«
Expand/Collapse
192 items tagged "phone"
Related tags:
voip [+],
video [+],
usa [+],
cross site scripting [+],
server [+],
reading logs [+],
memory information [+],
emergency phone number [+],
cura [+],
voip phone [+],
snom [+],
phone hacking [+],
mobile [+],
day [+],
black hat [+],
perl tk [+],
perl [+],
password combinations [+],
isme [+],
iphone [+],
ipad [+],
disclosure [+],
privilege [+],
mobile phone [+],
hacking [+],
hackaday [+],
escalation [+],
collin mulliner [+],
cell [+],
arduino [+],
adam [+],
hacks [+],
web [+],
smart phone [+],
sim [+],
salzburg [+],
polycom [+],
news [+],
network [+],
motorola models [+],
martin herfurt [+],
marcel holtmann [+],
marcel [+],
malware [+],
industry [+],
commodity hardware [+],
cisco security advisory [+],
cisco security [+],
chaos communication camp [+],
bluetooth [+],
audio [+],
advisory [+],
adam laurie marcel holtmann [+],
aastra [+],
Software [+],
Hardware [+],
zane lackey [+],
vodafone [+],
thc [+],
snop [+],
sms [+],
slides [+],
security [+],
samsung [+],
privilege escalation vulnerability [+],
phone web [+],
phone call [+],
password [+],
mobile phone manufacturers [+],
miras [+],
luis miras [+],
links [+],
lackey [+],
ip phones [+],
interface versions [+],
free software updates [+],
forgery [+],
firmware versions [+],
feature phones [+],
directory traversal vulnerability [+],
default [+],
cryptographic authentication [+],
communication [+],
cisco unified [+],
charger [+],
cell phone users [+],
call [+],
authors [+],
attack [+],
ward mundy [+],
vulnerabilities [+],
voice [+],
ussd [+],
usb [+],
technology [+],
technological focus [+],
symbianos [+],
station [+],
smartphone [+],
smart [+],
sip protocol [+],
sim application toolkit [+],
sim application [+],
security advisory [+],
scandal [+],
sat [+],
recent technological advances [+],
raspberry [+],
radio [+],
proper exploitation [+],
private data [+],
private branch exchange [+],
privacy threat [+],
posix api [+],
phone security [+],
phone charger [+],
perfect candidate [+],
pbx [+],
paul wouters [+],
paul [+],
old radio [+],
office [+],
nokia [+],
nico golde [+],
mundy [+],
mitigation steps [+],
miami [+],
memory trade [+],
leigh honeywell [+],
leigh [+],
interface data [+],
home [+],
hero android [+],
harald welte [+],
hackers [+],
hacker [+],
garage [+],
gadget world [+],
g usim [+],
fm radio [+],
feature [+],
factory settings [+],
facebook [+],
exploits [+],
exploitation [+],
dieter spaar [+],
cryptography [+],
control [+],
company intranet [+],
cisco [+],
chris paget [+],
cell phone [+],
camera [+],
busting [+],
brad [+],
bitdefender [+],
atheros [+],
asterisk pbx [+],
apple [+],
air interface [+],
abu dhabi [+],
Area [+],
3g usim [+],
chaos communication congress [+],
zhaohui wang [+],
youtube [+],
yard [+],
xteardown [+],
xperiaplay [+],
x ray [+],
world [+],
workforce environment [+],
wordlist [+],
woman [+],
wipeout [+],
windows phone [+],
windows [+],
wii remote [+],
wii [+],
wi fi access point [+],
weirdness [+],
webapp [+],
web applications [+],
way communications [+],
waveform [+],
wants [+],
want [+],
wallet [+],
vipr [+],
vintage telephones [+],
vintage [+],
videophone [+],
video stream [+],
video phone [+],
video compression technology [+],
vanessa brunet [+],
use [+],
usb interface [+],
usb connection [+],
unlimited internet [+],
unboxing [+],
twitter [+],
turning the tables [+],
trojan [+],
tricorders [+],
tricoder [+],
translator [+],
traffic [+],
touch screens [+],
tor [+],
topic [+],
toolkit [+],
today [+],
tobias engel tags [+],
tiny keyboard [+],
tim wyatt [+],
throwie [+],
thrift store [+],
thermal imaging camera [+],
the rise [+],
the netherlands [+],
tetris game [+],
telemarketers [+],
telecom [+],
targeting [+],
tangled web [+],
talk [+],
take [+],
system phones [+],
system [+],
sunday mirror [+],
sulley [+],
stompy [+],
steve [+],
status [+],
star trek [+],
standard usb [+],
ss7 sigtran [+],
srsly [+],
spying [+],
speed dial [+],
speculation [+],
someone [+],
solar cells [+],
software setup [+],
sms text message [+],
slips [+],
siri [+],
sip [+],
simon [+],
shields [+],
shake [+],
service [+],
sensordrone [+],
senior executive fingered [+],
sega emulator [+],
security gate [+],
security flaws [+],
security flaw [+],
security experts [+],
security authors [+],
script kiddie [+],
scotland yard [+],
scotland [+],
scooter [+],
scheme [+],
scavenging [+],
saving [+],
rotary phone [+],
rotary [+],
rootkit [+],
root account [+],
rolf dieter klein [+],
rolf dieter [+],
rocker switch [+],
roberto [+],
ring [+],
rfid [+],
rf interface [+],
reverse engineering [+],
restoring old cars [+],
researchers [+],
remote start [+],
remote [+],
regional vice president [+],
razr [+],
raiding [+],
radio module [+],
python code [+],
pwned [+],
publictextbox [+],
project [+],
productivity apps [+],
processing power [+],
privacy [+],
premium rate numbers [+],
prankster [+],
prank [+],
powerful computer [+],
pocket [+],
ploy [+],
playing video games [+],
pi day [+],
phone side [+],
phone operator [+],
phone number [+],
phone hardware [+],
phone hacker [+],
phone hack [+],
phone button [+],
phone base [+],
philippe langlois [+],
personal freedom [+],
permissions [+],
peripherals [+],
pencil lead [+],
pencil [+],
peltier cooler [+],
pearl [+],
pc. [+],
paranoid [+],
paper [+],
palm pilots [+],
palestinian [+],
paging system [+],
paging [+],
p.s. i [+],
other mobile device [+],
oscilloscope [+],
operator [+],
open communication [+],
old technology [+],
old rotary phone [+],
number combinations [+],
number [+],
ntt docomo [+],
nokia n900 [+],
nokia cellphone [+],
night [+],
network surveillance [+],
mount although [+],
motorola [+],
motofone [+],
modern [+],
modem pools [+],
mode [+],
mobile phone users [+],
mobile phone service [+],
mobile phone number [+],
mobile network operators [+],
mobile apps [+],
misc [+],
mike benson [+],
mifi [+],
michael [+],
messaging [+],
meizu [+],
matt collier [+],
matt [+],
matrix [+],
math classrooms [+],
massive proliferation [+],
marco bonetti [+],
man [+],
mail client [+],
mail [+],
mac [+],
loose [+],
lofty goals [+],
location [+],
locating mobile phones [+],
locating [+],
linux [+],
lineberry [+],
light amp [+],
legal bills [+],
led [+],
leave [+],
law enforcement [+],
law [+],
kitchen counter [+],
keypresses [+],
keyboard [+],
jonathan rosenberg [+],
james murdoch asked [+],
james murdoch [+],
jailed [+],
ir commands [+],
iphone 4 [+],
internets [+],
interface [+],
infrared remote control [+],
imaging [+],
human interface device [+],
htc [+],
hot topic [+],
home phone service [+],
home electronics [+],
here [+],
heat sink [+],
having some sort [+],
hardware side [+],
handle bar [+],
ham [+],
hacking gsm [+],
hack [+],
guard interval [+],
gt s [+],
gps receiver [+],
google [+],
get smart [+],
george mason university [+],
geiger counter [+],
gate [+],
garage door openers [+],
friend shares [+],
friend [+],
free software project [+],
ford [+],
firmware [+],
feature phone [+],
existence thanks [+],
evan [+],
essential minerals [+],
enterprise [+],
engadget [+],
enforcement [+],
encryption [+],
emotiphone [+],
elegant package [+],
electromagnets [+],
egypt [+],
eavesdropping [+],
easy sms [+],
early 1900s [+],
dual mode phone [+],
dual core processor [+],
dspic [+],
down [+],
display [+],
directory traversal [+],
directory assistance [+],
diminutive size [+],
digits of pi [+],
digital [+],
dial [+],
device [+],
deportation [+],
demo rootkit [+],
demo [+],
defend [+],
decade [+],
de haas [+],
david richardson tim wyatt tags [+],
david richardson [+],
david pogue [+],
david hulton [+],
dave [+],
cuffed [+],
cross [+],
cordless phone [+],
convert [+],
controller cell [+],
control input [+],
connectivity [+],
congo [+],
communication towers [+],
commercial offerings [+],
color tv [+],
cleared [+],
classic [+],
cisco shoots [+],
cisco ip [+],
cisco ime [+],
chopper [+],
china [+],
cheap thermal imaging camera [+],
charlie x ray [+],
charlie x [+],
cellphone [+],
cell phone providers [+],
cell phone eavesdropping [+],
cell phone chargers [+],
case [+],
carphones [+],
car starter [+],
car [+],
captivate [+],
candlestick phone [+],
california [+],
bus [+],
bunnie [+],
brazil [+],
box [+],
body scanners [+],
bobbie [+],
bistable [+],
binder clips [+],
beeps [+],
base [+],
bakelite [+],
austin [+],
audio amp [+],
attempts [+],
aren [+],
area code [+],
application binaries [+],
application [+],
apple server [+],
app [+],
antique phone [+],
antique [+],
anthony lineberry [+],
analog sticks [+],
analog phone [+],
alternative [+],
advanced mobile phone service [+],
advanced [+],
adam outler [+],
aaron nelson [+],
Wireless [+],
Newbie [+],
Latest [+],
10 years [+],
android [+],
vulnerability [+],
ip phone [+],
yealink [+],
cellphones [+],
web interface [+],
gsm [+]
-
-
4:00
»
Hack a Day
Not every piece of technology or software can succeed, even with virtually unlimited funding and marketing. About the same number of people are still playing Virtual Boys as are using Google Plus, for example. In recent memory, the Windows Phone occupies the same space as these infamous failures, potentially because it was late to the smartphone game but primarily because no one wanted to develop software for it. But now, you can run Android apps on Windows Phones now. (Google Translate from German)
To be clear, this doesn’t support all Android apps or all Windows Phones, and it will take a little bit of work to get it set up at all. But if you still have one laying around you might want to go grab it. First you’ll need to unlock the phone, and then begin sending a long string of commands to the device which sends the required software to the device. If that works, you can begin loading Android apps on the phone via a USB connection to a PC.
This hack came to us via Windows Central and Reddit. It seems long and involved but if you have any experience with a command line you should be fine. It’s an interesting way to get some more use out of your old Windows Phone if it’s just gathering dust in a closet somewhere. If not, don’t worry; Windows Phones were rare even when they were at their most popular. We could only find one project in our archives that uses one, and that was from 2013.
-
-
13:00
»
Hack a Day
There are plenty of dual SIM phones on the market these days, but most of them are a hamstrung by packaging issues. Despite their dual SIM capability, this usually comes at the expense of the microSD card slot. Of course, hackers don’t accept such nonsense, and [Tweepy] went about crafting a solution. Sadly the make and model of phone aren’t clear.
It’s a simple case of very carefully shaving both the microSD card and the nano-SIM down until both can fit in the card tray. The SIM is slimmed down with the application of a heat gun helping to remove its plastic backing, saving precious fractions of a millimeter. The SD card is then filed down to make just enough space for the SIM to fit in underneath. Thanks to the springiness of the contacts in the phone, it’s just barely possible to squeeze both in, along with some Kapton tape to hold everything in place.
Your mileage may vary, depending on the construction of your SD card. Overall though, it’s a tidy hack that should prove useful to anyone with a dual SIM phone and limited storage. We saw a similar hack a few years ago, too.
[Thanks to Timothy for the tip!]
-
-
7:00
»
Hack a Day
You’ve seen a landline phone converted into a Bluetooth headset. There’s nothing new there. It’s great for confusing kids when asking them to dial a rotary phone, but that’s about it. It’s the same phone, built by Ma Bell for fifty years, converted with a little Bluetooth breakout board.
You’ve never seen a landline conversion like this. This is [Alessandro]’s Bluetooth-converted Beocom 600, complete with a drop-in replacement circuit board that turns this beautiful Bang & Olufsen design into a useful device for the smartphone era.
This phone was designed as Bang & Olufsen’s entry into phone design, and we’re shocked, simply shocked, that Apple hasn’t tried to lift this design yet. Unfortunately, it’s designed for landlines, making it horrifically inconvenient to take to Starbucks. That’s where the Bluetooth comes in, and [Alessandro]’s custom board that is meant to replace the guts of this vintage phone. Honestly, with Bluetooth modules it’s probably easier to deal with that instead of a telephone line.
Right now, the work is concentrated on the user interface, which means taking apart and mapping the pinout of the buttons. This keypad is plastic over rubber domes contacting a polyester sheet with contacts, feeding out to a ribbon cable. It’s fantastic work and finally some of the best design out there will be brought into the modern era.
-
-
1:00
»
Hack a Day
Rotary dial phones have a certain romantic charm about them; something never quite captured in the post-Touch Tone era. With landline phone services less popular than ever, these old workhorses aren’t really cut out for daily use anymore. However, with a modern brain transplant, they can still get the job done just fine.
[Xabier Zubizarreta] has undertaken to retrofit his FeTAp-611 rotary phone with a Bluetooth rig, allowing it to be used with smartphones to place and receive calls. A Raspberry Pi Zero W serves as the brains of the operation, chosen for its compact size and onboard Bluetooth and WiFi. Getting the Pi to work effectively with an Android phone as a Bluetooth audio device requires some trickery, but it’s nothing that can’t be fixed by custom compiling a few off-the-shelf tools. [Xabier]’s next big hurdle is finding a tidy way to generate a 30 VAC signal to drive the original ringer, something that proves difficult for most similar projects.
We love to see these telecommunication relics kept ticking, so if you happen to be building a vintage telephone exchange in your garden shed – be sure to let us know.
-
-
22:00
»
Hack a Day
The Plain Old Telephone Service, or POTS, doesn’t get a lot of love from the average person anymore. Perhaps once in a while a payphone will be of use when a phone battery has died, but by and large many people simply don’t have hardwired phones anymore. However, that doesn’t …read more
-
-
7:00
»
Hack a Day
Modern smartphones are highly integrated devices, bringing immense computing power into the palm of one’s hand. This portable computing power and connectivity has both changed society in innumerable ways, and also tends to lead to said powerful computers ending up dropped on the ground or into toilets. Repairs are often limited to screen replacement or exchanging broken modules, but it’s possible to go much further.
The phone is an iPhone 7, which a service center reported had issues with the CPU, and the only fix was a full mainboard replacement. [The Kardi Lab] weren’t fussed, however, and got to work. …read more
-
-
19:00
»
Hack a Day
Here’s a puzzler for you: If you’re phreaking something that’s not exactly a phone, are you still a phreak?
That question probably never crossed the minds of New Yorkers who were acoustically assaulted on the normally peaceful sidewalks of Manhattan over the summer by creepy sounds emanating from streetside WiFi kiosks. The auditory attacks caused quite a stir locally, leading to wild theories that Russian hackers were behind it all. Luckily, the mystery has been solved, and it turns out to have been part prank, part protest, and part performance art piece.
To understand the exploit, realize that New York …read more
-
-
11:30
»
Hack a Day
Telepresence hasn’t taken off in a big way just yet; it may take some time for society to adjust to robotic simulacra standing in for humans in face-to-face communications. Regardless, it’s an area of continuous development, and [MakerMan] has weighed in with a tidy DIY build that does the job.
It’s a build that relies on an assemblage of off-the-shelf parts to quickly put together a telepresence robot. Real-time video and audio communications are easily handled by a Huawei smartphone running Skype, set up to automatically answer video calls at all times. The phone is placed onto the robotic chassis …read more
-
-
4:00
»
Hack a Day
The modern smartphone has a variety of ways to interact with its user – the screen, the speakers, and of course, the vibration motor. But what if your phone could interact physically? It might be unnerving, but it could also be useful – and MobiLimb explores exactly this possibility.
Yes, that’s right – it’s a finger for your mobile phone. MobiLimb has five degrees of freedom, and is built using servomotors which allow both accurate movement as well as positional feedback into the device. Additionally, a touch-sensitive potentiometer is fitted, allowing the robofinger to respond to touch inputs.
The brains …read more
-
-
19:00
»
Hack a Day
Have you ever taken a picture indoors and had unsightly black bars interrupt your otherwise gorgeous photo? They are caused by lighting which flickers in and out in its normal operation. Some people can sense it easier than others without a camera. The inconsistent light goes out so briefly that we usually cannot perceive it but run-of-the-mill camera phones scan rows of pixels in sequence, and if there are no photons to detect while some rows are scanned, those black bars are the result. Annoying, right?
What if someone dressed that bug of light up as a feature? Instead of …read more
-
-
15:44
»
Packet Storm Security Exploits
YeaLink IP Phone SIP TxxP firmware versions 9.70.0.100 and below suffer from default credential and cross site request forgery vulnerabilities.
-
15:44
»
Packet Storm Security Misc. Files
YeaLink IP Phone SIP TxxP firmware versions 9.70.0.100 and below suffer from default credential and cross site request forgery vulnerabilities.
-
-
9:08
»
Hack a Day
When last we heard of a cheap thermal imaging camera accessory for any smart phone, we were blown away at how easily a very expensive electronic device could be replicated with an Arduino and enough know how. Now, that thermal imaging camera is a kickstarter project and provides a cheap way to put a thermal imaging [...]
-
-
7:43
»
Hack a Day
Every night, [Roberto]‘s kitchen counter is cluttered with three cell phones, three different cell phone chargers and a mess of wires until morning comes and the chargers are moved to a drawer for the following night. For [Roberto] this is a bit of a pain – a much easier solution would be to have a [...]
-
-
12:01
»
Hack a Day
[Ward Mundy] has found something great by combining a GXP-2200 phone with Raspberry Pi to create a private branch exchange. So the idea behind a PBX setup is kind of like a company intranet. All of the phones in the system are assigned an extension number and have access to the internal system functions like [...]
-
12:01
»
Hack a Day
[Ward Mundy] has found something great by combining a GXP-2200 phone with Raspberry Pi to create a private branch exchange. So the idea behind a PBX setup is kind of like a company intranet. All of the phones in the system are assigned an extension number and have access to the internal system functions like [...]
-
-
23:01
»
Packet Storm Security Recent Files
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
-
23:01
»
Packet Storm Security Tools
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
-
23:01
»
Packet Storm Security Misc. Files
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
-
-
8:31
»
Hack a Day
So IT has your computer locked down, but if you’re lucky enough to have this model of telephone you can still play video games while at work. [AUTUIN] was at the thrift store and for just $8 he picked up an ACN videophone on which he’s now playing video games. We don’t know what magical [...]
-
-
21:55
»
SecDocs
Authors:
Angelos Stavrou Zhaohui Wang Tags:
USB Event:
Black Hat DC 2011 Abstract: The Universal Serial Bus (USB) connection has become the de-facto standard for both charging and data transfers for smart phone devices including Google’s Android and Apple’s iPhone. To further enhance their functionality, smart phones are equipped with programmable USB hardware and open source operating systems that empower them to alter the default behavior of the end-to-end USB communications. Unfortunately, these new capabilities coupled with the inherent trust that users place on the USB physical connectivity and the lack of any protection mechanisms render USB a insecure link, prone to exploitation. To demonstrate this new avenue of exploitation, we introduce novel attack strategies that exploit the functional capabilities of the USB physical link. In addition, we detail how a sophisticated adversary who has under his control one of the connected devices can subvert the other. This includes attacks where a compromised smart phone poses as a Human Interface Device (HID) and sends keystrokes in order to control the victim host. Moreover, we explain how to boot a smart phone device into USB host mode and take over another phone using a specially crafted cable. Finally, we point out the underlying reasons behind USB exploits and propose potential defense mechanisms that would limit or even prevent such USB borne attacks. Angelos Stavrou is an Assistant Professor at George Mason University.
-
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
21:49
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
-
21:46
»
SecDocs
Authors:
Adam Laurie Marcel Holtmann Martin Herfurt Tags:
bluetooth Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure... In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. At EuroFoo in August 2004, Adam and Marcel Holtmann met, and agreed to colaborate on looking into the underlying causes of the problems, as well as sharing information and resources to try and gain a better foothold for the opensource community within the official bluetooth organistaions. This talk will cover the issues arising out of the flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations and full disclosure of techniques used in each of the attacks. Details of how the industry reacted, what they did, didn't and should have done will also be discussed, as well as some positive steps that have been taken as a direct result of the original problem disclosures. This will be a fun talk and a real eye-opener for those with bluetooth enabled devices, and will start with an introduction into the Bluetooth architecture and the security mechanisms offered by it so that it is possible to understand how and why the different attacks are working. Further there will be an introduction into the Linux Bluetooth stack BlueZ that will be used for doing the attacks and showing exactly how these attacks are working.
-
-
14:16
»
Packet Storm Security Recent Files
The operating system your smartphone is running may be vulnerable to USSD commands that could wipe your entire phone. Tapping on a link to a cleverly coded web page could order you phone to reset itself to factory settings and disintegrate all your private data with it. Any Android phone running Phone.apk version 4.1 or lower is at risk and that's the broader base of them. Install Bitdefender's USSD Wipe Stopper to protect against such attacks. Now, once you would tap on a exploiting link, Bitdefender will intercept the wipe command and ask you to decide what to do next. You may, if unsure, dismiss the USSD command.
-
14:16
»
Packet Storm Security Misc. Files
The operating system your smartphone is running may be vulnerable to USSD commands that could wipe your entire phone. Tapping on a link to a cleverly coded web page could order you phone to reset itself to factory settings and disintegrate all your private data with it. Any Android phone running Phone.apk version 4.1 or lower is at risk and that's the broader base of them. Install Bitdefender's USSD Wipe Stopper to protect against such attacks. Now, once you would tap on a exploiting link, Bitdefender will intercept the wipe command and ask you to decide what to do next. You may, if unsure, dismiss the USSD command.
-
-
7:52
»
Hack a Day
Very tiny keyboard The idea behind the iControlPad2 is pretty simple – just take the slide-out keyboard from a phone, discard the phone part, add two analog sticks and a D-pad, and put Bluetooth in it. It makes for a very small keyboard perfect for controlling a Raspi, a home media server, or even a phone [...]
-
-
7:17
»
Hack a Day
Cellular shields for the Arduino have been around for ages, but this is the first one we’ve seen that turns your Arduino into a proper cell phone. The shield is based around the SIM900 GSM/GPRS radio module, and is compatible with the SIM908 GSM/GPRS module that adds a GPS receiver. Also on board this shield are a pair of [...]
-
6:00
»
Hack a Day
[stompyonos] bricked his Samsung Captivate. Not wanting to be without a phone for a while, he researched a fix online and found shorting a pair of pins on the USB port would put the phone into download mode, saving his phone. The only problem for this plan is [stompy] didn’t have any resistors on hand. [...]
-
-
7:55
»
Packet Storm Security Recent Files
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
-
7:55
»
Packet Storm Security Tools
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
-
7:55
»
Packet Storm Security Misc. Files
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
-
-
5:00
»
Hack a Day
PS3 Controller Cell Phone Mount Although the details of this build are quite scarce, not much is needed considering all that this cell phone/PS3 controller “mount” is made of is 3 binder clips and a few rubber bands. A very ingenious solution. Overengineered Throwie On the other end of the spectrum, I’ve spent way too [...]
-
-
14:30
»
SecDocs
Authors:
Leigh Honeywell Paul Wouters Tags:
phone Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: To encrypt all your mobile phones to protect it from overzealous eavesdroppers, you are currently limited to using special hardware such as the Cryptophone. The disadvantage of cryptophone is that it only works with other cryptophones. To work around this, we turn mobile phones from "voice" phones into VOIP phones. Using the SIP protocol for VOIP and IPsec/L2TP or Openvpn as our VPN, Leigh Honeywell and Paul Wouters connect their mobile phones fully encrypted to an Asterisk PBX server. The presentation, given by Asterisk expert Leigh Honeywell and VPN expert Paul Wouters will start with a description of the demise of the "old" telecom sector and the end of "voice" conversations. The replacement, Voice Over IP promises a lot of good things, but it comes at a price. Hacking VOIP calls on the internet is much easier. We can no longer trust the security of the telecom infrastructure. Forged caller-ID, charging someone else for your calls, breaking through firewalled networks, or abuse via VOIP services like Google, Jajah, Skype or others. We will demonstrate some of these attacks. To address these problems, we need to be able to both authenticate and encrypt our calls. The solution presented is build with using Freely available (mostly open source) software and we will explain various aspects and ideas behind our setup and why we choose the various protocols and software packages. We are currently working with various phones, such as the Linux based GreenPhone, the XDA's and other phones running either Linux or Microsoft Windows PDA phones. Leigh and Paul will also hold a workshop, where they can go into the deep technical details on how to build your phones and your servers, and where people can try out our phones and secure PBX.
-
14:23
»
SecDocs
Authors:
Leigh Honeywell Paul Wouters Tags:
phone Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: To encrypt all your mobile phones to protect it from overzealous eavesdroppers, you are currently limited to using special hardware such as the Cryptophone. The disadvantage of cryptophone is that it only works with other cryptophones. To work around this, we turn mobile phones from "voice" phones into VOIP phones. Using the SIP protocol for VOIP and IPsec/L2TP or Openvpn as our VPN, Leigh Honeywell and Paul Wouters connect their mobile phones fully encrypted to an Asterisk PBX server. The presentation, given by Asterisk expert Leigh Honeywell and VPN expert Paul Wouters will start with a description of the demise of the "old" telecom sector and the end of "voice" conversations. The replacement, Voice Over IP promises a lot of good things, but it comes at a price. Hacking VOIP calls on the internet is much easier. We can no longer trust the security of the telecom infrastructure. Forged caller-ID, charging someone else for your calls, breaking through firewalled networks, or abuse via VOIP services like Google, Jajah, Skype or others. We will demonstrate some of these attacks. To address these problems, we need to be able to both authenticate and encrypt our calls. The solution presented is build with using Freely available (mostly open source) software and we will explain various aspects and ideas behind our setup and why we choose the various protocols and software packages. We are currently working with various phones, such as the Linux based GreenPhone, the XDA's and other phones running either Linux or Microsoft Windows PDA phones. Leigh and Paul will also hold a workshop, where they can go into the deep technical details on how to build your phones and your servers, and where people can try out our phones and secure PBX.
-
-
11:01
»
Hack a Day
Sensordrone is a sensor-filled wireless dongle for use with a smart phone or other computer-like device. But perhaps this is better explained as the thing that makes your smart phone work exactly as the original Star Trek tricorders did. In one had you have the main unit that displays data, in the other you hold [...]
-
-
21:44
»
Packet Storm Security Exploits
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
21:44
»
Packet Storm Security Recent Files
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
21:44
»
Packet Storm Security Misc. Files
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
-
7:01
»
Hack a Day
It is just amazing how small the boards are for some really powerful smart phones. For instance, the diminutive size of this Meizu MX Android phone’s board is only outshone by the intricate packaging the phone arrived in. [Adam Outler] did an unboxing of the device. But for him that mean tearing down all of [...]
-
-
21:31
»
Packet Storm Security Recent Files
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
21:31
»
Packet Storm Security Tools
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
21:31
»
Packet Storm Security Misc. Files
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
-
16:01
»
Hack a Day
This scooter starts right up with a shake of your Android device. This shake must be done from front-to-back, because a side-to-side shake is reserved for unlocking the saddle ([Brad] stores his helmet within). Connectivity is facilitated over Bluetooth, with a rocker switch near the left handle bar to disable the receiver so that you [...]
-
-
21:32
»
SecDocs
Authors:
Herr Urbach Tags:
privacy obfuscation Event:
Chaos Communication Camp 2011 Abstract: In January 2011 the fear of all internauts became bitter truth. A whole country was kill-switched by the government. The flow of data was interrupted, communication laid waste. Not only the Internets was taken down, other means of communication were interrupted too. Cell Phone providers took down their services. So, there was no Internets in Egypt. Internauts had no chance to communicate what is happening, mothers and fathers could not send emails to theire relatives. No data was flowing. As the phone lines were working, this was the solutions: Modems. In this talk I will describe what Telecomix agents had done during these days to bring back internet to the people of egypt. We used modem technology and set up dial up points all over the world and convinced providers with modem pools to open theire pools for the egyptians for free. Another thing we did was communication via HAM radio and of course fax. Not like anonymous who like to fax cables and stuff, but helpful information about medical help, how to communicate on a secure base and things like that. Furthermore I will describe the structure of Telecomix who are working as a decentralized cluster.
-
-
11:22
»
Packet Storm Security Tools
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
-
16:35
»
SecDocs
Tags:
smart card phone Event:
Chaos Communication Camp 2011 Abstract: This talk sheds some light on a cellphone-component, that's inevitable, virtually unclonable and as closed as it gets: the SIM. The SIM can do a lot more than just user-authentication nowadays: the SIM Application Toolkit gives it control over your phone Recently, location tracking in major smartphones caused quite a stir. Closed systems make discovering such unwanted behavior more difficult. While projects like osmocomBB aim at creating an open cellphone architecture, the SIM seems to be mostly inconsiderable and harmless. It's little known, that the SIM Application Toolkit (SAT) gives the SIM extensive control over the phone. Via the SAT, the SIM can obtain location information, monitor and redirect calls and send/receive short messages, as well as IP packets. The SIM-firmware can be updated over-the-air. Most of these features can even be used without the user noticing. Along with the mentioned SAT, this talk will illuminate the classic GSM SIM, as well as the 3G USIM altogether. After a quick introduction to smartcards in general, communication with the SIM will be explained in more detail. The most important SIM commands and files will be explained and how one can monitor communication with a SIM and inject arbitrary data into the session.
-
16:24
»
SecDocs
Tags:
smart card phone Event:
Chaos Communication Camp 2011 Abstract: This talk sheds some light on a cellphone-component, that's inevitable, virtually unclonable and as closed as it gets: the SIM. The SIM can do a lot more than just user-authentication nowadays: the SIM Application Toolkit gives it control over your phone Recently, location tracking in major smartphones caused quite a stir. Closed systems make discovering such unwanted behavior more difficult. While projects like osmocomBB aim at creating an open cellphone architecture, the SIM seems to be mostly inconsiderable and harmless. It's little known, that the SIM Application Toolkit (SAT) gives the SIM extensive control over the phone. Via the SAT, the SIM can obtain location information, monitor and redirect calls and send/receive short messages, as well as IP packets. The SIM-firmware can be updated over-the-air. Most of these features can even be used without the user noticing. Along with the mentioned SAT, this talk will illuminate the classic GSM SIM, as well as the 3G USIM altogether. After a quick introduction to smartcards in general, communication with the SIM will be explained in more detail. The most important SIM commands and files will be explained and how one can monitor communication with a SIM and inject arbitrary data into the session.
-
16:01
»
Hack a Day
[Gigafide] just finished building this flame-powered phone charger. The concept is not new. He grabbed a Peltier cooler and used the temperature differential between a flame and a heat sink to produce electricity used by the charger. If you search around here enough you’ll find plenty of candle-powered devices, and a few hacks that use [...]
-
-
15:22
»
SecDocs
Tags:
phone Event:
Chaos Communication Camp 2011 Abstract: The most ubiquitous device on the planet is arguably the mobile phone. Tragically, it is also a device built under some of the worst living and working conditions in the world. This is the story of a mission - To build the world's first ethical phone. The most ubiquitous device on the planet is arguably the mobile phone. We use them, we need them, we get new ones every few years. Our old phones are either in a drawer, a landfill, or in the hands of those people in places like China and Brazil where old electronics are broken down or repurposed. Meanwhile in many parts of one of the most troubled nations in the world, the minerals that make are new phones are being mined under some very questionable circumstances. From some of the worst labor conditions in the world comes the cobalt and other essential minerals that will one day be your iphone. -- Is this how it simply has to be? -- A group in the Netherlands has embarked on an ambitious, risky, and little known quest - To build the world's first ethical phone. Are where did they start? In the Congo of course...
-
-
3:33
»
Packet Storm Security Recent Files
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
-
-
21:55
»
SecDocs
Authors:
Collin Mulliner Nico Golde Tags:
phone Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Smart phones, everybody has a smart phone! No! Just about 16% of all mobile phones are smart phones! Feature phones are the most common type of mobile phone in the world. Some time ago we decided to investigate the security of feature phones. In this talk we show how we analyzed feature phones for SMS security issues. We show our results and the kind of attacks that are possible with our bugs. This talk is about security analysis of a class of mobile phone the so-called "feature phones". We show how we analyzed these type of phones for SMS security issues and what kind of problems to overcome in the process. We show results for the major mobile phone manufacturers in the world. Everyone of them has problems. Finally we show what kind of global scale attacks one can carry out with these kind of bugs. The attacks range from interrupting phone calls, to disconnecting people from the network, and sometimes even bricking phones remotely.
-
21:55
»
SecDocs
Authors:
Collin Mulliner Nico Golde Tags:
phone Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Smart phones, everybody has a smart phone! No! Just about 16% of all mobile phones are smart phones! Feature phones are the most common type of mobile phone in the world. Some time ago we decided to investigate the security of feature phones. In this talk we show how we analyzed feature phones for SMS security issues. We show our results and the kind of attacks that are possible with our bugs. This talk is about security analysis of a class of mobile phone the so-called "feature phones". We show how we analyzed these type of phones for SMS security issues and what kind of problems to overcome in the process. We show results for the major mobile phone manufacturers in the world. Everyone of them has problems. Finally we show what kind of global scale attacks one can carry out with these kind of bugs. The attacks range from interrupting phone calls, to disconnecting people from the network, and sometimes even bricking phones remotely.
-
-
21:47
»
SecDocs
Authors:
Karsten Nohl Luca Melette Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. Most severe attack vectors on mobile phones are due to an outdated technology base that lacks strong cryptographic authentication or confidentiality. Given this discrepancy between protection need and reality, a number of countermeasures were developed for networks and phones to better protect their users. We explain the most important measures and track their deployment. Furthermore, we will release tools to measure the level of vulnerability of networks. Sharing the results of these measurements will hopefully create problem awareness and demand for more security by phone users around the world.
-
-
21:41
»
SecDocs
Authors:
Karsten Nohl Luca Melette Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. Most severe attack vectors on mobile phones are due to an outdated technology base that lacks strong cryptographic authentication or confidentiality. Given this discrepancy between protection need and reality, a number of countermeasures were developed for networks and phones to better protect their users. We explain the most important measures and track their deployment. Furthermore, we will release tools to measure the level of vulnerability of networks. Sharing the results of these measurements will hopefully create problem awareness and demand for more security by phone users around the world.
-
21:41
»
SecDocs
Authors:
Karsten Nohl Luca Melette Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. Most severe attack vectors on mobile phones are due to an outdated technology base that lacks strong cryptographic authentication or confidentiality. Given this discrepancy between protection need and reality, a number of countermeasures were developed for networks and phones to better protect their users. We explain the most important measures and track their deployment. Furthermore, we will release tools to measure the level of vulnerability of networks. Sharing the results of these measurements will hopefully create problem awareness and demand for more security by phone users around the world.
-
15:21
»
Hack a Day
[Bjørn] combined some aging electronics he had around the house to create this Android media center. The enclosure is an FM-radio, but since he only listens to online media it wasn’t of much use to him. After sizing it up he realized it was a perfect candidate to receive his old HTC Hero Android phone. [...]
-
15:21
»
Hack a Day
[Bjørn] combined some aging electronics he had around the house to create this Android media center. The enclosure is an FM-radio, but since he only listens to online media it wasn’t of much use to him. After sizing it up he realized it was a perfect candidate to receive his old HTC Hero Android phone. [...]
-
-
6:01
»
Hack a Day
[Simon] is in the middle of restoring/building himself an Austin 7 Special out in his garage, and like most tinkerers, found that music helps to move the process along. He happened to have an old Bakelite generator phone out in the garage as well, and figured that he might as well have it do something [...]
-
-
7:01
»
Hack a Day
In the interests of open communication in shared spaces, [dan] made a public text box that serves as a terminal to the @publictextbox twitter account. We could see something like this being useful in a hackerspace or other hang out to announce to the world the happenings of the resident makers and builders. The software setup [...]
-
-
14:33
»
Hack a Day
[Samimy's] latest project is a little strange, but one man’s weird is another man’s wonderful so we’re not about to start criticizing his work. Nope, we’re here to praise the fact that his rotary phone turned reading light and audio amp is very well constructed. He started by removing the phone housing. Those old enough [...]
-
-
12:01
»
Hack a Day
[Nerdindustries] had a interesting idea; “what if you could just flip a switch and call someone?”. This happens a lot, especially in companies where your trying to catch a certain someone who is always swamped in phone calls. The Phone Box is a basic Nokia cellphone that has a number stored into its speed dial. [...]
-
-
9:01
»
Hack a Day
Even though everyone with a smart phone has a small, powerful computer in their pocket, we haven’t seen many applications of this portable processing power that use the built-in camera. [Michael] decided to change this and built an LED matrix that displays the data coming from the phone’s camera. For the build, [Michael] used two [...]
-
-
14:25
»
Hack a Day
Next time you’re waiting in the security line in an airport, why don’t you pull out your smartphone and count all the radiation being emitted by those body scanners and x-rays? There’s an app for that, courtesy of Mr. [Rolf-Dieter Klein]. The app works by blocking all the light coming into a phone’s camera sensor with [...]
-
-
8:01
»
Hack a Day
Back in the days of yore when hats were fashionable and color TV didn’t exist, there were real life people who would answer the phone if you dialed 0. These operators would provide directory assistance, and connect you to another number (such as KL5-8635). Apple’s Siri is a lot like an olde-timey phone operator, so [...]
-
-
7:37
»
Wirevolution
First impression is very good. The industrial design on this makes the iPhone look clunky. The screen is much bigger, the overall feel reeks of quality, just like the iPhone. The haptic feedback felt slightly odd at first, but I think I will like it when I get used to it.
I was disappointed when the phone failed to detect my 5GHz Wi-Fi network. This is like the iPhone, but the Samsung Galaxy S2 and Galaxy Nexus support 5 Ghz, and I had assumed parity for the Razr.
Oddly, bearing in mind its dual core processor, the Droid Razr sometimes seems sluggish compared to the iPhone 4. But the Android user interface is polished and usable, and it has a significant user interface feature that the iPhone sorely lacks: a universal ‘back’ button. The ‘back’ button, like the ‘undo’ feature in productivity apps, fits with the way people work and learn: try something, and if that doesn’t work, try something else.
The Razr camera is currently unusable for me. The first photo I took had a 4 second shutter lag. On investigation, I found that if you hold the phone still, pointed at a static scene, it takes a couple of seconds to auto-focus. If you wait patiently for this to happen, watching the screen and waiting for the focus to sharpen, then press the shutter button, there is almost no shutter lag. But if you try to ‘point and shoot’ the shutter lag can be agonizingly long – certainly long enough for a kid to dodge out of the frame. This may be fixable in software, and if so, I hope Motorola gets the fix out fast.
While playing with the phone, I found it got warm. Not uncomfortably hot, but warm enough to worry about the battery draining too fast. Investigating this, I found a wonderful power analysis display, showing which parts of the phone are consuming the most power. The display, not surprisingly, was consuming the most – 35%. But the second most, 24%, was being used by ‘Android OS’ and ‘Android System.’ As the battery expired, the phone kindly suggested that it could automatically shut things off for me when the power got low, like social network updates and GPS. It told me that this could double my battery life. Even so, battery life does not seem to be a strength of the Droid Razr. Over a few days, I observed that even when the phone was completely unused, the battery got down to 20% in 14 hours, and the vast majority of the power was spent on ‘Android OS.’
So nice as the Droid Razr is, on balance I still prefer the iPhone.
P.S. I had a nightmare activation experience – I bought the phone at Best Buy and supposedly due to a failure to communicate between the servers at Best Buy and Verizon, the phone didn’t activate on the Verizon network. After 8 hours of non-activation including an hour on the phone with Verizon customer support (30 minutes of which was the two of us waiting for Best Buy to answer their phone), I went to a local Verizon store which speedily activated the phone with a new SIM.
Deciding on the contract, I was re-stunned to rediscover that Verizon charges $20 per month for SMS. I gave this a miss since I can just use Google Voice, which costs $480 less over the life of the contract.
-
-
16:02
»
Hack a Day
People quickly find out that I am a dork, and their next question typically is “why do you own that old as dirt dumb phone?”. Well to be honest, I don’t like phones. After a decade of Palm Pilots and Windows CE devices, I really don’t like touch screens either (fat man fingers and a [...]
-
-
1:01
»
SecDocs
-
-
10:32
»
SecDocs
Authors:
Karsten Nohl Tags:
GSM phone Event:
Black Hat USA 2010 Abstract: Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
-
0:26
»
SecDocs
Authors:
Kevin Mahaffey John Hering Tags:
malware malware analysis phone Event:
Black Hat USA 2010 Abstract: The mobile app revolution is upon us. Applications on your smartphone know more about you than anyone or anything else in the world. Apps know where you are, who you talk to, and what you're doing on the web; they have access to your financial accounts, can trigger charges to your phone bill, and much more. Have you ever wondered what smartphone apps are actually doing under the hood? We built the largest-ever mobile application security dataset to find out. Mobile apps have grown tremendously both in numbers and capabilities over the past few years with hundreds of thousands of apps and billions of downloads. Such a wealth of data and functionality on each phone and a massive proliferation of apps that can access them are driving a new wave of security implications. Over the course of several months, we gathered both application binaries and meta-data about applications on the most popular smartphone platforms and built tools to analyze the data en masse. The results were surprising. Not only do users have very little insight into what happens in their apps, neither do the developers of the applications themselves. In this talk we're going to share the results of our research, demonstrate a new class of mobile application vulnerability, show how we can quickly find out if anyone in the wild is exploiting it, and discuss the future of mobile application security and mobile malware.
-
-
7:17
»
SecDocs
Authors:
Mikko Hypponen Tags:
malware phone Event:
Black Hat USA 2010 Abstract: Computers do not have a built-in billing system. Phones do: it's called the phone bill. We have already seen the first examples of money-making malware that infects various types of smartphones. This talk will go into details of the currently known smartphone trojans that either place calls or send text messages to expensive premium-rate numbers. How does this work technically? Which platforms are at risk? What kind of premium-rate numbers are the criminals using? How do they route the money back to them without getting caught? And what can we do about this before it gets worse?
-
-
0:35
»
SecDocs
Tags:
GSM phone Event:
Black Hat USA 2010 Abstract: Recent technological advances have placed GSM tools within the reach of today's security researchers and hackers. It is finally possible to directly explore the lowest levels of the GSM stack. This talk focuses on both sides of the GSM network where the users and network directly interact: the Um (air) interface. The primary technological focus of this talk is on the exposed interfaces between the GSM networks and users. This covers the base station system -- the network components which communicate with mobile phones -- and the base band -- the component of the mobile phone which communicates with the network. During the talk the two main components of the attack system will be demoed - malicious basestations and malicious basebands. The base station enables fuzzing mobile phone basebands, as well as other attacks. The baseband is used to test GSM network equipment for flaws, as well as exploit backend systems. Trust us, you'll *want* to turn off your phone for the duration of this talk!
-
-
10:01
»
Hack a Day
[Adam Ben-Dror] recently tipped us off to a project that he worked on recently. In this build he gutted an old candlestick-style phone and added modern technology to make it work as a cordless phone. We really liked this project because he married together new and old technology into an elegant package. There are a [...]
-
-
4:03
»
Hack a Day
Instructables user [apple_fan] likes vintage telephones from the early 1900s, but while they are nice to look at, they’re clearly not too useful nowadays. He decided to change that, and retrofitted an old operator-dialed telephone with some modern amenities. He gutted the phone, stripping out the large electromagnets and capacitor that were once used to [...]
-
-
14:21
»
SecDocs
Authors:
Karsten Nohl Tags:
GSM phone Event:
Hashdays 2010 Abstract: The most popular phone technologies use decade-old proprietary cryptography. We show how to break these weak and outdated functions using commodity hardware.
-
14:20
»
SecDocs
Authors:
Karsten Nohl Tags:
GSM phone Event:
Hashdays 2010 Abstract: The most popular phone technologies use decade-old proprietary cryptography. We show how to break these weak and outdated functions using commodity hardware.
-
13:05
»
Hack a Day
While many mobile phone manufacturers are moving towards the micro-USB interface as a standard, others such as Apple and HTC are still bucking the trend. Part of [arto’s] job includes repairing mobile phones, and last month he found himself faced with a pair of broken HTC handsets that needed their charging ports replaced. Replacements for [...]
-
-
8:07
»
Hack a Day
Instructables user [tcollinsworth] is a big fan of his Android smart phone. He practically carries it with him everywhere, so he figured it would be cool to integrate as many of his home electronics with the phone as possible. His garage door openers seemed like easy enough targets, and while he was in the garage, [...]
-
-
3:52
»
Hack a Day
We’ve all heard of solar cells that charge your devices, or the odd flashlight that charges when you shake it, but this style charger should be new to almost everyone. This “pan charger” is reportedly capable of charging a cell phone or other mobile device using a USB connection in 3 to 5 hours. It [...]
-
-
9:00
»
Hack a Day
Instructables user [zvizvi] was working on putting together a portfolio for his application into Industrial Design school, and thought it would be neat to repurpose an old rotary phone that used to belong to his grandmother. He originally had pretty lofty goals for the phone, but eventually pared back his vision to include one-way communications [...]
-
-
11:49
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
-
11:49
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
-
11:49
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
-
-
5:27
»
SecDocs
Authors:
Karsten Nohl Tags:
GSM phone Event:
Black Hat Abu Dhabi 2010 Abstract: Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
-
13:20
»
SecDocs
Tags:
GSM phone Event:
Black Hat Abu Dhabi 2010 Abstract: Recent technological advances have placed GSM tools within the reach of today's security researchers and hackers. It is finally possible to directly explore the lowest levels of the GSM stack. This talk focuses on both sides of the GSM network where the users and network directly interact: the Um (air) interface. The primary technological focus of this talk is on the exposed interfaces between the GSM networks and users. This covers the base station system—the network components which communicate with mobile phones—and the base band—the component of the mobile phone which communicates with the network. During the talk the two main components of the attack system will be demoed - malicious basestations and malicious basebands. The base station enables fuzzing mobile phone basebands, as well as other attacks. The baseband is used to test GSM network equipment for flaws, as well as exploit backend systems. Trust us, you'll want to turn off your phone for the duration of this talk!
-
-
10:34
»
Hack a Day
Remember the early days of cellphones and carphones when they were super-bulky and all the rage? Those early handsets used analog technology for communications in a protocol called Advanced Mobile Phone Service (AMPS). As more customers flocked to wireless providers, networks were transitioned over to digital phones in order to save bandwidth. Some places still [...]
-
-
6:05
»
Hack a Day
Have you ever wanted to be someone else, at least over the phone? Do you dream of turning the tables on telemarketers, making them hurry to get off the line instead of you? If so, [Brad] over at LucidScience has the project for you. A bit of a prankster at heart, he walks through the [...]
-
-
6:01
»
Hack a Day
[Headsheez] found a way to get his home phone service for free. He’s using a set of tools that we’re familiar with to route service from a typical analog phone system (which involves the extensions wired into your home) through a server to the Internet. On the hardware side of things this starts out with [...]
-
-
15:00
»
Hack a Day
As you well know, today is March 14th – aka “Pi Day”. Celebrated in math classrooms around the country, this truly is a celebration that belongs to the geeks. Here at Hack-a-Day, we too love Pi day, though we might not outwardly celebrate it with as much gusto as expressed by some of our readers. [...]
-
-
13:47
»
Hack a Day
[Itay] has a friend who works in a rented office where the parking lot is secured by a remote-controlled gate. Unfortunately, while his friend shares an office with several people, they only received a single remote. To help his friends out, he built a small device that triggers the remote control whenever a phone call [...]
-
-
11:19
»
Hack a Day
Hack-a-Day reader [Bobbie] sent us a hack that is an adaptation of the automatic cell phone button pushing machine we featured earlier this week. Inspired by that project, he challenged himself to construct a more efficient way to tackle the problem. He started out in much the same fashion, pointing a camera at the phone [...]
-
-
4:04
»
Hack a Day
While e-paper is common among e-readers, there are very few, if any phones other than the MOTOFONE that exclusively use an e-paper display. [Steve] had one of these phones sitting around and thought it could be used to build a low-power clock. Since the bistable e-paper display can retain the currently active content even when [...]
-
-
6:09
»
Hack a Day
A hot topic in the gadget world right now is the Sony Ericsson XperiaPlay phone, and while that is not our usual cup of tea, when we see the newest toy stripped down to its bits n pieces it piques our interest. This 8 page teardown of the XperiaPlay (google translated to english) takes you [...]
-
-
6:01
»
Hack a Day
[Charlie X-Ray] is having some modern fun with the phone system by pulling dialed numbers from the audio track of YouTube videos (translated). The first step was to find a video where a telephone is being dialed and the sounds of the keypresses are audible. You can’t tell those tones apart, but a computer can. [...]
-
-
14:35
»
Wirevolution
I will be moderating this panel at IT Expo in Miami on February 3rd at 9:00 am:
Mobility is taking the enterprise space by storm – everyone is toting a smartphone, tablet, laptop, or one of each. It’s all about what device happens to be tIn today’s distributed workforce environment, it’s essential to be able to communicate to employees and customers across the globe both efficiently and effectively. Prior to today, doing so was far more easily said than done because, not only was the technology not in place, but video wasn’t accepted as a form of business communication. Now that video has burst onto the scene by way of Apple’s Facetime, Skype and Gmail video chat, consumers are far more likely to pick video over voice – both in their home and at their workplaces. But, though demand has never been higher, enterprise networks still experience a slow-down when employees attempt to access video streams from the public Internet because the implementation of IP video is not provisioned properly. This session will provide an overview of the main deployment considerations so that IP video can be successfully deployed inside or outside the corporate firewall, without impacting the performance of the network, as well as how networks need to adapt to accommodate widespread desktop video deployments. It will also expose the latest in video compression technology in order to elucidate the relationship between video quality, bandwidth, and storage. With the technology in place, an enterprise can efficiently leverage video communication to lower costs and increase collaboration.
The panelists are:
- Mike Benson, Regional Vice President, VBrick Systems
- Anatoli Levine, Sr. Director, Product Management, RADVISION Inc.
- Matt Collier, Senior Vice President of Corporate Development, LifeSize
VBrick claims to be the leader in video streaming for enterprises. Radvision and LifeSize (a subsidiary of Logitech) are oriented towards video conferencing rather than streaming. It will be interesting to get their respective takes on bandwidth constraints on the WLAN and the access link, and what other impairments are important.
-
-
7:33
»
Wirevolution
Back in February 2009 I wrote about how Atheros’ new chip made it possible for a phone to act as a Wi-Fi hotspot. A couple of months later, David Pogue wrote in the New York Times about a standalone device to do the same thing, the Novatel MiFi 2200. The MiFi is a Wi-Fi access point with a direct connection to the Internet over a cellular data channel. So you can have “a personal Wi-Fi bubble, a private hot spot, that follows you everywhere you go.”
The type of technology that Atheros announced at the beginning of 2009 was put on a standards track at the end of 2009; the “Wi-Fi Direct” standard was launched in October 2010. So far about 25 products have been certified. Two phones have already been announced with Wi-Fi Direct built-in: the Samsung Galaxy S and the LG Optimus Black.
Everybody has a cell phone, so if a cell phone can act as a MiFi, why do you need a MiFi? It’s another by-product of the dysfunctional billing model of the mobile network operators. If they simply bit the bullet and charged à la carte by the gigabyte, they would be happy to encourage you to use as many devices as possible through your phone.
WiFi Direct may force a change in the way that network operators bill. It is such a compelling benefit to consumers, and so trivial to implement for the phone makers, that the mobile network operators may not be able to hold it back.
So if this capability proliferates into all cell phones, we will be able to use Wi-Fi-only tablets and laptops wherever we are. This seems to be bad news for Novatel’s MiFi and for cellular modems in laptops. Which leads to another twist: Qualcomm’s Gobi is by far the leading cellular modem for laptops, and Qualcomm just announced that it is acquiring Atheros.
-
-
15:22
»
Wirevolution
Although phone numbers are an antiquated kind of thing, we are sufficiently beaten down by the machines that we think of it as natural to identify a person by a 10 digit number. Maybe the demise of the numeric phone keypad as big touch-screens take over will change matters on this front. But meanwhile, phone numbers are holding us back in important ways. Because phone numbers are bound to the PSTN, which doesn’t carry video calls, it is harder to make video calls than voice, because we don’t have people’s video addresses so handy.
This year, three new products attempted to address this issue in remarkably similar ways – clearly an idea whose time has come. The products are Apple’s FaceTime, Cisco’s IME and a startup product called Tango.
In all three of these products, you make a call to a regular phone number, which triggers a video session over the Internet. You only need the phone number – the Internet addressing is handled automatically. The two problems the automatic addressing has to handle are finding a candidate address, then verifying that it is the right one. Here’s how each of those three new products does the job:
1. FaceTime. When you first start FaceTime, it sends an SMS (text message) to an Apple server. The SMS contains sufficient information for the Apple server to reliably associate your phone number with the XMPP (push services) client running on your iPhone. With this authentication performed, anybody else who has your phone number in their address book on their iPhone or Mac can place a videophone call to you via FaceTime.
2. Cisco IME (Inter-Company Media Engine). The protocol used by IME to securely associate your phone number with your IP address is ViPR (Verification Involving PSTN Reachability), an open protocol specified in several IETF drafts co-authored by Jonathan Rosenberg who is now at Skype. ViPR can be embodied in a network box like IME, or in an endpoint like a phone of PC.
Here’s how it works: you make a phone call in the usual way. After you hang up, ViPR looks up the phone number you called to see if it is also ViPR-enabled. If it is, ViPR performs a secure mutual verification, by using proof-of-knowledge of the previous PSTN call as a shared secret. The next time you dial that phone number, ViPR makes the call through the Internet rather than through the phone network, so you can do wideband audio and video with no per-minute charge. A major difference between ViPR and FaceTime or Tango is that ViPR does not have a central registration server. The directory that ViPR looks up phone numbers in is stored in a distributed hash table (DHT). This is basically a distributed database with the contents stored across the network. Each ViPR participant contributes a little bit of storage to the network. The DHT itself defines an algorithm – called Chord – which describes how each node connects to other nodes, and how to look up information.
3. Tango, like FaceTime, has its own registration servers. The authentication on these works slightly differently. When you register with Tango, it looks in the address book on your iPhone for other registered Tango users, and displays them in your Tango address book. So if you already know somebody’s phone number, and that person is a registered Tango user, Tango lets you call them in video over the Internet.
-
-
8:00
»
Hack a Day
More and more today, it is becoming harder to avoid having some sort of RFID tag in your wallet. [bunnie], of bunnie:studios decided to ease the clutter (and wireless interference) in his wallet by transplanting the RFID chip from one of his subway cards into his mobile phone. Rather than the tedious and possibly impossible [...]
-
-
14:16
»
Hack a Day
Non acronym version of the title: send and receive text messages via cell phone communication towers using an Arduino or other microcontroller. “We’ve been doing that for years!” you cry, well yes, technically. But [Fincham] lays it outs simply; commercial offerings are expensive and finding a cell phone that uses RS232 now a days is [...]
-
-
13:00
»
Hack a Day
Here’s a 2-channel Oscilloscope for your Android phone. It uses a base module driven by a dsPIC for signal processing. From there, an LMX9838 Bluetooth module broadcasts the data to the phone so that the waveform can be displayed. [Yus] ported some Python code he had been using over to a set of Java and [...]
-
-
9:00
»
Hack a Day
[Matt] brought together a TV remote and cordless phone to add a locator system to the remote control. One of the best features of a cordless phone is the pager button on the base. When you press it the handset beeps until found. Matt gutted one and got rid of the unnecessary parts. He then cracked open [...]
-
-
8:49
»
Wirevolution
We are half way through the year, so it’s time for another look at Wi-Fi phone certifications. Three things jump out this time. First, a leap in the number of Wi-Fi phone models in the second quarter of 2010. Second, the arrival of 802.11n in handsets, and third Samsung’s market-leading commitment to 802.11n. According to Rethink Wireless “Samsung’s share of the smartphone market was only about 5% in Q1 but it aims to increase this to almost 15% by year end.” Samsung Wi-Fi-certified a total of 73 dual mode phones in the first six months of 2010, three times as many as second place LG with 23. In the 11n category, Samsung’s lead was even more dominating: its 40 certifications were ten times either of the second place OEMs.
Here is a chart of dual mode phones certified with the Wi-Fi Alliance from 2008 to June 30th 2010. We usually do this chart stacked, but side-by-side gives a clearer comparison between feature phones and smart phones. Note that up to the middle of 2009, smart phones outpaced feature phones, but then it switched. This is a natural progression of Wi-Fi into the mass market, but may also be exaggerated by a quirk of reporting: of HTC’s 17 certifications in the first half of 2010, it only categorized one as a smart phone.
The chart below shows the growth of 802.11n. It starts in January 2010 because only one 11n phone was certified in 2009, at the end of December. As you can see, the growth is strong. I anticipate that practically all new dual mode phone certifications will be for 802.11n by the end of 2010.
Below is the same chart sliced by manufacturer instead of by month. The iPhone is missing because it wasn’t certified until July, and the iPad is missing because it’s not a phone. With only one 802.11n phone, Nokia has become a technology laggard, at least in this respect. The RIM Pearl 8100/8105 certifications are the only ones with STBC, an important feature for phones because it improves rate at distance. All the major chips (except those from TI) support STBC, so the phone OEMs must be either leaving it disabled or just not bothering to certify for it.
-
-
8:06
»
SecDocs
Authors:
Marco Bonetti Tags:
privacy phone Event:
Black Hat EU 2010 Abstract: Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Unfortunately, with the new features of HTML5 and browser built-in geolocation being pushed into the Web2.0 world and on mobile phones and browser, it's becoming harder and harder to keep the users' privacy safe. This presentation will describe the problems which are arising around the use of these new technologies and how they can be (ab)used to attack Tor users. It will also describe where the development is going to protect mobile phone users privacy and let them survive their own devices.
-
-
6:18
»
Hack a Day
This new toolkit, called “Android” meets Arduino, allows you to connect an Arduino to your device and communicate back and forth. You could trigger external events at the Arduino end when an event happens on your phone, or even trigger things on your phone side when something happens at the Arduino. We can’t wait to [...]
-
-
11:00
»
Hack a Day
[Aaron Nelson] tipped us off about a simple hack to use an iPad SIM with an iPhone. You won’t be able to use the iPhone as a phone, but the relatively cheap $29.99 for unlimited Internet was his goal. He used an old plastic gift card to cut out an adapter for the iPad’s micro [...]
-
-
12:06
»
Hack a Day
[Pikipirs] developed an app that lets you connect a Wii remote to an Android phone. After the break you can see it used with a Sega emulator. The button presses seem very responsive, making for a nice gaming addition if you care to carry around the Wiimote in addition to your phone. It certainly seems [...]
-
-
6:00
»
Hack a Day
Cell phone chopper control Control your tiny inexpensive helicopter with a Nokia N900. The chopper uses an infrared remote control, just like a television. Getting this to work was just a matter of figuring out the IR commands and writing an app for the phone to spit them out. Fade to black; inconspicuously Lost interest [...]
-
-
12:00
»
Hack a Day
That title’s not really fair to [Evan], but he did write a cellphone tetris game that causes your handset to automatically telephone him if you win. He’s using two applications that we’re not very familiar with, Twilio and Tornado. The former handles control input from the cellphone via their simple API. The latter is a [...]
-
-
21:04
»
SecDocs
Authors:
Collin Mulliner Tags:
fuzzing phone Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: In this talk we show how to find vulnerabilities in smart phones. Not in the browser or mail client or any software you could find on a desktop, but rather in the phone specific software. We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices. This method does not use the carrier and so is free (and invisible to the carrier). We show how to use the Sulley fuzzing framework to generate fuzzed SMS messages for the smart phones as well as ways to monitor the software under stress. Finally, we present the results of this fuzzing and discuss their impact on smart phones and cellular security.
-
-
23:15
»
remote-exploit & backtrack
How can I make a wordlist of all the possible phone number combinations that are in my area.
For example, I live in California where the area code to phone numbers is 818. So I need to learn how to make a wordlist with the numbers going from 8180000000 to 8189999999.
Can anyone help me out?
~Thanks
So sorry for posting this. I should've lurked more.
perl -e 'for($i=0; $i<=9999999999; $i++) {print "$i\n"}' > numberlist.txt
-
-
21:05
»
SecDocs
Authors:
Philippe Langlois Vanessa Brunet Tags:
network VoIP phone Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it's getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we're getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form. Attacking the SS7 network is fun, but there's a world beyond pure SS7: the phone system applications themselves, and most notably what transforms phone numbers into telecom addresses (also known as Point Codes, DPCs and OPCs; Subsystem Numbers, SSNs and other various fun.), and that's called Global Title Translation. Few people actually realize that the numbers they are punching on their phone are actually the same digits that are used for this critical translation function, and translate these into the mythical DPCs, SSNs and IMSIs. More and more data is now going through the phone network, creating more entry point for regular attacks to happen: injections, overflow, DoS by overloading capacities. And we have an ally: the mobile part is opening up, thanks to involuntary support from Motorola, Apple and Android. We'll study all the entry points and the recent progresses in the Telecom security attacks.
-
-
21:06
»
SecDocs
Authors:
Karsten Nohl Chris Paget Tags:
cryptography GSM cracking phone Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The worlds most popular radio system has over 3 billion handsets in 212 countries and not even strong encryption. Perhaps due to cold-war era laws, GSM's security hasn't received the scrutiny it deserves given its popularity. This bothered us enough to take a look; the results were surprising. From the total lack of network to handset authentication, to the "Of course I'll give you my IMSI" message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet. Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS'ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.
-
21:06
»
SecDocs
Authors:
Karsten Nohl Chris Paget Tags:
cryptography GSM cracking phone Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The worlds most popular radio system has over 3 billion handsets in 212 countries and not even strong encryption. Perhaps due to cold-war era laws, GSM's security hasn't received the scrutiny it deserves given its popularity. This bothered us enough to take a look; the results were surprising. From the total lack of network to handset authentication, to the "Of course I'll give you my IMSI" message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet. Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS'ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.
-
8:00
»
darkc0de
How To Find the location of a mobile phone.
-
-
7:25
»
Hack a Day
[Dave] Had been working on a cell phone activated remote start for his car for a while when we posted the GSM car starter. While both do carry out the same job, we feel that there is enough good information here to share. He’s gone a pretty simple way, by connecting the vibrator motor leads [...]
