Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

7/27/2013
09:22 AM
50%
50%

Cheap Monitoring Highlights Dangers Of Internet Of Things

Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices

While consumers and workers typically know that their mobile devices are frequently sending off data to the Internet, most do not understand the implications of carrying around an always-on connection in their pockets.

Click here for more of Dark Reading's Black Hat articles.

A University of Wisconsin at Madison law student and security researcher plans to highlight the privacy and security problems by demonstrating a monitoring system that uses a network of inexpensive sensors to track people using their smartphones and other wireless devices. The system, known as CreepyDOL, uses a network of air-dropped sensors that listen for wireless traffic, allowing the tracking of anyone with a wireless-enabled mobile device.

"The CreepyDOL system takes the fundamental assumption of hiding in the crowd and does away with it," says Brendan O'Connor, the founder of security consultancy Malice Afterthought and the creator of the system. "Even if you don't connect, if you are wired on a network, we will find you. If you are a person in a city, we will find you, and we will do it all for very little money."

While many privacy activists focus on the massive amounts of data collected by Google and other Internet firms, and the widespread collection of metadata by the National Security Agency, CreepyDOL underscores that many of the problems are with fast development of the "Internet of things."

"This is really going to get out of control, but it's the future," says Chris Wysopal, chief technology officer for Veracode, an application-security firm. "Everyone is going to be able to track anyone, unless there are regulations."

[A spate of research into mobile devices as sensor platforms has shown that compromised smartphones can be turned into insiders -- eavesdropping on phone calls, 'shoulder-surfing' for passwords, or looking around an office. See Mobile Trojans Can Give Attackers An Inside Look.]

O'Connor put together a "Frankensteinian" collection of technologies to create the sensor platform. He created a disposable sensor platform that can be air-dropped on the rooftops of buildings in the targeted area. Dubbed F-BOMB, the platform costs less than $60 and can last for five days or more on two AA batteries. The sensors connect to each other using a wireless command-and-control protocol, called Reticle, that O'Connor created to connect to open wireless networks and use the Tor anonymizing network to send data and receive commands.

The two technologies scramble communications and also encrypt information about the other nodes in a way that makes forensics analysis difficult. Even if a CreepyDOL node is found, a defender should not be able to gain information about the attacker, O'Connor says.

The system listens for the control signals sent from smartphones that are looking to connect to a wireless network. Any smartphone or tablet with WiFi enabled will occasionally send information about itself and the networks it knows about. In addition, if the phone is connected to an open wireless network, the sensors can listen in. Many mobile applications send enough data in the clear to gain additional information on the user.

Finally, O'Connor used a popular 3-D graphics engine to track the whereabouts and additional information about users. The security researcher created a number of filters to grab data and turn that data into information about the user. The sensors do not send any data, only listening for data sent in the clear, he says.

With the proliferation of mobile devices that broadcast information about the user, systems that try to take advantage of the publicly accessible signals will increasingly be developed, says Wolfgang Kandek, chief technology officer of Qualys, a cloud security firm. The wireless technology embedded in an increasing array of devices -- from exercise monitors to bicycle handlebars -- will enable the easy monitoring of everyday activities, he says.

"There is going to be an explosion of sensor data driven by these types of devices," he says.

While people are worried about Google and the NSA, they should be concerned that they are carrying around the equivalent of an easy-to-track sensor system, O'Connor says.

"This isn't even hard, and it should be hard, and that is pretty disturbing to me," he says. "People fix vulnerabilities when the kid on the street corner can abuse it. Maybe it's time to fix this now."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
gev
50%
50%
gev,
User Rank: Moderator
8/1/2013 | 4:58:28 PM
re: Cheap Monitoring Highlights Dangers Of Internet Of Things
Well, we all know that phones can be tracked. So, someone will know that I went to a pharmacy on my way from work. Then what? That same person can just follow me around, or stick a gps tracker to my car - why bother air dropping?
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34202
PUBLISHED: 2021-06-16
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remot...
CVE-2021-32659
PUBLISHED: 2021-06-16
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombs...
CVE-2020-25755
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.
CVE-2020-25754
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an una...
CVE-2020-25753
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.