Every mobile phone runs two operating systems; the one you interact with (like Android or Ios), and the one that controls the radio hardware. This second OS is ancient, creaking, and wildly insecure. Security researcher Ralf-Philipp Weinmann of the University of Luxembourg presented work on reverse-engineering the most popular "baseband" OSes from Qualcomm and Infineon and the horrifying security vulnerabilities he found. Anyone operating a cellular base-station (you can buy 'em on Ebay or build them from open source hardware specs) can send a 73-byte message that lets them run raw code on the processor; can silently activate auto-answer, crash the device, brick devices, install rootkits, send SMSes to premium numbers, and more.
You can do some crazy things with these exploits. For instance, you can turn on auto-answer, using the Hayes command set. This is a command language for modems designed in 1981, and it still works on modern baseband processors found in smartphones today (!). The auto-answer can be made silent and invisible, too.
While we can sort-of assume that the base stations in cell towers operated by large carriers are "safe", the fact of the matter is that base stations are becoming a lot cheaper, and are being sold on eBay - and there are even open source base station software packages. Such base stations can be used to target phones. Put a compromised base station in a crowded area - or even a financial district or some other sensitive area - and you can remotely turn on microphones, cameras, place rootkits, place calls/send SMS messages to expensive numbers, and so on. Yes, you can even brick phones permanently.
Those bowtie-shaped “motorized self-balancing two-wheeled scooters” you see in the windows of strip-mall cellphone repair shops and in mall-kiosks roared out of nowhere and are now everywhere, despite being so new that we don’t even know what they’re called.
Vtech is a ubiquitous Hong Kong-based electronic toy company whose kiddy tablets and other devices are designed to work with its cloud service, which requires parents to set up accounts for their kids. 4.8 million of those accounts just breached, leaking a huge amount of potentially compromising information, from kids’ birthdays and home addresses to […]
The LG Watch Urbane 2nd Edition LTE was the company’s latest answer to Apple’s dominating entry into the market. But it died fast, pulled off the shelves within a week due to an unspecified problem with the display. Ron Amadeo writes that they “are not in a position to communicate the specifics of the issue […]
Celebrate Cyber Monday with some brain food. Save on any eLearning deal in the Boing Boing Store today using coupon code: CYBERMONDAY25. Below are a couple of our favorite eLearning offers: eduCBA Tech Training Bundle: Lifetime Subscription:Welcome to your personal online classroom, where you can finally study at your own pace, on your own time (and […]
This minimalist multi-tool will see to it that instead of rocking a tool belt, you’ll carry just one. It’s shaped slightly like a key and weighs less than an ounce, so it plays nice with your keychain. The strong surgical-grade stainless steel blade will last, and is handy for everyday tasks like opening boxes and […]
The Code Black is our top-selling drone of all time—and for good reason. This powerful, palm-size drone is not only insanely fun to fly, but can capture some serious video footage from up above. With a flight time of about 10 minutes and an ultra-smooth ride, it’s a great introductory drone for anyone looking to […]