Bumper Sticker Hacking

pexels-photo-93632

Steve Jobs drove his Mercedes without a license plate in a bid to be incognito and flaunt the rules the rest of the world follows. Ironically, the lack of a license plate made his vehicle more visible. If you saw a new silver Mercedes-Benz SL55 AMG without tags, you knew there was a chance Jobs was at the wheel.

Objective Personally Identifiable Information

Cars can also identify people with less money and notoriety. For one, your license plate is the personally identifiable information attached to you everywhere you go. Paying a nominal amount of money can get the name of the person who registered the car, the related information on the car and possibly the address of the person.

A criminal can skip that step and look to see where a car is parked to get the address. The address is the critical data value that lets someone easily search property records, often for free and provided by government agencies. The records likely include owner names and house information.

With hardly any effort, the names, house and car of a person is known. One thing leads to another and using the information above can get phone numbers and other items. Using LinkedIn can yield the person's professional and education history.

  • Vehicle
  • Home
  • Name
  • Number
  • Work
  • Education

Subjective Personally Identifiable Information

An unexpected source of intelligence about a person can come from the bumper stickers and magnets that dot many people's vehicles. Combining the objective information with the subjective likes, dislikes and quirks of a personality paints a full picture.

Here are a few examples of bumper stickers and the types of conclusions that can be drawn from them:

2490169298_6537e09376_b-bumper-sticker

Image courtesy of Flickr user HELVETIQ

  • They like diving and outdoor activities
  • They shop local
  • They are short
  • Favorite brands include Patagonia, Mammut and Apple
  • They prefer organic and locally-grown food over McDonald's
  • They are a Democrat

 

4045248617_0c99e06ae6_b
Image courtesy of Flickr user Thomas Thomas Cizauskas
  • They are a Democrat
  • They enjoy visiting Belize and the Appalachian Mountains
  • They are fans of the Washington Nationals
  • They prefer reading to watching television
  • Fans of dancing and music

Misuse of Information

Soon enough, there is enough data on a person that phishing or identity theft can take place. Getting the contact information of friends and family could allow for phishing of them, by using the information known to impersonate you
 
Favorite brand information could inform a phishing campaign promoting that company. For example, a giveaway for Patagonia might be directed to someone who is fan. Knowledge of locations frequented could inform outreach. For example, a message might relate to a trip to a known favorite location. The personal knowledge from a car's bumper stickers could inform all sorts of social engineering angles of attack.
 
The point of looking at this is not for everyone to drive the same nondescript block, but rather to consider privacy. Information available on your car, in your social media profiles or anywhere can be used by bad actors against you and those around you. 
 
Did you enjoy this blog article? Comment below with your feedback.

 

About CIPHER

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of services: Managed Security Services (MSS), Managed Detection and Response (MDR), Cyber Intelligence Services (CIS), Red Team Services (RTS), Governance, Risk and Compliance (GRC) and Cybersecurity Technology Integration (CTI). These services are supported by the Cipher Lab, an elite threat and cyber intelligence research and development lab, and also by five 24x7 Security Operations Centers (SOC).

Cipher is a highly accredited company holding ISO 27001, ISO 22301, ISO 20000, ISO 9001, SOC I, SOC II, PCI QSA, PCI ASV and CREST certifications. The quality of service has led Cipher to win many awards from world-renowned research companies such as Gartner, Frost & Sullivan and Forrester. Clients consist of companies from mid-size enterprises to world-renowned corporations and government agencies, with countless success stories.

Recent Security Posts

Essential-Cyber-Security-Tips-Guide.jpg

Twitter Feed