![featured image](/content/images/2020/05/bluetooth-1.png)
I recently traveled far as hell and needed a rental car. Since most
rental cars are up to date and NY has a "no cell phone" law while
driving (you can\'t hold your phone in your hand) I decided to use the
Bluetooth option and pair with the car's onboard audio system, allowing
me to play music and get phone calls.
As I got home I started to wonder how many other people used this
feature and if they deleted their information after using the car. As
expected, there was a long list of people who did not remove their
information before turning the car in.
### What could hackers find out about you {#whatcouldhackersfindoutaboutyou}
For the sake of not putting anyone\'s info out there, I have redacted
everything but the fields in the picture below. Once you pair your
mobile device with the car, anyone can see the phone manufacturer, model
number, bluetooth MAC address, Carrier, and supported profiles.
![image of paired device](/content/images/2020/05/bluetooth-2.png)
Now the phone manufacturer, carrier, and supported profiles aren\'t
overly important. However, the model number and bluetooth MAC address
are important not to share.
The model number is usually not a big deal. These tend to be very
generic and country/carrier specific. If you look at the Verizon iphone
7 the model number reads \'Keheira\'s iPhone\' or \'iPhone A1660\'.
Now the MAC address is even more dangerous than your name. When you get
a new device whether it be a phone, computer, ipad, dvd player, tv, ect.
it has a MAC address. A MAC address doesn\'t change and thus having it
is equal to someone stealing your identity.
*What is your Mac Address: It\'s a unique address given to a device. Ex:
\'keheira.github.io\' being assigned to only my laptop. Nobody else in
the world would ever have that web address (this is actually partially
true just because of how my name is spelled lol).*
### What one can do with your bluetooth information {#whatonecandowithyourbluetoothinformation}
[MAC
Spoofing](https://tails.boum.org/doc/first_steps/startup_options/mac_spoofing/index.en.html)
is the biggest worry. For example, someone can use your MAC address and
walk around pretending to be you. This could allow them to be verified
by anything looking for your MAC address, like an Apple watch, car,
computer, echo, google home, alarm system , or medical devices. Think
about how much info those devices hold. If you work for a company where
secret things are going on, then this can become a big professional
risk.
Getting access to one\'s personal items can be the open door that an
attacker is looking for. If we are talking medical devices or connected
devices then you basically have given someone a free pass into your
life.
Ex: Say your an important researcher working on a new super secret
technology. I\'ve been following you and you recently returned a rental
car. After being sneaky to search the vehicle before it\'s cleaned I
find that your device information is still stored. I take down the
details and can now perform MAC Spoofing. I hang around your place of
residence while your away at work and your computer autoconnects to my
device. Using some other tools I can now go search your computer and
find plans or emails about this super secret technology. Give me about a
week or two more of information gathering and I can now send your boss
an email a report on what I learned about the company and some
suggestions on how to increase security.
Now, this is an extreme & maybe improbable situation but I do think
people should be aware of how damaging these \"leaks\" could be.
### The Lesson without Explanation {#thelessonwithoutexplanation}
I know security isn\'t everyone\'s thing but as a day to day person
**unless a car is yours make sure you go back in and delete your
information when you give it back.** You might think it\'s harmless but
with cars being so connected now you are taking a risk on your device
and personal security.
*Thanks to [Adarsh](http://cylinder.digital/) & Amber for reviewing*