How to hack your way out of home detention

Presented at DEF CON 23 (2015), Aug. 7, 2015, 3 p.m. (60 minutes).

Home detention and criminal tracking systems are used in hostile environments, and because of this, the designers of these trackers incorporate a range of anti-removal and tamper detection features. Software security, however, is an area on which less focus is placed. This talk will cover practical attacks against home detention tracking systems, with a focus on software security. Intercepting and modifying tracking information sent from the device in order to spoof the tracker's location will be demonstrated. General information about how home detention tracking systems operate will be discussed, including the differences between older proximity based systems which used landlines, and newer models which use GPS and cellular networks. Topics will include how to (legally) get hold of and test a real world device, and how to use cheap software defined radios to spoof GSM cell towers. Focus will be on the details of how one particular device is constructed, how it operates and the vulnerabilities it was found to contain. How these vulnerabilities can be exploited and the challenges of doing so in the wild will also be covered.


Presenters:

  • William Turner / AmmonRa - Security Researcher   as AmmonRa
    AmmonRa is a former dev who now works in infosec as a pentester. Both at work and in his spare time AmmonRa hacks things. As well as hacking computers, AmmonRa is a DIY cyborg, designing and implanting in himself a range of devices, including NFC/RFID chips, biometric sensors and subdermal lights. Twitter: @amm0nra

Links:

Similar Presentations: