More intel on DCMs / signal transmission

2024-12-12 09:24:33 -05:00 · 2023-02-06 15:43:20 +00:00 · 2023-02-06 15:43:20 +00:00 · f72b1fd6e8
commit f72b1fd6e8
parent d8b6db28ec
1 changed files with 58 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -47,6 +47,10 @@
    - [Cryptocurrency](#cryptocurrency)
 - [Account Security](#account-security)
 - [Defensive Mechanisms](#defensive-mechanisms)
 - [Vehicle Tracking](#vehicle-tracking)
  - [Signal Transmission](#signal-transmission)
  - [Vehicle Beaconing](#vehicle-beaconing)
  - [Mitigations](#mitigations)
 - [Physical Precautions](#physical-precautions)
 - [Use Cases](#use-cases)
    - [Anonymous Activism](#anonymous-activism)
@ -586,7 +590,7 @@ If you're on a tight budget, purchasing the material from reputable vendors and
 Pre-made Faraday bags are also available for purchase, but it's important to ensure that you are buying from a reputable vendor, as cheaper options may not provide the same level of shielding. Vendors often recommend surrounding an enclosure multiple times with repeated testing to ensure that the device is not able to receive various signals.
-If the operation is mobile (I suspect it is if you cannot remove [radio transmitters](#radio-transmitters)), best practice is to store each item in its own Faraday enclosure and then store them inside a larger shielded enclosure. When you add or transfer items, the devices don't leak signal when the outer enclosure is opened. Think two is one, and one is none.
+If the operation is mobile (I suspect it is if you cannot remove [radio transmitters](#radio-transmitters)), best practice is to store each item in its own Faraday enclosure and then store them inside a larger shielded enclosure. When you add or transfer items, the devices don't leak signal when the outer enclosure is opened. Think two is one, and one is none. MITRE even has a defense matrix that highlights RF shielding being used to reduce or remove undesired radio interference.^[]
 ## Noise
 Generating excess noise through logging or traffic can be an excellent method to throw investigators for a whirl. Anyone who has worked with security logging mechanisms for system auditing can attest that noise is the enemy of understanding. Traffic in mass can be hard to piece together, especially if it's not all being generated by you. For the natural sadists who want to more or less troll, consider hosting services such as a TOR node. Instead of trying to find pertinent clues in a small pond, investigators are trying to search a great lake, or perhaps the rivers of Nanthala National Forest. To couple the size, the clues they find may even lead them down false bends. So long as the data is not revealing information relevant to your operation(s), this will stand to make the water a little more murky.
@ -685,6 +689,57 @@ If the goal is to run a more persistent lightweight OS with minimal functionalit
 The more persistence desired for the operation increases the complexity of the hardening. Some projects have been introduced to rival Xen-based hypervisors with minimalist GNU/Linux systems. Some development towards Whonix Host[^58] was started but has not yet come to fruition. PlagueOS[^59] is based on the Void musl build with numerous hardening mechanisms. This is designed to act strictly as a locked down hypervisor with all system activities conducted inside of Kicksecure/Whonix VMs. The VMs also are restricted by AppArmor profiles and are ran inside a `bwrap`[^60] sandboxed container. See the PARSEC repository for examples of how to implement bubblewrap profiles.[^61]. Do note that the listed hardening is incomplete and will not fit all operations and GNU/Linux systems. This is not meant to be a book on methods for defensive cybersecurity. For those concerned with exploitation of GNU/Linux systems, see the reference to Madaidan's hardening guide.[^62]
 ## Vehicle Tracking
 Vehicles and privacy are starting to become a wicked problem ushered in by manufacturers. In today's connected world, cars are no longer just a mode of transportation. Modern vehicles are equipped with a variety of sensors and cameras that can collect data about the car's performance, location, and usage. Almost every vehicle following 1996 has embedded systems, OnStar or the more modern Starlink, that have a default opt-in policy. This data can include information about the car's speed, fuel efficiency, and maintenance needs, as well as the car's location and travel history. Some cars also have cameras that can collect data about the driver and passengers, such as facial recognition data and biometric information.
 Vehicles typically have a single Data Communication Module (DCM) that is responsible for managing and transmitting data from various systems within the vehicle. However, there can be multiple DCMs present in a vehicle, depending on the make, model and year of the vehicle, as well as the features and options that are included. Some vehicles may have a separate DCM for certain components and features. Some of the DCM groupings are as follows:
 - Infotainment system management, which includes features such as the radio, Bluetooth, and USB connectivity. This DCM would be responsible for managing the data that is sent and received by these systems, such as music, podcasts, and phone contacts.
 - Telematics, which can include features such as OnStar and Starlink, which can provide remote access, navigation, and emergency assistance. This DCM would be responsible for managing the data that is sent and received by these systems, such as location data, speed, and driving behavior.
 - Advanced Driver Assistance Systems (ADAS), which can include features such as lane departure warning, automatic emergency braking, and adaptive cruise control. This DCM would be responsible for managing the data that is sent and received by these systems, such as sensor data, camera data and vehicle movement data.
 > Note: Not all vehicles have the same number and type of DCMs, and the data that is sent and received by these systems can vary depending on the manufacturer and the vehicle's features.
 ### Signal Transmission
 Data Communication Modules (DCMs) in vehicles are responsible for receiving and transmitting a wide array of signals. transmitted to dealerships, manufacturers, and service providers through various communication systems, such as cellular networks and satellite systems. For example, OnStar, which is a system offered by General Motors, uses a cellular network to transmit data about the car's location, diagnostics, and other information to OnStar's servers. Similarly, Starlink, which is a satellite-based internet service offered by SpaceX, can be used to transmit data from cars to Starlink's servers. Some of the most common signals that are received and transmitted by DCMs include:
 - Cellular Networks
  - As discussed above, cellular is used to transmit and receive data. The protocol used may vary depending on the age of the vehicle. This could include 4G, 5G, and even legacy protocols such as 3G as a fallback solution.
 - Global Positioning System (GPS)
  - DCMs use GPS and other location-based technologies to track the car's location and movement. GPS is always broadcasting, and vehicles only act as a receiver, however this does not mean that the location data cannot be cached and transmitted.
 - Tire Pressure Monitoring Systems (TPMS)
  - Tire sensors communicate to the vehicle's TPMS receiever(s) via radio frequency (RF). They are transmitted at 315MHz in most of the world, and 433MHz in Europe.
 ### Vehicle Beaconing
 Vehicle data collection is transmitted and shared to a variety of parties:
 - Manufacturers
  - DCMs can send data to the car's manufacturer, such as performance data, diagnostic information, and software updates. This data can be used for research and development, product improvement, and warranty claims.
 - Dealerships
  - DCMs can send data to the dealership where the car was purchased, such as service records, maintenance information, and vehicle history. This data can be used for customer service, sales, and marketing.
 - Service providers
  - DCMs can send data to third-party service providers, such as mechanics, body shops, and rental car companies. This data can be used for repair and maintenance, tracking and inventory, and fleet management.
 - Insurance companies
  - DCMs can send data to insurance companies, such as location data, speed, and driving behavior. This data can be used to adjust insurance rates, track and recover stolen vehicles, and investigate claims.
 - Government agencies
  - DCMs can send data to government agencies, such as the Department of Motor Vehicles (DMV) and law enforcement. This data can be used for registration, compliance, and enforcement.
 - Telematics service providers
  - DCMs can send data to telematics service providers, such as OnStar and Starlink, which can provide a wide range of services, such as navigation, remote access, and emergency assistance.
 - Cloud-based platforms
  - DCMs can send data to cloud-based platforms, such as Amazon Web Services or Microsoft Azure, which can be used for data analytics, machine learning, and artificial intelligence.
 It is important to note that not all vehicles send data to the same parties, and the data that is sent can vary depending on the manufacturer and the vehicle's features. Some vehicles may send more data than others, and some data may be sent with the owner's consent, while other data may be sent without the owner's knowledge.
 ### Mitigations
 There are only a few avenues out of this nightmare:
 - Option 1: Obtain the source code (assuming it's not black box), gut the telematics, and proceed to flash custom firmware to your vehicle via USB.
  - Unlike flashing a cellphone where you run the risk of bricking the device and losing a menial 300-500 USD, here you are playing with an object that could run you anywhere from 10,000-65,000 USD.
 - Option 2: Disconnect the DCM, which could run the risk of losing base functionality to sensors, speakers, safety features, and other miscellaneous functionality.
 - Option 3: Surround the DCM with Faraday shielding material, which could prevent the loss of base functionality in the vehicle along with avoidance of any warranty concerns.  
  - I should add the disclaimer that this still has the potential to create certain hazards for your vehicle as many of the sensors tie in with the DCM.
 - Option 4: Become your own mechanic and maintain old vehicles from the 80's and 90's.
 Overall, data communication modules in cars significantly compromise an individual's privacy by collecting and transmitting a wide array of personal information without the owner's knowledge or consent. It is important for car owners to be aware of the data that is being collected and transmitted by their vehicles, and to take steps to protect their privacy.
 In addition, cars with data communication modules have a potential vulnerability to hacking. If the communication module is not properly secured, it could allow unauthorized access to the vehicle's systems and the data stored in them. This could lead to the theft of personal information, the manipulation of the vehicle's systems, or even the physical theft of the car.
 ## Physical Precautions
@ -692,10 +747,7 @@ This wouldn't be a complete work on anti-forensics without some mention of physi
 With nuances added from the modern surveillance state, traffic cameras force your hand by revealing every intersection which you have passed through. There are a few methods to circumventing this privacy infringement. Darkened weather covers for your license plate (Warning: This method could result in a fine with the wrong officer) or a well-rigged bicycle rack could prevent cameras from picking up your plate number. Alternatively, if a destination is within a few miles of proximity you could either ride a bicycle (with a disguise), or decide to become a motorcyclist. With motorcycles, the plate numbers are significantly smaller and could even be blocked by your feet on particular bikes. The helmet would stand to mask facial features, and the jacket would cover any identifiable features such as tattoos. While on the subject of tattoos, it is worth mentioning that Palantir has been involved in "predictive policing" leveraging footage obtained from traffic cameras to profile individuals.[^63]
-Vehicles and privacy are starting to become a wicked problem ushered in by manufacturers. Almost every vehicle following 1996 has embedded systems, Onstar or the more modern Starlink, that have a default opt-in policy. They proceed to parade this "convenience" as a feature. Nearly all modern vehicles have multiple cameras, sensors, and Data Communications Modules (DCM) that accept/transmit GPS and cellular signals. Many vehicles report back your odometer reading in real-time. If you opt-out of their service, the data collection does not stop. There are only a few avenues out of this nightmare. The first option is obtain the source code (assuming it's not black box code), gut the telematics, and proceed to flash the firmware to your vehicle via USB. Unlike flashing a cellphone where you run the risk of bricking the device and losing a menial 300-500 USD, here you are playing with an object that could run you anywhere from 10-40k USD. The second option is to disconnect the DCM, which could run the risk of losing base functionality to radio and speakers. If you are able to successfully surround the DCM with faraday shielding material, loss of base functionality in the vehicle to things such as speakers could be avoided.  I should add the disclaimer that this has the potential to create certain hazards for your vehicle as many of the sensors tie in with the DCM. The third option is to become your own mechanic and maintain old vehicles from the 80's and 90's.
+Any tech devices that you purchase will have some identifier that could lead back to you. Make this a moot point and procure every device (even USBs) anonymously with cash. If you're out on a distant road trip, make some of your purchases. Wear a hat accompanied with some baggy clothes. Perform a slight change in your gait as you walk (uncomfortable shoes could help with this). Alternatively, pay someone via proxy to do your bidding.
 Vehicles aside, it should go without saying that any tech devices that you purchase will have some identifier that could lead back to you. Make this a moot point and procure every device (even USBs) anonymously with cash. If you're out on a distant road trip, make some of your purchases. Wear a hat accompanied with some baggy clothes. Perform a slight change in your gait as you walk (uncomfortable shoes could help with this). Alternatively, pay someone via proxy to do your bidding.
 ## Use Cases
 There is no way to address every threat model, therefore I have opted to provide mitigations to some of the justifiably paranoid cases.
@ -747,9 +799,6 @@ For the journalists:
 *"Veritatem cognoscere ruat cælum et pereat mundus." | "Know the truth, though the heavens may fall and the world burn."*
 And for the hollow men (federal agents or contractors) who stumbled upon my work by investigation or happenstance:
 *"If ye love wealth better than liberty, the tranquility of servitude better than the animating contest of freedom, go home from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains set lightly upon you, and may posterity forget that ye were our countrymen."* - Samuel Adams
 ## Appendix A
 ```
@ -907,6 +956,7 @@ Donations to support related projects under `0xacab.org/optout/`` are welcome wi
 [^44]: "Stylometry and the Unabomber: An Exploration of Authorship Attribution" by J. Pennebaker, J. Mehl and R. Niederhoffer (2003)
 [^45]: Koppel, M., Schler, J., & Argamon, S. (2009). Stylometry with audience annotations: determining the audience of non-individualized text. Journal of the American Society for Information Science and Technology, 60(6), 1123-1139.
 [^46]: Koppel, M., Schler, J., & Argamon, S. (2008, August). Anonymouth: A stylometry-based tool for authorship anonymization. In Proceedings of the 17th ACM conference on Information and knowledge management (pp. 713-720). ACM.
 MITRE Countermeasures - https://d3fend.mitre.org/technique/d3f:RFShielding/
 [^47]: Eder, M., Kestemont, M., & François, T. (2015). Stylometry with R: a package for computational text analysis. Journal of Statistical Software, 63(6), 1-29.
 [^48]: Wigle - https://wigle.net/stats#ssidstats
 [^49]: USBKill - https://github.com/hephaest0s/usbkill/blob/master/usbkill/usbkill.py