How To Detect And Find Rogue Cell Towers

Software defined radios are getting better and better all the time. The balaclava-wearing hackers know it, too. From what we saw at HOPE in New York a few weeks ago, we’re just months away from being able to put a femtocell in a desktop computer for under $3,000. In less than a year, evil, bad hackers could be tapping into your cell phone or reading your text message from the comfort of a van parked across the street. You should be scared, even though police departments everywhere and every government agency already has this capability.

These rogue cell sites have various capabilities, from being able to track an individual phone, gather metadata about who you have been calling and for how long, to much more invasive surveillance such as intercepting SMS messages and what websites you’re visiting on your phone. The EFF calls them cell-site simulators, and they’re an incredible violation of privacy. While there was most certinaly several of these devices at DEF CON, I only saw one in a hotel room (you catchin’ what I’m throwin here?).

No matter where the threat comes from, rogue cell towers still exist. Simply knowing they exist isn’t helpful – a proper defence against governments or balaclava wearing hackers requires some sort of detection system.. For the last few months [Eric Escobar] has been working on a simple device that allows anyone to detect when one of these Stingrays or IMSI catchers turns on. With several of these devices connected together, he can even tell where these rogue cell towers are.

A Stingray / cell site simulator detector
A Stingray / cell site simulator detector

Stingrays, IMSI catchers, cell site simulators, and real, legitimate cell towers all broadcast beacons containing information. This information includes the radio channel number, country code, network code, an ID number unique to a large area, and the transmit power. To make detecting rogue cell sites harder, some of this information may change; the transmit power may be reduced if a tech is working on the site, for instance.

To build his rogue-cell-site detector, [Eric] is logging this information to a device consisting of a Raspberry Pi, SIM900 GSM module, an Adafruit GPS module, and a TV-tuner Software Defined Radio dongle. Data received from a cell site is logged to a database along with GPS coordinates. After driving around the neighborhood with his rogue-cell-site detector sitting on his dashboard, [Eric] had a ton of data that included latitude, longitude, received power from a cell tower, and the data from the cell tower. This data was thrown at QGIS, an open source Geographic Information System package, revealing a heatmap with the probable locations of cell towers highlighted in red.

This device really isn’t a tool to detect only rogue cell towers – it finds all cell towers. Differentiating between a rogue and legitimate tower still takes a bit of work. If the heatmap shows a cell site on a fenced-off parcel of land with a big tower, it’s a pretty good bet that cell tower is legit. If, however, the heatmap shows a cell tower showing up on the corner of your street for only a week, that might be cause for alarm.

Future work on this cell site simulator detector will be focused on making it slightly more automatic – three or four of these devices sprinkled around your neighborhood would easily allow you to detect and locate any new cell phone tower. [Eric] might also tackle triangulation of cell sites with an RF-blocking dome with a slit in it revolving around the GSM900 antenna.

Fallout Inspired Cellphone Wristwatch

[Mr. Volt] mentions that some of the commenters on his videos believed that he shouldn’t be making large, retro computer themed communicator watches. He believes they are wrong, naturally we are compelled to agree with him.

thrumbzIn his latest build he has produced a rather well-built and large cell-phone watch. After the untimely death of an Apple II cellphone watch, he decided to up his game and make one that could take more of a beating. The case is 3D printed, which is hard to believe given the good finish. He must have spent a long time sanding the prints. Some wood veneer for looks and aluminum panels for strength complete the assembly.

The electronics are a Teensy and a GSM module. It looks like he places calls by calling the operator since the wrist communicator only has four inputs: a red button, a blue button, and a momentary switch rotary encoder.

The communicator appears to work really smoothly, and it would certainly draw attention to him were he to wear it anywhere other than the Wasteland. Video after the break.

Continue reading “Fallout Inspired Cellphone Wristwatch”

Build Your Own GSM Base Station For Fun And Profit

Over the last few years, news that police, military, and intelligence organizations use portable cellular phone surveillance devices – colloquially known as the ‘Stingray’ – has gotten out, despite their best efforts to keep a lid on the practice. There are legitimate privacy and legal concerns, but there’s also some fun tech in mobile cell-phone stations.

Off-the-shelf Stingray devices cost somewhere between $16,000 and $125,000, far too rich for a poor hacker’s pocketbook. Of course, what the government can do for $100,000, anyone else can do for five hundred. Here’s how you build your own Stingray using off the shelf hardware.

[Simone] has been playing around with a brand new BladeRF x40, a USB 3.0 software defined radio that operates in full duplex. It costs $420. This, combined with two rubber duck antennas, a Raspberry Pi 3, and a USB power bank is all the hardware you need. Software is a little trickier, but [Simone] has all the instructions.

Of course, if you want to look at the less legitimate applications of this hardware, [Simone]’s build is only good at receiving/tapping/intercepting unencrypted GSM signals. It’s great if you want to set up a few base stations at Burning Man and hand out SIM cards like ecstasy, but GSM has encryption. You won’t be able to decrypt every GSM signal this system can see without a little bit of work.

Luckily, GSM is horribly, horribly broken. At CCCamp in 2007, [Steve Schear] and [David Hulton] started building a rainbow table of the A5 cyphers that is used on a GSM network between the handset and tower. GSM cracking is open source, and there are flaws in GPRS, the method GSM networks use to relay data transmissions to handsets. In case you haven’t noticed, GSM is completely broken.

Thanks [Justin] for the tip.

Old-school Rotary Phone gets GSM Upgrade

Sometimes, the answer to, “Why would you bother with a project like that?” is just as simple as, “Because it’s cool.” We suspect that was the motivation behind [Dirk-Jan]’s project to make portable versions of classic rotary telephones.

On style points alone, [Dirk-Jan] scores big. The mid-1950s vintage Belgian RTT model 56 phone has wonderful lines in its Bakelite case and handset and a really cool flip-up bail to carry it around, making it a great choice for a portable. The guts of the phone were replaced with a SIM900 GSM module coupled with a PIC microcontroller and an H-bridge to drive the ringer solenoids, along with a Li-ion battery and charger to keep it totally wireless – except for the original handset cord, of course. The video after the break show the phone in action both making and receiving calls; there’s something pleasing on a very basic level about the sound of a dial tone and the gentle ringing of the bell. And it may be slow, but a rotary dial has plenty of tactile appeal too.

Rotary-to-cell conversions are a popular “just because” project, like this conversion designed to allow an angry slam-down of the handset. The orange Siemens phone in that project is nice and all, but we really favor the ’50s look for a portable.

Continue reading “Old-school Rotary Phone gets GSM Upgrade”

Hackaday Links: November 8, 2015

[Burt Rutan] is someone who needs no introduction. Apparently, he likes the look of the Icon A5 and is working on his own version.

Earlier this week, the US Air Force lost a few satellites a minute after launch from Barking Sands in Hawaii. This was the first launch of the three stage, solid fueled SPARK rocket, although earlier versions were used to launch nuclear warheads into space. There are some great Army videos for these nuclear explosions in space, by the way.

[Alexandre] is working on an Arduino compatible board that has an integrated GSM module and WiFi chip. It’s called the Red Dragon, and that means he needs some really good board art. The finished product looks good in Eagle, and something we can’t wait to see back from the board house.

The Chippocolypse! Or however you spell it! TI is declaring a lot of chips EOL, and although this includes a lot of op-amps and other analog ephemera (PDF), the hi-fi community is reeling and a lot of people are stocking up on their favorite amplifiers.

[Jeremy] got tired of plugging jumper wires into a breadboard when programming his ATMega8 (including the ‘168 and ‘328) microcontrollers. The solution? A breadboard backpack that fits right over the IC. All the files are available, and the PCB can be found on Upverter.

In case you haven’t heard, we’re having a Super Conference in San Francisco later this week. Adafruit was kind enough to plug our plug for the con on Ask an Engineer last week.

Hackaday Prize Semifinalist: An Open Smartphone

One of the biggest trends in DIY electronics, both now and fifty years ago, is creating at home what is usually made in a factory. Fifty years ago, this meant radios and amplifiers. Today, this means smartphones. It used to be the case that you could pull out a Heathkit catalog and find kits for every electronic gadget imaginable. There are no kits for DIY smartphones.

For [Gerard]’s entry for The Hackaday Prize, he’s tapping into the spirit of the decades-old DIY movement and building his own cell phone. He’s calling it the libresmartphone, and it’s able to make calls and send emails, just like any other portable, pocketable computer.

The libresmartphone is built around a Raspberry Pi, with a large battery, HDMI display with touchscreen, and a GSM and GPS module rounding out the build. He’s also rolling his own software to make calls, read SMS, and take a peek into some of the phone’s hardware, like the charge state of the battery.

[Gerard]’s libresmartphone is one of the purest examples of modern DIY electronics you’ll find; it’s not about building something from a kit, but instead building something that’s needed out of the parts he has on hand. That’s the purest example of the DIY movement, and a great entry to this year’s Hackaday Prize.

The 2015 Hackaday Prize is sponsored by:

Hackaday Prize Semifinalist: A Mobile Node

The future is the Internet of Things, or so we’re told, and with that comes the requirement for sensors attached to the Internet that also relay GPS and location data. [Camilo]’s MobileNodes do just that. He’s designed a single device that will listen to any sensor, upload that data to the Internet over GSM or GPRS, and push all that data to the cloud.

The MobileNode is a small circular (7cm) PCB with a standard ATMega32u4 microcontroller. Attached to this PCB are GSM/GPRS and GPS/GLONASS modules to receive GPS signals and relay all that data to the cloud. To this, just about any sensor can be added, including light sensors, PIR sensors, gas and temperature sensors, and just about anything else that can be measured electronically.

Of course the biggest problem with a bunch of sensors on an Internet of Things device is pulling the data from the Internet. For that, [Camilo] designed a web interface that shows sensor data directly on a Google Map. You can check out the project video below.

The 2015 Hackaday Prize is sponsored by:

Continue reading “Hackaday Prize Semifinalist: A Mobile Node”