A CyberSecurity CEO Used Apple's AirTags to Locate His Stolen Scooter (cnet.com) 92
Dan Guido's cybersecurity consulting firm Trail of Bits claims its clients range from Facebook to DARPA. CNET tells the story of what happened after someone stole Guido's electric scooter:
The cybersecurity CEO, located in Brooklyn, New York, had hidden two Apple AirTags inside the black scooter, concealed with black duct tape. He set out the next day to locate the vehicle with help from the little Bluetooth trackers. Spoiler alert: He succeeded.
Guido works at the New York City-based Trail of Bits, a cybersecurity research and consulting firm that serves clients in the defense, tech, finance and blockchain industries. He chronicled his hunt for the scooter in a series of tweets Monday, sharing both the challenges and successes of his wild journey... After some convincing, two police officers eventually agreed to accompany him to the scooter's location. Then, they spotted something promising: an e-bike store.
After venturing inside, Guido received a ping, alerting him the elusive scooter was nearby...
Guido's tweets document the rest of the big confrontation. "As I further inspect the scooter, the cops start asking questions: Do you sell used e-bikes? Do you collect info from the seller? Do you ask they prove ownership? What is the contact info for the person who dropped this scooter off? No, No, No, and we don't know...
"An employee inside realizes we're investigating further. He immediately becomes agitated: I should be happy I got my scooter back and leave. It's my fault for getting it stolen. I'm screwing up his day. This isn't how we do things in Brooklyn. More joined in..."
Among Guido's final tweets of advice: "Limit your in-person interactions and always involve the police. Don't try to retrieve your stolen goods until you have backup."
Apple Insider adds that "This Apple Insider. "">isn't the first time that Apple's AirTags have been used to locate missing or stolen items. Back in July, a tech enthusiast said he used the tracking accessories to find his missing wallet hours after losing it on the New York City subway."
Guido works at the New York City-based Trail of Bits, a cybersecurity research and consulting firm that serves clients in the defense, tech, finance and blockchain industries. He chronicled his hunt for the scooter in a series of tweets Monday, sharing both the challenges and successes of his wild journey... After some convincing, two police officers eventually agreed to accompany him to the scooter's location. Then, they spotted something promising: an e-bike store.
After venturing inside, Guido received a ping, alerting him the elusive scooter was nearby...
Guido's tweets document the rest of the big confrontation. "As I further inspect the scooter, the cops start asking questions: Do you sell used e-bikes? Do you collect info from the seller? Do you ask they prove ownership? What is the contact info for the person who dropped this scooter off? No, No, No, and we don't know...
"An employee inside realizes we're investigating further. He immediately becomes agitated: I should be happy I got my scooter back and leave. It's my fault for getting it stolen. I'm screwing up his day. This isn't how we do things in Brooklyn. More joined in..."
Among Guido's final tweets of advice: "Limit your in-person interactions and always involve the police. Don't try to retrieve your stolen goods until you have backup."
Apple Insider adds that "This Apple Insider. "">isn't the first time that Apple's AirTags have been used to locate missing or stolen items. Back in July, a tech enthusiast said he used the tracking accessories to find his missing wallet hours after losing it on the New York City subway."
Okay, so he’s the CEO (Score:4, Interesting)
But does the dude actually have any expertise in the area? I mean, come on - Rudy Giuliani is/was also a CEO for a New York cyber security firm.
Re: (Score:2)
But does the dude actually have any expertise in the area?
He had enough expertise to locate his scooter.
Re: (Score:3)
Yeah, admittedly that would have flummoxed Giuliani - his company couldn't even keep their own website patched.
Re: (Score:2)
Re: (Score:2)
more like, that's exactly the level of expertise required to explain what the article is about.
beyond that, who cares whether he's a good CEO or a knowledgeable CEO, or whatever else? only people with a drum to thump or an ax to grind.
Re: (Score:2)
It was probably relevant for getting the police involved.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
...and Hunter Biden
Who? And what does he have to do with TFA?
Using them for that purpose too (Score:2)
I've purchased several, and have them on my dirt bikes, generator, kids' bikes, etc. I couldn't find a case suitable for this kind of use (most are designed for keychain / dog collar type use), so I designed my own specifically for secure mounting (using zip ties) that can hold up to the kind of abuse they face on my offroad vehicles. The two halves screw together and seal the airtag away from mud. dust, etc.
Disclaimer: I'm selling them, so of course I profit off any sales. https://www.ebay.com/itm/33408 [ebay.com]
Re: (Score:2)
Re: (Score:2)
I am intrigued. I noticed you don't mention exactly which thermoplastic you chose to print with. Also, is there a decent alternative to airtags? I like the idea but my skin crawls at the idea of giving money to Apple.
Re: Using them for that purpose too (Score:2)
Re: (Score:2, Insightful)
What police? The ones we defunded?
Jeeez this is getting irritating ... take your politics and shove them up your ass.
Re:Always involve the police (Score:5, Insightful)
What police? The ones we defunded?
TFA doesn't say if the Police accompanying him wore full-tactical gear, brought an RPG and drove a tank and stun-gunned everyone in their path or not, so it's hard to tell. They could have just been regular Cops doing their regular job, not Super Soldiers in NYPD threads.
Re: Always involve the police (Score:1)
Re: (Score:1)
Or the ones who quit their jobs or killed themselves
I can understand their feeling of hopelessness. When the very people that they are stepping up to defend are the ones pulling the rug out from under them.
"Sometimes the person you'd take a bullet for ends up being the one behind the gun." - Tupac
Re: (Score:2)
Re: (Score:2)
I love this part:
I received a UWB ping as I walked in the door. It’s 13ft away! I gestured to keep walking, it’s here. The store was unkempt with piles of scooters. There was not a single new scooter in the store, every item on sale was second-hand.
Yeah... "second-hand" my ass. Those employees know all too well where they get their goods. Pretty damned brazen to get up in his face about that. Imagine if he didn't have a couple of cops with him.
Re:Always involve the police (Score:5, Interesting)
The main issue was that the police had no idea what he was talking about when he told them he had an AirTag on his scooter. They're too new. I remember many years back when security cameras were first being installed in homes, and cops didn't grasp it when someone called 911 and told them that they were watching criminals in their homes without physically being there. It took time for the idea of network-enabled cameras to penetrate to the point where everyone understood what they are.
Given time, the same thing will happen with Bluetooth trackers, and the police will automatically accept that your phone is showing where your stolen property is located. You'll even be able to share the location with them on their own smartphones.
Re: (Score:2)
You'd think most cops would understand GPS trackers since they use them all the time to track suspects vehicles. Airtags are different since they depend on other devices pinging them, but if you don't muddy the idea with the details they should be able to understand the concept.
Re:Always involve the police (Score:4, Interesting)
Here's how I'd have changed things.
1) Always install two airtags. The "decoy" one should also be the "lost" one, the one capable of making noise. The anti-theft one should be installed in a impossible to access without tools part of the thing it's attached to.
2) Contact police ASAP to trace it down ASAP, because the longer something is stolen, the less likely it will be found and still in one piece.
That used bike shop, was likely a chop shop. They probably sold pieces on eBay. That is (sad to say) where a lot of spare parts come from for anything smaller than a suitcase.
3) Record everything. It doesn't need to be a video recording, but if you're going to raid a business during daytime hours, you can be certain you'll run into interference, and if they threaten you, that's another thing that can be used as evidence.
I'm sure police would love to be able to bust a lot of low-hanging fruit. So be prepared to teach the police how the tracking tags work, and prove it's yours, by either producing serial numbers or usage logs or something that can't be created on the fly.
Re: (Score:2)
The police will need to be careful with AirTags. There is nothing stopping someone attaching their tag to your stuff and then claiming you stole it from them. Keep your receipts.
Re: (Score:3)
The bluetooth trackers only work because most people (including most cops and most criminals) aren't aware of them.
Once they become more well known, then criminals will routinely look for them and remove them. They may even start planting them on their enemies, or attach them to something that moves around to send people on a wild goose chase.
Re: (Score:2)
(Replying to remove incorrect moderation I accidentally left)
Re: (Score:1)
No, the ones that are funded better than ever but still won't do their FUCKING JOBS even when a guy comes in with the problem already solved.
They're incompetent and lazy. They didn't know about AirTags or any kind of tracking thing and sent him away and he had to beg them to come with him even though all they had to do was show up.
Don't know how to solve a simple problem, not interested in learning, happy to take all the credit for someone else's work. Yeah, tell me why we shouldn't defund those fuckwits.
Re: (Score:2)
Which police have been defunded?
Re: (Score:2)
Troll, but anyway, the NYPD budget was something over $5 billion-with-a-b dollars for 2020. All that funding, hardware, etc, and a citizen still has to basically beg them to come and help out with some GPS-tagged crime?
The funding isn't the problem. Or more accurately, it's not a problem of not enough money - it's a problem of money going to totally useless stuff that does dick to help the average citizen. The police (especially, it seems, the NYPD) fighting some ludicrous fantasy war in their own heads whe
Re: (Score:2)
NYPD funding details [cbcny.org].
It went from $10.5 billion to $10.2 billion in 2021, expected to increase again in 2022. The shortfall seems less due to politics and more due to decreased revenues due to Covid causing additional budget shortfalls.
If you wish, you could dig through the numbers and see what non-PD funding got cut as well. If my math is right, it looks like proportionally less of the NYPD budget was cut compared to other city expenditures.
Re: (Score:2)
> It went from $10.5 billion to $10.2 billion in 2021
And just to illustrate how insane that funding is:
https://sipri.org/sites/defaul... [sipri.org]
In the entirety of the rest of the world, there are only 23 *countries* that spend more than the NYPD's 2021 budget on their entire MILITARIES. If they go back to the $10.5B funding or higher, the NYPD will actually be better funded than a full-up nuclear power! So yeah... whether it's happened to any significant degree yet or not; there is a LOT of room in those numbe
A lot of people are doing this (Score:4, Interesting)
I've got AirTags hidden in both my cars as a "poor man's LoJack". The trick is to attach them to a strong circular neodymium magnet on the plastic (non-removable) side. That's where the internal speaker element is located. The magnet grips the element through the plastic and reduces the volume of the AirTag by ~ 40 dB without resorting to cracking open the case to disable the speaker. This makes it very unlikely that the thief would hear the AirTag over the normal noise of the car interior.
I use silicone tape to bind the magnet and AirTag together, then place them inside a small plastic container. The entire assembly can then be magnetically attached to any steel surface in the vehicle, i.e. inside the trunk, under a seat (my preference), or under the dash.
It works reasonably well. I get location pings from both vehicles every few minutes, either from someone walking or driving by my parked cars while carrying an iPhone. I can't track the AirTags on an continuous basis, but I am certain I could provide the police with a pretty good idea of the location if either vehicle was stolen.
I've shown this trick to several other people who have copied what I'm doing. It's not perfect, as a thief may still get an anti-stalking notification on his iPhone, so acting quickly after a theft is essential. But it is far superior to the Tile network in terms of coverage.
Re: (Score:2)
Personally, I'd probably resort to superglue/gorilla-glue/epoxy to make sure the air tag can't be removed. But I say this with the caveat, that you'll never replace the battery this way. So I'd only resort to this for things that are high-value theft targets, and probably use the magnet to disguise it.
Re: (Score:2)
This is why we need regulation for these things. Disabling the speaker needs to be a crime. Sorry but personal safety is more important than you having a cheap tracker for your car.
They should also work with any device, not just iPhones. Then there will be a good reason to build that functionality into Android and it will be able to detect AirTags and similar devices without the need for a dozen different apps. iPhones have stalker detection but to get it on Android you need a dedicated app.
Re:A lot of people are doing this (Score:5, Insightful)
This is why we need regulation for these things. Disabling the speaker needs to be a crime. Sorry but personal safety is more important than you having a cheap tracker for your car.
How does tracking a vehicle you own impact someone else's personal safety, especially a thief? They certainly have no expectation of privacy, and you can tell anyone you lend the car that it has an Airtag inside.
Re: (Score:2)
The speaker is there not only to help you find it, but to make sure you can't plant it on someone else without their knowledge.
The fact that it is easy to disable is a problem. If it was an open standard, and regulated, at least most phones would probably detect them without additional software.
Re: (Score:2)
The speaker is there not only to help you find it, but to make sure you can't plant it on someone else without their knowledge.
The fact that it is easy to disable is a problem. If it was an open standard, and regulated, at least most phones would probably detect them without additional software.
Fair enough. I can see where that would be a concern, but weigh it against the ability to track your personal property if it has been stolen without the thief's knowledge. As with most tech, it is neither good nor bad but how it is used.
One issue with being easily made aware of such a device nearby is if they become more widespread you'd get a bunch of notices that would get annoying, and eventually most people would turn off the feature.
In such a scenario, a fun bit of street art would be to get a hundred
Re: (Score:2)
The way it works right now is that if your phone noticed a tag that isn't yours that seems to be following you around for a while then it notifies you.
The problem is that it only works with iPhones, and with Android you you know to download a specific app. And of course every manufacturer has their own crappy app.
It could be a great system if it was properly regulated. The tech companies could get on top of it, e.g. Apple could open up their protocol.
Re: (Score:2)
when the Apple-manufactured public outrage campaign forces android to include child porn surveillance for everyone's own good, maybe they'll include this too if we're really lucky.
Re: (Score:2)
How does tracking a vehicle you own impact someone else's personal safety, especially a thief?
The personal safety issue isn't about tracking a vehicle you own. Apple put the speaker alert there to prevent other people from tracking you without your knowledge. Think about scenarios such as bad divorce, ex-from-hell, or any other form of stalker slipping an AirTag into your purse, backpack, or car.
Re: (Score:2)
How does tracking a vehicle you own impact someone else's personal safety, especially a thief?
The personal safety issue isn't about tracking a vehicle you own. Apple put the speaker alert there to prevent other people from tracking you without your knowledge. Think about scenarios such as bad divorce, ex-from-hell, or any other form of stalker slipping an AirTag into your purse, backpack, or car.
That's fine, but to regulate them and prevent legitimate clandestine tracking is a separate issue from misuse, IMHO.
Re: (Score:3)
My vehicle, my AirTag. My AirTag threatens no one's safety unless they decide to steal my car. And are you seriously arguing on Slashdot that I shouldn't have the right to modify any electronic device that I personally own?
If you think tracking technology is some brand-new threat, you've clearly missed out on Tile trackers, cel
Re: (Score:2)
This is why I'm saying it should be regulated, and regulation will be good for consumers.
At the moment you have half a dozen different networks, to detect them all you need half a dozen different apps. There are no standards for the radio stuff or for security and privacy.
It it was all compatible it would solve all the issues and give consumers more choice. It would make your dream of Bluetooth built into everything stealable a reality.
Re: (Score:2)
"Damn, I was gonna plant this tracker on that hot chick at the bar and find her house and rape her, but I don't want to break the law about disabling AirTag speakers!"
You're willing to completely revoke the right to modify your own physical property, which will absolutely not stop where you think the line is, and block all the lawful uses, on the basis that anybody ever would be deterred from other lawbreaking by
Re: (Score:2)
Revoke? There are lots of things you are not allowed to do to your property already.
Making boobie traps in your home, modifying your car in certain ways that make it dangerous or highly polluting etc.
Re: (Score:2)
And you can modify your car all you want, there's just laws concerning what can be operated on public roadways. Nothing stopping you from any mods then just using it on your own property. Let me guess, you think that's also the same as using a tracker outside your house?
Can you provide any examples at all that are actually comparable to what you're suggesting
Re: (Score:2)
I don't get it, why do you need to disable the speaker? If they chime at odd times because of some weird Apple feature, maybe you should use Tiles rather than Air tags.
David, you forgot how to do a spoiler alert. (Score:1)
Spoiler Alerts on the homepage should either be white-on-white or black-on-black effects, requiring the user to highlight the text in order to see the content. Think how to report the Olympics on AP Wire info, ahead of NBC's delayed broadcast.
Re: (Score:2)
No, the real spoiler hasn't been revealed yet: The security company CEO set up the whole thing for publicity. At least, I was halfway convinced if that when I just saw a summary saying that some dude used AirTags to track a stolen scooter. Reading that it's a security company CEO, I estimate that as much more likely.
Editors don't care (Score:2)
That's Dicedot for you. Their passive-aggressive sabotage of a once great site reflects their real attitude.
Dicedot turned to shit for a reason (those who came after the OG Slashdot should recuse yourselves as you've no idea how bad things really are).
After some convincing (Score:2)
Re: (Score:1)
He doesn't need to do anything special, hes a rich white dude.
Re: (Score:2)
How much does it cost to convince a police officer to enforce minor theft in New York? I think it would take $100 (or dirty knees) in my medium metropolis. New York bribes probably cost twice that much.
Yea, but once they saw a scooter store full of "used" scooters they probably got interested and he gave them probable cause to enter and investigate. They no doubt thought they might be on to a bigger arrest.
Make tracking devices illegal (Score:2)
That's the only way to make them proliferate. It worked for drugs. Please nanny, save us from anything that can be used for illegal purposes. Ban everything that can be used as a weapon. Anything fun must be banned.
Re: (Score:2)
And yet condoms are still legal. So go out and have some FUN!
Re: Make tracking devices illegal (Score:2)
Another /. advertisement for Apple (Score:2)
My experience w/ tracked thieves, cops, justice. (Score:5, Interesting)
When I was living in San Diego back around 2009, two people broke into my girlfriend's car (parked in my building's parking garage, downtown) and took about $500 of stuff. One of those things was a cell phone we kept in the car, with a GPS tracking app installed, to help her family keep track of where she was at. She frequently drove all over the county to provide vaccines to peoples' pets as an on-request, nonprofit service.
Since I was on the building's condo association, I had access to the security camera footage that showed the thieves. Once I saw that the stolen phone was being used, I put an extra $10 of credit on it to keep it useful to them. Next time it showed up on the tracking app a couple of days later, it was only a few blocks away. I called the police and asked them to join me in confronting the thieves, so I could hopefully get some of her things back. They declined. It wasn't until I told them I was on my way to confront the thieves on my own that they agreed to send a patrol car. I don't blame them, they are busy, but I felt it was okay to press the issue. Frustrating that it took that ultimatum to get them to help me out, though.
The thieves were sitting on a street corner near a local park, dressed in the same clothes they were wearing in the video. A young adult couple, probably homeless. They had a backpack with several of the stolen items (and some others) in it, including the stolen phone. One of them got some jail time, apparently. My girlfriend's most personally sentimental item (her CD collection) wasn't recovered. Probably pawned or something.
Re: (Score:3)
A funny fact from my home country: In case of property crimes in a private suit the victim can pay for coercive detention like "for every €10 of damage the victim can pay €20 to put the offender for one additional day under arrest IN ADDITION to any sentence by a criminal court.
A couple of years ago someone stole our garden gate (don't ask, that guy must have been an utter moron) worth around €1200. When he did not disclose the location of the gate we were opting to pay €2400 to put him
Re: (Score:2)
Wow! I've never heard of anything like that. Which country is that?
Re: (Score:2)
Parent used the Euro symbol "€" a number of times in his post, so he's probably talking about either Canada or Australia.
Re: (Score:2)
Stands to reason!
Re: My experience w/ tracked thieves, cops, justic (Score:2)
Re: (Score:2)
That sounds horrible, rich people with money to spare can just pay to keep people in jail because they feel like it while everyone else who can't afford it doesn't have access to that "justice".
Re: (Score:2)
Re: (Score:2)
Only poor people's belongings, rich folk can afford to keep them locked up. All this seems to do is shift crime onto the poor, and make justice a commodity that can buy bought.
Re: (Score:2)
If you think "justice" isn't ALREADY a commodity that can be bought, I have some bad news for you...
As usual, any story having anything to do with App (Score:2)
has horrible mis-encoded punctuation in it.
I cant beleve theirs are still such neanderthals (Score:1)
2005 wants its gadgets back (Score:2)
Seriously, such brainless glorification for a device I have used like 15 years ago?
Oh, I see: Apple Users. Welcome to the undiscovered country, immigrants.
Re: (Score:2)
You had a device that cost ~$29 USD, communicated via a vast network of global devices via NFC/Bluetooth thus saving battery usage and working for more than a year at a time, that could optionally report back to strangers how to get in touch with you, and included client software with directional finding that tells you precisely which direction and how far away your object is?
I had Tile trackers. They were not useful for me.
I worked on a school project in the early 2000s involving a cell modem, GPS, and tra
Re: (Score:2)
This is exactly what a lot of anti-Apple zealots don't understand, mostly because they keep thinking innovation equals invention.
For me, I had no intention of buying any Apple Airtag, but I keep seeing similar stories and so I'm going to buy a pack of three.
Not in California (Score:4, Interesting)
My friend had his Apple laptop and many other belonging stolen from his vehicle. (became very common now). That was thousands in value including cash, phone, and passports. What happened? He was able to locate the burglar by using Apple's cloud. And does the story have a happy ending? Sure... sorry, it was "nope".
He went to the location with police backup. It was a home, and the police politely knocked the door... and returned back without doing anything since there was no response. They needed a judge warrant to continue further, but for some reason could not help anymore. One should ask: how would my friend navigate the court system and Apple's attorneys to get a warrant, when the police already has the connections? Of course he could not, and had to give up his property, even though it would be very easy to retrieve.
I wish it had a better ending.
Re: (Score:2)
Any lawyer would have a warrant in 3 or 4 hours. Probably much quicker.
Re: (Score:2)
Tell your friend not to keep thousands of dollars worth of shit in his vehicle. This is n
Re: (Score:2)
If it was a laptop then it might not have even been the right house. I don't think Apple have ever made a laptop with GPS built in, not that it works all that well indoors. Location is done by wifi, and it's vague at best. Narrowing it down to one house, or especially one apartment, is beyond it's capability no matter how small the circle appears on the screen.
Maybe that's why the cops were not interested, they know that the system is unreliable enough that they won't be able to get a warrant or might even
That's good cybersecurity advice (Score:2)
Always have backups. That's good cybersecurity advice right there.
Totally Not Fabricated (Score:3)
Re: (Score:2)
On top of that, isn't the actual headline, "Apple Product Works as Designed" ?
He bought something whose very purpose is to locate itself, and it . . . located itself.
Gosh, how *brilliant* of him!
Next does he get credit for ordering a milkshake, or measuring that ice is cold?
hawk
Re: (Score:2)
On top of this, shouldn't the headline be, "Apple AirTag functions as designed?"
Gee, a device designed to track itself and broadcast its location was used to . . . track itself . . .
Next, maybe this guy should get credit for discovering that when you order a milkshake, you get handed a glass of thick cold liquid, or that ice is cold . . .
haw
fuck people (Score:2)
"An employee inside realizes we're investigating further. He immediately becomes agitated"
I wish he got more agie agie. Then he would've gotten cuffie wuffied by the po-po.
I'm sure it's obvious that I really despise people because of this kind of behavior, and congratulations to Guido for getting his e-scooter back.
Isn't the store guilty? (Score:2)