Nokia 5110 Gets Android Stowaway And A Keyboard

July 21, 2022 by 11 Comments

Even though Nokia is largely an afterthought in the phone market now, there was a time when their products represented the state-of-the-art in mobile devices. Some of the their handsets even featured slide-out keyboards and the ability to sent emails; largely unheard of for a device from the late 90s. [befinitiv] was a kid back then and couldn’t afford one of these revolutionary devices, so he built his own modern version that still looks and feels like the original.

To do this he borrowed the case and structure of a Nokia 5110 phone, but modified it to hold a small Android device in the old battery compartment along with a tiny Bluetooth keyboard (which was also built from scratch by [befinitiv]) that connects to the Android phone to mimic the old slide-out style. This isn’t just a case mod, though. He also reverse-engineered the original PCB of the phone and included a Bluetooth module there as well, which allows the phone’s screen and keypad to work mostly as originally intended.

This project goes pretty far to scratch the 90s phone nostalgia itch while still being largely usable as a real phone in the modern world. Assuming you aren’t too hung up on the literal phone aspect, the Notkia project is also an impressive effort to bring new life to these old handsets.

Continue reading “Nokia 5110 Gets Android Stowaway And A Keyboard”

This Week In Security: Android And Linux, VirusTotal, More Psychic Signatures

April 29, 2022 by 10 Comments

To start our week of vulnerabilities in everything, there’s a potentially big vulnerability in Android handsets, but it’s Apple’s fault. OK, maybe that’s a little harsh — Apple released the code to their Apple Lossless Audio Codec (ALAC) back in 2011 under the Apache License. This code was picked up and shipped as part of the driver stack for multiple devices by various vendors, including Qualcomm and MediaTek. The problem is that the Apple code was terrible, one researcher calling it a “walking colander” of security problems.

Apple has fixed their code internally over the years, but never pushed those updates to the public code-base. It’s a fire-and-forget source release, and that can cause problems like this. The fact that ALAC was released under a permissive license may contribute to the problem. Someone (in addition to Apple) likely found and fixed the security problems, but the permissive license doesn’t require sharing those fixes with a broader community. It’s worth pondering whether a Copyleft license like the GPL would have gotten a fix distributed years ago.

Regardless, CVE-2021-0674 and CVE-2021-0675 were fixed in both Qualcomm and MediaTek’s December 2021 security updates. These vulnerabilities are triggered by malicious audio files, and can result in RCE. An app could use this trick to escape the sandbox and escalate privileges. This sort of flaw has been used by actors like the NSO group to compromise devices via messaging apps. Continue reading “This Week In Security: Android And Linux, VirusTotal, More Psychic Signatures”

Want Octoprint But Lack A Raspberry Pi? Use An Old Android Phone

November 27, 2021 by 21 Comments

3D printers and Octoprint have a long history together, and pre-built images for the Raspberry Pi make getting up and running pretty easy. But there’s also another easy way to get in on the Octoprint action, and that’s to run it on an Android phone with the octo4a project.

A modern smartphone has a lot of useful features that make it attractive as an Octoprint host. There is a built-in touchscreen, easy power management, a built-in camera, and the fact that people regularly upgrade to new phones means that older Android phones — still powerful pieces of hardware in their own right — are readily available at low cost. The project is still relatively new, so don’t forget to check the Octoprint community thread for this project if you give it a try.

If you are wondering what Octoprint is and what it brings to the table, our own Tom Nardi explained what it does and why it matters when he shared his own upgrade experience from 2018. A few details are no longer current — for example one is no longer likely to encounter a Printrbot — but it’s still a perfectly valid primer on adding great management functionality to a 3D printer.

Privacy Report: What Android Does In The Background

November 18, 2021 by 76 Comments

We’ve come a long way from the Internet of the 90s and early 00s. Not just in terms of technology, capabilities, and culture, but in the attitude most of us take when accessing the ‘net. In those early days most users had a militant drive to keep any personal or identifying information to themselves beyond the occasional (and often completely fictional) a/s/l, and before eBay and Amazon normalized online shopping it was unheard of to even type in a credit card number. On today’s internet we do all of these things with reckless abandon, and to make matters worse most of us carry around a device which not only holds all of our personal information but also reports everything about us, from our browsing habits to our locations, back to databases to be stored indefinitely.

It was always known that both popular mobile operating systems for these devices, iOS and Android, “phone home” or report data about us back to various servers. But just how much the operating systems themselves did was largely a matter of speculation, especially for Apple devices which are doing things that only Apple can really know for sure. While Apple keeps their mysteries to themselves and thus can’t be fully trusted, Android is much more open which paradoxically makes it easier for companies (and malicious users) to spy on users but also makes it easier for those users to secure their privacy on their own. Thanks to this recent privacy report on several different flavors of Android (PDF warning) we know a little bit more on specifically what the system apps are doing, what information they’re gathering and where they’re sending it, and exactly which versions of Android are best for those of us who take privacy seriously.

Continue reading “Privacy Report: What Android Does In The Background”

This Week In Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware

July 16, 2021 by 16 Comments

The funniest thing happened to REvil this week. Their online presence seems to have disappeared.
Their Tor sites as well as conventional sites all went down about the same time Tuesday morning, leading to speculation that they may have been hit by a law enforcement operation. This comes on the heels of a renewed push by the US for other countries, notably Russia, to crack down on ransomware groups operating within their borders. If it is a coordinated takedown, it’s likely a response to the extremely widespread 4th of July campaign launched via the Kaseya platform. Seriously, if you’re going to do something that risks ticking off Americans, don’t do it on the day we’re celebrating national pride by blowing stuff up.

Speaking of Kaseya, they have finished their analysis, and published a guide for safely powering on their VSA on-premise hardware. Now that the fixes are available, more information about the attack itself is being released. Truesec researchers have been following this story in real time, and even provided information about the attack back to Kaseya, based on their observations. Their analysis shows that 4 separate vulnerabilities were involved in the attack. First up is an authentication bypass. It takes advantage of code that looks something like this: Continue reading “This Week In Security: REvil Goes Dark, Kaseya Cleanup, Android Updates, And Terrible Firmware”

A Phone That Old Shouldn’t Be Running Android

June 28, 2021 by 23 Comments

Cars and smartphones have something curious in common, just as most everyday saloon cars from different manufacturers have tended towards similarity, so have smartphones. Whether your smartphone the latest and greatest or only cost you $50 from a supermarket, it matters little to look at because both phones will be superficially near-identical black slabs.

It wasn’t always this way though, in decades past phones from different manufacturers each had their own flavours, and there was a variety in form factors to suit all tastes. There’s a ray of hope for fans of those days though, in the form of [befinitiv]’s 2000-era Sony flip phone. It runs Android. Yes, you read that right, there on the tiny screen is Android 9.

Of course whatever processor and electronics the phone came with are long gone, and instead the phone sports the internals of a modern Chinese watch-smartphone grafted in in place of the original. The whole electronics package fits in the screen opening, and though it required some wiring for the USB-C socket and a few other parts it looks for all the world from the outside as though it was meant to run Android. You can take a look in the video below the break.

He cheerfully admits that there’s still a way to go for example in getting the original keyboard working, but even with a tiny touchscreen it’s good enough to be a daily driver. It may be a little on the small side, but for those of us who miss our old phones maybe there’s hope in it for something new.

Meanwhile this isn’t the first re-use of an old phone we’ve seen recently.

Continue reading “A Phone That Old Shouldn’t Be Running Android”

Make Android’s New Power Menu Work On Your Terms

May 14, 2021 by 7 Comments

Introduced in Android 11, the power menu is a way to quickly interact with smart home gadgets without having to open their corresponding applications. Just hold the power button for a beat, and you’ll be presented with an array of interactive tiles for all the gadgets you own. Well that’s the idea, anyway.

[Mat] of “NotEnoughTech” wasn’t exactly thrilled with how this system worked out of the box, so he decided to figure out how he could create his own power menu tiles. His method naturally requires quite a bit more manual work than Google’s automatic solution, but it also offers some compelling advantages. For one thing, you can make tiles for your own DIY devices that wouldn’t be supported otherwise. It also allows you to sidestep the cloud infrastructure normally required by commercial home automation products. After all, does some server halfway across the planet really need to be consulted every time you want to turn on the kitchen light?

Adding tiles in Tasker.

The first piece of the puzzle is Tasker, a popular automation framework for Android. It allows you to create custom tiles that will show up on Android’s power menu, complete with their own icons and brief descriptions. If you just wanted to perform tasks on the local device itself, this would be the end of the story. But assuming that you want to control devices on your network, Tasker can be configured to fire off a command to a Node-RED instance when you interact with the tiles.

In his post, [Mat] gives a few examples of how this combination can be used to control smart devices and retrieve sensor data, but the exact implementation will depend on what you’re trying to do. If you need a bit of help getting started, our own [Mike Szczys] put together a Node-RED primer last year that can help you put this flow-based visual programming tool to work for you.

Continue reading “Make Android’s New Power Menu Work On Your Terms”