We’re all familiar with Hollywood Hacking. Whether it’s the Anti-crime Squad geek pounding at the keyboard or the evil, balaclava clad hacker in a messy, dimly lit room, the image is pretty clear. So when Watch_Dogs was revealed, with its smartphone hacking and analysis, you could be forgiven for being a bit confused. It sure looks cool, but it couldn’t be real, right? As fantastical as it is, Watch_Dogs is fundamentally based in reality and could possibly work in real life. Let’s take a look how CtOS could work and how Aiden Pierce’s attacks could also work. This is going to specifically focus on Aiden’s Profiler and CtOS. Just to make it clear, I haven’t fully completed Watch_Dogs, so some of my theories might be proved or disproved at points in the game. If so, feel free to comment with more information and I’ll adjust it.
In Watch_Dogs, everything is connected to CtOS, the network that controls Chicago. CtOS controls everything from traffic to utilities and assists police with crime investigations. The game isn’t entirely clear on how CtOS devices work, however; we can make a few assumptions based on the gameplay. In game, you will notice that interaction with CtOS devices has a max range. This is most obvious with camera chaining. If all cameras were linked to one another on a physical network, it would not be a matter of range. It makes sense though, if you consider CtOS being a wireless mesh network. A wireless mesh network is where all the devices piggyback off one another to send data around. Think of it as a large group of people relaying messages around; one person might not be able to reach another person on the other side of the crowd, but by passing the message they can. Mesh networks have the advantage of being able to self heal too. This means that one or more devices could break and not cause any major network issues. If there’s an issue with one of the devices, nodes in the network, any devices relying on that node can connect through another one. This provides a very robust network, necessary for something that controls the city. A mesh network CtOS also explains the CtOS towers scattered around the map. They are likely used to connect CtOS devices to the CtOS control systems. So by assuming CtOS is a mesh net, what does this mean for hacking?
First off, the connection method would have to be common with a smartphone. It seems likely to be WiFi or another standard wireless technology, as camera chaining works through standard computers using web cams. The Profiler would also need to contain all the exploits necessary attack and take control of CtOS devices and citizens mobile phones. It’s not clear if the Profile uses a backdoor in CtOS core systems to detect and hack CtOS devices or is able to do so independently. It’s very possible that the Profiler uses some sort of backdoor access or vulnerability built into CtOS connected devices, because of its ability to hack arbitrary devices like phones and computers. To find vulnerable CtOS devices, the Profiler would need to have the technology to map out devices within range, then be able to detect software and device type on the fly. This could work something like a typical vulnerability scanner like Nessus; however more focussed. The Profiler then could display all in range devices with their controls, fast enough to use in the heat of battle. To allow camera chaining to work, the mapping tech would also need to be extendable through the cameras and their wireless technology.
The Profiler also contains the ability to identify citizens and display their personal information. According to the gameplay, this data comes from the CtOS Control Centres around Chicago. It’s not clearly stated in game how exactly the Profiler knows who and where users are. Aiden does not appear to use the camera to take advantage of CtOS’ facial recognition technology. However, there is the possibility that CtOS keeps track of all citizens’ movements. This is backed up by the Watch_Dogs creative director Jonathan Morins during an early interview, making it the most likely scenario. Mr Morins specifically mentions mobile phones being used for tracking. In reality, mobile phone infrastructure makes it difficult or impossible to get an accurate position. Using the GPS would be necessary to get this information. This could be done using modified baseband software. The baseband processor and its software controls the part of the mobile phone that connects to the network and is independent of the rest of the phones control. The baseband often has access to the rest of the mobile phone’s hardware and can control it. The baseband is not accessible by users and is in fact illegal to modify. Attackers could push down baseband updates over the network or pre-modify phones sold in Chicago to ensure all phones are under control. By using modified baseband software, CtOS operators could use this to get coordinates of every citizen in the city. It’s very possible that this is how CtOS is able to keep track of people, to which the Profiler uses to identify the citizens and display their information to Aiden. With that information, the Profile is very powerful.
From examining the CtOS infrastructure and the Profiler, it becomes pretty clear that both are very well engineered pieces of technology. Turning exploits into a weapon usable in the field is a particularly novel concept, albeit very powerful. Considering CtOS, there’s definitely the possibility of similar technology making its way into a real life city. If that does happen, let’s hope it doesn’t contain quite so many vulnerabilities.
If you have any better explanations or found an issue, feel free to add a comment.