Comment by abakker
7 hours ago
I mean, even back in the OnStar days, you could "opt out" and cancel the service and it would track you anyway. With BYD or any other car maker, I'd be worried the SIM was a placebo.
7 hours ago
I mean, even back in the OnStar days, you could "opt out" and cancel the service and it would track you anyway. With BYD or any other car maker, I'd be worried the SIM was a placebo.
This is where things like a HackRF or flipper zero are useful - leave a scan running over 24 hours from multiple fixed locations within the vehicle and you can detect if there are any wireless transmissions, and then triangulate on exactly where they come from using several pieces of yarn cut to the length of estimated distance from the source.
Cars should be independent, local only devices. Having cloud dependencies is just reckless and stupid.
Can this be done without picking up the myriad of SIMs that pass near your car? How would you know which of them is your ghost SIM?
You'd need to differentiate between sources - you'd want to capture every signal, then sort into buckets by frequency, by regular timing, and so forth - if a device is sending a burst every 5 seconds, then you can grab every 5 second occurrence of a signal at that frequency and make a reasonable assumption that all that data is from the same radio.
You can filter for all the frequencies that show up regularly, then you differentiate by signal strength - group occurrences of the same frequency into similar dB buckets, then correlate the changes based on new fixed positions within the car, and run some calculations on changes in signal strength to obtain a dB to distance calculation. The strength to distance calculation can be estimated by making some assumptions about the type of radio you're looking for - a simple cellular module is going to be different than a WiFi repeater, or a wireless fob, or a bluetooth tracker.
From the fixed points within your car, you can tie one end of a piece of yarn to where the sensor was affixed, and the length of the yarn should correlate to your dB to distance estimate for that position, and with 2-3 or even 4-5 threads you'd be able to group their loose ends together to get a rough physical indication of exactly where the radio transmission is coming from.
The grouping won't be exact, but it'll literally point in the right direction, and if the threads are too long, or pointing to something buried in the chassis or whatnot, then you can reduce the lengths of your yarns by the same percentage of reduction and they'll be "pointing" at wherever the radio source is.
You're going to get a general location, like "under the dashboard" or "in the glovebox" or "somewhere under the spare in the trunk", not a millimeter precise location. You could probably vibecode a way of processing the data in a browser, and use a bunch of splats and AI modeling of your car and so forth to get a very precise and useful pinpoint of a device with a fancy UI, but you can just use a spreadsheet and text files of logged signal records, the process isn't super difficult.
Anyone know of reviewers that do this for cars? I just don't see privacy focused reviews on basically anything. We have reviews about how reparable things are and how good/bad the features are but rarely do I see privacy mentioned or in-depth analysis of TOS and the like to give buyers a sense of how good/bad cars and other devices are. Does everyone just assume it is terrible and go on or is there some reason this isn't a top level item for journalists to evaluate?
What would the car maker gain from adding a decoy sim?
analytics. same thing anyone that collects data gets. how they use it might be different. most use it to monetize the data. some might actually use it to improve things. because some do use for making money, those that do for actual improving will always be deemed suspect
You are seriously positing that car manufacturers would install decoy sims in their vehicles to discourage people from finding the true sim, all so they might collect data without potential user disruption?
1 reply →