HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
I'm not saying people should take one of these hacked phones to a movie, but I could see where some people might appreciate it. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Hacked Feature Phone Can Block Other Peoples Calls
- Thread starter HardOCP News
- Start date
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
So illegal...But so worth it.
DarkStar_WNY
2[H]4U
- Joined
- Dec 27, 2006
- Messages
- 2,363
Wow, well this does far more then simply block texts in the theater, which I support 100% to blocking all texts from the cell, which could kill text messaging over many miles.Yikes!
rivertown_rat
Limp Gawd
- Joined
- Mar 17, 2011
- Messages
- 137
OK, hate it when people text or play games during a movie (why did they go to the movie in the first place?), but nobody has the right to indiscriminately block everybody's phone. What if somebody is having a medical emergency in the adjacent auditorium, or a nearby house? If they die because they could not call 911, you would be legally and morally liable.
DarkStar_WNY
2[H]4U
- Joined
- Dec 27, 2006
- Messages
- 2,363
Well if we are going to talk hypotheticals, couldn't you also stop someone from triggering a bomb remotely with their phone? lol!
Spazturtle
[H]ard|Gawd
- Joined
- Jan 4, 2013
- Messages
- 1,526
You can get phone jammers for like $30 that will block all phones in an area, non penetration so walls will block them that you could use in schools class rooms or movie theatres.
Parmenides
Supreme [H]ardness
- Joined
- Apr 25, 2006
- Messages
- 6,578
lol, nice. I seem to also remember a day when the world was able to handle emergencies without cell phones.
Wrecked Em
Supreme [H]ardness
- Joined
- Sep 14, 2004
- Messages
- 8,169
All this would to is ensure the idiot in the theater spends 5x as much time dicking with his phone, trying to figure out why his texts are failing.
Actually, look up the statistics and you will see that without cell phones most emergencies ended "very bad" to say the least.
http://www.nena.org/?page=911Statistics
"9-1-1 Call Volume:
An estimated 240 million calls are made to 9-1-1 in the U.S. each year. According to the FCC, one-third are wireless calls; in many communities, its one-half or more of all 9-1-1 calls."
- Joined
- Jun 27, 2001
- Messages
- 15,814
still illegal
My understanding from the article is that a single cell phone with this mod can shut down an entire location area, which the article notes in Berlin is around 200 square kilometers. After a bit of reading, it seems like the appropriate wikipedia article for this is Cell site, in which we find that the range of a GSM tower has a maximum range of 35 km (22 miles), while hilly terrain may reduce the range to as little as 5 km (3.1 miles).
In other words, you're not blocking a single room with this mod, you're blocking an entire city (or a large part of a very populous city).
Your local police department, fire department, medical facilities, airport facilities, and the Feds (up to and including Homeland Security) would not be amused by these shenanigans. Remember that idiot trucker earlier this month that blocked GPS at an airport to hide from his employer? This would be ten times worse.
Cellular providers will have to stop doing the easy thing that this hack exploits and start doing it the hard, expensive way. They have no choice. There's nothing a terrorist cell would like better than the chaos that a dozen or so $20 cell phones can now cause to an entire city.
In other words, you're not blocking a single room with this mod, you're blocking an entire city (or a large part of a very populous city).
Your local police department, fire department, medical facilities, airport facilities, and the Feds (up to and including Homeland Security) would not be amused by these shenanigans. Remember that idiot trucker earlier this month that blocked GPS at an airport to hide from his employer? This would be ten times worse.
Cellular providers will have to stop doing the easy thing that this hack exploits and start doing it the hard, expensive way. They have no choice. There's nothing a terrorist cell would like better than the chaos that a dozen or so $20 cell phones can now cause to an entire city.
They won't. if it would require a complete rewrite of the 2G protocol that means they would have to redesign that, then replace every single phone out there in the market with one using the new version of the protocol.
There is no way they would do that. They would lose too much money in the entire process. Unless this actually started to happen all over the place they aren't going to be willing to lose any money on this.
Best case, going forward they try to move things away from using 2G and only 3 - 5G and in time this becomes a non issue. But till that day comes this is a risk that they will just accept.
Bootleg Usher
Gawd
- Joined
- Apr 14, 2010
- Messages
- 703
They don't have to rewrite every phone, just the ones they are using to block. They would only have to rewrite around 10 phones or less.
I'm going to assume the GSM protocol uses IMEI and ESN authentication when it connects one mobile to another, not just when the devices tries to register on the network. I presume this is how the GSM protocol works, as if it doesn't then that would be a huge oversight by the protocol designers. If so (I'm 99% sure this is how it works) the connection to another device would occur like this:
Phone dials out -> network receives connection -> network routes connection to another phone -> it says "it's me" and transmits IMEI and ESN to verify that it is actually a registered phone (that's where the term bad ESN comes from) -> the call is connected.
If this is how it works, blocking it is as simple as blocking the IMEI and ESN of the hacker's phones.
Just my 2c.
Phone dials out -> network receives connection -> network routes connection to another phone -> it says "it's me" and transmits IMEI and ESN to verify that it is actually a registered phone (that's where the term bad ESN comes from) -> the call is connected.
If this is how it works, blocking it is as simple as blocking the IMEI and ESN of the hacker's phones.
Just my 2c.
That wouldn't work. You would have to change them all. If you only changed these few versions what does that fix? These people would already have these phones and can already write their own code for them. They would still be able to take out every other phone. The problem is how the protocol works not these single phones. The tower sends out a message to every single phone that it can talk to. "Hey 555-555-1212 I have a message for you", the only phone that is supposed to answer is 555-555-1212 to get that message. in this case these people rewrote how the phone works so that their phone answers "that is me" before the real phone can answer. As the article said the only way to fix that is to change the protocol so that it requires some type of check to see if it really is that phone. That way when a phone says "that is me" there is a way for the tower to check to see if that really is you instead of just assuming it is. Having just some phoned so that and not others doesn't fix anything as that problem still is out there. If your phone didn't know how to send back the proof it is who it says it is, then how would the tower really know that is you? all you would need to do is to code the phone to not send back the response either. then i have still faked the tower into thinking I am you because just like your phone i didn't reply.
That is the problem, that isn't how it work it souds. Based on the article that authenication part is what is missing and is what would need to be added to prevent this. Instead when the tower is trying to send you a text or a call it just broadcast for your phone (probably based on the ESN or whatever) and then your phone responds with a "it's me" and the tower sends you whatever your info is. there is no actual authenication check there to see if that really is you by having you send anything back. That is how this flaw works because that was overlooked by the designers. As far as the tower knows that other phone is you because it said it was before you did.
jbltecnicspro
[H]F Junkie
- Joined
- Aug 18, 2006
- Messages
- 9,541
Emergency phone in the back of the theater - demarcated by a red "911" light in the rear corner of the theater. Problem solved.
OK, well if that's how it works, then you're always sending it to the same phone. And to send it to the phone you have to know the ESN, kind of like you have to know a computers IP address to send information to it.
Phone says "it's me" and radio tower sends communication to phone that said "it's me" by forwarding text message "Yo gurl" or whatever to ESN 123456443.
When the network gets hijacked by one of these phones, the carrier simply looks at the logs of what goes where, figures out this one phone is receiving all of the communications, and declares that phone a bad ESN and bars it from the network - declaring all communications to and from that device 'bad'.
At that point its a little late if you are waiting till the attack is already over with. you are also assuming they can't randomly generate ESNs to use on the fly.
Using your IP example. I could have a computer that randomly creates new mac addresses. So you block one on your network and I just create another one.
Not sure if the same could be done here or not, but since they are working at the base code level of the phone I wouldn't see why they couldn't change that every time or every so often.
You don't need to wait until the attack is over, I'm presuming they can view their network and system processes whilst its running... I can use the "top" command on linux so why can't they do the same with their network to see where everything is going live?
With the low level access they have they could probably change the ESN and the IMEI of the device. However, like changing the VIN of a car, it's illegal. And very illegal... like "don't drop the soap" illegal
. So you can add that to the number of laws the person with the device has broken, and rest assured the law WILL find the guy because every time a phone sends a message to another phone in that area the hacker's phone will be triangulated by the cell towers, since his phone receives all of the signals.http://thomas.loc.gov/cgi-bin/query/z?c112:S.3186.IS:
rudy
[H]F Junkie
- Joined
- Apr 4, 2004
- Messages
- 8,704
Yep people just died while they waited for someone to run miles to a pay phone.
You don't need to wait until the attack is over, I'm presuming they can view their network and system processes whilst its running... I can use the "top" command on linux so why can't they do the same with their network to see where everything is going live?
With the low level access they have they could probably change the ESN and the IMEI of the device. However, like changing the VIN of a car, it's illegal. And very illegal... like "don't drop the soap" illegal
http://thomas.loc.gov/cgi-bin/query/z?c112:S.3186.IS:
But this isn't something that will accidently happen. This is a warning about how phones could be used to take down the entire cell service for a city. So why do they care if they are doing one more illegal thing if they are already doing something illegal by taking down an entire network?
That is like saying if you are going to bomb a building that you wouldn't steal a car to transport the bomb to get it there as grand theft auto is a crime.
I'm not saying they won't do it, I'm just saying it all adds up. It's like when you hear about people (the Fort Hood shooter in this example) that get convicted for 13 counts of murder when you don't possibly need more than 1 count of murder to get a conviction.
Grimlaking
2[H]4U
- Joined
- May 9, 2006
- Messages
- 3,245
We are at an interesting time. Yes cellular infrastructure can be interrupted quite easily. I think it may be time to turn off 2g data/mms texting. Give upgrades to the lowest equivelent 3g models to everyone on a plan for a 2g and be done with it. Trash those older 2g phones in total. Move MMS to the 3g or 4g spectrum.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Because 3g ain't everywhere. No 2g would mean no service in lots of country, that would drastically vary by provider. There are plenty of dinky farm towns in my state that have 4G on Verizon and nothing but 2G service for anybody else.
rudy
[H]F Junkie
- Joined
- Apr 4, 2004
- Messages
- 8,704
lol yeah right look how long it took sprint to close down iDEN. I would love for them to move that stuff faster but it wont happen.
That is probably true. Horizon at sea level on a 100ft tower is ~22 miles depending on where you are in the world so it makes sense.
I think if I was going to resort to cell jamming I would get a regular portable one, wire it to my truck/motorcycle and use it on the freeway though. Can probably get about 100 yards that way.
algierswhodat
Limp Gawd
- Joined
- Jun 3, 2013
- Messages
- 154
if they are the only ones in the theater watching that movie they are better off dead.