Mastodawn

New Citizen Lab report by Gary Miller and Swantje Lange, with an incredibly sophisticated analysis of covert surveillance operations with a focus on location tracking, which target phones by exploiting/attacking weaknesses in global 3G/4G telecom networks and sending invisible SMS while acting as trusted telecom operators:
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/

The Citizen Lab Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors

Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploit the global telecom interconnect ecosystem, leverage private operator networks, and conduct covert location tracking operations that can persist undetected for years.

The Citizen Lab

Lukas Arnold Apr 8

The fourth iteration of the „Objective for the We“ event will be held in Berlin at the end of July. Apply to join us for two days of free trainings and talks that teach Apple security research in a beginner-friendly way. If you are a (cybersecurity) student or early in your career, consider applying!
https://objective-see.org/oftw/v4.html

#OFTW v4.0

Empowering students in our community

Lukas Arnold Dec 28, 2025

🧙🖳✨Dec 28, 2025

Do you know where your child is?
Are you sure?

Come join me explore the security of children's smartwatches (including evil witches, clothespins, and the secret to teleportation)
Tomorrow / Monday at #39c3 and online, 13:50 Hall Zero.

seemoo.de/s/c3-xplora

Lukas Arnold Oct 27, 2025

I just published the slides of my #OBTS v8.0 talk about Apple's #C1 baseband. Our C1 #binja loader is now available on GitHub, and you can find a recording on YouTube.

https://lukasarnold.de/posts/obtsv8-talk/

OBTS v8.0: Diving into C1

Learn more about my talk “What’s at the Bottom of the Sea, One Baseband? - Diving into the C1” at eight edition of the Objective by the Sea conference.

Lukas Arnold

Lukas Arnold Oct 16, 2025

Thanks for joining my #OBTSv8 talk about Apple's novel #C1 & #C1X basebands. I'm glad to be back at this awesome conference. We'll release the slides and tooling in the coming days.

Lukas Arnold Jul 24, 2025

I‘m glad to be back at #OBTS v8.0 with a talk about Apple‘s #C1 baseband and carrier profiles

https://objectivebythesea.org/v8/talks.html#Speaker_14

#OBTS v8.0: Talks

Conference Talks

Lukas Arnold Jul 11, 2025

jiska 🦄

Jul 11, 2025

The Apple Watch has a closed down ecosystem, only compatible with the iPhone. @trusted_device reverse engineered its interfaces and opened it up for compatibility with Android! ✨ WatchWitch ✨ allows you using your Apple Watch ⌚ on Android devices, interpreting your health data, answering messages on the Watch and more.

Demo video: https://www.youtube.com/watch?v=dHz8NHMhtLY
Read the full paper: https://arxiv.org/abs/2507.07210

Lukas Arnold Jul 9, 2025

LaF0rge Jul 9, 2025

Very interesting applied security research into the #GSMA #eSIM universe, specfically the use of the JavaCard VM with its questionable security architecture depending on an off-card bytecode verifier in the context of the eUICC which inherently contains eSIM profiles of different [competing] mobile operators, each of which can install arbitrary Java applets into the same eUICC. #GSM #3GPP #cellular #simcards
https://security-explorations.com/esim-security.html

Security Explorations - eSIM security

Lukas Arnold Jun 14, 2025

We've released CellGuard 1.6.0, our iOS app, to make use of the iPhone's internal baseband communication. The update enhances support for dual SIM, adds new #C1 packet types, automatic navigation to sysdiagnoses, and much more.

Install CellGuard with TestFlight or download the special build for jailbroken devices on our website.
https://cellguard.seemoo.de/docs/changelog/

Changelog

Changelog # 1.6.0 # CellGuard now supports dual SIM setups. When two SIM cards are activated simultaneously, the app can distinguish between their connected cells and packets. We’re working on extracting even more useful information from baseband packets in the future. This version includes breaking changes for our database structure. Once you upgrade to 1.6.0, you cannot downgrade to older builds. We recommend creating a backup (Settings → Advanced Settings → Export Data) before upgrading. If you use a jailbroken iPhone, you also have to update the associated CapturePacketsTweak and install the new RotateKeysDaemon. However, you can uninstall the CaptureCellsTweak as it is no longer required.

CellGuard

Lukas Arnold Jan 1, 2025