Students Get Unlimited Data by Taking SIMs from IoT Car Parking Clamps

When the University of Oklahoma introduced new ‘smart’ clamps for incorrectly parked cars, they probably thought they were going to reduce their costs and collect more money from naughty students. However, they little appreciated that the clamps would be raided for the SIM cards inside.

The barnacle clamps (pictured) are designed to use suction so they cannot be forcibly removed from the windscreen of cars, obscuring a driver’s view of where they are going. They can be released remotely if the driver pays their fine, either online or over the phone. When the suction is released the driver is expected to deposit the clamp in a nearby storage facility, eliminating the cost and hassle of requiring a parking warden to come to the car. And if a reckless driver tried to drive away with the clamp still in place, or wanted to steal a clamp after it had been released, then parking wardens would be notified and can track its movements by GPS.

However, students at the University of Oklahoma did not take kindly to the introduction of the barnacle clamps, and eagerly set about compromising them. Some discovered ways to break the seal on the window so they could be physically removed. And according to this Reddit thread, other students learned how to remove the SIM card from the clamp and use it to obtain unlimited free data.

The SIM cards this particular company was using for the GPS function had unlimited data, so I began to tether off of the Barnacle’s connection. It took them several months to disconnect the service.

This is another illustration of the ways businesses underestimate the risks of connecting everything to the internet. These students showed a lot of cheek whilst also demonstrating a serious weakness with this networked device.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.