36C3: All Wireless Stacks Are Broken

Your cellphone is the least secure computer that you own, and worse than that, it’s got a radio. [Jiska Classen] and her lab have been hacking on cellphones’ wireless systems for a while now, and in this talk gives an overview of the wireless vulnerabilities and attack surfaces that they bring along. While the talk provides some basic background on wireless (in)security, it also presents two new areas of research that she and her colleagues have been working on the last year.

One of the new hacks is based on the fact that a phone that wants to support both Bluetooth and WiFi needs to figure out a way to share the radio, because both protocols use the same 2.4 GHz band. And so it turns out that the Bluetooth hardware has to talk to the WiFi hardware, and it wouldn’t entirely surprise you that when [Jiska] gets into the Bluetooth stack, she’s able to DOS the WiFi. What this does to the operating system depends on the phone, but many of them just fall over and reboot.

Lately [Jiska] has been doing a lot of fuzzing on the cell phone stack enabled by some work by one of her students [Jan Ruge] work on emulation, codenamed “Frankenstein”. The coolest thing here is that the emulation runs in real time, and can be threaded into the operating system, enabling full-stack fuzzing. More complexity means more bugs, so we expect to see a lot more coming out of this line of research in the next year.

[Jiska] gives the presentation in a tinfoil hat, but that’s just a metaphor. In the end, when asked about how to properly secure your phone, she gives out the best advice ever: toss it in the blender.

Why Is Your Cellphone Not A More Useful Computer?

Sometimes when you are browsing randomly through the tech feeds, up pops an article that just crystallizes a nascent thought that had been simmering below the surface for a long time, and is enough to make you sit up and say “Yes! I agree completely with that!”. Such a moment came with [Cheapscatesguide]’s post: “My Fantasy: A Cellphone I can Use as a Desktop Computer“, in which the pertinent question is asked that if smartphones are so powerful, why are they not much better at being more than, well, smartphones?

Readers with long memories may recall that the cellphone-as-computer idea is one that has been tried at least once before. The Motorola Atrix appeared in the early years of this decade, and was a high-end smartphone that could be slotted into both desktop replacement and netbook-style base stations and used as a Linux-based personal computer. Unfortunately it was both eye-wateringly expensive and disappointingly slow due to a hobbled operating system, so it failed to set the market alight. There was a brief moment when unsold Atrix netbook docks were available on the surplus market and became popular platforms as a Raspberry Pi desktop interface, but this experiment seems to have put paid to the idea of one device to truly rule them all.

If we had to hazard a guess as to why this has failed to happen, we’d finger both the manufacturer’s desire not to undermine their lucrative sales in other sectors, and both their and the carriers’ desire to lock down the devices as much as possible. A manufacturer such as Apple will for example never  produce an iPhone that can replace a desktop, because it would affect their MacBook sales. Oddly in another form we’re nearly there, this piece is being worked on with a Chromebook, a device that has a useful browser, a functional Android layer, and (because it’s a 64-bit model) an officially supported and useful Debian layer. We don’t expect this to translate into a phone any time soon though.

From another angle, we’ve asked in the past why we aren’t hacking old cellphones.

Moto Atrix lapdock picture: ETC@USC [CC BY-SA 2.0].

Via Hacker News.

5G Is For Robots

Ecclesiastes 1:9 reads “What has been will be again, what has done will be done again; there is nothing new under the sun.” Or in other words, 5G is mostly marketing nonsense; like 4G, 3G, and 2G was before it. Let’s not forget LTE, 4G LTE, Advance 4G, and Edge.

Just a normal everyday antenna array in a Seattle parking garage.

Technically, 5G means that providers could, if they wanted to, install some EHF antennas; the same kind we’ve been using forever to do point to point microwave internet in cities. These frequencies are too lazy to pass through a wall, so we’d have to install these antennas in a grid at ground level. The promised result is that we’ll all get slightly lower latency tiered internet connections that won’t live up to the hype at all. From a customer perspective, about the only thing it will do is let us hit the 8Gb ceiling twice as faster on our “unlimited” plans before they throttle us. It might be nice on a laptop, but it would be a historically ridiculous assumption that Verizon is going to let us tether devices to their shiny new network without charging us a million Yen for the privilege.

So, what’s the deal? From a practical standpoint we’ve already maxed out what a phone needs. For example, here’s a dirty secret of the phone world: you can’t tell the difference between 1080p and 720p video on a tiny screen. I know of more than one company where the 1080p on their app really means 640 or 720 displayed on the device and 1080p is recorded on the cloud somewhere for download. Not a single user has noticed or complained. Oh, maybe if you’re looking hard you can feel that one picture is sharper than the other, but past that what are you doing? Likewise, what’s the point of 60fps 8k video on a phone? Or even a laptop for that matter?

Are we really going to max out a mobile webpage? Since our device’s ability to present information exceeds our ability to process it, is there a theoretical maximum to the size of an app? Even if we had Gbit internet to every phone in the world, from a user standpoint it would be a marginal improvement at best. Unless you’re a professional mobile game player (is that a thing yet?) latency is meaningless to you. The buffer buffs the experience until it shines.

So why should we care about billion dollar corporations racing to have the best network for sending low resolution advertising gifs to our disctracto cubes? Because 5G is for robots.

Continue reading “5G Is For Robots”

Ask Hackaday: Why Aren’t We Hacking Cellphones?

When a project has outgrown using a small microcontroller, almost everyone reaches for a single-board computer — with the Raspberry Pi being the poster child. But doing so leaves you stuck with essentially a headless Linux server: a brain in a jar when what you want is a Swiss Army knife.

It would be a lot more fun if it had a screen attached, and of course the market is filled with options on that front. Then there’s the issue of designing a human interface: touch screens are all the rage these days, so why not buy a screen with a touch interface too? Audio in and out would be great, as would other random peripherals like accelerometers, WiFi, and maybe even a cellular radio when out of WiFi range. Maybe Bluetooth? Oh heck, let’s throw in a video camera and high-powered LED just for fun. Sounds like a Raspberry Pi killer!

And this development platform should be cheap, or better yet, free. Free like any one of the old cell phones that sit piled up in my “hack me” box in the closet, instead of getting put to work in projects. While I cobble together projects out of Pi Zeros and lame TFT LCD screens, the advanced functionality of these phones sits gathering dust. And I’m not alone.

Why is this? Why don’t we see a lot more projects based around the use of old cellphones? They’re abundant, cheap, feature-rich, and powerful. For me, there’s two giant hurdles to overcome: the hardware and the software. I’m going to run down what I see as the problems with using cell phones as hacker tools, but I’d love to be proven wrong. Hence the “Ask Hackaday”: why don’t we see more projects that re-use smartphones?

Continue reading “Ask Hackaday: Why Aren’t We Hacking Cellphones?”

Smartphone Mod Goes Out On A Limb

The modern smartphone has a variety of ways to interact with its user – the screen, the speakers, and of course, the vibration motor. But what if your phone could interact physically? It might be unnerving, but it could also be useful – and MobiLimb explores exactly this possibility.

Yes, that’s right – it’s a finger for your mobile phone. MobiLimb has five degrees of freedom, and is built using servomotors which allow both accurate movement as well as positional feedback into the device. Additionally, a touch-sensitive potentiometer is fitted, allowing the robofinger to respond to touch inputs.

The brains behind the show are provided by an Arduino Leonardo Pro Micro, and as is usual on such projects, the mechanical assembly is 3D printed – an excellent choice for producing small, complex parts. Just imagine the difficulty of trying to produce robotic fingers with classic machine tools!

The project video shows many different possibilities for using the MobiLimb – from use as a basic notification device, to allowing the smartphone to crawl along a table. We frankly can’t wait until there’s a fully-functional scorpion chassis to drop an iPhone into – the sky really is the limit here.

Interested in other unique ways to interact with your smartphone? Check out these nifty 3D printed physical buttons.

Detecting Mobile Phone Transmissions With A Sound Card

Anyone who had a cheap set of computer speakers in the early 2000s has heard it – the rhythmic dit-da-dit-dit of a GSM phone pinging a cell tower once an hour or so. [153armstrong] has a write up on how to capture this on your computer. 

It’s incredibly simple to do – simply plug in a set of headphone to the sound card’s microphone jack, leave a mobile phone nearby, hit record, and wait. The headphone wire acts as an antenna, and when the phone transmits, it induces a current in the wire, which is picked up by the soundcard.

[153armstrong] notes that their setup only seems to pick up signals from 2G phones, likely using GSM. It doesn’t seem to pick up anything from 3G or 4G phones. We’d wager this is due to the difference in the way different cellular technologies transmit – let us know what you think in the comments.

This system is useful as a way to detect a transmitting phone at close range, however due to the limited bandwidth of a computer soundcard, it is in no way capable of actually decoding the transmissions. As far as other experiments go, why not use your soundcard to detect lightning?

Tearing Down The Boss Phone

Poke around enough on AliExpress, Alibaba, and especially Taobao—the Chinese facing site that’s increasingly being used by Westerners to find hard to source parts—and you’ll come across some interesting things. The Long-CZ J8 is one of those, it’s 2.67 inch long and weighs just 0.63 ounces, and it’s built in the form factor of a Bluetooth headset.

A couple of months ago Cory Doctorow highlighted this tiny phone, he’d picked up on it because of the marketing. The lozenge-shaped phone was being explicitly marketed that it could “beat the boss”. The boss in question here being the B.O.S.S chair—a scanning technology that has been widely deployed across prisons in the U.K. in an attempt to put a halt to smuggling of mobile phones to inmates.

The Long-CZ J8 is just 2.67 inch (6.8cm) long.

I wasn’t particularly interested in whether it could make it through a body scanner, or the built-in voice changer which was another clue as to the target market for the phone. However just the size of the thing was intriguing enough that I thought I’d pick one up and take a look inside. So I ordered one from Amazon.

Continue reading “Tearing Down The Boss Phone”