National Security Secret #42

on

   National Security Secrets  

#42. Oscillating current can be used to locate and identify devices that support BlueTooth or WiFi - even after both have been disabled.

Related secrets: 

Can the device in question stream music to a BlueTooth speaker or connect to a WiFi router?
Those that can will contain one or more antennas tuned for the frequencies used to find them.

      Lily Hay Newman, "Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones", Wired, 11-18-2019 7:00 AM

Too bad the Wired article leaves out the best details.

Here's what it's missing:
  • An oscillating current is introduced to a residence or business that meets 2 criteria:
    1. A device of interest which supports BlueTooth or WiFi is located there.
    2. At least one WiFi router is also located there.
  • The oscillating current induces an oscillating signal in the WiFi router.
  • When the oscillating signal encounters a device with the right antenna it triggers a cycle where a weaker signal is emitted by the antenna, some of the signal is converted to heat, and some is converted back to oscillating current.
  • That weaker signal is distinct enough from device to device for identifying most devices.
  • Should the device have BlueTooth or WiFi enabled when this occurs, other methods are employed to gather additional details.
  • Once a device profile has been built this way, anything which activates the antenna - like cellular service or using it as a hotspot - gives away the location and identity of the device.
Why have the extra step that requires a WiFi router?  Generating the oscillating signal from an external location runs the risk of discovery.  By using something unfamiliar to most - oscillating current -  the risk of discovery is considerably reduced.

It also creates the best possible type of "Who...me?" situations:
  • The perpetrators can now invoke the "We didn't introduce anything that wasn't already present in some form" argument/defense if caught.
  • They also can smugly point out that "What caused the problem was generated on the premises by existing and unmodified equipment."
Should a victim of this tactic return to find a laptop or cell phone vanished into thin air... trying to explain how a well hidden or recently purchased item could be targeted is difficult at best.

But of course, why only take someone's things?  Things can be replaced.

To inflict maximum harm on someone it's prudent to take their credibility too.


Originally posted on 12-04-2021

Comments

Post a Comment