By Ron Benvenisti. Update to previous TLS article, “Power Grab: Are Our Utility Companies Infested With Dangerous Malware? Cyber-crooks love mobile phones to inject and infect you with malware to steal your money, but stealing your car?
Security researchers Don Bailey and Nicholas DePetrillo tracked down cell phone numbers, identified the person who owned the phone, and then tracked down that person. Bailey says “This is intelligence gathering for civilians. We can find out where you are, who you are, who you talk to, where you are most vulnerable.”
In a previous article I explained how spyware can be surreptitiously loaded on smartphones to do a variety of sinister things such as listen in on conversations and used as a location tracking/stalking tool.
Cell phone towers for sale. Cheap!
If tracking via GPS is “too much trouble,” for hackers it’s possible to purchase your own “malicious cell phone tower.” Bailey told Marketplace Money, “It used to cost tens of thousands of dollars — but no longer. Today you can pick one up for about $1,200. . . . So that you can intercept the voice transmissions, SMS, even data.”
Bailey has demonstrated that he was able to send control commands via “war texting” SMS messages in order to affect and control everything from GPS tracking devices, security cameras, traffic control systems, SCADA (which control public utilities such as water, electric, gas, railroad and even nuclear plant sensors), home control automation systems and even cars can receive control commands via “war texting.”
My Power’s Out but… Where’s My Car?!!!!!
It took Bailey only two hours to hack into a car alarm system and then start the car remotely by sending it a text message. “What I got in two hours with the car alarm is pretty horrifying when you consider other devices like this, such as SCADA systems and traffic control cameras” (which I originally reported on). What’s news is, “How quick and easy it is to re-engineer them is pretty scary.” While he declined to say which car-alarm manufacturer, Bailey intends to release his tools to the proper security experts saying, “The idea of war-texting communication with devices over the telephone network is simple.”
Honey, I found the kids!
In another of Bailey’s attack scenarios earlier this year, he utilized war texting and a Zoombak GPS tracker keeps tabs on your children. For a mere $100, the Zoombak, a GPS easily stowed in a backpack, will pinpoint your child’s whereabouts on a map.”
Bailey used Zoombak to spam “thousands of numbers with our SMS payload” before analyzing the location data to find interesting targets to impersonate. He demonstrated how the GPS devices could “easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location.”