Spoofing Device Location Made Easy

By Robert Vamosi | May 23, 2011 8:29:52 AM PDT

In his talk last week, "A Million Little Tracking Devices: Turning Embedded Devices into Weapons," Don Bailey, a security researcher with iSEC Partners, demonstrated how he'd been in Boston, Afghanistan, Libya, and at the White House –all within the 24 hours proceeding the annual Hack In The Box conference in Amsterdam. Or so his tracking device said.

The device, Zoombak, is essentially a GSM module with a separate MicroController, said Bailey. If you want to find a particular Zoombak, the service sends a SMS over GSM with A5/2 encryption and then the device responds with its location via pure HTTP. Bailey said he was able to spoof the responses, and thus appear to have been in four or five countries within the previous 24 hours.

Read More >