Drownings and Immolations and Spies
Greetings, all! Welcome back to Everyday Tech Myths, your one-stop shop for big technology questions answered on a very tiny budget. Ongoing thanks go to our devoted forum posters and their feedback. Once again, don’t be shy about writing in with any and all tech myths, urban legends, nagging conundrums, and curious bits of common wisdom you’d like explained.
This time around, we thought we’d celebrate spring with something old and something new. If you recall our keyboard-in-the-dishwasher experiment, that didn’t go so well...but maybe we can do better with bringing back a cell phone from its watery grave. Speaking of graves, I thought I’d celebrate the end of a grueling April by seeing if I could incinerate myself at a local gas station by using my phone. (Spoiler: I’m writing this intro after the experiment, wink-wink.) And taking things in an entirely different direction, I sat down with one of the country’s top hackers to see if Big Brother—or anyone else—really can watch you via your Web cam without your being aware of it.
Right. Let’s jump right in.
See, My Friend Did This...
Question: Can you bring a cell phone that has been submerged in water back from the dead?
It all started when my buddy, Joe, was on vacation in Arizona and decided to hop off of a diving board and into the pool—with his HTC/Cingular 8125 PDA phone still in his pocket. Isn’t it strange how you can go for hours without ever thinking about your phone, but the second you hit water, your brain cries out in agony, “Oh, @#$^!! My @#$%!ing phone!” If this were a column on psychology, I’d research that phenomenon next time. But it’s not. Moving on.
Being a fairly smart and dexterous guy, Joe practically had the battery removed from his phone before his head emerged from the water. He did a bit of Googling on the subject of phone drownings, then baked his phone in the oven for two hours at 200 degrees, let it sit for a few days, and the thing worked like a champ. Could it really be that easy? I mean, with a keyboard, large screen, and everything else, the 8125 was no simple bit of circuitry. Maybe cell phones are more resilient against drowning than most of us suspect.
The Red Dot
Some people are cursed with bad cell phone karma. I’m one of them. Apparently, Joe is another. I lose mine. He drowns his. In fact, even after I began to research this article, Joe saw fit to give another phone a dunk: he sent his $20 Nokia 2610 through the washing machine. Joe now only buys $20 phones specifically because of occasions like this.
I point this out to illustrate the difference to a manufacturer between a phone that has been drowned and one that hasn’t. You can see in the image here that Joe’s drowned unit, still wet on the inside, has a round sticker inside the battery compartment that turns red after being exposed to excessive moisture. The identical phone we purchased for drowning in this article has a sticker that is still white. If you drown your phone, dry it out, find it doesn’t work, and attempt to return it for warranty exchange, this sticker will be the first thing company reps look at. Good luck getting a cheap replacement once the dot is seen to be red.
Into the Tank
The pictures here tell it all. Given his ample experience with the subject, Joe volunteered to serve as my assistant. We took the phone from its packaging, inserted the battery and SIM card, and powered it up. The phone connected to the AT&T network with no trouble.
Gingerly, we dangled the sacrificial victim above its damp doom...and let go. Bubbles emerged from the phone as its innards filled with fluid. We counted to 10, figuring this might be as long as it took the average panicking person to think, “Oh, @#$^!! My @#$%!ing phone!” and get out of the water. We plucked the device from the water and found it still glowing with the promise of an electronic heartbeat. Could it be that Nokia’s device was so simple that it survived drowning altogether?
Alas, no. When we tried dialing, we found the keypad frozen. About five seconds later, the screen went dark. “Dammit, Joe,” I said. “He’s dead.”
Rather than try to administer CPR, we went straight into dissection. For safety and to prevent corrosion, the battery must come out ASAP. We did this, also removed the SIM card, then drained and dried everything as best as we could with a towel.
Not Quite Cremated
Joe said that he’d dried his phone out at 200 degrees. Remembering how disquietingly creaky my keyboard had been upon emerging from its bake cycle, I backed off to only 180 degrees. Joe, a design engineer for Tektronix, felt this was excessively conservative on my part as most electronics are designed to withstand storage at higher temperatures (not to be confused with operating temperatures) than this. Still, I just wanted it dry, not crispy. It turns out that the Tektronix high storage spec for Class 2 electronics devices, which include most handheld, portable devices, is 85 degrees Celsius, or 185 degrees Fahrenheit.
Nevertheless, when I withdrew the phone from the oven, I noticed that a roughly X-shaped crack had appeared above the screen and below the ear speaker. Hmm, Not good.
Some Soy Sauce With That Phone?
Another lesson learned from the keyboard: fresh from the oven does not mean truly dry. After emerging from two hours of baking, I gave the phone 24 hours to air dry on the counter, then I took another cue from the Internet and stuck it in a cheap bag of white rice for five days. The rice acts as a desiccant (and you can still make stir fry out of it when you’re done).
The Moment of Truth
After a week of preparation, it was finally time to apply the paddles and see if our $20 test dummy phone could be revived from the dead. I withdrew it from the rice, put the SIM card and battery back in, and hit the power button. Immediately, I could see that the LCD screen was pretty jacked up. Gray distortion marks that looked almost like scratches were splotched around the perimeter of the display.
However, the phone showed that it was receiving a full signal. I punched in my home phone number...and connected. There was my wife on the line. “It’s aliiiiiiive!” I cried. She hung up on me.
No, the phone may not have been pretty in the end, but what evil science experiments ever turn out pretty? The monster lives on. That’s what matters. I can’t be sure if it was the oven, the time spent drying on the counter, or the rice that did the trick, but the combination? Worked like a charm.
A Hot Time at the Old Pump
Question: Can cell phones start fires and/or explosions at the gas pump?
Answer: Probably not.
One of the reasons I like doing Tech Myths is that it gives me a chance to stand up and defend common sense. Sometimes, in our often super-sensitive, ultra-paranoid society, we suspend rational thought and give way to hysteria, perhaps because it’s more exciting. After all, who wants to be bored by mundane reality? I mean, if—woops! Hey, who took my soapbox?
Perhaps you’ve seen stories like this one from CBS News (http://www.cbsnews.com/stories/2004/05/14/tech/main617547.shtml), which begins with the not-at-all-sensationalistic statement: “Flames shot up around a 21-year-old college student whose cell phone rang while he was pumping gas.” Between chain emails sent over the last decade and the occasional “news” story, it’s no wonder that many people still believe that cell phones can be the trigger of incendiary destruction at your local gas station. And here you were worried about prices edging toward $2.50 a gallon.
Is there anything to the assertion? Well, maybe. One brochure for the Motorola Satellite Series 9500 Portable Telephone notes that the device “has not been designed or approved for use in potentially explosive atmospheres,” one of which includes “fueling areas such as gasoline stations.” Some gas stations post signs forbidding the use of cell phones near pumps. Surely people wouldn’t go to such trouble for no good reason.
Still, like I said, April had been a tough month, and it was either seek solace in the artery-clogging arms of a triple cheeseburger or try to blow myself up. My sense was that the life insurance would pay off quicker for the latter. How I love my family.
Houston, Do We Have Ignition?
I drove down to the Costco gas station, where there’s always a long line and thus plenty of people on hand to call 911. Of course, that would also mean more people to be caught in the blast, but I didn’t think of that until later.
I pulled up, stuck the nozzle in my tank, and started pumping. Slowly, seeing not my whole life but at least the last hour or so pass before my eyes, I took out my phone, bent down next to the gas tank, and told my wife (who was sitting in the car) to call me. Ring-ring, went the phone. I hit the Answer button. And nothing happened. What a shock. I breathed a sigh of relief, but probably not as big a sigh as the gas station attendant’s, who was getting pretty freaked out about my unannounced antics.
Several years ago, so much hoopla exploded around the cell phone issue that Motorola, then the cell phone manufacturer to beat, commissioned Exponent Failure Analysis Associates to research the risk. The study concluded that “the use of a cell phone at a gasoline filling station under normal operating conditions presents a negligible hazard.” Two years later, the University of Oklahoma’s Center for the Study of Wireless Electromagnetic Compatibility researched the same issue and found that there was “virtually no evidence to suggest that cell phones pose a hazard at gas stations.”
What could pose a risk is the spark from static discharge. True enough, some phones can give off static sparks when they make a call connection. You can also create static discharge from rubbing your clothes together. Or petting an animal. Or plenty of other motions, especially in the hot summer or cold winter when the air is particularly dry.
But a static spark is not the only issue. If it were, we’d have gas stations blowing up left and right. The question is how much gasoline vapor needs to be present in order to ignite. According to the National Institute of Occupational Safety and Health, the lower explosive limit (LEL) of gasoline vapor is 1.4%, meaning that at least 1.4% of the air in a given environment must be gasoline vapor. (The upper explosive limit is 7.6%, after which there isn’t enough oxygen present for an explosion.) In an open air gas station, especially with any kind of a breeze blowing, the odds of getting a 1.4% gas vapor concentration outside of the gas tank is essentially nil. If you want to pump your gas from inside of a closet in the dead of summer and take cell calls, I can’t help you.
Somebody’s Watching Me
Question: Could someone be watching you through your webcam without your knowledge?
Mission: Impossible. Eagle Eye. Enemy of the State. National Treasure. Live Free or Die Hard. One can hardly put a toe into the modern action genre without coming across some instance of someone being able to spy on someone else through unauthorized Web or surveillance camera feeds. It’s like Big Brother came home to roost in Hollywood. (Yes, all you Lit majors, that is George Orwell in the background behind Logitech’s Orbit AF camera.)
But come on. That stuff is fiction, and most of it isn’t even very good fiction. Surely that sort of thing doesn’t happen in the real world...right?
Over the years, I’ve had a few occasions to interview John “Cobras” Klein, white hat hacker extraordinaire and owner of Rent-A-Hacker, Inc. Not so long ago, Klein consulted for NBC on its TV series, “Eyes.” In that capacity, as well as several others, he was called on to investigate many technology stereotypes and myths, trying to separate reality from hype. One of the areas he had to research was this exact question. We felt it would be best to let him explain in his own words.
Anatomy of a Cam Hack
John “Cobras” Klein:
“I can take over your computer right now, and get past your firewall if you invite me in. That’s how most hacks are done. The user points a browser at something or opens something and allows the connection through the firewall. That could give me access, but I’m aways away from your Web cam, still.
So I, as the hacker, have a worm flying around the Internet, and then I get a message saying that so-and-so IP address has connected to the botnet. I hooked in because you invited me when you opened a malicious PDF, for example—that’s a hot one right now. All Adobe PDFs prior to version 8.12 are vulnerable. So you open that up and pow—I own your machine.
To fire up the Web cam, somehow, I have to get that stream to me. Whether it’s RTSP [real time streaming protocol] or MMS [Microsoft Media Server] or whatever streaming method I use, as soon as that hits the firewall, you’re gonna get a message on your screen popping up saying that so-and-so application is attempting to access the Internet. It’ll say: Allow or deny? If you don’t have a firewall that watches from the inside as well as the outside, I can watch your Web cam. Then, if you’re not seeing the application because I’m clever enough to use the Windows API to hide the window (off the screen, at a value greater than your screen width or by just writing the code such that there is no window) you may never know I’m there.”
John “Cobras” Klein:
“All of the new, reasonably decent software out there calling itself an Internet security suite, even the parts of Windows—Windows Firewall or OneCare Live, any of that—will immediately catch hacks like this. There are a number of mechanisms that will snag intrusions. DEP--the protection mechanism that doesn’t allow software to control hardware on a Windows box unless the user specifically causes it to happen--that will protect you. The firewalls will all protect you, because you have to connect into the box and then out of the box because you have to stream that video somewhere. Then there’s the obvious stuff—the load on the machine, the camera light turns on, the drives spin. Most Web cams need a piece of software running in the foreground. They’re usually USB-driven these days, not driven off a driver, in which case it’s a little harder to run them in the background. But, all of that having been said, I’ve got proof. It can be done.
The single greatest security device any Web cam owner can have is a piece of black electrical tape. Every single government agency requires it for a good reason. Every time you’re not using your Web cam, you put a piece of black electrical tape over it. If you have a non-integrated camera, you’re required to disconnect it when you’re done using it.
Listen, I have virtually every piece of computer equipment known to man, and I don’t own one Web cam. That’s not because I’m paranoid. I’m just informed.
Are Macs Safe?
“I just had a client where this question came up. Long story short, she owned a Mac. Her ex, who she had fired in a very unhappy type of break-up, was a senior system administrator for a couple of major ISPs. He’d even broken into her account there and spied on her email and got fired for it. He had priors.
“He kept sending her emails telling her about things he shouldn’t have known. So we knew he still had access. We just couldn’t figure out how. Then he told her what she was wearing under some clothes one day. So now we knew either he had a camera in her room—and he didn’t know where she lived, as far as we knew—or he had broken into her computer. So she sent me her computer and I hired a Mac whiz.
“It turns out that there is indeed one way on a Mac, using very clever trickery, that you can take over somebody’s Web cam. Now, it’s child’s play on the Windows platform, but on a Mac, I was told by many people in the business that it was impossible. Well, he had managed to run a piece of startup code that would, in the background, hold open the driver for the Web cam so that he could then attach to it, using a completely different hack. He’d gain access to the machine, spring that driver, and cause it to run. He was even clever enough to find the code at the machine level to turn off the little green light saying the camera was on. There was no indication I could find that any of this was canned code. But he’d had unfettered access to the machine for weeks, and that’s how he put it there. There’s absolutely no possibility of delivering this to a machine remotely. It’s not something that script kiddies will be doing tomorrow. So I opted not to scare the planet. Apple was wholly uninterested in the whole thing, because as far as they’re concerned, somebody gutted the operating system, the underlying BSD UNIX, and hacked that, not OS X.”
If the thought of one small vulnerability leaving you open to the eyes of hackers anywhere gives you chills, tune in for the next episode of “Everyday Tech Myths.” Klein returns to answer the question: Can people track your every move based on your cell phone’s location?