February 2005 - July 2005

Course: Individual project
Software: C with iptables, cURL, Dnsmasq, BlueZ and OpenOBEX libraries

Description

According to Greek mythology, Pandora’s Box was entrusted by the Gods to Epimetheus and his wife Pandora. The box contained all sorrows and evils of mankind and was not to be opened under any circumstance. Yet, impelled by her natural curiosity, Pandora opened the box and unleashed its terrible contents upon the world.

Pandora's Digital Box is a project that tries to realize such a box for the digital world. By opening the box, all vulnerable digital devices in its vicinity will be plagued by the sorrows and evils of the digital world. Viruses, worms, adware, spyware and other evils will infest the devices either until the box is closed or the devices are out of range.

The possible and impossible

The essence of the project is to gain access to digital devices in one way or another and to have the devices perform some kind of specific behavior that people will identify as unwanted, annoying or problematic. When this occurs, the project can be said to be a success.

It is obvious that not all devices are alike, since 1) some devices function as a standalone and do not communicate with the outside world, 2) some devices only perform outgoing communication, 3) some only accept incoming communication and 4) others support two-way communication. For my project to work, I need the ability to communicate to some extent with a device, because otherwise there is no possibility to get it to behave as I want it to behave. This means that only those devices that fall in the third and fourth category fit the profile.

Also, the method of communication is very important. Communication does not only take place over a certain medium, but also follows a certain protocol that is supported by that medium and that all parties engaged in the communication can understand (e.g. medium: copper wire, glass fiber, the ether; protocol: infra-red, english language, smoke signals). Those devices that are perfect targets for the project are devices that utilize easy to understand and popular protocols on a well-understood medium, because only then it is 'reasonably simple' to talk with a device and to get it to do what I want it to do.

Mobile mayhem

To let the project have effect on as many devices as possible with the least amount of effort is what I have striven for to do, e.g. it would be unwise to make the project target a specific type of PDA with a a rare operating system which on average only one in a million people might have; it would be much better to target cell-phones, because everyone seems to have one nowadays.

Therefore, I let the project target only those devices that use the following wireless communication methods: GSM 1800MHz, Bluetooth and 801.11b/801.11g wireless. The devices that use these communication methods are in general mobile devices.

Cellular confusion

SMS, or Short Message Service, is a very popular service that is used to send text messages to other people. In general, only people who have your cell phone number can send you a message, thus once your phone starts beeping because an sms just arrived, you can be pretty sure it was sent by one of your acquaintances.

Of course, this makes it an excellent service to target: imagine receiving one, two, a lot of text messages containing advertisements or other messages that you absolutely would not want to receive! It would drive people crazy and especially since they will not be able to stop the flow of messages; turning the cell phone off would stop it beeping for now, but once you turn it back on, any remaining messages that were sent but not received by you yet will still pour in... There are a few possibilities on how to achieve this.

miniature cell phone tower
What would be the best way - and definitely not the easiest - is to build a miniature cell phone tower. A cell phone is programmed to tune into the cell phone tower with the strongest signal. By faking a tower, it is possible to trick the cell phone into connecting with it. Once that has happened, you have total control over the phone! This technique has been used by several companies, most of which try to perform passive cell phone jamming (e.g. Cell Block Technologies Inc.). Here, the cell phone locks onto the fake cell phone tower which instructs it to reduce its radio transmission power and to go to a radio frequency that is unused, resulting in the phone not being able to make or receive calls. Unfortunately, to get this to work you require extensive knowledge of cell phone hardware and software and quite a lot of time (at least, much more than the time that is set for the project).

sms gateway
The only other possibility would be to obtain one's phone number somehow and sending text messages through some operator. To send messages, the easiest and cheapest solution is to use a commercial sms gateway to send the messages through - I ended up using the services of PSWinCom. Of course, you can also do it the hard way and hook up an old phone and program some code so you can use your phone to send messages instead, but just making a simple http request to PSWinCom's sms gateway is much more elegant, and smarter too. Yet... how to obtain one's cell phone number? To get it without asking, you could utilize the stupidity of people and frankly, you could be quite successful and get away with it as well. Something like 'send an sms to this number and you will receive free ringtones' or 'vote for who should win Idols by sending an sms to this number' would, I think, work surprisingly well.

However, since this project is just an illustration of concept, and is not intended to be really used, I'll just ask people's phone numbers when the project is demonstrated.

Bluetooth backfire

Bluetooth is a quite popular protocol that is used for communication between a variety of devices, such as the audio stream sent from a walkman to a set of wireless head phones. Concerning mobile devices, lots of them also have Bluetooth capability, which for instance can be used to synchronize data with a home computer or can be used to send text messages to other phones.

Even though cell phone manufacturers finally have disabled the bluetooth service by default on newly manufactured code, on older phones it usually still is enabled (either by default or by their unwitting owners). Several flaws have been detected that allow people with cruel intentions to gain access to phones that have bluetooth turned on, allowing one to extract the address book, any documents, install programs and even use the phone to remotely place calls. As this project only is an illustration of concept, I'll use a less severe flaw in the bluetooth protocol: it still allows for the unauthenticated sending of objects through one of the provided services. Objects pretending to be viruses or worms, funny images, annoying advertisements or strange messages will certainly scare or annoy any cell phone user!

The way to connect to bluetooth-capable devices is much easier than with cell phones: most bluetooth devices are set to 'discoverable mode', which means that it can be found by any other device that is in its neighborhood. As long as the device is in that mode and stays within range of my project, it remains an easy target!

Wireless worries

The internet is no longer a mystery to many of us. Thanks to the seemless interaction between the various internet standards, protocols and equipment, the web is a nice place to be. Browsing for information, chatting, swapping files using p2p and listening to one's favorite radio channel usually is a smooth and great experience. At least you always get what you expect: if you type in the address of Google you are taken to the web page of Google, or if something went wrong you get an error message giving you an indication about what went wrong.

But what if the internet doesn't behave as one would expect? What if the words of your search query in Google get switched around or are redirected to the Yahoo! search engine? What if every page you visit suddenly contains pop-ups, even though you're sure those pop-ups are no part of the real page? Exactly, browsing the web would become a frustrating and annoying experience.

Appearing to be a regular free-of-charge wireless access point, the project's hotspot is not what it seems. Any device that supports the WiFi protocol (801.11b or 801.11g), can connect to the hotspot once it gets in range, ultimately giving the user the frustration of a lifetime!

Technicalities

To get everything running, very low-end hardware is required. However, I used a relatively new system to develop the project and stuck with it eventually since it already ran nice and smoothly.
The system was fitted snugly into a box, which contained exotic characters on the outside (unfortunately I couldn't find any boxes that had Greek letters as decoration, so I chose one with Chinese characters instead - obviously this has nothing to do with the project but it looked fancy anyway) and got it hooked up to an open/close detection switch. Some soldering was required to get a mechanism working that could send the open/close signal to the system and which could fire up the wireless router as well.

The system runs Kubuntu and the software is written in C (libraries used are: iptables, cURL, Dnsmasq, Bluez and OpenOBEX). The open/close detection mechanism contains a PIC16F628 microchip and uses a MAX chip to talk with the system using the RS232 serial protocol. To turn on the router a relay is installed that draws its power from the system's PSU.

Disclaimer

To make my intentions clear and to protect myself from any legal repercussions, the following disclaimer stands:

This project is solely created for research and educational purposes and has no other intentions whatsoever. For the sake of safety and security of the digital devices and the whole digital world, the 'evils’ (from hereon called 'objects') that will be unleashed onto the digital devices are totally harmless, besides possibly giving temporary annoyances to the device's user. The objects will not spread, cause mayhem on a local or global scale or steal and/or collect personal data from the devices. Yet, I do not take any responsibility for any damages or malfunctions that might have been caused by this project.

Download

Grab the source code from here. I will not give support on how to build your own box or on any other issue with the source code.