GSM Security By Obscurity Nearly Over.

In the past 12 months we’ve seen GSM pulled to bits by the hacker/security researcher community.

We now have software for the USRP radio peripheral that can make it behave just like a GSM cell phone tower – routing calls on cruise ships & 3rd world countries (or anywhere else you can get away without a proper licence) via Asterisk VOIP from regular GSM phones.

Also, we’ve now got the ability to snoop almost real-time on encrypted GSM phone calls, thanks to 2GB of Rainbow Lookup tables & the USRP peripheral.

The last piece of the puzzle is getting an open source OS onto a regular mobile phone and grabbing hold of the phone’s baseband firmware – so you can make it do what you want. This is a crucial step – it’s the difference between merely sniffing traffic & being able to inject your own malformed packets. Normally a phones baseband firmware is set in stone – a bit like sending fixed AT commands to a MODEM, but once you can build you own baseband OS, you can then make up your own commands – which is real progress.

To give you an idea of what can be done when you can grab a phone by its low-level-balls like this – at the CCC 2009 conference a phone was reprogrammed so it would constantly request that the cell phone tower open a channel for it. Flooded with enough requests this would stop anyone else using that mast.

Phones which are likely usable for this are hard to get hold of. Try looking for a Calypso C123 on eBay…. good luck. Alternatives available to UK readers are the J100i from Nokia and the V171 from Motorola. I counted a handful of each. The J100i sports a colour screen, but is otherwise about as sophisticated as an old Nokia 3310. You need old hardware like this for reverse engineering.

More here.

Written by admin in: Uncategorized |

Some Extra Thoughts On Smart Phones

For quite some time we’ve insisted that WiFi routers & Dect cordless home phones are the big enemy in electrosmog terms – if you stay at home they’re both blasting you constantly.

We’ve always said that mobile phones only radiate when you’re actually speaking on them. A regular mobile will talk to the mast for maybe 10 seconds every 15 minutes in standby.

However, after playing around with a Google 3G smartphone for 6 months now (and owning an electrosmog detector), i’ve come to the conclusion that smartphones fully loaded with various apps are just about as bad as a WiFi router stuck in your pocket – this is bad, very bad.

On my own Google Nexus One that means Google Mail checking in every minute, and every other network aware application doing the same.

Our heartfelt advice is to make sure you’re on the network that gets the easiest signal. Compare Sims from different providers and then get a PAC code and switch as soon as you can. If your smartphone is constantly switching between GSM & 3G that’s no good for you, at all.

Once you’ve done that you need to turn off all the apps that are transmitting data in the background. Googlemail will constantly check for new mail – but on my Android OS phone it won’t if I turn off ‘Background Sync’.

Also, the latest versions of Android support setting up your phone as a portable WiFi hotspot. Please make sure this is turned off again, once you’ve finished using it, otherwise your leg will be getting full of unwanted RF signal. Better still, stick your phone in Aircraft mode.

If you don’t hold the phone next to your head to hold conversations – or keep it in a trouser pocket – this advice probably doesn’t matter too much.

Further away from your body the better. Every time the distance from your body doubles the absorbed signal halves.

Written by admin in: Uncategorized |

Car Thieves Start Using Radio Jammers

A report in this week’s The Sunday Times warns that lots of car thieves are now using radio jammers to stop your car’s remote door-locking keyfob doing its job properly.

Radio jammers for all bands are available direct from China these days. The best sites accept Paypal and ship quickly to UK addresses, describing the consignments as test equipment, or something equally inconspicuous.

You can buy jammers for GPS, GSM, 3G, 433MHz. Anything you can think of, they’ll make – in a selection of power outputs and prices. You could take down GPS or Mobile phones on a city-wide basis if you were daft enough, but you’d be pretty easy to find (you’d be glowing!) and would spend a long time in jail!

Most car keyfobs operate in the unlicensed 433MHz band. If you don’t actually watch your lights flash and you doors lock you may be coming back to an empty car.

Police around the country have noticed a rise in this type of crime around big cities – often dozens of cars in one street will have been done-over without a single window being smashed.

According to The Sunday Times, all the car thieves need do is leave a suitable jammer hidden in a prime spot with a decent extra battery pack attached, it could then run for hours, or they can just trigger the jammer when you go for your keyfob – if they started using decent antennas they could be watching through binoculars.

Imagine the haul of satnavs, iPods, laptops and phones from that lot!

Worryingly, a lot of the wireless burglar alarms in peoples homes use the same frequency bands to receive signals from PIRs dotted around the home…

Another great reason to remove all the electrosmog generating devices from your home & go back to being Wired. If you didn’t realise yet, we love being Wired…

Written by admin in: General |

Theme: Premium WordPress Themes | InMotion, Gesundheit