"I had other things in the car worth money, like a wallet with $50 emergency cash in the glove compartment, a bag of near-new boxing equipment, and a case of beer in the trunk," Samantha says. "But the laptop and hard drive were what was taken, which is what made me think there was something involved to find electronics specifically."A recent rise in laptop and gadget thefts from cars, particularly in San Francisco and the larger Bay Area, has left victims and police wondering if burglars are using Bluetooth scanners to choose target cars based on which have gadgets inside emitting wireless signals. Many laptops and gadgets will put out a sort of beacon by default when their Bluetooth is turned on so that other Bluetooth devices can find them and potentially pair—even when closed or idle.
"A lot of that has to do with power savings; it depends on what sleep mode different laptops go into when the lid is closed," says Jake Williams, founder of the security firm Rendition Infosec, who often uses Wi-Fi and Bluetooth scanners in penetration testing. "But I have little doubt that some thieves are using Bluetooth scanners to target devices. It's trivial to use one, so it's not like technical knowledge is a limiting factor."In fact, they're not even specialized devices. You can easily install a Bluetooth scanner app; it uses your smartphone's own internal Bluetooth sensors to find nearby signals. They not only list everything they find, but provide details like what type of device they're picking up, whether that device is currently paired to another over Bluetooth, and how close the listed devices are within a few meters. The apps are often marketed as tools for finding lost devices, like scanning for your misplaced FitBit at your in-laws' house. But they're dead simple to use for any purpose—and they surface many more results than your phone does on its own when looking for something to pair with in your Bluetooth settings.
My Wild Ride in a Robot Race Car
Still, criminal use of Bluetooth scanners has been dismissed by some as an urban myth. Some researchers point out a much simpler explanation: Maybe the burglar just watched the victim put their laptop bag in their trunk or hide it in the backseat. And given how common it is to leave valuable tech behind in a vehicle these days, it's not inconceivable that burglars are just playing the odds."If I'm sitting in a parking lot and going to break into a car and I see someone get out of their car and put something in their trunk, then walk away, would I bother checking my iPhone to see if a Bluetooth beacon is beaconing from that trunk," says car security researcher Tim Strazzere. "No. I'm going to smash the window two seconds after they're out of view, take the bag, walk away, and look at it when I'm out of sight again. Save the time, go fast, grab everything."
But law enforcement officials have confirmed to WIRED that at least some burglars do use Bluetooth scanners to guide certain break-ins. "In our corridor, yes, we have noticed that they are in use," says Monica Rueda, a crime prevention specialist at the San Jose Police Department in California. "Right now we do know that thieves are utilizing them." Rueda declined to name specific apps or features that are in use, citing ongoing investigations.
Based on a scan of MyCar's exposed database—and Jmaxxz says he was careful not to access anyone else's private data—he estimates that there were roughly 60,000 cars left open to theft by those security bugs, with enough exposed data for a hacker to even choose the make and model of the car they wanted to steal.