The Satellite Phone You Already Own: From Orbit, UbiquitiLink Will Look Like A Cell Tower

August 26, 2019 by Dan Maloney 53 Comments

For anyone that’s ever been broken down along a remote stretch of highway and desperately searched for a cell signal, knowing that a constellation of communications satellites is zipping by overhead is cold comfort indeed. One needs specialized gear to tap into the satphone network, few of us can justify the expense of satellite phone service, and fewer still care to carry around a brick with a chunky antenna on it as our main phone.

But what if a regular phone could somehow leverage those satellites to make a call or send a text from a dead zone? As it turns out, it just might be possible to do exactly that, and a Virginia-based startup called UbiquitiLink is in the process of filling in all the gaps in cell phone coverage by orbiting a constellation of satellites that will act as cell towers of last resort. And the best part is that it’ll work with a regular cell phone — no brick needed.

Continue reading “The Satellite Phone You Already Own: From Orbit, UbiquitiLink Will Look Like A Cell Tower” →

Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised

August 23, 2019 by Dan Maloney 83 Comments

It seems a bit unfair to pile on a product that has already been roundly criticized for its security vulnerabilities. But when that product is a device that is ostensibly deployed to keep one’s family and belongings safe, it’s plenty fair. And when that device is an alarm system that can be defeated by a two-dollar wireless remote, it’s practically a responsibility.

The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.

With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.

The bottom line with alarm systems is that you get what you pay for, or sadly, significantly less. Hats off to [LockPickingLawyer] for demonstrating this vulnerability, and for his many other lockpicking videos, which are well worth watching.

Continue reading “Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised” →

Warshipping: A Free Raspberry Pi In The Mail Is Not Always A Welcome Gift

August 19, 2019 by Roger Cheng 39 Comments

Leading edge computer security is veiled in secrecy — a world where novel attacks are sprung on those who do not yet know what they need to protect against. Once certain tactics have played out within cool kids’ circles, they are introduced to the rest of the world. An IBM red team presented what they’re calling “warshipping”: sending an adversarial network to you in a box.

Companies concerned about security have learned to protect their internet-accessible points of entry. Patrolling guards know to look for potential wardrivers parked near or repeatedly circling the grounds. But some are comparatively lax about their shipping & receiving, and they are the ideal targets for warshipping.

Bypassing internet firewalls and security perimeters, attack hardware is embedded inside a shipping box and delivered by any of the common carriers. Security guards may hassle a van bristling with antennas, but they’ll wave a FedEx truck right through! The hardware can be programmed to stay dormant through screening, waiting to probe once inside the walls.

The presentation described several ways to implement such an attack. There is nothing novel about the raw hardware – Raspberry Pi, GPS receiver, cellular modems, and such are standard fare for various projects on these pages. The creative part is the software and in how they are hidden: in packing material and in innocuous looking plush toys. Or for persistence, they can be hidden in a wall mounted plaque alongside some discreet photovoltaic panels. (Editor’s note: What? No Great Seals?)

With this particular technique out in the open, we’re sure others are already in use and will be disclosed some years down the line. In the meantime, we can focus our efforts on more benign applications of similar technology, whether it is spying on our cat or finding the nearest fast food joint. The hardware is evolving as well: a Raspberry Pi actually seems rather heavyweight for this, how about a compact PCB with both an ESP32 and a cellular modem?

Via Ars Technica.

Broken HP-48 Calculator Reborn As Bluetooth Keyboard

August 16, 2019 by Sven Gregori 8 Comments

Considering their hardware specification, graphing calculators surely feel like an anachronism in 2019. There are plenty of apps and other software available for that nowadays, and despite all preaching by our teachers, we actually do carry calculators with us every day. On the other hand, never underestimate the power of muscle memory when using physical knobs and buttons instead of touch screen or mouse input. [epostkastl] combined the best of both worlds and turned his broken HP-48 into a Bluetooth LE keyboard to get the real feel with its emulated counterpart.

Initially implemented as USB device, [epostkastl] opted for a wireless version this time, and connected an nRF52 based Adafruit Feather board to the HP-48’s conveniently exposed button matrix pins. For the software emulation side, he uses the Emu48, an open source HP calculator emulator for Windows and Android. The great thing about Emu84 is that it supports fully customizable mappings of regular keyboard events to the emulated buttons, so you can easily map, say, the cosine button to the [C] key. The rest is straight forward: scanning the button matrix detects button presses, maps them to a key event, and sends it as a BLE HID event to the receiving side running Emu84.

As this turns [epostkastl]’s HP-48 essentially into a regular wireless keyboard in a compact package — albeit with a layout that outshines every QWERTY vs Dvorak debate. It can of course also find alternative use cases, for examples as media center remote control, or a shortcut keyboard. After all, we’ve seen the latter one built as stomp boxes and from finger training devices before, so why not a calculator?

Continue reading “Broken HP-48 Calculator Reborn As Bluetooth Keyboard” →

Spain’s First Open Source Satellite

August 15, 2019 by Sharon Lin 27 Comments

[Fossa Systems], a non-profit youth association based out of Madrid, is developing an open-source satellite set to launch in October 2019. The FossaSat-1 is sized at 5x5x5 cm, weighs 250g, and will provide free IoT connectivity by communicating LoRa RTTY signals through low-power RF-based LoRa modules. The satellite is powered by 28% efficient gallium arsenide TrisolX triple junction solar cells.

The satellite’s development and launch cost under EUR 30000, which is pretty remarkable for a cubesat — or a picosatellite, as the project is being dubbed. It has been working in the UHF Amateur Satellite band (435-438 MHz) and recently received an IARU frequency spectrum allocation for LoRa of 125kHz.

The satellite’s specs are almost as remarkable as the acronyms used to describe them. The design includes an onboard computer (OBC) based on an ATmega328P-AU microcontroller, an SX1278 transceiver for telecommunications, and an electric power system (EPS) based on three SPV1040 MPPT chips and the TC1262 LDO. The satellite also uses a TMP100 temperature sensor, an INA226 current and voltage sensor, a MAX6369 watchdog for single-event upset (SEU) protection, a TPS2553 for single-event latch-up (SEL) protection and various MOSFETs for the deployment of solar panels and antennas.

Up until this point the group has been tracking adoption of LoRa through the use of weather balloons. The cubesat project plans to test the new LoRa spread spectrum modulation using less than $5 worth of receivers. Ultimately with the goal of democratizing telecommunications worldwide.

The satellite is being built in a cleanroom at Rey Juan Carlos University and has undergone thermovacuum and vibration testing at the facility. The group has since developed an educational satellite development kit, which offers three main 40×40 mm boards that allow the addition of modifications. As their mission states, the group is looking to develop an open source project, so the code for the satellite is freely available on their GitHub.

Continue reading “Spain’s First Open Source Satellite” →

Remote ADS-B Install Listens In On All The Aircraft Transmissions With RTL-SDR Trio, Phones Home On Cellular

August 14, 2019 by Dan Maloney 18 Comments

When installing almost any kind of radio gear, the three factors that matter most are the same as in real estate: location, location, location. An unobstructed location at the highest possible elevation gives the antenna the furthest radio horizon as well as the biggest bang for the installation buck. But remote installations create problems, too, particularly with maintenance, which can be a chore.

So when [tsimota] got a chance to relocate one of his Automatic Dependent Surveillance-Broadcast (ADS-B) receivers to a remote site, he made sure the remote gear was as bulletproof as possible. In a detailed write up with a ton of pictures, [tsimota] shows the impressive amount of effort he put into the build.

The system has a Raspberry Pi 3 with solid-state drive running the ADS-B software, a powered USB hub for three separate RTL-SDR dongles for various aircraft monitoring channels, a remote FlightAware dongle to monitor ADS-B, and both internal and external temperature sensors. Everything is snuggled into a weatherproof case that has filtered ventilation fans to keep things cool, and even sports a magnetic reed tamper switch to let him know if the box is opened. An LTE modem pipes the data back to the Inter, a GSM-controlled outlet allows remote reboots, and a UPS keeps the whole thing running if the power blips atop the 15-m building the system now lives on.

Nobody appreciates a quality remote installation as much as we do, and this is a great example of doing it right. Our only quibble would be the use of a breadboard for the sensors, but in a low-vibration location, it should work fine. If you’ve got the itch to build an ADS-B ground station but don’t want to jump in with both feet quite yet, this beginner’s guide from a few years back is a great place to start.

1940s Portable Radio Is A Suitcase

August 13, 2019 by Al Williams 12 Comments

The meaning of the word portable has changed a bit over the years. These days something has to be pretty tiny to be considered truly portable, but in the 1940s, anything with a handle on it that you could lift with one hand might be counted as portable electronics. Zenith made a line of portable radios that were similar to their famous Transoceanic line but smaller, lighter, and only receiving AM to reduce their size and weight compared to their big brothers. If you want to see what passed for portable in those days, have a look at [Jeff Tranter’s] video (below) of a 6G601 — or maybe it is a GG601 as it says on the video page. But we think it is really a 6G601 which is a proper Zenith model number.

According to [Jeff], 225,350 of these radios were made, and you can see that it closes up like a suitcase. The initial 6 in the model number indicates there are 6 tubes and the G tells you that it can run with AC or batteries.

Continue reading “1940s Portable Radio Is A Suitcase” →