When your phone pairs with a car’s computer system, the evidence can remain long after the joyride.
That’s what a group of Baltimore thieves may be about to find out. Ars Technica IT Editor Sean Gallagher, who lives in Baltimore, has the story of a car theft that turned into a crowdsourced infosec investigation.
Read the full story
A systems administrator who goes by @BaconIsFruit had his house broken into and his Jeep stolen in November. The car was found after an apparent joyride, but the suspects weren’t. The thieves were caught on a webcam, which led to one of the suspects. Clues about the others didn’t emerge until he got the car back, Ars reports:
It was then that he noticed three new device names on the Jeep’s UConnect system paired device list. Since he happens to work in IT at a Baltimore-based cyber-security firm, he showed a coworker the list—launching an open source intelligence gathering operation to identify more of the culprits.
.@baconisfruit's car gets stolen. Criminal geniuses pair their phones' Bluetooth. #OPSECfail (OSINT @AmazinMojoStarz pic.twitter.com/tAfzCL6aaz
— thaddeus e. grugq (@thegrugq) February 11, 2016
One matching name was found on Instagram, and now Baltimore police are now looking into the case.
Maybe the connected car isn’t just a hacking trap after all.
Join the conversation!
Find news, events, jobs and people who share your interests on Technical.ly's open community Slack