Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers

Europol has issued a new warning regarding an emerging trend in organized crime involving the use of Bluetooth trackers.
Originally designed to help individuals locate personal items and prevent vehicle theft, these small devices are being increasingly exploited by criminals for illicit activities.
According to a new blog post published by Europol today, criminals are leveraging this technology to geolocate illegal commodities, with the majority of reported cases involving cocaine smuggling.
The trackers have been frequently discovered alongside large cocaine shipments, particularly in container shipments of food products and hidden in sea chests within sea vessels.
Europol confirmed that drug traffickers are using Bluetooth trackers to trace the transit of illicit cargo after it arrives in ports.
The technology enables them to monitor the movement of the cargo by road towards storage locations in European markets, and it is likely that the trackers are also employed to locate illicit shipments upon arrival in ports.
In response to this growing concern, Europol has issued an early warning notification to all EU Member States, cautioning them about the misuse of Bluetooth tracker technology by organized crime groups.
According to the document, Bluetooth trackers are valued by criminals for their smaller size, affordability, longer battery life and waterproof features compared to traditional GPS trackers.
While Bluetooth trackers are not effective when out of range of paired devices, they offer an attractive solution for criminals seeking to track and locate illicit commodities.
Europol acknowledged that Bluetooth trackers have been used in a few cases related to organized property crime and migrant smuggling, but the predominant concern remains their association with drug trafficking.
As of now, there are no indications that Bluetooth trackers are being used to geolocate shipments at sea.
Europol suggests that, due to technological constraints, GPS technology is more suitable for this purpose.
The notification did underscore the potential for combining GPS devices and Bluetooth trackers for more reliable geolocation.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 11 Dec 2023 16:30:14 +0000

Cyber News related to Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers

Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers - Europol has issued a new warning regarding an emerging trend in organized crime involving the use of Bluetooth trackers. Originally designed to help individuals locate personal items and prevent vehicle theft, these small devices are being ...
1 year ago Infosecurity-magazine.com

Unraveling the Wonders of Bluetooth - Continuing its evolution, Bluetooth 3.0 + HS arrived in 2009, introducing the concept of Bluetooth High Speed, leveraging Wi-Fi technology for faster data transfer over short distances. Bluetooth 4.0, introduced in 2010, marked a significant ...
1 year ago Feeds.dzone.com

Lost and found: How to locate your missing devices and more - Physical trackers are small, circular or square-shaped objects that use simple replaceable batteries to remain charged for a long time. For travelers going around with luggage on trains and planes, there have been times when they come in really handy ...
1 year ago Welivesecurity.com

Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence - Criminal IP, a renowned Cyber Threat Intelligence search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking ...
9 months ago Hackread.com

CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
1 year ago Tenable.com

CVE-2024-49950 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 ...
4 months ago Tenable.com

Europol shutters ransomware operation with kingpin arrests The Register - International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years. A joint investigation team, spearheaded by French authorities, formed in 2019 to bring down a ...
1 year ago Theregister.com LockBit Rhysida

Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
2 years ago Securityweek.com

Undocumented commands found in Bluetooth chip used by a billion devices - Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions. "Tarlogic Security ...
1 day ago Bleepingcomputer.com

New BLUFFS attack lets attackers hijack Bluetooth connections - Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, ...
1 year ago Bleepingcomputer.com CVE-2023-24023

CVE-2024-53208 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: ...
2 months ago Tenable.com

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
1 year ago Darkreading.com CVE-2023-45866

CVE-2024-58013 - In the Linux kernel, the following vulnerability has been resolved: ...
1 week ago

Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals - European law enforcement agency Europol on Wednesday announced a global crackdown against the use of legitimate security tools by cybercriminals, including the takedown of nearly 600 Cobalt Strike servers linked to criminal activity. The agency said ...
8 months ago Securityweek.com

IntelBroker Nabs Europol Info; Agency Investigating - The international law enforcement agency has confirmed that it's investigating the incident. The data was advertised on the BreachForums Dark Web marketplace on Friday, and it was marked as sold the same day. The tranche purportedly includes internal ...
9 months ago Darkreading.com

CVE-2024-53207 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task ...
2 months ago Tenable.com

CVE-2024-54460 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid ...
1 month ago Tenable.com

CVE-2024-26890 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with ...
10 months ago Tenable.com

Criminal IP and Tenable Partner for Swift Vulnerability Detection - Criminal IP, a prominent Cyber Threat Intelligence search engine developed by AI SPERA, has recently established a technical partnership with Tenable, a global leader in exposure management. This partnership is designed to equip users with a robust ...
1 year ago Bleepingcomputer.com

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
1 year ago Krebsonsecurity.com LockBit

Undocumented backdoor found in Bluetooth chip used by a billion devices - "In a context where you can compromise an IOT device with as ESP32 you will be able to hide an APT inside the ESP memory and perform Bluetooth (or Wi-Fi) attacks against other devices, while controlling the device over Wi-Fi/Bluetooth," explained the ...
1 day ago Bleepingcomputer.com

Criminal IP ASM: A new cybersecurity listing on Microsoft Azure - AI SPERA, a leader in Cyber Threat Intelligence-based solutions, today announced that Criminal IP ASM is now available on the Microsoft Azure Marketplace. As an officially certified ISV partner of Microsoft, AI SPERA offers services and technology ...
1 year ago Bleepingcomputer.com

Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android - On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them. Named Detecting Unwanted Location Trackers, the new feature started rolling out ...
9 months ago Bleepingcomputer.com

Europol confirms web portal breach, says no operational data stolen - Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only documents containing ...
9 months ago Bleepingcomputer.com