Slashdot Mirror
Turning GPS Tracking Devices Against Their Owners
ancientribe writes "Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, your car, your pet, or a shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location. A researcher demonstrated at SOURCE Boston how he was able to hack Zoombak's popular personal tracking devices."
As a consumer, I assumed security.
As a technological thinker, I feared this.
Technology can be hacked and used against you? Dang.
Be seeing you...
In his defense most of the people that use these devices do so because they are concerned about their cargoes being hijacked or their children being kidnapped. If that is not the case, then more traditional means of tracking cargoes and children are probably more than adequate.
Leave my cell at home when I'm out cheating on my wife.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Android user here: I can to go Settings > Location & Security and turn off "Use Wireless Networks" and "Use GPS Satellites" location settings.
Any time I use an app that requires location information, it cannot find me.
Additionally, with those settings turned off, when I take a picture and look up the EXIF Data, the GPS information is blank.
It may or may not be as secure as I think it is, but that's pretty efficient in my book.
The article was quite Slashdotted, bad link, or something... found it and reposted below.
(Also, I found the bold sections funny.)
Weaponizing GPS Tracking Devices
Posted by Kelly Jackson Higgins on Friday Apr 22nd at 5:05am
Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, car, pet, or shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location, a researcher has discovered.
Security researcher Don Bailey at SOURCE Boston today disclosed the newest phase of his research on the lack of security in embedded devices, demonstrating how he is able to hack vendor Zoombak's personal GPS locator devices in order to find, target, and impersonate the user or equipment rigged with these consumer-focused devices. Bailey, a security consultant with iSEC Partners, decided to call out the widely available products from Zoombak after the vendor and its parent company Securus Inc. didn't respond when he alerted them about the security weaknesses. Mitigating these attacks would only require a few simple changes to the product, he says. Meanwhile, the threat is real, he says. "Anyone with a little hardware knowledge could reverse-engineer this," he says. "Children are physically at [risk] because these devices can be turned into weapons."
Bailey also released tools today for each of the three attacks he demonstrated at SOURCE Boston.
"Embedded devices are low-cost, easy to use, and easy to debug. And the security landscape is very small," Bailey says. "There is very little capability for integrating secure communications on the devices and ensuring that it's your code executing on there."
The underlying issue is that the low-cost and rapid commoditization of these embedded systems precludes their being properly secured. "There's a low entry point for people to develop them, so you have a serious problem because new developers and new startups don't have an understanding of security. It's an insecure product by default," he says.
Embedded system security is tricky in that there are so many moving parts in the final products, including baseband, GPS firmware, application firmware, and SIM software, according to Bailey.
It's not just consumer GPS tracking devices that are vulnerable, either. Bailey says he was also able to hack server SCADA embedded systems. "I was able to remotely compromise the box in its entirety" via the microcontroller on it, he says.
With the Zoombak device, Bailey was able to discover the tracking devices, profile them, using what he calls "war texting," to intercept their location. Zoombak uses a Web 2.0 interface that provides a map showing the GPS-equipped person or payload's physical location. The devices receive commands via SMS text messages.
In the first attack, Bailey forced the device to send him its physical location using techniques to grab the GPS coordinates and local cell tower information. "I can force those devices to bypass the manufacturer's controls and give me their information and they have no idea that I've intercepted their location," he says.
Once he fingerprinted the device, he can determine just what it is. "I know if it's a semi, a mail van, or a teenager driving the family car just by watching the vehicle for a certain period of time. I can use traffic cameras on Google satellite," he says. That would leave the GPS-outfitted person or payload prone to physical attack, he says.
Bailey was also able to impersonate the Zoombak personal GPS tracking device. "I use it as a weapon to fake the location data. If it's a truck on I-70, I can take the device and force it to send false location to the server and meantime, could hijack the truck," he explains. Zoombak's command and control channel is in the clear, unencrypted.
These devices could be locked down with some type of PKI on the microcompu
We should start a new Slashdot and return control to the geeks. It actually wouldn't be that hard to get some users to
It's not an "if". Anyone who cares to has access to the signals your phone is sending through the air. Never forget that the act of transmitting radio signals is called broadcasting for a reason. Even if an eavesdropper can't decrypt your encrypted signal, they can do simple traffic analysis to identify when and where, and use other investigative methods to figure out who, and possibly what.
People don't really think about their own privacy much, and if they do they simply assume it just works via magic or something. They put on mental blinders, and pretend they're not being monitored. They even demand laws that say "you shouldn't listen to someone else's cell phone conversation" but they can't technically stop someone who is willing to violate the law.
Hey, if you want privacy, give up the tell-tale broadcaster in your pocket. Drive an old car that doesn't have a data recorder. Stay out of cities that are covered with cameras. Go live in a cave. The surveillance society has quietly but effectively emerged in the last 40 years. If you want to avoid it, you have to leave it.
John
He's talking about devices specifically designed to track cargo in transit and to tell paranoid parents where their kid is at all times. So he's pointing out that these devices not only don't help with what they are designed for but in fact make things worse.
While I would say you could be correct, I would suspect most people use their devices to track their vehicles or suspected cheating spouses and boyfriend/girlfriends and errant teenagers. The original Zoombak's were designed for tracking pets - dogs - not people. Though, what people use them for is their own business.
This guy is trying to drum up business for his consulting firm. This isn't to say his attack isn't real or represent a real threat to the industry. But, for the common thief or sexual predator to be able to locate a specific device and spoof it is probably not economically feasible right now. I would have to doubt that Zoombak would let a device attach to anything other than a specific server and port. He might be able to spoof one specific device, but he probably didn't much further than that.
And, I suspect that Zoombak and their new parent company, Securus, will close the hole this guy identified rather quickly.
That's not triangulation. It's triangulation if you know the ANGLE, which you don't in case of towers, because all these towers measure is the STRENGTH of a signal.
If you happen to know the STRENGTH of a signal from 3 towers at a given time, you would then use Trilateration to get the position.
Many people get that wrong.
On second thought, let's not go to Camelot. It is a silly place.