Car Thieves Using AirTags

Laura Nicolle (via MacRumors, Hacker News, Reddit):

Since September 2021, officers have investigated five incidents where suspects have placed small tracking devices on high-end vehicles so they can later locate and steal them. Brand name ‘air tags’ are placed in out-of-sight areas of the target vehicles when they are parked in public places like malls or parking lots. Thieves then track the targeted vehicles to the victim’s residence, where they are stolen from the driveway.

Thieves typically use tools like screwdrivers to enter the vehicles through the driver or passenger door, while ensuring not to set off alarms. Once inside, an electronic device, typically used by mechanics to reprogram the factory setting, is connected to the onboard diagnostics port below the dashboard and programs the vehicle to accept a key the thieves have brought with them.

Dan Moren:

In theory, Apple has measures in place to alert people when an AirTag that doesn’t belong to them is found at their location, but even after the company revised how those alerts work it seems that they may not be enough. In June, the company also said that it would build an app for Android phones to detect AirTags and release it “later this year,” but that’s still in the offing.

Previously:

• AirTag Bug Enables “Good Samaritan” Attack
• AirTag

Update (2021-12-13): Dave Mark:

Of all the suggestions on protecting your vehicle, this seems the best suggestion:

Install a lock on the data port. This simple device can be purchased online and blocks access to the computer port where the thieves gain access to reprogram the vehicle’s keys.

Here’s a video that talks about the OBD port (the data port called out above) and one device in particular you can use to lock the port.

Personally, I think an OBD lock is far more convenient than a steering wheel lock, since you only need to remove the lock when you need to access the port (for service, say).

Update (2021-12-21): Juli Clover:

According to a Fox 2 Detroit report, Nelson visited the Great Lakes Crossing shopping center in Auburn Hills, where he spent about two hours. After departing, he got a notification on his phone that informed him he was being tracked by an unknown AirTag.

Nelson was able to tap on the notification, and his iPhone provided him with the option to play a sound on the AirTag, which is one of the safety features that Apple has made available in addition to the tracking notifications. Following the sound the AirTag emitted, Nelson found it under the drain cap in the trunk of his car, which had required the thieves to unscrew the cap and place it inside.

Update (2022-01-03): See also: Ryan Mac and Kashmir Hill, John Gruber, Bruce Schneier.

Update (2024-04-01): Christopher Boyd:

Researchers demonstrated how this compromise of the keyless system works in practice. Though light on details, Bloomberg mentions it is a relay attack. This is a fairly common method used by people in the car research realm to try and pop locks.

Juli Clover:

Thieves in Montreal, Canada have been using Apple’s AirTags to facilitate vehicle theft, according to a report from Vermont news sites WCAX and NBC5 (via 9to5Mac). Police officers in Burlington, Vermont have issued a warning about AirTags for drivers who recently visited Canada.

AirTag Android Car iOS iOS 15 Security

Microsoft Directing Users Away From Chrome

Sayan Sen (Hacker News):

In the latest related news, when someone is trying to download Google Chrome from Edge, Microsoft seems to be reminding such users with a popup (image below) that its own browser is built upon the same (Chromium) technology as Chrome, suggesting that there’s no need for a new browser.

So far it’s somewhat fine since there is no lie in that part. However, the prompt also appears to suggest that Edge itself is more secure than Chrome as part of the prompt says “with the added trust of Microsoft”.

Nick Heer:

This is a case of Microsoft using its own platform to steer users away from a competing product when it is likely they have navigated to that competitors’ page deliberately. What’s next? Maybe Microsoft could direct users to the Surface marketing site when they try to buy an iPad.

Previously:

• Microsoft Blocks EdgeDeflector to Force Windows Users Into Edge
• Firefox Is the 45th Result When Searching for “Firefox” on Windows Store

Google Chrome Microsoft Edge Windows Windows 11

Triple Tap to Capture From OmniFocus

Tyler Hall:

At any time, from any app, whenever I need to remember something, I can tap the back of my phone three times. An input dialog will appear, wait for me to type in what I need to do, and file away those items into OmniFocus for later.

What I like about this shortcut is that I don’t have to leave the app that I’m in. After dismissing the prompt, I’m right back where I started. Unfortunately, I still find that Back Tap only works about 3/4 of the time. I keep thinking I’ve finally mastered the timing, but then it will do nothing five times in a row.

Previously:

• iOS 14 Hidden Features

iOS iOS 15 iPhone OmniFocus Shortcuts

M1 Mac Mini EC2 Preview

Amazon (MacRumors, Hacker News):

The availability (in preview) of EC2 M1 Mac instances lets you access machines built around the Apple-designed M1 System on Chip (SoC). If you are a Mac developer and re-architecting your apps to natively support Macs with Apple silicon, you may now build and test your apps and take advantage of all the benefits of AWS. Developers building for iPhone, iPad, Apple Watch, and Apple TV will also benefit from faster builds. EC2 M1 Mac instances deliver up to 60% better price performance over the x86-based EC2 Mac instances for iPhone and Mac app build workloads.

[…]

In the two preview Regions, the on-demand price is $0.6498 per hour.

However, due to Apple’s licensing restrictions, you need to rent for at least 24 hours at a time.

Previously:

• Official macOS Hosting and Amazon EC2

Amazon EC2 Apple M1 Mac Mac mini macOS 12 Monterey