A while back, I brought CAcert to Wouter's attention. CAcert is basically a certificate authority (a trusted third party) based on a web-of-trust. CAcert is community based and membership is free of charge. Users authenticate themselves to other (already trusted) users. When you have a high enough trustlevel, CAcert will allow you to sign your certificates. When the CAcert root certificate is imported in your SSL using application, your certificates will work without any warning about untrusted certificates.

When you have a high trustlevel and pass an Assurer Challenge, you gain the status of Certified Assurer and you can award assurance points to other members. New members gain more assurance points by visiting these assurers.

And so we set of on our road-trip...!

We didn't plan this - we just mailed a couple of assurers in the neighborhood right before we hopped in my car. Wouter had his laptop with mobile Internet and GPS with him so I was the driver and he was the navigator. With every assurer we visited we mailed a couple of others and went on our way again. We started at five o' clock in Deventer, and finished about eleven o' clock in Zwolle. By then we had enough assurance points to become a Certified Assurer. Passing the test was the last hurdle, but since the test isn't that hard we both passed quickly. Now we can create our own signed certificates for https, encrypted mail or code signing for example!

When you got interested in CAcert and want to gain assurance points yourself, don't hesitate to come and visit us here at 2go-mobile! We can award 10 assurance points each. The only thing you need to bring is two valid ID documents with photo, and a print of the WoT form.

Jurrie Overgoor, R&D 2go-mobile B.V.

web-of-trust | ssl | certificate | CAcert

Dear readers,

A couple of years ago, when I was still in college, I wanted to take a good 'look' at the IP networks of the Dutch mobile providers. Back then my service provider was Orange (now T-Mobile) so I started off with their networks. Since receiving an MMS is usually free of charge, I connected to that APN first. I collected all hosts and protocol information that you need to send an MMS and tried to access other computers on the Internet using the same configuration as when you are (sending or) receiving an MMS. I found out that I could connect to their mms proxy server and give it an 'CONNECT xxx.xxx.xxx.xxx:8080' command to connect to any computer on the net using port 443 or 8080! This opened up a world of opportunities, since I was already running an OpenVPN server on one of those ports. A free internet service (without land borders!) was born! What they should have done was only to allow connections to their MMS host and disallow all other requests on that proxy.
I've contacted Orange and let them know this flaw exists and within a couple of weeks they fixed the problem and connecting to the proxy using the 'CONNECT' command didn't work anymore.

Ofcourse I didn't give up and started to buy prepaid cards of the other providers from the Netherlands to see if they had made the same mistake as Orange did. I didn't have to look far, because Telfort had the same flaw in their MMS proxy. I've also emailed and called them twice about this problem, but they didn't have a clue about what was going on. The second time I've let them know, was when they opened up their HS(D)PA network for prepaid users, so it was actually a really good replacement for other, paid services.
This flaw existed for the last two or three years, but recently they decided to fix the problem (maybe because they accidentaly updated their software?) and connecting to the proxy using the 'CONNECT' command isn't posible anymore.

All the other providers in the Netherlands were secure on that matter (but T-Mobile allows you to have an negative amount of call credit!), but Telfort still has one little flaw in their network that allows you to ping through;)

Wouter van der Veer, R&D 2go-mobile B.V.

Article dated : 15 jun 2009
Rev : 3

My old artwork!

While doing research on sending SMS text messages from my computer, I came across the UCP protocol definition. It gives you the possibility to set your sending phone number, but it doesn't check for validity. E-mail knows a similar flaw, and it's widely used to spam people. The possibility to fake your sender id for SMS text messages is not widely known however.

When you have a standard modem in your computer, you can send SMS text messages to a mobile phone from it. You dial in to an SMS service center, and talk a certain protocol. There are basically three protocol variants: SMPP, TAP and UCP. The latter is used by KPN, which is a telecom operator here in The Netherlands.

I wrote a small program that talks UCP to KPN's SMS service center, and quickly found that you can supply your own 'from' phone number. There is no check to see whether this number actually belongs to you, and so you can easily fake it. Of course I'm not the first to find this flaw, but I don't think it's known to the public either. Spam by SMS is becoming an increasingly big issue, and this flaw gives SMS spammers even more opportunity.

...but it also opens up a world of fun!

I had the best time sending fake messages to my colleague. He's a real iPhone fanatic, you know: jailbreaking and the works. I started sending him SMS text messages with the from number being '1337', and the messages being like 'L0L - I ownz ya iFone!! Thaz wh4z ya get for illegal unl0ck1ng y4 n00b'. After that the messages were about people in his contact list, claiming I had full access to each and every contact in his phone. The best part was me sending him a fake message supposedly coming from one of his contacts (that we both knew), with a message saying 'I get all kinds of strange calls from a guy'. When he worriedly started posting on a tech forum, I thought it was time break it to him. He took it like a sport, and we all had a good laugh! Just another fun day in the office!

Jurrie Overgoor, R&D 2go-mobile B.V.

sms | ucp

Dear readers,

Lately I have been updating our company's multi mobile platform framework with geofencing functionality. Geofencing is the creation of a virtual field that represents a geographic area where a user can be notified when he or she leaves or enters the area.

In out framework this represents the functionality that lets customers create a digital fence for their users based on their GPS position, GSM/UMTS cell signal or based on a wireless lan accesspoint area. When the user enters or leaves that specified area, the administrator will be noticed (or an action will be triggered). We invested in this technology because we think it has several advantages for users in different contexts. e.g. When a group of users are supposed to visit clients in city centre of Deventer, there is no need for them to be at the coffeeshop at a nearby village. With a system like ours, you (as an administrator) can now be notified by the system when a user left his workspace. Other usefull processes can be triggered by this action. Let us know your ideas and we can supply the solution!

Along with the above features I have created some tools for the creation and specification of the fences. A mobile tool to provide you with the GSM/UMTS-cells you need to add to the fence, a wireless LAN accesspoint scanner and a innovative tool to draw a GPS-map on a graphical Geographic Information System like Google Maps.

Do you like this blog or are you interested in the techniques used? Let us know by dropping a line or just give us a ring!

Wouter van der Veer, R&D 2go-mobile B.V.


Article dated : 12 feb 2009
Rev : 2

Dear readers,

As I was doing my research on Location Based Services, I wanted to make a simple proof of concept about working with GSM/UMTS cellsites. Because I had a good idea about linking those cellsites to activities you usually do when you enter specic locations, I created the software called WiFiLocations. The first target of this product was to activate WiFi on predefined locations like home or work. This could come in handy for activating my VoIP profile whenever I am on a WiFi-location!

When I found out how the get the current Cell-ID in the code, I started working on the WiFI (de)activation. I also found out how to scan the MAC-addresses of the accesspoints by using a couple of PInvokes, so I could even make the WiFi-locations more accurate. In extention to activating WiFi I also implemented the ability to (de)activate bluetooth, switch ringer style (silent/vibrate/loud) and run user specified applications when entering predefined (and named!) GSM/UMTS-cellsites.

You can find the software here, free of charge for personal use. If you want these techniques to be included in your own solution / software or want to know more about the techniques, just give us a ring and tell us what you want!

Wouter van der Veer, R&D 2go-mobile B.V.

Article dated : 7 jan 2009
Rev : 1

Settings interface

Cell based activities

Dear readers,

In addition to the earlier published BikeTrack application (realtime monitoring users using a web-interface), I've created a proof-of-concept for mobile devices. With this application, you can login on your mobile device and see your and your friends current location on a small map (Google Maps in this proof-of-concept). You can zoom in and out on this map and swipe it with your stylus (or finger) to move to map to a new location. If you tap and hold the map, you can select a user and send him or her a message, which he or she immediatly receives with a sound notification.

This could come in handy in a lot of situations. e.g. When your company has a large number of employees and a bad thing happens, like a fire in his departement. You can imagine the user would like to know where his collegues are at the moment and notify the users nearby of the fire.
Another case is when a collegue is late for an appointement and you just want to now where he is. In the meantime the belated collegue can send the others a message that he's on his way and as they could see, he's stuck in traffic. Ofcourse there are a lot more situations where this could come in handy, but this is just to show that it is possible.

Interested after reading? Do call us, we can't call you!

Wouter van der Veer, R&D 2go-mobile B.V.

Article dated : 9 jan 2009
Rev : 1

 (O) = Yourself
 (X) = Other user, hold map to send message!

Dear readers,

Another proof-of-concept I've made is about realtime monitoring a device (or person) via a web-interface. To achieve this I've made a simple (event driven) client application that sends GPS coordinates to a server. Serverside I've written a J2SE server that receives and parses the GPS coordinates and a PHP-script that shows the current (and recent) location of the user on the map using Google Maps as supplier of the mapdata. A few months later I have updated the software with a login-feature so I was multiple user capable and published it online. I haven't been doing any PR on this project, but the number of users kept on growing. In the attached screenshot you can see the active users!

If you want to try the software just visit this site. If you want a realtime tracking system included in your own solution, just contact us!

Wouter van der Veer, R&D 2go-mobile B.V.

Article dated : 11 nov 2008
Rev : 1

Active users on BikeTrack.

Example trip on BikeTrack.

Simple but effective client application