Stealth Cell Tower Inside This Office Printer Calls to Say I Love You

If you look around the street furniture of your city, you may notice some ingenious attempts to disguise cell towers. There are fake trees, lamp posts with bulges, and plenty you won’t even be aware of concealed within commercial signage. The same people who are often the first to complain when they have no signal it seems do not want to be reminded how that signal reaches them. On a more sinister note, government agencies have been known to make use of fake cell towers of a different kind, those which impersonate legitimate towers in order to track and intercept communications.

In investigating the phenomenon of fake cells, [Julian Oliver] has brought together both strands by creating a fake cell tower hidden within an innocuous office printer. It catches the phones it finds within its range, and sends them a series of text messages that appear to be from someone the phone’s owner might know. It then prints out a transcript of the resulting text conversation along with all the identifying information it can harvest from the phone. As a prank it also periodically calls phones connected to it and plays them the Stevie Wonder classic I Just Called To Say I Love You.

In hardware terms the printer has been fitted with a Raspberry Pi 3, a BladeRF software-defined transceiver, and a pair of omnidirectional antennas which are concealed behind the toner cartridge hatch. Software comes via  YateBTS, and [Julian] provides a significant amount of information about its configuration as well as a set of compiled binaries.

In one sense this project is a fun prank, yet on the other hand it demonstrates how accessible the technology now is to impersonate a cell tower and hijack passing phones. We’re afraid to speculate though as to the length of custodial sentence you might receive were you to be caught using one as a private individual.

We’ve considered the Stingray cell phone trackers before here at Hackaday, as well as looking at a couple of possible counter-measures. An app that uses a database of known towers to spot fakes, as well as a solution that relies on an SDR receiver to gather cell tower data from a neighbourhood.

[via Hacker News]

Li-Ion Tech Staring Into the Abyss with Note 7 Failure

Unless you’ve been living under a high voltage transformer, you’ve heard about the potential for Samsung’s latest phone, the Note7, to turn into a little pocket grenade without warning. With over 2.5 million devices in existence, it’s creating quite a headache for the company and its consumers.

They quickly tied the problem to faulty Li-ion batteries and started replacing them, while issuing a firmware update to stop charging at 60 percent capacity. But after 5 of the replacement phones caught fire, Samsung killed the Note7 completely. There is now a Total Recall on all Note7 phones and they are no longer for sale.  If you have one, you are to turn it off immediately. And don’t even think about strapping it into a VR headset — Oculus no longer supports it. If needed, Samsung will even send you a fireproof box and safety gloves to return it.

note_01
Every airline has been broadcasting warnings not to power on or charge a Note 7 on a plane. Image Source: CNET

It should be noted that the problem only affects 0.01% of the phones out there, so they’re not exactly going to set the world on fire. However, it has generated yet another discussion about the safety of Li-ion battery technology.

It was just a few months ago we all heard about those hoverboards that would catch fire. Those questionably-engineered (and poorly-named) toys used Li-ion batteries as well, and they were the source of the fire problem. In the wake of this you would think all companies manufacturing products with Li-ion batteries in them would be extra careful. And Samsung is no upstart in the electronics industry — this should be a solved problem for them.

Why has this happened? What is the deal with Li-ion batteries? Join me after the break to answer these questions.

Continue reading “Li-Ion Tech Staring Into the Abyss with Note 7 Failure”

Bunnie and Snowden Explore iPhone’s Hackability

[Bunnie Huang] and [Edward Snowden] have teamed up to publish a paper exploring the possibility of introspection on the iPhone.

A rendering of the proposed introspection device attached to an iPhone6
A rendering of the proposed introspection device attached to an iPhone6

The idea is that phones are increasingly complex and potentially vulnerable to all kinds of digital surveillance. Even airplane mode is insufficient for knowing that your phone isn’t somehow transmitting information. The paper looks at the various radios on the iPhone, going so far as opening up the device and reading signals at each of the chips for cell, WiFi, Bluetooth, GPS, and NFC to determine whether the chip itself is doing anything, regardless of what the screen says. This introspection can then be used to be confident that the phone is not communicating when it shouldn’t be.

The paper goes on to propose a device that they will prototype in the coming year which uses an FPC that goes into the phone through the SIM card port. It would contain a battery, display, buttons, multiple SIM cards, and an FPGA to monitor the various buses and chips and report on activity.

Significant hacking of an iPhone will still be required, but the idea is to increase transparency and be certain that your device is only doing what you want it to.

Upgrading an Old Camera with a New Light Meter

[Marc] has an old Voigtländer Vito CLR film camera. The camera originally came with an analog light meter built-in. The meter consisted of a type of solar panel hooked up to a coil and a needle. As more light reached the solar panel, the coil became energized more and more, which moved the needle farther and farther. It was a simple way of doing things, but it has a down side. The photo panels stop working over time. That’s why [Marc] decided to build a custom light meter using newer technology.

[Marc] had to work within the confines of the tiny space inside of the camera. He chose to use a LM3914 bar display driver IC as the primary component. This chip can sense an input voltage against a reference voltage and then display the result by illuminating a single LED from a row of ten LEDs.

[Marc] used a photo cell from an old calculator to detect the ambient light. This acts as a current source, but he needed a voltage source. He designed a transimpedence amplifier into his circuit to convert the current into a voltage. The circuit is powered with two 3V coil cell batteries, regulated to 5V. The 5V acts as his reference voltage for the display driver. With that in mind, [Marc] had to amplify this signal further.

It didn’t end there, though. [Marc] discovered that when sampling natural light, the system worked as intended. When he sampled light from incandescent light bulbs, he did not get the expected output. This turned out to be caused by the fact that incandescent lights flicker at a rate of 50/60 Hz. His sensor was picking this up and the sinusoidal output was causing problems in his circuit. He remedied this by adding two filtering capacitors.

The whole circuit fits on a tiny PCB that slides right into position where the original light meter used to be. It’s impressive how perfectly it fits considering everything that is happening in this circuit.

[Thanks Mojay]

Fixing a Toyota Camry Hybrid Battery for Under Ten Dollars

[scoodidabop] is the happy new owner of a pre-owned Toyota Camry hybrid. Well at least he was up until his dashboard lit up like a Christmas tree. He did some Google research to figure out what all of the warning lights meant, but all roads pointed to taking his car into the dealer. After some diagnostics, the Toyota dealer hit [scoodidabop] with some bad news. He needed a new battery for his car, and he was going to have to pay almost $4,500 for it. Unfortunately the car had passed the manufacturer’s mileage warranty, so he was going to have to pay for it out-of-pocket.

[scoodidabop] is an electrician, so he’s obviously no stranger to electrical circuits. He had previously read about faulty Prius batteries, and how a single cell could cause a problem with the whole battery. [scoodidabop] figured it was worth testing this theory on his own battery since replacing a single cell would be much less expensive than buying an entire battery.

He removed the battery from his car, taking extra care not to electrocute himself. The cells were connected together using copper strips, so these were first removed. Then [scoodidabop] tested each cell individually with a volt meter. Every cell read a voltage within the normal range. Next he hooked up each cell to a coil of copper magnet wire. This placed a temporary load on the cell and [scoodidabop] could check the voltage drop to ensure the cells were not bad. Still, every cell tested just fine. So what was the problem?

[scoodidabop] noticed that the copper strips connecting the cells together were very corroded. He thought that perhaps this could be causing the issue. Having nothing to lose, he soaked each and every strip in vinegar. He then wiped down each strip with some steel wool and placed them into a baking soda bath to neutralize the vinegar. After an hour of this, he reassembled the battery and re-installed it into his car.

It was the moment of truth. [scoodidabop] started up his car and waited for the barrage of warning lights. They never came. The car was running perfectly. It turned out that the corroded connectors were preventing the car from being able to draw enough current. Simply cleaning them off with under $10 worth of supplies fixed the whole problem. Hopefully others can learn from this and save some of their own hard-earned money.

A Description of Maddening Battery Terminology

Once again, [Afroman] is here for you, this time breaking down electrolyte and the terminology behind batteries.

Volts and Amps are easy mode, but what about Amp hours? They’re not coulombs per second hours, because that wouldn’t make any sense. An Amp hour is a completely different unit podcast, where a 1Ah battery can supply one amp for one hour, or two amps for 30 minutes, or 500 mA for two hours.

Okay, what if you take two batteries and put them in series? That would double the voltage, but have the same Ah rating as a single cell. Does this mean there is the same amount of energy in two batteries as what is found in a single cell? No, so we need a new unit: the Watt hour. That’s Volts times Amp hours, or more incorrectly, one joule per second hour.

Now it’s a question of the number of cells in a battery. What’s the terminology for the number of cells? S. If there are three cells in a battery, that battery has a 3S rating. You would think that C would be the best letter of the alphabet to use for this metric, but C is entirely different. Nothing here makes any sense at all.

What is C? That’s related to the number of amps a battery can discharge safely. If a 20C battery can discharge 2200mAh, it can deliver a maximum current of 44 A, with 20C times 2.2Ah being 44A.

So there you go. A complete description of something you can’t use logic and inference to reason through. Video below.

Continue reading “A Description of Maddening Battery Terminology”

PSP Lithium Hack Could Be Called the Franken-Cell

You assume that you’ll be able to get parts forever… after all: The Internet. But what if you can’t justify paying the price for them? [Cristi C.] was in this situation, not wanting to fork over $30+ for a replacement PSP battery. The handheld gaming rig itself was just discontinued this year but supposedly the batteries have been out of production for some time. What you see above is the controller board from an original battery, with the cell from a camera battery.

The key is protection. The chemistry in Lithium cells of several types brings a working voltage of around 3.7V. Swapping the cells — even if they are different capacities — should work as protection circuits generally measure current, voltage, and sometimes temperature as they charge in order to know when the cell is full. With this in mind [Christi] cracked open a used Canon NB-6L type battery and grabbed the prismatic cell as a replacement for the pouch cell in the Sony S110 case (PDF). The Canon cell is enclosed in a metal case and is just a bit smaller than the pouch was. This means with careful work it fit back inside the original plastic enclosure.

On a somewhat related note, be careful when sourcing brand-x batteries. Some manufacturers implement checks for OEM equipment but there are ways around that.