Security flaw allows criminals to hack and escape from house arrest devices
Fri 14 Aug 2015
Hackers have discovered a way to disable ankle bracelets used to keep an eye on criminals under house arrest.
Used by police forces globally, the house arrest devices use GPS and location services to track the position of people detained at home and relay the information back to local authorities via mobile networks. As soon as a bracelet is tampered with the police are notified immediately.
Speaking at a security conference in Las Vegas this week William Turner, also known in the hacking community as AmmonRa, performed the hack on an ankle bracelet supplied by Taiwanese firm GWG International. Turner was able to disable the anti-tampering mechanism and remove the device from his leg without activating any police alert.
The researcher warned that this particular vulnerability is likely to be a common flaw among other such bracelets which generally use the same design architecture. He advised that manufacturers should ensure they are securing their model adequately.
“There are issues with these systems, we’d like to think that they’re secure because they’re part of the justice system,” he said, “but they’re not perfect by a long shot.”
Once disabled and dismantled Turner was also able to ascertain a phone number for the device by sending a text message to another phone with its SIM card placed in his own. He then was able to send spoof messages to the authorities, making it appear as though the person under arrest was at their home, while they are actually on the run.
Although Turner highlighted that the hack would be near impossible to achieve for a criminal without a technical background, he suggested that the service could be sold across black markets.
If the hack is put into practice by criminal groups, it could potentially allow dangerous criminals to escape from the police while apparently complying with their house arrest.