Slashdot Mirror
Thieves in South Africa Hit Traffic Lights For SIM Cards
arisvega writes "Some 400 high-tech South African traffic lights are out of action after thieves in Johannesburg stole the mobile phone SIM cards they contain. JRA (Johannesburg Road Agency) said it is investigating the possibility of an 'inside job' after only the SIM card-fitted traffic lights were targeted. The cards were fitted to notify JRA when the traffic lights were faulty. 'We have 2,000 major intersections in Johannesburg and only 600 of those were fitted with the cards,' the agency's spokesperson Thulani Makhubela told the BBC. 'No-one apart from JRA and our supplier knows which intersections have that system.' The thieves ran up bills amounting to thousands of dollars by using the stolen cards to make calls."
SIM cards are typically protected with a SIM card. That protection was either deactivated (which is stupid), or the inside job goes much deeper than that.
Fix the GSM system so that these sims can only call one number. It takes about five minutes to accomplish and the thieves would quickly learn that stealing these sims is a waste of time.
'No-one apart from JRA and our supplier knows which intersections have that system.'
That's their defense regarding how they managed this not to happen? Security through obscurity? Really? Does people never learn?
The thieves ran up bills amounting to thousands of dollars by using the stolen cards to make calls.
I guess more people that we think are in on it. The theft should have been discovered really fast, since the lights were out, and it should be only logical to assume the cards were stolen in order to make calls. So why weren't they blocked sooner?
Why have GSM cell? fiber / wifi / microwave / e-net are cheaper when you look at the high cost of GSM data?
In use most lights use wired base cables for data passing to other lights / the data center.
The cost of GSM data isn't very high when all you're sending is "help I'm not working correctly". Since the link serves no other purpose, four bytes should be enough to send a basic diagnostic code.
SIM cards cost about ten cents, basic GSM hardware maybe a few dollars, and I think it's safe to assume all the poles are on a shared data plan.
Isn't it possible that the thieves worked this out, and only targeted the lights with the antennas ?
Why have GSM cell? fiber / wifi / microwave / e-net are cheaper when you look at the high cost of GSM data?
In use most lights use wired base cables for data passing to other lights / the data center.
Because outside of North America, the GSM system is significantly more robust than the alternatives, and allows you to lock down the communications. Of course, the fact that these SIMs were not locked down smacks of either incompetence or that the people setting up the system were in on the heist.
If they made voice calls, the SIMs had to have some kind of voice plan on them, and the fact that the government actually allowed that for traffic lights is nuts!
Would it not have been fairly simple to put in some sort of security that basically warned when an authorized SIM was being used outside what should have been a fixed location? Hell for that matter wouldnt a simple alarm when the sim was removed been sufficient. Hard to believe a team of engineers would overlook or simply dismiss such a gaping flaw.
GSM data isn't cheap; but(at least in reasonably densely settled areas) it works more or less everywhere and the modules needed to add support for it are quite cheap.
More importantly, if the description that these were a 'fault alert' system is accurate, this is not a data-heavy application. Perhaps a few SMSes, per unit, per year, unless the units are really crap, or have to survive an especially brutal environment.
While(at least in the US) most telcoes wouldn't bother to spit on you if you asked for such a plan in quantity 1, I would strongly suspect that "We need 600 units, with the possibility of some thousands more over the coming years if things go well, SMS/GPRS only, low per-node usage" would get you a price that would be pretty favorable compared to rolling your own infrastructure.
If your plan is to put a battery of surveillance cameras on every streetlamp, or create some grand-unified-city-sensor-net, then cellular isn't going to be so hot; but it actually works pretty well for low frequency data reporting in settled areas...
So, why didn't they lock the sims to the IMEI? Are the carriers in SA so backwater that they can't provision a SIM that's limited to sending a text message to 1 or 2 places?
Just another case in which a little preparation would have saved a LOT of money.
I've purchased GSM SIM cards on plans with no ongoing costs - you only pay for the data transmitted.
If the devices are not reporting frequently, and only need to send short messages indicating faults or general device stats (eg a daily 'all is well' SMS) then the transmission costs are quite low.
Embedded GSM modems are not particularly expensive either. You can buy a SMT GSM module from Sparkfun for under $50, and they are even cheaper wholesale.
The other technologies all need the deployment of a complementary data network. Given that most modern cities have some form of cellular network that is maintained by someone else, cellular is very cost effective.
There are several companies that offer data only cards for machine to machine use. These cards would no doubt be a cheaper solution as well.
The reason GSM is used is because the infrastructure is already in place and utilizing it costs a lot less than setting op your own custom system.
The GSM antenna is very small and can be concealed very easily.
Stealing 400 sim cards seems way beyond the rationality of simply making calls. A better bet is that some calls were made to centers which charge fees like some phone sex numbers. That way substantial money could be made before the cards were disabled. It seems like a fairly good scheme, but not good enough to make enough money to be worth the risk. It sounds like organized crime by some small-time organizers. I would expect that most likely the numbers called were to a country which would not cooperate will with investigation. The crime is not likely to be easily repeated, so the planners now need a new plan. It would be interesting to learn what results from this. Clearly the group which installed the system needs to make a better plan.
Ray Seyfarth, ray.seyfarth@gmail.com, http://rayseyfarth.blogspot.com
why not put a sign with a number to call as well as providing a unique number so motorists can use their cellphones to notify the city?
Why have GSM cell? fiber / wifi / microwave / e-net are cheaper when you look at the high cost of GSM data?
High cost of GSM data? What are you talking about?
Are you posting from South Africa? How would you know the cost? Its the government. They may get all the sims they need by edict for all you know.
Nothing in the story spoke about GSM DATA. These were probably simple calling sims. If they were DATA only sims (like used in the Nook and other devices) the thieves would not be able to run up a phone bill.
Sig Battery depleted. Reverting to safe mode.
Are these really that valuable? Why aren't they limited by the carrier to a small amount of data and nothing else.
The vendor who built this system should have used an encoded PIN to tie the SIM to the embedded system it was built into. That way the SIM on it's own is fairly useless without the rest of the electronics.
They also should have had a 'phone home' facility so that whoever is monitoring the system would have noticed when the systems were compromised.
Fitting tamper switches to the enclosure (door opened, removed from pole, etc would have been smart.
Checking the bills on the cards to see where they are calling, how much has been spent, etc would have been smart
That would of course require someone to be routinely monitoring the system (it's not like traffic lights are there to save lives is it) so that things like this are not a surprise.
This really sounds like a system built by the cheapest tenderer - not unusual for a government organisation.
Simple solution - all SA networks allow free call-me-back (**#) on zero balance prepaid SIMs. (2am in Durban :)
Because a solution should be cost effective for the environment.
GSM is an infrastructure that's already in place. Everything else, you'd have to build out the infrastructure yourself.
I wonder if they changed the default PIN code, which is AFAIK stored in the SIM card. They could have limited the damage by limiting the number of people that know the PIN code, and also they would have reduced the number of suspects, in case the PIN was leaked too.
The cost of GSM data isn't very high when all you're sending is "help I'm not working correctly". Since the link serves no other purpose, four bytes should be enough to send a basic diagnostic code.
The system I worked on also transmitted data about traffic density and the timing of the signal controller. Each controller negotiates with adjacent intersections to agree on timing so that delays at red lights are minimised. Also traffic engineers can log in to tune the system. Traffic volume data is also transmitted through the link. In that system we used 300 baud modems on hard wired land lines. The system polled so maybe every two seconds you would see 64 bytes going in each direction. Thats about four megabytes per day. Not much for a 3G link these days but it is possible the South Africans are integrating speed and red light cameras with the same system. That will obviously push the data requirements up.
http://michaelsmith.id.au
GSM requires zero infrastructure. No digging of trenches or stringing of cables. When I worked on traffic systems we used photovoltaic power and cellular communications anywhere we might have had to trench more than 100 metres or so. Now the wireless solutions are still cheaper and labour is increasingly expensive. Ten metres of trenching would probably justify using wireless.
Our hard wired leased lines were changed such that we located our severs in the same exchange areas as the signals. We had twenty of the things. We 3G you could use a single data centre for a single country and cut down on infrastructure further.
http://michaelsmith.id.au
South Africa is a hell-hole, just like detroit.
Surely the cards should have been restricted to calling one 'phone numbrer only ???
It does sound like an inside job... but I suppose they do need to implement a solution now.
Since the SIM cards themselves are pretty cheap, they're not making money off the raw materials or anything.... just do the following:
1. Work with the cell phone company to lock the SIMs to only dial a list of phone numbers, everything else fails and notifies someone.
2. Super glue the SIM cards in the slot or encase the local area around them in some kind of epoxy or acrylic... SIM cards shouldn't need to be replaced or fail before the electronics.
but how will they get there cut the phone companies likely will not a 3rd party after some this big.
In related news, police have issued warrants for 400 traffic lights in connection with recent phone fraud. If you encounter a traffic light, exercise caution.
...why are you calling from a traffic light?
in the us the data link is more then just fault alert lights are linked to each other some of same Controllers are used on ramp meters , lane control systems and more as well passing data on traffic levels.
any ways us data costs are high like $.01/KB, 1 MB - $4.99, 100 MB $19.99/mo or $35.00 for 200meg and then $0.10 per meg and that's the per line costs.
'No-one apart from JRA and our supplier knows which intersections have that system.'
This reminds me when my Dad's RCA location put up a chain link fence around the place. The next weekend, the fence was stolen!
Well, duh! That fence was probably sold to another customer a week later.
So I would think that someone at "JRA and our supplier" has a friend at a bar, and one night he said, "Oh, did you know that there are SIM chips in traffic lights now . . ."
Profit split.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
South Africa is chock full of niggers. You can't have anything worth anything out in public around those people. If it was an inside job, then almost certainly it was an apefirmative-action hire that gave the information to his nigger cohorts. No doubt they sold the cards in da hood to buy crack or jenkem. TNB, nothing more.
The headline should have said "Horny Traffic Lights in Johannesburg Rack Up Thousands in Phone Bills as Public Outrage".
Surely an "I'm still alive signal" sent at regular intervals would be a better option, as it would detect failures that interrupt the connection. Like this one.
This signature is esoteric
Are you nuts... have you ever been to Johannesburg... there are over 100,000 (yes, over one hundred thousand traffic lights in Johannesburg alone). Johannesburg is not a little village... it is a massive city with over 5 million people living and working there. The networking costs would be huge. Far cheaper to simply use the existing GSM network... remember, the lights are not sending monitoring data (i.e. they do not need a sophisticated data link like GPRS), they are just sending status or fault alerts which are better send using SMS or USSD
My prepaid 3G data SIM card is incapable of phone calls, so I know that GSM/UMTS has the ability to provide voice, data or both. As other people have said too, why was the SIM PIN not used? If the SIM PIN was enabled then the knowledge of that PIN should be tightly held and would give a clue to the 'inside' job nature.
Another protection would be IMEI locking with the carrier so the SIM couldn't be used elsewhere. When you put infrastructure in public then you need to be paranoid. We installed our GSM modems at the top of 275kV and 500kV power pylons, which have their own anti-climb features and a rather unhealthy sounding corona discharge.
Those prices you quote are for a person (notice the article) with one phone. I guess the even prices in the US will be different if you buy it bulk (hundreds of traffic lights). And - in the rest of the world, the prices are A LOT better - i (in Estonia, EU) pay about 6$ per month for unlimited traffic on my cell phone - only the speed is capped at 2mbit - and i am not buying bulk and the traffic lights do not need unlimited traffic.
There is no such thing as a "data only sim". The GSM data vs voice lockup happens on the mobile operator's network side not on the sim card.
They say it is an inside job because they only targeted the ones with SIM cards. So they didn't take the SIM cards out of the ones without SIM cards? Does that make sense? Are the traffic lights different between the ones with and without SIM cards? If so, once you knew which ones were different, it would be easy.
It doesn't even make sense. They took 400 and ran up huge bills. Stealing 400 SIM cards from 400 traffic lights must take time to do, and if the lights stopped working at that point, why didn't they immediately check to make sure they weren't being used? If the lights don't stop working when the SIM cards are removed, why are they "out of action" now? It's not like you can take a SIM card, run up thousands a dollar bill on it in a few minutes. Did they take them, put them all in phones and start downloading the entire wikipedia database or something? While outside of the country. Roaming.
For any system that you design, please always ask the questions: What if someone tries to abuse this? How can I prevent that?
Because people will! In fact, some of them may be better problem-solvers than you are. Count on it.
GSM data is dirt-cheap for the phone company, so if you are in a position to negotiate and there is some competition, then GSM is definitely the simplest way and infinitely cheaper than laying a cable (if you don't have a data cable already there for other purposes). If you need to transfer common sizes of data (excepting, say, video from traffic cameras), then there is no reason for GSM data to be expensive at all.
For example, in banking here I've seen now a trend for credit card POS terminals in various vendors (typically restaurants) to use a GSM-connection for calling the bank, as it's cheaper than landlines and mobility for POS terminals is automatically included so they can bring the device right to the customer table.
If companies in my place are offering mobile internet (no calls, just an USB GSM modem to plug in your computer) for 12$/mth to consumers with a 5g cap; then I assume that a mass purchase for an expected use of 200mb/month would get a price of 5$/month/light. So, including the data costs and GSM hardware, the mobile connection cost is approximately equivalent to digging a ditch for the first ten feet of cable...
Anybody know how to make those things trip if you're on a motorcycle?
Other alternatives (if you're waiting to make a left):
1. Waiting forever.
2. Make a right turn, a u-turn up the road, another right turn, a u-turn, and another right turn.
I'm not a lawyer, but I play one on the Internet. Blog
GSM data isn't cheap; but(at least in reasonably densely settled areas) it works more or less everywhere and the modules needed to add support for it are quite cheap.
In the UK, GSM works damn near everywhere (there are a few places where I need to break out a yagi, in the north of Scotland), and GSM and GPRS data is too cheap to be worth billing for. In many cases if you just want to send control and status messages you'd just use SMS, which is free.
The cost of GSM data isn't very high when all you're sending is "help I'm not working correctly". Since the link serves no other purpose, four bytes should be enough to send a basic diagnostic code.
With 160 bytes being able to send some quite extensive diagnostics.
One cheap way to do things would be to use prepaid SIMS which will at most have enough credit to send 5-10 texts.
This is probably due to the new RICA legislation that requires one to provide ID and proof of residence in order to obtain a sim card. http://www.helkom.co.za/pages/rica-sim-card-registration.php
I work for a South African Construction Company as a SysAdmin and I have to say I was not surprised when I saw this. It is quite stupid when you consider that it is very simple and cost effective to arrange a private APN with the Cell Companies and link SIM cards to it so those sims act like VPN connections, only being able to connect to your network. We do it for about 200 people so how they didn't do something similar and used stock SIM cards I really do not know. Actually I do. There are a range of factors in South Africa that leads to stupid mistakes like this. Firstly there are the power failures. Poorly maintained infrastructure, poor capacity planning, the power is bound to go down even without the summer rain storms. Then you have the fact that Government will only give contracts to Companies with insanely high Black Economic Empowerment levels. You get different levels but to obtain the highest ones you basically have to be an all black company and by from all black suppliers. The problem is, and I know this from job hunting as well as recruiting, that there is a massive skills shortage in South Africa. It is very hard to find a capable IT Professional of any race, and 10 times as hard to find a black one to keep your HR department happy on their quotas. So what happens? You HAVE to employ a black person, but there isn't one with the skills you need so you employ the brightest looking one and train them yourself. But when you have an entire company filled with these types of recruitments there isn't anyone to train the rest. So you have a High Level BEE company that can tender for Government work but who do not really have a clue as to what they are doing. Add to this some bad apples that will leak this info to some shady friends and you have a situation like this. Strangely, I do not think this is not a JRA inside job. They just bought the system. This had to have been an inside job from the IT company that designed the system and knew the SIMs could be used for normal phone calls. Then again, that info could have been slipped to the JRA and the leaked out there. All and all this is what happens when you have a skills shortage in a country and then still try to force companies to employ only certain races regardless if they have the skills or not.
Really? Is making a phone call really that important that you have to plan a major heist to steal some SIM cards so you can call somebody? If you feel you have to call somebody that badly to organize and commit a major crime, then maybe you have a problem. I think it's about time to call Phone Addicts Anonymous.
iaits
Where's the oversight when you allow 2/3rds of them to be stolen before anyone raises the red flag.
In many cases if you just want to send control and status messages you'd just use SMS, which is free.
Perhaps they are on your plan, but not on the pay-as-you-go one I have on my antique Nokia. Yeah, I'm sure you get SMS "free" if you're already paying a fixed monthly rate for calls and GPRS, so if you're only intending using SMS anyway it's hardly free, is it?! (*)
And for non-phone devices using the GSM network for "control and status [SMS] messages" only, it's not likely that they'd be using either of the above tariffs- or anything other that they're likely to sell Joe Public- so they'd probably have a custom agreement with the operator(s), as the OP kind of implied.
(*) I know that the cost is probably negligible to the operators, but they're not going to give it to *you* for nothing if you're not buying anything else off them!
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
The network operator can easily disable all voice calls (or fax calls, or SMS's) for a given SIM. A SIM is a SIM is a SIM, but selling data-only plans is cheap and easy.
Finally! A year of moderation! Ready for 2019?
The costs of GSM data compared to the cost of the rest of a trafficlight is almost 0, even if you use expensive dataplans.
An intersection, with everything, pavement, inductor loops, lights, everything you need for a busy intersection, sets you back about a million.
Gridlock because of a broken light? Expensive.
And when we are talking about fault reports, it's not just "I'm not working!", it's "light X is broken now" if a direction has no working red lights anymore then the whole intersection needs to go into fault state as it can no longer maintain safety. So you want to replace broken red lights BEFORE the whole thing enters fault state.
You wouldn't be using that on a commercial device, though. If you're deploying a large quantity of GSM-enabled devices you'd organise with a provider to have a data-only card which costs some small amount and only allows SMS, for a fixed rate based on how much traffic you're likely to throw at it.
I have free unlimited Skype usage on a pay as you go card that hasn't been recharged since I got it (over a year ago) on Three's network.
So how am I getting this service?
Change is certain; progress is not obligatory.
You wouldn't be using that on a commercial device, though.
Well, obviously- that's exactly what I said in the second paragrap!
On the contrary, you were the one who originally said that SMS was "free", which I pointed out only applied to certain consumer tariffs, then went on to say that such devices sure as heck wouldn't be using those tariffs anyway...!
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
So how am I getting this service?
Well, you're sure as hell not getting it via 140-byte SMS text messages, which is what I was talking about!
Now, while I'll concede that my argument was in truth more about the principle of the thing (rather than SMS specifically) and you *are* getting something for nothing, I'd argue that they're doing this in the expectation- or hope- that you'll probably use their paid Skype services(?) or other services(?) at some point.
Then again, I suppose they could also give away SMS for free to encourage people to use their phones in general, so it would depend what point one wanted to make anyway. (^_^)
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
I was in SA recently, and those are typical rates. That country sucks for Internet.
Am I the only one thinking it would be cool to put radio repeater stations capable of transmitting a few blocks in each traffic light? Sure the initial expense would be a little higher, but you could probably sell the service to the local telcos, and use the network as an internet backbone or myriad other things.