Article on IMSI Catchers and Stingrays

24 April 2015

I have been helping a proper journalist, Brady Dale, write a article on the use and abuse of Stingrays and other IMSI catchers. It turned out quite well. It is up on Motherboard.

USSD Code dialling exploits

28 September 2012

The recent disclosure of the finding that many phones respond to USSD dial strings in a tel: html markup without requiring any user input has recently been demonstrated.

The issue comes from the tel: html markup, that the phone will automatically execute a USSD command embedded in a tel link.

The Samsung S series has some powerful hidden codes, including one that will reset the phone to factory default *2767*3855#

The html string <iframe src=”tel:*%2306%23″/>  will display the IMEI, but if the code above is used this resets the phone. My experience suggests that most phones have secret codes that perform these sorts of actions. It only remains for these to be discovered for much wider exploitation.

Normally when a tel: prompt is encountered this just populates the dial number field and the user would then need to hit call to initiate the call. Some USSD codes do not require this, all phones should respond to the *#06# string with the IMEI of the phone.

Video of the presentation:

There is a test page: This is safe to go to as it only has the code to display your IMEI. If you visit this page on a phone browser, this page should open the dialler and pre-fill the dial string with *#06# ready for you to hit send. If your phone is vulnerable you will just see the IMEI displayed, that is the phone has immediately dialled this string.

Data Roaming

5 January 2011

We are all agreed that the future of mobile is in data not voice (and text as that is the same legacy bucket)

I remember seeing an announcement from BT as it was back then, probably about 1991 saying that the volume of data calls had exceeded voice calls on their network. They were talking about modem calls here, but today voice is carried as a data stream, and is a small contribution to data volumes on networks.

This reality is not reflected in the pricing structures. Voice is charged depending on the destination of the call, so a local call is cheaper than a international call (sometimes) but with data (Internet) there is no concept of distance. You go to a web address which may have a country designation but that may be connected to a server farm anywhere in the world.

When we get into roaming then the cost differentials really show up. So the old world voice services, that have been traded, and commoditised over many years, although still priced at huge markups over the cost of the same call on a local account, are consistent and predictable.

Data roaming charges, however are the wild west, with per megabyte charges 10 to 100 times that of local accounts. There is a chance that smart-phone users will be educated by these charges to avoid roaming data at all costs. This is an option on most smart phones, certainly Android has an option to disable data connectivity when roaming, and I believe iOS has the same option. But the usefulness of these phones then drops to a dumb phone.

Andrew Gill had a nice post on his London Calling blog about avoiding inflated roaming charges, mostly by using a local pre-paid SIM card.

My experience from a recent trip to USA and Canada is that there is enough free WiFi available in the Americas in most places so you don’t need to do this. All the hotels had free WiFi for guests, most coffee shops, thorough in some places you need to open the web browser and click an accept T&C button before it works. And in airports, free access for the first hour.

Sadly this is not the case in the UK where almost every access point wants to milk your credit card before allowing access. But there is the popular FON system, which because it is enabled by default on all BT Home Hubs, is widely available.

Mobile networks should support Linux

6 August 2009

Why don’t mobile operators support Linux on their mobile broadband networks.

What would they have to do

List the dongles and distributions that work. That’s all, the community is delvoping everything needed. It all works now.

Perhaps they could add some guides to installing and using dongles on the common distributions. Most distributions use the NetworkManager to manage all network connections. This is supported by default in Ubuntu, SUSE, and Fedora.

From a investment return basis the investment to support Linux is minuscule, the returns will not be major, but could be significant.

Market segment

Although numbers of Linux users are are small they are quite often influential. Accurate numbers of Linux users are hard to come by, as most users will have purchased a system with Windows installed and upgraded their system to Linux. There are well supported estimates that rate Linux desktop usage at around 2%. These numbers are biased toward the large amount of usage in North America as as such probably underestimate the true number.

Still 2% represents a seizable segment of the market to ignore.


The support pages mostly don’t mention Linux, only giving instructions for setting up dongles for use with Windows variants and Apple MAC. A search for Linux on shows only one hit.

The 3 Linux users have discussed their issues on open forums.


Vodafone support the betavine project. The key element of this has been the Vodafone Mobile Connect client. This is small application that manages the establishing connections and sending and receiving SMS messages.
This client can be used to connect any compatible modem to any operators network.


There is no official support from o2, but there is user generated help on their forum pages to help users 1 2 3


There is no official support for Linux on T-Mobile. Though they were selling the Xandros Linux version of the Asus eee netbook with there web and walk offering.

T-Mobile supplied dongles for this review of using using 3G mobile broadband on Linux that was published in Linux Format


Splashtop is a fast booting Linux distribution that is stored in ROM on the motherboard. It is being shipped with many laptops and PC motherboards. This allows a user to use the laptop for some quick email or web activity without waiting for the full OS to boot. Typical boot times for splashtop are around 2 seconds.

Users of these laptops would expect network connectivity from the splashtop environment, and it will work. But it would be good to assure customers of support.

The netbook revolution

Asus started the netbook revolution with the eee PC, and although Asus have abandoned Linux, but the idea of a small computer running a Linux based
operating system is developing. Especially with the use of lower powered CPUs like ARM. Freescale are calling these smartbooks.

FOSS is coming to phones

Nokia has recognised the importance of FOSS in that it spent €264 million acquiring Symbian only to immediately open source the entire software and
release it under the LGPL licence.

Google is putting significant resources into their android project. Although there is only one android phone (the G1 offered by T-Mobile) this is set to be joined by many more soon. Already the application store for android is showing that the open model can deliver new innovations like access to spotify.

My Journeys in the mobile WebSear

5 August 2007

The internet proper is starting to become available on mobile phones. I use the Train Information for my daily commute, but there are a number of other sites I have found useful. Yell the yellow pages directory have a mobile friendly option, results are marked up using the “tel:” links so that the phone numbers are directly dialable from the search results.

With this in mind I have had a go at adapting my web search page to give a mobile friendly version. This is still work in progress and I will probably fiddle with it a bit more.

Openmoko Mobile Linux

9 May 2007

I have been following the open Moko project and the qtopia greenphone for a while. We also have Nokia launching the N900 tablet all employing Linux.

But it comes as a surprise that Ubuntu is launching a version for mobile smartphones or Mobile Internet Devices (MIDs) as the industry is calling them. They have teamed up with Intel and some new low power chips that should develop some interesting applications.

It is interesting to read through the discussions on the Open Moko list as these can be very wide ranging. Fro instance a recent discussion on the size of the audio jack on the device, was it to be 2.5mm or 3.5mm. Most phones have 2.5mm jacks, but the 3.5 jack is the standard for mp3 players. The arguments ranged from using an adaptor, to routing of audio and microphone when a Bluetooth headset is there as well as the wired headphones.

The detail of the arguments and discussions I am sure are far more extensive than would ever take place in a closed development environment. This should result in much better design decisions and a better product, that only an open development could achieve. I have seen how hard it is to get feedback from customers who have purchased products, so giving people a stake in the open development process seems to generate much more feedback.