Open Firmware For PinePhone LTE Modem – What’s Up With That?

In their monthly announcement, among all the cool things Pine64, they talked about the open firmware for PinePhone’s LTE modem. The firmware isn’t fully open – a few parts remain closed. And Pine emphasizes that they neither pre-install nor officially endorse this firmware, and PinePhones will keep shipping with the vendor-supplied modem firmware image instead.

That said, the new firmware is way more featureful – it has less bugs, more features, decreased power consumption, and its proprietary parts are few and far between. I’d like to note that, with a special build of this firmware, the PinePhone’s modem can run Doom – because, well, of course.

And with all that, it’s become way easier to install this firmware – there’s fwupd hooks now! You can think of fwupd as the equivalent of Windows Update for firmware, except not abusive, and aimed at Linux. A perfect fit for keeping your open-source devices as functional as they can be, in other words.

What’s the deal? If open firmware is that much cooler, why don’t more of our phones have open firmware options available? Continue reading “Open Firmware For PinePhone LTE Modem – What’s Up With That?”

An image describing parts of a Tesla modem board

LTE Modem Transplant For A Tesla Imported Into Europe

When modern connected cars cross continents, novel compatibility problems crop up. [Oleg Kutkov], being an experienced engineer, didn’t fret when an USA-tailored LTE modem worked poorly on his Tesla fresh off its USA-Europe import journey, and walks us through his journey of replacing the modem with another Tesla modem module that’s compatible with European LTE bands.

[Oleg]’s post goes through different parts on the board and shows you how they’re needed in the bigger picture of the Tesla’s Media Computer Unit (MCU), even removing the LTE modem’s shield to describe the ICs underneath it, iFixit teardown diagram style! A notable highlight would be an SIM-on-chip, essentially, a SIM card in an oh-so-popular DFN package, and thankfully, replacing it with a socket for a regular SIM card on some extender wires has proven fruitful. The resulting Tesla can now enjoy Internet connectivity at speeds beyond those provided by EDGE. The write-up should be a great guide for others Tesla owners facing the same problem, but it also helps us make electric cars be less alike black boxes in our collective awareness.

Not all consequences of Tesla design decisions are this minor; for instance, this year, we’ve described a popular eMMC failure mode of Tesla cars and how Tesla failed to address it. Thankfully, Tesla cars are becoming more of a hacker community target, whether it’s building a computer-vision-assisted robot to plug in a charging cable, getting it repaired for a fraction of the dealership cost, or even assembling your own Tesla from salvage parts!

Basics Of Remote Cellular Access – Choosing A Modem

These days, we’re blessed with cellular data networks that span great swathes of the Earth. By and large, they’re used to watch TV shows and argue with strangers online. However, they’re also a great tool to use to interact with hardware in remote locations, particularly mobile ones where a wired connection is impractical.

In this series, we’re taking a look at tips and tricks for doing remote cellular admin the right way. First things first, you’ll need a data connection – so let’s look at choosing a modem.

Options Abound

When shopping around for cellular data modems, it can be difficult to wade through the variety of options out there and find something fit for purpose. Modems in this space are often marketed for very specific use cases; at the consumer level, many are designed to be a no-fuss home broadband solution, while in the commercial space, they’re aimed primarily to provide free WiFi for restaurants and cafes. For use in remote admin, the presence of certain features can be critical, so it pays to do your research before spending your hard earned money. We’ve laid out some of the common options below.

Consumer Models

The Sierra Aircard 320U is ancient now, with limited frequency bands available. Its flimsy flexible connector is also a drawback. However, its ease of configuration with Linux systems makes it a dream to use in remote access situations. Unlike many others, it acts as a Direct IP connection, not appearing as a separate router.

Many telecommunications providers around the world sell cheap USB dongles for connecting to the Internet, with these first becoming popular with the rise of 3G. They’re somewhat less common now in the 5G era, with the market shifting more towards WiFi-enabled devices that share internet among several users. These devices can often be had for under $50, and used on prepaid and contract data plans.

These devices are often the first stop for the budding enthusiast building a project that needs remote admin over the cellular network. However, they come with certain caveats that can make them less attractive for this use. Aimed at home users, they are often heavily locked down with firmware that provides minimal configuration options. They’re generally unable to be set up for port forwarding, even if you can convince your telco to give you a real IP instead of carrier-grade NAT. Worse, many appear to the host computer as a router themselves, adding another layer of NAT that can further complicate things. Perhaps most frustratingly, with these telco-delivered modems, the model number printed on the box is often not a great guide as to what you’re getting.

A perfect example is the Huawei E8327. This comes in a huge number of sub-models, with various versions of the modem operating in different routing modes, on different bands, and some even omitting major features like external antenna connectors.  Often, it’s impossible to know exactly what features the device has until you open the box and strip the cover off, at which point you’re unable to return the device for your money back.

All is not lost, however. The use of VPNs can help get around NAT issues, and for the more adventurous, some models even have custom firmware available on the deeper, darker forums on the web. For the truly cash strapped, they’re a viable option for those willing to deal with the inevitable headaches. There are generally some modems that stand out over others in this space for configurability and ease of use. This writer has had great success with a now-aging Sierra Aircard 320U, while others have found luck with the Huawei E3372-607. As per earlier warnings though, you don’t want to accidentally end up with an E3372-608 – thar be dragons.

Continue reading “Basics Of Remote Cellular Access – Choosing A Modem”

Impersonate The President With Consumer-Grade SDR

In April of 2018, the Federal Emergency Management Agency sent out the very first “Presidential Alert”, a new class of emergency notification that could be pushed out in addition to the weather and missing child messages that most users were already familiar with. But while those other messages are localized in nature, Presidential Alerts are intended as a way for the Government to reach essentially every mobile phone in the country. But what if the next Presidential Alert that pops up on your phone was actually sent from somebody with a Software Defined Radio?

According to research recently released by a team from the University of Colorado Boulder, it’s not as far-fetched a scenario as you might think. In fact, given what they found about how the Commercial Mobile Alert Service (CMAS) works, there might not be a whole lot we can even do to prevent it. The system was designed to push out these messages in the most expedient and reliable way possible, which meant that niceties like authentication had to take a backseat.

The thirteen page report, which was presented at MobiSys 2019 in Seoul, details their findings on CMAS as well as their successful efforts to send spoofed Presidential Alerts to phones of various makes and models. The team used a BladeRF 2.0 and USRP B210 to perform their mock attacks, and even a commercially available LTE femtocell with modified software. Everything was performed within a Faraday cage to prevent fake messages from reaching the outside world.

So how does the attack work? To make a long story short, the team found that phones will accept CMAS messages even if they are not currently authenticated with a cell tower. So the first phase of the attack is to spoof a cell tower that provides a stronger signal than the real ones in the area; not very difficult in an enclosed space. When the phone sees the stronger “tower” it will attempt, but ultimately fail, to authenticate with it. After a few retries, it will give up and switch to a valid tower.

This negotiation takes around 45 seconds to complete, which gives the attacker a window of opportunity to send the fake alerts. The team says one CMAS message can be sent every 160 milliseconds, so there’s plenty of time to flood the victim’s phone with hundreds of unblockable phony messages.

The attack is possible because the system was intentionally designed to maximize the likelihood that users would receive the message. Rather than risk users missing a Presidential Alert because their phones were negotiating between different towers at the time, the decision was made to just push them through regardless. The paper concludes that one of the best ways to mitigate this attack would be to implement some kind of digital signature check in the phone’s operating system before the message gets displayed to the user. The phone might not be able to refuse the message itself, but it can at least ascertain it’s authentic before showing it to the user.

All of the team’s findings have been passed on to the appropriate Government agencies and manufacturers, but it will likely be some time before we find out what (if any) changes come from this research. Considering the cost of equipment that can spoof cell networks has dropped like a rock over the last few years, we’re hoping all the players can agree on a software fix before we start drowning in Presidential Spam.

Mayak Turns WiFi Traffic Into Sound

Dial-up modems were well known for their screeching soundtrack during the connection process. Modern networking eschews audio based communication methods, so we no longer have to deal with such things. However, all is not lost. [::vtol::]’s Mayak installation brings us a new sound, all its own.

The installation consists of four WiFi routers, connected to four LTE modems. These are configured as open hotspots that anyone can connect to. [::vtol::] was careful to select routers that had highly responsive activity LEDs. The activity LEDs are wired to an Arduino, which processes the inputs, using them to trigger various sounds from an attached synthesizer.

As users connect to the routers and go about their business on the Internet, the activity LEDs flash and the synthesizer translates this into an otherworldly soundtrack. The hardware is all hung on a beautiful metal and acrylic frame, which stands as a striking form in the sparse gallery.

The piece creates a very electronic soundscape, but you may prefer your installations to have a more mechanical racket. Video after the break.

Continue reading “Mayak Turns WiFi Traffic Into Sound”

Digital License Plates Are Here, But Do We Need Them?

It’s a story as old as time: you need to swap between your custom license plates, but you can’t find a screwdriver and you’re already running late for a big meeting at the Business Factory. You called AAA to see if they could come out and do it for you, but as luck would have it something must be wrong with your phone because the line was disconnected as soon as you explained the situation. As if life in the First World couldn’t get any more difficult.

Luckily, a company called Reviver Auto has come up with a thoroughly modern solution to this age old problem. Assuming you live in Arizona, California, and Michigan and are willing to pay $800 USD (plus a small monthly service fee), you can join the Rplate revolution! Less a license plate and more of a “cool-looking, multi-functional digital display and connected vehicle platform”, the Rplate will ensure you never again find yourself stuck on the side of the road with an unfashionable license plate.

What’s that? You’ve had the same license plate for years, possibly decades, and have never given it much thought? Well, in that case the Rplate might be sort of a tough sell. Did we mention that someday you might be able to display the current weather on it while your car is parked? Of course, if you can see the license plate you’re already outside, so…

This all might sound like an out of season April Fool’s joke, but as far as I can tell from reading the Reviver Auto site and watching their promotional videos, this is essentially the value proposition of their line of Rplate digital license plates. There are some admittedly interesting potential extensions of the technology if they can convince other companies and systems to plug into their ecosystem, but given the cost of the Rplate and the few states in which it’s currently legal to use, that seems far from a given at this point.

But of course we’re fans of weird and wonderful technology here at Hackaday, so we should give this device a fair shake. On the surface it might seem to be a solution looking for a problem, but that’s often said of technology ahead of its time. So what exactly is the Rplate, how does it work, and where does it go from here?

Continue reading “Digital License Plates Are Here, But Do We Need Them?”

Particle Paves Way For LTE Selfies

From cars to refrigerators, it seems as if every new piece of tech is connected to the Internet. For better or for worse, we’re deep into the “Internet of Things”. But what about your camera? No, not the camera in your smartphone; that one’s already connected to the Internet and selling your secrets to the highest bidder. Don’t you think your trusty DSLR could be improved by an infusion of Wide Area Networking?

Regardless of what you’re answer to that question might be, [Thomas Kittredge] decided his life would be improved by making his beloved Canon EOS Rebel T6 an honorary member of the Internet of Things. Truth be told he says that he hasn’t quite figured out an application for this project. But since he was looking to mess around with both the LTE-enabled Particle Boron development board and designing his own PCB for professional production, this seemed a good a way to get his feet wet as any.

The resulting board is a fairly simple “shield” for the Particle Boron that let’s [Thomas] trigger up to two cameras remotely over the Internet or locally with Bluetooth. If LTE isn’t your sort of thing though, don’t worry. Since the Boron follows the Adafruit Feather specification, there’s a whole collection of development boards with various connectivity options that this little add-on can be used with.

In the GitHub repository, [Thomas] has put up the files for the PCB, the STLs for the 3D printed enclosure, and of course the firmware source code to load onto the Particle board. He currently has code to expose the two shutter triggers as functions the the Particle Cloud API, as well as a practical example that fires off the camera when specific words are used in a Slack channel.

Out for a little over a year, the Particle Boron is a fairly new addition to the world of cellular development boards. Historically we haven’t seen a whole lot of cellular capable projects, likely because it’s been such a hassle to get them online, but with new boards like the Boron we might start seeing an uptick in the random pieces of gear that have this form connectivity and an internet-facing IP address. Surely nothing bad could come of this!