Using SMS as the control protocol seems like a bad idea. You are generating evidence with each command sent that may or may not be stored practically forever by the telcos.
The caveat being that these things are only doing cell tower triangulation, and not even a good job of it. So all it will be able to tell you is that your car is somewhere on the east side of the city or so. Although you will be able to listen in on the conversations of the car thieves and might pick up a clue from that.
Realistically, these are 100% for stalking/espionage.
I took the exact opposite conclusion from this information. How is it useful for stalking if it doesn't give more exact location? On the other hand if I'm looking for my own car that somebody took out of the city, this at least gives me a general idea of its location.
For stalking/espionage, approximate locations (especially which can be refined over long observation periods and combined with other data) are often fine. Patterns like when does someone leave for work, what shifts do they work, where do they go on weekends, etc can be quite apparent.
If your car is stolen, what good is knowing the general location?
Hmm, I guess my eurothinking is showing. I work and live within a 5 km radius. I guess in the US you can get much more useful that's even though it's approximate.
If my car is stolen and taken away, at least I can call that city/country police instead of waiting when it gets through the bureaucracy.
It's packaging says "data cable", not a "car tracking device". Why would they use misleading packaging that the thieves would never see? Obviously it is meant to be used as a present, or for example, for an employee bringing this "cable" to work.
That is valid for any centralized service in general. Fun fact: I am working on something in that field in my spare time(whenever I have both time and motivation) and I opted for LoRa instead specifically for that reason, even though it comes with a wide range of limitations: payload, range is determined by line of sight, no multiplexing and all that. But did make some real world testing late last year and the range I got was REALLY impressive. Easily 20% above what the manufacturer had put in the spec sheet - 12 and a half kilometers with an off the shelf dev board.
True, well I'm in the EU so 868MHz in my case. Still, it is very susceptible to external conditions. It truly is a hit or miss. Personally I host a things network gateway(indoors), I live on the last floor of a building at one of the highest points in the city and it is still very inconsistent when I've been fiddling with it. Back when I was doing my tests a few months ago I took a micro controller with a LoRa module up on the roof so those truly were ideal conditions. I have yet to test the CC2500.
Wouldn't someone using this sort of thing also buy a cheap burner phone and throw-away sim card? They're easy to buy with cash and you don't need to register them or anything to use them. Supermarkets in the UK even sell sims with credit already loaded onto them.
I can't imagine the UK doesn't have laws to prevent anonymous SIM card purchases, because of terrorism fears.
Some duckduckgo-ing suggests it's possible, e.g. someone wrote just go to Tesco to get one and there are no ID checks (but this was written 6 years ago). In any case, just like teenagers buying booze, it's probably not that hard to pay someone off the street to buy one for you.
No ID is required to buy a pay as you go SIM card in the UK. Just walk into any supermarket or pretty much any corner shop and they will sell you a Sim for a quid at most. (You can also get them for free from the networks directly on their websites, but now they know the address the sim was sent too)
Top up credit is the same, ask the counter staff for £x on network Y and once you have paid they will give you a printed receipt with a code on it for your desired amount.
It’s not really seen as a “national security issue” because most people don’t practice perfect opsec and leave enough details and fingerprints behind.
And an ID check ain’t going to prevent anyone from getting hold of a sim via other means (like you said, pay someone on the street as just 1 example)
Now, try and access porn on that SIM card? Well hold on there, now we need to know who you are!!! (Though you can often blag your way around this via social engineering the CS agent on the phone. Or just bypass the block by using a VPN/Change DNS settings.)
I thought I read you could buy "adult verification cards" by going to a newsstand and presenting ID that is potentially verified by the seller (if you appear underage) but not recorded. Like alcohol or tobacco purchases are in the US.
There were plans for that (And as another kick in the teeth, those porn-passes would expire, want more porn? go buy another pass!), but those plans got shelved because they finally figured out it was a dump idea. Though "we got to protect the kids" does keep popping back up every now and then.
(It wasn't the only way to verify your age, it was "just" meant as a way to prove age to a site without having to share your ID/Credit Card with that site, as not every adult has an ID/Credit Card)
As of right now every pay as you go sim comes with adult filtering enabled, you are then asked to proof your age in a number of ways to the provider to disable the block, this can be by using a credit card, or by popping into one of the providers stores (if they have one), last PAYG provider I unblocked adult content on used AI to guess my age from a selfie and no ID was required (The verification promised to not store my photo after verification, you kinda have to take them at their word for that, but breaking such a promise would land them in trouble with the ICO). I have on at least 2 occasions got the blocked disabled just by having a chat with a customer service agent on the phone, however that was about 5ish years ago, that provider may have changed up their methods in the years since.
Contract plans tend to give you the option when signing up if you want the adult content block or not, because on contract plans the account holder has to be 18 years old to sign up, but they also know that parents will take out contract plans for their kids to get a better deal on the phone/plan so the option is there for the parents to apply it / remove it as they deem fit.
Same goes for the larger fixed line ISPs, during sign up you are asked if you want adult content filtering or not (some will also offer more categories to filter such as gambling, social media, etc etc etc), but its only the larger ISPs that have to do this (iirc its not a legal requirement, but something the industry agreed too to avoid it becoming a legal requirement, however its been that long my memory could be faulting me on that). The smaller ISPs don't have to do so and some of them (A&A for example) pride themselves on not filtering the internet for their customers.
The crazy thing is on all the providers I have used (however I've not tested every provider), the filtering seems to be done pretty much always at the DNS level, change your DNS settings to anything other then the providers and you are able to bypass the parental controls.
Sky iirc (its been a while since I have used them) did do some deep packet inspection on filtered sites, but if the site was hosted behind the likes of cloudflare they only blocked at the DNS level for that site as not to cause any issues with any other sites hosted behind that proxy.
EDIT: Oh one thing I remember from when I had to use Sky for a brief period about 6 months ago, they "somehow" (not actually looked into how they do so, a couple of ways they could do this pop to minds, I just never dug into it.) pass long your filter status to Google and Bing when you do a search, so if you had adult filtering enabled at the ISP level Google would force enable safe-search on their end.
If you're hacking around with phones or GSM boards for fun, on and off, it is cost effective to just grab one for a pound or so every time you want to do something as they sometimes come with a tiny bit of free data, or just a number to receive SMS on at least.
If you don't top up (with say a tenner) within some months the card deactivates and becomes useless, so it's a no-commitment way to access the GSM network.
Only about 2 of them will record anything resembling a usable image - the rest are either broken, potato quality, pointing at nothing, or recording to media that’s so fucked that it’s highly unlikely to capture anything useful.
Not to mention the vast majority of them are privately owned and require a shit tonne of paperwork for the cops to access them, so they don’t bother unless it’s a murder case.
Nonetheless the coverage was enough for highly motivated law enforcement agencies to reconstruct almost every step of the paths taken by the Russian assassins, sorry, “sports nutritionists”, when they paid a visit to the UK to nourish a certain enemy of Russia with Novichok.
In Russia they would ask for your internal passport (aka the "ID") and put your name, birth date, and registered address into their database. It's illegal to sell sim cards without that.
When I traveled to Europe recently and bought a French tourist sim, the carrier warned me multiple times that I need to provide my identity to continue using it beyond 30 days.
As long as there are no id-checks required for roaming and there is at least one country without id-checks, any id-check for local SIMs is security theater only.
If I understand correctly you need atleast one sms to know the credentials to the web portal. that's probably enough to get caught if someone finds the device.
If you can get an unidentifiable SIM for the tracker, you can also get one + a burner phone for yourself. And if someone is stupid enough to not do that or to turn on either device in an identifiable location, they're beyond help.
