Dan Guido Profile picture
Aug 10, 2021 22 tweets 7 min read
My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down:
The theft occurred on Monday night. I went out to dinner and locked it to a grate with motorcycle handcuffs. I find them easier to use than a cable lock, but apparently I forgot to lock one cuff. It was gone after ~2 hours.
amazon.com/gp/product/B00… Image
No fear! The most important part of IR is preparation, and I hid two Airtags inside the scooter: one “decoy” in the wheel well and a second, more subtle, one inside the stem. Covered in black duct tape, they’re hard to see. Image
I resolved to find it the next day but I’d be short on time: I had to catch a flight to Blackhat. I biked to where the scooter was located with an extra lock in-hand, hoping I could see it on the street and lock it to the nearest object for later retrieval. Image
I also had NYPD meet me at the nearest street corner but they were resistant to helping. They weren’t familiar with Airtags, thought I might be enlisting them to steal something, and refused to walk with me if I knocked on a door or into a store.
With only 1hr to hunt, I couldn’t find its precise location and left thinking it was in these apartments. I boarded my flight to Blackhat, expecting I’d never see my scooter again. Why? Apple’s anti-stalking features. Image
iPhone users automatically receive a push notification if an unknown Airtag has been “following” them, without its owner, for a random time between 8 and 24 hours. The Airtag itself will also start making sounds w/ a built-in speaker.
Luckily, the Airtags didn’t move for the whole week. I thought up a new game plan to recover it as soon as I got off my redeye flight this morning. First stop, the 79th Precinct to try convincing the cops to help me, again. Image
I immediately encountered resistance:
1) go back to where it was stolen and call 911
2) that’s not our precinct
3) we can’t help you if it’s inside a residence
4) I’m not familiar with your voodoo magic^H^H^H Airtags
I was patient, upbeat, and demonstrated with the Airtags on my keys. I reiterated I didn’t want them to do anything illegal to help me, made a joke about it only costing $800 so it’s no felony, and insisted it would get solved within an hour. It worked!
With a willing 2-man patrol and me in the backseat, we drove to the current location, I pointed out the apartments, and then it dawned on all of us… there’s an e-bike store directly next door! In we walked to survey the merchandise. Image
I received a UWB ping as I walked in the door. It’s 13ft away! I gestured to keep walking, it’s here. The store was unkempt with piles of scooters. There was not a single new scooter in the store, every item on sale was second-hand. Image
Seconds later, I walked right into it. My scooter! The employees were in disbelief: How did I know it was mine? I played sounds from an Airtag. Not good enough. I paired to it with the Ninebot iOS app. This convinced the last holdouts. Image
At this point, one mechanic started making excuses for the current state of it: the woman who brought it in had complained about the brakes, so he cut the power line to the handlebars and then removed them. This is not how to repair brakes: ImageImage
As I further inspect the scooter, the cops start asking questions: Do you sell used e-bikes? Do you collect info from the seller? Do you ask they prove ownership? What is the contact info for the person who dropped this scooter off? No, No, No, and we don’t know.
It’s at this point that I noticed there were cameras indoors. In hushed tones, I excitedly told the cops, “Ask for video from last Tuesday at noon.” As I walked the scooter outside, I further reiterated, “they’ll delete it if you don’t get video now.”
An employee inside realizes we're investigating further. He immediately becomes agitated: I should be happy I got my scooter back and leave. It’s my fault for getting it stolen. I’m screwing up his day. This isn’t how we do things in Brooklyn. More joined in.
I move outside while one cop retrieves the evidence, but the most aggressive employee followed me. He says, “All you’re doing is making enemies.” Gets closer to me, and pantomimes shooting me. He implies I’d get murdered if he sees me again.
I do my best “How to Win Friends” and find things to agree with him on. To their credit, the employees not harassing me outside cooperated and provided the video. It’s a woman, and they claim she didn’t leave a phone number.
I filled out a report at the precinct, and my two patrolmen get a parade of high fives from their peers. No one can remember the last time they solved an e-bike crime! I teach them all how to use Airtags, then hop in a Lyft home. @NinebotGlobal agrees to RMA the scooter ♥️.
Here are a few lessons learned if you’re using Airtags for theft recovery:
1) Use an Airtag adhesive that blends in and muffles noise. It’s clear my thief was looking for them.
2) Do not turn on Lost Mode. It immediately alerts the thief they’re being tracked.
3) Act quickly, before the anti-stalking feature kicks in. Damage done to my handlebars was likely in response to the regular noises from the Airtag.
4) Limit your in-person interactions and always involve the police. Don’t try to retrieve your stolen goods until you have backup.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Dan Guido

Dan Guido Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @dguido

Feb 20
Here's the most correct recap of what's happening with OpenSea right now.

tl;dr The security of web3 platforms depend entirely on wallets with universally poor security UX, and there's very little the platforms can do about it.
If you're looking for sites to revoke your approvals and limit your exposure to phishing attacks, here are 3 sites that work right now:
If you're building a web3 site, turn up DMARC to a reject and strict alignment policy and monitor it with DMARC Digests, at minimum dmarcdigests.com
Read 9 tweets
Apr 26, 2020
We're hired to provide industry-best advice @trailofbits, and that's exactly what we provided to @HegicOptions. How, then, were bugs found in their code mere hours after they deployed it to mainnet? (1/n)
In 3 days earlier this month, we identified 10 critical flaws in @HegicOptions that could harm users. We noted a lack of tests, a lack of documentation, and that the time afforded to review their code was insufficient.

Bottom line: we told them to hold off deploying. ImageImageImage
This was the right advice, and we generally expect people listen to us when they're paying for our help.

Instead, Hegic patched the few bugs we found, made no further changes, misrepresented our 3-day code review as an "audit", then immediately deployed. ImageImageImageImage
Read 17 tweets
Mar 3, 2019
Most people are now aware that @trailofbits conducted a security review of the Bitcoin Cash client on behalf of @BitcoinSVNode. While we cannot release our report in its entirety yet, I wanted to share a few details of what we found…
First, as far as we are aware, this was the first time a professional services firm reviewed the security of a Bitcoin client. We began with a comprehensive review of the bitcoind attack surface and surveyed previous attempts to fuzz it.
Prior fuzzing efforts appeared ad-hoc, did not share their input sets or report code coverage, and referred to outdated, unworking instructions. We identified surprising gaps in coverage when compared to our attack surface modeling and set about to remedy the situation.
Read 10 tweets
Mar 20, 2018
Google sure is good at plagiarizing my work. I released @AlgoVPN, an open-source, self-hosted VPN solution, in 2016. I find it hard to believe @Jigsaw was unaware since I’ve met their engineers more than once.
Since I released @AlgoVPN, it’s attracted ~7500 Github stars, 700 external contributions from 80 contributors, and endorsements from @motherboard, @kennwhite, @TheRegister, @thegrugq, @TechCrunch, @lifehacker, and more.
I’m proud of what we accomplished but taking @AlgoVPN to the next level requires external funding. I have been relentless in trying to obtain it. I started by recording a podcast, then bundled it with my proposals. georgianpartners.com/the-problem-wi…
Read 6 tweets
Mar 13, 2018
So this AMDflaws.com business... CTS Labs asked us to review their research last week, and sent us a full technical report with PoC exploit code for each set of bugs.
Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works.
I initially responded to their request out of curiosity -- "Hey, do you want to see our new processor bugs before we release them?" "hell yes I do" -- but after their asks continued to grow billed them our week rate for the work.
Read 11 tweets
Sep 17, 2017
I’d like more women to apply to Trail of Bits. 30x more men apply than women on average today. Here are some ways I have tried improving it:
I co-developed and sponsored NYU’s Cybersecurity Symposium for Women to bring in new midcareer pros blog.trailofbits.com/2014/09/29/nyu…
I taught an intro session on exploitation at NYU’s Cybersecurity Summer Program for High School Women. blog.trailofbits.com/2014/07/28/edu…
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!