Hacker News new | past | comments | ask | show | jobs | submit login
GPS tracking device found on an activist's car (torproject.org)
610 points by SpaceInvader on Mar 6, 2015 | hide | past | web | favorite | 149 comments



Very few companies produce GPS chips. Most devices that include GPS capability do not bother to reinvent the wheel, but instead elect to integrate an existing GPS processing chip. It's unlikely the GPS module is integrated with the processor core of this thing. Since it is likely separate, it would be fun to probe the PCB with a logic analyzer to see if there are any exposed serial (or possibly I2C, SPI) traces relaying the NMEA sentences[1] from the GPS module to the processor. If so, false locations could presented by severing the traces and soldering on a synthetic serial (or I2C, SPI) feed at the right logic level (probably 3.3V), from a microcontroller or computer. The hacked feed could even read a real-time clock to "play back" a stored path of locations every day. Attaching an external data feed is likely as simple as dragging a box cutter over the right traces (data, ground) to disrupt them, and then soldering on some 30 gauge wire to the same traces (after sanding off the soldermask and silkscreen). Since most GPS modules output constantly without any control lines, so there may not even be a control scheme to reverse engineer.

Note to those designing trackers: if you want to make it difficult, use a board with internal layers and keep the GPS nets on the interior of the board. Doesn't make splicing impossible[2], but it would up the difficulty.

1. http://aprs.gids.nl/nmea/ 2. http://www.circuitrework.com/guides/4-2-6.shtml


The enterprising hacker could always use a LabSat[1] device to play back a bogus GPS trace. No physical connection to the board is required.

[1] http://www.labsat.co.uk


I'd like to see FBI agents pulling up a map of the guy's locations and finding an elaborate drawing of a penis.


Kind of reminds me how Boeing test pilots will often draw shapes on the map when they are flying around aircraft to get in test hours.

Here is a 787 logo 'drawn' with a 787: http://flightaware.com/live/flight/BOE236/history/20120209/2...


And of course, there's the famous 12th man tribute: http://flightaware.com/live/flight/BOE12/history/20140130/18...


that was awesome ! thanks for sharing :)


I'm sure this will happen on Archer at some point.



It's so much easier to just keep passing it around to your friends so they can attach it to as many different cars (or other kinds of vehicle) as possible.

Imagine what your fans in government would think if the logs of your car included long periods over water or a trip to the stratosphere or a trek through the woods. Or they decided to find you once you decided to seemingly leave civilization behind to discover you turned into a bear. An angry bear with a GPS collar.


Hook it up to a food truck. It will take them a while to realize they're following around a mobile taco vendor.


I think I'd try to pop it into the wheel well of the nearest police car.


That would probably give the police enough reason to arrest you. I prefer feeding a disjoint set of movements made by random people.


Arrest you for what?

The other option would be to find a long-haul truck.


I'm sure tampering with a police car is illegal and that police forces are famous for their lack of sense of humour. They won't take this lightly.


This is one of those instances where if you get caught they'll arrest you but you probably won't get charged. At least where I live, if it went to court your attorney could spend all kinds of time exploring where it came from, which is something the government would rather not talk about.


This...sounds like a great way to get shot.


Oh I'd definitely do it while they were buying donuts.


Or just strap it to an albatross, and waste a lot of someone's time scrutinising empty ocean.


Much easier - just send it round robin amongst various friends in various parts of the country via FedEx ground. That should keep them busy for awhile.


Aw man I loved your comment right up to the point where you gave people a suggestion on how to make better surveillance tech :(


Seriously. It's extremely important that we as engineers be ethical about what we build. If you are enabling a surveillance state, I think many people would consider that to be harmful to public welfare.


There is a lot of ethical uses of such trackers (e.g. a company tracking its own vehicles, shipping container tracking, etc.). We can't assume the developer of the original board knowingly designed it for evil purposes.

Full disclosure: I design smart-grid and telemetry applications, including a GSM + GPS device (GPS was initially used for getting accurate timestamps, but we also added positioning registers, which made the field maintenance people very happy).


> There is a lot of ethical uses of such trackers (e.g. a company tracking its own vehicles, shipping container tracking, etc.)

Never mind court-warranted law enforcement tracking of legitimate suspects under investigation.


Interesting, I always thought that google using it for TrueTime was a strange use-case, but I guess it was the original use-case!


That's a pretty common application when you need to synchronize clocks to microsecond accuracy or to a second accuracy but have neither a stable network connection nor a time broadcast (like the German DCF77). It's also used to replace Cesium clocks in cell base stations or for the precision timing protocol (IEEE 1588) for PWE3 networks.

Iep, is there a lot of systems depending on GPS and a major system failure will bring us some chaos.


The problem is that a lot of people genuinely think "If a large institution approved of it, it must be good". Which is a lot scarier than people not giving a damn about good or evil.

Morality is not something you outsource.


A lot of people (probably the vast majority, at least in the West) also believe that, because you can occasionally vote on things, anything the government does is fine because, after all, "government is us."


Who, exactly, is this "lot of people" you refer to?

> "anything the government does is fine"

I have literally never met a single person who believes this. I have met someone who believes that anything the market does is fine (revealed preferences, doncha know?) but fortunately he's a minority, even among libertarians. If we instead interpret your statement as hyperbole with the intention of accusing people of complacency, then...

http://xkcd.com/610/

... you're no better.


Right, so "anything the government does is fine" was a really bad way to phrase it. What I meant is that many people have the same attitude toward government as the attitude toward markets that you reference. It's not necessarily that they agree with or personally like all actions of government, but rather that they believe that the fundamental workings of government are sound, and that the occasional disagreeable actions are acceptable because this is simply how society has chosen to come together and solve certain issues.

Many people also go further, and claim that even when there are unjust government laws or actions, they should not be disobeyed or resisted, and that political action is the only valid approach to disagreeable actions of government. This is extremely common in any discussion about police violence.


The bigger problem is that many potentially evil things are really cool.


Things cannot be evil in and of themselves. It takes sentient intention that you judge to be so for it to be (to you).


I guess it's hard to prove, but I think certain objects are inherently correlated with good/evil. E.g. a torture device is inherently evil IMHO, and a vaccine is inherently good.


I guess you could kill with vaccine if you really wanted to, and you can have sex using torture device if you're into that kind of stuff.


Maybe for some object, but I can't think of any, and I don't think that vaccines or torture devices fit the bill. One could sell a spoiled, ineffective, tainted, or defective vaccine. That would be evil. Or, one could torture Hitler to learn how to disarm the doomsday machine.


The original vaccine is still good, and it's evil to torture anyone, even Hitler. I think you're stretching too far.


"Good" is inherently normative. Nothing can be "good" exterior to a normative claim. This is in contrast with "positive" statements, which are true regardless of anything happening to perceive them that way or not. The original vaccine, if it exists in a vacuum, is neither good nor bad, because there is nothing else to attach the normative claim to it.

Further - and while this is an entirely normative claim - if you would happen to agree that if you could save 1,000,000,000 lives by torturing one person for 5 seconds, that you should do so, then I would argue that torture is not inherently evil within your own normative value system.


>in a vacuum

It wouldn't be a 'vaccine' if it was in a vacuum, it would just be a vial of fluids. Once you have enough context to define vaccine, you can demonstrate that it is good.

>1,000,000,000 lives by torturing one person for 5 seconds

This argument is just obnoxious. Give me a moment.

...

You can play with all the numbers you want, they don't change the underlying act. Except to the extent that you make the time period so short it no longer qualifies as torture and you're not even asking a question any more.


>If you are enabling a surveillance state, I think many people would consider that to be harmful to public welfare.

I honestly do not know how those working for the NSA, GCHQ, etc. can live with themselves for the damage they're doing. Snowden said he was getting something like $120k p/a as a consultant for the NSA, so it's not like it's massively financially lucrative.


A friend of a friend suggested to me that a job in his team would suit me. I said I refuse to make weapons or spy on people.

He said he liked "catching baddies".


Ethical engineering is important. With great capability comes great responsibility. This is why I think it is good for engineering students to take as many courses in the humanities and liberal arts as possible, to get better perspectives on the world we're all building for.


Or they could just make sure the have a good spidey collection.


A good designer would know how to make the device harder to muck with, they don't need help in the form of comments on web forums. There are whole companies (in the financial and security sectors) whose job is to create devices that are difficult to tamper with.

Here, it looks like they didn't even try, or if they did, their designer wasn't very good.


the people working on surveillance tech already know how to do it better. the comment was for the rest of us to get a glimpse of how the tech might be modified if it became cost effective to do so.


also i'd think the more we know how to make better surveillance, the better someone can build systems that can subvert it


Awesome! Another way would be to spoof the GPS signal entirely. No hardware hacking required! http://gpsworld.com/drone-hack/



There might be more than one device, and if it's transmitting over GSM they can triangulate by the towers.


You can buy second hand GPS transmitters for ~50USD. Remove antenna, plug in transmitter done. Reverse engineering the board would be fun though.


Transmitting RF on GPS frequencies would almost certainly run afoul of local laws on transmission interference, and in the US FCC enforcement penalties are both severe and expensive (as they should be for interference). A direct coax connection would probably be fine though.

What are the transmitters you're talking about? Multiple analog front ends each transmitting on a different L1 channel frequency? SDRs transmitting on multiple L1 channels? L1 is 1575.42 MHz (10.23 MHz × 154) so you'd need multiple channels to simulate multiple satellites. How can I do that for $50?


Are there local laws on transmission interference? As far as the FCC goes, enforcement is hit or miss and generally lax. At least for HAMS, there is a process that begins with someone noticing the interference and complaining to the FCC, sometimes followed by an investigation, which is then sometimes followed by a Notice Of Violation. It takes a while to get to the part where the FCC assesses a penalty (Forfeiture Order). There is also a distinction between intentional interference and unintentional (as there should be), though I think that jamming the [TLA/police]'s GPS tracking device probably counts as intentional, if you knew it was the government's. I'd also like to know where the $50 surplus GPS transmitters are, but GP may be referring to a general purpose DSP eval board or SDR, which are certainly attainable for less than $100.00, and can be made to produce most any arbitrary signal given enough time/effort.

http://transition.fcc.gov/eb/AmateurActions/Welcome.html


If you're transmitting your own GPS signal in an Urban area someone is going to notice pretty quickly and angry pretty fast. You will interfere with both law enforcement and emergency services, and likely cause a bunch of trouble.

Thinking about how much trouble you could cause, I'm actually surprised that GPS transmissions aren't signed. I guess if you were implementing it today, that would be a logical feature to add....

After a little googling, it looks like the DoD did think of it, it's just not for the like of us:

    "The Precision (P) code, sometimes called the Precise Positioning Service (PPS), is modulated onto the L1 and L2 carriers allowing for the removal of the first order effects of the ionosphere. The P code is referred to as the Y code if encrypted. Y code is actually the combination of the P code and a W encryption code and requires a DoD authorized receiver to use it. Originally the encryption was intended as a means to safe-guard the signal from being corrupted by interference, jamming, or falsified signals with the GPS signature. Because of the intent to protect against "spoofing," the encryption is referred to as "Anti-spoofing" (A-S). A-S is either "on" or it's "off;" there is no variable effect of A-S as there is with SA."
http://www.csr.utexas.edu/texas_pwv/midterm/gabor/gps.html


GPS degradation was turned off in the late 90s by Clinton. I'm afraid that page is woefully out of date. Everybody has access to the full precision data now.


Yes, of course, so do all SDRs which is why they don't come with high power frontends. GPS Signal generators are sold as test equipment, and design for wired connection over coax as you say. Using them with a high powered frontend would be illegal.

The transmitters I'm talking about are designed for the mobile phone industry. This is an example:

http://www.meguro.co.jp/english/product/category/category_01...

My guess is they're pretty expensive new, but I've seen them locally for about 50USD.


Cool. I didn't know things like the MSG-2051 exist. Sadly none are $50 near me. :( Will have to keep an eye open for one...


It would be fun injecting fake paths to some NSA datacenter, a military supplier IC foundry, Area 51, and CIA HQ. The people monitoring him may draw some strange conclusions.


Fun and pretty solidly stupid. The last thing you want to do when you're being followed is antagnoize the people following you. Especially so if you think the tracking violates your civil rights.

The best outcome for you is contacting a lawyer, a media outlet, and the people you think are surveilling you; the local police and FBI field office are a good start.

Making already suspicious people think you're doing something crazy or threatening isn't going to make your life any better. Something like how making jokes about bombs in airports will not improve your circumstances.


I though the spies would interpret it as "We are tracking an undercover agent" but now I see it was a silly interpretation.


> if you want to make it difficult ...

Or you can use the good old seal-the-whole-thing-with-a-coat-of-epoxy approach.


http://imgur.com/a/Z1hyd has a few parts labeled

theres a main processor which is way overpowered (the big TQFP part) which is covered by a plug-in 2G GSM/GPRS modem. You can 'sniff' the modem control pins, its almost certainly the standard plain 'AT' command set used for these modems, at 9600 or 57600 baud, 3.3V logic

The plug in module looks a lot like a SIM300 or Spreadtrum 5100b. It probably had an IMEI sticker that was pulled off. Theres probably a dozen makers of nearly identical modems during that time period. This one looks fairly old since its a plug-in type. I'd guess the GSM module is at least 5 yrs old

On the other side is a standard 32-pin NAND flash, you could desolder and then use a NAND-reader kit (google etc) to suck the data off. its probably just the GPS coordinates stored between modem data uploads.

SIM holder, some crystals, power circuitry, and a (95% sure) uBlox GPS - the uBlox have that funny shape and pinout. uBlox have high sensitivity so a good choice! unclear which generation this us, they're up to Neo-8. You could decap it to find out.

probably the most fun could be had by first figuring out the RX/TX pins from the microcontroller to the GSM/GPRS module, then soldering thin wires to that and listening with a UART TTL cable. Put in a new SIM, wait a few seconds for the GSM module to get onto the cell network, then quickly faraday it up and see what website, IP address or phone number the micro is trying to connect to. ymmv tho, might just be a random drop point.

(theres a bunch of chips with no clear markings, could be motion/accel/gyro or other sensors - @ioerror if you post up the #s on each chip it'll be easier to tell! :)

edit: i thought about the huge coin cell battery backup. its a bit odd, quite large sized! if its well designed, the microcontroller will detect that the battery has been disconnected, and while on backup coin cell power quickly erase the NAND flash and microcontroller memory :(


If only they could send you the device so you do could a proper teardown video :)


If the coin battery is used as a RC circuit switch to wipe memory what are the chances that it has already been wiped? It's been 7 days off power.

The large power drain of the CPU could indicate this off-shelf product is meant to be installed, rather than attached with battery? Which could indicate a product as someone else linked to: http://www.miniinthebox.com/es/gps-v103b-sms-gprs-gps-sistem...

I'd be curious if any code were installed on the GSM module since many of these provide jvm's or python interpretors. Then again, what they heck is this 120 pin CPU for.

If the thing still has power it is worth keeping it alive without the SIM.

PS. Azul=Blue Negro=Black Marron=Brown Blanco=White in spanish


A friend of mine hired someone to gather data on his cheating wife. A device that looked similar to this was used on her car. $400 for a month of real-time location data. Maybe this has nothing to do with conference this person was attending.


I agree, there is a company in my city that will hook a device up to the car battery and place it in a discrete location. They mostly deal with fleet management but some of their business is from spouses tracking each other. There a "funny" story about a wife bringing in a vehicle that her husband had brought in earlier.


A family member works for a large chain of car dealerships. They regularly buy vehicles at auction. It's not uncommon that they find trackers on the vehicles. Here's a picture of one he sent me to play with a couple years ago.

The battery pack on the left, and the tracker on the right were in a magnetic Pelican case attached to the underside of a black Escalade. The sim in the tracker was from some US MVNO that I didn't recognize.

https://i.imgur.com/VLzTPt4.jpg


Hilarious. No problem for the company, but I wonder if they installed two or just sent the data to both of them...

I have a car I don't use very often and often forget where I park it. DX and BangGood have GPS trackers you can buy for $20-40 that you can install a prepaid SIM card in, text message and receive coordinates. Not a bad roll-your-own-LoJack.


That can't possibly be legal.


It may depend on which state, and sometimes it's a grey area if the car is jointly owned (since you could argue the "owner is consenting" to the tracking). http://www.slate.com/articles/technology/technology/2012/11/...


Not everybody lives in the USA.


Most people lives in China


Technically he didn't say anything about the United States.


Your friend overpaid for that service. You can purchase an OBD-II dongle that records this information for $80 and $20/mo. So, $100 for 1 month.


I guess it's a sad world when I breathe a sigh of relief upon seeing that this didn't take place in the US.

I like how the agency gummed over the chip silkscreens so you can't see what chips they're using. Even though it's obvious that one is flash, another is a GPS module, and the third is the micro. And it appears that some scraping will show you the part numbers anyway. Amateur hour.


This has already happened in the US. Pretty galling that the FBI requested one to be returned:

http://www.wired.com/2011/11/gps-tracker-times-two/ http://www.wired.com/2010/10/fbi-tracking-device/

Would be interesting if they could lift any prints from the tape on this newest one and publish them. I can't imagine it's easy to apply duct tape with gloves on.


The first article mentions a Supreme Court case in 2011 to "determine if authorities can track U.S. citizens with GPS vehicle trackers without a warrant" - anyone know what that case was or how it was decided?


9-0 unanimous that the police must have a warrant prior to using a GPS vehicle tracker. The reasonings differ among the justices but the vote was unanimous.

http://en.wikipedia.org/wiki/United_States_v._Jones_%282012%...


The split in reasons did lead to the fundamental question being sort of dodged. The majority opinion decided the case on quite narrow grounds: that the physical installation of the GPS device violated the 4th amendment, because installing it involved tampering with someone's personal property (the car) without a warrant. Four justices would have gone further and argued it would require a warrant to operate such a GPS tracker regardless of how it was installed, but the majority left that question unanswered.


Faith in humanity for today restored!


You can replace "requested" with "threatened everything short of violence"


It's not like they don't know where it is, you'd think they could just go get it themselves.


Well they can't bust into your home and take it without a warrant, and it's probably easier to bully into handing it over than them admitting they done fucked up and getting a warrant.


They wouldn't know where it was after I disconnected the battery.


It does take place in the US though, just not this instance... http://www.wired.com/2010/10/fbi-tracking-device/

Edit: this is downvoted, but a similar comment with the same link, posted 10 minutes later, is upvoted? I don't understand.


present tense vs past tense?


Just because they were told they can't, that doesn't mean they won't, and they probably still do. In the present.


The goop on the chips is the funniest part - I've taken apart various bits of equipment (mostly from China) and they often attempt to obscure the part numbers to obfuscate, but even they know to grind/laser them off instead of putting goop on top... and it's still possible to figure out what they are just by their package and pinouts.

The low integration of the design suggests that it's probably at least 5 or more years old; these days, all that functionality would fit in 3-4 tiny BGA ICs.


The 'goop' could be a reaction product of applied acid to remove the markings on the chips.


The vendor obscures the chips because they sell these devices to agencies for thousands of dollars on government purchase orders. It wouldn't do for the customer to discover they could build these things for less than $100 in parts that anyone can order from anywhere.


Wouldn't surprise me if this was a one-off job. All those joints were hand-soldered, which is something you don't do unless you're the tiniest of tiny vendors, and someone who really didn't want to get people looking at it would have used something other than tape to wrap it up.


Government surveillance equipment is low volume and high margin, so hand assembly makes sense. The tape also makes sense as a way of disguising the device. A shiny plastic box wouldn't look like it belongs on the car, but most cars have wiring harnesses covered with black tape.


The more I look at what else is out there in vehicle tracking, the weirder this thing becomes. Other tracking devices that people have discovered [1] have been much more professionally assembled, with epoxy blobs coating interesting chips and everything. Additionally, fleet telemetric devices that are battery powered and use cell signals and gps also look a lot more professional than this, with plastic casings, neat soldering jobs, etc. This feels like an odd amateur tracking device of some sort, which IMO makes it even more interesting than a government tracker.

[1] http://www.wired.com/images_blogs/threatlevel/2011/11/GPS-Tr...


That is extremely interesting. If it wasn't a legal authority that placed the device, then maybe the police can get involved and subpoena the sim card provider, ISP of whatever host the device connects to, etc.


What crime would they be investigating?


Good question. Maybe a statute against stalking would apply, or perhaps vandalism of a vehicle. These are not major offenses but they'd at least put the identity of the offender on record.


"If it's gonna be a amateur night, I want a hundred thousand dollars. I want it upfront. I want it in a bank account. I want another $100,000 when you get the case."


During the ' Troubles' in Northern Ireland, chassis inspection mirrors were a common sight.

These were large convex mirrors mounted horizontally on castors and with a long handle. They were slid under the car to look for suspicious packages that may have been attached covertly with malicious intent.

Very quick to use and were widely issued to individuals who might have been at risk. So it was common to see people using them each morning before heading off to work ( by a different route each day of course ).

Sounds like there might be a new market for them.... I should have bought a few hundred when they were being sold as surplus!


"With malicious intent" in this case usually meant an explosive device designed to kill the driver of the vehicle for anyone reading who might not get the context.


Are they not still needed? Considering the most recent car bomb in Northern Ireland was in November...

http://en.wikipedia.org/wiki/Chronology_of_Continuity_Irish_...

http://en.wikipedia.org/wiki/Timeline_of_Real_Irish_Republic...


I assume they are still in use, but much less obviously than when I was growing-up and about half the folk on our road had one!

If you go along narrow country roads in NI you can find many of the mirrors re-purposed in a vertical orientation opposite blind-exits, as they give a fisheye-type view of the road either side of the junction.


I think one of the first things I'd try when finding such a device on my premises would be to try and login to the self-service portal of the mobile carrier that issued the SIM card. At least in the case of my phone-service provider (I'm also located in the EU) this uses the phone number, and a password which can be requested by SMS...

In the case of my provider, the permission to use the self-service portal which include the possibility to view/change billing addresses and shows all the numbers active on a contract, can, of course, be enabled/disabled per telephone number. But it will be worth a try...


A very good idea. Although someone intelligent enough to rig this up almost certainly bought a pre-paid SIM with cash.


Really? It is much more likely that it was bought with an offical police purchasing department credit card directly from the carrier. For them, it isn't illegal, and governments control cash pretty tightly.



looks like Private Investigator catalog equipment in the states. Big, clunky, and built to suit a million different uses. Dev board + sensors + 3g = a million different reconfigurable spy toys.

Although I hope it's a three-letter agency, because that'd make me a bit less frightened of them.

Also, I don't know why everyone is up-in-arms about the solder job quality. Rip apart a Chinese Futaba-knockoff RC transmitter, dash cam, or counterfeit Lenovo/Apple power-brick for similar quality (and that stuff is everywhere). All that anyone cares about is that it passed the bench test. (who cares if it burns up later?)


According to the media article linked on the submission, the activist was stopped for a "routine search" of the car for more than one hour on the frontier with France by spanish national police (CNP). One week ago she was stopped again near the city were this convention took place.

So yeah, even if this is private investigator grade hardware, according to the info available it would not surprise me if this was either CNP (police) or CNI (our joke version of the CIA).


Why pay extra if you don't have to? Looks perfectly serviceable to me.


Was pointing out we should not rule out any government agency just for the quality of the setup. I find it hard to believe that an activist would be targeted by a private investigator.


I agree, however "activist" is only part of her identity. This could easily be a jealous lover.


If you would be a three-letter agency, would you use some kind of electronics that look like they were installed by a three-letter agency?


It would be interesting to figure out where the data is being sent. It could probably be done in a variety of ways (JTAG? Replace the SIM card and setup a fake GSM base station? Check your local laws...).

It would be pretty ironic if they routed through Tor...


It should be relatively easy to pop the SIM card out and use an off the shelf forensics tool. Those things have like 64kb of storage. At the least you'd get the phone's number and IMEI.


Not sure forensics tools are needed; getting the phone number and IMEI should be a Hayes command[1] away. Throw the SIM into something like a Telit GM862 (which runs Python) and you have a full scriptable phone. I played with that module seven years ago and there are bound to be better ones now.

1. http://en.m.wikipedia.org/wiki/Hayes_command_set


I'd second a motion for scraping off the big chips to get some part numbers, to make it easier to get pinouts to hook up probes and other ways to get it to give up its electronic secrets. Though I am rather unplussed with the soldering job there, and personally would disavow soldering such a mess. Big blobs of solder, real crappy joints, and even a few spots that look heat damaged. More than a bit of me is surprised it even worked in the first place.


Uh, any smart phone? Many/most of us are being tracked.


All the more evidence that this was some sort of "PI" or other private party, not a government agency (on top of the very amateurish construction from hacked together parts).


I thought the same thing.


Why wouldn't they just track his cell phone, then?


You can place these devices without a warrant. Likely not true of the cell phone.


1. That's not true[0] 2. This wasn't in the U.S.

[0] http://www.npr.org/2012/03/21/149011887/fbi-still-struggling...


Why's this at the bottom of the thread? It's a very good point. Though you could probably just as easily extend that to any cell phone.


No, it's not a very good point. These dudes are paranoid, they don't carry smartphones.


many/most/all


This looks pretty amateur. I'd be asking if there is a specific private sector company that takes an interest in this activist, and has hired a cheap, shady private investigator.

The device was probably SMS'ing location data. There might still be log data in the device that could be extracted via a serial port.


Cool! Free SIM card with data!


Someone tried this with the card in a smart meter. They were still billed for it when they got caught.


No pin number required?


Even if there's PIN on SIM, tracker must be able to unlock it, and given that GSM module is a pretty common one operated via AT commands over serial line you can easily get it from there.


Good point.


Based on the way it's laid out and all the unpopulated headers I'm almost wondering if this is a GSM dev board that someone makes that's paired with a GPS daughter card they make. It doesn't look quite as purpose built for a tracking application as I would expect, if it was i'd expect it to be far more compact and have very few test points and headers for the controller. In fact I'd expect they'd probably use a smaller controller too to help cut down on power usage, since they've got the large flash chip they can probably store all the data and send it in burst rather than keep the GSM modem powered up all the time which would let it last far longer in the field.

In fact even the soldering for the power wires to the strange battery array board looks rather amaturish. I'm not sure I'd chalk this up to any agency that's got much of a budget for this kind of thing. I think it's likely to be some other activist group that's in disagreement with this one and wants to dig up dirt (Private Eye maybe?)

Edit: correction, what I thought was a bunch of batteries on a board looks like it's actually the magnets that held it in place on the car. D'oh. Either way it still looks odd that it's built like a set of development boards by a chip manufacturer.


I know a guy that makes GPS trackers for divorce lawyers, pretty common tech. Doesn't need to be a state actor, just a jealous girlfriend etc. Heck you can by a GPS on eBay that will text you coords for $40...


I have similar thoughts, it really seems rather like overkill. Either an old device or not a purpose-built tracker. Very large, and holy cow is that a TQFP-144? I've built local-storage trackers before with DIP-8 chips. I've not implemented GSM, but I'd be pretty surprised if a modern GPS+GSM tracker required this much horsepower.

Not to mention the board layout is pretty good, and because the GPS & GSM are integrated the layout engineer probably had to know a thing or two about routing antennas- while as you point out the solder job is quite amateur.


That appears to be a TQFP-120, and there aren't that many MCUs available in that package; I'm almost willing to bet it's a Renesas/Fujitsu part.

GPS + GSM modules are available (now - maybe not when this thing was designed) which would shrink the whole tracker down to one module, a few voltage regulators and related passives, and a battery:

http://wm.sim.com/producten.aspx?id=1058


I've seen some work done by federal subcontractors on what amount to black boxes for tugboats and barges, and it's about of this quality actually - shiny metal boxes, good machining, then you open them up and the inside is a mess, green wire everywhere, etc.

If you know you got the contract anyway and know that aren't dealing with technical people anywhere in the customer chain, you don't have to worry much about quality, it just has to barely work.

I was working for the competition at the time, and like to think that the black boxes we made were better than that, although the first couple of revisions were also a mess... at least ours got better!


Seriously, these things can be bought COTS in WAY better shape for 35€ ( http://www.pearl.de/a-PX3490-1511.shtml ). If you want to hide it, just wrap it in black tape. I wonder who chose to self-build this thing with cheap-ass kits being available...


Your link is not based on GPS, is not waterproof, only has 1 week of battery (if it doesn't transmit any locations).


I want to write some code that will take these systems and send bogus GPS data the spells out FUCK YOU.


Or Dickbutt...


They missed a golden opportunity to attach the device to a politician, high ranking official, or executive's car.


Or more simply, just throw it in the back of a passing pickup truck (like in "Short Circuit", when Number 5 realizes he's being tracked by a beacon in his vehicle. Unfortunately I can't find the clip on youtube.)


Good luck finding a pickup in Valencia, though.


Shouldn't it be possible to open that thing up and see where/who it's reporting the data to?



Looks different than the FBI one iFixit tore down at least: https://www.ifixit.com/Teardown/Tracking+Device+Teardown/525...


Any words on the IMEI in use? Maybe some nice folks can then leak some info.


Forget Tesla, that is what a real hacker's car looks like.


Better call Saul


soon these will be built in, a great win for humanity.


modern cars already have this built in... either this one didn't because it's an older car or they didn't have access to that data.


i guess all the downvotes mean gps transponders won't be built in then!

that's how it works isn't it?


What do you mean by "GPS transponders"?

A transponder replies to an interrogation with a squitter response.

Navstar satellites zip along merrily broadcasting to anyone who will listen ( regardless of the receiver's ability to process the signal ). You as an intending user don't communicate with them at all.

In the receiver there is no transmission capability related to GPS. Why would there be? The only uplink to which Navstar sats will listen is that from Boeing's system control center ( or presumably a spoof thereof ).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: