Hacker makes Jeep into surveillance van
Over two weekends in March, Drew Porter pieced together myriad computer components to turn his Jeep Cherokee into a roving spy van.
Antennas. Battery terminals. Rig runners. Cables. Forty-five hundred dollars worth of stuff, all of it available online, mostly from Amazon.
Since then, the 26-year-old security researcher has just been driving around Atlanta, covertly intercepting radio signals. He can intercept messages police officers receive from dispatchers, some data sent between mobile phones and even critical infrastructure — perhaps floodgates that can be opened and closed remotely, Porter said.
One tower he spotted sends data only once every 10 minutes, said the senior security consultant at Coalfire Systems. The duration between signals could mean anything, but it’s the kind of thing that piques his interest.
By converting his Jeep into a machine that can send and receive radio signals, Porter insists he isn’t trying to obtain data for nefarious reasons —
he wants to prove a point.
It’s not so much about demystifying law enforcement or military surveillance, it’s about showing the vulnerabilities of the devices we rely on every day. And there are a lot of them.
As more devices connect to the Internet — allowing us to turn on lights from our phones, check movie times on our watches and realize we’ve run out of milk without needing to open the fridge — security has been an afterthought.
“It’s like the early 2000s,” he said. “We are so connected with everything, and our connectivity is just increasing.”
Porter is a student of the century-old science of signals intelligence, the interception of electronic communications. The CIA, NSA and Department of Defense are masters of it.
In fact, Porter said he got his start working for a defense contractor several years ago.
“I saw what could be done with it,” Porter said. “It was really liberating.”
For people like Porter, problems such as these present enticing puzzles. It’s not so much about what he’s going to do with the information, but what he wants to learn from the process.
It’s about the pleasure of figuring it all out.
Operating the Jeep, however, isn’t a project for beginners.
“You don’t just click ‘reverse engineer,’ ” Porter said. “There is still a slight manual process for what you need to do for every single step.”
He is publishing those instructions, along with the software he’s created and will offer as opensource code, over the weekend at DerbyCon in Louisville. Ky. Much of it will be online at www. sigintjeep.com.
The cheapest version of a system he outlines costs $200 — not including a no-frills laptop.