Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Turning GPS Tracking Devices Against Their Owners

timothy posted more than 2 years ago | from the foursquare-be-damned dept.

Privacy 46

ancientribe writes "Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, your car, your pet, or a shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location. A researcher demonstrated at SOURCE Boston how he was able to hack Zoombak's popular personal tracking devices."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Matter of time (4, Insightful)

jhoegl (638955) | more than 2 years ago | (#35911102)

As a consumer, I assumed security.
As a technological thinker, I feared this.

Re:Matter of time (0)

Anonymous Coward | more than 2 years ago | (#35911256)

Man, I wish there was a +1 Poetic.

Have a nice day, and a +1 Insightful instead.

Not there yet... (1)

syousef (465911) | more than 2 years ago | (#35913944)

As a consumer, I assumed security.

As a technological thinker, I feared this.

Joke's on them. The GPS in my Nokia phone is so piss poor as to be unusable. 5-10 mins to lock on a signal and requires clear view of the sky (In pocket won't do). If they try to track me using that my response is simple laughter. :P

say it isn't so! (5, Funny)

Nyder (754090) | more than 2 years ago | (#35911110)

Technology can be hacked and used against you? Dang.

Re:say it isn't so! (0)

Anonymous Coward | more than 2 years ago | (#35911316)

Everybody knows tech can be used for bad, but ZOMG! TFA says this is the worst ever! We are doomed. Doomed, I tell you!

Well duh! (1)

Anonymous Coward | more than 2 years ago | (#35911136)

If everyone has access to the information (signals flying through the air) it will eventually be used against you! This is yet another reason why people should never carry their phone all the time, unless you don't mind being tracked.

Privacy these days is a dying luxury!

Re:Well duh! (1)

tripleevenfall (1990004) | more than 2 years ago | (#35911162)

If you were really that worried, you could turn the phone off and/or take the battery out until you were ready to phone home.

Re:Well duh! (2)

Nialin (570647) | more than 2 years ago | (#35911418)

Android user here: I can to go Settings > Location & Security and turn off "Use Wireless Networks" and "Use GPS Satellites" location settings.
Any time I use an app that requires location information, it cannot find me.
Additionally, with those settings turned off, when I take a picture and look up the EXIF Data [exifdata.com], the GPS information is blank.

It may or may not be as secure as I think it is, but that's pretty efficient in my book.

Re:Well duh! (2)

plover (150551) | more than 2 years ago | (#35911542)

It's not an "if". Anyone who cares to has access to the signals your phone is sending through the air. Never forget that the act of transmitting radio signals is called broadcasting for a reason. Even if an eavesdropper can't decrypt your encrypted signal, they can do simple traffic analysis to identify when and where, and use other investigative methods to figure out who, and possibly what.

People don't really think about their own privacy much, and if they do they simply assume it just works via magic or something. They put on mental blinders, and pretend they're not being monitored. They even demand laws that say "you shouldn't listen to someone else's cell phone conversation" but they can't technically stop someone who is willing to violate the law.

Hey, if you want privacy, give up the tell-tale broadcaster in your pocket. Drive an old car that doesn't have a data recorder. Stay out of cities that are covered with cameras. Go live in a cave. The surveillance society has quietly but effectively emerged in the last 40 years. If you want to avoid it, you have to leave it.

Re:Well duh! (0)

Anonymous Coward | more than 2 years ago | (#35920230)

If everyone has access to the information (signals flying through the air) it will eventually be used against you! This is yet another reason why people should never carry their phone all the time, unless you don't mind being tracked.

Privacy these days is a dying luxury!

That's not what the article is about.

It's about embedded devices which are GPS-aware, and then communicate updates back to a centralized server. This appears to be done mostly by plaintext SMS messages delivered via cell towers.
He wrote about how it's pretty simple to sniff the SMS traffic and get information which might be useful for some kind of malicious activity. For example, you could learn police patrol routes, delivery/pickup times and locations for armored cars or ATM vendors, mail delivery, the competitors shipping patterns, or the route that a small child takes to school each day.
Then he writes about how it's easy to either fool the device so that it's getting location info from a source you control instead of its on-board GPS. He hints at the other option which is to spoof the SMS from an entirely different device. In either case, since there's NO security you could use it to feed false data to the dispatcher or whoever is supposed to be monitoring the device. I'm pretty sure your imagination can come up with more than one scenario where it would be useful to delay alerting anybody that a child or vehicle is not where it is supposed to be.

Do apps that fake GPS location work? (1)

Anonymous Coward | more than 2 years ago | (#35911210)

The Android market has an app that claims to change a device's GPS location. Is their an equivalent for cell tower tracking?

How about deleting location cache file.

Re:Do apps that fake GPS location work? (1)

i-linux123 (2003962) | more than 2 years ago | (#35911276)

No, they do triangulation via several towers.

Re:Do apps that fake GPS location work? (2)

wzzzzrd (886091) | more than 2 years ago | (#35914176)

That's not triangulation. It's triangulation if you know the ANGLE, which you don't in case of towers, because all these towers measure is the STRENGTH of a signal.

If you happen to know the STRENGTH of a signal from 3 towers at a given time, you would then use Trilateration [wikipedia.org] to get the position.

Many people get that wrong.

drones land on southern hillary, droids debark (-1)

Anonymous Coward | more than 2 years ago | (#35911218)

steaming vdo everywhere (on the surface) now. doesn't seem to bother (the surface) the droid equipped droids. down under southern hillary, things are different. those citizen whiners are still begging for oxygen, life jackets, pontoons, anything to help us get out from under.... things will be better when we're airlifted to the mormormonics' stadium in mebotuh. that's not what the droids in the drones are here for? just an exercise? another upcoming biblical event? more hot (inferno) air? no device could out hunt god & jesus almighties, & their posse of chosen ones' weapons peddlers, genociders, depopulationers, hymen traders etc...

Turn Off The Drama Valve! (1)

IonOtter (629215) | more than 2 years ago | (#35911258)

Hijacking? Kidnapping??? Who IS this guy, Donald Rumsfeld using a nom-de-plume? Or perhaps a nom-deguerre as the case may be.

How about just saying someone could use it for mischief, instead of giving us the Ultimate Doomsday of Deadly Doom?

Re:Turn Off The Drama Valve! (2)

Jason Earl (1894) | more than 2 years ago | (#35911318)

In his defense most of the people that use these devices do so because they are concerned about their cargoes being hijacked or their children being kidnapped. If that is not the case, then more traditional means of tracking cargoes and children are probably more than adequate.

Re:Turn Off The Drama Valve! (2)

Ronin Developer (67677) | more than 2 years ago | (#35911658)

While I would say you could be correct, I would suspect most people use their devices to track their vehicles or suspected cheating spouses and boyfriend/girlfriends and errant teenagers. The original Zoombak's were designed for tracking pets - dogs - not people. Though, what people use them for is their own business.

This guy is trying to drum up business for his consulting firm. This isn't to say his attack isn't real or represent a real threat to the industry. But, for the common thief or sexual predator to be able to locate a specific device and spoof it is probably not economically feasible right now. I would have to doubt that Zoombak would let a device attach to anything other than a specific server and port. He might be able to spoof one specific device, but he probably didn't much further than that.

And, I suspect that Zoombak and their new parent company, Securus, will close the hole this guy identified rather quickly.

Re:Turn Off The Drama Valve! (2)

nedlohs (1335013) | more than 2 years ago | (#35911598)

He's talking about devices specifically designed to track cargo in transit and to tell paranoid parents where their kid is at all times. So he's pointing out that these devices not only don't help with what they are designed for but in fact make things worse.

Note to self: (3, Interesting)

Locke2005 (849178) | more than 2 years ago | (#35911330)

Leave my cell at home when I'm out cheating on my wife.

Re:Note to self: (1)

crossmr (957846) | more than 2 years ago | (#35911608)

or just marry a woman who can barely turn on a computer...

Re:Note to self: (0)

Anonymous Coward | more than 2 years ago | (#35914766)

Or marry a woman you don't want to cheat on?

Re:Note to self: (1)

lsatenstein (949458) | more than 2 years ago | (#35912492)

Knives don't cut food, only fools who put their fingers on the knife handles and make oscillating motions cut food. Don't blame the knife, blame the person. Why not use a bandsaw at home. Home is really a place for high powered utensils.

Re:Note to self: (2)

drinkypoo (153816) | more than 2 years ago | (#35914016)

Uh, or just take out the battery, so she doesn't see that you left it.

I take out the battery when I go places sometimes just to confuse the tracking systems.

It's amazing how we have brought these listening devices into our lives...

Slashdotted article reposted following (2)

masterwit (1800118) | more than 2 years ago | (#35911470)

The article was quite Slashdotted, bad link, or something... found it and reposted below.
(Also, I found the bold sections funny.)

Weaponizing GPS Tracking Devices

Posted by Kelly Jackson Higgins on Friday Apr 22nd at 5:05am
Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, car, pet, or shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location, a researcher has discovered.

Security researcher Don Bailey at SOURCE Boston today disclosed the newest phase of his research on the lack of security in embedded devices, demonstrating how he is able to hack vendor Zoombak's personal GPS locator devices in order to find, target, and impersonate the user or equipment rigged with these consumer-focused devices. Bailey, a security consultant with iSEC Partners, decided to call out the widely available products from Zoombak after the vendor and its parent company Securus Inc. didn't respond when he alerted them about the security weaknesses. Mitigating these attacks would only require a few simple changes to the product, he says. Meanwhile, the threat is real, he says. "Anyone with a little hardware knowledge could reverse-engineer this," he says. "Children are physically at [risk] because these devices can be turned into weapons."

Bailey also released tools today for each of the three attacks he demonstrated at SOURCE Boston.

"Embedded devices are low-cost, easy to use, and easy to debug. And the security landscape is very small," Bailey says. "There is very little capability for integrating secure communications on the devices and ensuring that it's your code executing on there."

The underlying issue is that the low-cost and rapid commoditization of these embedded systems precludes their being properly secured. "There's a low entry point for people to develop them, so you have a serious problem because new developers and new startups don't have an understanding of security. It's an insecure product by default," he says.

Embedded system security is tricky in that there are so many moving parts in the final products, including baseband, GPS firmware, application firmware, and SIM software, according to Bailey.

It's not just consumer GPS tracking devices that are vulnerable, either. Bailey says he was also able to hack server SCADA embedded systems. "I was able to remotely compromise the box in its entirety" via the microcontroller on it, he says.

With the Zoombak device, Bailey was able to discover the tracking devices, profile them, using what he calls "war texting," to intercept their location. Zoombak uses a Web 2.0 interface that provides a map showing the GPS-equipped person or payload's physical location. The devices receive commands via SMS text messages.

In the first attack, Bailey forced the device to send him its physical location using techniques to grab the GPS coordinates and local cell tower information. "I can force those devices to bypass the manufacturer's controls and give me their information and they have no idea that I've intercepted their location," he says.

Once he fingerprinted the device, he can determine just what it is. "I know if it's a semi, a mail van, or a teenager driving the family car just by watching the vehicle for a certain period of time. I can use traffic cameras on Google satellite," he says. That would leave the GPS-outfitted person or payload prone to physical attack, he says.

Bailey was also able to impersonate the Zoombak personal GPS tracking device. "I use it as a weapon to fake the location data. If it's a truck on I-70, I can take the device and force it to send false location to the server and meantime, could hijack the truck," he explains. Zoombak's command and control channel is in the clear, unencrypted.

These devices could be locked down with some type of PKI on the microcomputer to encrypt the communications between the device and its server, Bailey says. "I can just sniff the line and see all of the data in plain text. I shouldn't be able to do that so easily; it's pretty ridiculous," he says.

Another protection would be to ensure that when a device on a 3G network that it cannot interact with other 3g devices: it should only be able to speak with the manufacturer's server, he says. And he suggests network partititioning, which also would help secure these devices.

Zoombak had not responded to press inquiries as of this posting.
(source [darkreading.com])

Think of the children!

Re:Slashdotted article reposted following (1)

ShakaUVM (157947) | more than 2 years ago | (#35917124)

>>"by watching the vehicle for a certain period of time. I can use traffic cameras on Google satellite"

Wait... what?

That's the ticket (0)

Anonymous Coward | more than 2 years ago | (#35911520)

Years ago I made a double layer heavy duty aluminum hat (similar to the one I wear) for my cell phone. It can no longer read my thoughts and the rays from the cell towers no longer bother it. I don't think the towers can read it's thoughts or see it's location either. The phone never has functioned well, but it is attractive.

Does anybody have a copy of his presentation? (1)

Ronin Developer (67677) | more than 2 years ago | (#35911586)

I suspect Zoombak will close the hole fairly quickly. Fear not.

I would love to read more on his methods.

The question is which Zoombak devices did he compromise? Was it their Zoombak 520, 521 or the Securus eClick (Zoombak was acquired by them) series?

Re:Does anybody have a copy of his presentation? (1)

Anonymous Coward | more than 2 years ago | (#35912806)

I doubt it, the actual product was a contract to design by an off-shore firm; a couple of years back, I met the bulk of their technical staff. They might be bigger now, but it would take handshaking and confirmation codes, maybe even physical changes on both the targets and collectors, in short a lot of work. While zoomback is (or was) 'lean and mean', they do have some seemingly deep corporate pockets, so they shouldn't have any problem funding the change. The question is, can they get a stable solution out quickly enough to save their market position?

Alternative ideas (2)

AlienSexist (686923) | more than 2 years ago | (#35911910)

Or kids could use them to fool their parents or criminals to forge an alibi. Instead of impersonating someone else.

Click on our website: ( http://www.fullmalls.com (0)

xiaojiekfd (2061970) | more than 2 years ago | (#35912216)

Click on our website: ( http://www.fullmalls.com/ [fullmalls.com] ) Website wholesale various fashion shoes, such as Nike, Jordan, prada, also includes the jeans, shirt, bags, hats and decoration. Personality manufacturing execution systems (Mes) clothing, Grab an eye bag coat + tide bag Air jordan(1-24)shoes $30 Handbags(Coach l v f e n d i d&g) $35 Tshirts (Polo ,ed hardy,lacoste) $15Jean(True Religion,ed hardy,coogi) $30Sunglasses(Oakey,coach,gucci,A r m a i n i) $15 New era cap $12 Bikini (Ed hardy,polo) $20accept paypal and free shipping ( http://www.fullmalls.com/ [fullmalls.com] )

Yes (1)

Anonymous Coward | more than 2 years ago | (#35913110)

I run a server to host these tracking devices. The communication protocol used is very ridiculous on most cheap/affordable devices (haven't tried the top of the line devices, as there is little market for them). Handshake is just a simple 'Hello this is device #XXXXXX' and the whole session is just based on that simple handshake. There is NO authentication, NO encryption of any kind. Any person with basic knowledge of the device can wreak havoc on the server just by using simple perl script. Mind you that the broken security of the server is caused by the limitation of the device. While we, operators, can freely design our own server, the communication protocol is limited to the closed-source tracking device. The tracking device itself (at least our main product) even have a very simple authentication scheme (to configure via sms). I bet that your bank pin is 4 times more secure than it.

The limitation on data encryption is mainly because of the microcontroller used. In many products, it's just as powerful as your typical arduino boards. There's just simply not enough power to do the extra encrypting job. There's also the issue of battery life in case of emergency situation.

While I agree that this whole thing is stupid, even I as an operator, I can not do anything except nag at the supplier to somehow improve/fix it for the future models.

-Something unexpected surprise-- (-1, Troll)

irislll (2062784) | more than 2 years ago | (#35913184)

-Something unexpected surprise-- Hello. My friend === http://www.happyshopping100.com/ [happyshopping100.com] ==== Dedicated service, the new style, so you feel like a warm spring!!! WE ACCEPT PYAPAL PAYMENT YOU MUST NOT MISS IT!!! thank you!!! Believe you will love it.

A call for Timmeh's removal as a /. janitor (1)

Gordonjcp (186804) | more than 2 years ago | (#35913464)

You'd think he'd know the difference between "hackers" and "crackers", right? Oh no, not him. He keeps peddling the use of "hacker" as an offensive pejorative term.

It's not all bad (1)

slackzilly (2033012) | more than 2 years ago | (#35913674)

I just turn off the 'Location' as it is called in the n900 settings menu. I don't need it.
If I travel somewhere and want to use the gps, i turn it on again. It is not that difficult.
When I am in another city or abroad, I want people to be able to track me, in case something happens to me.

Oh think of the children! (0)

Anonymous Coward | more than 2 years ago | (#35913880)

Quote from the article:
"Anyone with a little hardware knowledge could reverse-engineer this," he says. "Children are physically at [risk] because these devices can be turned into weapons."

Stopped reading the article when reaching that point. Sorry, you lost your credibility there...

Sounds Like FUD (1)

Ronin Developer (67677) | more than 2 years ago | (#35914824)

Did he actually demonstrate SPOOFING a message from an arbitrary Zoombak device (i.e. one he did not have physical control of) OR did he send a message from one who's SIM he removed?

Unless he demonstrated that he can SPOOF any Zoombak device at any time, all he did was capture a request to the device, figure out what the response looks like, and send back a bogus response to their server. And, he destroyed the device in the process to get the SIM out. So much for his warranty.

So, where is the insecurity, exactly?

Now, if he actually demonstrated the ability to locate arbitrary Zoombak devices using this technique or spoof arbitrary Zoombak devices, it's clear this "expert" is creating FUD for his 15 minutes of fame. I would love to read his paper or see his presentation if the former were the case because then it becomes relevant.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account