Feature Phones
Recently, I came across on reddit a very cool project – the “Cosmos Browser” – which is a browser which sends HTTP requests over SMS. Communicating over SMS isn’t a novel concept – many SMS APIs exist to communicate between the phone and the outside world (Chicago’s Bus Tracker being one such example). What’s striking here is that I finally understand why these APIs exist: why, given all the smartphones in the world today, with their fancy app stores, would we want to still make apps based on SMS communication? One of the app-makers in the original Reddit post mentioned that a strength of this is the J2ME architecture of the browser – that is, we can install the browser on not just smart phones, but dumb phones as well.
In a discussion with my roommate, who teaches on the South Side of Chicago, I mentioned this application – he didn’t seem surprised about it. In contrast, he seemed to take this in stride, as he sees the application directly – the kids in his class rely on feature and dumb phones, which can’t support all the bells and whistles of the modern-era iPhones; apps which can be used in the less technologically-advanced phones gives these apps a chance to flourish in a market which isn’t normally marketed to.
Which got me thinking – what is the oldest phone that we can write an app for? Can we actually write an app to exploit a brick phone from the 90s? How far down the rabbit hole can we travel?
After some digging and asking around, I think I’ve got a tentative answer. We can, of course, use J2ME and variants to load apps into feature phones; though the exact details of how one would do so is still fuzzy to me, it’s a route I would definitely like to explore in the future. However, there is another level lower than that – SIM card hacking. Apparently it’s possible to actually run executables off the SIM, which is a completely self-contained environment able to hijack the phone environment. Which would seem to imply that phones for AT&T, T-Mobile, and the like (i.e., excluding Verizon and other CDMA phones) will all be able to take advantage / be vulnerable to this capability.
A caveat: as per the presentation and the factsheet, SIM cards are limited to about 500,000 write/erase cycles, which will last under light write conditions (i.e., heavy use under normal, non-custom app conditions) last for at least seven years – for write-intensive apps however, this would shorten dramatically, which would seem to imply that some level of phone number forwarding (e.g. Google Voice) is a must to abstract away the underlying phone.