Every mobile phone runs two operating systems; the one you interact with (like Android or Ios), and the one that controls the radio hardware. This second OS is ancient, creaking, and wildly insecure. Security researcher Ralf-Philipp Weinmann of the University of Luxembourg presented work on reverse-engineering the most popular "baseband" OSes from Qualcomm and Infineon and the horrifying security vulnerabilities he found. Anyone operating a cellular base-station (you can buy 'em on Ebay or build them from open source hardware specs) can send a 73-byte message that lets them run raw code on the processor; can silently activate auto-answer, crash the device, brick devices, install rootkits, send SMSes to premium numbers, and more.
You can do some crazy things with these exploits. For instance, you can turn on auto-answer, using the Hayes command set. This is a command language for modems designed in 1981, and it still works on modern baseband processors found in smartphones today (!). The auto-answer can be made silent and invisible, too.
While we can sort-of assume that the base stations in cell towers operated by large carriers are "safe", the fact of the matter is that base stations are becoming a lot cheaper, and are being sold on eBay - and there are even open source base station software packages. Such base stations can be used to target phones. Put a compromised base station in a crowded area - or even a financial district or some other sensitive area - and you can remotely turn on microphones, cameras, place rootkits, place calls/send SMS messages to expensive numbers, and so on. Yes, you can even brick phones permanently.
* The second operating system hiding in every mobile phone [Thom Holwerda/OS News]
Did you buy a useless $400 “smart” juicer and now feel the need to accessorize it with more extrusions from the Internet of Shit timeline? Then The Leaf from Teaforia is just the thing: it’s a tea-maker that uses DRM-locked tea-pods to brew tea in your kitchen so you don’t have to endure the hassle […]
A popular French blogger was killed after a pressurized whipped cream dispenser exploded and struck her in the chest. French media reported she had died of cardiac arrest after the incident, despite medical attention. The popular fitness and travel figure was well-known in France, with some 55,000 Facebook fans and 154,000 followers on Instagram. One […]
The Kaonashi No-Face Piggy Bank makes the most out of one of the coolest characters in Studio Ghibli’s storied history — but getting one exported to you from Japan costs an astounding $164. (via Kadrey)
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]
The Bragi Dash Truly Wireless Smart Earphones are far more than your run of the mill Bluetooth earbuds. While the earpiece design makes these earbuds ideal for exercise and activity, and passive noise cancelling is conducive to a more serene listening experience, these buds go well beyond just playing music.First of all, they can actually […]