Exposing Dinosaur Phone Insecurity With Software Defined Radio

Long before everyone had a smartphone or two, the implementation of a telephone was much stranger than today. Most telephones had real, physical buttons. Even more bizarrely, these phones were connected to other phones through physical wires. Weird, right? These were called “landlines”, a technology that shuffled off this mortal coil three or four years ago.

It gets even more bizarre. some phones were wireless — just like your smartphone — but they couldn’t get a signal more than a few hundred feet away from your house for some reason. These were ‘cordless telephones’. [Corrosive] has been working on deconstructing the security behind these cordless phones for a few years now and found these cordless phones aren’t secure at all.

The phone in question for this exploit is a standard 5.8 GHz cordless phone from Vtech. Conventional wisdom says these phones are reasonably secure — at least more so than the cordless phones from the 80s and 90s — because very few people have a duplex microwave transceiver sitting around. The HackRF is just that, and it only costs $300. This was bound to happen eventually.

This is really just an exploration of the radio system inside these cordless phones. After taking a HackRF to a cordless phone, [Corrosive] found the phone technically didn’t operate in the 5.8 GHz band. Control signals, such as pairing a handset to a base station, happened at 900 MHz. Here, a simple replay attack is enough to get the handset to ring. It gets worse: simply by looking at the 5.8 GHz band with a HackRF, [Corrosive] found an FM-modulated voice channel when the handset was on. That’s right: this phone transmits your voice without any encryption whatsoever.

This isn’t the first time [Corrosive] found a complete lack of security in cordless phones. A while ago, he was exploring the DECT 6.0 standard, a European cordless phone standard for PBX and VOIP. There was no security here, either. It would be chilling if landlines existed anymore.

Continue reading “Exposing Dinosaur Phone Insecurity With Software Defined Radio”

GSM to Landline box has a creatively soldered cellphone inside

gsm-to-landline-box-teardown

We don’t blame the manufacturer of this GSM to Landline converter box for not designing the thing from the ground-up. After all, quantities of scale have made dumb-cellphones available for next to nothing. But you have to admit that it’s interesting to see a fully populated cellphone board creatively soldered into a consumer product. It would be commonplace if made in your basement rather than being sold in a store.

[Anton] was using the box to add his analog house phones to the cell network. The signal strength at home is pretty low and this box offers an external antenna for better reception. He cracked open the case expecting to see a GSM modem and was surprised to see the cellphone board. It includes a battery backup, and has been soldered directly to the cables which interface with the main PCB using some SIL connectors. Those solder joints were done by hand directly to the pins of the SIM card slot and as well as all of the other important connection points.

Hackit: Why we don’t need phone numbers

do_we_need_phone_numbers

We’re starting to think that phone numbers are deprecated; it may be time to integrate how we connect telephones with the new digital millennium. To get a firm grasp on this topic it is important to take a look at the reason we started using phone numbers, why we still use them, and the why’s and how’s of transitioning to a new system.

Continue reading “Hackit: Why we don’t need phone numbers”