5th Ave Store Opening (CNBC) 18 May 2006

Some forgettable CNBC reporter who managed at least one interesting question of Steve Jobs concerning AMD. Jobs, looking thin and pixelated, and dressed in a black, long-sleeved shirt of indeterminate neck variety, was speaking from the within the new store on Fifth Avenue, in New York.

Most of the interview was about the new store and the retail initiative, which Jobs described as being a “success beyond our wildest dreams.” When queried over the expense of flagship stores, such as the SOHO store in New York, Jobs responded that Apple has “never believed in the philosophy that flagship stores don’t make money,” and they do. To that end, he suggested Apple’s first response to the idea of a store underneath the plaza outside the GM building was, “subterranean, are you crazy?” However, Apple responded with a “crazy” idea of their own, the now famous 32 foot glass cube and brand beacon to generate traffic. Jobs mentioned that of the 300 employees at the store, half will be available for tech support, even at 2:00 AM, and who wouldn’t want to stroll the plaza at that hour with a couple of thousands dollars worth of hardware? The CNBC reporter also asked about the iPhone and was correctly snubbed, but more interesting was the response to a question about AMD chips, one that is well-suited for Da Vinci Code type analysis by Mac nerds on the Internet guessing Apple’s next move. I transcribed as best I could, of course.

You know AMD’s got some interesting products at the very high end of the server space, but the part of the market we concentrate on the most is notebooks and consumer desktops, and for that Intel’s got the best chips. This Yonah chip, the Core Duo that they have right now, is the best chip in the world for notebooks and consumer desktops, so right now Intel’s road map looks very, very strong for the kinds of products—processors—we need for the products we build.

Many will note the “right now” phrase, but I am more intrigued by the tacit admission of the shift away from the tower as the flagship product of Apple Computer. Of course, the fact that Apple has yet to make the transition to Intel for the pro desktops says as much, but it’s still strange to hear from the CEO’s mouth.

source

Cell-site simulators/ imsi catchers

DOWNLOAD IMSI CATHER SOFTWARE AND BUILD YOUR OWN! TO OF COURSE SOLVE SECURITY FLAWS IN YOUR OWN SYSTEM ONLY 

How Cell-Site Simulators Work

Standard Communication

Cellular networks are distributed over geographic areas called “cells.” Each cell is served by one transceiver, also known as a cell-site or base station. Your phone naturally connects with the closest base station to provide you service as you move through various cells.

 

Generally, there are two types of device used by law enforcement that are often referred to interchangeably: passive devices (which we will call IMSI catchers), and active devices (which we will call cell-site simulators.) Passive devices, as a rule, do not transmit any signals. They work by plucking cellular transmissions out of the air, the same way an FM radio works. They then decode (and sometimes decrypt) those signals to find the IMSI of the mobile device and track it.

Active cell-site simulators are much more commonly used by law enforcement, and work very differently from their passive cousins. Cellular devices are designed to connect to the cell site nearby with the strongest signal. To exploit this, cell-site simulators broadcast signals that are either stronger than the legitimate cell sites around them, or are made to appear stronger. This causes devices within range to disconnect from their service providers’ legitimate cell sites and to instead establish a new connection with the cell-site simulator. Cell-site simulators can also take advantage of flaws in the design of cellular protocols (such as 2G/3G/4G/5G) to cause phones to disconnect from a legitimate cell-site and connect to the cell-site simulator instead.  For the purposes of this article we will focus on active cell-site simulators.

It is difficult for most people to know whether or not their phone’s signals have been accessed by an active cell-site simulator, and it is impossible for anyone to know if their phone’s signals have been accessed by a passive IMSI catcher. Apps for identifying the use of cell-site simulators, such as SnoopSnitch, may not be verifiably accurate. Some more advanced tools have been built, which may be more accurate. For instance, security researchers at the University of Washington have designed a system to measure the use of cell-site simulators across Seattle, and EFF researchers have designed a similar system.

What Kinds of Data Cell-Site Simulators Collect

Data collected by cell-site simulators can reveal intensely personal information about anyone who carries a phone, whether or not they have ever been suspected of a crime.

 

Once your cellular device has connected to a cell-site simulator, the cell-site simulator can determine your location and trigger your device to transmit its  IMSI for later identification. If the cell-site simulator is able to downgrade the cellular connection to a 2G/GSM connection then it can potentially perform much more intrusive acts such as intercepting call metadata (what numbers were called or called the phone and the amount of time on each call), the content of unencrypted phone calls and text messages and some types of data usage (such as websites visited).  Additionally, marketing materials produced by the manufacturers of cell-site simulators indicate that they can be configured to divert calls and text messages, edit messages, and even spoof the identity of a caller in text messages and calls on a 2G/GSM network.

How Law Enforcement Uses Cell-Site Simulators

Police can use cell-site simulators to try to locate a person when they already know their phone’s identifying information, or to gather the IMSI (and later the identity) of anyone in a specific area. Some cell-site simulators are small enough to fit in a police cruiser, or even on the vest of an officer, allowing law enforcement officers to drive to multiple locations, capturing from every mobile device in a given area—in some cases up to 10,000 phones at a time. These indiscriminate, dragnet searches include phones located in traditionally protected private spaces, such as homes and doctors’ offices.

Law enforcement officers have used information from cell-site simulators to investigate major and minor crimes and civil offenses. Baltimore Police, for example, have used their devices for a wide variety of purposes, ranging from tracking a kidnapper to trying to locate a man who took his wife’s phone during an argument (and later returned it to her). In one case, Annapolis Police used a cell-site simulator to investigate a robbery involving $56 worth of submarine sandwiches and chicken wings. In Detroit, U.S. Immigration and Customs Enforcement used a cell-site simulator to locate and arrest an undocumented immigrant. In California, the San Bernardino county sheriff’s office used their cell-site simulator over 300 times in a little over a year.

Police may have deployed cell-site simulators at protests. The Miami-Dade Police Department apparently first purchased a cell-site simulator in 2003 to surveil protestors at a Free Trade of the Americas Agreement conference. And it is suspected that they have been used more recently than that during protests against police violence in 2020.

Cell-site simulators are used by the FBI, DEA, NSA, Secret Service, and ICE, as well as the U.S. Army, Navy, Marine Corps, and National Guard. U.S. Marshals and the FBI have attached cell-site simulators to airplanes to track suspects, gathering massive amounts of data about many innocent people in the process. The Texas Observer also uncovered airborne cell-site simulators in use by the Texas National Guard. In 2023 it was revealed that ICE, DHS, and the Secret Service have all used cell-site simulators many times without following their own rules on deployment or getting a warrant.

A recent Congressional Oversight Committee report called on Congress to pass laws requiring a warrant before using cell-site simulators. Some states, such as California, already require a warrant, except in emergency situations.

Who Sells Cell-site Simulators

Harris Corporation is the most well known company providing cell-site simulators to law enforcement. Their Stingray product has become the catchphrase for these devices, but they have subsequently introduced other models, such as Hailstorm, ArrowHead, AmberJack, and KingFish. Harris has stopped selling cell-site simulator technology to local law enforcement agencies but still works with the federal government. Digital Receiver Technology, a division of Boeing, is also a common supplier of the technology, often referred to as “dirtboxes.”

Other sellers of cell-site simulators include Keyw, Octastic, Tactical Support Equipment, Berkeley Varitronics, Cogynte, X-Surveillance, Atos, Rayzone, Martone Radio Technology, Septier Communication, PKI Electronic Intelligence, Datong (Seven Technologies Group), Ability Computers and Software Industries, Gamma Group, Rohde & Schwarz, Meganet Corporation. Manufacturers Septier and Gamma GSM both provide information on what the devices can capture. The Intercept published a secret, internal U.S. government catalogue of various cellphone surveillance devices, as well as an older cell-site simulator manual made available through a Freedom of Information Act request.

Threats Posed by Cell-Site Simulators

Cell-site simulators invade the privacy of everyone who happens to be in a given area, regardless of the fact that the vast majority have not been accused of committing a crime. These are general searches that violate the Fourth Amendment requirement that warrants “particularly” describe who or what is to be searched.

The use of cell-site simulators have been shrouded in government secrecy. Police have used cell-site simulators to track location data without a warrant, by deceptively obtaining “pen register” orders from courts without explaining the true nature of the surveillance. In Baltimore, a judge concluded that law enforcement had intentionally withheld the information from the defense, in violation of their legal disclosure obligations. For a while, police departments tried to keep the use of cell-site simulators secret from not just the public but also the court system, withholding information from defense attorneys and judges—likely due in part to non-disclosure agreements with Harris Corporation. Prosecutors have accepted plea deals to hide their use of cell-site simulators and have even dropped cases rather than revealing information about their use of the technology. U.S. Marshalls have driven files hundreds of miles to thwart public records requests. Police have tried to keep information secret in Sarasota, Florida, Tacoma, Washington, Baltimore, Maryland, and St. Louis, Missouri.

To preserve this secrecy, the FBI told police officers to recreate evidence from the devices, according to a document obtained by the nonprofit investigative journalism outlet Oklahoma Watch.

Cell-site simulators often disrupt cell phone communications within as much as a 500-meter radius of the device, interrupting important communications and even emergency phone calls.  Cell-site simulators have been shown to disproportionately affect low-income communities and communities of color. In Baltimore, the use of cell-site simulators disproportionately impacted African-American communities, according to a map included in an FCC complaint that overlaid where Baltimore Police were using stingrays over census data on the city’s black population.

Cell-site simulators can also disrupt emergency calls, such as 911 in the US, making them not only a menace to privacy but to public safety as well.

Cell-site simulators rely on vulnerabilities in our communications system that the government should help fix rather than exploit.

EFF’s Work on Cell-Site Simulators

For the reasons above, EFF opposes police use of cell site simulators. Insofar as law enforcement agencies are using cell-site simulators in criminal investigations, EFF argues that use should be limited in the following ways:

1. Law enforcement should obtain individualized warrants based on probable cause;
2. Cell-site simulators should only be used for serious, violent crimes;
3. Cell-site simulators should only be used for identifying location of a particular phone;
4. Law enforcement must minimize the collection of data from people who are not the targets of the investigation.
5. Companies making cell-site simulators must confirm that their technology does not disrupt calls to emergency services.

Litigation

We filed a Freedom of Information Act lawsuit to expose and shine light on the U.S. Marshals Service’s use of cell-site simulators on planes.

Along with the ACLU and ACLU of Maryland, we filed an amicus brief in the first case in the country where a judge threw out evidence obtained as a result of using a cell-site simulator without a warrant.

We filed an amicus brief, along with the ACLU, pointing a court to facts indicating that the Milwaukee Police Department secretly used a cell-site simulator to locate a defendant through his cell phone without a warrant in U.S. vs. Damian Patrick. (The government then admitted to having used it.)

Legislation

We were original co-sponsors of the California Electronic Communications Privacy Act (CalECPA), along with the ACLU and the California Newspaper Publisher Association. This law requires California police to get a warrant before using a cell-site simulator. Any evidence obtained from a cell-site simulator without a warrant is inadmissible in court.

EFF supported S.B. 741, which requires transparency measures regarding the use of cell-site simulators. We collected many of these policies.

Further Research

We have written a report on the technical means possibly used by cell-site simulators called “Gotta Catch ‘em All”, and we have developed a proof of concept technical means of detecting cell-site simulators called Crocodile Hunter.

EFF Cases

State of Maryland v. Kerron Andrews

U.S. v. Damian Patrick

EFF v. U.S. Department of Justice

Suggested Additional Reading

Stingray Tracking Devices: Who’s Got Them? (ACLU)

Your Secret Stingray’s No Secret Anymore: The Vanishing Government Monopoly over Cell Phone Surveillance and Its Impact on National Security and Consumer Privacy (Harvard Journal of Law and Technology)

Examining Law Enforcement Use of Cell Phone Tracking Devices (House Oversight Committee)

The Relentless “Eye” Local Surveillance: Its Impact on Human Rights and Its Relationship to National and International Surveillance (Center for Media Justice and others)

Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology (U.S. Department of Justice)

Long-Secret Stingray Manuals Detail How Police Can Spy on Phones  (The Intercept)

A Secret Catalogue of Government Gear for Spying on Your Cellphone (The Intercept)

Cops Turn to Canadian Phone-Tracking Firm After Infamous ‘Stingrays’ Become ‘Obsolete’ (Gizmodo)

source

Detecting IMSI-Catchers by Characterizing Identity Exposing Messages in Cellular Traffic

Tyler Tucker (University of Florida), Nathaniel Bennett (University of Florida), Martin Kotuliak (ETH Zurich), Simon Erni (ETH Zurich), Srdjan Capkun (ETH Zuerich), Kevin Butler (University of Florida), Patrick Traynor (University of Florida)

IMSI-Catchers allow parties other than cellular network providers to covertly track mobile device users. While the research community has developed many tools to combat this problem, current solutions focus on correlated behavior and are therefore subject to substantial false classifications. In this paper, we present a standards-driven methodology that focuses on the messages an IMSI-Catcher textit{must} use to cause mobile devices to provide their permanent identifiers. That is, our approach focuses on causal attributes rather than correlated ones. We systematically analyze message flows that would lead to IMSI exposure (most of which have not been previously considered in the research community), and identify 53 messages an IMSI-Catcher can use for its attack. We then perform a measurement study on two continents to characterize the ratio in which connections use these messages in normal operations. We use these benchmarks to compare against open-source IMSI-Catcher implementations and then observe anomalous behavior at a large-scale event with significant media attention. Our analysis strongly implies the presence of an IMSI-Catcher at said public event ($p << 0.005$), thus representing the first publication to provide evidence of the statistical significance of its findings. source

Detecting IMSI Catchers: Tools, Apps and Methods You Should Know

UPDATE: justcallmekoko has launched a new iteration of the Marauder (v6) for $60, which includes a sleeker look, options for external antennas, and the ability to update its firmware over Wi-Fi and/or SD card.

The original article continues below.

Penetration testers and security analysts looking for an easily-pocketable tool for Bluetooth and Wi-Fi testing purposes have another option, in the form of the ESP32 Marauder from security tester justcallmekoko.

“The Marauder is a portable penetration testing tool created for Wi-Fi and Bluetooth analysis,” the pseudonymous justcallmekoko explains. “It comes installed with a suite of offensive and defensive tools all running on an ESP32. I was inspired to create this tool by Spacehuhn’s deauther project. I wanted to bring similar functionality to the ESP32 and introduce new Bluetooth capabilities to the tool.”

“The tool itself serves as a portable device used to test and analyze Wi-Fi and Bluetooth devices. Use this tool and its firmware with caution as the use of some of its capabilities without explicit consent from the target owner is unlawful in most countries.”

The firmware justcallmekoko has created is compatible with any ESP32-based development board, and designed to provide feedback via a 2.8″ ILI9341-based TFT touchscreen display. The pre-assembled versions take the firmware and install it onto a custom PCB with Espressif ESP32-WROOM chip at its heart and an integrated lithium-polymer charging circuit for power on the go.

The custom PCB is powered by an ESP32-WROOM. (: justcallmekoko)

The entire unit is then enclosed in a 3D-printed chassis, which in the case of the pre-assembled version comes in a selection of colors: black, “Galaxy Black,” neon green, and silver. Justcallmekoko warns, however, that “most of the work so far has been put into designing the hardware,” meaning that the current release has “limited firmware capabilities” — but that development is ongoing to add new features and functionality.

More details on the project can be found on GitHub, where the firmware, hardware, and 3D print files can be downloaded; the pre-assembled ESP32 Marauder, meanwhile, can be purchased from Tindie. source

source

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices.

In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations.

But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”

In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.

The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations.

Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.

The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”

The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

Circumventing Encryption

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes.

One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.

It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.

Previous reports have alleged that the NSA worked with Israel to develop the Stuxnet malware, which was used to sabotage Iranian nuclear facilities. The agency also reportedly worked with Israel to deploy malware called Flame to infiltrate computers and spy on communications in countries across the Middle East.

According to the Snowden files, the technology has been used to seek out terror suspects as well as individuals regarded by the NSA as “extremist.” But the mandate of the NSA’s hackers is not limited to invading the systems of those who pose a threat to national security.

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.

The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

Similar tactics have been adopted by Government Communications Headquarters, the NSA’s British counterpart. As the German newspaper Der Spiegel reported in September, GCHQ hacked computers belonging to network engineers at Belgacom, the Belgian telecommunications provider.

The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.

Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications.

Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.

The implants also track phone calls sent across the network via Skype and other Voice Over IP software, revealing the username of the person making the call. If the audio of the VOIP conversation is sent over the Internet using unencrypted “Real-time Transport Protocol” packets, the implants can covertly record the audio data and then return it to the NSA for analysis.

But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.

“Mass exploitation potential”

Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network.

According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds.

There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious.

Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.

To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second.

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.

The documents show that QUANTUMHAND became operational in October 2010, after being successfully tested by the NSA against about a dozen targets.

According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, it appears that the QUANTUMHAND technique is aimed at targeting specific individuals. But he expresses concerns about how it has been covertly integrated within Internet networks as part of the NSA’s automated TURBINE system.

“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” Blaze says.

“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”

In an email statement to The Intercept, Facebook spokesman Jay Nancarrow said the company had “no evidence of this alleged activity.” He added that Facebook implemented HTTPS encryption for users last year, making browsing sessions less vulnerable to malware attacks.

Nancarrow also pointed out that other services besides Facebook could have been compromised by the NSA. “If government agencies indeed have privileged access to network service providers,” he said, “any site running only [unencrypted] HTTP could conceivably have its traffic misdirected.”

A man-in-the-middle attack is a similar but slightly more aggressive method that can be used by the NSA to deploy its malware. It refers to a hacking technique in which the agency covertly places itself between computers as they are communicating with each other.

This allows the NSA not only to observe and redirect browsing sessions, but to modify the content of data packets that are passing between computers.

The man-in-the-middle tactic can be used, for instance, to covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party. The same technique is sometimes used by criminal hackers to defraud people.

A top-secret NSA presentation from 2012 reveals that the agency developed a man-in-the-middle capability called SECONDDATE to “influence real-time communications between client and server” and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet anonymity service Tor.

But SECONDDATE is tailored not only for “surgical” surveillance attacks on individual suspects. It can also be used to launch bulk malware attacks against computers.

According to the 2012 presentation, the tactic has “mass exploitation potential for clients passing through network choke points.”

Blaze, the University of Pennsylvania surveillance expert, says the potential use of man-in-the-middle attacks on such a scale “seems very disturbing.” Such an approach would involve indiscriminately monitoring entire networks as opposed to targeting individual suspects.

“The thing that raises a red flag for me is the reference to ‘network choke points,’” he says. “That’s the last place that we should be allowing intelligence agencies to compromise the infrastructure – because that is by definition a mass surveillance technique.”

To deploy some of its malware implants, the NSA exploits security vulnerabilities in commonly used Internet browsers such as Mozilla Firefox and Internet Explorer.

The agency’s hackers also exploit security weaknesses in network routers and in popular software plugins such as Flash and Java to deliver malicious code onto targeted machines.

The implants can circumvent anti-virus programs, and the NSA has gone to extreme lengths to ensure that its clandestine technology is extremely difficult to detect. An implant named VALIDATOR, used by the NSA to upload and download data to and from an infected machine, can be set to self-destruct – deleting itself from an infected computer after a set time expires.

In many cases, firewalls and other security measures do not appear to pose much of an obstacle to the NSA. Indeed, the agency’s hackers appear confident in their ability to circumvent any security mechanism that stands between them and compromising a computer or network. “If we can get the target to visit us in some sort of web browser, we can probably own them,” an agency hacker boasts in one secret document. “The only limitation is the ‘how.’”

Covert Infrastructure

The TURBINE implants system does not operate in isolation.

It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.

The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England.

The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet.

When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.

The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.

Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.

Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.

GCHQ, the British agency, has taken on a particularly important role in helping to develop the malware tactics. The Menwith Hill satellite eavesdropping base that is part of the TURMOIL network, located in a rural part of Northern England, is operated by the NSA in close cooperation with GCHQ.

Top-secret documents show that the British base – referred to by the NSA as “MHS” for Menwith Hill Station – is an integral component of the TURBINE malware infrastructure and has been used to experiment with implant “exploitation” attacks against users of Yahoo and Hotmail.

In one document dated 2010, at least five variants of the QUANTUM hacking method were listed as being “operational” at Menwith Hill. The same document also reveals that GCHQ helped integrate three of the QUANTUM malware capabilities – and test two others – as part of a surveillance system it operates codenamed INSENSER.

GCHQ cooperated with the hacking attacks despite having reservations about their legality. One of the Snowden files, previously disclosed by Swedish broadcaster SVT, revealed that as recently as April 2013, GCHQ was apparently reluctant to get involved in deploying the QUANTUM malware due to “legal/policy restrictions.” A representative from a unit of the British surveillance agency, meeting with an obscure telecommunications standards committee in 2010, separately voiced concerns that performing “active” hacking attacks for surveillance “may be illegal” under British law.

In response to questions from The Intercept, GCHQ refused to comment on its involvement in the covert hacking operations. Citing its boilerplate response to inquiries, the agency said in a statement that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight.”

Whatever the legalities of the United Kingdom and United States infiltrating computer networks, the Snowden files bring into sharp focus the broader implications. Under cover of secrecy and without public debate, there has been an unprecedented proliferation of aggressive surveillance techniques. One of the NSA’s primary concerns, in fact, appears to be that its clandestine tactics are now being adopted by foreign rivals, too.

“Hacking routers has been good business for us and our 5-eyes partners for some time,” notes one NSA analyst in a top-secret document dated December 2012. “But it is becoming more apparent that other nation states are honing their skillz [sic] and joining the scene.” source

During the course of the investigation, while ANOM’s criminal users unknowingly promoted and communicated on a system operated lawfully by the FBI, agents catalogued more than 27 million messages between users around the world who had their criminal discussions reviewed, recorded, and translated by the FBI, until the platform was taken down yesterday.

The users, believing their ANOM devices were protected from law enforcement by the shield of impenetrable encryption, openly discussed narcotics concealment methods, shipments of narcotics, money laundering, and in some groups—violent threats, the indictment said. Some users negotiated drug deals via these encrypted messages and sent pictures of drugs, in one instance hundreds of kilograms of cocaine concealed in shipments of pineapples and bananas, and in another instance, in cans of tuna, in order to evade law enforcement.

The indictment charges 17 alleged distributors of the FBI’s devices and platform. They are charged with conspiring to violate the Racketeer Influenced and Corrupt Organizations Act (RICO), pertaining to their alleged involvement in marketing and distributing thousands of encrypted communication devices to transnational criminal organizations worldwide.

During the last 24 to 48 hours, in addition to the more than 500 arrests around the world, authorities searched more than 700 locations deploying more than 9,000 law enforcement officers worldwide and seized multi-ton quantities of illicit drugs.

CLICK HERE – Video Messages from International Partners

Grand totals for the entire investigation include 800 arrests; and seizures of more than 8 tons of cocaine; 22 tons of marijuana; 2 tons of methamphetamine/amphetamine; six tons of precursor chemicals; 250 firearms; and more than $48 million in various worldwide currencies. Dozens of public corruption cases have been initiated over the course of the investigation. And, during the course of the investigation, more than 50 clandestine drug labs have been dismantled. One of the labs hit yesterday was one of the largest clandestine labs in German history.

“This was an unprecedented operation in terms of its massive scale, innovative strategy and technological and investigative achievement,” said Acting U.S. Attorney Randy Grossman. “Hardened encrypted devices usually provide an impenetrable shield against law enforcement surveillance and detection. The supreme irony here is that the very devices that these criminals were using to hide from law enforcement were actually beacons for law enforcement. We aim to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI.”

“Today marks the culmination of more than five years of innovative and complex investigative work strategically aimed to disrupt the encrypted communications space that caters to the criminal element,” said Suzanne Turner, Special Agent in Charge of the Federal Bureau of Investigation (FBI) – San Diego Field Office.  “The FBI has brought together a network of dedicated international law enforcement partners who are steadfast in combating the global threat of organized crime. The immense and unprecedented success of Operation Trojan Shield should be a warning to international criminal organizations  – your criminal communications may not be secure; and you can count on law enforcement worldwide working together to combat dangerous crime that crosses international borders.”

“Operation Trojan Shield is a perfect example of an OCDETF case – an investigation driven by intelligence and maximizing the strengths of partner law enforcement agencies in coordinated efforts to dismantle command and control elements of criminal networks,” said OCDETF Director Adam W. Cohen.  “Coordination is the cornerstone of the OCDETF program, and the impressiveness of the combined efforts of the U.S. Attorney’s Office, FBI, and our foreign partners cannot be overstated.  This effort has created lasting disruptive impacts to these transnational criminal organizations.”

“The AFP and FBI have been working together on a world-first operation to bring to justice the organised crime gangs flooding our communities with drugs, guns and violence,” said AFP Commissioner Reece Kershaw APM. “The FBI provided an encrypted communications platform while the AFP deployed the technical capability which helped unmask some of the biggest criminals in the world. This week the AFP and our state police partners will execute hundreds of warrants and we expect to arrest hundreds of offenders linked to the platform. This is the culmination of hard work, perseverance and an invaluable, trusted relationship with the FBI.

We thank the FBI for their long and integral partnership with the AFP.”

Europol’s Deputy Executive Director Jean-Philippe Lecouffe: “This operation is an exceptional success by the authorities in the United States, Sweden, the Netherlands, Australia, New Zealand and the other European members of the Operational Task Force. Europol coordinated the international law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target organised crime and drug trafficking organisations, wherever they are and however they choose to communicate. I am very satisfied to see Europol supporting this operation and strengthen law enforcement partnerships by emphasizing the multi-agency aspect of the case.”

“I am exceptionally proud of our New Zealand Police staff who supported Operation Trojan Shield,” said New Zealand Police Commissioner Andrew Coster. “This operation will have an unprecedented impact on organised crime syndicates across the globe. We value our strong relationship with the FBI, AFP and Europol and it is through these partnerships and the unrelenting efforts by law enforcement agencies from multiple countries that this operation has seen such incredible success This is a fantastic result and reiterates the importance of our transnational partnerships with law enforcement agencies across the globe in our common ongoing efforts to dismantle organised crime groups and the enormous harm they cause to our communities.”

“This remarkably successful operation demonstrates what can be accomplished when law enforcement agencies throughout the world work together,” said DEA Los Angeles Division Special Agent in Charge Bill Bodner. “Through strong relationships with our partners in more than 67 countries, professionals throughout the DEA, including experts in the Los Angeles Division, supported this unprecedented collaboration and our own mission to disrupt and dismantle the criminal organizations that profit from the distribution of illegal drugs.”

According to the San Diego indictment, ANOM’s administrators, distributors, and agents described the platform to potential users as “designed by criminals for criminals” and targeted the sale of ANOM to individuals that they knew participated in illegal activities.

All defendants are foreign nationals located outside of the U.S. In total, eight of the indicted defendants were taken into custody last night.  Authorities are continuing to search for the remaining nine defendants.

The indictment alleges the defendants knew the devices they distributed were being used exclusively by criminals to coordinate drug trafficking and money laundering, including in the U.S. The defendants personally fielded “wipe requests” from users when devices fell into the hands of law enforcement.

The FBI’s review of ANOM users’ communications worked like a blind carbon copy function in an email. A copy of every message being sent from each device was sent to a server in a third-party country where the messages were collected and stored. The data was then provided to the FBI on a regular basis pursuant to an international cooperation agreement. Communications such as text messages, photos, audio messages, and other digital information were reviewed by the FBI for criminal activity and disseminated to partner law enforcement agencies in other countries. Each user was using ANOM for a criminal purpose. Those countries have built their own cases against ANOM users, many of whom were arrested in takedowns in Europe, Australia and New Zealand over the last several days.

Intelligence derived from the FBI’s communications platform presented opportunities to disrupt major drug trafficking, money laundering, and other criminal activity while the platform was active. For example, over 150 unique threats to human life were mitigated.

This operation was led by the FBI and coordinated with the U.S. Drug Enforcement Administration, the U.S. Marshals Service, Australian Federal Police, Swedish Police Authority, National Police of the Netherlands, Lithuanian Criminal Police Bureau, Europol, and numerous other law enforcement partners from over a dozen other countries.

This investigation began after Canada-based encrypted device company Phantom Secure was dismantled by the FBI in 2018 through a San Diego-based federal RICO indictment and court-authorized seizure of the Phantom Secure platform, forcing many criminals to seek other secret communication methods to avoid law enforcement detection. The FBI—along with substantial contributions by the Australian Federal Police—filled that void with ANOM.

When the FBI and the San Diego U.S. Attorney’s Office dismantled Sky Global in March 2021, the demand for ANOM devices grew exponentially as criminal users sought a new brand of hardened encryption device to plot their drug trafficking and money laundering transactions and to evade law enforcement.  Demand for ANOM from criminal groups also increased after European investigators announced the dismantlement of the EncroChat platform in July 2020. The ANOM platform – unlike Phantom Secure, EncroChat, and Sky Global – was exploited by the FBI from the very beginning of ANOM’s existence and was not an infiltration of an existing popular encrypted communications company.

In October 2018, Phantom Secure’s CEO pleaded guilty to a RICO conspiracy in the Southern District of California.  He was sentenced to nine years in prison and ordered to forfeit $80 million in proceeds from the sale of Phantom devices.

For further information, please see https://www.justice.gov/usao-sdca/pr/chief-executive-communications-company-sentenced-prison-providing-encryption-services and https://www.justice.gov/usao-sdca/pr/sky-global-executive-and-associate-indicted-providing-encrypted-communication-devices.

Operation Trojan Shield is an Organized Crime Drug Enforcement Task Forces (OCDETF) investigation.  OCDETF identifies, disrupts, and dismantles the highest-level drug traffickers, money launderers, gangs, and transnational criminal organizations that threaten the United States by using a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state, and local law enforcement agencies against criminal networks.

Assistant U.S. Attorneys Meghan E. Heesch, Joshua C. Mellor, Shauna Prewitt, and Mikaela Weber of the U.S. Attorney’s Office for the Southern District of California are prosecuting the case, with assistance from Paralegal Specialist Tracie Jarvis.  Former Assistant U.S. Attorney Andrew P. Young made invaluable contributions during his tenure on the case team.

Acting U.S. Attorney Grossman praised federal prosecutors and FBI agents and international law enforcement partners for their relentless pursuit of justice in this extraordinary case. Additionally, Acting U.S. Attorney Grossman thanked the coordinated efforts of the Department of Justice’s Office of International Affairs which facilitated many international components of this complex investigation.

The charges and allegations contained in an indictment are merely accusations, and the defendants are considered innocent unless and until proven guilty.

DEFENDANTS  21-CR-1623-JLS	COUNTRY
*Joseph Hakan Ayik (1)
Domenico Catanzariti (2)	Australia
*Maximilian Rivkin (3)
Abdelhakim Aharchaou (4)	The Netherlands
*Seyyed Hossein Hosseini (5)
Alexander Dmitrienko (6)	Spain
*Baris Tukel (7)
*Erkan Yusef Dogan (8)
*Shane Geoffrey May (9)
Aurangzeb Ayub (10)	The Netherlands
James Thomas Flood (11)	Spain
*Srdjan Todorovic aka Dr. Djek (12)
*Shane Ngakuru (13)
Edwin Harmendra Kumar (14)	Australia
Omar Malik (15)	The Netherlands
Miwand Zakhimi (16)	The Netherlands
*Osemah Elhassen (17)
*Fugitive

 

SUMMARY OF CHARGES

Conspiracy to Conduct Enterprise Affairs Through Pattern of Racketeering Activity (RICO Conspiracy), in violation of 18 U.S.C. § 1962(d)

Maximum Penalty: Twenty years in prion

AGENCIES

Federal Bureau of Investigation

Drug Enforcement Administration

United States Marshals Service

Department of Justice, Office of International Affairs

Australian Federal Police

Swedish Police Authority

Lithuanian Criminal Police Bureau

National Police of the Netherlands

EUROPOL

 

For further information, please see

https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication

https://www.afp.gov.au/news-media/media-releases/afp-led-operation-ironside-smashes-organised-crime

Encrypted Phone Company Was Secretly Commandeered by FBI to Track Criminals’ GPS Data

The agency’s backdoor access to Anom phones collected the locations of users across the world, transferring the data to authorities.

FBI Sold Criminals Fake Encrypted Phones That Actually Copied Their Messages

The Anom company helped international law enforcement arrest over 800 suspected criminals in what marks the FBI’s latest attempt to overcome encryption.

An encrypted chat platform that catered to criminals is actually an FBI sting operation.

Since 2019, the FBI has been secretly operating Anom, a company that pretended to offer encrypted messaging to criminal organizations. In reality, the Anom app would relay to federal investigators a copy of every message sent.

The operation enabled the FBI and international law enforcement to arrest over 800 suspected criminals across the globe, according to Europol.

Anom ended up serving more than 12,000 devices belonging to over 300 criminal organizations, including the Italian mafia, outlaw motorcycle gangs, and crime syndicates based in Asia. The encrypted chat platform recorded messages covering assassination plots, mass drug trafficking, and illegal gun distribution.

The operation marks US law enforcement’s latest attempt to circumvent encryption on smartphones. For years now, the FBI has been urging Apple to create a backdoor into its iPhones, citing the need to collect evidence against suspected criminals. Apple has thus far refused, so the agency has contracted professional smartphone hacking services to help it unlock devices seized in investigations.

“When we took down Phantom Secure in 2018, we found the criminal organizations moved quickly to back-up options with other encrypted platforms,” said FBI San Diego Assistant Special Agent in Charge Jamie Arnold in a statement.

As a result, the FBI and its law enforcement partners attempted to fill the void with Anom. According to Vice, a confidential source who sold phones using Phantom Secure had been developing their own encrypted chat platform; the source then offered up the platform to the FBI, which began working to circulate Anom in criminal underground circles.

According to Australian Federal Police, the Anom encrypted messaging app was installed on special phones that had been stripped of other capabilities. “The mobile phones, which were bought on the black market, could not make calls or send emails. It could only send messages to another device that had the organized crime app. Criminals needed to know a criminal to get a device,” Australian Federal Police added.

To market itself, Anom also had its own YouTube, Twitter, Facebook, and Reddit pages, which advertised the app as a secure communications platform.

The FBI has since replaced the Anom.io website with a notice that says: “Law enforcement has been monitoring messages and attachments from the ANØM platform. A number of investigations have been initiated and are ongoing.” Users of Anom can learn if they’re under investigation by typing in their username and smartphone details into a form on the site. SOURCE

We Got the Phone the FBI Secretly Sold to Criminals

Unlocking the Google Pixel 4a with a PIN code reveals some common apps: Tinder, Instagram, Facebook, Netflix, and even Candy Crush. But none of those apps work, and tapping their icons doesn’t do anything. Resetting the phone and typing in another PIN opens up an entirely different section of the device, with a new background and new apps. Now in place of the old apps sit a clock, a calculator, and the device’s settings.

“Enter Anom ID” and a password, the screen reads. Hidden in the calculator is a concealed messaging app called Anom, which last month we learned was an FBI honeypot. On Anom, criminals believed they could communicate securely, with the app encrypting their messages. They were wrong: an international group of law enforcement agencies including the FBI were monitoring their messages and announced hundreds of arrests last month. International authorities have held press conferences to tout the operation’s success, but have provided few details on how the phones actually functioned.

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn’t an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app.

The person Motherboard bought the phone from said they panicked “when I realised what I had just purchased.” Motherboard granted the person anonymity to protect them from any retaliation.

When booting up the phone, it displays a logo for an operating system called “ArcaneOS.” Very little information is publicly available on ArcaneOS. It’s this detail that has helped lead several people who have ended up with Anom phones to realize something was unusual about their device. Most posts online discussing the operating system appear to be written by people who have recently inadvertently bought an Anom device, and found it doesn’t work like an ordinary phone. After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries. They said they contacted the Australian Federal Police (AFP) in case the phone or the person who sold it was of interest to them; when the AFP didn’t follow up, the person agreed to sell the phone to Motherboard for the same price they paid. They said they originally bought it from a site similar to Craigslist.

Another person Motherboard spoke to who bought one of the phones said they were in Lithuania.

“I bought this phone online, for ridiculously low price, now I understand why,” that second person said. That person also provided Motherboard with photos and a video of their device. In that case, the Anom login screen appeared inaccessible, but other settings such as the decoy PIN code remained. “Probably this phone was used by some drug dealer :D,” they said.

For the past few months, members of Android hobbyist and developer forums have been trying to help the people who bought the strange phones return them to a usable state.

“I cannot install any apps because there is no [App Store], everything has been removed,” one person who said they bought the phone second-hand wrote on a German language forum in March, before the FBI and its partners stopped the operation.

“If he also had access to/data, he could change all of the cell phone’s settings manually,” one forum user replied.

“That’s strange… You have the boot screen saying that the phone has been modified, yet you seem to have a locked bootloader… Doesn’t make any sense to me :/,” a user on another forum replied to someone facing similar issues.

“I have the same thing. A friend got a used pixel 4a and it’s running arcaneos with the same issues described by the OP. Nothing works when attempting to flash,” someone else added to the thread.

After Motherboard determined that ArcaneOS was linked to the Anom devices and had bought the phone, someone else on one of the forums also made the connection.

“This is a phone the used with that FBI ANON [sic] application to read the message with the users,” a user wrote on a thread. That user did not respond to a request for comment on how they also came to the same conclusion.

The Phone

Besides ArcaneOS, the phone has a few other interesting features and settings.

Ordinarily, Android phones have a setting to turn location tracking off or on. There appears to be no setting for either on this device.

The phone offers “PIN scrambling,” where the PIN entry screen will randomly rearrange the digits, potentially stopping third-parties from figuring out the device’s passcode if watching someone type it in. The status bar at the top of the screen includes a shortcut for what appears to be a wipe feature on the phone, with an icon showing a piece of paper going through a shredder. Users can also set up a “wipe code,” which will wipe the device from the lockscreen, and configure the phone to automatically wipe if left offline for a specific period of time, according to the phone’s settings reviewed by Motherboard.

Encrypted phone companies typically offer similar data destruction capabilities, and at least in some cases companies have remotely wiped phones while they’re in authorities’ possession, hindering investigations. The Department of Justice has charged multiple people who allegedly worked for Anom in part for obstructing law enforcement by using this wipe feature.

Daniel Micay, lead developer of security and privacy focused Android operating system GrapheneOS, also provided Motherboard with images someone had recently sent him of a third Anom device. That phone was a Google Pixel 3a, suggesting Anom loaded its software onto multiple iterations of phones over time, and the Anom login screen was not immediately accessible.

“The calculator theoretically opens chat but it doesn’t work anymore. They said it requires entering a specific calculation,” Micay said. “Quite amusing security theater.”

Micay said others claimed that Anom used GrapheneOS itself, but “it sounds like they may have advertised it to some people by saying it uses GrapheneOS but it has no basis.”

“Basically [it] sounds like people have heard of GrapheneOS so these companies either use it in some way (maybe actual GrapheneOS, maybe a fork) or just claim they did when they didn’t,” he said.

The phone obtained by Motherboard and the one included in the video both have an identical list of contacts saved to the innocuous looking section of the device. However, at least some of these appear to be placeholder contacts generated by a specific tool available on Github. None of the people included in the contact list responded to a request for comment.

With its wipe features and the hidden user interface, the Anom device does look like one from any of the other encrypted phone firms that serious organized criminals have used in the past, such as Encrochat and Phantom Secure. That was very much on purpose, according to Andrew Young, a partner in the Litigation Department in law firm Barnes & Thornburg’s San Diego office and former Department of Justice lead prosecutor on the Anom case.

“We can’t just run a good investigation; we have to run a good company,” he previously told Motherboard in a phone call. That included providing customer service and solving users’ tech issues, and potentially dealing with hackers who may target the company too.

Anom started when an FBI confidential human source (CHS), who had previously sold devices from Phantom Secure and another firm called Sky Global, was developing their own product. The CHS then “offered this next generation device, named ‘Anom,’ to the FBI to use in ongoing and new investigations,” court documents read.

In June the FBI and its law enforcement partners in Australia and Europe announced over 800 arrests after they had surreptitiously been listening in on Anom users’ messages for years. In all, authorities obtained over 27 million messages from over 11,800 devices running the Anom software in more than 100 countries by silently adding an extra encryption key which allowed agencies to read a copy of the messages. People allegedly smuggling cocaine hidden inside cans of tuna, hollowed out pineapples, and even diplomatic pouches all used Anom to coordinate their large-scale trafficking operations, according to court documents.

The FBI declined to comment. SOURCE

Yes, you can use Signal without sharing your personal phone number. Here’s how I did it.

THE MESSAGING APP Signal is described by security professionals as utilizing the gold standard of cryptography. Unlike many competitors, its default is end-to-end encryption — and on top of that, the app minimizes the amount of information it stores about users. This makes it a powerful communication tool for those seeking a private and secure means of chatting, whether it’s journalists and their sources, activists and human rights defenders, or just ordinary people who want to evade the rampant data-mining of Big Tech platforms.

Signal continues to introduce privacy-enhancing features such as usernames that can be used in lieu of phone numbers to chat with others — preventing others from finding you by searching for your phone number. But the app still requires users to provide a working phone number to be able to sign up in the first place.

For privacy-conscious individuals, this can be a problem.

In response to subpoena requests, Signal can reveal phone numbers. Relying on phone numbers has also led to security and account takeover incidents. Not to mention that the phone number requirement costs Signal more than $6 million annually to implement.

Signal insists on its site that phone numbers are a requirement for contact discovery and to stymie spam. (Signal did not respond to a request for comment). Other encrypted messaging platforms such as Session and Wire do not require phone numbers.

There are some ways around Signal’s phone number policy that involve obtaining a secondary number, such as using temporary SIM cards, virtual eSIMs, or virtual numbers. But these approaches involve jumping through hoops to set up anonymous payment measures to procure the secondary numbers. And sometimes they don’t work at all (that was my experience when I tried using a Google Voice number to sign up for Signal).

I wanted a way to get a Signal account without leaving any sort of payment trail — a free and anonymous alternative. And thus began my long and tedious journey of registering Signal with a pay phone.

Finding a Pay Phone

The first step was actually finding a pay phone, a task which is dismally daunting in 2024.

The Payphone Project lists around 750,000 pay phones, but after attempting to cross-check a sampling of the hundreds of alleged pay phones in my town with Google Street View and Google Earth satellite images, I came to the quick realization that the list was woefully outdated. Many of these phones no longer exist.

A Google Maps search for pay phones in my area brought up of a half-dozen pins. Using Street View, I found that four locations seemed to have something resembling a pay phone box. Trekking out to them, however, revealed that one no longer had a pay phone, though discoloration of the store façade revealed the precise spot the pay phone used to be; another pay phone looked like it had been the victim of a half-hearted arson attack; the third and fourth lacked dial tones.

Asking on a community subreddit resulted in suggestions that once again led me to places without any working pay phones, or posts berating me for needing a pay phone in 2024 and inquiring about the legality of the endeavors I wished to pursue which would necessitate pay phone usage.

Failing at finding a functional pay phone through a systemic approach, I resorted to brute opportunism — keeping my eyes peeled for pay phones as I went through the dull drudgery of a modern life made ever bleaker by the lack of public phone access.

A Working Pay Phone, That Is

I didn’t just need to find a working pay phone — no small feat in 2024. I also needed to find one able to receive incoming calls, so I could get Signal’s activation message.

On a recent visit to Tampa, where I travel annually to discuss security matters and set things on fire, I spotted a pay phone while leaving Busch Gardens. Picking up the receiver, I was delighted to hear the telephonic equivalent of a pulse: a dial tone.

Now that I had a phone with a dial tone, the next step was to test whether it could receive incoming calls. This is because Signal’s registration process requires a phone number that can either receive a text message or a verification call.

To test whether a pay phone can receive incoming calls, you need to know one thing: the pay phone’s own phone number. Some pay phones reveal their numbers on the phones themselves, but not always.

If the number isn’t listed on the phone — it wasn’t in this case — there’s a workaround that doesn’t involve a paper trail leading back to your cellphone. Use the pay phone to call what’s known as an ANAC (automatic number announcement circuit), which provides an ANI (automatic number identification) service. In other words, it’s a phone number you can call which then reads out the phone number you are calling from. Lists of ANAC numbers have been bantered about for years, though like pay phone lists, almost all are now defunct.

One stalwart ANAC number that has withstood the test of time for over 30 years, however, is 1-800-444-4444. Feel free to try it. Call the number, and it should read yours back to you.

Back at Busch Gardens, I rang up the ANAC and had a number read back to me. The next and final step was to test whether the number actually accepted incoming calls. Unfortunately, when I called the number the ANAC line had read back to me, I reached the Busch Gardens main line, asking me to enter my party’s extension. In other words, this wasn’t actually the pay phone’s number, it was just the general theme park number.

Days later, during a layover on my trip home from Tampa, I noticed a small bay of pay phones at a small regional airport. I repeated the above rigamarole, and lo and behold, when I called the pay phone’s number from the neighboring pay phone, I was able to answer and talk to myself. Finally, success.

I took out a burner phone on which I wanted to set up Signal, which had no SIM or eSIM of any kind, and proceeded to enter the pay phone’s phone number when setting up Signal. Signal first insists on attempting to send a verification code via an SMS text message, so you have to initially go through that fruitless route. But after a few minutes, you can then select the option to receive the verification code via a voice call.

Moments later, the pay phone rang, and I was finally able to set up a Signal account.

The next and final step was to set up a PIN and enable a registration lock so that someone else wouldn’t be able to take over the account by going to the same pay phone and registering their own version of Signal with that same number. The registration lock expires after a week of inactivity, so you also have to keep using the Signal account. It took a while, owing to Signal’s onerous registration requirements coupled with the increasing lack of public phone access, but in the end I proved there is a way to use Signal with an untraceable phone number.

A Step-by-Step Guide

1. Obtain a phone. It doesn’t need to have an active phone number associated with it, and can be either an old phone you have around or a dedicated burner phone.
2. Locate a pay phone. 
3. Find the pay phone’s phone number (call 1-800-444-4444 if it’s not written on the phone).
4. Make sure the pay phone can receive incoming calls.
5. Enter the pay phone number into Signal, and use the ‘Call me’ option to receive a verification call (this option shows up only after the SMS timer runs out).
6. Input the confirmation code, set up a PIN and enable Registration Lock in the Signal app. 

source

SIGNAL’S NEW USERNAMES HELP KEEP THE COPS OUT OF YOUR DATA

Ephemeral usernames instead of phone numbers safeguard privacy — and makes Signal even harder to subpoena.

an assistant U.S. attorney issued a subpoena to Signal demanding that the messaging app hand over information about one of its users. Based on a phone number, the federal prosecutors were asking for the user’s name, address, correspondence, contacts, groups, and call records to assist with an FBI investigation. Two weeks later, the American Civil Liberties Union responded on behalf of Signal with just two pieces of data: the date the target Signal account was created, and the date that it last connected to the service.

That’s it. That’s all Signal turned over because that’s all Signal itself had access to. As Signal’s website puts it, “It’s impossible to turn over data that we never had access to in the first place.” It wasn’t the first time Signal has received data requests from the government, nor was it the last. In all cases, Signal handed over just those two pieces of data about accounts, or nothing at all.

Elon Musk says he will ban Apple devices at his companies.

Apple announced earlier on Monday that it would integrate OpenAI’s technology into its iPhones. When users are speaking to Siri, it will be able to hand off some queries to ChatGPT, OpenAI’s large language model.

Mr Musk said that such an update would be an “unacceptable security violation”.

“If Apple integrates OpenAI at the OS level, then Apple devices will be banned at my companies. That is an unacceptable security violation,” he wrote on X, formerly known as Twitter, the platform he owns.

“And visitors will have to check their Apple devices at the door, where they will be stored in a Faraday cage.” A Faraday cage is a closed box that stops wireless signals coming in or going out.

Mr Musk’s ban would presumably affect SpaceX and Tesla, in addition to X.

Apple had said earlier that the feature would be released later this year. OpenAI confirmed that its technology would be broadly integrated into the operating system.

Both OpenAI and Apple stressed that it would include privacy protections. “Requests are not stored by OpenAI, and users’ IP addresses are obscured,” OpenAI said in its announcement.

The integration will mean that Siri requests can also be sent to ChatGPT. It will be able to handoff questions – as well as documents and photos – for help.

It will also be available within a new Apple system called “Writing Tools”. That allows users to generate content for their writing, or have their documents re-written in fewer words or in different styles.

And Apple will also integrate OpenAI’s image generation technologies so that they can create illustrations to sit alongside their documents.

All of the features are part of a suite of features called “Apple Intelligence”. While that mostly relies on Apple’s own technologies, it also integrates those from OpenAI.

OpenAI chief executive Sam Altman was present at Apple’s Worldwide Developer Conference, where the new features were released, through he did not appear during the presentation.

Mr Musk and OpenAI have a long and complicated history. He was one of the founders of the company when it launched at the end of 2015 – but has become gradually more hostile towards it, criticising it for failing to live up to its founding principles.

He has since sued the company and Mr Altman, accusing them of prioritising profits and failing to live up to its original mission. In response, OpenAI said that it rejected all of Mr Musk’s claims.

Mr Musk has also had an occasionally contentious relationship with Apple.

In 2022, he publicly attacked Apple and its chief executive Tim Cook over the cut it takes from payments made on the iPhone. Soon after, Mr Musk met with Mr Cook at Apple’s headquarters.

The Independent is the world’s most free-thinking news brand, providing global news, commentary and analysis for the independently-minded. We have grown a huge, global readership of independently minded individuals, who value our trusted voice and commitment to positive change. Our mission, making change happen, has never been as important as it is today. source

read more about this topic directly from TIM COOK, Apple’s CEO

Apple Finally Unveils IPhone AI Features: ‘The Next Big Step’

What is Apple intelligence? The new AI tools that want to transform your iPhone

New tools only available to those with the most expensive iPhones

Apple has finally revealed its response to the current hype over AI: its own technology called “Apple Intelligence”.

The tools are a “personal intelligence system for iPhone, iPad, and Mac that combines the power of generative models with personal context to deliver intelligence that’s incredibly useful and relevant”, Apple said as it announced the feature.

In some ways they are similar to the AI tools that have been announced by most major technology companies in recent months. After the update, iPhones will be able to liaise with ChatGPT and create images using generative AI.

Apple rolled out details for its generative artificial intelligence initiatives—known as “Apple Intelligence”—for the first time Monday, laying out what could be the next big reason for iPhone users to upgrade their devices.

Read more about what ELON MUSK will do to ALL EMPLOYEES WITH AN iPHONE if……

Elon Musk says he will ban iPhone and other Apple devices

Fake Cell Towers Allow the NSA and Police to Keep Track of You

The Internet is abuzz with reports of mysterious devices sprinkled across America—many of them on military bases—that connect to your phone by mimicking cell phone towers and sucking up your data. There is little public information about these devices, but they are the new favorite toy of government agencies of all stripes; everyone from the National Security Agency to local police forces are using them.

These fake towers, known as “interceptors,” were discovered in July by users of the CryptoPhone500, one of the ultra-secure cell phones released after Edward Snowden’s leaks about NSA snooping. The phone is essentially a Samsung Galaxy S3 customized with high-level encryption that costs around $3,500. While driving around the country, CryptoPhone users plotted on a map every time they connected to a nameless tower (standard towers run by wireless service providers like Verizon usually have names) and received an alert that the device had turned off their phone’s encryption (allowing their messages to be read).

Map showing the location of rogue cell towers identified by the firewall on CryptoPhones in August via ESD America, a defense and law enforcement technology provider based in Las Vegas.

While the abilities of these interceptors vary, the full-featured versions available to government agencies are capable of a panoply of interceptions. For example, the VME Dominator can capture calls and texts, and can even control the intercepted phone. (In an interview with NBC, Snowden revealed that with this kind of technology the NSA is capable of turning on a powered-down phone and essentially using it as a bug.)

This NSA-style surveillance is spreading to local cops. A growing number of police departments are using tower-mimicking devices, “stingrays,” to track a cell phone’s location and extract call logs. Though little is known about the use of these devices, watchdog groups have scored small victories in their attempts to punch through this veil of secrecy. The map below, courtesy of the ACLU, shows how the use of stingrays is spreading. The map also shows that despite the ALCU’s greatest efforts, it is unable to uncover information about stingray use in most of the country.

A recent case provided a glimpse into what stingrays can do and how they are being used.

Awesome Resources explains how anyone with a mobile interception device can intercept cellular data

Mobile networks are dominant in the age of communication and are used to relay mobile communication signals to Public Switched Telephone Networks (PSTN). There is a lot of information that is exchanged on a daily basis. But is your mobile network confidential?

Even though it started out as an ethical technology for security, there are reports about the misuse of the technology doing the rounds.

However, for those concerned about their privacy during calls, using tools like Call Recorder iCall can provide an added layer of security by recording and securely storing conversations.

How does mobile interception work?

There are three types of mobile networks – NGN (Next Generation Networks like 3G, 4G, and 5G), GSM (Global System for Mobile communications) and CDMA (Code Division Multiple Access). All three of them are targets of multiple surveillance technologies.

When the mobile phone data travels over these networks, they are passively intercepted between the mobile phone and the base station it is communicating to. Both uplink signal (outgoing voice or data) and downlink (incoming voice or data) signals can be intercepted.

Who can intercept your mobile signal?

Mobile Interception technology is extensively used by law enforcement agencies, military & defense, or authorities like government and federal & local law enforcement agencies (LEAs). These are also termed as Lawful Interceptions. But there are unauthorized intercepts too!

Our expert Sam Tilston from AwesomeResources.co.uk, a professional in cyber security for more than 20 years believes that anyone with a mobile interception device can intercept cellular information like- voice, data transmission, and metadata.

Lawful Interception (LI) – The modern legal interception protocol

Lawful Interception or LI refers to a specific facility in telecommunications where LEA or government with court orders or legal authorization can intercept mobile signals. In common parlance it’s also called selective wiretapping or authorized wiretapping.

Lawful interception is different from the dragnet-type mass surveillance and is usually carried out by intelligence agencies. The data is merely passed through a fiber-optic splice where its extracted and filtered.

Many countries follow local, national, and global standards for lawful interception laid down by ESTI. Governments and authorities require PSPs (Public Service Providers) to install a (LIG) legal interception gateway and LIN (legal interception nodes) for real-time interception.

Lawful Interception architecture

Currently the global standard for Lawful Interception and its architecture is provided by ESTI. The standard architecture in recent use is 3GPP Evolved Packet System (EPS) that provides IP based services.

The ESP architecture attempts to define an extensible and systematic means by which LEAs and network operators can interact. There are three stages in the architecture:

1. Collection: target-related call content and data are extracted from these PSP networks.
2. Mediation: data is formatted to match the specific standard.
3. Delivery: The content and data are delivered to the law enforcement agencies.

Delivery function in the architecture is what is used to hide your sensitive interceptions from Intercepting Control Element (ICE). Even when there are multiple targets on the same number, the authorities have no idea about it.

What is the need for mobile interception?

Apart from the malicious effects like snooping and eavesdropping, mobile interception can be used for security. Want to know the uses?

1. Administration Security

The Administrative function (ADMF) keeps all the intercept activities of individual LEAs separate and interfaces to the intercepting network.

After configuring authorized user access within the network, password protection can be enabled using one of the following security mechanisms:

• CUG/VPN
• COLP
• CLIP
• Authentication & Encryption

2. IRI (Intercept Related Information) security

In case of communication failures, IRI can be buffered in the 3G network. After successfully transmitting IRI, the content buffer and total buffer can be deleted via a command or a timer. This prevents the IRI data from being exposed to illegal use.

3. CC (Call Content) security

Data inconsistency, log files, and critically important data like billing information can be suppressed to be viewed by only a fraction of the users over the network. This data can also be deleted after successful transmission to the required personnel.

Can your mobile be intercepted?

If you’re in the crosshairs of the authorities, then chances are that you may be under surveillance right now. Don’t worry, if you’re under one, then you’re not alone!

Lawful interceptions are very common, in fact there are 2000-3000 mobile signals being intercepted and analyzed every day. In fact, if you have a few selected smartphone models from Samsung, chances are that your calls are being intercepted.

The presence of Shannon-branded baseband chips, a tracing IC (integrated circuit) and RF (radio frequency) transceiver make it a device that can be easily intercepted. Calls and messages can be intercepted by creating a proxy base station by frankly anyone with a device.

What is the future of mobile interception market?

The market of mobile interception is estimated at $1.8 billion globally, and $ 226.1 million in the U.S. alone. The market is estimated to grow at a tremendous rate of 5.8% annually for the next decade.

With new developments of communication frequencies, networks and channels, integration with newer interception systems will create a little hurdle. New and portable devices are being deployed every day across the world to hamper the mobile interception market.

In summary

Mobile interception is a debatable topic. On one hand, you are always on someone’s radar and that’s something that you can’t live with knowing. On the other hand, it’s a crucial and apt technology for intercepting malicious calls and threats.

As hard as it may sound, it’s hard to negate the importance of mobile interception, as long as it’s legal, and meets the global standards of lawful interception.

Hey, as long as it continues to save millions of lives by combating increasing criminal activities and security threats, it’s always a handy technology and probably will be in the future too. source

Understanding MIMO (Multiple Input, Multiple Output) – Cellular Speed & Booster Implications

The Wonders of MIMO

For RVers and Cruisers, understanding what MIMO technology is, how it works, and how it can be used to enhance cellular speeds has the potential to make finding great mobile internet on the road an easier experience.

For anyone who knows a thing or two about wireless communications, modern 4G/LTE and 5G cellular radios are borderline miraculous.

Consider the first iPhone – which launched in 2007 with a maximum theoretical cellular speed of around 500 Kbps using AT&T’s 2G EDGE cellular network.

A decade and a half later – the latest flagship cellular devices were able to support maximum theoretical speeds of over 2,000 Mbps.

That’s more than a 4,000x increase!

And as the 5G era has matured and become more mainstream, we see peak theoretical speeds are approaching 10 Gbps, another 10x increase!

Of course, theory rarely equals reality – and the cellular networks need to be substantially upgraded and built out to even come close to being able to deliver speeds like this to real people outside of a lab.

And in the real world – you will be sharing this speed with perhaps hundreds or thousands of others connected to the same cell tower.

But real-world 4G/LTE speeds over 50Mbps are actually not at all uncommon, and speeds over 100Mbps are now widely reported, and things just keep getting faster. Mid band 5G is has become lot more common on most of the carriers and we are now seeing the gap between really good LTE and good mid band 5G become way more prevalent in everyday connectivity. If you are in a mmWave 5G area, the speeds can be blazing fast.

One of the key technologies making these sorts of speeds possible is known as MIMO (Multiple Input, Multiple Output) – an incredibly clever technique for putting multiple antennas to work to increase both data transmission speed and reliability.

MIMO technology is fundamental to both 4G/LTE, 5G, and WI-Fi radios – but cellular boosters and MIMO have some… challenges… working together.

Read on to get a grasp of what MIMO is, how it works, and how you can use a little bit of MIMO awareness to potentially increase your cellular speeds.

MIMO In A Nutshell

MIMO is one of the core technologies enabling 4G/LTE and 5G cellular, and almost every modern mobile device (whether a phone or a hotspot) has two or more cellular antennas on board to enable the magic of MIMO.

On the other end of the line – cell towers typically have multiple antennas working together in tight synchronization to communicate with you.

With more antennas transmitting a signal, there are more possible echoes and reflections (read the “how it works” section below to understand the magic here) for the receiving device to catch a signal.

The ability to make multiple connections on the cell tower the better the transmit speeds, even with weak signals.

The cell tower will have a number of transmit/receive antennas and many LTE devices had two antennas.  This allows those devices to utilize 2×2 MIMO.

Devices with four antennas for 4×4 MIMO is now common, with consumer devices such as flagship hotspots such as the AT&T Netgear Nighthawk M6 Pro Hotspot Pro, the Verizon & T-Mobile MiFi X Pro 5G hotspots, plus all the the latest flagship smartphones from Apple, Samsung, and Google.

Although the latest cellular standards (Category 18 & higher) support 8×8 MIMO, consumer devices with 8 antennas are not common.

These antennas connect to a cell tower that will usually have at least four antennas – and as many as 128!  The number of antennas on the tower gives devices more options to get a good, high-performing connection.

This figure illustrates a relatively simple 4×2 MIMO deployment.  In this case, 4×2 means four transmit/receive antennas on the tower, and two on the user device:

This 4×2 configuration isn’t the only one possible, however, upgraded cell towers can have many more transmit/receive antenna elements. The latest devices typically have four antennas to better take advantage of the cell towers antenna array.

MIMO is one of the key technologies that allow these devices to have such great performance – it really is pretty darn amazing stuff! source

MIMO vs Boosters Video

Here Introducing an all-new WiPhone, A Phone for Hackers and Makers. Moreover, WiPhone is a VoIP mobile phone designed to be easily modified, repurposed, and adapted.

Basically, It’s designed to enable hackers by making it easy to extend and modify the electronics and software. Something typical phones are not good for. However, WiPhone is also a VoIP mobile phone. It uses WIFI to make HD voice calls, for free. Though, This means that there is no required service contract.

Additionally, WiPhone solves these problems and gives hackers, makers, and engineers the tool we all wish our phones could be. However, It is direct access to I/O, an easy to program ESP32 processor. However,  All the basics are already set up the user interface, power management, and on/off the circuit, working code.

Furthermore, you also can get straight to work building projects, not setting up the boring parts like power management again and again. Though, No rats nest of wires or ugly stack of dev boards just to get the basic functionality.

WiPhone Tech Specs:

What is the WiPhone?

WiPhone is a unique, minimal phone.

It’s designed to enable hackers by making it easy to extend and modify the electronics and software. Something typical phones are not good for.

WiPhone is also a VoIP mobile phone. It uses WIFI to make HD voice calls, for free. This means that there is no required service contract – and it’s yours for life.

For Hackers:

 Yet So Stylish And Sophisticated!

 WiPhone Pro with Clear Front Face:

source

Smartphones Are A Little Too Smart

What’s the best platform you can imagine for electronics hacking?

It should probably be adaptable, powerful, and programmable. Small and portable would be nice. Maybe with a durable case? What about a built in user interface with things like an LCD screen and button panel? A battery and built-in charging system? Wireless connectivity?

Hey… we just described a mobile phone!

But why aren’t people building more projects based on their smartphones? Well, there are a few issues:

• no electrical connectors to directly connect to the outside world
• no way to easily control the low level hardware, like processor output pins
• opaque development environment and huge IDE
• not designed for easy disassembly, repair, or modification

Enter WiPhone:

WiPhone solves these problems and gives hackers, makers, and engineers the tool we all wish our phones could be. Nice package, direct access to I/O, an easy to program ESP32 processor. All the basics are already set up: user interface, power management and on/off circuit, working code.

You can get straight to work building your project, not setting up the boring parts like power management again and again. And once you’re done it’s durable and looks great. No ratsnest of wires or ugly stack of dev boards just to get the basic functionality.

Modern smartphones are more and more a tool we don’t own, but instead one we’re only allowed to carry around. One that serves the interests of various tracking networks, corporate boards, and government organizations. You don’t own it, it owns you. It tracks you, serves you ads, and sucks away your time with mindless dopamine hits. We want a phone that’s back in our control, optimized for our convenience.

Free Calling! No Hacking Required!

WiPhone is different beast from most smartphones these days. WiPhone uses the existing WiFi around you to make HD Voice calls. For free. Buy it once and it’s yours.

Works on most broadband WiFi networks (including most home WiFi connections). No service contract required, and you can even upgrade the firmware or expand the hardware to do things it wasn’t originally intended for.

What Is This Magical Free Calling You Speak of? Tell me more…

Free calling starts with a SIP account. SIP stands for Session Initiation Protocol, and it’s a standard way to make call over the internet. VoIP is a related term that you may have heard of. There are commercial services that provide SIP/VoIP accounts, and some of them have free accounts. Most consumers use VoIP apps like Skype and Whatsapp, but we can still use the underlying technology directly. After the campaign we’ll spend more time testing services to make our software and instructions work as seamlessly as possible.

Step 1: Get a SIP account (many different ways to do this, but we wrote up a simple how-to that might get you started).

Step 2: Log in on your WiPhone using the credentials from your SIP account (user name, password, and server):

Step 3: Make a Call:

That’s it!

Note: we’re still working through compatibility with various SIP providers since many of them implement the standard in various ways. Once the WiPhones ship we’ll update our getting started instructions to use the servers we find to be most reliable.

What people are saying about WiPhone:

“This is a great cross over between what people know (phones) and what people really want to do (hack).” -Nathan Seidle, Sparkfun Founder

“The WiPhone is a really rather neatly put together project.” -Alasdair Allan, Hackster.io

“If you want a phone that respects your right to repair, this is the project to look at.” -Brian Benchoff, Hackaday.com

“So excited by this project I tried to make one myself” -Random Guy On Our YouTube Channel

First Class Expansion Capabilities

WiPhone is expandable through daughter boards. The whole back of the phone is a replaceable panel that accepts a standard 1.6mm thickness PCB, which you can use to add whatever functionality you like.

Some Examples

We made a WiPhone into an RC car:

And we also made the coolest way to ever to answer a phone:

The daughterboard headers have power, digital I/O, and all the common embedded busses like SPI, I2C, and UART.

 Easy Development

Develop in Arduino/C++ or Python. We’ll also provide basic tutorials covering how to write to the screen, connect to the hardware, save data to memory, etc.  We’ll let you give us feedback on what’s most important to you.

No-Mess Prototyping

————————————————————————————————

Note: Based on the backer survey, we’ll prioritize adding a cellular radio (LTE), and secure communications after the campaign. Back now to get first access to the new hardware as it becomes available.

See the relevant Project Update for details.

————————————————————————————————

We have big plans for the WiPhone, but we also need to start off on solid footing. We’ve set a relatively low funding goal of $40k that will let us cover the costs to finish production of the phones themselves and not much more. That way we can get phones in the hands of people that want them.

But there’s a lot of potential waiting to be unlocked. If we reach $100k of phones, we’ll have enough of a cushion to thoroughly test the design and ultimately deliver a better product. It will also allow us to start taking on extra work. If we reach $100k we’ll start letting backers choose stretch goals.

Some stretch goals would add software features to the WiPhone itself. Others will be to take on design and production of daughterboards and other accessories.

•  Wireless Firmware Updates:Wireless firmware updates will allow you to easily upgrade your firmware.
•  Integrated Python Interpreter: Currently we’ll ship the WiPhone with a separate firmware that allows running MicroPython apps. This stretch goal would allow us to merge the Python interpreter into the main phone firmware to run user apps directly within the phone firmware.
•  Remote Desktop: View and control your WiPhone through a webpage.
•  Encrypted Communications: Add secure communication to calls and messages
•  Threaded Messaging: Add an advanced view to text messages for a more modern chat experience
•  Additional Colors: Add some variety to the clear/gray options we have now for face colors.
•  Advanced Tutorials: Deeper tutorials than the basic ones we’ll ship for the basic campaign. We could go step-by-step through writing a complete app, using the phone to build an entire project, or designing a daughterboard from scratch. We’ll let you give us feedback on what’s most important to you.

First Class Expansion Capabilities – People Like The WiPhone Hack It Like It’s Yours