Every mobile phone runs two operating systems; the one you interact with (like Android or Ios), and the one that controls the radio hardware. This second OS is ancient, creaking, and wildly insecure. Security researcher Ralf-Philipp Weinmann of the University of Luxembourg presented work on reverse-engineering the most popular "baseband" OSes from Qualcomm and Infineon and the horrifying security vulnerabilities he found. Anyone operating a cellular base-station (you can buy 'em on Ebay or build them from open source hardware specs) can send a 73-byte message that lets them run raw code on the processor; can silently activate auto-answer, crash the device, brick devices, install rootkits, send SMSes to premium numbers, and more.
You can do some crazy things with these exploits. For instance, you can turn on auto-answer, using the Hayes command set. This is a command language for modems designed in 1981, and it still works on modern baseband processors found in smartphones today (!). The auto-answer can be made silent and invisible, too.
While we can sort-of assume that the base stations in cell towers operated by large carriers are "safe", the fact of the matter is that base stations are becoming a lot cheaper, and are being sold on eBay - and there are even open source base station software packages. Such base stations can be used to target phones. Put a compromised base station in a crowded area - or even a financial district or some other sensitive area - and you can remotely turn on microphones, cameras, place rootkits, place calls/send SMS messages to expensive numbers, and so on. Yes, you can even brick phones permanently.
* The second operating system hiding in every mobile phone [Thom Holwerda/OS News]
AquaGenie is “the world’s smartest water bottle,” a $70 internet-of-things device that “knows your water goals” and will connect to the Internet to inform you if you have met them. AquaGenie is your daily companion that keeps you on track and fully hydrated, helping you achieve all your health, wellness, fitness and weight loss goals! […]
When I wrote about the Haunted Mansion loot crates (“Ghost Post”) last March, what I couldn’t say was that I was a writer on the project, penning the radio scripts, newspapers, letters, and associated gubbins and scraps that went along with the three boxes of custom-made props and merch, tying them together into a series […]
According to a lawsuit filed Tuesday in Chigago, Bose uses software to track the music and other audio listened to on its wireless headphones, violating the privacy of its users and selling the information. The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Bose’s “wholesale disregard” […]
All moms are different. But all moms like getting flowers on Mother’s Day, and that’s a fact (not, however a fact we can document in any fashion.) Instead of getting chewed out for forgetting to call her on the second Sunday of May, you can take care of it ahead of time with Teleflora’s flower […]
Yeah, Bluetooth audio is pretty common these days, so why should you care about these earbuds? Look how happy that woman up above looks. She’s got FRESHeBUDS in. Boom. There’s your reason. She’s also at the beach and it appears to be a very nice day.But for the sake of promotion, wireless earbuds are fast becoming the […]
“Gets stuff done,” is a good way to be described by anybody. Especially by coworkers or bosses. Because whether you’re in finance or a children’s librarian, stuff needs to get done. But how do you make sure stuff gets done? You definitely can’t do all the stuff yourself, unless your company/organization/government office consists entirely of you. And […]