Every mobile phone runs two operating systems; the one you interact with (like Android or Ios), and the one that controls the radio hardware. This second OS is ancient, creaking, and wildly insecure. Security researcher Ralf-Philipp Weinmann of the University of Luxembourg presented work on reverse-engineering the most popular "baseband" OSes from Qualcomm and Infineon and the horrifying security vulnerabilities he found. Anyone operating a cellular base-station (you can buy 'em on Ebay or build them from open source hardware specs) can send a 73-byte message that lets them run raw code on the processor; can silently activate auto-answer, crash the device, brick devices, install rootkits, send SMSes to premium numbers, and more.
You can do some crazy things with these exploits. For instance, you can turn on auto-answer, using the Hayes command set. This is a command language for modems designed in 1981, and it still works on modern baseband processors found in smartphones today (!). The auto-answer can be made silent and invisible, too.
While we can sort-of assume that the base stations in cell towers operated by large carriers are "safe", the fact of the matter is that base stations are becoming a lot cheaper, and are being sold on eBay - and there are even open source base station software packages. Such base stations can be used to target phones. Put a compromised base station in a crowded area - or even a financial district or some other sensitive area - and you can remotely turn on microphones, cameras, place rootkits, place calls/send SMS messages to expensive numbers, and so on. Yes, you can even brick phones permanently.
* The second operating system hiding in every mobile phone [Thom Holwerda/OS News]
CuloClean is a portable gadget that turns a plastic bottle into a bidet. I can’t vouch for its efficacy but it seems like a useful alternative to wiping your bum, especially as toilet paper has become a high-value currency. Apparently CuloClean supplies are also running low but it seems like you could make one yourself […]
Today apple announced a new MacBook Air (faster, cheaper) and an upgraded iPad Pro with LiDAR, “studio-quality” microphones and the full array of ultrawide and telephoto lenses as sported on recent top-of-the-line iPhones. But the thing that sells it to me is the new keyboard, which includes a trackpad (at last!) and fancy hinge that […]
A tiny, bargain-priced drone that delivers cinematic HD footage? Full speed ahead, backers! But alas, there’s a problem: coronavirus. The BBC reports on backers who pledged nearly $2m and are about to experience disappointment. Ash Hall, who reviews drones, published a damning video opinion piece on YouTube. He was fiercely critical not just of the […]
If you’ve ever had any musical aspirations — or even if your talent extends no further than turning on the radio — you’ve probably dreamed the “impossible” dream. You dream that maybe you could record some of your songs at home, post them online, build an armada of fan support, attract major label attention and […]
If you’re charting the fortunes of a business, one glance at the right columns can instantly detail that company’s health. If you want to see their current roster of customers, a spreadsheet can bring those clients into sharp focus. Make no mistake — the world of business is still dominated by the all-powerful spreadsheet. It’s […]
For wine lovers around the world, it’s all about discovery. Once they get a taste for the grape, oenophiles are rarely satisfied with even the most carefully curated, go-to vintages. There’s always a hunt for the next great pairing, the thrill of uncorking a bold new Tempranillo or sublime Moscato. That feeling is a jones […]