Free songs

Law Enforcement

Risks of “Cutting the Cord”: Home Security, Thieves & Cell Phone Jammers

Cell phone jammer with 20 meter range

I hear a lot about people “cutting the cord” stating they are free from their wired line and more disturbing is the fact they brag about this online via social media to the public. This puts people at significant risk, risk that many are not aware of. Potential thieves or home invaders now know a key weakness and if they are even a little smart can have an advantage when they invade your home. Cell phone jammers although illegal are still easy to come by.

Cell phone jammers can be purchased online and the sites selling them have ways of shipping them to US residents, even though they are illegal. Using a cell phone jammer can get you a $20K fine or worse. However if a criminal can buy an unlicensed firearm getting their hands on a cell phone jammer is not difficult.

If a thief or home invader enables one of these devices from outside your home, your phone will no longer be able to get a signal and you will not be able to call any emergency numbers for assistance. Many of these jammers will also disrupt Wi-Fi so all communication can easily be disable inside of a home with the flip of a switch on these devices.

Although more and more people are “cutting the cord” this also raises challenges for traditional alarm systems which rely on land lines. If a land line is cut, this usually triggers and alert at the alarm monitoring station. Nowadays alarms have the option of being wired through an internet connection, or use cellular connections. However, these two newer methods have issues,  if the Internet or cellular connection goes down the alarm provider is usually not alerted. A thief can easily cut the Internet connection from outside of a house and we have seen what is possible with a cell phone jammer.

Many carriers are selling additional home automation and security devices and services ranging from alarm systems, cameras and locks. However, one has to wonder how well these devices and security measures function when a jammer is introduced to the mix. I asked an AT&T representative this and he just said that “cell phone jammers are illegal so you won’t need to worry about that,” well fully automatic AK-47s are illegal too, but that doesn’t mean criminals don’t have them.

I don’ want to scare anyone into not cutting the cord, but people do need to be aware of these additional risks and plan accordingly. Also if you do cut the cord it is not a good idea to share this on social media, just the same as it is a bad idea to tell the world you will be on vacation for the next few weeks.

Digital Privacy Isn’t Taken, It Is Given Away

Open Source Data & Surveillance

With the Edward Snowden privacy leak there is an important factor that is being missed. It isn’t the government agencies that collect the data, they are merely consumers and harvesters of it. The data comes from corporations that have been collecting this it for years, data that we have given them freely in exchange for convenience and vanity. We are the victims and the perpetrators.

Read More»

ToorCamp 2012 – Tracking Technology, Forensics and Privacy

My presentation from this summer at ToorCamp, probably the most fun you can possibly have at a security conference. I learned tons.

Read More»

Government Access To Cell Phone Records & Location Data

Today the  Supreme Court unanimously ruled that the police violated the Constitution when they placed a Global Positioning System tracking device on a suspect’s car and monitored its movements. This helps clarify in many regards the extent to which law enforcement can track private property without a warrant.  This raises questions for some in the mobile realm regarding what level of access that law enforcement have when conducting an investigation.

The first step law enforcement take is to determine the service provider from the phone number, there are a number of services that allow users to do this free. The next step is to determine probable cause or exigent circumstances such as a child abduction, missing person, fugitive etc. The provider will then send information to the law enforcement agent to complete, that information is then faxed back.

The law enforcement agent can send a preservation letter to the provider to ensure that records are not discarded regarding the target phone number, such as text messages and voicemail which is sometimes only retained for 72 hours. The next step is a subpoena, this will allow law enforcement access to basic transaction data, this is limited to account details, billing records and account notes.  This is usually sent via fax to a specific number at a provider for this purpose.

In order to get deeper information a court order or search warrant is filed. When this happens law enforcement can get detailed records including incoming and outgoing calls, cell tower locations and general location information, text message content, voicemail content and other information.

The hierarchy of protection regarding your cell data is as follows:

  1. Transaction records ( name, number billing)
  2. Numbers dialed, incoming and outgoing
  3. Location data, from cell towers
  4. Content of stored communication such as email, voice, text messages
  5. Content of telephone conversations ( wiretap )
It is a crime to access electronic communications without the proper authorization and it is outlined to law enforcement pretty clearly the process and circumstances the data should be accessed. According to  18 U.S.C. §§ 2701-2711  Section 2703(c) a court order, search warrant or customer consent is required for the release of electronic communications including location data. A  subpoena can be used to obtain basic transactional data, but cannot be used to get location information.





Location Tracking with Stingrays & Universal Software Radios

The Wall Street Journal recently reported on the FBI’s cell phone tracking tools collectively referred to as “Stingrays” being the forefront of a new Fourth Amendment battle. The tools were used to track Daniel David Rigmaiden who was arrested for fraud, he has stated he is innocent and requested information regarding the tools used to track him, which the FBI are not keen to give up as they state it would provide criminals with knowledge to evade the tools which are being used without a warrant.

U.S. Patent and Trademark Office - Harris Stingray II

The Stingray devices are wireless surveillance tools that operate as multi-channel software defined radio which mimics a cellular base station and collects information from a phone even if the device is not in use. The tools are used to gather unique device IDs and subscriber IDs from target phones (MIN, IMSI, MEID, IMEI). In addition these devices can track location using a method similar to cell tower triangulation but a bit in reverse. Instead of getting location and signal strengths from the towers, a surveillance vehicle that is running the device will drive around a target location and gather the signal strength from the target device as it connects from different locations.  This allows the operator to get a fairly accurate location via triangulation of  the target phone.

The reason for using tools such as this is to circumvent the need to get information from carriers directly, which requires a subpoena, and a court order and possibly even a search warrant depending on the information requested. By intercepting the signals with these devices, law enforcement is able to essentially cut out the middle man. However as the case with Mr. Rigmaiden shows at special court order was still granted before the tool was used. The question for the courts is if the use of these tools require the same protections for monitoring citizens as other methods.

Read More»

Facial Recognition & Iris Scanning iPhone App Privacy Concerns

Recently BI2 Technologies in Plymouth, Massachusetts has stared deploying their new smartphone-based scanner called Mobile Offender Recognition and Information System MORIS which allows police officers to run iris and facial recognition scans in the field.

When attached to an iPhone, MORIS captures photos of a person’s face and runs the image through software that hunts for a match in a BI2-managed database of U.S. criminal records.

The company is dismissing privacy concerns, saying the only people who can use the device are pre-authenticated and that no data stays on the device. However the entire system is run through BI2 who is also managing the criminal image database. The technology being used is unregulated, the agencies that are using the technology state they are instructing the officers to use the technology only when they suspect a crime, this however of course makes the use of this technology a bit vague.

False Positives

The technology that is being used is not always accurate,particularly facial recognition where false positives are highly likely, as even the most recent technology and algorithms have only an 80% accuracy rate. In Massachusetts they have already been running all DMV images through facial recognition software mapping facial data points and comparing them to images of other people. This led to at least one false positive where a person was accused of having a fake drivers license.

Around 40 agencies across the US will be deploying these devices to the field. There is no discussion regarding the depth of training that the officers using these tools will be going through. What happens when you look like a criminal and your face is scanned during a routine traffic stop? Although technology can be useful, if the people utilizing it are not trained properly it can have adverse effects.

What I find disturbing is that there does not appear to be any oversight regarding what new technology law enforcement deploy.

Counter Measures

From what I can tell the device is transmitting data over 3G and Edge data connections and scanning the database remotely, conceivably the tech could then be thwarted by using cell phone jammers, which although illegal are not difficult to obtain. I am also curious if colored contacts would in some way impede the iris scanner’s capability, from what I have read it could.