Monday, November 10, 2014

Snitch in your pocket

There are an ever increasing number of wireless devices on our person which purport to make our lives 'freeer' and easier than ever before. These devices help us pay for services, communicate with others, and easily connect the various technologies we carry with us. What then are all these new antennas we carry broadcasting to others and what can they infer from this information?
E-ZPass is an RFID or Radio Frequency transponder (transmitter/responder) which, when prompted by a signal, broadcasts information to uniquely identify the device and vehicle. While E-ZPass is designed to automatically collect drivers' tolls; a speaker at Defcon (the self-proclaimed Hacking Conference) under the pseudonym of "Puking Monkey" gave a talk and released several videos indicating that the E-ZPass system was being used in New York City to track the movement of drivers within the city. "Puking Monkey" had modified his E-ZPass system to power an LED when the E-ZPass was being read and soon found that the device was being read all over NYC going in and out of Manhattan in areas where there were no toll plazas. It turned out that rather than some shadowy defense initiative to track possible criminals moving about the city it turned out to be a program implemented by the New York City Department of Transportation as part of an extensive network of sensors deployed around the city to monitor and control congestion.  
Another case comes from New York City where the Mayor's office ordered an advertising firm Titan 360 to remove Bluetooth transponders from public phones around the city. Bluetooth is a wireless system meant to quickly and effortlessly connect peripherals to a computer over short distances with minimal user input. One of the steps in establishing a connection between two Bluetooth devices is for each to broadcast a device name which is unique to each and every device. Titan 360 had intended to use the Bluetooth transponders to track people as they walked around the city with their smartphones. While the system could only have been used to target ads to users of applications associated with the Titan 360 firm, they could have easily used the other semi-anonymous data to advise companies on such subjects as the best locations to build new stores or advertise certain products.
While these cases each turned out to be benign in nature, it proves how simply and inexpensively more insidious systems could be setup. It also should remind users that the ‘freedom’ of wireless technology also implies that anyone is capable of intercepting your communications and inferring information on you if not downright eavesdrop on your messages with little to no way of knowing when it’s happening and who is doing it.

No comments:

Post a Comment