Horns Across America: The AT&T Long Lines Network

July 10, 2017 by Dan Maloney 83 Comments

A bewildering amount of engineering was thrown at the various challenges presented to the United States by the end of World War II and the beginning of the Cold War. From the Interstate Highway System to the population shift from cities to suburbs, infrastructure of all types was being constructed at a rapid pace, fueled by reasonable assessments of extant and future threats seasoned with a dash of paranoia, and funded by bulging federal coffers due to post-war prosperity and booming populations. No project seemed too big, and each pushed the bleeding edge of technology at the time.

Some of these critical infrastructure projects have gone the way of the dodo, supplanted by newer technologies that rendered them obsolete. Relics of these projects still dot the American landscape today, and are easy to find if you know where to look. One that always fascinated me was the network of microwave radio relay stations that once stitched the country together. From mountaintop to mountaintop, they stand silent and largely unattended, but they once buzzed with the business of a nation. Here’s how they came to be, and how they eventually made themselves relics.

Continue reading “Horns Across America: The AT&T Long Lines Network” →

At Last, (Almost) A Cellphone With No Batteries!

July 9, 2017 by Jenny List 52 Comments

If you are tired of constantly having to worry about the state of the battery in your mobile phone, then maybe help is at hand courtesy of the University of Washington. They are reporting the first-ever battery free cell phone, able to make calls by scavenging ambient power. An impressive achievement, and one about which we’d all like to know more.

On closer examination though, the story is revealed as not quite what it claims to be. It’s still a very impressive achievement, but instead of a cell phone with which you can make calls through the public cell network, it’s more of a remote handset for a custom base station through which it can place Skype calls. Sadly the paper itself is hidden behind a journal publisher’s paywall, so we’re left to poke underneath the research group’s slightly baffling decision to use the word “Cellphone” for something that plainly isn’t, and the university PR department’s dumbing-down for the masses. Aren’t peer reviewers supposed to catch misleading descriptions as well as dodgy science?

In radio terms, it’s an analog AM two-way radio that uses a backscatter transmission technique of applying the modulation as switching to an absorbing antenna tuned to the RF source whose ambient energy is being utilized. This modulates the ambient field within the range of the device, and resulting modulated field can be received and demodulated like any other radio signal. It’s a simplex device, in that you can’t listen and talk at the same time. Other ambient power used by the circuitry is harvested by rectifying received RF and through capturing ambient light on a set of photodiodes. There is a short video explaining the system, which we’ve placed below the break.

Continue reading “At Last, (Almost) A Cellphone With No Batteries!” →

“Alexa, What Plane Is That?”

July 2, 2017 by Dan Maloney 7 Comments

We’ve all probably done it — gazed up at a passing jetliner and wondered where it was going and what adventures its passengers were embarked upon. While the latter is hard to answer, the former just got a bit easier: just ask Alexa what the plane is.

Granted, [Nick Sypteras]’s Echo Dot isn’t quite omniscient enough to know exactly what plane you’re looking at. His system benefits from the constraints offered by the window of his Boston apartment — from the video below, we’d guess somewhere in Beacon Hill or the West End — that offers a view of the approach to Logan Airport. An RTL-SDR dongle receives the ADS-B transmissions from all aircraft in the vicinity, and a Raspberry Pi does a lookup, picks the closest plane, and scrapes the departure and arrival airports from FlightRadar24. Alexa does the rest, but we have to confess that hearing “Boeing seven hundred eighty-seven” rather than “seven eighty-seven” would drive us nuts.

If you don’t have the limited view of an airport approach that makes [Nick]’s hack workable, maybe a plane-spotting robot camera would work better for you.

Continue reading ““Alexa, What Plane Is That?”” →

Retro-Styled Raspberry Pi Radio

June 29, 2017 by James Hobson 5 Comments

Ok, so you want a radio — but not just any radio. It has to be wireless, access a variety of music services, and must have a vintage aesthetic that belies its modern innards. Oh, and a tiny screen that displays album art, because that’s always awesome. This 1938 Emerson AX212-inspired radio delivers.

Building on the backbone of a Raspberry Pi Zero W and an Adafruit MAX 98357 mono amp chip, the crux of this single-speaker radio is the program Mopidy. Mopidy is a music player that enables streaming from multiple services, with the stipulation that you have a premium Spotify account. Once signed up, [Tinkernut] helpfully outlines how to set up Mopidy to run automatically once the Pi boots up. The addition of a screen to display album art adds flair to the design, and Adafruit’s 1.8″ TFT LCD screen is small enough to fit the bill.

But wait — there’s more!

Continue reading “Retro-Styled Raspberry Pi Radio” →

TEMPEST In A Software Defined Radio

June 25, 2017 by Brian Benchoff 12 Comments

In 1985, [Wim van Eck] published several technical reports on obtaining information the electromagnetic emissions of computer systems. In one analysis, [van Eck] reliably obtained data from a computer system over hundreds of meters using just a handful of components and a TV set. There were obvious security implications, and now computer systems handling highly classified data are TEMPEST shielded – an NSA specification for protection from this van Eck phreaking.

Methods of van Eck phreaking are as numerous as they are awesome. [Craig Ramsay] at Fox It has demonstrated a new method of this interesting side-channel analysis using readily available hardware (PDF warning) that includes the ubiquitous RTL-SDR USB dongle.

The experimental setup for this research involved implementing AES encryption on two FPGA boards, a SmartFusion 2 SOC and a Xilinx Pynq board. After signaling the board to run its encryption routine, analog measurement was performed on various SDRs, recorded, processed, and each byte of the key recovered.

The results from different tests show the AES key can be extracted reliably in any environment, provided the antenna is in direct contact with the device under test. Using an improvised Faraday cage constructed out of mylar space blankets, the key can be reliably extracted at a distance of 30 centimeters. In an anechoic chamber, the key can be extracted over a distance of one meter. While this is a proof of concept, if this attack requires direct, physical access to the device, the attacker is an idiot for using this method; physical access is root access.

However, this is a novel use of software defined radio. As far as the experiment itself is concerned, the same result could be obtained much more quickly with a more relevant side-channel analysis device. The ChipWhisperer, for example, can extract AES keys using power signal analysis. The ChipWhisperer does require a direct, physical access to a device, but if the alternative doesn’t work beyond one meter that shouldn’t be a problem.

Fail Of The Week: Tracking Meteors With Weather Radio

June 24, 2017 by Dan Maloney 22 Comments

It’s not hard to detect meteors: go outside on a clear night in a dark place and you’re bound to see one eventually. But visible light detection is limiting, and knowing that meteors leave a trail of ions means radio detection is possible. That’s what’s behind this attempt to map meteor trails using broadcast signals, which so far hasn’t yielded great results.

The fact that meteor trails reflect radio signals is well-known; hams use “meteor bounce” to make long-distance contacts all the time. And using commercial FM broadcast signals to map meteor activity isn’t new, either — we’ve covered the “forward scattering” technique before. The technique requires tuning into a frequency used by a distant station but not a local one and waiting for a passing meteor to bounce the distant signal back to your SDR dongle. Capturing the waterfall display for later analysis should show characteristic patterns and give you an idea of where and when the meteor passed.

[Dave Venne] is an amateur astronomer who turns his eyes and ears to the heavens just to see what he can find. [Dave]’s problem is that the commercial FM band in the Minneapolis area that he calls home is crowded, to say the least. He hit upon the idea of using the National Weather Service weather radio broadcasts at around 160 MHz as a substitute. Sadly, all he managed to capture were passing airplanes with their characteristic Doppler shift; pretty cool in its own right, but not the desired result.

The comments in the RTL-SDR.com post on [Dave]’s attempt had a few ideas on where this went wrong and how to improve it, including the intriguing idea of using 60-meter ham band propagation beacons. Now it’s Hackaday’s turn: any ideas on how to fix [Dave]’s problem? Sound off in the comments below.

Decoding NRSC-5 With SDR To Get In Your Car

June 21, 2017 by Lewin Day 14 Comments

NRSC-5 is a high-definition radio standard, used primarily in the United States. It allows for digital and analog transmissions to share the original FM bandwidth allocations. Theori are a cybersecurity research startup in the US, and have set out to build a receiver that can capture and decode these signals for research purposes, and documented it online.

Their research began on the NRSC website, where the NRSC-5 standard is documented, however the team notes that the audio compression details are conspicuously missing. They then step through the physical layer, multiplexing layer, and finally the application layer, taking apart the standard piece by piece. This all culminates in the group’s development of an open-source receiver for NRSC-5 that works with RTL-SDR – perhaps the most ubiquitous SDR platform in the world.

The group’s primary interest in NRSC-5 is its presence in cars as a part of in-car entertainment systems. As NRSC-5 allows data to be transmitted in various formats, the group suspects there may be security implications for vehicles that do not securely process this data — getting inside your car through the entertainment system by sending bad ID3 tags, for instance. We look forward to seeing results of this ongoing research.

[Thanks to Gary McMaster for the tip!]