Every mobile phone runs two operating systems; the one you interact with (like Android or Ios), and the one that controls the radio hardware. This second OS is ancient, creaking, and wildly insecure. Security researcher Ralf-Philipp Weinmann of the University of Luxembourg presented work on reverse-engineering the most popular "baseband" OSes from Qualcomm and Infineon and the horrifying security vulnerabilities he found. Anyone operating a cellular base-station (you can buy 'em on Ebay or build them from open source hardware specs) can send a 73-byte message that lets them run raw code on the processor; can silently activate auto-answer, crash the device, brick devices, install rootkits, send SMSes to premium numbers, and more.
You can do some crazy things with these exploits. For instance, you can turn on auto-answer, using the Hayes command set. This is a command language for modems designed in 1981, and it still works on modern baseband processors found in smartphones today (!). The auto-answer can be made silent and invisible, too.
While we can sort-of assume that the base stations in cell towers operated by large carriers are "safe", the fact of the matter is that base stations are becoming a lot cheaper, and are being sold on eBay - and there are even open source base station software packages. Such base stations can be used to target phones. Put a compromised base station in a crowded area - or even a financial district or some other sensitive area - and you can remotely turn on microphones, cameras, place rootkits, place calls/send SMS messages to expensive numbers, and so on. Yes, you can even brick phones permanently.
* The second operating system hiding in every mobile phone [Thom Holwerda/OS News]
NCR reports in-the-wild sightings of “deep skimmers” (tiny, disposable card-skimmers that run on watch batteries and use crude radios to transmit to a nearby base-station) on ATMs around the world: “Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the United States.”
Pocket CHIP is a tiny, $50, ARM-based pocket games console with a full keyboard and a Bluetooth interface.
Craiglist has something wonderful on it: a vast collection of more than 600 vintage Smith-Corona typewriters, including accessories and marketing literature. Yours for a hundred grand. My collection consists of over 600 typewriter items including the company’s first typewriter in the 1880’s to one of the company’s last typewriters in 2000’s and all models in […]
White hat hackers get paid to find holes in their own employers’ online systems, and plug those holes before they become serious security risks. It’s a job that pays handsomely…mostly because few job candidates, even experienced IT professionals, have the skills to scamper over firewalls and infiltrate the deepest recesses of a battle-tested network. But […]
Why buy one of those expensive and confusing universal remotes, clogged with enough buttons to launch a space shuttle, when you could accomplish the same electronic control right on your favorite mobile device? The Blumoo Universal Remote, now just $52.99 in the Boing Boing Store, harnesses the audio power of all your household equipment right […]
You may not love Microsoft Word, but you’ve definitely used it. Other than being one of the most ubiquitous programs on the planet, it’s been the go-to word processing system for more than a quarter-century because it’s as basic as it gets. But occasionally, you’ve got assignments that beg for a lot more options than simple […]