-Battery pack
--The device is powered by four lithium-thionyl chloride (Li-SOCl2) D cell batteries
--Each cell is good for 13,000 mAh and are suited for extremely low-draw applications where longevity is needed, making them ideal for powering an always-on transmitter/receiver
--Minimal service life is 10 years.
-GPS antenna
--A quick peek at the antenna board indicates it was manufactured by SIgem, a company that partnered with Tyco in the early 2000s to make GPS components.
--The FBI really did not want anyone tampering with the innards of their tracking devices. The screws were coated with so much threadlocker that we had to break out the power drill and eliminate the screw heads.
--The module providing the GPS signal processing on this device is a µ-blox GPS-MS1 that's sort of ancient in the realm of modern electronics.
--This module was 1st released June 29, 1999 and it features 0.125 MB of SRAM and 1 MB of flash memory.
-Transmitter/receiver ICs
--XEMICS XE1201 Ultra low power single chip transceiver
---The XE1201 allows for data transmission and data reception in half duplex mode.
--RFM RF1172 SAW (surface-acoustic-wave) filter
---The RF1172 provides front-end selectivity (the capability to separate signals in one frequency from all other frequencies) in 433.92 MHz receivers.
[Edit: Please note, much of the text above is c/p'd from the ifixit post.]
If the FBI didn't want anyone tampering with the unit, they would have potted it in heavy epoxy or welded the case shut. Maybe even put a light-sensitive thermal charge inside.
More likely they were worried about the screws vibrating themselves off while stuck to the underside of a car - thus the threadlocker glue everywhere.
The fact that they didn't pot it is interesting. I hadn't thought about that. Potting seems to be on the decline over the last 10 years from what I've seen.
Re: software—we linked to the reference design, which includes a lot of information about the software. There should be plenty of information available to start investigating their implementation.
Potting is still used heavily in industrial electronics and a lot of appliance work (think of washing machine control boards). I would think the military uses it a lot as well.
Is that the PCIe crypto module shown in Google searches for IBM 4765? Please share the link if you have it, as I couldn't find a teardown in my brief search. I'd like to see how one would dismantle a potted circuit.
Yeah it's the crypto module. I think the teardown involved shaving the part down layer by layer and examining all the parts like the fine wire meshes that would instantly blow the chip if disrupted and etc. Wish I could remember where I saw it.
Yeah it looked to me more like the product designer was concerned about ruggedizing it for the automotive environment and possibly making a weak attempt at making it tamper-evident.
It certainly didn't look like anything designed to protect secrets.
When do you expect to find one of these stuck to the bottom of your car? ;)
In all seriousness, do you believe it would be possible for the FBI to make a similar device to use on bicycles (inside handle bars), motorcycles, scooters, or Segways?
I don't know the answer to either of these questions. It appeared to be a standard GPS receiver, but some investigation would reveal whether the manufacturer supports military mode.
http://docs.google.com/viewer?a=v&q=cache:7hhk_GsNmTQJ:w...
I never saw it on the car, but the antenna mount had a hinge that would allow it to stick out from the side of the car. But that would be rather conspicuous—I think that's why the antenna is so large.
AFAIK 433MHz can be used for any short-range application, similar to 27/49MHz for R/C cars. There are plenty off-the-shelf 433MHz transceivers for hobbyists, and I think car remote-unlockers use that band as well. And this doesn't appear to have a particularly powerful transmitter, so you'd have to bring the transmitter relatively close to the receiver (like <100ft, usually) in order to download...whatever.
If they're able to put this thing on your car in the first place, I guess it's not infeasible for them to drive by to download updates.
Why would tampering with such a device be illegal? Or blocking their signal? It's your car and until proven otherwise, you have no reason to bear with other people or the government installing such surveillance equipment.
If you're a convict then you might be released earlier but with some electronic surveillance, but even that is with your own consent.
We have not—I had limited time with the device at Wired's office. We powered it on and used a frequency analyzer on it, but that was the extent of our investigation. We were concerned that black helicopters might show up if we left it on too long. But I hope someone else does!
What, you mean for all the other devices we take apart that regularly phone home to their manufacturer, who would show up at a moment's notice in a black helicopter to put an immediate halt to our technical analysis?
Of course! We have to block RF transmissions all the time!
For the manufacturer, maybe. But then you have to factor in bribes to the federal procurement officers and junkets to Atlantic City to land the contract, and then medical payments for the workers who burned themselves hand-soldering resistors on that board. That's gotta up the price to at least $3K/unit or so! :-)
Can't really. Cost of BOM bears no relationship to selling price. His post below says it costs about $30 in 1k quantities. So estimating about $50 in 10pc prices, if I were building a few for a government agency/large corporation, ignoring NRE charges I'd probably price them upwards of $1000 each. This is not exactly something you can purchase at Best Buy...
61 Watt-hours. That little battery could power a 60W light bulb for an hour!
(I'm currently working on a bluetooth -> IR bridge. I was worred about battery life from a coin cell, but now I'm not anymore. I will get one of these in half-AA size and keep the thing powered for the next decade :)
Batteries(maybe not these but definitely car batteries) are typically rated at the 20hour drain rating. If you increase the current draw you will increase the power dissipated over the resistance inside the battery and reduce the amount of available power in a non linear fashion.
Frequency and transceiver information are already posted. My guess is that the transmissions aren't encrypted, or are encrypted trivially or encoded (to obfuscate).
Since you said "we should", you should get started on it and post your findings here or better yet on a blog. The iFixit article provides a lot of bases to research from.
It might be more effective, and more legal, to just sell your car as soon as you become aware that you've been tagged. Bonus points if you sell it to someone who is either taking a cross-country drive, or shipping it overseas.
Surely it's much, much easier to just put it on your neighbour's car. They'd probably believe they were getting real data or your partner was using the car. And could probably never accuse you of tampering as they couldn't be sure it wasn't just a mistake by the planting agent.
if he does it to tamper with federal investigation - then i'd guess it'd be a violation.
If he does it to improve fuel efficiency of the car and remove unnecessary weight from the car ... it'd be interesting whether it is possible to bill the government for the service of carrying their stuff around. Or for not being able to use the car at all as having the GPS tracker attached the car may become unsuitable for your use. Shouldn't anybody whose property taken over and used by the government to be justly compensated?
Well you can bill the govt. but not sure you'll get paid ... ;-)
In general, and most people are surprised by this, you cannot sue the US govt in court. Well you can, but only in certain cases where it allows itself to be sued -- tort cases and some IP laws and even then you almost never get a trial by jury, only a federal judge.
So you'd have to construct this as a tort case and use Federal Tort Claims Act (FTCA) to your advantage. I suspect if you try that, FBI will invent some reason to arrest you or at least harrass you (interfering with an investigation, obstruction of justice, damage of federal property, etc etc...).
I don't want to trivialize how scary it is that the FBI does this, but what I found interesting about this story was the insane capacity of the batteries. Why aren't more consumer electronics(especially iStuff where they aren't user serviceable) using this technology?
Lithium thionyl chloride batteries are not rechargeable. You get 2-3x the capacity of a rechargeable battery, once. Makes sense for this application but not consumer devices.
The FBI demanded the device back and she said no. Amazingly, that was the end of the story—until the Afifi story came out, and she decided to give Wired the tracker.
The interesting legal question (in addition to whether you need a warrant to do this sort of thing) is who owns something attached to your car?
I'll be very interesting in hearing what the Supreme Court has to say about all this. Consider the following worst-case scenario:
1. Supreme Court rules that use of GPS tracking devices by law enforcement do not violate 4th Amendment.
2. Future court rulings find that tampering with GPS devices amounts to interfering with a police investigation.
3. Law enforcement starts planting GPS devices directly on persons, such as in a purse, or when miniaturized further, in wallets or attached to clothing. Maybe these devices only capture data "when in public areas" and are eventually declared legal.
4. Since they cannot be tampered with, police begin attaching wristbands to citizens stopped at routine traffic stops who they suspect of crimes.
Sounds far-fetched, but not when you consider the amount of surveillance that goes on already via cell phones and credit cards.
The article indicates that court rulings have been mixed as to whether a warrant is required. I suspect the FBI doesn't want to force the issue, in case they lose.
If the tracking were completely legally sanctioned, I can't imagine that the trackee would have any claim to ownership over the device.
I suppose its as simple as their demands not being met. "We want it back." "Nope, I already took it apart and posted it to teh intarwebs." "Well then."
-Battery pack --The device is powered by four lithium-thionyl chloride (Li-SOCl2) D cell batteries --Each cell is good for 13,000 mAh and are suited for extremely low-draw applications where longevity is needed, making them ideal for powering an always-on transmitter/receiver --Minimal service life is 10 years.
-GPS antenna --A quick peek at the antenna board indicates it was manufactured by SIgem, a company that partnered with Tyco in the early 2000s to make GPS components. --The FBI really did not want anyone tampering with the innards of their tracking devices. The screws were coated with so much threadlocker that we had to break out the power drill and eliminate the screw heads. --The module providing the GPS signal processing on this device is a µ-blox GPS-MS1 that's sort of ancient in the realm of modern electronics. --This module was 1st released June 29, 1999 and it features 0.125 MB of SRAM and 1 MB of flash memory.
-Transmitter/receiver ICs --XEMICS XE1201 Ultra low power single chip transceiver ---The XE1201 allows for data transmission and data reception in half duplex mode. --RFM RF1172 SAW (surface-acoustic-wave) filter ---The RF1172 provides front-end selectivity (the capability to separate signals in one frequency from all other frequencies) in 433.92 MHz receivers.
[Edit: Please note, much of the text above is c/p'd from the ifixit post.]