20.5k unique visitors in the last 3 days

Students Get Unlimited Data by Taking SIMs from IoT Car Parking Clamps

'Barnacle' car parking clamps adopted by the University of Oklahoma contain SIMs for remote management and location tracking.

When the University of Oklahoma introduced new ‘smart’ clamps for incorrectly parked cars, they probably thought they were going to reduce their costs and collect more money from naughty students. However, they little appreciated that the clamps would be raided for the SIM cards inside.

The barnacle clamps (pictured) are designed to use suction so they cannot be forcibly removed from the windscreen of cars, obscuring a driver’s view of where they are going. They can be released remotely if the driver pays their fine, either online or over the phone. When the suction is released the driver is expected to deposit the clamp in a nearby storage facility, eliminating the cost and hassle of requiring a parking warden to come to the car. And if a reckless driver tried to drive away with the clamp still in place, or wanted to steal a clamp after it had been released, then parking wardens would be notified and can track its movements by GPS.

However, students at the University of Oklahoma did not take kindly to the introduction of the barnacle clamps, and eagerly set about compromising them. Some discovered ways to break the seal on the window so they could be physically removed. And according to this Reddit thread, other students learned how to remove the SIM card from the clamp and use it to obtain unlimited free data.

The SIM cards this particular company was using for the GPS function had unlimited data, so I began to tether off of the Barnacle’s connection. It took them several months to disconnect the service.

This is another illustration of the ways businesses underestimate the risks of connecting everything to the internet. These students showed a lot of cheek whilst also demonstrating a serious weakness with this networked device.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email