Accidental Satellite Hijacks Can Rebroadcast Cell Towers

A lot of us will use satellite communications without thinking much about the satellite itself. It’s tempting to imagine that up there in orbit is a communications hub and distribution node of breathtaking complexity and ingenuity, but it might come as a surprise to some people that most communications satellites are simple transponders. They listen on one frequency band, and shift what they hear to another upon which they rebroadcast it.

This simplicity is not without weakness, for example the phenomenon of satellite hijacking has a history stretching back decades. In the 1980s for example there were stories abroad of illicit trans-atlantic serial links nestling as unobtrusive single carriers among the broad swathe of a broadcast satellite TX carrier.

Just sometimes, this phenomenon happens unintentionally. Our attention was drawn to a piece by [Harald Welte] on the unintended rebroadcast of GSM base station traffic over a satellite transponder, and of particular interest is the presentation from a conference in 2012 that it links to. The engineers show how they identified their interference as GSM by its timing frames, and then how they narrowed down its source to Nigeria. This didn’t give them the uplink in question though, for that they had to make a downconverter from an LNB, the output of which they coupled to an aged Nokia mobile phone with a wire antenna placed into an RF connector. The Nokia was able to decode the cell tower identification data, allowing them to home in on the culprit.

There was no fault on the part of the GSM operator, instead an unterminated port on the uplink equipment was enough to pick up the GSM signal and introduce it into the transponder as a parasitic signal for the whole of Europe and Africa to hear. Meanwhile the tale of how the engineers identified it contains enough detective work and outright hardware hacking that we’re sure the Hackaday readership will find it of interest.

If satellite hacks interest you, how about reading our thread of posts on the recapture of ISEE-3, or maybe you’d like to listen for a lost satellite from the 1960s.

Thanks [Kia] for the tip.

“Alexa, what plane is that?”

We’ve all probably done it — gazed up at a passing jetliner and wondered where it was going and what adventures its passengers were embarked upon. While the latter is hard to answer, the former just got a bit easier: just ask Alexa what the plane is.

Granted, [Nick Sypteras]’s Echo Dot isn’t quite omniscient enough to know exactly what plane you’re looking at. His system benefits from the constraints offered by the window of his Boston apartment — from the video below, we’d guess somewhere in Beacon Hill or the West End — that offers a view of the approach to Logan Airport. An RTL-SDR dongle receives the ADS-B transmissions from all aircraft in the vicinity, and a Raspberry Pi does a lookup, picks the closest plane, and scrapes the departure and arrival airports from FlightRadar24. Alexa does the rest, but we have to confess that hearing “Boeing seven hundred eighty-seven” rather than “seven eighty-seven” would drive us nuts.

If you don’t have the limited view of an airport approach that makes [Nick]’s hack workable, maybe a plane-spotting robot camera would work better for you.

Continue reading ““Alexa, what plane is that?””

Tracking Nearly Every Aircraft With A Raspberry Pi

FlightAware is the premier site for live, real-time tracking of aircraft around the world, and for the last year or so, Raspberry Pi owners have been contributing to the FlightAware network by detecting aircraft flying overhead and sending that data to the FlightAware servers.

Until now, these volunteers have used Raspis and software defined radio modules to listen in on ADS-B messages transmitted from aircraft. With FlightAware’s new update to PiAware, their Raspberry Pi flight tracking software, Mode S transponders can also be detected and added to the FlightAware network.

Last year, FlightAware announced anyone with a Raspberry Pi, a software defined radio module, and an Internet connection would earn a free FlightAware enterprise account for listening to ADS-B transmitters flying overhead and sending that information to the FlightAware servers. ADS-B is a relatively new requirement for aviators that transmits the plane’s identification, GPS coordinates, altitude, and speed to controllers and anyone else who would like to know who’s flying overhead.

Mode S transponders, on the other hand, are older technology that simply transmits the call sign of an aircraft. There’s no GPS information or altitude information transmitted, but through some clever multilateration in the new PiAware release these transponders and planes can now be tracked.

To get the location of these transponders, at least three other PiAware boxes must receive a signal from a Mode S transponder. These signals, along with a timestamp of when they were received are then sent to the FlightAware servers where the location of a transponder can be determined.

The end result of this update is that FlightAware can now track twice as many aircraft around the world, all with a simple software update. It’s one of the most successful applications of crowdsourced software defined radio modules, and if you’d like to get in on the action, the FlightAware team put together a bulk order of ADS-B antennas.

THP Semifinalist: Cheap Satellite Transponder

In 2016, a communications satellite will be launched into geostationary orbit somewhere over the middle east. Normally, this is fairly ordinary occurrence. This satellite, however, will be carrying two amateur radio transponders for hams all across europe, africa, the middle east, and India. [2FTG] is building a satellite transponder to talk to this satellite, and he’s doing it with junk sitting around his workbench.

The uplink frequency for this satellite will be in the neighborhood of 2.4 GHz, and [2FTG] needed a way to deal with the out of band interference in this part of the spectrum. The easy and cheap way to do this is with filters made for the WiFi band. Instead, [2FTG] had a few cavity filters in his junk box and decided to go that route. It meant he had to retune the filters, a process that should be annoyingly hard. [2FTG] did it in thirty minutes.

Antennas are another matter, but since [2FTG] has a supply of metal coffee cans, this part of the build was just a matter of soldering a bit of wire to an SMA connector, drilling a hole (using a log as a drill stop, no less), and soldering the connector to the can.

SpaceWrencherThe project featured in this post is a quarterfinalist in The Hackaday Prize.

Continue reading “THP Semifinalist: Cheap Satellite Transponder”

PiAware, Automated Airliner Tracking On The Raspberry Pi


For the sufficiently geeky aviation nerd there’s FlightAware, a website that tracks just about every airliner and most private planes currently in flight. The folks at FlightAware compile all the information with the help of a few thousand volunteers around the world that have a bit of hardware to listen to ADS-B transmissions and relay them to the FlightAware servers. Now you can do this with a Raspberry Pi, and as a nice little bonus FlightAware is giving away free enterprise accounts to anyone who does.

Listening in on ADS-B transponders is something Raspberry Pis have been doing for a while, but doing anything useful with the altitude, speed, heading, and registry numbers of various planes flying overhead is pretty much FlightAware’s only reason for existing, and the reason they’ve developed an easy to use software package for the Pi.

Setting everything up requires getting dump1090 running on the Pi, the only hardware required being an RTL-SDR USB TV tuner, a GPS module, and an antenna for 1090 MHz. From there, just send all the data to FlightAware and you get a free enterprise account with them. Not a bad deal for the aviation nerds out there.

Black Hat 2008: FasTrak toll system completely broken

FasTrak is the electronic toll collection system used by the state of California. Motorists can purchase a toll transponder for ~$26 and link the serial number with a debit account to have their tolls deducted automatically. Today at Black Hat in Las Vegas, security researcher [Nate Lawson] presented not just the privacy problems with FasTrak, but why absolutely no transaction from the tag should be trusted.

Continue reading “Black Hat 2008: FasTrak toll system completely broken”