This article title is FUD and the EFF is doing themselves a disservice in publishing this.
The GPS tracking device had absolutely no connection to the individual being an EFF supporter, and was in fact entirely benign (if unknown to the vehicle owner).
What we need from the EFF: a serious discussion about anti-theft vehicle tracking and privacy (e.g. a list of brands/dealerships installing these devices, how/where to find them, how to disable them, which anti-theft GPS brands don't sell your ___location data)
What we got: someone at the EFF learns about UART, called a car dealership, and wrote a clickbait title
If you want to read FUD into it, you can, but the fact is that (a) a person found a GPS tracker in her car and (b) she is an EFF supporter, which led her to contact them and get it examined. So the title is entirely justified, if a bit clickbaity. But to then say they should have refrained from publishing the article is exaggerated. Actually I was glad I read it and appalled that it seems to be routine for car dealerships to install GPS trackers in the cars of their customers without telling them. If the "clickbaity" title helps in getting more people to read the article and raising awareness of this issue, I say it's better than other clickbait articles that just try to increase some shady website's ad revenue.
> But to then say they should have refrained from publishing the article is exaggerated.
The article as-written provides almost no useful information apart from an anecdote about one person finding a GPS tracking device in their car and contacting the EFF.
> Given how many people have been surprised to find this specific GPS tracker in their cars (as mentioned above) it’s possible that many car dealerships are installing these devices without proper customer notification.
One person is mentioned in the article. If the EFF knows how widespread the installation of this tracking device is, why isn't this discussed? How many car dealerships did the EFF contact to find out if they install such devices?
All the useful questions at the bottom of the article are unanswered:
> Is the sky-link GPS device still sending ___location data back to a Sky Link server? If so, could it be accessed by an employee, or someone who activates the device in the future?
Writing an article about a single individual who was not targeted: FUD
Writing an article about how many cars these devices are installed in, what data they transmit, who the provider(s) sell your ___location data to: useful for privacy and policy discussions
> FUD is fear uncertainty and doubt, they did the exact opposite. Dispelled the FUD with an investigation. And then published it.
Please point out the original FUD the EFF is refuting in this article.
Their title is sensationalist, a more accurate title would be, IMO, "a car dealership installed a third-party GPS tracking device in a vehicle" but anything more is a stretch because they have n=1 here. But you can see my proposed title is certainly less interesting than their portrayal.
> You can't write an article about something you haven't done.
Yes, and my point is that they are the EFF, not hackaday. The article does not inform the reader of how common GPS trackers are in vehicles, or what privacy implications they have, because the EFF just took the lack of a response from the sole vendor they contacted and went ¯\_(ツ)_/¯
I would expect an organization that's supposed to advocate for privacy issues and carries clout to have covered at least some of the privacy concerns in more depth. FFS, they couldn't even establish if the device is still (or ever was) transmitting the car's ___location.
Geolocating cars is not new or novel, OnStar (GM) has had this capability for ~20 years now. [1] If the EFF wants to raise awareness about the privacy issues of vehicle ___location technology, they could have easily picked a more common case.
I interpreted it as the author and car owner had fear uncertainty and doubt, about what the tracker was for. As we probably all did when clicking the title.
And they dispelled it.
The case they investigated was one that came to them, from one of their own, they explain that.
Research costs time and money.
I don't think you should _expect_ that donors money is spent, when after investigating this isolated case, nothing too nefarious was found. As you say, geolocating vehicles is not new or novel.
It's a good write up of the work that was done, and the thought process, engaging and short, and as I mentioned above, you don't always want a spoiler in the title.
> I interpreted it as the author and car owner had fear uncertainty and doubt, about what the tracker was for.
Something between two private individuals, which was resolved through the subsequent investigation. No need to write an article about this.
> As we probably all did when clicking the title.
FUD is generally a strategy to influence perception by disseminating negative and dubious or false information and a manifestation of the appeal to fear. [1]
> you don't always want a spoiler in the title.
The GPS tracker is not mysterious (they identified the source and likely purpose), and the individual's support for the EFF did not contribute to the presence of the GPS tracker in their car.
Could you clarify how the title accurately reflects the situation in light of this?
Are you broadly suggesting there should be rules for what type of articles can be written on the internet (presumably that align with your values)?
Are you suggesting that EFF should not have written this article (because of the $/time cost?)? And that it's okay if someone else wrote the article?
Are you suggesting that EFF should not have done the investigation in the first place, because of the $/time cost?
As an EFF supporter myself, I enjoyed the article. I liked the walkthrough of the investigation, and all the steps they used to deduce the source of the tracker. It was interesting on its face, and also educates on a methodology for making deductions for other things.
> Are you broadly suggesting there should be rules for what type of articles can be written on the internet (presumably that align with your values)?
Yes, the EFF should not be promoting FUD.
As I have stated several times in my comments, if the EFF had chosen a less sensationalist title, there would be no grounds to label this as FUD.
> And that it's okay if someone else wrote the article?
Yes, if someone had written such an article for their personal blog, or as a private individual on a site like hackaday, then it wouldn't have the endorsement of the EFF.
> Are you suggesting that EFF should not have done the investigation in the first place
No, however their choice to pulicize an otherwise unnoteworthy event was in my opinion, an extremely poor choice.
> As an EFF supporter myself, I enjoyed the article. I liked the walkthrough of the investigation, and all the steps they used to deduce the source of the tracker. It was interesting on its face, and also educates on a methodology for making deductions for other things.
That's fine, and I'm not here saying "the EFF should not be doing this" I feel I've been very consistent in saying:
* the title is sensationalist and this is bad for the EFF's credibility
* the methods in the article are very amateur, a more detailed investigation and/or a discussion about the privacy and legality of vehicle tracking would have been much more in keeping with the EFF's stated mission
I think it is within their remit to discuss such issues.
I enjoyed reading it, I feel it received quite a harsh critique for a short article that was well written and engaging.
If the goal was to get people thinking about the privacy implications, it worked. Here we are talking about it on HN.
With the suggested title "a car dealership installed a third-party GPS tracking device in a vehicle" I doubt I would have read it. If it hadn't been by the EFF I doubt I would have considered the privacy implications.
I don’t call a GPS tracker installed in a car without the owner’s knowledge or permission, and where it’s still unknown if it is now or ever has been or could later be activated (again perhaps without the owner’s knowledge) to send the car’s ___location to a third party “entirely benign”.
I call that extremely worrying! I’d want to remove any such device from my car immediately.
Re: vehicle tracking and privacy standard in 2024, by U.S. law, is going to be pervasive tracking. It will include driver behavior analysis, perspiration and respiration sensors, and have intervention capabilities. This is all in HR 3684 Section 24220.
I think your comment is also a bit too harsh. The headline seems to indicate that an EFF member is being tracked, but it doesn't actually make that allegation, it just states a fact and the article explains how they found out it's probably benign.
If it's just an irrelevant fact, don't put it in the title. In reality, the fact that we talk about an EFF member here should barely be mentioned at all as it's just an explanation on how the device was identified, but has no bearing on why it was installed, how it works, what's it's purpose etc, which is the real point of the article.
Title should make a reasonable effort to summarise the content and allegation of the article. It's not the case here.
I believe this speaks more about yourself than EFF. You are judging a 79-employee non-profit based on a single article from one of them.
There's also the fact that the article did not cheat in any way, but reflected one's mindset while discovering such an issue. A bit of trickery, sure, but what's life without plot twists?
No, I'm not judging them, I just said my view of them took a tumble. When I feel tricked, I lose trust in whoever tricked me. And negative trust is often lasting. It's hard to gain trust and very easy to lose it.
BUT: I didn't read the whole article. I read kogepathic's comment first, which gave away the twist and framed the headline as clickbait, and I went along with that. But I now see it's as you say. Lesson learned.
I definitely don't think that writing an intriguing headline and delivering on it with a satisfying story counts as clickbait. Clickbait is something that fails to deliver at all, not something that delivers in a way you didn’t expect.
The dealer even added a $250 fee to "remove" this device, but I found it was still installed, so I think I ended up footing the bill for the device itself.
The device is ostensibly to protect inventory from loss, but it seems like they are incentivizing dealers to leave these in cars to capture ___location data, for whatever reason.
Is that legal? Its one thing to have a tracker installed and bury the notification in the terms and conditions, it's another entirely to charge someone to remove the tracker and then track them surreptitiously with it. At very least I feel like they owe you $250 for services not rendered.
It's not. It's fraud. If you pursue this in small claims court, make sure to include the paid equivalent of time off from work you needed to deal with the matter.
The car dealerships put these things on cars in the event that you finance through them. They are able to make you pay for the device they use to track down vehicles they want to repo. Since they splice into the harness and it takes time to get back in there its actually more problematic to remove than to just leave it. You're paying for it, one way or another.
Depends on the place, most that I've ever dealt with were spliced into the harness. You got off lucky if they went the extra mile and used the less intrusive option. Those aren't as common.
They're normally wired in somewhere behind the glovebox or steering column, and can be pretty hard to find.
I had one on a car I bought, and it kept draining the car battery whenever I left it more than a few days. I wasted many hours buying new batteries, testing alternators, and tracking down leakage currents before finding it consuming nearly a watt continuously.
1 watt. So about 0.1 amps. But the car had a 30 amp-hour battery, so after 10 days the battery is fully drained. And lead acid batteries don't like being fully drained more than once or twice, so after a month or two, you have to buy a new battery. And the process repeats...
This happens even if you drive the car every day. Since a full charge of a lead acid battery is 12+ hours, if you only drive the car half an hour per day, then each day you are discharging more than you charge.
Do they split the OBD signal behind the glovebox or the steering column? If so, then I imagine they're much harder to find. But if they do it on the actual OBD2 port, then I imagine they would be rather easy to spot?
Connected to the OBD port with an OBD splitter to make it look like there was nothing installed there. They didn’t secure it well though, so I saw it dangling by the brake pedal.
Is that necessarily to “make sure there was nothing installed there”? Or could it be that they needed to keep the OBD port open for normal service purposes?
Yes, for the marketed use case of "put these on the cars in your lot for theft prevention", you obviously want them to be invisible.
But Honda already has telematics in these cars in the infotainment system, and it would be trivial to add anti-theft to the existing system. It all just feels a bit.. fishy.
> Is the sky-link GPS device still sending ___location data back to a Sky Link server?
As someone who used to work in that industry, no, it's not sending ___location data. You don't activate the SIM until you have someone who is going to pay for the service, otherwise you're losing money for no reason.
We'd get that question often though, someone activating a device hoping they'd be able to see everywhere it was for the last month.
Still not clear. GPS can work without a SIM. Is the device logging locally when the SIM is not activated or not?
If it is then we have a concealed tracking device that can be used against the interests of the car owner at any time. It just happened that EFF didn't have the know-how to extract the logs.
Great question, and yes, some of the better devices implement a small buffer so may be able to keep a day or even two in memory while they're out of cell coverage. If you activate the SIM you might get a small data dump.
GPS doesn't need a SIM, and indeed the devices will have a fix all the time whether activated or not. They do require cell service to send their updates anywhere. They're all simple GPS receivers, not transmitters, thus require an active SIM.
Seeing AT commandes described as the "way that humans and machines can interact with a cellular modem" made me feel old because they didn't just say "remember AT commands from manually driving your Hayes 9600baud dial up modem?"
I remember when the Hayes command set started to become the standard, because for a while you could get on a group chat on a BBS and press +++ATH to make the outbound modems hang everyone up. I think there was an AT command to remap that pattern, but it wasn't adopted by all the BBS software right away.
Edit: To clarify, before then you would have something like a 300 baud modem that didn't have an out-of-band command set, so you would dial the number on your phone and flick a switch on the modem to make it connect and everything would be sent to the other side verbatim. The "+++" is the escape sequence you send to a Hayes modem to break it into command mode, the "AT" is the prefix for the command (attention?), and "H" means "hang up". IIRC, puritans would say "ATH0" because the "0" represents some particular state to hang up to, but it's the same as "ATH".
The DC Hayes Micromodem II for the Apple ][ had its own weird command codes using control characters, with ^A at the "attention" command.
IN#3 (Apple ][ command to hook input from slot #3)
^A ^F (modem command to set full duplex)
^A ^Q (modem command to pulse dial the following number)
^A ^Z (modem command to hang up)
Later on once the Hayes AT command set took over and BBSs became popular in the 80's, there was a flat $25/month subscription service called "PC Pursuit" that had banks of modems in different cities connected by a network, which you could dial up locally, then connect over the network to another modem, and dial out to a local BBS system. It was a subsidiary of Telenet, which spun off from BBN, and later was a subsidiary of U.S. Sprint.
There was a fun game you could play called "PC Roulette", in which you first connected to a remote modem with the PCP command, then issued the command "A/" directly to the modem, to redial the last number somebody else dialed on that modem!
9600? Try 1200 baud! Of course, this guarantees that someone will chime in talking about starting off with a 300 baud modem that worked like they showed in WarGames.
Back in the 70s, I dialed a number on my parent’s rotary phone. When the remote computer answered, I would shove the handset into the earmuffs on the acoustic coupler[1].
It usually worked. I don’t remember if the baud rate was 300 or 110.
you configure modems still the same way. you still have modems in IoT devices. what changed are the capabilities, esp. the power states. these trackers can sleep most of the time, only wake up periodically, so they can survive on battery for several years.
most sensors are connected via I2C to the CPU. some weird ones via SPI.
most GPS sensors are different, they connect mostly via UART. so you can connect to them directly, bypassing the CPU.
MT3333? Yea that's an improvement over the UART interface where it just sends out the data no matter if the other side is listening or sleeping. With the SPI interface you get an interrupt and can read the data at your own pace.
But I2C would do too if they would offer a proper register interface as opposed to always expecting you to parse those verbose NMEA messages.
Oh and only generating an interrupt if the fix is valid would be nice! But they just shoehorned the SPI interface onto it, exposing exactly the same data as they would over UART.
So if you have to wake up, parse the message and only then will you find out if you have a valid fix or can go back to sleep and try again.
Afaik they dropped the SPI mode in the newer chips though.
Serial ports are still ubiquitous in embedded electronics. Crack open any non-trivial device and you will probably find a serial port, sometimes along with JTAG or SWD, on an unpopulated connector or on test pads, spitting out debug logs.
And it makes sense from an engineering standpoint. Equipment for interfacing to a serial port, even in 2022, is widely available (you can get a basic TTL-level dongle for the price of a coffee) and pretty much every microcontroller/SoC has at least one hardware UART. If you want to see what your code prints to stdout while it's running on real hardware you could either implement a fancy redirection layer that sends logs over whatever interface your device has (and hope there are no bugs in it) or just use the built-in UART, wire it up to an off-the-shelf dongle and call it a day.
UARTs are super important still, nothing old or obsolete about that tech. It's simply still useful, and a sensible way of doing serial communication in a simple way.
The Pirate is awesome, and was rather magical when it first appeared (I bought mine in 2010), but nowadays I would just use a USB/UART adapter [1]. They're cheap as ... something cheap on Amazon, and simpler since they're special-purpose.
Wide spread. Its very easy to work with. UART aka Serial TTL or just RX/TX is native to almost all chips.
There is no standard protocol though, so unless its a modem (AT commands) or you have a manual you will likely have a hard time communicating with it.
If you want to see what is going over the wire get a logic analyzer. Typically ~$30. Connects to USB and comes with software to decode the messages. Its read only so to speak.
> Sarah [not real name] also mentioned that the car had been transferred from another Audi dealership in Orange County, California, when she bought it. Could they be the culprits? We called the original dealership and asked if they were familiar with this hardware or if they install GPS devices in their customers' cars. The dealership told us that they used to work with a company called Sky Link to install anti-theft devices, but didn’t activate them unless the buyer paid for the service. Could this be an explanation for this rogue GPS device?
[...] Turns out, it had. The GPS device was bought by the dealership, but it was never activated. At last, we had proof that this was a device installed by the dealership.
It feels like there are several "layers" to this story, putting all of them in one probably just confuses a lot of readers. In other contexts the UART pin-outs and bit-banging would be interesting to me but I just wanted to find out whodunnit.
Had they remembered to connect the ground reference for the Bus Pirate, they would've had a much easier time reading the data back :)
OTOH: how is that even legal? I can't fully grasp how privacy is perceived as a sacred basic right in the US, but then they have dealers tracking people's cars for repossession purposes...
It's not illegal if it's not actually tracking you. The ones installed for repo purposes on sketchy car deals aren't secret, the customer signs paperwork acknowledging their existence. At that point they don't have a lot of choice, of course, their options are limited by circumstance.
> Looking at their website it seemed to have not been updated in years. It even contained a widget for Adobe Flash, a very old way of creating animation on websites.
Funny they explain what Flash is. It's just two years since it's officially dead, however Flash used to be around everywhere until at least ~2015. For me it feels strange there are younger people not knowing what Flash is... I am getting old ;)
I'm not really an expert (corrections welcome!) but having spent some time recently playing with positioning systems:
Most of GPS's perceived suck (in cold boot (TTFF) time, general receptivity) is actually just bad antennas/chips. I bet this thing has a large, possibly active, antenna and a modern, possibly multi-service, gnss module.
As an example, I have some very cheap ~10mm passive antennas that never pull a signal indoors, and some very cheap modules that take >20 minutes to TTFF even with a clear view of the sky. I also have some big chonker 30mms that, with a modern module, have a <2min TTFF inside/in a car/whatever.
The antenna in the picture looks a lot like a Taoglas L1 active patch antenna. So an antenna (possibly several, hard to tell if it's a stacked-patch or not), low-noise amplifier, and possibly a Surface Acoustic Wave (SAW) filter.
Apple Maps keeps working fine when I invariably drop my phone under the seat in my car. GPS receivers are pretty good these days and are capable of picking up very weak signals.
Is the Maps application getting the position data from GPS alone or rather from accelerometer plus earlier good reading (using GPS or cell tower known position) or some fancy sensor data merging (Kalman filter)?
Location data can come from a lot of things that are being pieced together into a really good guess even when parts are missing. GPS and the other satellites like GLONASS. Nearby WiFi hotspots since they are all pretty much known locations. What cell towers you are connected to, which are also known locations, and the signal strength getting you general ranges. Can even be done with bluetooth beacons within building like malls and conference centers I believe. And accelerometer and compass data to fill in gaps too.
I've only fiddled with this in a hobby way, but it's tricky to get accurate position information by integration of acceleration vectors. you could use the compass to get device orientation relative to motion, you could look for available wifi names to narrow down localization.
It's possible to make good guesses, but it's a pain, and they're still guesses.
(Well, they were at my level anyway)
The guesses can get scarily good. Typically you start with the GNSS signal as your initial position/velocity estimate and inertial measurements to estimate travel from that point. With decent sensors and no other constraints, you can get lane level accuracy for upwards of a minute at highway speeds without a satellite fix. However, people (and vehicles) don't have arbitrary paths and the places where they do tend to be easy to get a satellite fix. The kinds of places where you have difficult GNSS environments also tend to have networks of paths and streets that can be used to refine your estimate., a technique called "map matching". In good conditions, you can localize position to within a block inside an entire urban area on that alone.
Or if it's attached with CarPlay it will get GPS from the head unit's GPS receiver (assuming there is one, I don't know for sure that all CarPlay head units have their own GPS).
Over here in the EU any cellular device should contain a SIM card which must be registered to someone or some company, therefore it can be used to track the owner; is that different in the US? The article doesn't mention any SIM card present. If I discovered such a tracking device in my car I'd immediately look for the card, get its number and find the owner.
Also, it would be nice to fool the GPS through a jammer that emits false signals in order to make it report a fake ___location, after placing cameras at that place to record whoever shows up.
>Over here in the EU any cellular device should contain a SIM card which must be registered to someone or some company...
This isn't true for all of the EU. For example, in the Netherlands, you can buy and activate a prepaid SIM without any identification requirements. This prepaid SIM, once activated in the Netherlands, can then be used in other parts of the EU without subsequent registration.
Last I checked, you could activate a prepaid SIM without any proof of identity in the US. We don’t have a national ID card system. Postpaid does involve a credit check.
In addition, these kinds of rules (in countries which have them) almost invariably do not apply to B2B sales, especially for machine to machine communications - at that scale the operator really only cares that they know which customer is footing the bill for the subscription.
At least in my experience many years ago managing an enterprise mobile account, I could have SIM cards and handsets sent out with no name or similar allocated - the name was a nicety for getting the package to the right person, but there was absolutely no verification of anything. The name helped you reconcile the bills, so we had users on the account called "office spare 1" and "field engineer spare". Any customer support had to go through the B2B account.
At scale, an M2M device customer won't be telling the operator anything else about the device or user - the customer will manage allocating subscriptions to vehicles or devices, and won't want to have to deal with their operator for this.
> "Also, it would be nice to fool the GPS through a jammer that emits false signals in order to make it report a fake ___location, after placing cameras at that place to record whoever shows up."
Second : keep in mind that both of them are actually illegal in most countries, and besides unless you exactly know what you are doing it's fairly easy to jam/spoof on much larger areas than you would intend to ! (and GNSS is not restricted to consumer products and maps but are used in a lot of industrial/serious applications so it can actually have consequences)
You are very wrong. Spoofing GPS is downloading a file, and then running a commandline program with a hackrf attached. The *only* hard part is getting a HackRF or other TX capable SDR.
Jamming is easy enough that people do it by accident. There was a guy with a broken VCR a number of years back that got a visit from the FCC because it was jamming, I think, VOR beacons.
Having a broken VCR is significantly easier than downloading a file and then running a commandline program with a hackrf attached.
I recall seeing someone's project that did exactly that: transmitting at a very short distance a radio signal that spoofed a number of satellites so that the GPS receiver would report completely bogus positions.
Anyway, that would be unnecessary as I completely missed that the GPS receiver is connected through a serial port, therefore spoofing NMEA strings would be much easier.
TL;DR: Dealership installs GPS-based anti-theft device which is not active unless you pay for a subscription. Car is transferred to a different dealership who knows nothing about this whereupon it is sold to a customer who happens to be an EFF supporter. 29,000 miles later a mechanic discovers the device during routine maintenance. Hijinks ensue but it turns out to be much ado about nothing.
This is not really deep, TBH. This is 5-6 minutes of work for someone who does this habitually. They didn't even dump the firmware of the PIC running in there to share it for some fun RE.
The reporter clearly does not do this habitually, as it took them several (frustrating, from the sound of it) days to figure out what they did. Sounds like it was in large part a learning experience for them.
I mean, the author even stated clearly that it was a great learning experience and that the EFF couldn't do this for everything. So all of this discussion is somewhat redundant
Gotta agree with you there. "Connect to the UART, remember UART requires a ground, throw some AT commands at it, give up, and ask the company about a serial number" hardly seems like a deep dive.
Yeah, it's hard to believe that this is the same organization founded by John Gilmore, who wrote significant parts of GCC and GDB. I don't know how they're going to protect our rights on the electronic frontier if they don't even know when you need to connect your grounds together.
Reading this and reading the comments I became aware again how lucky I am to be born in a place with strong customer protection and strong data protection laws.
Wow. I imagine a dealership doing this here in Germany. Even repossession isn't that easy in Germany. In Germany, you have to go the official route and get the vehicle seized by the bailiff.
Installing a tracking device without clear informed consent would go against the GDPR and be illegal.
In the EU, there are several laws in the making or already enacted which will make it MANDATORY to detect speed limits [1] and slow down your car when it goes too fast. Also, collision data and maintenance data will be automatically transmitted in newly sold cars[2], [3].
Isn't it common now for our car manufacturers to store a log of GPS data in an ECU? I could have sworn I've once read about this around three years ago.
This German article [0] from 2022-02-03 for example mentions cars storing some usage data:
> In summary, it can be said that data is constantly being recorded for all cars, which allows conclusions to be drawn about the usage profile, the intensity of use, the number of drivers or even the driving style. A few examples of data evaluation and transmission:
-
Usage profile:
Separate storage of the kilometers driven on the freeway, country roads and in the city
Number of individual journeys, broken down by kilometers
Charging and discharging cycles with time, date, mileage
Utilization data of the combustion engine in plug-in hybrids
Regular GPS data with status report of important vehicle data
Hours of operation of the vehicle lights, separated according to individual light sources
-
Driving style:
Number of electric belt tightenings (how often do you brake hard?)
Entries for excessive engine speed or temperature (speeders)
Charge and cell voltage of the drive battery
Duration, how as long as the driver uses the various modes of the automatic transmission (continuous/manual/sport)
-
Intensity of use/number of drivers:
Number of adjustments of the electric driver's seat (allows conclusions to be drawn about the number of drivers)
Thanks for the info. Would not have known this without your pointer. Can't imagine this being legal under GDPR. But as long as nobody goes to court over this (and I would have expected the ADAC doing this as it sees itself as a representative lobby group for German drivers).
If you or a previous owner ever took out black box insurance, they install a GPS/accelerometer in your car. The insurance companies rarely bother to remove the trackers, so if you've had multiple policies you may end up with a couple of units wired in. Sometimes the mechanics will rip out the old ones, but they put them in different places and they're too busy to check everywhere (install is a 5 minute job). Usually they'll tell you that the device will be turned off once the policy ends.
TL;DR a prior dealership had installed it as part of an anti-theft add-on before selling it to a different dealer who ultimately sold it to the supporter.
The investigative effort they put in was quite good.
This car wasn't owned by a scummy BHPH lot or rental fleet. It was delivered to an upscale dealer who was installing it as part of an anti-theft package.
- the cost of these units is very cheap in bulk maybe ~$100
- their shoddy mechanics cut into power and CAN bus cables to sloppily and cheaply install them. They're usually zip tied up under the steering column. They tie into CAN so they can also immobilize the car.
- they install them right when the cars come in for their own theft protection and inventory control
- then they try to add anywhere from $500-$3000 onto the car with "theft protection" and 100% recovery warranty add-ons. It sounds like you are getting something built into on-star, but it's not. It's great - they get you to pay them for their own anti-theft and inventory purposes, and can often make several hundred dollars on top of it!
- if you avoid the bait and don't pay, then they just deactivate the unit, but they don't take the time to remove it or fix the damage they did to your wiring.
- nearly every dealer in CA does this. it's not at all just for repos, so especially upscale dealers too.
- which is terrible because 10 years later when you're contorted upside-down under the dash troubleshooting a intermittent CAN-bus problem on your expensive car, and you find one of these things is the problem, you get pretty angry about it.
With 10 years of dealership experience, I can promise this is not at all common. First off, very few dealerships finance your vehicle, instead they simply facilitate the paperwork through any bank thats competitive. Other than for some incentives with the bank over time, they couldn't care less if you default on your loan. They sure aren't going to get involved at all in assisting the repo process.
What you're referring to are devices installed by smaller shady "buy here pay here" dealerships that do in house financing for people with bad credit. Even then, gos trackers are extremely rare. Much more common are remote disabling devices. If you make a car unable to function, it's not that hard to find. Heck, they don't even really want to find it. They want to motivate the owner to make their payment, which disabling it usually does.
Finally, what some normal dealerships do to increase profit and ease of making aftermarket sales, is preinstall theft deterents or safety devices to ALL cars on the lot, and then hope they can upsell each buyer during the paperwork process. The reason this is done is because having to bring the car back to the dealership to have your after market products installed is a huge pain, which becomes a major sales objection. Thus, dealerships decided to start installing the devices in every car ahead of time, since they are cheap parts anyway, and using that as a sales tactic to sell you on paying for the actual service contract or insurance (the word used loosely here) as part of the product they installed.
Tldr; dealerships install $39 GPS trackers in every car on the lot.
25% of the time, they manage to extract $500-1000 of profit by selling the service for $1200 to a buyer. This pencils out on the end, thus they keep doing it. Definitely a more sleazy tactic that almost no dealership I worked for used, but not uncommon. Heck, the OP story was done at a franchise Audi dealership.
> With 10 years of dealership experience, I can promise this is not at all common. First off, very few dealerships finance your vehicle, instead they simply facilitate the paperwork through any bank thats competitive.
Well kinda. I've helped investigate high end auto theft rings, and I can tell you almost all luxury cars have tracking built directly into the infotainment system. Only manufacturers and a handful of people at the largest auto groups can activate it remotely.
How do these "remote disabling devices" work? Hopefully they aren't remotely disabling a car that is in the middle of switching lanes on a busy freeway.
The easiest way would be to disable the starter circuit. But that would be easy to bypass. So hopefully they disable something much more critical and harder to bypass. I don't think it would be hard to make a relay wait til it has lost power for some time before switching it to off permanently. Thus it would be disabled the next time the car is shut off.
Hmm, my trust in this article is eroded by the fact that they don't seem to know much about hardware. They didn't connect the grounds together (so of course they had junk data), and they appeared a bit surprised at having to change the baud rate.
I guess calling the company and giving them the serial was what solved the mystery in the end, but the hardware investigation left a lot to be desired (and was fruitless in the end).
It was a fun adventure, but maybe the EFF should hire more hardware specialists :)
Other comments: those jumpers can be unreliable, and I'm surprised they managed to solder with those leads. In any case, it was clearly a learning experience for them, so that's good.
I wondered if they would find a sim card or other cellular subscriber info in the cellular modem. I'd also hope they could tell if the modem was being activated and transmitting when they powered up the device, and maybe drove it around.
As for VOD, maybe it underreported miles driven because the gps stopped working in areas with poor signal.
> Several weeks ago, an EFF supporter brought her car to a mechanic, and found a mysterious device wired into her car under her driver's seat
If I saw this device under my seat I'd assume it was part of some electronic system and never touch it. The only thing that I'd see that would make me go "huh" would be CDMA – and even then I would probably assume it was part of my car's infotainment system like my old Saab's OnStar that used a Verizon 2G CDMA network that died before I purchased the car.
I have a pretty good mechanic as well, and unless I was complaining about a jammed seat adjustment, he wouldn't be down there to see. I wonder if he'd even be able to eyeball it as suspicious as he's an independent; who knows what kinds of things get hooked up below seats.
Assuming this part isn't narrative, kudos to those who found it. Now where should I go look?
I see three possibilities, from most to least likely: (a) completely fabricated by the subject of the story (perhaps because they are sincerely convinced they are being followed by someone and are seeking to furnish "proof"); (b) it's anti-theft; (c)(super super super unlikely) its a personal matter.
Why wouldn't they hire a person that is a professional electronic forensics expert to look into such a device? (Yes, cost, most probably.)
I say this as «not connecting ground» sounds like a rooky mistake. Using their procedure – i.e. by what looks to me like amateurishly poking around the device – they would have destroyed anything that could be brought forth as evidence in a court.
The GPS tracking device had absolutely no connection to the individual being an EFF supporter, and was in fact entirely benign (if unknown to the vehicle owner).
What we need from the EFF: a serious discussion about anti-theft vehicle tracking and privacy (e.g. a list of brands/dealerships installing these devices, how/where to find them, how to disable them, which anti-theft GPS brands don't sell your ___location data)
What we got: someone at the EFF learns about UART, called a car dealership, and wrote a clickbait title