In Part I, iPhone as SPIME: Citizen As Sensor, I gave some background on the concept of the "spime", a technical concept for a device that documents its own position and surroundings in space and time. I also pointed out that if there is already such a thing as a spime, most people refer to it as a "cellphone" and they probably don't really know a whole lot about how it works, or what it can do, either for them... or to them.
In [Part II] Rewards v. Risks: Cellphone As Leash I digressed a bit into the history of a strange phenomenon of the modern age: people that e-mail other people to try to make them into dupes, lackeys, and minions. The odd thing is that almost nobody would fall for this on a telephone, and most people probably won't fall for it in e-mail, not anymore. But would they fall for it as SMS texts on their cellphone? I also provide some links to technology enabling "crowdsourcing" via the internet and SMS "texting".
In [Part III] Your House is Talking About You Behind Your Back, I posted some links about the House That Tweets, and a few cautions about how you might not want to, not just yet, set up your 21st-Century Home to be controlled by SMS, or "simple messaging service", also known as "tweeting".
In [Part VI] Who's That Tweeting? Anonymous Minion Control I mentioned the "anonymizer" potentials of SMS Spoofing, and gave some details on how to use a search-engine to locate online patsies to recruit as henchmen, and I also pointed out that for many years now, people have been responding to messages on alphanumeric pagers as if they were commands from the Almighty. I pointed out that if you can get enough anonymity, and can find people who are trusting, dedicated, and emotionally labile enough, you can effectively turn them into meat puppets or living torpedos, and declare yourself the lord master of Minion Control, and you can fire at will.
Today's Montgomery Gazette informs us that now the Montgomery County Department of Police can accept anonymous crime tips by texting.
Users can type "MCPD" and their tip in the body of a text message, then send it to 274637 (CRIMES), [Lt. Dinesh] Patil said.
According to the Gazette reporting, the system has gotten over 100 tips since beginning in May. One of these tips allegedly reported a convicted sex-offender living in an unregistered location, and that is worrisome indeed. Someone definitely needed to send in that particular tip... but two thoughts spring to mind.
First, if that's the only tip that a police spokesperson thinks is worthy of mention, that means that there was one useful tip and 99 ones not worthy of mention.
Secondly, although Lt Patil declares that this is totally anonymous, keep in mind that if there is -- in the modern day -- any such thing as a Spime, it's usually referred to as a "Cellphone", and the more modern that cellphone is, the more onboard memory, computation, and sensors it will have.
It's quite possible that the software obtained by the police will in fact be very scrupulous and not log the headers of the SMS (texting) packets that carry the tip. If so, the police will not have any way of knowing who sent the tip.
The cellphone, however, will remember, as will the network that carried the packets to the police software.
The cellphone will remember the text, and it will remember the account used to send the text. It will remember the time and date, and it will remember the location as accurately as the built-in GPS can determine.
For the average person this wouldn't be a concern, even if they knew it.
In particular, the intended audience to whom the police reach out to recruit as text-tip senders won't care:
Patil said the next step in the program is to bring it to county residents who may use it the most: teens.
Starting in September, each high school's Education Facilities Officer will promote the program to students.
Bluetooth Spy Tools are widely available for low cost or even no cost, all over the internet.
Teens being teens, and parents of teens being the parents of teens, it's extremely likely that a lot of the cellphones that daddy has bought baby-girl came gift wrapped with a trojan horse installed. It's not enough, of course, that the detailed bill comes to the house once a month, a lot can happen in a month. And besides, the way a lot of parents may see it, aside from it being the fact that it's their own flesh and blood, they're also paying for the service. Junior and Juniorette can have some expectation of something like privacy when they can pay for it themselves. And, of course, so far as I am aware, there are no laws against loading your kid's cellphone with spyware.
"MobileSpy" -- only $100 -- makes the following claims (italics are mine for emphasis):
Each incoming and outgoing number is logged along with duration and time stamp.
Runs INVISIBLY!
Online control panel allows you to monitor activity from any computer
Password-protection for data files.
Encrypt all data files.
Every text message is logged even if the phone's logs are deleted. Includes full text.
Does not show up in the list of applications.
Uses very little processor speed or memory.
Provides "crash insurance" in case your cell phone is lost
Virtually unlimited recording capacity; a year's worth of data can fit in about 5-10 Megabytes.
Records all websites browsed on the phone
What I consider almost hilarious is this: these are all features that already exist and are all always active on any modern cellphone.
That's because modern cellphones generally keep almost all of their logs and files on a server in a datacenter somewhere. You just use the device to access them.
All this software does, almost certainly, is to give the buyer the ability to access these online records from a unit other than the subscriber handset, or from a networked computer.
And then there's WorldTracker. It's not very accurate, and for now it only works in the United Kingdom.
I could spend all day creating a list of ways to track people's cellphones, but why bother. Someone else has done it pretty comprehensively, at the Track My Kids site.
Then there's the ever helpful BuddyWay tracker, but that can really run up the phone bill.
So, the Astute Reader may ask, "were you trying to make a point here, or just give us a reading list that most modern parents have probably already seen and used?"
And that would be an excellent question.
As a network administrator, I frequently use TCPDump and comparable software to capture and decode network transmissions. This is all totally standard stuff, the sort of thing that any network admin knows before they get their first job, or they learn it as soon as they get hired. This is the "guts basics".
Bluetooth, as a wireless "personal area network" radio technology isn't much different from TCP/IP ("transmission control protocol/internet protocol") in terms of its ability to be intercepted and decoded and interpreted. TCP/IP packet capture and analysis is also known in the industry as "packet sniffing".
Devices such as my Nokia 770 have both Bluetooth and the ability to run 'tcpdump'. I can capture Bluetooth traffic and analyse it, and WiFi traffic as well. I have in fact done both. Remember, I do network administration and I like to both stay in practice with old tools and techniques and learn new tools and techniques.
Keep in mind at all times that I'm one of the good guys, or at least I am not one of the bad guys.
Unlike the bad guys, I'm not wandering around every last place I can physically access, packet-sniffing every electromagnetic spectrum I can access.
I have driven around the neighborhood a couple of times, mapping the early deployment of WiFi access points, until they became so ubiquitous that there simply wasn't much point.
But I am pretty certain that there are people doing the equivalent of me doing that WiFi Mapping, only they don't have good intentions. They would be trying to tap into people's cellphone accounts, not for the free minutes, but perhaps to find passwords for other accounts, download contact and phone lists, examine records called, and SMS messages sent.
And what do you suppose they might do if they discovered SMS messages about themselves and their suspected operations?
Remember, the interesting thing about the "cellphone as SPIME" isn't that the cellphone is a spime; the interesting thing about it is the records of time, space, and instance that the spime always collects and stores.
So, suddenly the cellphone that the Bad Guy taps into isn't just a window to your call history or even maybe credit-card information: It's a window into everyplace you went with it, and potentially to everyone who was at that place with you.
And if the Bad Guys can get into your phone, or your kids phone, they can probably get into everyone else's phone, too.
Hey, remember, act fast, and you can get locked into a 1000-minutes-a-month plan for the next 2 years, and pay only $39.99 for your new next generation smartphone!
And Minion Control can send you anonymized SMS text messages, and you can't even tip off the cops about it without exposing your whole life history with that particular cellphone unit to a vast network seething with Bad Guys all gathering around to pounce at your first sign of weakness... which was the day you ever bought a cellphone.
And as I keep on saying, there aren't all that many laws against it.
More to come?
0 comments:
Post a Comment