Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Wednesday, 13 November 2013
Micro-GPS trackers are good for parents, but a target for hackers
SEATTLE -- The first three hours after a child goes missing are the most critical, according to the National Center for Missing and Exploited Children. Of the children found murdered, experts believe it usually happened in the first three hours after the abduction.
Several companies are now marketing portable, micro-GPS trackers to anxious parents who want to know where their kids are at all times. The devices are small -- no bigger than three inches long -- and use GPS satellites, WiFi and cellular networks to update its whereabouts.
But at least one expert says the devices are vulnerable to hackers.
Products such as AmberAlertGPS, eTrak and eZoom are targeting families with 2- to 10-year olds, pre-cell phone age children. But you don't need to have a kid to use them.
The devices can be used to track a cheating spouse, a wandering employee or an elderly grandparent with Alzheimer Disease. But it's worried parents who seem to be fueling the growth of these tracking devices.
In 2007, the founder of AmberAlertGPS, Russ Thornton, lost his 3-year-old son at an amusement park.
"As a father you're worst fear is losing a young child," Thornton said.
He found his son after a frantic 45-minutes search. The incident prompted him to create AmberAlertGPS.
"I thought there has to be a way to give parents some piece of mind about there their children are," he said.
With AmberAlertGPS, parents can log into a website and see on a map where the device is located in real time. Using a "breadcrumb" feature, a parent can track the path of the device over a period of several days.
Users can set up custom zone alerts. Should the device enter or exit an area of the parent's choosing, an immediate email or text message is send to the parent.
Speed limits could be set incase the person with the device gets in a vehicle. If the device goes faster than a set speed, an immediate alert is set to the parents.
The same goes for registered sex offenders. If the device passes within 500 feet of a registered sex offender's address of record, parents can be alerted of the that too.
The AmberAlertGPS can also be used for communication. The child can press an SOS or panic button on the device, which places a cell phone call to a number registered to the account. That can be a parent's cell phone. Since the device has both a speaker and a microphone, the parent can have a conversation with the child.
But the parent can also call the device and listen in to what is happening to the child at any moment. The child or whoever is in possession of the device would never know the unit is now an eavesdropping device.
The only way they know if someone is listening is if the caller speaks up, because the device doesn't have a ring tone. If the caller mutes their phone, the holder of the device would never know someone is evesdropping.
Security expert Don Bailey has been investigating vulnerabilities with micro-GPS devices and how they interact with the cellular networks.
"The devices themselves can be designed with a reasonable amount of security and the network itself has a reasonable amount of security but when you pair these two things together, sometimes security falls through the cracks," Bailey said.
Bailey is the CEO of Capitol Hill Consultants and is a well recognized computer-security consultant that has exposed vulnerabilities with internet connected cars.
"With a very small amount of equipment for only a couple thousand dollars, they absolutely can intercept transmissions from the device to the network," he said.
The devices have lots of protocols to deal with, and Bailey said cellular carriers need to spend more money to strength security to make transmissions more immune to hackers.
"Allot of these devices really won't be secure for quite some time," he said.
Thornton defends the security of AmberAlertGSP, saying the necessary SSL and related security protocols are built into the device.
"We feel confident we can keep the integrity of that data secure and we don't feel there's an issue using our device in any way," Thornton said.
David Cassels recently spent a weekend with an eTrak device in his coat jacket. ETrak is another company marketing a micro-GPS tracker to parents. It offers similar features to the AmberAlertGPS, except it does not have two-way voice communications.
A father of three small kids, Cassels is typical parent who spends his weekend doing errands and taking his kids to soccer games and play dates. He's trying to decide if wants to track his kids.
"There's a feeling of security that if something were to happen, you would know where they are," he said.
But when asked about the possibility of someone intercepting the device's transmissions or stealing the user name and passwords, Cassels said the benefit may outweigh the risk.
"I think the purpose it serves is more valuable than the risk I might face of somebody get access to that information," he said. "You know that kids have their Facebook profiles and people have more an idea where they are based on that and it takes allot less effort than to access this data."
ETrak says it uses the best encryption available for its transmissions.
"The odds of it getting hacked are pretty low, said eTrak CEO John Harris.
Harris says eTrak operates the same way a cell phone or text message is transmitted.
"If the person has the ability to hack one's phone and get their information, they could potentially do the same with any other device around," he said. " Frankly, we are at the mercy of the network and their security devices."
Micro-GPS tracking units typically run between 100 and 200 dollars each and require a monthly subscription which run between $10 and $25 per month.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment