General security

iPhone App Exposes Pontentially Anyone’s Social Security Number.

November 3, 2010 by Keatron Evans

There has been web sites around for a while that allows one to listen in on certain police, fire department, and other public service radio bands. Now this has been ported into an Iphone app. Basically, you install the app, then instantly you’re able to tune into hundreds of thousands of police and fire radio bands world wide. Just this morning I tuned in to one large cities PD band. I won’t say which city, but I will say it’s one of the top 4 largest cities in the US. Here’s a snippet of what I heard.

I heard first a domestic disturbance call. Then an assault call. Then next I heard an assault on a police officer call. Next there was an apparent stabbing, then trespass, and many other things. One thing I also heard was an elderly person who apparently had fallen and broken her hip.

What did all these calls have in common? I heard address, date of birth and social security number for every individual in question in these calls. My initial thoughts were this is cool. But of course within seconds, the security dude in me jumped out and said WTH!

Here’s what I imagined.

What if I had targeted an individual for identity theft or something worse. Let’s say I turned on my tuner app, tuned into the target person’s local PD band; Next I made a 911 call and said “This person at 555 northlake lane has was at my house last night drunk. He bragged about being wanted in another state for robbery and he’s also got a huge stash of marked 100 dollar bills in his garage. He has also been trying to sell weed to me and other neighbors the community. Please be advised he has many guns in the house and said if the police ever came he’d go down shooting. He also said he’s going to kill his wife today. He bragged about killing his wife when he lived in another state and getting away with it, while collecting lots of insurance money”.

That should be enough to send 3 or 4 squad cars screeching to this guys house. When they get there he of course acts as if he has no clue what they’re talking about. But what’s the PD typical protocol? What are they going to do first? Get his ID, call in his DL and social, make sure he doesn’t have history, warrants etc. And what am I doing? Sitting on my scanner waiting for that call to come through so I can get his social, DOB, and all the other info that goes across. I then use this info to get credit cards, or whatever else I want in his name.

One of the more shocking things I heard come across this band was “be careful Adam1, she is reported to be HIV positive”. Wonder what the HIPPA folks would have to say about that? Isn’t public service prohibited from giving out personal and health information about individuals? At least publicly? I see this as now becoming a truly “passive” and undetectable way to grab as many socials, DOB, DL Numbers, and Addresses as you want without anybody ever knowing. There’s no website to visit to look it up, there’s no google hacking; Just turn it on and listen.

Amazing.

You can find the scanner obviously on itunes http://itunes.apple.com/us/app/police-scanner/id353242187?mt=8

Or from your iPhone or iPad just go to your apps app and search for police scanner.

Posted: November 3, 2010
Author
Keatron Evans
View Profile

Keatron Evans is regularly engaged in training, consulting, penetration testing and incident response for government, Fortune 50 and small businesses. In addition to being the lead author of the best-selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish, you will see Keatron on major news outlets such as CNN, Fox News and others on a regular basis as a featured analyst concerning cybersecurity events and issues. For years, Keatron has worked regularly as both an employee and consultant for several intelligence community organizations on breaches and offensive cybersecurity and attack development. Keatron also provides world-class training for the top training organizations in the industry, including Infosec Skills live boot camps and on-demand training.

6 responses to “iPhone App Exposes Pontentially Anyone’s Social Security Number.”

  1. Cherryl Kantarian says:

    It’s actually quite easy to gain knowledge today and woodworking knowledge is not an exception. The net is a great source where you can learn a lot about woodworking and how to start with easy woodworking projects. You will have to practice what you read in order to become skillful obviously but that will be a lot of fun. [Read more]

  2. Book­marked your web site. Thank you for shar­ing. Def­i­nitely worth the time away from my homework.

  3. Textual content messaging has change into an integral a part of our day-to-day lives. Nobody can deny the insurmountable quantity of comfort it has allowed us when attending issues of both our private and business affairs. The flexibility to send quick messages on the go is what makes textual content messaging so engaging that almost all of us simply can not live with out it. It has really transcended from a mere luxury to a necessity as evidenced by the heavy influx of cell telephones out there today. Among them, the Apple iPhone is probably the one which garnered probably the most public adulation. It’s as a result of the iPhone is the primary cellphone that combined the powers of each mobile phone and computer.

  4. ‘@Cherryl. Yeah I totally agree. I look at basket weaving as the same type of thing. When you weave and whip the weaver while the weaver is weaving, you weave a more weave worthy weave. Also bears eat beets. But only the red ones. 🙂

    @les reparation iphone. Thanks for reading.

    @Vanessa. Ahhh. Yep. That too 🙂

  5. Juan M. says:

    Just stumbled across your article and was completely blown away. So much so that I downloaded a police scanner app on my iPhone, tuned in and within 5 minutes I came across the same personal info you mentioned in your article. Not only was it scary but I was disappointed it came from my old hometown. I can only imagine what the wrong person with a scanner and a lot of time on their hands can do. I’m with you….WTH!

  6. Lee Mathers says:

    In Canada you are allow to listen just not repeat or relay the information gathered from the radio waves. You can garner a lot of information from police and or emergency service band(s). What we need now is for the legislation to catch back up with the technology as I would gather this is a grey market area. ie. Is it legal to rebroadcast an encrypted/decrypted radio signal over the internet or would that be covered by the legislation here is a pdf from the CRTC http://www.crtc.gc.ca/eng/publications/reports/rp110929.pdf covering some of the digital convergence issues. I recall in the late 90’s a Canadian company that was piping all the OverTheAir TV Stations to the Internet for everyone(s) use. They were quickly shut down.

Leave a Reply

Your email address will not be published.