App development is not fun for everyone, and sometimes you just want to control a device from your phone with minimal work. Blynk appears to be a fairly put-together library for not only hooking up any Arduino or esp8266 to a phone through WiFi, but also through the net if desired.
Install the app onto your iPhone or Android device. Install the libraries on your computer. Next, modify your Arduino source to either pass direct control of a pin to Blynk, or connect Blynk to a virtual pin inside your code for more advanced control. If you want to go the easy route, create an account, log into the app, and drag and drop the interface you’d like. If the idea of letting some corporation host your Arduino project sends shivers down your spine, there is also an option to host your own server. (Editorial snark: Yes, it requires a server. That’s the cost of “simplicity”.)
There have been a few times where we’ve wished we could add app control to our projects, but installing all the libraries and learning a new language just to see a button on a screen didn’t seem worth it. This is a great solution. Have any of you had experience using it?
Smartphones are the opium of the people. If you need proof, just watch the average person’s reaction when they break “their precious”. Repairing smartphones has become a huge business. The most often broken item on phones is of course the front glass. In most cases, the screen itself doesn’t break. On newer smartphones, even the touchscreen is safe. The front glass is only a protective lens.
The easiest way to repair a broken front glass is to swap the entire LCD assembly. For an iPhone 6 plus, this will run upwards of $120 USD. However, the glass lens alone is just $10. The problem is that the LCD, digitizer and front glass are a laminated package. Removing them without breaking the wafer thin LCD glass requires great care. The hardest part is breaking down the optical glue securing the glass to the LCD. In the past that has been done with heat. More recently, companies from China have been selling liquid-nitrogen-based machines that cool the assembly. Now immersing a phone screen in -196° C liquid nitrogen would probably destroy the LCD. However, these machines use a temperature controller to keep a surface at -140° C. Just enough to cause the glue to become brittle, but not kill the LCD.
[JerryRigEverything] doesn’t have several thousand dollars for a liquid nitrogen machine, but he does have a $5 block of dry ice. Dry ice runs at -78.5°C. Balmy compared to liquid nitrogen, but still plenty cold. After laying the phone screens down on the ice for a few minutes, [Jerry] was able to chip away the glass. It definitely takes more work than the nitrogen method. Still, if you’re not opening your own phone repair shop, we think this is the way to go.
Broken phones are a cheap and easy way to get high-resolution LCD screens for your projects. The problem is driving them. [Twl] has an awesome project on Hackaday.io for driving phone screens using an FPGA. We haven’t seen it done with iPhone 6 yet though. Anyone up for the challenge?
Continue reading “Dry Ice is Nice for Separating Broken Phone Screens”
News comes from The Guardian that the iPhone 6 will break because of software updates due to non-authorized hardware replacements. Several thousand iPhone 6 users are claiming their phones have been bricked thanks to software updates if the home button – and the integrated TouchID fingerprint sensor – were replaced by non-Apple technicians.
For the last few iPhone generations, the TouchID fingerprint sensor has been integrated into the home button of every iPhone. This fingerprint sensor provides an additional layer of security for the iPhone, and like everything on smartphones, there is a thriving market of companies who will fix broken phones. If you walk into an Apple store, replacing the TouchID sensor will cost about $300. This part is available on Amazon for about $10, and anyone with a pentalobe screwdriver, spudger, and fine motor control can easily replace it. Doing so, however, will eventually brick the phone, as software updates render the device inoperable if the TouchID sensor is not authorized by Apple.
According to an Apple spokeswoman, the reason for the error 53 is because the fingerprint data is uniquely paired to the touch ID sensor found in the home button. If the TouchID sensor was substituted with a malicious TouchID sensor, complete and total access to the phone would be easy, providing a forehead-slapping security hole. Error 53 is just Apple’s way of detecting devices that were tampered with.
In fairness to Apple, not checking the authenticity of the touch ID would mean a huge security hole; if fingerprint data is the only thing keeping evil balaclava-wearing hackers out of your phone, simply replacing this sensor would grant them access. While this line of reasoning is valid, it’s also incredibly stupid: anyone can get around the TouchID fingerprint sensor with a laser printer and a bit of glue. If you ever get ahold of the German Defense Minister’s iPhone, the fingerprint sensor isn’t going to stop you.
This is a rare case where Apple are damned if they do, damned if they don’t. By not disabling the phone when the TouchID sensor is replaced, all iPhones are open to a gaping security hole that would send the Internet into a tizzy. By bricking each and every iPhone with a replacement TouchID sensor, Apple gets a customer support nightmare. That said, the $300 replacement cost for the TouchID sensor will get you a very nice Android phone that doesn’t have this problem.
On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.
But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.
Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.
We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most
firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.
And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)
It is hardly news that you can use your smart phone as a really crummy oscilloscope. You can even use it as an audio frequency signal generator. There are also plenty of projects that allow you to buffer signals going in and out of your phone to make these apps more useful and protect your phone’s circuitry to some degree. What caught our eye with [loboat’s] phone oscilloscope project was its construction.
Continue reading “Phone Scope Build Uses Old Optical Drive”
[Nathan] is a mobile application developer. He was recently debugging one of his new applications when he stumbled into an interesting security vulnerability while running a program called Charles. Charles is a web proxy that allows you to monitor and analyze the web traffic between your computer and the Internet. The program essentially acts as a man in the middle, allowing you to view all of the request and response data and usually giving you the ability to manipulate it.
While debugging his app, [Nathan] realized he was going to need a ride soon. After opening up the Uber app, he it occurred to him that he was still inspecting this traffic. He decided to poke around and see if he could find anything interesting. Communication from the Uber app to the Uber data center is done via HTTPS. This means that it’s encrypted to protect your information. However, if you are trying to inspect your own traffic you can use Charles to sign your own SSL certificate and decrypt all the information. That’s exactly what [Nathan] did. He doesn’t mention it in his blog post, but we have to wonder if the Uber app warned him of the invalid SSL certificate. If not, this could pose a privacy issue for other users if someone were to perform a man in the middle attack on an unsuspecting victim.
[Nathan] poked around the various requests until he saw something intriguing. There was one repeated request that is used by Uber to “receive and communicate rider location, driver availability, application configurations settings and more”. He noticed that within this request, there is a variable called “isAdmin” and it was set to false. [Nathan] used Charles to intercept this request and change the value to true. He wasn’t sure that it would do anything, but sure enough this unlocked some new features normally only accessible to Uber employees. We’re not exactly sure what these features are good for, but obviously they aren’t meant to be used by just anybody.
[Seandavid010] recently purchased a 2004 Volvo. He really liked the car except for the fact that it was missing some more modern features. He didn’t come stock with any navigation system or Bluetooth capabilities. After adding Bluetooth functionality to the stock stereo himself, he realized he would need a secure location to place his iPhone. This would allow him to control the stereo or use the navigation functions with ease. He ended up building a custom iPhone mount in just a single afternoon.
The key to this project is that the Volvo has an empty pocket on the left side of the stereo. It’s an oddly shaped vertical pocket that doesn’t seem to have any real use. [Seandavid010] decided this would be the perfect place to mount his phone. The only problem was that he didn’t want to make any permanent changes to his car. This meant no drilling into the dash and no gluing.
[Seandavid010] started by lining the pocket with blue masking tape. He then added an additional lining of plastic wrap. All of this was to protect the dashboard from what was to come next. He filled about half of the pocket with epoxy putty. We’ve seen this stuff used before in a similar project. He left a small opening in the middle with a thick washer mounted perpendicular to the ground. The washer would provide a place for an off-the-shelf iPhone holder to mount onto. [Seandavid010] also placed a flat, wooden paint stirrer underneath the putty. This created a pocket that would allow him to route cables and adapters underneath this new mount.
After letting the epoxy putty cure for an hour, he removed the block from the pocket. The stick was then removed, and any gaps were filled in with putty. The whole block was trimmed and smooth down for a more streamlined look. Finally, it was painted over with some flat black spray paint to match the color of the dashboard. An aftermarket iPhone holder allows [Seandavid010] to mount his cell phone to this new bracket. The cell phone holder allows him to rotate the phone into portrait or landscape mode, and even is adjustable to accommodate different sized phones.