Using A Mobile Phone To Steal Cars And/Or Control Public Utility (SCADA) Systems

blackberry textBy Ron Benvenisti. Update to previous TLS article, “Power Grab: Are Our Utility Companies Infested With Dangerous Malware? Cyber-crooks love mobile phones to inject and infect you with malware to steal your money, but stealing your car?

Security researchers Don Bailey and Nicholas DePetrillo tracked down cell phone numbers, identified the person who owned the phone, and then tracked down that person.  Bailey says “This is intelligence gathering for civilians. We can find out where you are, who you are, who you talk to, where you are most vulnerable.”

In a previous article I explained how spyware can be surreptitiously loaded on smartphones to do a variety of sinister things such as listen in on conversations and used as a location tracking/stalking tool. 

Cell phone towers for sale. Cheap!

If tracking via GPS is “too much trouble,” for hackers it’s possible to purchase your own “malicious cell phone tower.” Bailey told Marketplace Money, “It used to cost tens of thousands of dollars — but no longer. Today you can pick one up for about $1,200. . . . So that you can intercept the voice transmissions, SMS, even data.”

Bailey has demonstrated that he was able to send control commands via “war texting” SMS messages in order to affect and control everything from GPS tracking devices, security cameras, traffic control systems, SCADA (which control public utilities such as water, electric, gas, railroad and even nuclear plant sensors), home control automation systems and even cars can receive control commands via “war texting.”

My Power’s Out but… Where’s My Car?!!!!!

It took Bailey only two hours to hack into a car alarm system and then start the car remotely by sending it a text message. “What I got in two hours with the car alarm is pretty horrifying when you consider other devices like this, such as SCADA systems and traffic control cameras” (which I originally reported on). What’s news is, “How quick and easy it is to re-engineer them is pretty scary.” While he declined to say which car-alarm manufacturer, Bailey intends to release his tools to the proper security experts saying, “The idea of war-texting communication with devices over the telephone network is simple.”

Honey, I found the kids!

In another of Bailey’s attack scenarios earlier this year, he utilized war texting and a Zoombak GPS tracker keeps tabs on your children. For a mere $100, the Zoombak, a GPS easily stowed in a backpack, will pinpoint your child’s whereabouts on a map.”

Bailey used Zoombak to spam “thousands of numbers with our SMS payload” before analyzing the location data to find interesting targets to impersonate. He demonstrated how the GPS devices could “easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location.”

Sleep tight! 

Ron Benvenisti

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

4 COMMENTS

  1. Hey Ron, What to do? for some reason cant do a system restore in XP, keep getting “restore incomplete” even in restoring from safe mode.

  2. Do you have enough disk space on your boot drive? If not, Windows will not have enough space to set or recall a restore. Why are you doing a restore?

  3. I have space.
    doing restore because i know i have some kind of malware cuz things are loading slow and I have high speed internet, ran malwarebytes and kaperski scans, still slower than usual.
    Can malware prevent a restore?

  4. @3 Absolutely. Even from safe mode. You need an expert to diagnose if Kaspersky and Malwarebytes can’t fix it. If you want, email TLS for my contact info.

Comments are closed.