Less Radiation

Ubertooth, Funcube Dongle Pro and Sparkfun IOIO for Android.

Three brand new innovative products, all coming out around the same time. All in limited supply, and all completely brilliant!

Ubertooth – Bluetooth sniffing for under £100.

Until now sniffing and injecting packets into Bluetooth communication hasn’t been possible for the man in the street.

The Ubertooth USB dongle will change this for under £100.

The USB adapter just grabs a chunk of 2.4GHz spectrum and your PC processes it. Makes passive detection of Bluetooth devices possible without shelling out £1000 for a USRP. It will be possible to predict Bluetooth hopping pattern. It will also be possible to do man-in-the-middle attacks using two Ubertooths.

UK Buyers can pre-order from RFIDIOt.org. US buyers can pre-order from HakShop

FUNcube Dongle Pro – all frequency audio scanner for under £100.

Another USB dongle featuring three SMD chips to perform a custom task. This dongle is very different from the Ubertooth, but in some ways more amazing.

It can grab up to a 80KHz chunk of radio spectrum from anywhere between 64MHz and 1700MHz (although there is a dead spot between 1100MHz and 1270MHz). It will basically do most things your fancy-pants £1000+ standalone radio scanner will do, for just £100. Basically good for speech & data, but not really video. Works with Windows. Mac OSX & Linux. Appears to PC as a USB audio device & a HID device. Plenty of open source software available to drive it. Interestingly the FUNcube Pro is mentioned on the Osmocom Tetra page.

The only downside is that each batch the designer has made are currently selling out in 2 minutes, when he releases them. Find out more at FUNcube Dongle

Sparkfun IOIO for Android – attach anything to your Android smartphone for under £50.

A really simple way to attach almost any electronic component to your Android Smartphone or Tablet. Thousands of uses will be found. Things will be invented!

This board consists of a USB to Everything adapter & a library of script & device drivers (a bit like an Arduino sketch but in Java). All the computing power & sensors in your Android smartphone available to motors, LEDs, weather stations, robots, PIRs, analog sensors, digital sensors. Just imagine the possibilities. Runs on Android 1.5 & up, so even all those sub-£50 used Android phones will work with it.

www.SparkFun.com

According to Thinq.co.uk they can:

“Newly-published research suggests that mobile phones can reduce the mineral content of the bones they hang out around.

Researchers at the the National University of Cuyo, in Mendoza, Argentina, looked at that strange breed – men who wear mobile phones on their hip. They discovered evidence to suggest that the proximity of the mobile phone caused a reduction in bone mineral content (BMC) and bone mineral density (BMD) in the men who wore the phones over a 12-month period, compared to a control group that didn’t.

According to an abstract from the study to be published in the Journal of Craniofacial Surgery, wearers of a mobile phone had “significantly lower right BMD at the trochanter and significantly lower right BMC at both trochanter and total hip”.

None of these differences were found in non users, the study notes.

Non users had a higher BMC at the right femoral neck (at the top of the thigh). The right-left difference in femoral neck BMD of non users was marginally non-significant. In users, there was no femoral neck right-left difference of BMC at the femoral neck. Right-left asymmetries in femoral neck BMC were significantly different between both groups, the study notes.

Study leader Dr Fernando D Sravi writes: “The different patterns of right-left asymmetry in femoral bone mineral found in mobile cell phone users and non users are consistent with a non-thermal effect of electromagnetic radio-frequency waves not previously described.”

The study measured BMC and BMD in the left and right hips of two groups of healthy men – 24 who did not use cell phones and 24 who carried their cell phone on their right hip, for at least 12 months.

According to the researchers, few studies have looked at whether electromagnetic fields emitted by cell phones could affect bone mineralisation. They suggest that with rapid uptake of mobile phones, any significant effect on BMD could have a substantial effect on the osteoporosis rate in the population.

Osteoporosis is a systemic skeletal disease characterised by low bone mass and microarchitectural deterioration that leads to increased bone fragility and increased risk of fracture .

Dr Sravi says more research is needed to follow up his study, particularly in women, who  generally have higher rates of osteoporosis, and children, who may have a long life of mobile phone use ahead of them.

Sravi writes that, while the actual energy emission by modern mobile cell phones is well below the limits set by current standards, precluding significant thermal effects, a growing body of evidence suggests that non-ionizing electromagnetic radiation in the frequency range of mobile cell phones may cause non-thermal biologic effects. Many of these non-thermal biologic effects “might be relevant for human health,” the study notes.

Read more:
 http://www.thinq.co.uk/2011/3/28/mobile-phones-rot-your-bones/#ixzz1HvusYGtI.

Richard Stallman: iPhones and Androids are ‘Big Brother’ tracking devices

I was just looking at the Slashdot website and started reading a piece on Networkworld.com about Richard Stallman’s views on various topics.

Stallman (the open-source software movement is basically his idea) says he won’t own a mobile phone as they’re glorified tracking devices, which can also be used to eavesdrop on you remotely. This of course is all perfectly true, and if you’re of interest to the NSA or UK security services that might bother you (I’m thinking of Julian Assange or anyone who ever stood in a 5 meter perimeter of him). But if the only insight someone might gain into your personal life is that you’re using Sainsburys rather than Tescos for your shop this week, then who really cares?

I only use my Android smartphone for internet access, I don’t make any calls or send any texts. Stallman states that unless you remove the battery ( he actually says all batteries!) you don’t know what your phone is doing. Well I know what my phone is doing… I own an Electrosmog Detector (now sold out but available on eBay and other sites), which turns RF transmissions into audible noise – I’ve also got a couple of spare 9v rechargeable batteries, so I can leave it on whenever I want – and if my phone is transmitting I can hear it.

If you own an Electrosmog Detector & you’re remotely bothered about being monitored, you could just make fart noises every time the phone transmits when you aren’t talking on it! This is much more fun than being paranoid about what it is or maybe isn’t doing. Of course a smart phone with Facebook & Gmail installed will be transmitting regularly, so turn off all those auto-sync services if you want to know when it shouldn’t be transmitting.

If you don’t want to be tracked, then just leave your phone at home half the time, or swop with a big group of friends if you’re a member of any kind of protest group, or just don’t use one. Remember that swoping Sim cards isn’t enough, your mobile also contains a unique IMEI number, and either of those will let you be tracked. You need a new PAYG phone & sim to vanish. (and as soon as you use it to contact an old target you’ll re-appear again).

If you use the internet look into using Tor, or signing up for a secure VPN.

And another thing… I own several laptops & an iMac. I was looking at them recently and must have pre-empted Richard Stallman’s views. I took a big blob of blu-tak and stuck it over each built-in webcam & mic… Well you never know who might have been listening or watching, and they bloody well aren’t now! And one final thing, assume everything you do and look at on the internet is monitored, because it is…

Peace & Love

There’s an interesting article on GPS in the New Scientist this week – issue 12th March 2011, page 44.

The crux of the article is this: while we’re all using GPS in Smartphones & TomToms to find out where we are, it’s also being used in lots of mission-critical infrastructure hardware these days to get accurate atomic clock time & date stamps. Some of these other uses: GSM cell towers to synchronise clocks, signing stock market financial transactions, bank ATM timestamps, the United States power grid to sync 5000 suppliers, some airports use GPS-based landing systems to assist in poor visibility. In the future the US Federal Railroad Administration plans to rely on GPS for smart management of rail traffic. GPS is also used to locate cars, boats & cargo.

Jammers for GPS are now being manufactured in large numbers in Chinese factories, and can be bought over the internet using Paypal direct from the Far East – along with jammers for every other radio system you can imagine – just Google it. Like all these other jammers they are illegal to use. So who uses them? They are used by truckers to hide from their snooping bosses, criminals who steal cars with trackers fitted and people who want to avoid some GPS enabled road toll systems.

The problem is that GPS signals are derived from satellites in space that only transmit on low power. If you turn on a GPS jammer you not only block your own device, but also all GPS devices for hundreds of metres around you. The article mentions a trucker who used to drive past Newark Liberty International Airport, and his jammer shut down their new GPS assisted landing system, sometimes twice a day. It took them several months to discover the trucker in question.

Potentially far worse though, it’s also possible to spoof a GPS system, making it think it’s somewhere it isn’t. It’s also theoretically possibly to spoof the atomic clock timings that Stockbrokers and ATMs depend upon. If you could manipulate the time-stamp on stock market buy & sell orders you could make millions. Professor Todd Humphreys at the University of Texas has done a lot of research into GPS spoofing.

GPS is one of the few systems that security researchers armed with USRP software radios have yet to turn their attention to. The USRP radio peripheral can be made to mimic almost any radio system. So far they’ve gone after Bluetooth, WiFi, Dect & GSM. This year they’ve started a project to build a fully functioning Tetra radio (albeit without the encryption the Police use). GPS is a next logical target for man-in-the-middle spoofing attacks using USRP & other custom transceivers.

The article goes on to mention the development of eLORAN, which is a ground based GPS type navigation system, which can use higher power transmitters to overcome some of GPS’s limitations. Also, as Atomic Clocks become cheaper, any appliance will be able to figure out where it is (relative to a known starting point) using just digital compasses, accelerometers & gyroscopes. In fact, some of these sensors are already in iPhone & Android smartphones.

Another possible way of knowing if your GPS is being spoofed is to cross-reference using a 2nd technology. This could be the WiFi router MAC address database that Google compiled while mapping our roads for Streetview – useful on smartphones that have GPS & WiFi built in. Or you could make a database of all the cellphone sites in the UK using a laptop running OsmocomBB Cell_Log, a £10 Motorola C115 phone & a GPS receiver – accuracy is good to 100 metres, and any cellphone that can issue a RACH request can use the answers to locate itself from the Timing Advance value returned from multiple cell sites – this would be useful on a laptop only. I think Holland may have produced a similar map already.

Ettus Research, the maker of the USRP, announced on February 14th their own GPSDO add-on board ($750 each) for the USRP N200/N210. This will allow USRP radios at different sites to sync with each other accurately, just like the aforementioned cell towers do.

If you didn’t know, every year between Christmas & New Year thousands of computer hackers converge on Berlin to showcase their latest electronic hardware exploits at the Chaos Computer Club conference. I got interested two years ago when some German students demonstrated their £30 Dect phone laptop ‘debugger’ in a talk at 25C3.

The great thing about the yearly CCC conference is, even if you can’t make it there in person, you can watch live streams of the various talks online. This years highlights for me:

Index of talks here

Wideband GSM sniffing here

The Baseband Apocalypse here

Running your own GSM stack on a phone. here

27C3 main wiki index here

27C3 Videos

Interesting article in New Scientist this week. Karsten Nohl has assessed various manufacturers keyfob immobilisers and concluded that most of the older 40 & 48 bit AES systems are now hackable. Last year he took 6 hours to discover the algorithm used to create the encryption key in a Hitag 2 system. Armed with that algorithm he could in theory unlock any car using NXP Semiconductors Hitag 2 system – according to New Scientist.

Security professionals now believe a move to 128 bit immobilisers is the way forward. Both Texas Instruments & NXP now offer 128 bit AES systems – which would take so long to crack that it’s not worth even trying. Apparently, the car manufacturers don’t see the urgency to switch. They point out that any car can still be removed by a thief using a flat-bed truck & a GPS/GSM radio jammer.

We’ve written previously about crimes here in the UK, involving the theft of laptops & phone from cars by thieves using jammers to stop the owners locking their car doors using the immobiliser keyfobs. Now, in theory at least, they can take your car too.

I’ve been playing about with motorised webcams this week.

I have a Panasonic BL-C111 IP camera, which looks like any other motorised webcam, but has a web server built in too. This means it doesn’t need a PC to operate, it only needs to be plugged into your router. You can then log in from any other internet connected PC and pan & tilt the camera around. The Panasonic camera gives a great image & can output its video stream in MJPEG or MPEG4 modes – it’s really impressive.

Even better still, you can now get apps for iPhone & Android that allow you to view the camera remotely, move it around & take snapshot photos to the memory card in your phone. The Panasonic BL-C111 is available for around £129 & a wireless model is also available. The free trial app I tried on my Google Android phone can be downloaded from Android Marketplace, just search for “IP Cam Viewer” by Robert Chou. Once downloaded to your phone you can move the camera left, right, up & down just by dragging your thumb over the touch-screen.

If the Panasonic option sounds a bit expensive, you can do things cheaper still. If you already own a motorised Logitech Sphere webcam, you can load up “My Webcam Broadcaster” from Eyespyfx.com for free, and then just pay 5 Euros for the Android or iPhone app to remotely view & move the webcam around. If you don’t have the Logitech Sphere the software will use your laptop’s built-in webcam instead. So for a total outlay of 5 Euros you can see what’s going on in your home when you’re not there, all on your smartphone. Nice!

If you want a really good nights sleep, it might be worth trying unplugging your WiFi router & Dect phone from the power at bedtime. They both transmit constantly, and if they’re near where you sleep they might be the cause of your poor sleep.

Now it’s a great big hassle to remember to unplug each of these from the mains each night, especially if they’re in different rooms in your house. So a neat way to turn them both off remotely is to buy a pair of Remote Control Sockets from somewhere like CPC for £3.95+vat+p&p (order code PL1115610 at cpc.co.uk). You can also find them on eBay for around £10 for a pack of 3.

If you have trouble peeling your kids away from the TV at mealtimes this could be the answer for you too. Food on table, TV mysteriously dies…

Also, don’t leave your mobile turned on overnight, sitting on the bedside cabinet next to your head – modern 3G phones, like the iPhone & Android models, are constantly transferring data with Facebook & Google Mail (assuming you use them) while you sleep. Olders GSM models like the Nokia 3310 transmit for maybe 10 seconds every 20 minutes while you sleep, so the mast can keep track of them.

In the past 12 months we’ve seen GSM pulled to bits by the hacker/security researcher community.

We now have software for the USRP radio peripheral that can make it behave just like a GSM cell phone tower – routing calls on cruise ships & 3rd world countries (or anywhere else you can get away without a proper licence) via Asterisk VOIP from regular GSM phones.

Also, we’ve now got the ability to snoop almost real-time on encrypted GSM phone calls, thanks to 2GB of Rainbow Lookup tables & the USRP peripheral.

The last piece of the puzzle is getting an open source OS onto a regular mobile phone and grabbing hold of the phone’s baseband firmware – so you can make it do what you want. This is a crucial step – it’s the difference between merely sniffing traffic & being able to inject your own malformed packets. Normally a phones baseband firmware is set in stone – a bit like sending fixed AT commands to a MODEM, but once you can build you own baseband OS, you can then make up your own commands – which is real progress.

To give you an idea of what can be done when you can grab a phone by its low-level-balls like this – at the CCC 2009 conference a phone was reprogrammed so it would constantly request that the cell phone tower open a channel for it. Flooded with enough requests this would stop anyone else using that mast.

Phones which are likely usable for this are hard to get hold of. Try looking for a Calypso C123 on eBay…. good luck. Alternatives available to UK readers are the J100i from Nokia and the V171 from Motorola. I counted a handful of each. The J100i sports a colour screen, but is otherwise about as sophisticated as an old Nokia 3310. You need old hardware like this for reverse engineering.

More here.

For quite some time we’ve insisted that WiFi routers & Dect cordless home phones are the big enemy in electrosmog terms – if you stay at home they’re both blasting you constantly.

We’ve always said that mobile phones only radiate when you’re actually speaking on them. A regular mobile will talk to the mast for maybe 10 seconds every 15 minutes in standby.

However, after playing around with a Google 3G smartphone for 6 months now (and owning an electrosmog detector), i’ve come to the conclusion that smartphones fully loaded with various apps are just about as bad as a WiFi router stuck in your pocket – this is bad, very bad.

On my own Google Nexus One that means Google Mail checking in every minute, and every other network aware application doing the same.

Our heartfelt advice is to make sure you’re on the network that gets the easiest signal. Compare Sims from different providers and then get a PAC code and switch as soon as you can. If your smartphone is constantly switching between GSM & 3G that’s no good for you, at all.

Once you’ve done that you need to turn off all the apps that are transmitting data in the background. Googlemail will constantly check for new mail – but on my Android OS phone it won’t if I turn off ‘Background Sync’.

Also, the latest versions of Android support setting up your phone as a portable WiFi hotspot. Please make sure this is turned off again, once you’ve finished using it, otherwise your leg will be getting full of unwanted RF signal. Better still, stick your phone in Aircraft mode.

If you don’t hold the phone next to your head to hold conversations – or keep it in a trouser pocket – this advice probably doesn’t matter too much.

Further away from your body the better. Every time the distance from your body doubles the absorbed signal halves.