Cheap Monitoring Highlights Dangers Of Internet Of Things

  /     /     /  
Publicated : 22/11/2024   Category : security


Cheap Monitoring Highlights Dangers Of Internet Of Things


Using a network of cheap sensors, the home-brewed CreepyDOL system can track people by signals sent from their mobile devices



While consumers and workers typically know that their mobile devices are frequently sending off data to the Internet, most do not understand the implications of carrying around an always-on connection in their pockets.
A University of Wisconsin at Madison law student and security researcher plans to highlight the privacy and security problems by demonstrating a monitoring system that uses a network of inexpensive sensors to track people using their smartphones and other wireless devices. The system, known as CreepyDOL, uses a network of air-dropped sensors that listen for wireless traffic, allowing the tracking of anyone with a wireless-enabled mobile device.
The CreepyDOL system takes the fundamental assumption of hiding in the crowd and does away with it, says Brendan OConnor, the founder of security consultancy Malice Afterthought and the creator of the system. Even if you dont connect, if you are wired on a network, we will find you. If you are a person in a city, we will find you, and we will do it all for very little money.
While many privacy activists focus on the massive amounts of data collected by Google and other Internet firms, and the widespread collection of metadata by the National Security Agency, CreepyDOL underscores that many of the problems are with fast development of the Internet of things.
This is really going to get out of control, but its the future, says Chris Wysopal, chief technology officer for Veracode, an application-security firm. Everyone is going to be able to track anyone, unless there are regulations.
[A spate of research into mobile devices as sensor platforms has shown that compromised smartphones can be turned into insiders -- eavesdropping on phone calls, shoulder-surfing for passwords, or looking around an office. See
Mobile Trojans Can Give Attackers An Inside Look
.]
OConnor put together a Frankensteinian collection of technologies to create the sensor platform. He created a disposable sensor platform that can be air-dropped on the rooftops of buildings in the targeted area. Dubbed F-BOMB, the platform costs less than $60 and can last for five days or more on two AA batteries. The sensors connect to each other using a wireless command-and-control protocol, called Reticle, that OConnor created to connect to open wireless networks and use the Tor anonymizing network to send data and receive commands.
The two technologies scramble communications and also encrypt information about the other nodes in a way that makes forensics analysis difficult. Even if a CreepyDOL node is found, a defender should not be able to gain information about the attacker, OConnor says.
The system listens for the control signals sent from smartphones that are looking to connect to a wireless network. Any smartphone or tablet with WiFi enabled will occasionally send information about itself and the networks it knows about. In addition, if the phone is connected to an open wireless network, the sensors can listen in. Many mobile applications send enough data in the clear to gain additional information on the user.
Finally, OConnor used a popular 3-D graphics engine to track the whereabouts and additional information about users. The security researcher created a number of filters to grab data and turn that data into information about the user. The sensors do not send any data, only listening for data sent in the clear, he says.
With the proliferation of mobile devices that broadcast information about the user, systems that try to take advantage of the publicly accessible signals will increasingly be developed, says Wolfgang Kandek, chief technology officer of Qualys, a cloud security firm. The wireless technology embedded in an increasing array of devices -- from exercise monitors to bicycle handlebars -- will enable the easy monitoring of everyday activities, he says.
There is going to be an explosion of sensor data driven by these types of devices, he says.
While people are worried about Google and the NSA, they should be concerned that they are carrying around the equivalent of an easy-to-track sensor system, OConnor says.
This isnt even hard, and it should be hard, and that is pretty disturbing to me, he says. People fix vulnerabilities when the kid on the street corner can abuse it. Maybe its time to fix this now.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cheap Monitoring Highlights Dangers Of Internet Of Things