Cellphone Hacks

526 Articles

A Conference Badge Breathes Life Into A Rotary Phone

September 14, 2019 by 4 Comments

We have covered the astonishing diversity of conference badges to a great extent over the years, and we are always pleased and surprised at the creativity and ingenuity that goes into their creation. But the saddest thing about so many badges is that after the event they go into the drawer and are never touched again, such a missed opportunity!

It’s a trend that [Dan] has reversed though, with his rotary dial phone brought to life with an EMF Tilda MkIV. This was the badge from last year’s EMF Camp 2018, and its defining feature was a built-in GSM mobile phone. We didn’t give it a full review at the time because it has problems with the GSM part at the event and it would have been unfair to display what was an amazing badge in a negative light, but once we got it home it was straightforward enough to put a commercial SIM in the slot and use the public networks with it.

[Dan]’s phone is an Eastern European model that came to him through his grandfather. Inside it’s a relatively conventional design, into which he’s patched a couple of the Tilda’s I/O lines from the dial through a debounce circuit. But simply selecting a couple of lines wasn’t enough, as most of those on its expansion port come via a port expander. He needed inputs that could generate an interrupt, so he hijacked a couple from the on-board joystick. He’s included Python code which you can see in action in the video below. It’s important to note that he’s yet to hook up the audio to the badge so this is a work in progress, but it’s an interesting project nevertheless.

Rotary phones hold a special place among hardware hackers, we’ve featured many projects including them. This isn’t the first GSM rotary phone we’ve brought you, and don’t forget they can also talk via Bluetooth.

Continue reading “A Conference Badge Breathes Life Into A Rotary Phone”

Warshipping: A Free Raspberry Pi In The Mail Is Not Always A Welcome Gift

August 19, 2019 by 39 Comments

Leading edge computer security is veiled in secrecy — a world where novel attacks are sprung on those who do not yet know what they need to protect against. Once certain tactics have played out within cool kids’ circles, they are introduced to the rest of the world. An IBM red team presented what they’re calling “warshipping”: sending an adversarial network to you in a box.

Companies concerned about security have learned to protect their internet-accessible points of entry. Patrolling guards know to look for potential wardrivers parked near or repeatedly circling the grounds. But some are comparatively lax about their shipping & receiving, and they are the ideal targets for warshipping.

Bypassing internet firewalls and security perimeters, attack hardware is embedded inside a shipping box and delivered by any of the common carriers. Security guards may hassle a van bristling with antennas, but they’ll wave a FedEx truck right through! The hardware can be programmed to stay dormant through screening, waiting to probe once inside the walls.

The presentation described several ways to implement such an attack. There is nothing novel about the raw hardware – Raspberry Pi, GPS receiver, cellular modems, and such are standard fare for various projects on these pages. The creative part is the software and in how they are hidden: in packing material and in innocuous looking plush toys. Or for persistence, they can be hidden in a wall mounted plaque alongside some discreet photovoltaic panels. (Editor’s note: What? No Great Seals?)

With this particular technique out in the open, we’re sure others are already in use and will be disclosed some years down the line. In the meantime, we can focus our efforts on more benign applications of similar technology, whether it is spying on our cat or finding the nearest fast food joint. The hardware is evolving as well: a Raspberry Pi actually seems rather heavyweight for this, how about a compact PCB with both an ESP32 and a cellular modem?

Via Ars Technica.

5G Power Usage Is Making Phones Overheat In Warm Weather

July 21, 2019 by 52 Comments

As reported by ExtremeTech, the brand new 5G network is running into a major snag with mobile devices as Qualcomm 5G modems literally cannot handle the heat. After just a few minutes of use they’re going into thermal shutdown and falling back to measly 4G data rates. Reports by both PCMag and the Wall Street Journal (paywall) suggest that 5G-enabled phones consistently see problems when used in environments where temperatures hit or exceed 29.5 °C (85.1 °F).

The apparent cause is the increased power draw required by current 5G modems which make heavy use of beam forming and other advanced technologies to increase reception and perform processing on the received data. Unlike 4G and older technologies, 5G needs to have multiple antennas (three or more) to keep a signal, especially when you grab your shiny new smartphone with your millimeter-wave blocking hands.

The spin-off from all of this seems to be that perhaps 5G technology isn’t ready for prime-time, or that perhaps our phones need to have bigger batteries and liquid cooling to keep the 5G modem in it happy. Anyone up for modding a liquid cooling loop and (tiny) radiator into their phone?

Impersonate The President With Consumer-Grade SDR

June 26, 2019 by 43 Comments

In April of 2018, the Federal Emergency Management Agency sent out the very first “Presidential Alert”, a new class of emergency notification that could be pushed out in addition to the weather and missing child messages that most users were already familiar with. But while those other messages are localized in nature, Presidential Alerts are intended as a way for the Government to reach essentially every mobile phone in the country. But what if the next Presidential Alert that pops up on your phone was actually sent from somebody with a Software Defined Radio?

According to research recently released by a team from the University of Colorado Boulder, it’s not as far-fetched a scenario as you might think. In fact, given what they found about how the Commercial Mobile Alert Service (CMAS) works, there might not be a whole lot we can even do to prevent it. The system was designed to push out these messages in the most expedient and reliable way possible, which meant that niceties like authentication had to take a backseat.

The thirteen page report, which was presented at MobiSys 2019 in Seoul, details their findings on CMAS as well as their successful efforts to send spoofed Presidential Alerts to phones of various makes and models. The team used a BladeRF 2.0 and USRP B210 to perform their mock attacks, and even a commercially available LTE femtocell with modified software. Everything was performed within a Faraday cage to prevent fake messages from reaching the outside world.

So how does the attack work? To make a long story short, the team found that phones will accept CMAS messages even if they are not currently authenticated with a cell tower. So the first phase of the attack is to spoof a cell tower that provides a stronger signal than the real ones in the area; not very difficult in an enclosed space. When the phone sees the stronger “tower” it will attempt, but ultimately fail, to authenticate with it. After a few retries, it will give up and switch to a valid tower.

This negotiation takes around 45 seconds to complete, which gives the attacker a window of opportunity to send the fake alerts. The team says one CMAS message can be sent every 160 milliseconds, so there’s plenty of time to flood the victim’s phone with hundreds of unblockable phony messages.

The attack is possible because the system was intentionally designed to maximize the likelihood that users would receive the message. Rather than risk users missing a Presidential Alert because their phones were negotiating between different towers at the time, the decision was made to just push them through regardless. The paper concludes that one of the best ways to mitigate this attack would be to implement some kind of digital signature check in the phone’s operating system before the message gets displayed to the user. The phone might not be able to refuse the message itself, but it can at least ascertain it’s authentic before showing it to the user.

All of the team’s findings have been passed on to the appropriate Government agencies and manufacturers, but it will likely be some time before we find out what (if any) changes come from this research. Considering the cost of equipment that can spoof cell networks has dropped like a rock over the last few years, we’re hoping all the players can agree on a software fix before we start drowning in Presidential Spam.

Add Scroll Wheels And Buttons To Smartphones With 3D-Printed Widgets Read By Accelerometer

June 17, 2019 by 22 Comments

The first LED digital wristwatches hit the market in the 1970s. They required a button push to turn the display on, prompting one comedian to quip that giving one to a one-armed man would be in poor taste. While the UIs of watches and other wearables have improved since then, smartphones still present some usability challenges. Some of the touch screen gestures needed to operate a phone, like pinching, are nigh impossible when one-handing the phone, and woe unto those with stubby thumbs when trying to take a selfie.

You’d think that the fleet of sensors and the raw computing power on board would afford better ways to control phones. And you’d be right, if the modular mechanical input widgets described in a paper from Columbia University catch on. Dubbed “Vidgets” by [Chang Xiao] et al, the haptic devices are designed to create characteristic acceleration profiles on a phone’s inertial measurement unit (IMU) when actuated. Vidgets take various forms, from push buttons to scroll wheels, each of a similar size and shape and designed to dock into one of eight positions on the back of a 3D-printed phone case. Once trained, the algorithm watches for the acceleration signature caused by actuating a Vidget, and sends commands to the phone to mimic the corresponding gestures. The video below demonstrates a couple of use cases, of which the virtual saxophone is our favorite.

This is really clever stuff, and ventures deep into “Why didn’t I think of that?” territory. Need to get ahead of the curve on IMUs to capitalize on what they can do? You could start with [Al Williams]’ primer on micro-electromechanical systems, or MEMS.

Continue reading “Add Scroll Wheels And Buttons To Smartphones With 3D-Printed Widgets Read By Accelerometer”

This Vintage Phone Goes Cellular

February 5, 2019 by 8 Comments

Way back in the good old days, life ran at a slower pace. It took us almost a decade to get to the moon, and dialling the phone was a lazy affair which required the user to wait for the rotary mechanism to rewind after selecting each digit. Eager to bring a taste of retro telephony into the modern era, [Marek] retrofitted this vintage Polish telephone with a GSM upgrade.

The phone [Marek] salvaged had already been largely gutted, so there was little to lose in the transformation. A Motorola D15 GSM module was sourced from an alarm system to provide a network connection to the project. An Atmega328 was then used to translate the rotary dial mechanics into something more usable by the cellular module.

Attention to detail can really make a project shine, and [Marek] didn’t skimp in this area. The original ringer was rewound to operate with a half H-bridge at a lower voltage more suitable to the modern electronics inside. The microcontroller also helped out by using its PWM hardware to simulate a dialtone and the characteristic sound of pulse dialling.

It’s always nice to see retro hardware given a new lease on life. Unfortunately, GSM networks aren’t long for this world, so a further update may be required before long. These old phones have plenty of potential, as we’ve seen before.

A Very Different ‘Hot Or Not’ Application For Your Phone

February 3, 2019 by 27 Comments

Radioactivity stirs up a lot of anxiety, partially because ionizing radiation is undetectable by any of the senses we were born with. Anytime radiation makes the news, there is a surge of people worried about their exposure levels and a lack of quick and accurate answers. Doctors are flooded with calls, detection devices become scarce, and fraudsters swoop in to make a quick buck. Recognizing the need for a better way, researchers are devising methods to measure cumulative exposure experienced by commodity surface mount resistors.

Cumulative exposure is typically tracked by wearing a dosimeter a.k.a. “radiation badge”. It is standard operating procedure for people working with nuclear material to wear them. But in the aftermath of what researchers euphemistically call “a nuclear event” there will be an urgent need to determine exposure for a large number of people who were not wearing dosimeters. Fortunately, many people today do wear personal electronics full of components made with high purity ingredients to tightly controlled tolerances. The resistor is the simplest and most common part, and we can hack a dosimeter with them.

Lab experiments established that SMD resistors will reveal their history of radiation exposure under high heat. Not to the accuracy of established dosimetry techniques, but more than good enough to differentiate people who need immediate medical attention from those who need to be monitored and, hopefully, reassure people in neither of those categories. Today’s technique is a destructive test as it requires removing resistors from the device and heating them well above their maximum temperature, but research is still ongoing in this field of knowledge we hope we’ll never need.

If you prefer to read about SMD resistor hacks with less doomsday, we recently covered their use as a 3D printer’s Z-axis touch sensor. Those who want to stay on the topic can review detection hacks like using a single diode as a Geiger counter and the IoT dosimeter submitted for the 2017 Hackaday Prize. Or we can choose to focus on the bright side of radioactivity with the good things made possible by controlled artificial radioactivity, pioneered by Irène Joliot-Curie.

[via Science News]