackable.
The other method is putting a battery powered pressure sensor and radio in the valve stem of each wheel. This method is retrofittable, will always give you raw pressure values and doesn't need any calibration (but does need pairing). However, the parts are more expensive, they are somewhat consumable and make tire changes more expensive and time consuming, and are constantly sending trackable signals that can be automatically dragnet surveilled. Don't buy this method.
This is tire pressure monitors for those that don't know.
Didn't even cross my mind...
I believe the tires themselves have RFID chips in them. There are some various RFID readers embedded in highways and roads that quietly track all tires that go over them.
They have Bluetooth hardware but doesn't appear they monitor with it based on available information.
https://www.ryanohoro.com/post/spotting-flock-safety-s-falco...
https://www.cehrp.org/dissection-of-flock-safety-camera/
Bluetooth doesn’t have the signal strength beyond 20ft. Even then it requires a handshake pairing to send data as every device shares spectrum.
Way back in the day (2010), I worked for a company using Bluetooth scanners to measure traffic speeds. We could get about a 500' range with custom hardware.
The real fun part at the time was that every Bluetooth device pretty much was always in pairing mode, and that MACs didn't rotate...
Eventually those both happened, but in ways beyond my comprehension (I worked on the software side), the hardware guys could still pick up the signals to track cars.
> Bluetooth doesn’t have the signal strength beyond 20ft
Oh dear.
I think you will find a directional antenna can rather increase this by several orders of magnitude.
and 20 feet is not that short.
Those overpass things with cameras and transponders can definitely still pick it up within this range.
Plus like many have written, it's not even difficult to extend that range with cheap hardware.
BLE transmissions go much further last time I experimented with them [0]. However the problem of anonymity comes into play since they frequently generate new MAC addresses.
[0]: https://news.ycombinator.com/item?id=38252566
> since they frequently generate new MAC addresses
This has not been my experience.
I can almost assure you NYC subway does this.
Retail stores do too just fyi tracking you through the store. But it’s not pairing and it doesn’t have long range.
[dead]
I wonder how effective an EMP would be at "sterilising" a vehicle of such trackers. Especially if the vehicle in question has no electronics and uses a mechanically-injected diesel engine.
Certainly an interesting thought if you have a very old diesel. I would wonder if all the metal would hamper an EMP pulse that you could safely generate at home.
Diesel's going back 20+ years still have ECUs as well, not to mention the rest of the vehicle's electronics could be at risk. So it would have to be a properly old or unique vehicle.
It's an interesting idea. The "obvious" route would be to tear down the vehicle and remove all the ECUs you want to save, then administer the zap. But at that point you probably find the tracker hardware anyway, unless it's really buried in some upholstery or something.
12v Cummins in the Dodge Ram pre-'95 would fit this. I used to want one for this reason.
The last car without electronics I drove was a Tavria made in Soviet Ukraine 35 years ago. Then dad installed an aftermarket ignition timing chip. You need to go really far back in time to find vehicles without chips.
These efforts are commendable, but by and large I think our location data is just a commodity by now and it is best not to assume you can reliably hide your location permanently and reliably without spending a lot of effort.
Not that I'd find that idea pleasant, I just think the ship has sailed.
This isn't a generic data privacy counter-measure or concern. This is specifically targeted against stalking, which is pretty much one of only a few cases where this kind of thing would be used against you. Specifically the case where the perpetrator will place a device in or on the victim's car.
Sure, but the stalking issue is a subset of the generic data privacy issue or do you believe you can hide from a stalker if everyone else under the sun knows you location. It might be too difficult to use location data brokers for stalking[1] but the whole economy around them makes the app ecosystem weak against location privacy and makes it easy to use a manipulated app for stalking. No special devices needed and certainly no cellular devices needed.
https://xkcd.com/538/
[1] Even though data brokers have been used to find out the medications of a German MP, for example. https://www.techradar.com/news/even-your-deleted-secret-web-...
I’m not sure what point you’re really trying to make here. This is a thread about detection methods of an extremely invasive (and rare) method of stalking, which yes is a subset of a data privacy issue. The fact that data brokers can get a lot of location and other data about you is irrelevant to the discussion.
> or do you believe you can hide from a stalker if everyone else under the sun knows you location.
I’m not sure anyone is claiming that the detection methods described in this study are going to make you completely undetectable to any party at all times. Again, not sure what point you’re trying to make here and it feels irrelevant to the larger thread. The original comment seemed to indicate that the article hadn’t been read at all.
My point is that what they are doing is interesting and commendable but if they want to effectively help stalking victims they are barking up the wrong tree and that there are much better ways to spend time and energy to help the issue at hand.
Knowing where you are is useful.
Knowing where you _aren't_ is equally useful.
I can imagine half a dozen ways to use this data against you in all kinds of settings. Sales, divorce, employment, espionage against your employer, burglary, and basic blackmail.
It doesn't necessarily say where you aren't. What if you get in somebody else's car? (Not uncommon for me as we typically carpool to trailheads.)
Sure, but if your car is presently driving to the supermarket, it’s a pretty safe bet that you are probably not at your house.
This looks like security (or privacy) nihilism: https://news.ycombinator.com/item?id=27897975
The security nihilism is thinking you'd need special hardware to stalk someone, when a malicious app on the victims phone does the job.
IT's easy to replace a phone, a car not so much
Several of my cheapest cars (and quite a few of my cheapest motorcycles) have cost me less than my most expensive phones.
Car titles (and thus vehicle transactions) are public record.
I figure it's probably about 1000x easier to gain sufficient access to someone's car to put a tracker on it than their phone
The security nihilism is thinking "why try to defend yourself if there are so many attack vectors". Also, my phone has no malicious apps. (It's a GNU/Linux phone.)
Then can you explain why special hardware still keeps showing up in victims' cars?
That is true for law enforcement, corps and nation states perhaps, but the threat vector here is just regular people who want to track someone. They're not as saavy and don't (usually) have access to the corp/leo/government databases of locating data.
For me it's about car theft, so all I am defending against is what thiefs have access to. If I can detect a scanner popped on a car at a car show before heading back to storage, I am at a huge advantage.
Real give up attitude. Gosh people have given up.
It isn't that hard, but people are lazy as hell and love convenience.
That ship is more than capable of being put back in a bottle with enough political will. We just need to come together enough to get the message heard.
I doubt it. The tech keeps becoming cheaper and easier.
When it's only governments and major corporations that can do something, political will can probably stop it.
When every tech hobbyist with $100 to spare can build their own, I don't know how it can be policed.
That's a new one. Make sure not to burn the barn door in the process?
Sure. But hardware trackers is the least of our problems. We'd need a hard crackdown on location privacy in mobile operating systems and the app ecosystem. Good luck with mobilizing enough "political will" when the economic interests of a whole industry is affected.
I don't think the economics are a problem. I think it'll be the fed they call in to testify that will shed crocodile tears about how some murdering pedophile was brought to justice using this data.
Very similar to how we lost a ton of civil liberties because shows like 24 bombarded the country with ideas that the only way to stop terrorism was torture.
Unfortunately, a good number of people will happily sacrifice liberties that will be abused simply because it might catch a single bad guy.
> We'd need a hard crackdown on location privacy ....... Good luck with mobilizing enough "political will"
Genuine LOL
Here we have the GDPR. It works. (Contrary to much tech-bro propaganda spouted on here).
I live in Europe and helped introducing GDPR. It is good at what it was designed for: being a pain for companies that collect data en masse and cannot tolerate the slightest friction (think Facebook).
For everyone it else there are ways. Read about the six legal bases for processing personal data, especially consent and legitimate interest. You will be surprised.
Interesting research, but the paper does not address the contribution to the arms race of good vs bad. The criminals will likely use this technique to find legitimate car trackers before stealing the vehicle.
At least for motorbikes, the tactic is to abandon a stolen vehicle for a while after the theft to see if anyone comes for it, then take it to home base. I'd guess it all comes down to how professional an operation you're dealing with, last week a haul was recovered due to a tracker: https://www.bbc.co.uk/news/articles/c1denv9eg6wo
There were probably zero arrests from that seizure. There would probably be more seizures if they simply scanned used vehicle VINs going out for export, but there's no resources for that. The whole "export used garbage vehicles to a new home" market is super shady and is a convenient front for theft.
If you're lucky your car gets destroyed in a street takeover then insurance gives you a new car (points to head)
edit: on a more serious note, I figure I won't own a nice car till I move somewhere nicer
I don't think cars should have trackers in them to start with unless the owner specifically puts it in there themselves, so I see this as only good.
That's the point, a legitimate tracker, such as personal tracker or fleet tracker for company owned vehicles.
Did you not notice the motion sensor bit? Their technique does not work against a stationary tracker because it's not going to say anything. Thus you can't check out the car before you steal it.
What the bad guys do is steal the car, then leave it somewhere as soon as possible and see if anyone comes for it.