PROVO — Even at elevation, nobody expects a threat to appear out of thin air.

Police acknowledge, though, that any given parking lot in Provo, elevation 4,549 feet, could eventually fall victim to one of the latest crime trends surfacing across the country.

Some car burglars are believed to have adopted the Bluetooth technology on their own phones to help identify potential target-rich environments for other mobile devices and electronics.

“They could, say, walk through this parking lot and see on their phone if there are other devices that want to connect to it,” explained Det. Nicolas Itin, who specializes in fraud, credit card theft and skimming, and identity theft cases. “If we have Bluetooth enabled, (our devices) could be out there transmitting to other devices, saying, ‘here I am.’”

Itin said there has been no direct evidence yet of a local burglar using a Bluetooth application to target cars and a crime-of-opportunity like a smash-and-grab was still far more likely, but he noted the possible vulnerability.

“It’s something to consider—Bluetooth and WiFi-enabled devices that are transmitting, letting potential criminals know that they’re there and susceptible to being stolen,” Itin said. “We see a lot of computers and tablets stolen out of cars. Whether or not that’s from somebody who is thinking far ahead enough to look for Bluetooth devices showing up or if someone’s just looking for what’s in plain view, the bottom line is we’re seeing those items stolen.”

Other Bluetooth vulnerabilities

Car burglars wouldn’t be the first group to utilize Bluetooth to mine for something valuable.

Eide Bailly LLP digital forensics manager Trent Leavitt said Bluetooth was designed to be convenient — not secure.

“There are numerous vulnerabilities with Bluetooth,” Leavitt said. “The most popular one, I think, is called BlueBorne.”

Security firm Armis was believed to be first in 2017 to report of the dangers of the malware, which literally spreads like a sickness in nearby Bluetooth-enabled devices, all reportedly while undetected.

“It can set up backdoors and can start transmitting information to go back-and-forth,” Leavitt said. “You can actually use that phone from a command-and-control standpoint.”

Leavitt said other criminals can mine mobile devices from long distance via a Bluetooth “sniper rifle.”

“Instead of shooting a projectile, it shoots a signal, and it can connect to Bluetooth devices, so you can listen to phone calls, you can intercept text messages, listen to what music they’re listening to on the Bluetooth device, potentially even access things they’re doing on their TVs or computers if that is enabled.”

Using that device—which has been on the market for well over a decade—a would-be hacker could target smartphones from as far as 250 yards away, according to Leavitt.

“It’s not new in the security world, but most people probably don’t even know that technology exists,” Leavitt said.

What to do about Bluetooth vulnerabilities

While police and security analysts alike maintain that the public is much more at risk to garden variety crimes like smash-and-grab burglaries, they said people should still be aware of the potential risks associated with technology and the ever-changing threat environment.

“It’s not if you’re going to get hacked — it is when,” Leavitt said. “Your data will be compromised at some point — whether it’s your fault or a company’s fault or someone’s fault. Sometimes it’s no one’s fault at all. There’s always exploits and vulnerabilities because technology is always changing.”

Leavitt advised all people to turn off their Bluetooth when they are not using it, something Itin also said was worth considering.

“If you are committed to leaving your valuables in your car, it’s definitely a prudent step to make sure it’s not transmitting,” Itin said. “It could potentially represent a security threat.”

Related topics