Long before everyone had a smartphone or two, the implementation of a telephone was much stranger than today. Most telephones had real, physical buttons. Even more bizarrely, these phones were connected to other phones through physical wires. Weird, right? These were called “landlines”, a technology that shuffled off this mortal coil three or four years ago.
It gets even more bizarre. some phones were wireless — just like your smartphone — but they couldn’t get a signal more than a few hundred feet away from your house for some reason. These were ‘cordless telephones’. [Corrosive] has been working on deconstructing the security behind these cordless phones for a few years now and found these cordless phones aren’t secure at all.
The phone in question for this exploit is a standard 5.8 GHz cordless phone from Vtech. Conventional wisdom says these phones are reasonably secure — at least more so than the cordless phones from the 80s and 90s — because very few people have a duplex microwave transceiver sitting around. The HackRF is just that, and it only costs $300. This was bound to happen eventually.
This is really just an exploration of the radio system inside these cordless phones. After taking a HackRF to a cordless phone, [Corrosive] found the phone technically didn’t operate in the 5.8 GHz band. Control signals, such as pairing a handset to a base station, happened at 900 MHz. Here, a simple replay attack is enough to get the handset to ring. It gets worse: simply by looking at the 5.8 GHz band with a HackRF, [Corrosive] found an FM-modulated voice channel when the handset was on. That’s right: this phone transmits your voice without any encryption whatsoever.
This isn’t the first time [Corrosive] found a complete lack of security in cordless phones. A while ago, he was exploring the DECT 6.0 standard, a European cordless phone standard for PBX and VOIP. There was no security here, either. It would be chilling if landlines existed anymore.
Continue reading “Exposing Dinosaur Phone Insecurity With Software Defined Radio”
There was a time a few years ago when the first Android phones made it to market, that they seemed full of promise as general purpose computers. Android is sort of Linux, right, or so the story went, so of course you must be able to run Linux on an Android phone and do all sorts of cool stuff with it.
As anyone who tried to root an Android phone from 2010 will tell you, it was a painful and unrewarding process. There was normally a convoluted rooting process followed by somehow squeezing your own Linux filesystem tree onto the device, then chroot-ing into it. You’d then have to set up a VNC server and VNC into it, and eventually you’d feel immensely proud of your very slow tiny-screen Linux desktop that you’d slaved over creating. It was one of those things that’s simple in theory, but extremely convoluted in practice.
But six years have passed since those days, phones have gotten much faster and so has the software for tasks such as rooting, so maybe it’s time to return to the topic of Linux on an Android device. [Pete Scargill] gave it a try when a friend gave him a Chinese quad-core Android phone with a broken screen. He proceeded to put a Debian installation on it, upon which he runs his collection of server processes.
Rooting the phone was straightforward process using the KingRoot app, a sideloaded version as it seems there’s a bogus copy on the Play Store. Then bringing a Linux system to it could be achieved with the LinuxDeploy app. The result is surprisingly useful, after some installation steps upon which he goes into detail.
You might ask what would be the point of this exercise, given that you can do the same thing much more easily with a single board computer such as a Raspberry Pi. But to buy a Pi, SD card, screen, and UPS, as he points out you’d have to spend a lot more than you would for a second-hand phone from eBay — or a free, slightly broken, one from friends or family.
If getting more from your Android phone is your thing, perhaps you’d like to know about installing Busybox on it. We’ve also advocated for using old Android phones for ARM dev.
Most people hate unsolicited calls, and it’s worse in the dead of night when we’re all trying to sleep. Smartphones are easy to configure to block nuisance calls, but what if you need a solution for your Plain Old Telephone System (POTS)? [Molecular Descriptor] has built a system to invisibly stop landline phones ringing after hours.
The basic principle relies on an analog circuit that detects the AC ringing signal from the phone network, and then switches in an impedance to make the phone company think the phone has been picked up. The circuit is able to operate solely on the voltage from the phone line itself, thanks to the use of the LM2936 – a regulator with an ultra-low quiescent current. It’s important if you’re going to place a load on the phone line that it be as miniscule as possible, otherwise you’ll have phone company technicians snooping around your house in short order wondering what’s going on.
The aforementioned circuitry is just to block the phone line. To enable the system to only work at night, more sophistication was needed. An Arduino Mega was used to program an advanced RTC with two alarm outputs, and then disconnected. The RTC is then connected to a flip-flop which connects the blocking circuit only during the requisite “quiet” hours programmed by the Arduino. The RTC / flip-flop combination is an elegant way of allowing the circuit to remain solely powered by the phone line in use, as they use far less power when properly configured than a full-blown microcontroller.
It’s a cool project, with perhaps the only pitfall being that telecommunications companies aren’t always cool with hackers attaching their latest homebrewed creations to the network. Your mileage may vary. For more old-school telephony goodness, check out this home PBX rig.
Despite the implementation of the National Do Not Call Registry in the US (and similar programs in other countries), many robocallers still manage to get around the system. Whether they’re operating outside the law somehow (or they simply don’t care about it) there are some ways you can take action to keep these annoying calls from coming through. [Alex] is among those to take matters into his own hands and built a specialty robocall-blocking device.
Based on a Raspberry Pi, the “Banana Phone” is able to intercept incoming calls on standard land lines or VoIP phones. After playing a short message, the caller is asked to input a four-digit code. Once the code is correctly entered, the caller is presumed to be human, added to a whitelist, and then the Pi passes them on to the recipient. There are, however, some legitimate robocallers such as emergency services regarding natural disasters or utility companies regarding outages. For these there is a global whitelist that the Pi checks against and forwards these robocalls on to the recipient automatically.
This project was originally an entry into a contest that the Federal Trade Commission put on a few years ago for ideas about how to defend against robocalls. We covered it back then, but now there are full build instructions. Even though the contest is long over, the Banana Phone is still in active development so if you have a spare Pi lying around you can still set this up yourself. There are some other interesting ways to defend against robocalls as well, like including the “line disconnected” tone in your voicemail, for example.
The eternal enemy of [James Puderer]’s pockets is anything that isn’t his smartphone. When the apartment building he resides in added a garage door, the forces of evil gained another ally in the form of a garage door opener. So, he dealt with the insult by rigging up a Raspberry Pi to act as a relay between the opener and his phone.
The crux of the setup is Firebase Cloud Messaging (FCM) — a Google service that allows messages to be sent to devices that generally have dynamic IP addresses, as well as the capacity to send messages upstream, in this case from [Puderer]’s cell phone to his Raspberry Pi. After whipping up an app — functionally a button widget — that sends the command to open the door over FCM, he set up the Pi in a storage locker near the garage door and was able to fish a cable with both ethernet and power to it. A script running on the Pi triggers the garage door opener when it receives the FCM message and — presto — open sesame.
Continue reading “Open Your Garage Door With Your Smartphone”
A well-designed phone case will protect your phone from everyday bumps with only as much style flair as you’d like. While protection is usually the only real function of a case, some designs — like [Gabbelago]’s Emucase — add specific utility that you might not have known you needed.
Contrary to most cases, the Emucase fits over your phone’s screen, and the resulting facelift emulates the appearance of a Game Boy for easier — you guessed it — Game Boy emulation play on your smartphone.
Cannibalizing a USB SNES gamepad for its buttons and rubber contact pads, Gabbelago then threaded some wire through the contacts, securing it with copper tape and glue; this provides a measurable level of capacitance to register on the touchscreen. Using heat to bend the sides of the 3D printed case so it can attach to the phone is probably the trickiest part of this cool project. Check out his build instructions for any pointers you need.
Continue reading “Smartphone Case For The Retro Gamer”
For those new and experienced, this time of year is a great chance for enterprising makers to apply their skills to create unique gifts and decorations for family and friends. [Mike Diamond] of What I Made Today built a phone controlled, light-up menorah. It’s a charming way to display some home automation know-how during the holidays.
Expanding on his previous project — a pocket-sized menorah — a Raspberry Pi Zero with a WiFi dongle, some LEDs, wire, and tea lights suffice for the materials, while setting-up Blynk on the Raspberry Pi and a phone to control the lights ties it together after mounting it in an old monitor housing.
Continue reading “A Menorah For The 21st Century”