Bluetooth As a Laptop Sensor

Thieves are using Bluetooth phones to find Bluetooth-enabled laptops in parked cars, which they then steal.

Nice example of unintended security consequences of a new technology. And more evidence that new features need to be turned off by default.

Posted on August 22, 2005 at 1:20 PM • 37 Comments

Comments

DaedalaAugust 22, 2005 1:41 PM

This is, however, another argument against badly-implemented RFID tags on passports. (Yes, the argument has been made, but actual vs. theoretical is always helpful.)

pitAugust 22, 2005 2:08 PM

So these people leave their notebook on, when they go away?

Then the workaround would seem quite simple.

(Or does the phone sense the notebook's bluetooth even when notebook is turned off?)

crash2snowAugust 22, 2005 2:28 PM

Yes, as far as I know, Bluetooth-enabled laptops are always on, even if they are asleep. When they receive a signal, they wake up to acknowledge it.

Correct me if I am wrong.

Ben SmythAugust 22, 2005 2:31 PM

Surely you can disable wake on bluetooth (WOB?) in the same way you can disable wake on LAN.

@Bruce, ``turning off by default" eliminates the benefits of technology...

Tom ChivertonAugust 22, 2005 2:42 PM

@Ben Smyth:
There are no 'benefits of technology' to allowing people I don't know to connect to my computer without asking me first.

Nicholas WeaverAugust 22, 2005 2:42 PM

I remember hearing this as a big problem at Disneyland somewhere (primary theft from their huge parking structure), but I can't find the source.

Tim VailAugust 22, 2005 3:10 PM

@Ben Smyth

Not really. The operative idea is that lot of times people do not know what technology they have on, and aren't using it. So, there is no benefit to be seen if you aren't using it in the first place.

No benefit, and all the downfalls of it -- not a good situation to be in, is it?

Ben SmythAugust 22, 2005 3:30 PM

@Tom & Tim,

Having bluetooth enabled on my PC and mobile allows my phone to be backed up without the need to do anything. If I had to enable bluetooth everytime I wanted to do a backup, I would end up not bothering, it would require too much hassle.

My point is, it should be possible for bluetooth to be enabled (and secure) at all times.

GregAugust 22, 2005 3:46 PM

This was my first crit of bluetooth... Too open. But then thats the idea, that they can "all" [any bluetooth thingy] connect. If you care about the data on the laptop, i would be not be using wireless, and not windows, where you are at the whim of the vendors drivers. Or i would have a convenance laptop with nothing to sensitive on it and have any wireless tech i felt like using.

Of course i have left out theft.....Well, i would not leave the laptop in the car.

Greg

Matt BrubeckAugust 22, 2005 4:29 PM

Ben Smyth:

Perhaps it should be possible for bluetooth to be enabled at all times, but you should have to explicitly request this. (This can be a one-time operation; you don't need to repeat the request every time you use the feature.) It definitely shouldn't be running "out of the box," when the user hasn't requested it and might not even be aware it exists.

(Just like my computer has an SSH server always running, but I had to specifically enable this when I first set it up.)

Francois KashyAugust 22, 2005 4:34 PM

Sounds like this technique only works because the laptops can be distinguished by their Bluetooth signal. If Bluetooth becomes more ubiquitous, it will be harder to tell a laptop from, say, a cell phone, or PDA, or even the vehicle console itself.

Maybe car alarms should include false Bluetooth signals as "bait". I've heard of "bait" cars being set out by police to catch thieves, these vehicles should include Bluetooth signals. Would it be possible, or practical, just to have Bluetooth signaling devices - perhaps with intermittent signals - embedded in all the parking spaces?

BTAugust 22, 2005 5:00 PM

"Sounds like this technique only works because the laptops can be distinguished by their Bluetooth signal."

This makes the point very well. There aren't enough bluetooth devices providing signals. As a result, one can be relatively assured that the presence of a bluetooth signal, and the shorter signal distance, means there is some potentially valuable device is providing that bluetooth signal in close proximity.

another_bruceAugust 22, 2005 5:01 PM

so i left the bluetooth laptop on, see, and put it in a shopping bag in the luggage bay under the back seat, then parked in the darkest corner of the structure and walked away.
also in the luggage bay, that big ole rattlesnake i bought from the snake wrangler, who also cut off his rattles at my request.
i've got a baby monitor in the front console. i'm chillin with my buds a quarter mile away and waiting for this baby to scream.

JarrodAugust 22, 2005 5:06 PM

This is expressly the reason that I refuse to use Bluetooth on any of my systems (and I'm hesitant to use anything wireless), and why when I ordered a laptop for my mother, I strongly recommended not getting Bluetooth. I don't trust the technology, and unlike 802.11, there seems to be little effort being undertaken to improve things.

Ben SmythAugust 22, 2005 5:10 PM

@Matt,

That's a valid point - all the mobile phones I have owned have been like this.

You feel (reasonable) secure running SSH, would you feel the same with bluetooth? If not, why not? And why should this even be an issue...

GilAugust 22, 2005 5:20 PM

This doesn't make sense. Yes, you have found a bluetooth signal.. within 32 feet. Do you break into 4-5 trunks to find the device? Isn't this riskier? More crimes, more chances of getting caught. Or one would think.

Francois KashyAugust 22, 2005 5:24 PM

@Gil:
It sounds like because the signal is relatively unique, one should be able to triangulate.

Davi OttenheimerAugust 22, 2005 5:52 PM

The "always-on discoverability" of Bluetooth is said to be going away in the next spec that may be out as early as next year. I have not seen any laptops with this feature, just PDAs and phones. Does anyone know of a laptop that has discoverability? The Sony PCG-TR doesn't seem to have it, but it's listed in the article, no?

This sentence made me think that the Police might have just been speculating, since it seems to me that they do not yet have proof of Bluetooth being the mode of detection, just a hunch: "Last month a spate of thefts from cars were put down to thieves using their phones to find laptops after three laptops were stolen from cars parked in neighbouring bays at the Holiday Inn..."

Cars in neighboring bays at one hotel parking-lot is not exactly a random sample that demonstrates Bluetooth as the culprit. I mean the police could have also reached the opposite conclusion since the cars were perhaps at an obvious business-traveller location with tight clusters of expensive cars parked overnight with expensive Bluetooth-enabled electronics, such as Audi A6s. I would be more inclined to fault Bluetooth if thieves attacked apparently random cars around a lot where the only thing they had in common was Bluetooth.

Dror HarariAugust 22, 2005 6:28 PM

I have an IBM ThinkPak and it has Bluetooth turned on - when I send it to standby it sleeps well and receives no signals and is not discoverable by other devices (and I could not find a wakeup on bluetooth either, though I might have missed it somewhere.

The bluetooth settings have an option (default off AFAIK):
>>>>>>>>>>>>>
Discovery
To allow Bluetooth devices to find this computer select the following box:
x Turn discovery On
!!! To protect your privacy, turn on discovery only when you want a bluetooth device to find your computer.
<<<<<<<<<<<<<

I think this story is fishy - bluetooth consumes power - why would people have it on when the machine is asleep? Why would manufacturers make this the default if it noticably reduces the battery time?

Ann OnymousAugust 22, 2005 7:06 PM

How about a hidden Bluetooth-emitting camera mounted in the trunk that snaps a picture when the trunk is opened.

Gotcha.

woodyAugust 22, 2005 7:39 PM

My powerbook (running osx 10.3) can be setup with multiple bluetooth options. It has options to make it discoverable, to wake on bluetooth, to require authentication, etc. I no longer remember the defaults.

However, with this set of options, it should be pretty easy to make a laptop invisible to thieves, and yet still useful as intended.

Bob MonsourAugust 22, 2005 9:03 PM

Just checked my laptop (Apple PowerBook) and, while I had been using a bluetooth mouse/keyboard, I haven't used them in some months. I opened my System Prefs to find that my laptop had its "let this computer be discoverable by other bluetooth devices" bit turned on. I have since turned that off as well as the bluetooth itself. This may change if I ever get a BT phone, but for now, I'd rather not be "discovered".

Thanks for the note Bruce.

JariAugust 23, 2005 3:15 AM

The criminals gave me a good idea: a keyring with bluetooth device that would beep and flash leds when it is discovered by another BT device. No more lost keys!

DarkFireAugust 23, 2005 6:13 AM

I was under the impression that "BlueTooth" is merely the technology that facilitates RF comms between any suitable devices. Surely this can be upgraded:

1) Encrypt the data stream so that even if it's intercepted the resulting signal would not be useful.

2) Give laptops the facility to make themselves invisble to blootooth, the same way that phones can.

brianAugust 23, 2005 4:18 PM

on a powerbook, bluetooth is listening *during sleep* by default i think, because you can use your bluetooth mouse or keyboard to wake from sleep.

Jason CarreiroAugust 23, 2005 7:37 PM

Brian is correct. On my PowerBook, the default Bluetooth settings were "Discoverable" and "Wake-on-Bluetooth" -- the latter so that a Bluetooth keyboard or mouse can wake the computer up after it has gone to sleep.

It seems that it might be wise to shut off the Bluetooth functionality of your laptop comptuer, if you intend to leave it unattended in a car for a long period of time.

MikeGAugust 23, 2005 7:58 PM

They were probably just observing people who drive around with their laptops inside the car and then hide them in the car under something or lock them in the trunk when they park.

If I know I'm going to have to leave the laptop in the trunk somewhere, I put it there before I arrive.

MitchTAugust 23, 2005 8:30 PM

I just tried to scan for my laptop with bluetooth ON and not discoverable. With allow bluetooth devices to wake the computer. I got nothing.

Besides, pull the battery out if you are paranoid about this. No battery, no power. No power, no bluetooth.

As always there is always a simple solution to this problem. Which I can't replicate at all with my laptop/cell phone.

DarkFireAugust 24, 2005 9:05 AM

On a simmilar but connected subject - I heard a few months ago that thieves have been using a tool that passively discovers pipes & wires in walls to discover laptops in vehicles.

I'm unsure if this is true but apparently the pipe-finder can form some sort of tuned circuit with a bluetooth aerial, thus alerting the thief to the fact that the laptop or mobile phone is in the car.

Anyone know if this is even possible? I must say I;'m rather skeptical...

Alison ScottAugust 24, 2005 3:04 PM

I'm not saying it's not possible, nor that it wouldn't be a good idea to turn bluetooth off on portable gadgets before leaving them unattended.

But I've now seen this reported twice (Cambridge & South Manchester). Neither report included any evidence at all apart from police speculation. Occam's razor suggests that thieves are *watching* car parks, or picking likely looking cars. The South Manchester report included the hysterical suggestion that "if you leave a laptop locked in your car in Chorlton, it is likely to get stolen", which probably overestimates the incidence of laptop theft from cars tenthousandfold.

A corollary here is with bike theft. 90% of all known bike locks can be picked with a ballpoint pen. This has been widely known to thieves for decades, and widely known to Internet users for a year or so. Do most bike thefts occur this way, despite it being a trivial technique for stealing bikes? No, not in London, anyway. Are laptops secured in offices with insecure Kensington locks routinely stolen? Nope.

DarkFireAugust 25, 2005 3:18 AM

Alison - sounds about right. I'm far more prepared to believe that the average thief is likely to watch for likely targets rather than use a more sophisticated technique...

moimemeNovember 1, 2005 2:09 PM

do they find laptop with some gadget like WiFi Hotspot Finder Wireless Locator seeker?

Product Description:

Have a labtop? Travel with it? Ever wish you could quickly and easily find a hot spot for wireless internet connections? Whether you are in an airport, another office, coffee shops, bookstores, restaurants or even at home, without having to boot-up your labtop, the Wi-Fi/Hotspot Finder will fine the strongest wireless (802.11 B/G) signal quickly!

Product Specification:

Detects 802.11B and 802.11G
One of the smallest Wi-Fi/Hotspot Finder and weight less then 1 once
Range 300ft
Four Super bright LEDs lingts indicate relative signal strength
Easy to attach to key chain
Uses 2 CR2032 replaceable button cell batteries (Included)
Dimensions: 6.7 x 3.2 x 1 cm


if yes, its just to easy, NEVER leave your laptop in car!

Black SmithApril 9, 2007 5:47 AM

hi
nice example and information of Bluetooth As a Laptop Sensor
for more information visit at : http:www.aladdinsfuture.com

mushliJune 21, 2007 8:00 PM

MACN ELECTRONIC STORE
We are an Legit and fully registerd electronics COMPANY dealing with the exportation OF : LAPTOPS / TELEVISION SETS (PLASMA / LCD
TV S), etc.WE sell our items globally on the world market with a one year warranty,buy two get one free,and they Brand new ,within
genuine product boxes, composed of all accesories and manuals WE can effect the Delivery of all orders in 48hrs THROUGH FEDEX AND DHL ..

If interested mail us at:mushli10@berlin.com
mushli10@myway.com
mushli10@30gigs.com

LAPTOPS
Sony VAIO Core Duo 17 in. Notebook.................$1100usd
Sony VAIO FJ270/B Intel Pentium M 750 1.86.........$ 700usd
Sony VAIO BX540BW6 Intel Pentium M 780.............$1500usd
Sony VAIO BX540BW7 Intel Pentium M 740.............$1000usd
Toshiba Satellite A105-S2021 Intel Celeron.........$ 750usd
Toshiba Satellite A105-S4001 Intel Core............$ 800usd
Toshiba Satellite M55-S331 Intel Pentium M.........$ 700usd
Toshiba Satellite A105-S2712 Intel Pentium.........$ 850usd
Dell Latitude C640 Laptop Computer.................$ 500usd
Dell Latitude D400 Intel Pentium M 1.3 GHz.........$ 380usd
Dell Inspiron 710m Notebook........................$ 550usd
Dell Business XPS M1210 Core Duo Notebook..........$1000usd
Dell Inspiron B130 DNDWDA3 Pentium M 735...........$ 650usd
Panasonic Toughbook 51 Intel Core Duo..............$1300usd
Panasonic Toughbook 29 Intel Pentium M 778.........$3000usd
Panasonic Toughbook Y4 Intel Pentium M 778.........$1400usd
Samsung Ultra Intel Celeron M 353 900MHz ..........$ 850usd
Gateway NX860X.....................................$1200usd
Gateway NX510X.....................................$ 700usd
Acer Aspire Intel Core 2 Duo T5500 1.66GHz 15.4 in Notebook
.................$900usd
Acer Turion 64 1.8GHz 512M 80GB DVDRW 15.4'' WXGA XP...............$600usd
Acer Pentium M 1.73GHz 512MB 80GB DL-DVDRW 14.1'' WXGA
XPP..............$500usd
Acer Centrino 1.73GHz 512MB 80GB DVDRW 15.4 w/XP Hom..............$650usd
Acer Centrino 1.73GHz 512MB 80GB DVDRW 15.4 w/XP Home.............$800usd
Toshiba Celeron M 1.46GHz 1GB 100GB CDRW/DVD 14.1'' XP
MC...............$560usd
Averatec Turion 64 X2 TL-50 1GB 100GB DVDRW 17''WXGA XP
MCE..............$730usd
Fujitsu Centrino Duo 1.66GHz 512MB 100GB DVDRW 15.4'' XP
MCE..............$680usd
Fujitsu Centrino Duo 1.66GHz 512MB 100GB DVDRW 15.4'' XP
MCE..............$500usd
Acer Aspire Centrino 1.73GHz 2GB 120GB DVDRW 17'' WXGA
XP...............$800usd


TELEVISIONS
Samsung LNS4051D 40 in Flat Panel LCD TV...........$ 950usd
Samsung LN-S4051D 40' - widescreen LCD TV..........$1000usd
Samsung LN-S3251D 32 in LCD TV.....................$ 650usd
Samsung HL-S6187W 61 in TV.........................$1200usd
Samsung HP-S5053 50 in Plasma TV...................$1100usd
Samsung LN-S4695D 46 in LCD TV.....................$1300usd
Toshiba 42HP66 42 inch LCD Television..............$ 900usd
Toshiba 42HL196 REGZA 1080p LCD TV.................$1000usd
Toshiba 32HL66 32 inch LCD Television..............$ 650usd
Toshiba 37HL66 37" LCD Television..................$ 800usd
Toshiba 47LX196 47 inch LCD Television.............$1200usd
Sony KDF-55E2000 50 inch LCD TV....................$ 950usd
Sony KDL-46XBR2 46 inch LCD Television.............$1800usd
Sony KDL-32S2010 32 inch LCD Television............$ 800usd
Sony WEGA LCD TV...................................$1400usd
Sony BRAVIA KDL-32S2000 32" - widescreen LCD TV....$ 920usd
Sony BRAVIA KDL-40S2000 40" - widescreen LCD TV....$1200usd
Sony BRAVIA KDL-46S2000 46' - widescreen LCD TV....$1400usd
ViewSonic NextVision N2751W 27'- widescreen LCD TV.$ 500usd
Panasonic TH 50PX60U 50" - widescreen Plasma panel with TV
tuner......$1250usd
Panasonic TH 42PX60U 42' - widescreen Plasma panel with TV
tuner......$1050usd
Panasonic TC 32LX60 VIERA 32' - widescreen LCD TV.........$820usd
Panasonic TC-26LX60 26 inch LCD Television.........$ 700usd
Panasonic TC-23LX60 LCD TV.........................$ 550usd
Panasonic TC 26LX600 VIERA 26......................$ 650usd
Panasonic TC 32LX60 VIERA 32.......................$ 800usd
Panasonic TC 32LX600 VIERA 32......................$ 750usd
Sharp LC57D90U 57" - widescreen LCD TV.............$3000usd
Sharp LC 20B8US 20" LCD TV.........................$ 300usd
Sharp LC32DA5U 32" - widescreen LCD TV.............$ 780usd
Sharp LC32D41U 32 inch LCD Television..............$ 600usd
SHARP LC-15SH6U 15-IN. AQUOS LCD TV................$ 300usd
Sharp 26SH10U 26 " LCD TV......................$ 400usd
Sharp Aquos LC 20S5U 20" LCD TV....................$ 350usd
Sharp LC-37D90U 37" - widescreen LCD TV............$1200usd
Sharp AQUOS LC-37D40U 37 inch LCD Television.......$ 900usd
Sharp LC-37D90U 37" - widescreen LCD TV............$1300usd

if interested mail us at:mushli10@berlin.com
mushli10@myway.com
mushli10@30gigs.com

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..