Phone Hacks

190 Articles

3D Printed Head Can Unlock Your Phone

December 19, 2018 by 23 Comments

[Thomas Brewster] writes for Forbes, but we think he’d be at home with us. He had a 3D printed head made in his own image and then decided to see what phones with facial recognition he could unlock. Turns out the answer is: most of them — at least, those running Android.

The models tested included an iPhone X, an LG, two Samsung phones, and a OnePlus. Ironically, several of the phones warn you when you enroll a face that the method may be less secure than other locking schemes. Conversely, one phone had a faster feature that is known to make the phone less secure.

Continue reading “3D Printed Head Can Unlock Your Phone”

Manhattan Mystery Of Creepy Jingles And Random Noises Solved

December 15, 2018 by 23 Comments

Here’s a puzzler for you: If you’re phreaking something that’s not exactly a phone, are you still a phreak?

That question probably never crossed the minds of New Yorkers who were acoustically assaulted on the normally peaceful sidewalks of Manhattan over the summer by creepy sounds emanating from streetside WiFi kiosks. The auditory attacks caused quite a stir locally, leading to wild theories that Russian hackers were behind it all. Luckily, the mystery has been solved, and it turns out to have been part prank, part protest, and part performance art piece.

To understand the exploit, realize that New York City has removed thousands of traditional pay phones from city sidewalks recently and replaced them with LinkNYC kiosks, which are basically WiFi hotspots with giant HDTV displays built into them. For the price of being blitzed with advertisements while strolling by, anyone can make a free phone call using the built-in VOIP app. That was the key that allowed [Mark Thomas], an old-school phreak and die-hard fan of the pay telephones that these platforms supplanted, to launch his attack. It’s not exactly rocket surgery; [Mark] dials one of the dozens of conference call numbers he has set up with pre-recorded audio snippets. A one-minute delay lets him crank the speakerphone volume up to 11 and abscond. The recordings vary, but everyone seemed most creeped out by the familiar jingle of the [Mr. Softee] ice cream truck franchise, slowed down and distorted to make it sound like something from a fever dream.

Yes, it’s a minimal hack, and normally we don’t condone the misuse of public facilities, even ones as obnoxious as LinkNYC appears to be. But it does make a statement about the commercialization of the public square, and honestly, we’re glad to see something that at least approaches phreaking again. It’s a little less childish than blasting porn audio from a Target PA system, and far less dangerous than activating a public safety siren remotely.

Continue reading “Manhattan Mystery Of Creepy Jingles And Random Noises Solved”

5G Cellphone’s Location Privacy Broken Before It’s Even Implemented

December 7, 2018 by 52 Comments

Although hard to believe in the age of cheap IMSI-catchers, “subscriber location privacy” is supposed to be protected by mobile phone protocols. The Authentication and Key Agreement (AKA) protocol provides location privacy for 3G, 4G, and 5G connections, and it’s been broken at a basic enough level that three successive generations of a technology have had some of their secrets laid bare in one fell swoop.

When 3G was developed, long ago now, spoofing cell towers was expensive and difficult enough that the phone’s International Mobile Subscriber Identity (IMSI) was transmitted unencrypted. For 5G, a more secure version based on a asymmetric encryption and a challenge-reponse protocol that uses sequential numbers (SQNs) to prevent replay attacks. This hack against the AKA protocol sidesteps the IMSI, which remains encrypted and secure under 5G, and tracks you using the SQN.

The vulnerability exploits the AKA’s use of XOR to learn something about the SQN by repeating a challenge. Since the SQNs increment by one each time you use the phone, the authors can assume that if they see an SQN higher than a previous one by a reasonable number when you re-attach to their rogue cell tower, that it’s the same phone again. Since the SQNs are 48-bit numbers, their guess is very likely to be correct. What’s more, the difference in the SQN will reveal something about your phone usage while you’re away from the evil cell.

A sign of the times, the authors propose that this exploit could be used by repressive governments to track journalists, or by advertisers to better target ads. Which of these two dystopian nightmares is worse is left as comment fodder. Either way, it looks like 5G networks aren’t going to provide the location privacy that they promise.

Via [The Register]

Header image: MOs810 [CC BY-SA 4.0].

Retro Wall Phone Becomes A Doorbell, And So Much More

November 20, 2018 by 5 Comments

We have to admit that this retasked retro phone wins on style points alone. The fact that it’s filled with so much functionality is icing on the cake.

The way [SuperKris] describes his build sounds like a classic case of feature creep. Version 1 was to be a simple doorbell, but [SuperKris] would soon learn that one does not simply replace an existing bell with a phone and get results. He did some research and found that the ringer inside the bakelite beauty needs much more voltage than the standard doorbell transformer supplies, so he designed a little H-bridge circuit to drive the solenoids. A few rounds of “while I’m at it” later, the phone was stuffed with electronics, including an Arduino and an NFR24 radio module that lets it connect to Domoticz, a home automation system. The phone’s rotary dial can now control up to 10 events and respond to alarms and alerts with different ring patterns. And, oh yes – it’s a doorbell too.

In general, we prefer to see old equipment restored rather than gutted and filled with new electronics. But we can certainly get behind any effort to retask old phones with no real place in modern telecommunications. We’ve seen a few of these before, like this desk telephone that can make cell calls.

Continue reading “Retro Wall Phone Becomes A Doorbell, And So Much More”

Vintage Rotary Phone Turned Virtual Assistant

November 17, 2018 by 7 Comments

Like many of us, [Zoltan Toth-Czifra] has completely embraced 21st century living. His home is awash in smart gadgets and dodads, from color changing light bulbs to Internet-connected cameras. But he’s also got a soft spot for the look and feel of vintage hardware, like the rotary phone he keeps kicking around to remind him of the old days. He recently decided to bridge these two worlds by turning the rotary phone into a modern voice controlled assistant.

The first piece of the puzzle was getting the old school phone connected to something a bit more modern, namely a Raspberry Pi. He didn’t want to hack the vintage phone apart, so he picked up a Grandstream HT801, an adapter that’s used to convert analog telephones to VoIP. [Zoltan] says this model specifically fit the bill as it had a function that allows you to configure a number to dial as soon the phone is lifted off the hook. This allows the user to just pick up the phone and start talking without having to dial anything manually. If you’re looking to pull off a similar setup, you should check to make sure the adapter has this function before pulling the trigger.

With the rotary phone now talking a more modern protocol, [Zoltan] just needed to get the Raspberry Pi side sorted out. He installed a SIP server so it could communicate with the HT801 adapter, and then got to work putting together his virtual assistant. Rather than plug into an existing system, he rolled his own by combining open source packages for controlling his various smart devices with the aptly named SpeechRecognition library for Python.

Right now he’s only programmed a few commands that his system can respond to for controlling his lights and music, but mentions that the system is modular enough that he can add new functions easily. He’s put the source for his virtual assistant framework up on GitHub, which he notes was written in less than 200 lines of original code by virtue of utilizing existing libraries for a lot of the heavy lifting. Open source is a beautiful thing.

In the past we’ve seen rotary phones go mobile thanks to GSM upgrades and dragged kicking and screaming onto the modern phone network with a built-in Raspberry Pi. But we think there’s something especially appealing about the approach [Zoltan] took which preserves the phone’s original hardware.

Continue reading “Vintage Rotary Phone Turned Virtual Assistant”

DIY Telepresence Robot Built From Off-The-Shelf Parts

November 16, 2018 by 8 Comments
Petite, but it does the job. Note the huge LED headlight in the center.

Telepresence hasn’t taken off in a big way just yet; it may take some time for society to adjust to robotic simulacra standing in for humans in face-to-face communications. Regardless, it’s an area of continuous development, and [MakerMan] has weighed in with a tidy DIY build that does the job.

It’s a build that relies on an assemblage of off-the-shelf parts to quickly put together a telepresence robot. Real-time video and audio communications are easily handled by a Huawei smartphone running Skype, set up to automatically answer video calls at all times. The phone is placed onto the robotic chassis using a car cell phone holder, attached to the body with a suction cup. The drive is a typical two-motor skid steer system with rear caster, controlled by a microcontroller connected to the phone.

Operation is simple. The user runs a custom app on a remote phone, which handles video calling of the robot’s phone, and provides touchscreen controls for movement. While the robot is a swift mover, it’s really only sized for tabletop operation — unless you wish to talk to your contact’s feet. However, we can imagine there has to be some charm in driving a pint-sized ‘bot up and down the conference table when Sales and Marketing need to be whipped back into shape.

It’s a build that shows that not everything has to be a 12-month process of research and development and integration. Sometimes, you can hit all the right notes by cleverly lacing together a few of the right eBay modules. Getting remote video right can be hard, too – as we’ve seen before.

Hello, And Please Don’t Hang Up: The Scourge Of Robocalls

November 12, 2018 by 113 Comments

Over the last few months, I’ve noticed extra calls coming in from local numbers, and if you live in the US, I suspect maybe you have too. These calls are either just dead air, or recordings that start with “Please don’t hang up.” Out of curiosity, I’ve called back on the number the call claims to be from. Each time, the message is that this number has been disconnected and is no longer in service. This sounds like the plot of a budget horror movie, how am I being called from a disconnected number? Rather than a phantom in the wires, this is robocalling, combined with caller ID spoofing.

Continue reading “Hello, And Please Don’t Hang Up: The Scourge Of Robocalls”