Stealth Cell Tower Inside This Office Printer Calls To Say I Love You

November 2, 2016 by Jenny List 35 Comments

If you look around the street furniture of your city, you may notice some ingenious attempts to disguise cell towers. There are fake trees, lamp posts with bulges, and plenty you won’t even be aware of concealed within commercial signage. The same people who are often the first to complain when they have no signal it seems do not want to be reminded how that signal reaches them. On a more sinister note, government agencies have been known to make use of fake cell towers of a different kind, those which impersonate legitimate towers in order to track and intercept communications.

In investigating the phenomenon of fake cells, [Julian Oliver] has brought together both strands by creating a fake cell tower hidden within an innocuous office printer. It catches the phones it finds within its range, and sends them a series of text messages that appear to be from someone the phone’s owner might know. It then prints out a transcript of the resulting text conversation along with all the identifying information it can harvest from the phone. As a prank it also periodically calls phones connected to it and plays them the Stevie Wonder classic I Just Called To Say I Love You.

In hardware terms the printer has been fitted with a Raspberry Pi 3, a BladeRF software-defined transceiver, and a pair of omnidirectional antennas which are concealed behind the toner cartridge hatch. Software comes via YateBTS, and [Julian] provides a significant amount of information about its configuration as well as a set of compiled binaries.

In one sense this project is a fun prank, yet on the other hand it demonstrates how accessible the technology now is to impersonate a cell tower and hijack passing phones. We’re afraid to speculate though as to the length of custodial sentence you might receive were you to be caught using one as a private individual.

We’ve considered the Stingray cell phone trackers before here at Hackaday, as well as looking at a couple of possible counter-measures. An app that uses a database of known towers to spot fakes, as well as a solution that relies on an SDR receiver to gather cell tower data from a neighbourhood.

[via Hacker News]

Phone-To-Phone Power Thievery

October 30, 2016 by Steven Dufresne 38 Comments

Once again, [Rulof]’s putting his considerable hacking abilities to good use, his good use that is. By modding a few simple parts he’s put together something that he can carry around on his keychain that’ll allow him to steal power from his friend’s phones to charge his own phone.

He starts by cutting away the motor from an iPhone fan to isolate the Micro USB connector. He then removes the charging circuit board from a cheap Chinese USB power bank, and solders wires from the Micro USB connector to one side of the board. Lastly, he cuts away the Lightning connector from a Lightning-to-USB cable and solders that connector to the other side of the circuit board. For longevity and cosmetics, he puts it all in a small wood block and connects a key ring. The result is a small, neat looking box with a Micro USB connector on one side and a Lightning connector on the other. You can see him make it, and then use it to steal power from his friends in the video after the break.

Continue reading “Phone-To-Phone Power Thievery” →

When Your Screen Breaks In The Himalayas

October 24, 2016 by Jenny List 26 Comments

If you’ve ever had the screen break on your laptop, you’ll know it can be rather annoying to have to use an external monitor for a while as you either wait for a replacement panel to arrive from the other side of the world, or wait for that new laptop you were just desperate for an excuse to upgrade to.

Spare a thought, then, for [tom bh] whose laptop screen broke while he was in Ladakh, Northern India. Two days bus ride from the nearest city in which he could hope to source a replacement part, he had to make do with the resources in front of him. A laptop with a broken screen, and his Android phone.

He was fortunate in that a few lines at the top of the screen still worked intermittently. So after logging in blind and finding himself in a shell, he could execute commands and then scroll the results up to the point at which they were visible. He first enabled an SSH server, then connected his phone via USB. A bit of work to find the laptop’s IP address, and he could get himself a laptop shell on his phone with an Android SSH client. He goes into detail about how he was able to use the laptop’s keyboard to emulate a Bluetooth device which he connected to the phone. He could then run a VNC server on the laptop and connect to it with a VNC client on the phone, resulting in a phone-sized laptop display using the laptop’s keyboard as input. Not a perfect physical terminal by any means, but enough for him to continue working.

His writeup is an especially interesting read for its side-by-side evaluation of the various different application choices he made, and contains some useful suggestions as to how anyone might prepare themselves for a dead screen related emergency.

We’ve featured a dead-screen laptop connected as a serial terminal with an Arduino in the past, but unlike this one that only gave its owner a prompt.

Via Hacker News.

Li-Ion Tech Staring Into The Abyss With Note 7 Failure

October 14, 2016 by Will Sweatman 155 Comments

Unless you’ve been living under a high voltage transformer, you’ve heard about the potential for Samsung’s latest phone, the Note7, to turn into a little pocket grenade without warning. With over 2.5 million devices in existence, it’s creating quite a headache for the company and its consumers.

They quickly tied the problem to faulty Li-ion batteries and started replacing them, while issuing a firmware update to stop charging at 60 percent capacity. But after 5 of the replacement phones caught fire, Samsung killed the Note7 completely. There is now a Total Recall on all Note7 phones and they are no longer for sale. If you have one, you are to turn it off immediately. And don’t even think about strapping it into a VR headset — Oculus no longer supports it. If needed, Samsung will even send you a fireproof box and safety gloves to return it.

note_01 — Every airline has been broadcasting warnings not to power on or charge a Note 7 on a plane. Image Source: CNET

It should be noted that the problem only affects 0.01% of the phones out there, so they’re not exactly going to set the world on fire. However, it has generated yet another discussion about the safety of Li-ion battery technology.

It was just a few months ago we all heard about those hoverboards that would catch fire. Those questionably-engineered (and poorly-named) toys used Li-ion batteries as well, and they were the source of the fire problem. In the wake of this you would think all companies manufacturing products with Li-ion batteries in them would be extra careful. And Samsung is no upstart in the electronics industry — this should be a solved problem for them.

Why has this happened? What is the deal with Li-ion batteries? Join me after the break to answer these questions.

Continue reading “Li-Ion Tech Staring Into The Abyss With Note 7 Failure” →

Ghetto Ribbon Connector

September 27, 2016 by Elliot Williams 69 Comments

[Marcel] was trying to shoehorn a few new parts into his trusty Nexus 5 phone. If you’ve ever opened one of these little marvels up, you know that there’s not much room under the hood to work with. Pulling out some unnecessary parts (like the headphone jack) buys some space, but then how to wire it all up?

[Marcel] needed a multi-wire connector that’s as thin as possible, but he wasn’t going to go the order-Kapton-flex route. Oh no! He built one himself from masking tape and the strands from a stranded wire. Watch the video how-to if that alone isn’t enough instruction.

Continue reading “Ghetto Ribbon Connector” →

Hackaday Prize Entry: Catch The IMSI Catchers

September 23, 2016 by Jenny List 16 Comments

An IMSI catcher is an illicit mobile phone base station designed to intercept the traffic from nearby mobile phones by persuading them to connect to it rather than the real phone company tower. The IMSI in the name stands for International Mobile Subscriber Identity, a unique global identifier that all mobile phones have. IMSI catchers are typically used by government agencies to detect and track people at particular locations, and are thus the subject of some controversy.

As is so often the case when a piece of surveillance technology is used in a controversial manner there is a counter-effort against it. The IMSI catchers have spawned the subject of this post, an IMSI catcher detector app for Android. It’s a work-in-progress at the moment with code posted in its GitHub repository, but it is still an interesting look into this rather shadowy world.

How them you might ask, does this app hope to detect the fake base stations? In the first case, it will check the identity of the station it is connected to against a database of known cell towers. Then it will try to identify any unusual behaviour from the base station by analysing its traffic and signal strength. Finally it will endeavour to spot anomalies in the implementation of the cell phone protocols that might differentiate the fake from the real tower.

They have made some progress but stress that the app is in alpha stage at the moment, and needs a lot more work. They’re thus inviting Android developers to join the project. Still, working on projects is what the Hackaday Prize is all about.

Nexmon Turns Nexus 5 (and RPi3!) Into WiFi Toolkit

September 8, 2016 by Elliot Williams 22 Comments

Back in the day, when wardriving was still useful (read: before WPA2 was widespread), we used to wander around with a Zaurus in our pocket running Kismet. Today, every cellphone has WiFi and a significantly more powerful processor inside. But alas, the firmware is locked down.

Enter the NexMon project. If you’ve got a Nexus 5 phone with the Broadcom BCM4339 WiFi chipset, you’ve now got a monitor-mode, packet-injecting workhorse in your pocket, and it looks a lot less creepy than that old Zaurus. But more to the point, NexMon is open. If you’d like to get inside what it took to reverse-engineer a hole into the phone’s WiFi, or make your own patches, here’s a great starting place.

But wait, there’s more! The recently released Raspberry Pi 3 has a similar Broadcom WiFi chipset, and has been given the same treatment, turning your RPi 3 into a wireless-sniffing powerhouse. How many Raspberry Pi “hacks” actually hack the Raspberry Pi? Well, here’s one.

We first learned of this project from a talk given at the MetaRhein-Main Chaos Days conference which took place last weekend. The NexMon talk (in German, but with slides in English) is just one of the many talks, all of which are available online.

The NexMon project is a standout, however. Not only do they reverse the WiFi firmware in the Nexus 5, but they show you how, and then apply the same methods to the RPi3. Kudos times three to [Matthias Schulz], [Daniel Wegemer], and [Matthias Hollick]!