It should have been possible to prevent communication by setting a PIN number but it appears that many didn’t have one set, rendering the security useless. The potential for harm is massive, and in less than a couple of hours, we could interact with 175 of these devices! So this is 175 devices being used at the time of writing as an aid for vulnerable people all identified at a minimal cost. Retrieve GPS data to work out whether the wearer is located.įidus tested the theory by contacting real devices to see how many of the guessed phone numbers would respond, receiving replies from 7%, or 175 of the 2,500 numbers tested:.Disable GPRS, motion alarms, and fall detection. Call the device and have it answer, creating a “glorified wiretap’ that can’t be detected.Alarming oversightsĪrmed with the phone number of the installed SIM (which are handed out in batches, meaning you can infer a range by knowing only one of them), the Fidus was able to send it documented SMS commands to do the following: On the face of it, a potentially life-saving device, but also one whose unnamed maker doesn’t appear to have factored in even basic security. The alarm – a small plastic pendant device with an SOS button in the middle – connects to 2G/GPRS cellular networks, which means it can be used anywhere without the need for an intermediary base station and provides a live status feed.Īs well as being able to locate the wearer via GPS, it can also detect whether the wearer has taken a fall and comes with a microphone and speaker for two-way communication should an emergency be detected. A widely used panic alarm handed out to at least 10,000 thousand elderly people in the UK can be remotely controlled by sending it simple SMS commands, according to researchers at Fidus Information Security.
0 Comments
Leave a Reply. |