We know cyber-crooks love mobile phones to inject and infect you with malware to steal your money, but how about using a smartphone and SMS to steal a car? Last week I mentioned an upcoming Black Hat presentation on War Texting. Don Bailey, a security consultant at iSec Partners, will give his Black Hat presentation called, "War Texting: Identifying and Interacting with Devices on the Telephone Network."
Bailey is one of those security researchers that could scare the snot out of people in regards to what can be done using a smartphone and GPS tracking. Last year at Black Hat, Bailey and Nicholas DePetrillo gave a presentation called, "Carmen Sandiego Is on the Run." In it, as part of the Carmen Sandiego Project, the security researchers tracked down cell phone numbers, identified the person who owned the phone, and then tracked down that person. While that seems like stalking via smartphone, Bailey said, "This is intelligence gathering for civilians. We can find out where you are, who you are, who your talk to, where you are most vulnerable."
We know that spyware can be surreptitiously loaded on smartphones to listen in on conversations or to be used as a stalking tool. If tracking via GPS is "too much trouble," it's possible to purchase your own "malicious cell phone tower." Bailey told Marketplace Money, "It used to cost tens of thousands of dollars -- but no longer. Today you can pick one up for about $1,200. . . . So that you can intercept the voice transmissions, SMS, even data."
In this year's scary smartphone presentation, Bailey is able to send control commands via "war texting" SMS messages in order to affect systems in our physical real-life world According to Bailey, everything from GPS tracking devices, 3G security cameras, traffic control systems, SCADA sensors, home control automation systems and even cars can receive control commands via "war texting."
It took Bailey only two hours to hack into a car alarm system and then start the car remotely by sending it a text message. He told Dark Reading, "What I got in two hours with the car alarm is pretty horrifying when you consider other devices like this, such as SCADA systems and traffic control cameras. How quick and easy it is to re-engineer them is pretty scary." While he declined to say which car-alarm manufacturer, Bailey intends to release his tools to after his presentation, and said, "The idea of war-texting communication with devices over the telephone network is simple."
In another of Bailey's attack scenarios earlier this year, he utilized war texting and a Zoombak GPS tracker which Oprah listed as number 16 on her list of '100 things that are getting better.' In fact, she recommended them to track kids, not cars. "Keeping tabs on your children. Honey, I found the kids: For a mere $100, the Zoombak, a GPS easily stowed in a backpack, will pinpoint your child's whereabouts on a map."
Bailey used Zoombak in his presentation "A Million Little Tracking Devices" [PDF]. In it, he used "war texting" to spam "thousands of numbers with our SMS payload" before analyzing the location data to find interesting targets to impersonate. He demonstrated how the GPS devices could "easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location."
If you are at Black Hat, you should check out Bailey's presentation. In some regards, his 'scary' research to pinpoint and exploit devices which affect people's privacy and security as well as things in the real world, reminds me of other security researchers like Samy Kamkar. Last year at Black Hat, Kamkar showed off a creepy but cool hack that pinpoints where you live and even how to steal your girlfriend out from under you in a presentation called "How I met your girlfriend."