Mysterious, Phony Cell Towers Found Throughout US

As reported by Popular Science: Like many of the ultra-secure phones that have come to market in the wake of Edward Snowden's leaks, the CryptoPhone 500, which is marketed in the U.S. by ESD America and built on top of an unassuming Samsung Galaxy SIII body, features high-powered encryption. Les Goldsmith, the CEO of ESD America, says the phone also runs a customized or "hardened" version of Android that removes 468 vulnerabilities that his engineering team team found in the stock installation of the OS.  

His mobile security team also found that the version of the Android OS that comes standard on the Samsung Galaxy SIII leaks data to parts unknown 80-90 times every hour.  That doesn't necessarily mean that the phone has been hacked, Goldmsith says, but the user can't know whether the data is beaming out from a particular app, the OS, or an illicit piece of spyware.  His clients want real security and control over their device, and have the money to pay for it.

To show what the CryptoPhone can do that less expensive competitors cannot, he points me to a map that he and his customers have created, indicating 17 different phony cell towers known as “interceptors,” detected by the CryptoPhone 500 around the United States during the month of July alone. (The map below is from August.)  Interceptors look to a typical phone like an ordinary tower.  Once the phone connects with the interceptor, a variety of “over-the-air” attacks become possible, from eavesdropping on calls and texts to pushing spyware to the device.

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says.  “One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip.  We even found one at South Point Casino in Las Vegas.”

Who is running these interceptors and what are they doing with the calls?  Goldsmith says we can’t be sure, but he has his suspicions.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.  So we begin to wonder – are some of them U.S. government interceptors?  Or are some of them Chinese interceptors?” says Goldsmith.  “Whose interceptor is it?  Who are they, that's listening to calls around military bases?  Is it just the U.S. military, or are they foreign governments doing it?  The point is: we don't really know whose they are.”

Interceptors vary widely in expense and sophistication – but in a nutshell, they are radio-equipped computers with software that can use arcane cellular network protocols and defeat the onboard encryption.  Whether your phone uses Android or iOS, it also has a second operating system that runs on a part of the phone called a baseband processor. 

The baseband processor functions as a communications middleman between the phone’s main O.S. and the cell towers.  And because chip manufacturers jealously guard details about the baseband O.S., it has been too challenging a target for garden-variety hackers.

“The baseband processor is one of the more difficult things to get into or even communicate with,” says Mathew Rowley, a senior security consultant at Matasano Security.  “[That’s] because my computer doesn't speak 4G or GSM, and also all those protocols are encrypted.  You have to buy special hardware to get in the air and pull down the waves and try to figure out what they mean.  It's just pretty unrealistic for the general community.”

But for governments or other entities able to afford a price tag of “less than $100,000,” says Goldsmith, high-quality interceptors are quite realistic.  Some interceptors are limited, only able to passively listen to either outgoing or incoming calls.  But full-featured devices like the VME Dominator, available only to government agencies, can not only capture calls and texts, but even actively control the phone, sending out spoof texts, for example.  Edward Snowden revealed that the N.S.A. is capable of an over-the-air attack that tells the phone to fake a shut-down while leaving the microphone running, turning the seemingly deactivated phone into a bug.  And various ethical hackers have demonstrated DIY interceptor projects, using a software programmable radio and the open-source base station software package OpenBTS – this creates a basic interceptor for less than $3,000.  On August 11, the F.C.C. announced an investigation into the use of interceptors against Americans by foreign intelligence services and criminal gangs.

An “Over-the-Air” Attack Feels Like Nothing

Whenever he wants to test out his company’s ultra-secure smart phone against an interceptor, Goldsmith drives past a certain government facility in the Nevada desert.  (To avoid the attention of the gun-toting counter-intelligence agents in black SUVs who patrol the surrounding roads, he won't identify the facility to Popular Science).  He knows that someone at the facility is running an interceptor, which gives him a good way to test out the exotic “baseband firewall” on his phone.  Though the baseband OS is a “black box” on other phones, inaccessible to manufacturers and app developers, patent-pending software allows the GSMK CryptoPhone 500 to monitor the baseband processor for suspicious activity.  

So when Goldsmith and his team drove by the government facility in July, he also took a standard Samsung Galaxy S4 and an iPhone to serve as a control group for his own device.

”As we drove by, the iPhone showed no difference whatsoever.  The Samsung Galaxy S4, the call went from 4G to 3G and back to 4G.  The CryptoPhone lit up like a Christmas tree.”

Though the standard Apple and Android phones showed nothing wrong, the baseband firewall on the Cryptophone set off alerts showing that the phone’s encryption had been turned off, and that the cell tower had no name – a telltale sign of a rogue base station.   Standard towers, run by say, Verizon or T-Mobile, will have a name, whereas interceptors often do not.

And the interceptor also forced the CryptoPhone from 4G down to 2G, a much older protocol that is easier to de-crypt in real-time.  But the standard smart phones didn’t even show they’d experienced the same attack.  

“If you've been intercepted, in some cases it might show at the top that you've been forced from 4G down to 2G.  But a decent interceptor won't show that,” says Goldsmith.  “It'll be set up to show you [falsely] that you're still on 4G.  You'll think that you're on 4G, but you're actually being forced back to 2G.”

So Do I Need One?

Though Goldsmith won’t disclose sales figures or even a retail price for the GSMK CryptoPhone 500, he doesn’t dispute an MIT Technology Review article from this past spring reporting that he produces about 400 phones per week for $3,500 each.  So should ordinary Americans skip some car payments to be able to afford to follow suit?

It depends on what level of security you expect, and who you might reasonably expect to be trying to listen in, says Oliver Day, who runs Securing Change, an organization that provides security services to non-profits.

“There's this thing in our industry called “threat modeling,” says Day.  “One of the things you learn is that you have to have a realistic sense of your adversary. Who is my enemy?  What skills does he have?  What are my goals in terms of security?”

If  you’re not realistically of interest to the U.S. government and you never leave the country, then the CryptoPhone is probably more protection than you need. Goldsmith says he sells a lot of phones to executives who do business in Asia.  The aggressive, sophisticated hacking teams working for the People’s Liberation Army have targeted American trade secrets, as well as political dissidents.

Day, who has written a paper about undermining censorship software used by the Chinese government, recommends people in hostile communications environments watch what they say over the phone and buy disposable “burner” phones that can be used briefly and then discarded.

“I'm not bringing anything into China that I'm not willing to throw away on my return trip,” says Day.

Goldsmith warns that a “burner phone” strategy can be dangerous.  If Day were to call another person on the Chinese government’s watch list, his burner phone’s number would be added to the watch list, and then the government would watch to see who else he called.  The CryptoPhone 500, in addition to alerting the user whenever it’s under attack, can “hide in plain sight” when making phone calls.  Though it does not use standard voice-over-IP or virtual private network security tools, the CryptoPhone can make calls using just a WI-FI connection -- it does not need an identifiable SIM card.  When calling over the Internet, the phone appears to eavesdroppers as if it is just browsing the Internet.

Water Splitters to Store Hydrogen as Renewable Energy

Gas power: A Hydrogenics electrolysis system in Flkenhagen Germany, can absorb two megawatts of excess renewable energy and store it in the form of hydrogen.

As reported by MIT Technology Review: Germany, which has come to rely heavily on wind and solar power in recent years, is launching more than 20 demonstration projects that involve storing energy by splitting water into hydrogen gas and oxygen. The projects could help establish whether electrolysis, as the technology is known, could address one of the biggest looming challenges for renewable energy—its intermittency.

The electrolyzer projects under construction in Germany typically consist of a few buildings, each the size of a shipping container, that consume excess renewable energy on sunny and windy days by turning it into an electric current that powers the water-splitting reaction. The resulting hydrogen can then be pumped into the storage and distribution infrastructure already used for natural gas and eventually turned back into electricity via combustion or fuel cells. It can also be used for a variety of other purposes, such as powering natural-gas vehicles, heating homes, and making fertilizer.  The hydrogen generated can also be used to power hydrogen fuel cell vehicles; a technology rapidly gaining acceptance in the global marketplace.  

Germany isn't the only country investing in hydrogen energy storage. Canada is getting in on the action, too, with a major demonstration facility planned for Ontario.

Electrolysis has advantages over some other energy storage options. It can be deployed almost anywhere, it can store vast amounts of energy, and the hydrogen can be used to replace fossil fuels not only in electricity production but also in industry and transportation, which account for far more carbon emissions.

Even so, it has long been considered a relatively lousy way to store energy because of its low efficiency—about 65 percent of the energy in the original electricity is lost. But improvements to the technology are reducing costs, and the large-scale use of renewable energy is creating new needs for storage, making electrolysis a practical option in a growing number of places.

Earlier this year, Siemens broke ground in Mainz, Germany, on what it says will be the world’s largest proton exchange membrane (PEM) electrolyzer. Whereas other electrolyzers are designed to operate with steady power levels, the PEM system performs well even with quickly changing amounts of power from wind and solar. When it opens next year, it will have the capacity to produce 650,000 kilograms of hydrogen a year, the energy equivalent of 650,000 gallons of gasoline. (As a demonstration plant, however, it probably won’t run continuously.)

Power down: This new mini-fridge-size electrolyzer
from Hydrogenics can produce as much hydrogen as
12 conventional ones.

Hydrogenics, which has supplied electrolyzers for many of the biggest projects in Germany, is designing a 40-megawatt system that will produce the equivalent of 4.3 million gallons of gasoline a year. The company recently developed a PEM electrolyzer that’s less than a tenth the size of its conventional alkaline ones. The small size, in addition to making it easy to site the electrolyzers, can help lower costs.

Costs are also decreasing because excess wind and solar power creates a glut of power on the grid. Because power needs to be used as soon as it’s generated to keep the grid stable, prices are sometimes dropped to zero so buyers can be found. Cheap electricity makes electrolysis far more competitive.

Electrolysis remains more expensive than producing hydrogen from natural gas—at least in the United States, where natural gas is cheap. But it can compete with storage options such as batteries, says Kevin Harrison, a senior engineer at the National Renewable Energy Laboratory in Golden, Colorado. It’s also more versatile than the cheapest way to store energy: pumping water up a hill and then letting it back down to drive a turbine. That approach is severely limited by geography—but, he says, “you can put an electrolyzer almost anywhere.”

Hidden Obstacles for Google’s Self-Driving Cars

As reported by MIT Technology Review: Would you buy a self-driving car that couldn't drive itself in 99 percent of the country? Or that knew nearly nothing about parking, couldn't be taken out in snow or heavy rain, and would drive straight over a gaping pothole?

If your answer is yes, then check out the Google Self-Driving Car, model year 2014.
Of course, Google isn't yet selling its now-famous robotic vehicle and has said that its technology will be thoroughly tested before it ever does. But the car clearly isn't ready yet, as evidenced by the list of things it can’t currently do—volunteered by Chris Urmson, director of the Google car team.

Google’s cars have safely driven more than 700,000 miles. As a result, “the public seems to think that all of the technology issues are solved,” says Steven Shladover, a researcher at the University of California, Berkeley’s Institute of Transportation Studies. “But that is simply not the case.”

No one knows that better than Urmson. But he says he is optimistic about tackling outstanding challenges and that it’s “going to happen more quickly than many people think.”

Google often leaves the impression that, as a Google executive once wrote, the cars can “drive anywhere a car can legally drive.” However, that’s true only if intricate preparations have been made beforehand, with the car’s exact route, including driveways, extensively mapped. Data from multiple passes by a special sensor vehicle must later be pored over, meter by meter, by both computers and humans. It’s vastly more effort than what’s needed for Google Maps.

Mistakes on maps could be dangerous, because there are some objects, like traffic signals and intersection stop signs, that the car needs the maps to handle, even though it also has several on-board sensors. If it encountered an unmapped traffic light, and there were no cars or pedestrians around, the car could run a red light simply because it wouldn't know the light is there.

Alberto Broggi, a professor studying autonomous driving at Italy’s Università di Parma, says he worries about how a map-dependent system like Google’s will respond if a route has seen changes like the addition of a new stop sign at an intersection.

Urmson says the company had a strategy to handle the updating issue, but he declines to describe it in any detail.

Some experts are bothered by Google’s refusal to provide that sort of safety-related information. Michael Wagner, a Carnegie Mellon robotics researcher studying the transition to autonomous driving, says the public “has a right to be concerned” about Google’s reticence: “This is a very early-stage technology, which makes asking these kinds of questions all the more justified.”

Certain aspects of the car’s design do not seem to be widely appreciated. For example, Bernard Soriano, the California DMV official responsible for autonomous vehicles in the state, was unaware that the car couldn't handle unmapped intersection stop signs, despite numerous briefings from Google. When told about the limitation by MIT Technology Review, he said he would be seeking a “clarification” about the issue from Google.

Maps have so far been prepared for only a few thousand miles of roadway, but achieving Google’s vision will require maintaining a constantly updating map of the nation’s millions of miles of roads and driveways. Urmson says Google’s researchers “don’t see any particular roadblocks” to accomplishing that, but again he declined to provide any details.

In May, Google announced that all its future cars would be totally driver-free, without even a steering wheel. It cited the difficulties in assuring that a standby human driver would always be ready to take over. The company says it will initially test the new cars with the added controls now required by states that allow testing. But winning approval to test, much less market, a totally robotic car “would be a tremendous leap,” says David Fierro, spokesman for the DMV in Nevada, where Google now runs tests.



Among other unsolved problems, Google has yet to drive in snow, and Urmson says safety concerns preclude testing during heavy rains. Nor has it tackled big, open parking lots or multilevel garages. The car’s video cameras detect the color of a traffic light; Urmson said his team is still working to prevent them from being blinded when the sun is directly behind a light. Despite progress handling road crews, “I could construct a construction zone that could befuddle the car,” Urmson says.

Pedestrians are detected simply as moving, column-shaped blurs of pixels—meaning, Urmson agrees, that the car wouldn't be able to spot a police officer at the side of the road frantically waving for traffic to stop.

The car’s sensors can’t tell if a road obstacle is a rock or a crumpled piece of paper, so the car will try to drive around either. Urmson also says the car can’t detect potholes or spot an uncovered manhole if it isn't coned off.

Urmson says these sorts of questions might be unresolved simply because engineers haven’t yet gotten to them.

But researchers say the unsolved problems will become increasingly difficult. For example, John Leonard, an MIT expert on autonomous driving, says he wonders about scenarios that may be beyond the capabilities of current sensors, such as making a left turn into a high-speed stream of oncoming traffic.


Challenges notwithstanding, Urmson wants his cars to be ready by the time his 11-year-old son is 16, the legal driving age in California. “It’s my personal deadline,” he says.

Google Tests Drone Deliveries in Project Wing Trials

As reported by BBC News: Google has built and tested autonomous aerial vehicles, which it believes could be used for goods deliveries.

The project is being developed at Google X, the company's clandestine tech research arm, which is also responsible for its self-driving car.

Project Wing has been running for two years, but was a secret until now.

Google said that its long-term goal was to develop drones that could be used for disaster relief by delivering aid to isolated areas.

They could be used after earthquakes, floods, or extreme weather events, the company suggested, to take small items such as medicines or batteries to people in areas that conventional vehicles cannot reach.

"Even just a few of these, being able to shuttle nearly continuously could service a very large number of people in an emergency situation," explained Astro Teller, Captain of Moonshots - Google X's name for big-thinking projects.

Australia tests 

Google's self-flying vehicle project was first conceived of as a way to deliver defibrillator kits to people suspected of having heart attacks. The idea was that the drones would transport the equipment faster than an ambulance could. "When you have a tool like this you can really allow the operators of those emergency services to add an entirely new dimension to the set of tools and solutions that they can think of," said Dave Voss, incoming leader of Project Wing.

The Project Wing trials have been held in Australia's north-eastern state Queensland

The prototype vehicles that the company has built have successfully been tested by delivering packages to remote farms in Queensland, Australia from neighboring properties.

Australia was selected as a test site due to what Google calls "progressive" rules about the use of drones, which are more tightly controlled in other parts of the word.

Dual mode
Project Wing's aircraft have a wingspan of approximately 1.5m (4.9ft) and have four electrically-driven propellers.

The total weight, including the package to be delivered, is approximately 10kg (22lb). The aircraft itself accounts for the bulk of that at 8.5kg (18.7lb).

The vehicle is known as a "tail sitter" - since it rests on the ground with its propellers pointed straight up, but then transitions into a horizontal flight pattern.

This dual mode operation gives the self-flying vehicle some of the benefits of both planes and helicopters.

It can take off or land without a runway, and can hold its position hovering in one spot. It can also fly quickly and efficiently, allowing it to cover larger distances than the more traditional quadcopter vehicles available commercially.

The vehicles are pre-programmed with a destination, but then left to fly themselves there automatically.

This differs from many military drone aircraft, which are often remotely controlled by a pilot on the ground, sometimes on the other side of the world.

Eventually Google said it could use unmanned flying vehicles to deliver shopping items to consumers at home. That's a use that retail giant Amazon has already stated an interest in, with its proposed Prime Air service - the announcement of which generated headlines at the end of last year:

Amazon has asked the US Federal Aviation Administration for permission to conduct outdoor tests.

Google would not be permitted to carry out the Project Wing tests in the US

"The things we would do there are not unlike what is traditionally done in aerospace," said Mr Voss.

"It will be clear for us what level of redundancy we need in the controls and sensors, the computers that are on-board, and the motors, and how they are able to fail gracefully such that you don't have catastrophic problems occurring."

Other unusual vehicles have been investigated for humanitarian aid, including flying cars and hoverbikes, with the same aims of reaching cut-off areas quickly.

"We will have to see what kind of specific technology works best within the aid landscape, and if the new technology can integrate positively in the local context," said Lou Del Bello from news site SciDev.net, speaking about the category in general.

"It will need to demonstrate it can be cost effective, and respond to actual needs of local people."

Mystery of Death Valley's Sailing Stones Solved with GPS and Time-lapse

As reported by Engadget: After decades of theories and attempts to solve the mystery of Death Valley's sailing stones, a trio of scientists have finally caught the process on tape. Their study started years ago, when two of them (a biologist and an engineer) hauled 15 GPS-equipped rocks onto Racetrack Playa, the dry lake where the famous stones are found. It wasn't until 2013, when a planetary scientist made their two-man band a trio, that they hit the jackpot, though. Apparently, it takes a precise combination of water, ice and wind for the rocks to move. 

First, the water that floods the lake (which happens rarely) should be around 3 inches deep, so when it freezes, it forms thin, windowpane-like ice sheets beneath the rocks. Then, it should be sunny the day after that in order for the ice to crack, be blown by 10mph winds and propel the rocks forward.  

The stones the group caught on cam moved only a few inches per second, but some remained in motion for as long as 16 minutes and most sailed on the wet ground several times, so they traveled as far as 200 feet. Death Valley's sailing stones almost always make it to various lists of nature's mysteries, and we wouldn't even be surprised if there are people who truly believe they're moved by ghosts or aliens. If you need to see it happen to believe those findings, make sure to the watch time-lapse video and read the team's paper published in PLOS One.

 

NHTSA Moving Forward With Vehicle-To-Vehicle Communication

As reported by Motor Authority: Continuing research into autonomous vehicles won't just benefit the autonomous vehicles themselves, but all manner of other vehicles too. One particular area of research concerns vehicle-to-vehicle technology (V2V), and it's an area the Department of Transport's National Highway Traffic Safety Administration is now giving serious consideration.

NHTSA has released an advanced notice of proposed rulemaking into the technology, alongside a report detailing comprehensive research into the subject. It includes analysis of the agency's research findings in areas including technical feasibility, privacy and security, as well as preliminary estimates on costs and safety benefits. Privacy and security issues will be of concern to many—particularly unease over how far vehicle data might be shared—but the agency's main concern is safety.

"Safety is our top priority," explains U.S. Transportation Secretary Anthony Foxx, "and V2V technology represents the next great advance in saving lives." The technology isn't about helping people survive accidents, an area which automakers continually strive to improve, but helping them avoid crashes altogether. Cars using vehicle-to-vehicle communication technology can be in constant communication with those nearby, sharing data on vehicle position and speed, proximity and whether any other obstacles in the nearby area pose a threat.

Two particular safety applications, Left Turn Assist (LTA) and Intersection Movement Assist (IMA), could prevent up to 592,000 crashes and save 1,083 lives per year, NHTSA data shows. The two technologies are designed to prevent those typical four-way intersection collisions before they even happen, with drivers warned about others running red lights or preventing unsighted cars turning left across high-speed opposing traffic. Various other applications, from those preventing forward collision and blind spot accidents to stop light warnings, would give drivers all the data they need to make safer decisions.

"By warning drivers of imminent danger, V2V technology has the potential to dramatically improve highway safety," said NHTSA Deputy Administrator David Friedman. He says the technology is "ready to move toward implementation" and that the report highlights the benefits and the work the DoT and NHTSA are doing to bring it to market. The advanced notice of proposed rulemaking will seek public input on the findings. From there, the technology could progress as quickly as manufacturers and local authorities are able to implement it.

The Most Powerful Commercial Imaging Satellite Ever Launched is Sending Back Pics

As reported by GigaOM: WorldView-3, the super-powerful commercial satellite that launched two weeks ago, is now sending images back to Earth. The satellite is remarkable for its ability to collect sharp images down to a scale of 11.8 inches, which is enough for it to tell a tomato plant from a shrub and a sedan from an SUV.

“You can actually definitely see (car) windshields,” DigitalGlobe director of next generation products Kumar Navulur said before the launch. “We can actually tell you whether it’s a truck or an SUV or a regular car. We can identify pictures of a baseball diamond.”

The first images released by the satellite’s operator DigitalGlobe (headquartered in Longmont Colorado) depict an airport and neighborhoods in Madrid. In the airport images, airplanes, luggage trailers and activity like refueling or opening a hatch are visible.

An airport in Madrid. Photo courtesy of DigitalGlobe.

An airport in Madrid. Photo courtesy of DigitalGlobe.

The neighborhood images show how easy it is to count items like pools, cars and even individual trees.

A view of Madrid. Photo courtesy of DigitalGlobe.

A view of Madrid. Photo courtesy of DigitalGlobe.

DigitalGlobe actually had to edit the images to be less sharp than it is capable of producing. In June it became legal for the company to release images accurate at the 15.75 inch scale or above. Images at WorldView-3’s full 11.8 inch capability won’t be allowed until next year, when images down to 9.84 inches will be accepted.

WorldView-3 is capable of imaging areas nearly the size of Texas each day. It won’t be long before it passes over your town, so be sure to get your tomato plants photo-ready.