Hacker told how to crack a home arrest electronic bracelet

    image
    Fragment of a poster for the Escape plan movie

    Computer Security Enthusiast William Turner, known in special circles as Amm0nRa, managed to “trick” the electronic bracelet used in the US to track prisoners under house arrest. He managed to successfully circumvent all degrees of protection of the bracelet, which is usually worn on the ankle, including fake GPS coordinates and GSM alerts. Turner shared his discoveries with colleagues at the DEF CON hacker conference .

    “It is generally accepted that these systems are safe only because they are part of the justice system,” Turner explains in his presentation, “however, they are far from ideal.”

    According to Turner, who was dealing with one particular device made in Taiwan, similar methods of bypass will work for other similar devices. In this report, he talked about the device manufactured by GWG International. It uses GPS and cell tower orientation to determine a person’s location, and sends these coordinates via cellular to the appropriate institution.

    image
    William Turner demonstrates the device after his presentation at DEF CON. A

    theoretical attacker who needs to be technically savvy will need a homemade Faraday cage, a software-defined radio ( SDR ), and a smartphone.

    Turner describes the hacking process as follows. By placing the bracelet in a cage, it can be disassembled, and remove the SIM card. The alarm message about the removal of the bracelet will need to be intercepted, creating a false cell tower using SDR - then the bracelet will think that the message was successfully delivered. After that, you can insert the SIM card into the phone, determine the phone number to which it is registered, and, replacing the sender, send false SMS from this number with incorrect coordinates to the supervisory authorities.

    Turner told the conference about his concerns about the relative ease of breaking the bracelet. Even if we accept the fact that few of the convicts have the necessary technical knowledge, there is always the possibility that someone will create a device for automatically performing all these operations and selling it on the black market.

    At the same time, the hacker said that in this case he did not even try to contact the manufacturer to report vulnerabilities. He has been researching the safety of similar devices for some time, but all his previous attempts to communicate with their manufacturers ended in nothing. Manufacturers did not react to his messages, and, apparently, were not interested in improving their products.

    An electronic bracelet was invented by scientists at Harvard University in the 1950s, and was first tested on a criminal in 1983. By 2007, more than 130,000 cases of its use in the United States were known, and it also gained relative popularity in the UK, but is not particularly common in other European countries. In Russia, the decision to use such bracelets was made in 2010. Currently, the Russian version of the SAMPL bracelets is operated in 80 regions of the Russian Federation.

    Also popular now: