Cellphone Hacks

525 Articles

36C3: SIM Card Technology From A To Z

December 30, 2019 by 1 Comment

SIM cards are all around us, and with the continuing growth of the Internet of Things, spawning technologies like NB-IoT, this might as well be very literal soon. But what do we really know about them, their internal structure, and their communication protocols? And by extension, their security? To shine some light on these questions, open source and mobile device titan [LaForge] gave an introductory talk about SIM card technologies at the 36C3 in Leipzig, Germany.

Starting with a brief history lesson on the early days of cellular networks based on the German C-Netz, and the origin of the SIM card itself, [LaForge] goes through the main specification and technology parts of each following generation from 2G to 5G. Covering the physical basics, I/O interfaces, communication protocols, and the file system located on the SIM card, you’ll get the answer to “what on Earth is PIN2 for?” along the way.

Of course, a talk like this, on a CCC event, wouldn’t be complete without a deep and critical look at the security side as well. Considering how over-the-air updates on both software and — thanks to mostly running Java nowadays — feature side are more and more common, there certainly is something to look at.

Continue reading “36C3: SIM Card Technology From A To Z”

Modulated Pilot Lights Anchor AR To Real World

December 17, 2019 by 26 Comments

We’re going to go out on a limb here and say that wherever you are now, a quick glance around will probably reveal at least one LED. They’re everywhere – we can spot a quick half dozen from our desk, mostly acting as pilot lights and room lighting. In those contexts, LEDs are pretty mundane. But what if a little more flash could be added to the LEDs of the world – literally?

That’s the idea behind LightAnchors, which bills itself as a “spatially-anchored augmented reality interface.” LightAnchors comes from work at [Chris Harrison]’s lab at Carnegie Mellon University which seeks new ways to interface with computers, and leverages the ubiquity of LED point sources and the high-speed cameras on today’s smartphones. LightAnchors are basically beacons of digitally encoded data that a smartphone can sense and decode. The target LED is modulated using amplitude-shift keying and each packet contains a data payload and parity bits along with a pre- and post-amble sequence. Software on the phone uses the camera to isolate the point source, track it, and pull the data out of it, which is used to create an overlay on the scene. The video below shows a number of applications, ranging from displaying guest login credentials through the pilot lights on a router to modulating the headlights of a rideshare vehicle so the next fare can find the right car.

An academic paper (PDF link) goes into greater depth on the protocol, and demo Arduino code for creating LightAnchors is thoughtfully provided. It strikes us that the two main hurdles to adoption of LightAnchors would be convincing device manufacturers to support them, and advertising the fact that what looks like a pilot light might actually be something more, but the idea sure beats fixed markers for AR tracking.

Continue reading “Modulated Pilot Lights Anchor AR To Real World”

Accessibility Apps Get Help From Bluetooth Buttons

November 10, 2019 by 4 Comments

Ever hear of Microsoft Soundscape? We hadn’t, either. But apparently it and similar apps like Blindsquare provide people with vision problems context about their surroundings. The app is made to run in the background of the user’s mobile device and respond to media controls, but if you are navigating around with a cane, getting to media controls on a phone or even a headset might not be very convenient. [Jazzang] set out to build buttons that could control apps like this that could be integrated with a cane or otherwise located in a convenient location.

There are four buttons of interest. Play/pause, Next, Back, and Home. There’s also a mute button and an additional button you can use with the phone’s accessibility settings. Each button has a special function for Soundscape. For example, Next will describe the point of interest in front of you. Soundscape runs on an iPhone so Bluetooth is the obvious choice for creating the buttons.

To simplify things, the project uses an Adafruit Feather nRF52 Bluefruit board. Given that it’s Arduino compatible and provides a Bluetooth Human Interface Device (HID) out of the box, there’s almost nothing else to do for the hardware but wire up the switches and some pull up resistors. That would make the circuit easy to stick almost anywhere.

Software-wise, things aren’t too hard either. The library provides all the Bluetooth HID device trappings you need, and once that’s set up, it is pretty simple to send keys to the phone. This is a great example of how simple so many tasks have become due to the availability of abstractions that handle all of the details. Since a Bluetooth HID device is just a keyboard, you can probably think of many other uses for this setup with just small changes in the software.

We covered the Bluefruit back when it first appeared. We don’t know about mounting this to a cane, but we do remember something similar attached to a sword.

Continue reading “Accessibility Apps Get Help From Bluetooth Buttons”

Finally, A Usable Rotary Phone From A Conference Badge

November 9, 2019 by 2 Comments

A few weeks ago we featured a project from [Dan], a work-in-progress in which he was attaching an EMF 2018 electronic conference badge to a rotary phone. At the time we looked forward to his progress, expecting maybe to see it in our travels round the field at EMF 2021. We have to say we did him a disservice then, because he’s made excellent progress and has now turned it into a fully functional cellular rotary phone.

When we left him he’d interfaced the dial to the badge and not a lot else, but it was enough to spark our interest because we think there should be more re-use of old electronic conference badges. Since then he’s reverse engineered the original bell with the help of a motor driver and a cheap DC-to-DC converter, and the handset with the guts of a Bluetooth headset because in experimenting he managed to kill the badge’s audio circuitry.

The result can be seen in the video below the break, and we have to admit it looks pretty good. Depending where you are in the world you’ll either love or hate the ringing sound, but that is of little consequence to the utility of the device. If you have a drawer full of conference badges gathering dust, perhaps it’s time to give them a second look.

Continue reading “Finally, A Usable Rotary Phone From A Conference Badge”

Laser-Based Audio Injection On Voice-Controllable Systems

November 6, 2019 by 27 Comments

In one of the cooler hacks we’ve seen recently, a bunch of hacking academics at the University of Michigan researched the ability to flicker a laser at audible sound frequencies to see if they could remotely operate microphones simply by shining a light on them. The results are outstanding.

While most Hackers will have heard about ‘The Thing’ – a famous hack where Russian KGB agents would aim a radio transmitter at the great seal in the US embassy,  almost none of us will have thought of using lasers shined in from distant locations to hack modern audio devices such as Alexa or Google Assistant. In the name of due diligence, we checked it out on Wikipedia: ‘The Photoacoustic Effect’ , and indeed it is real – first discovered in 1880 by Alexander Bell! The pulsing light is heating the microphone element and causing it to vibrate along with the beam’s intensity. Getting long range out of such a system is a non-trivial product of telescopes, lasers, and careful alignment, but it can be made to work.

Digging deeper into the hack, we find that the actual microphone that is vulnerable is the MEMS type, such as the Knowles SPV0842LR5H. This attack is relatively easy to prevent; manufacturers would simply need to install screens to prevent light from hitting the microphones. For devices already installed in our homes, we recommend either putting a cardboard box over them or moving them away from windows where unscrupulous neighbors or KGB agents could gain access. This does make us wonder if MEMS mics are also vulnerable to radio waves.

As far as mobile phones are concerned, the researchers were able to talk into an iPhone XR at 10 metres, which means that, very possibly, anybody with a hand held ultra violet / infra red equipped flashlight could hack our phones at close range in a bar, for example. The counter-measures are simple – just stick some black electrical tape over the microphone port at the bottom of the phone. Or stay out of those dodgy bars. Continue reading “Laser-Based Audio Injection On Voice-Controllable Systems”

Finally, A Rotary Cell Phone With Speed Dial

September 24, 2019 by 10 Comments

If you’re reading this, chances are good that you’re the family IT department. We do what we can to help them, but there’s just no changing the fact that smartphones are difficult to operate with aging eyes and hands. When [sideburn’s] dad started complaining, he took a different approach. Instead of helping his dad adapt, [sideburn] stuffed modern cell phone guts into a 1970s rotary phone — if all you want to use it for is phone calls, why not reach for a battle-tested handset?

[sideburn] figured out the most important part first, which is getting the thing to ring. The bells in those old phones are driven by a huge relay that requires a lot of voltage, so he boosted a 3.2V rechargeable to 34V. Then it was just a matter of getting the GSM module to play nice with the microcontroller, and programming a MOSFET to trigger the boost module that makes the beast jingle.

The worst thing about rotary phones is that they were never meant to be dialed in a hurry. But [sideburn] took care of that. Once Rotocell was up and working, he added an SMS interface that makes the phone a lot more useful. Dad can add contacts to Rotocell by texting the name and number to it from a modern phone. Once it’s in there, he can dial by name, speeding up the process a tiny bit.

The SMS interface can also report back the signal strength and battery level, and will send battery low alerts when it’s under 20%. You can see Rotocell in action after the break.

Got an old rotary or two lying about? If modernizing the internals to make calls doesn’t light up your circuits, try turning it into a voice-controlled assistant instead.

Continue reading “Finally, A Rotary Cell Phone With Speed Dial”

A Conference Badge Breathes Life Into A Rotary Phone

September 14, 2019 by 4 Comments

We have covered the astonishing diversity of conference badges to a great extent over the years, and we are always pleased and surprised at the creativity and ingenuity that goes into their creation. But the saddest thing about so many badges is that after the event they go into the drawer and are never touched again, such a missed opportunity!

It’s a trend that [Dan] has reversed though, with his rotary dial phone brought to life with an EMF Tilda MkIV. This was the badge from last year’s EMF Camp 2018, and its defining feature was a built-in GSM mobile phone. We didn’t give it a full review at the time because it has problems with the GSM part at the event and it would have been unfair to display what was an amazing badge in a negative light, but once we got it home it was straightforward enough to put a commercial SIM in the slot and use the public networks with it.

[Dan]’s phone is an Eastern European model that came to him through his grandfather. Inside it’s a relatively conventional design, into which he’s patched a couple of the Tilda’s I/O lines from the dial through a debounce circuit. But simply selecting a couple of lines wasn’t enough, as most of those on its expansion port come via a port expander. He needed inputs that could generate an interrupt, so he hijacked a couple from the on-board joystick. He’s included Python code which you can see in action in the video below. It’s important to note that he’s yet to hook up the audio to the badge so this is a work in progress, but it’s an interesting project nevertheless.

Rotary phones hold a special place among hardware hackers, we’ve featured many projects including them. This isn’t the first GSM rotary phone we’ve brought you, and don’t forget they can also talk via Bluetooth.

Continue reading “A Conference Badge Breathes Life Into A Rotary Phone”