GPS ankle monitor hacking: How I got stalked by people from the Arab Emirates


Playlists: 'MCH2022' videos starting here / audio

Ankle monitors are devices typically used by law enforcement to track offenders, have you ever wondered how they work - which potential vulnerabilities they have or where to buy one ( or many )? This talk is about hacking electronic ankle monitors built by various Chinese manufacturers - and the protocols and software they use.

Ankle monitors are devices used by law enforcement to track offenders - typically ones on house arrest. They contain various sensors and GPS, WiFi, Cellular and sometimes RF communication to transmit data and determine their position.

This talk will go into detail for various brands on how they communicate with their servers - potential vulnerabilities and ways to escape/avoid detection. This talk concerns Chinese vendors of ankle monitors - but the processes are applicable to different brands and types as well. I will discuss how I developed a server which can be used with 4 vendors of these devices - and how I got the protocol documents for each of them through a bit of social engineering.

The focus will be on the technical details of how your location is determined - which fallbacks are used in case locating falls - and how data is communicated to the server - and the security implications of all of this. Some of devices are used by small nations to track for instance immigrants for COVID tracking - we will discuss the implications of this.