Tracking ankle bracelets that some criminals are forced to wear after being senteced to home detention can be hacked, allowing them to exit the house and go wherever they want without the police being none the wiser.
At this year’s DEF CON, security researcher William “Amm0nRa” Turner demonstrated his successful hacking of a tracking bracelet manufactured by Taiwanese company GWG International, a sample of which he managed to get a hold by social engineering the company.
Older tracking systems ran over phone lines and used radio frequencies for ankle bracelet proximity. Never ones like the one by GWG International use GPS and short range radio frequencies to determine the location of the wearer, and a cell network to send that information to the central monitoring system operated by law enforcement.
He managed to bypass anti-removal and tamper detection protection by placing the bracelet inside a Faraday cage (in this case, a $2 roll of tin foil) to block the real telecom signal and encourage the bracelet to connect to a rogue network he set up himself.
This allowed him to capture the warning message that the device sends to the police in case the bracelet is opened. He took out the device’s SIM card, put it in his phone, and sent out a message to another phone in order to find out the phone number associated with the SIM card.
With that information in hand, he was able to use an online SMS spoofing service to send out a specially crafted fake message that “told” the police that the criminal is still at home.
Turner tested this on that one particular device, but says that there are many that function in a similar way and have likely the same vulnerabilities.
He didn’t inform GWG International of his findings before presenting them at DEF CON because of the bad experiences he had when he tried reporting vulnerabilities in the past.
He says that in order to perform this type of attack a certain dose of tech knowledge is needed, but also says it’s possible for someone with the requisite skills to create a device that automates the attack, and then sell it to the ones who need it.
More details about his research can be had from his presentation slides.