Automatic Phone Dialer Illuminates Inner Workings

The invention of the transistor ushered in a lot of technologies that we now take for granted, and one of the less-thought-about areas that it improved living conditions worldwide was by making the touch-tone phone possible. No longer would the world have to fuss with dials to make phone calls, they could simply push some buttons. This technology is still in use today, and it is possible to build external phone dialers that use these tones to make phone calls, as [SunFounder] demonstrates with his latest project.

The tones that a phone makes when a button is pressed correlate with specific frequencies for each number. Automatic dialers like this one help when there are multiple carriers (like different long-distance carriers, for example) where different prefixes can be used to make calls cheaper depending on the destination of the call. A preprogrammed dialer can take all of this complication out of making phone calls. [SunFounder] is able to make a simple dialer from scratch, using an Arduino, its “tone” library, and a speaker that is simply held up to the phone that the call will be placed on.

[SunFounder] points out that he built this more because he’s interested in the inner workings of phones, and not because he needed a purpose-built dialer. It’s a good demonstration of how phones continue to use DTMF though, and how easy it is to interface with such a system. It might also suit a beginner as an introduction to the world of phreaking.

Detecting Mobile Phone Transmissions With a Sound Card

Anyone who had a cheap set of computer speakers in the early 2000s has heard it – the rhythmic dit-da-dit-dit of a GSM phone pinging a cell tower once an hour or so. [153armstrong] has a write up on how to capture this on your computer. 

It’s incredibly simple to do – simply plug in a set of headphone to the sound card’s microphone jack, leave a mobile phone nearby, hit record, and wait. The headphone wire acts as an antenna, and when the phone transmits, it induces a current in the wire, which is picked up by the soundcard.

[153armstrong] notes that their setup only seems to pick up signals from 2G phones, likely using GSM. It doesn’t seem to pick up anything from 3G or 4G phones. We’d wager this is due to the difference in the way different cellular technologies transmit – let us know what you think in the comments.

This system is useful as a way to detect a transmitting phone at close range, however due to the limited bandwidth of a computer soundcard, it is in no way capable of actually decoding the transmissions. As far as other experiments go, why not use your soundcard to detect lightning?

Fix-A-Brick 2: Nexus 5X Rises From the Ashes

It was but two weeks ago when I told my story of woe —  the tale of an LG Nexus 5X that fell ill, seemingly due to a manufacturing fault at birth. I managed to disassemble it and made my way through a semi-successful attempt at repair, relying on a freezer and hairdryer to coax it back to life long enough to backup my data. Try as I might, however, I simply couldn’t get the phone running for more than ten minutes at a time.

All was not in vain, however! I was rewarded for documenting my struggles with the vast experience and knowledge of the wider Internet: “Hairdryers don’t get as hot as heatguns!”

It turned out I had just assumed that two similar devices, both relying on a hot bit of metal and a fan as their primary components, must be virtually identical if rated at a similar power draw. I was wrong! Apparently the average hairdryer stays well cooler than 150 degrees Celsius to avoid melting one’s silky locks or burning the skin. I even learned that apparently, wet hair melts at a lower temperature than dry hair. Who knew?

Armed with this knowledge, I rushed out and bought the cheapest heat gun I could find — around $50. Rated up to 600 degrees C, this was definitely going to be hotter than the hairdryer. With the prevailing opinion being that I had not applied enough heat in general, I decided to also increase the heating period to 90 seconds, up from a quick 30 second pass originally.

Continue reading “Fix-A-Brick 2: Nexus 5X Rises From the Ashes”

This WAV File Can Confuse Your Fitbit

As the devices with which we surround ourselves become ever more connected to the rest of the world, a lot more thought is being given to their security with respect to the internet. It’s important to remember though that this is not the only possible attack vector through which they could be compromised. All devices that incorporate sensors or indicators have the potential to be exploited in some way, whether that is as simple as sniffing the data stream expressed through a flashing LED, or a more complex attack.

Researchers at the University of Michigan and the University of South Carolina have demonstrated a successful attack against MEMS accelerometers such as you might find in a smartphone. They are using carefully crafted sound waves, and can replicate at will any output the device should be capable of returning.

MEMS accelerometers have a microscopic sprung weight with protruding plates that form part of a set of capacitors. The displacement of the weight due to acceleration is measured by looking at the difference between the capacitance on either side of the plates.

The team describe their work in the video we’ve put below the break, though frustratingly they don’t go into quite enough detail other than mentioning anti-aliasing. We suspect that they vibrate the weight such that it matches the sampling frequency of the sensor, and constantly registers a reading at a point on its travel they can dial in through the phase of their applied sound. They demonstrate interference with a model car controlled by a smartphone, and spurious steps added to a Fitbit. The whole thing is enough for the New York Times to worry about hacking a phone with sound waves, which is rather a predictable overreaction that is not shared by the researchers themselves.

Continue reading “This WAV File Can Confuse Your Fitbit”

Hush Those Old-Fashioned Phones

Most people hate unsolicited calls, and it’s worse in the dead of night when we’re all trying to sleep. Smartphones are easy to configure to block nuisance calls, but what if you need a solution for your Plain Old Telephone System (POTS)? [Molecular Descriptor] has built a system to invisibly stop landline phones ringing after hours.

The basic principle relies on an analog circuit that detects the AC ringing signal from the phone network, and then switches in an impedance to make the phone company think the phone has been picked up. The circuit is able to operate solely on the voltage from the phone line itself, thanks to the use of the LM2936 – a regulator with an ultra-low quiescent current. It’s important if you’re going to place a load on the phone line that it be as miniscule as possible, otherwise you’ll have phone company technicians snooping around your house in short order wondering what’s going on.

The aforementioned circuitry is just to block the phone line. To enable the system to only work at night, more sophistication was needed. An Arduino Mega was used to program an advanced RTC with two alarm outputs, and then disconnected. The RTC is then connected to a flip-flop which connects the blocking circuit only during the requisite “quiet” hours programmed by the Arduino. The RTC / flip-flop combination is an elegant way of allowing the circuit to remain solely powered by the phone line in use, as they use far less power when properly configured than a full-blown microcontroller.

It’s a cool project, with perhaps the only pitfall being that telecommunications companies aren’t always cool with hackers attaching their latest homebrewed creations to the network. Your mileage may vary. For more old-school telephony goodness, check out this home PBX rig.

Banana Phone Blocks Robocalls

Despite the implementation of the National Do Not Call Registry in the US (and similar programs in other countries), many robocallers still manage to get around the system. Whether they’re operating outside the law somehow (or they simply don’t care about it) there are some ways you can take action to keep these annoying calls from coming through. [Alex] is among those to take matters into his own hands and built a specialty robocall-blocking device.

Based on a Raspberry Pi, the “Banana Phone” is able to intercept incoming calls on standard land lines or VoIP phones. After playing a short message, the caller is asked to input a four-digit code. Once the code is correctly entered, the caller is presumed to be human, added to a whitelist, and then the Pi passes them on to the recipient. There are, however, some legitimate robocallers such as emergency services regarding natural disasters or utility companies regarding outages. For these there is a global whitelist that the Pi checks against and forwards these robocalls on to the recipient automatically.

This project was originally an entry into a contest that the Federal Trade Commission put on a few years ago for ideas about how to defend against robocalls. We covered it back then, but now there are full build instructions. Even though the contest is long over, the Banana Phone is still in active development so if you have a spare Pi lying around you can still set this up yourself. There are some other interesting ways to defend against robocalls as well, like including the “line disconnected” tone in your voicemail, for example.

GSM Sniffing on a Budget with Multi-RTL

If you want to eavesdrop on GSM phone conversations or data, it pays to have deep pockets, because you’re going to need to listen to a wide frequency range. Or, you can just use two cheap RTL-SDR units and some clever syncing software. [Piotr Krysik] presented his work on budget GSM hacking at Camp++ in August 2016, and the video of the presentation just came online now (embedded below). The punchline is a method of listening to both the uplink and downlink channels for a pittance.

[Piotr] knows his GSM phone tech, studying it by day and hacking on a GnuRadio GSM decoder by night. His presentation bears this out, and is a great overview of GSM hacking from 2007 to the present. The impetus for Multi-RTL comes out of this work as well. Although it was possible to hack into a cheap phone or use a single RTL-SDR to receive GSM signals, eavesdropping on both the uplink and downlink channels was still out of reach, because it required more bandwidth than the cheap RTL-SDR had. More like the bandwidth of two cheap RTL-SDR modules.

Getting two RTL-SDR modules to operate in phase is as easy as desoldering a crystal from one and slaving it to the other. Aligning the two absolutely in time required a very sweet hack. It turns out that the absolute timing is retained after a frequency switch, so both RTL-SDRs switch to the same channel, lock together on a single signal, and then switch back off, one to the uplink frequency and the other to the downlink. Multi-RTL is a GnuRadio source that takes care of this for you. Bam! Hundreds or thousands of dollar’s worth of gear replaced by commodity hardware you can buy anywhere for less than a fancy dinner. That’s a great hack, and a great presentation.
Continue reading “GSM Sniffing on a Budget with Multi-RTL”