Bunnie and Snowden Explore iPhone’s Hackability

[Bunnie Huang] and [Edward Snowden] have teamed up to publish a paper exploring the possibility of introspection on the iPhone.

A rendering of the proposed introspection device attached to an iPhone6
A rendering of the proposed introspection device attached to an iPhone6

The idea is that phones are increasingly complex and potentially vulnerable to all kinds of digital surveillance. Even airplane mode is insufficient for knowing that your phone isn’t somehow transmitting information. The paper looks at the various radios on the iPhone, going so far as opening up the device and reading signals at each of the chips for cell, WiFi, Bluetooth, GPS, and NFC to determine whether the chip itself is doing anything, regardless of what the screen says. This introspection can then be used to be confident that the phone is not communicating when it shouldn’t be.

The paper goes on to propose a device that they will prototype in the coming year which uses an FPC that goes into the phone through the SIM card port. It would contain a battery, display, buttons, multiple SIM cards, and an FPGA to monitor the various buses and chips and report on activity.

Significant hacking of an iPhone will still be required, but the idea is to increase transparency and be certain that your device is only doing what you want it to.

Hackaday Prize Entry: MyComm Handheld Satellite Messenger

We live in a connected world, but that world ends not far beyond the outermost cell phone tower. [John Grant] wants to be connected everywhere, even in regions where no mobile network is available, so he is building a solar powered, handheld satellite messenger: The MyComm – his entry for the Hackaday Prize.

The MyComm is a handheld touch-screen device, much like a smartphone, that connects to the Iridium satellite network to send and receive text messages. At the heart of his build, [John] uses a RockBLOCK Mk2 Iridium SatComm Module hooked up to a Teensy 3.1. The firmware is built upon a FreeRTOS port for proper task management. Project contributor [Jack] crafted an intuitive GUI that includes an on-screen keyboard to write, send and receive messages. A micro SD card stores all messages and contact list entries. Eventually, the system will be equipped with a solar cell, charging regulator and LiPo battery for worldwide, unconditional connectivity.

2016 will be an interesting year for the Iridium network since the first satellites for the improved (and backward-compatible) “Iridium NEXT” network are expected to launch soon. At times the 66 Iridium satellites currently covering the entire globe were considered a $5B heap of space junk due to deficiencies in reliability and security. Yet, it’s still there, with maker-friendly modems being available at $250 and pay-per-use rates of about 7 ct/kB (free downstream for SDR-Hackers). Enjoy the video of [Jack] explaining the MyComm user interface:

Continue reading “Hackaday Prize Entry: MyComm Handheld Satellite Messenger”

Free Radio On My Phone

If you have owned Android phones, there’s a reasonable chance that as the kind of person who reads Hackaday you will at some time have rooted one of them, and even applied a new community ROM to it. When you booted the phone into its new environment it’s not impossible you would have been surprised to find your phone now sported an FM radio. How had the ROM seemingly delivered a hardware upgrade?

It’s something your cellphone carrier would probably prefer not to talk about, a significant number of phones have the required hardware to receive FM radio, but lack the software to enable it. The carriers would prefer you to pay for their data to stream your entertainment rather than listen to it for free through a broadcaster. If you are someone capable of upgrading a ROM you can fix that, but every other phone owner is left holding a device they own, but seemingly don’t own.

Across North America there is a group campaigning to do something about this situation. Free Radio On My Phone and their Canadian sister organization are lobbying the phone companies and manufacturers to make the FM radio available, and in the USA at least they have scored some successes.

We have covered numerous attempts to use the DMCA to restrict people’s access to the hardware they own, but this story is a little different. There is no question of intellectual property being involved here, it is simply that the carriers would rather their customers didn’t even know that they had bought an FM radio along with their phone. If this bothers you, thanks to Free Radio On My Phone you can now join with others and find a voice on the matter.

It’s interesting to note that many FM radio chips also support a wider bandwidth than the North American and European 88 to 108MHz or thereabouts. In parts of Asia the broadcast band extends significantly lower than this, and the chipset manufacturers make products to support these frequencies. This opens up the interesting possibility that given a suitable app a cellphone could be used to receive other services on these frequencies. Probably more of a bonus for European radio amateurs with their 70MHz allocation than for North American residents.

Via CBC News. Cellphone image: By Rob Brown [Public domain], via Wikimedia Commons.

DIY Thermal Imaging Smartphone

We wish we had [Karri Palovuori] for a professor! As an exciting project to get incoming freshmen stoked on electrical engineering, he designed a DIY thermal-imaging smartphone that they can build themselves. It’s all built to fit into a sleek wooden case that gives the project its name: KAPULA is Finnish for “a block of wood”.

It’s just incredible how far one can push easily-available modules these days. [Karri] mounts a FLIR Lepton thermal camera, an LPC1768 Cortex M3 ARM micro, a GSM phone module, and a whole bunch of other cool stuff on a DIY-friendly two-sided board. The design uses 10 mil (0.25mm) trace and space, which is totally achievable with home etching methods. Copper wire bits fill up the vias. Did we mention he’s making the students do all this themselves? How awesome is that?

[Karri] expects that the students will tweak the software side of things. With additional onboard goodies like an accelerometer, microphone, speaker, SIM card, and USB, it’s not likely that they’ll get bored with the platform. He has a stretch hope that someone will take the hardware and modify it. That’s ambitious for sure, but it’s so cool that someone could.

We’ve seen some sophisticated DIY cellphones before, but this one rises above by being easily DIYable and including awesome extra features. Order parts now, and start etching. You could be sending thermal-photo tweets inside of just a few days.

Snooping on SIM Cards

[Nils Pipenbrinck] has been working on a very interesting problem. The SIM card in your cellphone talks to the contactless near-field communication (NFC) chip through a cool protocol that we’d never hear of until reading his blog: single wire protocol (SWP).

The SIM card in your cellphone has only a limited number of physical connections — and by the time NFC technology came on the scene all but one of them was in use. But the NFC controller and the SIM need full-duplex communications. So the SWP works bi-directionally on just one wire; one device modulates the voltage on the line, while the other modulates the current, essentially by switching a load in and out.

This signalling protocol makes snooping on this data line tricky. So to start off his explorations with SWP, [Nils] built his own transceiver. That lead [Nils] to some very sensitive analog sniffer circuit design that he’s just come up with.

If you get interested in SWP, you’ll find the slides from this fantastic presentation (PDF) helpful, and they propose a solution very similar to the one that [Nils] ended up implementing. That’s not taking anything away from [Nils]’s amazing work: with tricky high-speed analog circuitry like this, the implementation can be more than half of the battle! And we’ll surely be following [Nils]’s blog to see where he takes this.

Banner image: An old version and a new version of the transceiver prototype.

Thanks to [Tim Riemann] for the tip!

SprayPrinter Paints Your Wall, One Pixel At A Time

SprayPrinter is a neat idea. You download a cellphone app, point the camera at a wall, and sweep the wall with a spray can fitted with a (Bluetooth? WiFi?) remote-controlled valve. The phone knows where the nozzle is, and sprays a dot whenever it needs to “paint” the picture of your choosing on the wall.

sprayprinter-estonia-designboom-002-818x500While we’re not sure that we have the patience to paint our walls this way, it’s a cool effect. But even more, we love the idea of using the cellphone camera for location sensing. Many robotics applications do just this with an overhead camera.

Of course, we’d love more detail about how it’s done, but it’s not hard to guess that it’s either a bit of machine vision in the phone, or simpler still, that the spray-can housing has IR LEDs inside that the phone can lock onto. Indeed, the prototype version of the product shown here does look like it has an LED on the opposite side from the orange nozzle.

It wouldn’t be hard to take this to the next level, by adding enough IR LEDs that the camera in your phone can sense orientation as well as location. Heck, by measuring the distances between LEDs, you could probably even get a rough measure of depth. This could open up the use of different nozzles.

Thanks [Itay] for the tip! Some images courtesy SprayPrinter, via designboom.

 

Crowdfunding Follies: Proof That Ohm’s Law Is Arcane Knowledge

This is a cell phone case that can recharge a cellphone using energy captured from its own radio. It’s been featured on dozens of tech blogs, wowed judges at TechCrunch Disrupt, and it’s a Kickstarter Staff Pick. It’s also proof that nearly everyone in the media who claims any knowledge of technology has no idea behind the foundational properties of technology.

What it is

The Nikola Phone Case from Nikola Labs is a very special phone case for the iPhone 6 and Samsung Galaxy S6. The claims behind this cell phone case state it will recharge your battery by capturing radio energy put out by the cell phone itself. This means capturing RF from the WiFi and cellular transmitters. This captured energy is then converted into something that can recharge the phone, is sent to the USB or Lightning port, and – theoretically – the cycle of electrons turning into photons begins again.

Why it’s crap

Astonishingly, this is not a perpetual motion machine, a device that is completely impractical, or an outright fraud. It’s deceptively correct when it comes to the physics of this device, and as always implementation is everything.

Inside each Nikola Phone Case is a small antenna, boost converter, and circuitry to capture the RF energy coming from the phone. This phone case will actually harvest RF energy, but it will never be able to extend the life of the phone’s battery. Nikola Labs claims their phone case will recover 30% of a battery’s life by harvesting RF energy and using that energy to recharge the phone. However, the energy for this RF energy harvesting scheme comes from the phone itself. The captured energy that would – ideally – end up at a cell phone tower or WiFi router will disappear into this cell phone case. This results in both a dramatic decrease in reception and most likely an increase in power draw due to the phone increasing its transmit power.

To Nikola Labs’ credit, the FAQ on their Kickstarter does address concerns that a phone’s transmitter and antenna may be affected:

The device may change the impedance and overall pattern slightly. We are performing detail characterization of these changes, if any.

Nikola Labs has not performed due diligence on their design. There is a method that will report the RSSI of the cellular radio in an Android phone. Any competent engineer would, upon first seeing this device, figure out if signal strength is affected. This can be done in a few dozen lines of Java. It can be done in under an hour by someone who has never programmed an Android device. Nikola Labs does not provide a comparison of the signal strength of a phone both with and without their case. This is evidence of incompetence, if not malice.

Simply by definition, any device that captures RF energy will ‘shadow’ the transmission. Just like putting a solar panel in front of a flashlight, energy will be captured, but the overall light output of the flashlight and solar panel system will decrease. Nikola Labs has an answer to that:

The device harvests the RF energy around the phone, which is usually absorbed by the hand holding the phone.

It is true that the human body will absorb RF coming out of a phone. WiFi works on the same frequencies as a microwave oven, and defrosting a piece of chicken in a microwave isn’t that much different from grabbing an antenna on a router. Lower powers and different geometries aside, you are right now absorbing microwaves from a WiFi router.

The best way of understanding why simply holding a phone isn’t a very big deal is coming at it from the direction of designing a smart phone. One of the biggest drivers behind the design of a cell phone is how long it will last on a single charge. You can design a phone with a powerful CPU and a huge screen, but the battery won’t last long. Likewise, the engineers that design cell phones will put the antennas in an out of the way place, where they won’t be absorbed by the human body. The Nikola Labs case destroys the engineering decisions inside each cell phone. Think about it; if power was wasted inside a cell phone, wouldn’t engineers at Apple and Samsung work to reduce that waste?

Why everything else is crap, too

There is simply no excuse why hundreds of people would give tens of thousands of dollars to a company that makes outrageous claims with zero evidence. One could attribute this to the public’s severe lack of understanding when dealing with electricity or radio. This, in my opinion, is far too kind.

Nikola Labs’ Kickstarter would not exist without the help of Kickstarter itself and members of the tech media. We first heard of Nikola Labs at TechCrunch Disrupt, where four judges could not find anything wrong with this technology. The presentation at Disrupt went on to be covered by Engadget and a flurry of other tech blogs. Now, dozens of other tech blogs have reported on this Kickstarter, and Kickstarter itself has named it a Staff Pick.

Yes, there are stupid people out there. There are people who will throw money at anything. There are also people who will Barnum up the place sell snake oil to rubes. The fact that Kickstarter would endorse something without a technical assessment defies belief. The only conceivable reason this could be a Staff Pick on Kickstarter is because Kickstarter believes it will be funded, thus earning them a percentage of gross.

This is the end of capitalism, folks. No longer do you need to innovate and make a better mouse trap. All you need to do is convince enough people that you’ve made a better mouse trap.