GSM IMSI catchers preyed on a cryptographic misstep in the GSM protocol. But we have LTE now, why worry? No one has an LTE IMSI catcher, right? Wrong. [Domi] is here with a software-defined base transceiver station that will catch your IMSI faster than you can say “stingray” (YouTube video, embedded below).
First of all, what is an IMSI? IMSI stands for International Mobile Subscriber Identity. If an IMEI (International Mobile Equipment Identity) is your license plate, your IMSI would be your driver’s license. The IMEI is specific to the phone. Your IMSI is used to identify you, allowing phone companies to verify your origin country and mobile network subscription.
Now, with terminology in tow, how does [Domi] steal your IMSI? Four words: Tracking Area Update Request. When a phone on an LTE network received a tracking area request, the LTE protocol mandates that the phone deletes all of its authentication information before it can reconnect to a base station. With authentication out of the way [Domi] spoofs a tower, waits for phones to connect, requests the phone’s IMSI and then rejects the phones authentication request, all under the nose of the phone’s user.
For a Hackaday Prize entry, [TegwynTwmffat] is building a cell phone signal repeater. This sort of device is commercially available, but the options are either expensive or, as with some units available for $30 on DealExtreme, obviously noncompliant with RF regulations. This project intends to create a cost-effective, hackable device that works properly and conforms to the right regulations.
The core of this system is a LimeSDR transceiver. This is a board we’ve seen before, and it has a few interesting features. Basically, the core of the LimeSDR is a programmable RF transceiver with coverage from 100kHz to 3.8GHz. There’s also on-chip signal processing and USB 3.0 bandwidth to get the signals to and from a computer.
Right now, [TegwynTwmffat]’s focus is getting his LimeSDR up and working and figuring out how to set up a few radio blocks to do what is needed. There’s a great update to the project that showcases Pothos, and so far [Tegwyn] has a full-duplex repeater working. This is great work, and really showcases the capabilities of what software-defined radio can do.
Poke around enough on AliExpress, Alibaba, and especially Taobao—the Chinese facing site that’s increasingly being used by Westerners to find hard to source parts—and you’ll come across some interesting things. The Long-CZ J8 is one of those, it’s 2.67 inch long and weighs just 0.63 ounces, and it’s built in the form factor of a Bluetooth headset.
A couple of months ago Cory Doctorow highlighted this tiny phone, he’d picked up on it because of the marketing. The lozenge-shaped phone was being explicitly marketed that it could “beat the boss”. The boss in question here being the B.O.S.S chair—a scanning technology that has been widely deployed across prisons in the U.K. in an attempt to put a halt to smuggling of mobile phones to inmates.
I wasn’t particularly interested in whether it could make it through a body scanner, or the built-in voice changer which was another clue as to the target market for the phone. However just the size of the thing was intriguing enough that I thought I’d pick one up and take a look inside. So I ordered one from Amazon.
We’re not sure if this is art, anti-snooping guerilla warfare, or just a cheeky hack, but we do know that we like it! [Jasper van Loenen]’s Linger keeps the SSIDs that your cell phone (for example) spits out whenever it’s not connected to a WiFi network, and replays them after you’re gone.
Some retail stores and other shady characters use MAC addresses and/or the unique collection of SSIDs that your phone submits in probe requests to fingerprint you and track your movement, either through their particular store or across stores that share a tracking provider. Did you know that you were buying into this when you enabled “location services”? Did the tracking firms ask you if that was ok? Of course not. What are you going to do about it?
Linger replays the probe requests of people who have already moved on, making it appear to these systems as if nobody ever leaves. Under the hood, it’s a Raspberry Pi Zero, two WiFi dongles, and some simple Python software that stores probe requests in a database. There’s also a seven-segment display to indicate how many different probe-request profiles Linger has seen. We’re not sure the price point on this device is quite down to “throwie” level, but we’d love to see some of these installed in the local mall. Continue reading “Linger Keeps You Around After You’ve Gone”→
Upgrading RAM in the average computer is a relatively trivial task. Pop the case open, and you slide the new sticks into the extra slots. It’s not the same case for smartphones and tablets — in the endless quest for the slimmest form factor, all parts are permanently soldered. In addition, every device is essentially bespoke hardware; there’s no single overarching hardware standard for RAM in portable devices. You could find yourself searching high and low for the right chips, and if you do track them down, the minimum order quantity may very well be in the thousands.
Unless, of course, you had access to the Shenzhen markets where it’s possible to buy sample quantities of almost anything. Given access to the right parts, and the ability to solder BGA packages, it’s a simple enough job to swap a bigger RAM chip on top of the CPU during the repair.
[RoyTecTips] shows us an ingenious hack which turns a single-SIM-slot phone into a fully functioning dual-SIM phone. All that’s needed for this hack is a heat-gun, solvent, micro SD card, nano SIM and some glue. The trick is that the phone has a SIM reader on the backside of an SD-card slot. Through some detailed dissection and reconstruction work, you can piggy-back the SIM on the SD card and have them both work at the same time.
Making the SD/SIM Franken-card is no picnic. First you start by filing away the raised bottom edge of the micro SD card and file down the side until the writing is no longer visible. Next get a heat gun and blast your nano SIM card until the plastic melts away. Then mark where the SIM card’s brains go and glue it on. Turn the phone on then, hey presto, you now have a dual SIM phone while keeping your SD storage.
This hack is reported to work on many Samsung phones that end in “7” and some that end in “5”, along with some 8-series phones from Huawei and Oppo clones of the Samsungs. Since you’re only modifying the SIM card, it’s a fairly low-risk hack for a phone. Combining two cards into one is certainly a neat trick, almost as neat as shoe-horning a microcontroller into an SD card. We wonder how long it will be before we see commercial dual SIM/SD cards on the market.
[Update] I got a little confused on this one as we only have the single sim variants of these phones where I live. this hack is for dual sim phones that either accept 2 sim cards or 1 sim + 1 SD card. This hack solves this problem and allows 2 sims plus 1 SD card in these phones. Sorry for the confusion and thanks to all who pointed this out in the comments.
There’s something to be said for economies of scale and few things sell more than cell phones. Maybe that’s why [NODE] took inspiration from an iPhone slide out keyboard case to create this Pi Zero W-based portable terminal. This is actually his third iteration, and in the video below he explains why he has built the new version.
By housing the custom bits in a 3D-printed frame that is size compatible with the iPhone, [NODE] manages to leverage the slick slide out keyboard cases available for the phone. The iPhone in question is an older iPhone 5, so the cases are inexpensive, compared to the latest generation. On the other hand, the iPhone 5 is recent enough that it shouldn’t be hard to find a compatible case.
The circuitry itself is pretty straightforward: a battery, a charge controller, and an LCD display. The only complaint we could see was the lack of a control key on the keyboard.