The words "Social Networking" retain healthy buzzes in most industries in the city.
Everyone knows it's not what you know, it's who you know. When your talent, work-ethic,
education, and tenacity don't pay off, your college frat buddies just might. Nederlander's
dad owns a private investment firm and can probably get you in despite your lack of
experience. Thank God you didn't complain too much during the hazing rituals. Or maybe
you get introduced to that director you've always admired and you know that he might put
you in his next movie if you'll just "do him the favor in return." No matter how you attain
your next job, you'll inevitably rely on "someone who knows someone" to get that ball rolling.
Social Networking is key, but it's also time-consuming and tedious. What if it could all be done
for you. Imagine never having to make that monthly check-in with "the woman you met once from the
Altria Group" to make sure she even remembers your name, let alone sees your next project. It doesn't
have to be the stuff of fantasy any more.
Through a practice known as "BlueSnarfing" we propose to "discover" the mobile phonebooks
of people using certain security loophole-laden Bluetooth devices. How does the selection
process work? Fortunately that work has been done for us by the major mobile phone manufacturers
and the lack of information provided regarding the security concerns that are inherent in the technology. Basically, by purchasing the wrong model Bluetooth enabled phone, you've already selected yourself!
How does it work? Unbeknownst to the phone owner, her device will betray its list of saved
phone numbers to a nearby laptop. After the list is acquired, an Asterisk phone server will
generate a "conversation" with each number in the list. The first number on the list is called
and receiver's response recorded. The next number on the list is called, the first number's
initial response is played back to the new number, and the new number's response to the old
number's prompt is recorded. This continues for however many phone numbers are in the contact
list. The server cycles through the list only once and indiscriminately.
The by-product of this simple set of rules is the auto-generated conversations that accrue
when a number may recognize a voice saying "...hello?..hello..." and responds with "Jim -
Jim I can hear you." only to be the prompt for the next number who may respond with "...Jim...
who is Jim?" and subsequently "...Jim is my old...wait just a sec...who is this...I don't know
Jim..." and so on and so on into incomprehensible madness...the stuff of a Richard Foreman script.
Each snarfed and "nudgingly-networked" phone-book will attain it's own auto-dialogue, unique to its
personal and business contacts' personality and natural temperament.
****************************************************************************
As the technologies of Bluetooth and telephony servers are new to both of us as artists, we plan to roll this project out in phases. The first phase will concentrate on researching the bluetooth security resources by trifinite.org [5], the bunker [6], and Martin Herfurt [7]. Using these sources, we will test some of the software and processes available in them on practice phones to ensure that we will not do any damage to strangers devices (this step will require us to become familiar with running Linux and the UNIX command line.) Once we have found a process that successfully downloads a cellphone's list of contacts without leaving any trace, we will then begin to set up an Asterisk server capable of dialing through and recording conversations from a list of numbers. Again, testing will be done with our own contacts to avoid any damage to strangers. (We also do not want to begin gathering phone numbers in public until we can quickly process them and delete the information.) When the bluesnarfing process and Asterisk server are both running reliably, we will begin listening for mobile phonebooks in public spaces and processing conversations from the list of numbers that we catch. In the end, we hope to have a series of audio files that explore the personality or texture of each phone book that we find.
In addition to highlighting the insecurities of bluetooth technology, we aim to explore the ways in which the data we employ interconnects users and the resulting privacy concerns. The U.S. government has yet to fully reconcile matters of such data relationships. In SMITH v. MARYLAND (1979) [1], a robber was convicted due to the numbers that he dialed from his home. The police obtained this information by asking his telephone provider to install a pen register (a device that records numbers dialed without recording the content of the conversation) at its central offices. Applying the reasonable expectation of privacy test established in KATZ v. UNITED STATES (1967) [2], the court decided that this evidence could not be thrown out because Smith could have no such expectation since he should have known that the numbers he dialed were relayed to the telephone company who could justly record those numbers. In using the telephone, the court determined that the user only demonstrates an interest in the privacy of the conversation's content and not the number itself. As discussed by James C. White [3], the failure of this decision "lies in its refusal to recognize the power of data interconnection." Although a telephone number is public record, the fact that one party knows another's number is not, and it is this relationship that the police in this case were able to capitalize upon.
As people store more data on their cellphones, governments and society must acknowledge and learn to protect the web of relationships . Already, the telephone companies know who we call and even where we are ( Virgin Mobile tracked its users' locations for two years before admitting such capability [4]). We can venture guesses about how the telephone companies and government might use this information, but can we imagine the resulting behaviors of marketers, criminals, or even the merely curious when these maps are with us at all times? The Parisian flaneur could hazard a guess at a passersby's class, beauty or mood, but a successful bluetooth glance in this day and age can provide sensitive data about a person's relationships and activities. What can your phone book tell us about you?
On some device models, your phone could tell us quite a lot about you. Many flaws in the Bluetooth specification have surfaced in the past couple of years. These flaws allow for a variety of attacks with mashed up names like bluejacking, bluebugging, backdoor attack, and bluesnarfing. Most of these attacks rely upon the device being in Bluetooth discoverable mode, but even making a device hidden apparently doesn't work in some cases. Generative Social Networking will rely on the bluesnarfing technique for gathering contacts only from discoverable phones. With bluesnarfing, our networking system can connect to a mobile device without the owner of that device being aware of our assistance! Just keep broadcasting those contacts and we'll take care of the rest!
Your mistress will call your Child's school Principal! Your mother will call your drug dealer! Hilarity and good social networking are sure to ensue. What protects this egocentric universe of your orbiting contacts from completely disintegrating is anonymity and lack of proof. So although your college sweetheart calls your wife, your wife can't track the number, even though she may recognize the voice. So-long boring dinner conversation!
[1] SMITH v. MARYLAND, 442 U.S. 735 (1979) http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?court=US&vol=442&invol=735
[2] KATZ v. UNITED STATES, 389 U.S. 347 (1967) http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&vol=389&invol=347
[3] White, James C. "PEOPLE, NOT PLACES: A Policy Framework for Analyzing Location Privacy Issues," Masters Memo Prepared for the Electronic Privacy Information Center. Spring 2003. http://www.epic.org/privacy/location/jwhitelocationprivacy.pdf
[4] Kridel, Tim. "A Sense of Where You Are," The Net Economy, November 2001 http://www.findarticles.com/p/articles/mi_zdtne/is_200111/ai_ziff18360
[5] trifinite.org
[6] The Bunker | Security | Bluetooth - http://www.thebunker.net/security/bluetooth.htm
[7] Herfurt, Martin. "Bluesnarfing @ CeBIT 2004: Detecting and Attacking bluetooth-enabled Cellphones at the Hannover Fairground." Dipl.-Ing.(FH) Salzburg Research Forschungsgesellschaft mbH, Austria. March 30, 2004.
|
