Detection of hidden cellular GPS vehicle trackers
111 comments
·June 10, 2025eschneider
b8
Also that some devices log data locally and require manual pickup + review to avoid detection. Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
Ylpertnodi
>Also LEO have been known to temporarily disable such devices when people do scans to detect them for Undercovers.
Any more info on this?
v7n
Since I'm not seeing any other references, here's a timestamp for a YouTube video where an ex-undercover op is interviewed and such thing is mentioned: How FBI Undercover Agents Actually Work | Authorized Account | Insider https://youtu.be/h6au3ppTm7g?t=1123
logifail
> most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move
I've been working with (non-covert!) tracker devices for a project, and use exactly this approach, when stationary the tracker goes into low-power mode and sends position once every 12 hours to preserve battery life. When motion is detected, we send regular updates.
theoreticalmal
If low cost is the goal, consider a voltage measurement device. ICE engines have electrical systems that run ear 13V when the engine is on, and ~12.5-12.8V when the engine is off
andruby
That would require plugging into the wiring. At that point you no longer need a battery and can just use the car's power.
Scoundreller
We talking MEMS/inertia detection, vibration detection or auto-geo-fencing?
avidiax
The absolute cheapest thing is just to never update the position unless it significantly changed. Doesn't require anything except the GPS chip.
Bluetooth beacons would need to add an accelerometer, but that undermines their use in pinpointing an object at rest.
rickdeckard
Using the GPS signal to detect motion is the most power-expensive path though.
The cheapest in terms of power consumption is a simple Accelerometer/Gyroscope component. The difference can be months or even years in longer battery runtime compared to GPS.
aa-jv
Probably the most effective technique for detection would be attained by spoofing the GPS signals, like the IRGC did to capture multiple US' drones?
https://www.gpsworld.com/gps-circle-spoofing-discovered-in-i...
I wonder how easily GPS can be spoofed, locally ...
https://rntfnd.org/2021/10/28/cheap-and-easy-gps-gnss-spoofi...
Seems someone already had the idea:
https://www.reddit.com/r/hardwarehacking/comments/10na5c8/sp...
eschneider
Sleeping the CPU until you get an interrupt from an IMU or simple motion detector is a common way to do this. It's not about being stealthy so much as extending battery life.
cryptonector
Whichever one is cheapest energy-wise. My guess is MEMS.
aggregator-ios
JFYI: These devices are also installed on cars before it arrives at the dealer or by the dealer itself, but not necessarily by the manufacturer. Rumors are that it is installed by larger dealer groups and is obscured or just failed to be disclosed to the end dealer. Either as part of their LoJak(?) sales upsell or tracking for insurance purposes.
It's usually plugged into your OBD port. If your car has API features, some EV owners have graphed their electricity usage and shown drain/spikes at intervals and led them to find these devices. The consumption from the 12v battery causes the larger EV battery to charge the 12v battery, showing these charging/discharge spikes. There's also sometimes a sticker next to your tire pressure label on the driver's side door mentioning the installation of such a device.
I guess get rid of it if you care to.
theoreticalmal
Hey this is my industry! Teltonika is a major player in the IoT tracking space. They have features designed specifically to handle this situation. I’m told that GPS jamming and radio pinpointing techniques are used to steal vehicles with these kinds of telematics devices installed, especially in Africa
seethishat
Ham radio guys and gals have been doing this for decades with APRS. It's fun and easy to do.
https://aprs.fi/#!lat=37.25320&lng=-80.43470
So that 1979 Ford F150 can be tracked too ;)
vv_
It'd be cheaper to buy an RTL-SDR and an LTE antenna than this tinySA. I'm not convinced that a layman would have enough practical experience with radio's to detect these signals though. The bands used for IoT aren't exclusively used for IoT either - they'll contain "normal" LTE signals too.
blantonl
RTL-SDRs have a typical usable bandwidth only about 2 MHz, so that is going to rule them out of any real usable LTE related decoding and detection
null
goda90
Better hope your stalker isn't friends with a law enforcement officer either: https://deflock.me/
EGreg
They also used to monitor MAC addresses from various wifi access points, the MAC addresses of your computer don’t change. But now I think the vendors started fixing that.
chneu
To be clear, you absolutely can randomize your Mac on most devices nowadays.
extraduder_ire
I think per-AP randomisation of wifi mac has been the default on any mobile device I've checked in the past five years at least. Haven't examined bluetooth as closely.
b8
Simply putting a fake plate would bypass that. Truckers usually have a pulley system on their plates to avoid tolls, so maybe more normal drivers will implement such a system or find a way to create something that messes up their camera OCR.
euroderf
> Truckers usually have a pulley system on their plates to avoid tolls
You mean like James Bond's rotating license plates ? Got a pointer to this stuff ?
77pt77
Just search for it.
I found video review of $80 in seconds.
There's also videos online of cars flipping it right before they cross a toll by plate.
I would not do this. This is serious fraud and antisocial behavior.
SchemaLoad
That would probably flag you immediately for a plate that doesn't match the car, a plate that does match but seen in two places that would be impossible to travel in that time.
potato3732842
That event would go in the same bucket as the other ten million alerts where the system got confused between visually near identical models or some de-badged sports car.
The fact of the matter is that the powers that be can't overtly use the dragnet in the way that the "how dare someone skip a $2 toll" and "muh two ton death machine" crowds would like to see because the other 99.5% of the public will be all "hey WTF" and politicians will pass laws to pander to those people. The dragnet operating powers that be would rather retain the ability to use the dragnet unfettered even in bad ways so they normally reserve its use for "serious" things.
BobaFloutist
"Usually" is an astonishingly aggressive claim here.
ge96
that's not related to flock safety (company) is it?
sodality2
Yep. Their brand of ALPR cameras have spread like a plague very quickly all over the US
zikduruqe
And Lowe's (hardware store) has signed an agreement with them to put them on their properties. Vote with your wallets.
"Retail giant Lowe’s is another customer, according to two former Flock employees and confirmed by the company. Scott Draher, vice president of asset protection at Lowe’s, said in a statement that Flock cameras are “just one example of a multifaceted approach” to combat shoplifting. He declined to comment on how many of its stores have Flock cameras or if it provides camera feeds to law enforcement."
https://ourcommunitynow.com/P/americas-biggest-mall-owner-is...
ty6853
I noticed that in Abrego Garcia's recent indictment they were able to figure out he was in 2022 based on ALPR pulls that showed he was actually putzing around Texas. My understanding was most ALPRs were being stored for no more than 30 days but apparently that isn't the case, since it appears they did not start to build the trafficking case until this year.
closewith
Private ANPR in public spaces is unlawful in the entire EU. The US needs to get a GDPR equivalent to protect basic human rights from corporate surveillance.
ge96
Interesting I had actually considered getting a job there at one point ha... it's like Anduril you know, seems like a cool company but the purpose... Also doubt I'm qualified but yeah.
defsectec
The map of ALPR nodes show that some are installed by "Flock Safety" when you click on a single one and view the details.
So I would assume those two things are directly connected.
Just speculation though. Don't have time to verify currently.
77pt77
Do you know if they also monitor bluetooth devices?
Like all cars have one and if should be detectable.
Also, most recent cars have DCM which are always sending data, including position to the car maker.
speedgoose
TPMS is also common and detectable.
BobaFloutist
Wait, why on earth are these wireless? Apparently they're battery powered too??
What possible reason is there for them not to just be plugged into the car's power and computer? I'm sure there is a reason, but it never once occurred to me that that would be the case. What a strange system.
77pt77
This is tire pressure monitors for those that don't know.
Didn't even cross my mind...
toomuchtodo
They have Bluetooth hardware but doesn't appear they monitor with it based on available information.
https://www.ryanohoro.com/post/spotting-flock-safety-s-falco...
reactordev
Bluetooth doesn’t have the signal strength beyond 20ft. Even then it requires a handshake pairing to send data as every device shares spectrum.
justinc8687
Way back in the day (2010), I worked for a company using Bluetooth scanners to measure traffic speeds. We could get about a 500' range with custom hardware.
The real fun part at the time was that every Bluetooth device pretty much was always in pairing mode, and that MACs didn't rotate...
Eventually those both happened, but in ways beyond my comprehension (I worked on the software side), the hardware guys could still pick up the signals to track cars.
GJim
> Bluetooth doesn’t have the signal strength beyond 20ft
Oh dear.
I think you will find a directional antenna can rather increase this by several orders of magnitude.
sodality2
BLE transmissions go much further last time I experimented with them [0]. However the problem of anonymity comes into play since they frequently generate new MAC addresses.
77pt77
I can almost assure you NYC subway does this.
catsdogsmouse
[dead]
null
userbinator
I wonder how effective an EMP would be at "sterilising" a vehicle of such trackers. Especially if the vehicle in question has no electronics and uses a mechanically-injected diesel engine.
ehnto
Certainly an interesting thought if you have a very old diesel. I would wonder if all the metal would hamper an EMP pulse that you could safely generate at home.
Diesel's going back 20+ years still have ECUs as well, not to mention the rest of the vehicle's electronics could be at risk. So it would have to be a properly old or unique vehicle.
myself248
It's an interesting idea. The "obvious" route would be to tear down the vehicle and remove all the ECUs you want to save, then administer the zap. But at that point you probably find the tracker hardware anyway, unless it's really buried in some upholstery or something.
gnarlynarwhal42
12v Cummins in the Dodge Ram pre-'95 would fit this. I used to want one for this reason.
Lu2025
The last car without electronics I drove was a Tavria made in Soviet Ukraine 35 years ago. Then dad installed an aftermarket ignition timing chip. You need to go really far back in time to find vehicles without chips.
weinzierl
These efforts are commendable, but by and large I think our location data is just a commodity by now and it is best not to assume you can reliably hide your location permanently and reliably without spending a lot of effort.
Not that I'd find that idea pleasant, I just think the ship has sailed.
JohnMakin
This isn't a generic data privacy counter-measure or concern. This is specifically targeted against stalking, which is pretty much one of only a few cases where this kind of thing would be used against you. Specifically the case where the perpetrator will place a device in or on the victim's car.
weinzierl
Sure, but the stalking issue is a subset of the generic data privacy issue or do you believe you can hide from a stalker if everyone else under the sun knows you location. It might be too difficult to use location data brokers for stalking[1] but the whole economy around them makes the app ecosystem weak against location privacy and makes it easy to use a manipulated app for stalking. No special devices needed and certainly no cellular devices needed.
[1] Even though data brokers have been used to find out the medications of a German MP, for example. https://www.techradar.com/news/even-your-deleted-secret-web-...
JohnMakin
I’m not sure what point you’re really trying to make here. This is a thread about detection methods of an extremely invasive (and rare) method of stalking, which yes is a subset of a data privacy issue. The fact that data brokers can get a lot of location and other data about you is irrelevant to the discussion.
> or do you believe you can hide from a stalker if everyone else under the sun knows you location.
I’m not sure anyone is claiming that the detection methods described in this study are going to make you completely undetectable to any party at all times. Again, not sure what point you’re trying to make here and it feels irrelevant to the larger thread. The original comment seemed to indicate that the article hadn’t been read at all.
timewizard
Knowing where you are is useful.
Knowing where you _aren't_ is equally useful.
I can imagine half a dozen ways to use this data against you in all kinds of settings. Sales, divorce, employment, espionage against your employer, burglary, and basic blackmail.
LorenPechtel
It doesn't necessarily say where you aren't. What if you get in somebody else's car? (Not uncommon for me as we typically carpool to trailheads.)
ehnto
That is true for law enforcement, corps and nation states perhaps, but the threat vector here is just regular people who want to track someone. They're not as saavy and don't (usually) have access to the corp/leo/government databases of locating data.
For me it's about car theft, so all I am defending against is what thiefs have access to. If I can detect a scanner popped on a car at a car show before heading back to storage, I am at a huge advantage.
chneu
Real give up attitude. Gosh people have given up.
It isn't that hard, but people are lazy as hell and love convenience.
fsflover
This looks like security (or privacy) nihilism: https://news.ycombinator.com/item?id=27897975
weinzierl
The security nihilism is thinking you'd need special hardware to stalk someone, when a malicious app on the victims phone does the job.
anigbrowl
IT's easy to replace a phone, a car not so much
roywiggins
I figure it's probably about 1000x easier to gain sufficient access to someone's car to put a tracker on it than their phone
fsflover
The security nihilism is thinking "why try to defend yourself if there are so many attack vectors". Also, my phone has no malicious apps. (It's a GNU/Linux phone.)
striking
Then can you explain why special hardware still keeps showing up in victims' cars?
salawat
That ship is more than capable of being put back in a bottle with enough political will. We just need to come together enough to get the message heard.
BurningFrog
I doubt it. The tech keeps becoming cheaper and easier.
When it's only governments and major corporations that can do something, political will can probably stop it.
When every tech hobbyist with $100 to spare can build their own, I don't know how it can be policed.
BobaFloutist
That's a new one. Make sure not to burn the barn door in the process?
weinzierl
Sure. But hardware trackers is the least of our problems. We'd need a hard crackdown on location privacy in mobile operating systems and the app ecosystem. Good luck with mobilizing enough "political will" when the economic interests of a whole industry is affected.
cogman10
I don't think the economics are a problem. I think it'll be the fed they call in to testify that will shed crocodile tears about how some murdering pedophile was brought to justice using this data.
Very similar to how we lost a ton of civil liberties because shows like 24 bombarded the country with ideas that the only way to stop terrorism was torture.
Unfortunately, a good number of people will happily sacrifice liberties that will be abused simply because it might catch a single bad guy.
GJim
> We'd need a hard crackdown on location privacy ....... Good luck with mobilizing enough "political will"
Genuine LOL
Here we have the GDPR. It works. (Contrary to much tech-bro propaganda spouted on here).
null
Daviey
Interesting research, but the paper does not address the contribution to the arms race of good vs bad. The criminals will likely use this technique to find legitimate car trackers before stealing the vehicle.
keyringlight
At least for motorbikes, the tactic is to abandon a stolen vehicle for a while after the theft to see if anyone comes for it, then take it to home base. I'd guess it all comes down to how professional an operation you're dealing with, last week a haul was recovered due to a tracker: https://www.bbc.co.uk/news/articles/c1denv9eg6wo
Hilift
There were probably zero arrests from that seizure. There would probably be more seizures if they simply scanned used vehicle VINs going out for export, but there's no resources for that. The whole "export used garbage vehicles to a new home" market is super shady and is a convenient front for theft.
ge96
If you're lucky your car gets destroyed in a street takeover then insurance gives you a new car (points to head)
edit: on a more serious note, I figure I won't own a nice car till I move somewhere nicer
AngryData
I don't think cars should have trackers in them to start with unless the owner specifically puts it in there themselves, so I see this as only good.
Daviey
That's the point, a legitimate tracker, such as personal tracker or fleet tracker for company owned vehicles.
LorenPechtel
Did you not notice the motion sensor bit? Their technique does not work against a stationary tracker because it's not going to say anything. Thus you can't check out the car before you steal it.
What the bad guys do is steal the car, then leave it somewhere as soon as possible and see if anyone comes for it.
If you're going to try and track this stuff for real, keep in mind most devices like this use motion sensors to go into low-power mode when stationary and only transmit on the move.