Anyone who had a cheap set of computer speakers in the early 2000s has heard it – the rhythmic dit-da-dit-dit of a GSM phone pinging a cell tower once an hour or so. [153armstrong] has a write up on how to capture this on your computer.
It’s incredibly simple to do – simply plug in a set of headphone to the sound card’s microphone jack, leave a mobile phone nearby, hit record, and wait. The headphone wire acts as an antenna, and when the phone transmits, it induces a current in the wire, which is picked up by the soundcard.
[153armstrong] notes that their setup only seems to pick up signals from 2G phones, likely using GSM. It doesn’t seem to pick up anything from 3G or 4G phones. We’d wager this is due to the difference in the way different cellular technologies transmit – let us know what you think in the comments.
This system is useful as a way to detect a transmitting phone at close range, however due to the limited bandwidth of a computer soundcard, it is in no way capable of actually decoding the transmissions. As far as other experiments go, why not use your soundcard to detect lightning?
It was but two weeks ago when I told my story of woe — the tale of an LG Nexus 5X that fell ill, seemingly due to a manufacturing fault at birth. I managed to disassemble it and made my way through a semi-successful attempt at repair, relying on a freezer and hairdryer to coax it back to life long enough to backup my data. Try as I might, however, I simply couldn’t get the phone running for more than ten minutes at a time.
All was not in vain, however! I was rewarded for documenting my struggles with the vast experience and knowledge of the wider Internet: “Hairdryers don’t get as hot as heatguns!”
It turned out I had just assumed that two similar devices, both relying on a hot bit of metal and a fan as their primary components, must be virtually identical if rated at a similar power draw. I was wrong! Apparently the average hairdryer stays well cooler than 150 degrees Celsius to avoid melting one’s silky locks or burning the skin. I even learned that apparently, wet hair melts at a lower temperature than dry hair. Who knew?
Armed with this knowledge, I rushed out and bought the cheapest heat gun I could find — around $50. Rated up to 600 degrees C, this was definitely going to be hotter than the hairdryer. With the prevailing opinion being that I had not applied enough heat in general, I decided to also increase the heating period to 90 seconds, up from a quick 30 second pass originally.
Continue reading “Fix-A-Brick 2: Nexus 5X Rises From the Ashes”
As the devices with which we surround ourselves become ever more connected to the rest of the world, a lot more thought is being given to their security with respect to the internet. It’s important to remember though that this is not the only possible attack vector through which they could be compromised. All devices that incorporate sensors or indicators have the potential to be exploited in some way, whether that is as simple as sniffing the data stream expressed through a flashing LED, or a more complex attack.
Researchers at the University of Michigan and the University of South Carolina have demonstrated a successful attack against MEMS accelerometers such as you might find in a smartphone. They are using carefully crafted sound waves, and can replicate at will any output the device should be capable of returning.
MEMS accelerometers have a microscopic sprung weight with protruding plates that form part of a set of capacitors. The displacement of the weight due to acceleration is measured by looking at the difference between the capacitance on either side of the plates.
The team describe their work in the video we’ve put below the break, though frustratingly they don’t go into quite enough detail other than mentioning anti-aliasing. We suspect that they vibrate the weight such that it matches the sampling frequency of the sensor, and constantly registers a reading at a point on its travel they can dial in through the phase of their applied sound. They demonstrate interference with a model car controlled by a smartphone, and spurious steps added to a Fitbit. The whole thing is enough for the New York Times to worry about hacking a phone with sound waves, which is rather a predictable overreaction that is not shared by the researchers themselves.
Continue reading “This WAV File Can Confuse Your Fitbit”
Most people hate unsolicited calls, and it’s worse in the dead of night when we’re all trying to sleep. Smartphones are easy to configure to block nuisance calls, but what if you need a solution for your Plain Old Telephone System (POTS)? [Molecular Descriptor] has built a system to invisibly stop landline phones ringing after hours.
The basic principle relies on an analog circuit that detects the AC ringing signal from the phone network, and then switches in an impedance to make the phone company think the phone has been picked up. The circuit is able to operate solely on the voltage from the phone line itself, thanks to the use of the LM2936 – a regulator with an ultra-low quiescent current. It’s important if you’re going to place a load on the phone line that it be as miniscule as possible, otherwise you’ll have phone company technicians snooping around your house in short order wondering what’s going on.
The aforementioned circuitry is just to block the phone line. To enable the system to only work at night, more sophistication was needed. An Arduino Mega was used to program an advanced RTC with two alarm outputs, and then disconnected. The RTC is then connected to a flip-flop which connects the blocking circuit only during the requisite “quiet” hours programmed by the Arduino. The RTC / flip-flop combination is an elegant way of allowing the circuit to remain solely powered by the phone line in use, as they use far less power when properly configured than a full-blown microcontroller.
It’s a cool project, with perhaps the only pitfall being that telecommunications companies aren’t always cool with hackers attaching their latest homebrewed creations to the network. Your mileage may vary. For more old-school telephony goodness, check out this home PBX rig.
Despite the implementation of the National Do Not Call Registry in the US (and similar programs in other countries), many robocallers still manage to get around the system. Whether they’re operating outside the law somehow (or they simply don’t care about it) there are some ways you can take action to keep these annoying calls from coming through. [Alex] is among those to take matters into his own hands and built a specialty robocall-blocking device.
Based on a Raspberry Pi, the “Banana Phone” is able to intercept incoming calls on standard land lines or VoIP phones. After playing a short message, the caller is asked to input a four-digit code. Once the code is correctly entered, the caller is presumed to be human, added to a whitelist, and then the Pi passes them on to the recipient. There are, however, some legitimate robocallers such as emergency services regarding natural disasters or utility companies regarding outages. For these there is a global whitelist that the Pi checks against and forwards these robocalls on to the recipient automatically.
This project was originally an entry into a contest that the Federal Trade Commission put on a few years ago for ideas about how to defend against robocalls. We covered it back then, but now there are full build instructions. Even though the contest is long over, the Banana Phone is still in active development so if you have a spare Pi lying around you can still set this up yourself. There are some other interesting ways to defend against robocalls as well, like including the “line disconnected” tone in your voicemail, for example.
If you want to eavesdrop on GSM phone conversations or data, it pays to have deep pockets, because you’re going to need to listen to a wide frequency range. Or, you can just use two cheap RTL-SDR units and some clever syncing software. [Piotr Krysik] presented his work on budget GSM hacking at Camp++ in August 2016, and the video of the presentation just came online now (embedded below). The punchline is a method of listening to both the uplink and downlink channels for a pittance.
[Piotr] knows his GSM phone tech, studying it by day and hacking on a GnuRadio GSM decoder by night. His presentation bears this out, and is a great overview of GSM hacking from 2007 to the present. The impetus for Multi-RTL comes out of this work as well. Although it was possible to hack into a cheap phone or use a single RTL-SDR to receive GSM signals, eavesdropping on both the uplink and downlink channels was still out of reach, because it required more bandwidth than the cheap RTL-SDR had. More like the bandwidth of two cheap RTL-SDR modules.
Getting two RTL-SDR modules to operate in phase is as easy as desoldering a crystal from one and slaving it to the other. Aligning the two absolutely in time required a very sweet hack. It turns out that the absolute timing is retained after a frequency switch, so both RTL-SDRs switch to the same channel, lock together on a single signal, and then switch back off, one to the uplink frequency and the other to the downlink. Multi-RTL is a GnuRadio source that takes care of this for you. Bam! Hundreds or thousands of dollar’s worth of gear replaced by commodity hardware you can buy anywhere for less than a fancy dinner. That’s a great hack, and a great presentation.
Continue reading “GSM Sniffing on a Budget with Multi-RTL”
There are several open source phones out there these days, but all of them have a downside. Hard to obtain parts, hard to solder, or difficult programming systems abound. [Arsenijs] is looking to change all that with ZeroPhone. ZeroPhone is based upon the popular Raspberry Pi Zero. The $5 price tag of the CPU module means that you can build this entire phone for around $50 USD.
The radio module in the ZeroPhone is the well known SIM800L 2G module. 2G is going away or gone in many places, so [Arsenijs] is already researching more modern devices. An ESP8266 serves as the WiFi module with an OLED screen and code in python round out this phone. Sure, it’s not a fancy graphical touchscreen, but a full desktop is just a matter of connecting a display, mouse, and keyboard.
For the security conscious, the ZeroPhone provides a unique level of control. Since this is a Raspberry Pi running Linux, you choose which modules are included in the kernel, and which software is loaded in the filesystem. And with news that we may soon have a blobless Pi, the firmware hiding in the radio modules are the only black boxes still remaining.
If a Raspberry Pi is a bit too much for you to bite off, check out this Arduino based phone. Don’t want to do any soldering? Check out what you can do with a cheap Android phone and a bit of hacking.