jidhage.se

personal thoughts and projects in security

Archive for the month “May, 2012”

A package in the mail

20120521-215655.jpg

When i got home today there was a package for me and suddenly there is another interesting project in the waiting line. So much to do, so little time

Advertisements

A seven year old cell phone…

…what could possibly be fun about that?

Well, there is a project called OsmocomBB which aims to build a fully functional GSM open source firmware and it can run on some well defined models from Motorola. I just bought one of those models on eBay and on a recent visit to NYC, I picked up the package and brought it home with me.

Time to build a cross compile environment and set up that darned USB->UART connection, this is going to be fun!

Open heart surgery

The Scene: You are in the djungle (or rather, on vacation in the family cabin in the woods) and your broadband dongle is physically broken due to low intelligence use of a empty microSIM-card adapter (I refuse to disclose details). You really need to get in contact with civilization.

The Problem: The broadband dongle refuses to accept the SIM, the pins will not connect to the smart card since at least one of them is broken and/or displaced.

The Tools: Safety pin, tape, utility knife and an old rusty hacksaw blade

The operating table and some left over parts…

The Solution: Violence.
I have little to loose since it just isn’t working at the moment. Perhaps I could open up the SIM connector and fix the pins?
Now, the dongle is pretty compact and built more or less solely using surface mounted SMB components and the only possible entry in to the microelectronic fortress was through some really small phillips screws.

Tools of choice

I managed to use the tip of the utility knife to get the two screws out of the way and when a third hidden screw was detected it got the same treatment. Some serious bending, cutting and a 20 minute sawing session later the result was an open SIM tray and the cold fact that two out of eight pins were completely gone – only some miniscule copper ends protruded from the underlying electronics.

The use of precision force in combination with safety pin and utility knife moved the pin ends into a position as close to ideal as possible under the circumstances.

Time to test – SIM into the microSIM adapter, uSIM adapter placed roughly in the correct position and a piece of masking tape to hold it all in place. A short moment of “should-i-relly-put-this-electronic-Frankenstein-monster-in-my-brand-new-MacBookPro” later the dongle was inserted and to my complete surprise the popup asked for the PIN for the SIM!

A fully recovered patient

Not even the curious and not-so-gentle fingers from a 2 year old could kill my creation – it was ALIVE!

The entire purpose of getting online failed since I couldn’t solve the issue anyway, but it didn´t really matter – I was super pleased with the open heart surgery!

Security in telematics

A year ago I got involved in a project with the purpose of examining a telematics solution for one of our clients. The project got me interested and I wanted to learn more – what is the current status in the field? I have a professional history within telecommunications and that made the threshold pretty low for me. I’ll guess a MScEE, a few years of telco and then security is a pretty good combo for looking into telematics security 🙂

Anyway, during the summer I collected a lot of material on the subject and when our annual internal conference was announced the subject for my presentation was an easy choice. One “Best Presentation 2012” – award, two internal reruns, one presentation for a customer and two presentations at conferences later I can look back on an interesting couple of months – and I am just getting started. Another presentation (at the New York University during Omegapoint 10 year anniversary conference) is scheduled and another customer presentation is being planned – great fun!

The remarkable thing is that the presentation is really only on an overview level – still can’t really understand all the interest. There is  a lot to learn and I really would like to get my hands on some hardware in order to be able to perform some REAL testing 🙂

Meanwhile there is still a lot of papers to read.

For those interested in the presentation, there is no audio or video but I have uploaded slide deck to slideshare – links available on the downloads page

Post Navigation