radio

564 Articles

FCC Clears The Air With Wi-Fi Software Updates

November 14, 2015 by 33 Comments

A few months ago, the Internet resounded with news that the FCC would ban open source router firmware. This threat came from proposed rules to devices operating in the U-NII bands – 5GHz WiFi, basically. These rules would have required all devices operating in this band to prevent modification to the radio inside these devices. Thanks to the highly integrated architecture of these devices, Systems-on-Chips, and other cost cutting measures from router manufacturers, the fear was these regulations would ultimately prevent modifications to these devices. It’s a legitimate argument, and a number of the keepers of the Open Source flame aired their concerns on the matter.

Now, the FCC has decided to clear the air on firmware upgrades to wireless routers. There was a fair bit of confusion in the original document, given the wording, “how [its] device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT.” This appeared to mandate wholesale blocking of Open Source firmware on devices, with no suggestion as to how manufacturers would accomplish this impossible task.

[Julias Knapp], chief of the FCC’s Office of Engineering and Technology has since clarified the Commission’s position. In response to the deluge of comments to the FCC’s Notice of Proposed Rulemaking, the phrase, ‘protected from flashing… Open Source firmware” has been removed from the upcoming regulation. There’s new, narrow wording (PDF) in this version that better completes the Commission’s goal of stopping overpowered radios without encroching on the Open Source firmware scene. The people spoke, and the FCC listened — democracy at work.

Secret Radio Stations By The Numbers

October 29, 2015 by 124 Comments

One thing has stayed with the James Bond movie franchise through the decades: Mr. Bond always has the most wonderful of gadgets. Be it handheld, car-based, or otherwise, there’s always something to thrill that is mostly believable.

The biggest problem with all of those gadgets is that they mark Commander Bond as an obvious spy. “So Mr. Bond, I see you have a book with many random five character groups. Nothing suspicious about that at all!” And we all know that import/export specialists often carry exploding cufflinks or briefcases full of unknown electronics in hidden compartments.

Just as steganography hides data in plain sight, the best spy gadgets are the ones that don’t seem to be a spy gadget. It is no wonder some old weapons are little more than sticks or farm implements. You can tell a peasant he can’t have a sword, but it is hard to ban sticks.

Imagine you were a cold war era spy living in a hostile country with a cover job with Universal Exports. Would you rather get caught with a sophisticated encryption machine or an ordinary consumer radio? I’m guessing you went with the radio. You aren’t the only one. That was one of the presumed purposes to the mysterious shortwave broadcasts known as number stations. These were very common during the cold war, but there are still a few of them operating.
Continue reading “Secret Radio Stations By The Numbers”

TEMPEST: A Tin Foil Hat For Your Electronics And Their Secrets

October 19, 2015 by 38 Comments

Electronics leak waves and if you know what you’re doing you can steal people’s data using this phenomenon. How thick is your tinfoil hat? And you sure it’s thick enough? Well, it turns out that there’s a (secret) government standard for all of this: TEMPEST. Yes, all-caps. No, it’s not an acronym. It’s a secret codename, and codenames are more fun WHEN SHOUTED OUT LOUD!

The TEMPEST idea in a nutshell is that electronic devices leak electromagnetic waves when they do things like switch bits from ones to zeros or move electron beams around to make images on CRT screens. If an adversary can remotely listen in to these unintentional broadcasts, they can potentially figure out what’s going on inside your computer. Read on and find out about the history of TEMPEST, modern research, and finally how you can try it out yourself at home!

Continue reading “TEMPEST: A Tin Foil Hat For Your Electronics And Their Secrets”

How To Control Siri Through Headphone Wires

October 19, 2015 by 7 Comments

Last week saw the revelation that you can control Siri and Google Now from a distance, using high power transmitters and software defined radios. Is this a risk? No, it’s security theatre, the fine art of performing an impractical technical achievement while disclosing these technical vulnerabilities to the media to pad a CV. Like most security vulnerabilities it is very, very cool and enough details have surfaced that this build can be replicated.

The original research paper, published by researchers [Chaouki Kasmi] and [Jose Lopes Esteves] attacks the latest and greatest thing to come to smartphones, voice commands. iPhones and Androids and Windows Phones come with Siri and Google Now and Cortana, and all of these voice services can place phone calls, post something to social media, or launch an application. The trick to this hack is sending audio to the microphone without being heard.

googleThe ubiquitous Apple earbuds have a single wire for a microphone input, and this is the attack vector used by the researchers. With a 50 Watt VHF power amplifier (available for under $100, if you know where to look), a software defined radio with Tx capability ($300), and a highly directional antenna (free clothes hangers with your dry cleaning), a specially crafted radio message can be transmitted to the headphone wire, picked up through the audio in of the phone, and understood by Siri, Cortana, or Google Now.

There is of course a difference between a security vulnerability and a practical and safe security vulnerability. Yes, for under $400 and the right know-how, anyone could perform this technological feat on any cell phone. This feat comes at the cost of discovery; because of the way the earbud cable is arranged, the most efficient frequency varies between 80 and 108 MHz. This means a successful attack would sweep through the band at various frequencies; not exactly precision work. The power required for this attack is also intense – about 25-30 V/m, about the limit for human safety. But in the world of security theatre, someone with a backpack, carrying around a long Yagi antenna, pointing it at people, and having FM radios cut out is expected.

Of course, the countermeasures to this attack are simple: don’t use Siri or Google Now. Leaving Siri enabled on a lock screen is a security risk, and most Androids disable Google Now on the lock screen by default. Of course, any decent set of headphones would have shielding in the cable, making inducing a current in the microphone wire even harder. The researchers are at the limits of what is acceptable for human safety with the stock Apple earbuds. Anything more would be seriously, seriously dumb.

Party Balloon Crosses Atlantic, Tours Europe & Phones Home

October 2, 2015 by 18 Comments

For the past few months, [David VE3KCL] has been launching balloons from his Canadian home fitted with radio transmitters. Nothing unusual there: quite a few people do this, including schools, hackerspaces, and individuals. What is remarkable is how far he has gotten. His S-4 flight in August of this year crossed the Atlantic, reached France and took a tour of Germany, Denmark, Sweden, Finland and Norway before finally landing in the Norwegian Sea. That’s over 10,000 kilometers (6200 miles): not bad for a couple of party balloons strung together.

The flight payload of one of the balloon flights.
The flight payload of one of the balloon flights.

Although the distance these balloons have travelled is quite remarkable, the interesting part is how [David] is tracking the balloons. Cell phones obviously won’t work over the Atlantic, and satellite transmitters are expensive, so he used a low-cost transmitter that was programmed to broadcast using a variety of Ham radio signals. The most effective seems to be WSPRnet (the Weak Signal Propagation Network), a system used by Hams to see how far low strength signals will go. This system relies on Hams leaving their receivers on and running software that uploads the received signals to a central server.

By cleverly encoding information such as height and position into this signal, he was able to turn this worldwide network into a tracking network that would report the balloon’s position pretty much anywhere on the globe. [David] is continuing to launch balloons: his latest went up on the 24th of September and travelled over 4300km (2600 miles) before the signal was lost over the Atlantic.

Minimal Mighty Mite

September 29, 2015 by 23 Comments

If you’re getting started building your own ham radio gear, it’s hard to imagine a more low-tech transmitter than the Mighty Mite, but [Paul Hodges, KA5WPL] took it one step further and rolled his own variable capacitor. (That’s the beer can with tape and alligator clips that you see on the left.)

A Mighty Mite is barely a radio at all. One transistor, capacitor, crystal and inductor in the form of a bunch of wire wrapped around a pill bottle form a minimalist oscillator, and then by keying this on and off with a switch, you’re sending Morse code. [Bill Meara], of the Soldersmoke Podcast, has been a passionate advocate of the Mighty Mite, suggesting that it can be made by scrounging the 3.57954 MHz colorburst crystal from an old analog TV set, which tunes the radio to a legal frequency for ham radio operators. (It will also probably work with other low-MHz crystals from your junkbox, but it won’t necessarily be legal.)

michigan_mighty_mite_schematicIf the crystal is “easily” scavengeable, and the rest of the radio is easily home-made, the tuning capacitor (obtainable from old AM/FM radios) can become the sticking point. So [Paul] cut up two aluminum “beverage” cans, wrapped the inner one in electrical tape, hooked up wires and made his own variable capacitor. By sliding the cans in or out so that more or less of them overlap, he can tune the radio to exactly the crystal’s natural frequency.

If you’re interested in building a Mighty Mite, you should definitely look at the topic on Soldersmoke. There are more build instructions online as well as plans for an optional filter to take off the harmonics if you’re feeling ambitious.

If you’re not a Morse code wiz, we can’t help but note that you could replace the key with a simple FET (we’d use a 2N7000, but whatever) and then you’ve got the radio under microcontroller control. Scavenge through Hackaday’s recent Morse code projects for ideas, and we’re sure you’ll come up with something good.

Continue reading “Minimal Mighty Mite”

Deep Sweep: A Home Made SigInt Platform

September 25, 2015 by 56 Comments

Signals Intelligence (SigInt) isn’t something that you normally associate with home hackers, but the Deep Sweep project is looking to change that: it is a balloon platform that captures radio signals in the stratosphere, particularly conversations between drones and satellites. Created by three students at the Frank Ratchye Studio for Creative Inquiry at Carnegie-Mellon, Deep Sweep is a platform that is attached to a balloon and which captures signals over a wide range of frequencies, logging them for later analysis. The current version captures data on three frequency bands: LF/HF (10KHz-30KHz), UHF (650 – 1650MHz) and SHF (10-20GHz). The latter are often the bands used for satellite links between drones and satellites. They are difficult to intercept from the ground, as the signals are directed upwards towards the satellite. By creating a platform that can fly several kilometers above the earth, they are hoping to be able to capture some of this elusive traffic.

So far, the team has made two flights in Europe, both of which encountered technical issues. The first had a battery fault and only captured 10 minutes of data, and the second flew further than expected and ended up in Belarus, a country that isn’t likely to welcome this kind of thing. Fortunately, they were able to recover the balloon and are working on future launches in Europe and the USA. It will be interesting to see how the Department of Homeland Security feels about this.