PostMarketOS Saves Old Smartphones

Modern smartphones, even the budget models, are extremely impressive pieces of technology. Powerful ARM processors, plenty of RAM, and an incredible number of sensors and radios are packed into a device that in some cases are literally given away for free when you sign up for a service plan. Unfortunately manufacturers are not obligated to keep up with software updates, and while the hardware may be willing to keep on fighting, the user is often pushed to upgrade due to perennially outdated software. Even if you aren’t the kind of person to be put off by using a phone that doesn’t have the latest and greatest OS, the lack of software security updates pose a clear threat in a world where mobile devices are increasingly targeted by attackers.

But what if the operating system on your phone worked more like the on one your computer? That’s the dream of postmarketOS, a Linux distribution created by [Oliver Smith] that is designed to be installed on outdated (mostly Android) smartphones and tablets. He’s recently made a comprehensive blog post about the state of the project a little over 6 months since it started, and we have to say things are looking very impressive so far.

One of the key goals of postmarketOS is to avoid the fragmented nature of previous attempts at replacing Android with a community-developed operated system. By avoiding binary blobs and focusing on getting the mainline Linux kernel running on as much as the hardware as possible, there’s no need to make different forks and releases for each supported device. By unifying the OS as much as far as it can be, an upstream update can be pushed to all devices running postmarketOS regardless of their make and model, just like with traditional Linux distributions.

The blog post shows two things very clearly: that the community is extremely excited and dedicated to the prospect of running what is essentially desktop Linux on old smartphones and tablets, and that postmarketOS still has a long way to go. In these early days, many devices aren’t what could be considered “daily drivers” by most standards. In fact, the blog post mentions that they’ve decided to abandon the term “supported” when talking about devices, and make no claims beyond the fact that they will boot.

Still, incredible progress is being made on everything from mainline kernel development to getting standard Linux desktops such as Gnome, MATE and XFCE4 running. Work has also been done on the backend process of compiling and packaging up components of the operating system itself, promising to speed up development times even for those who don’t have a beefy machine they can dedicate to compiling. The blog post ends with a helpful list of things the reader can do to help support postmarketOS, ranging from making your own t-shirts to porting to new hardware.

At Hackaday we’ve seen our fair share of hackers and makers re-purposing old smartphones and tablets, keeping them out of the landfills they would almost certainly end up in otherwise. A project that aims to make it even easier to hack these cheap and incredibly useful devices is music to our ears.

The Bedside Light App That Phones Home

Desiring a bedside lamp with a remote control, [Peadar]’s wife bought a Xiaomi Yeelight, an LED model with an accompanying Android app. And since he’s a security researcher by trade, he subjected the app to a close examination and found it to be demanding permissions phoning home to a far greater extent than you’d expect from a bedside light.

His write-up is worth a read for its fascinating run-through of the process for investigating any Android app, as it reveals the level to which the software crosses the line from simple light-controller into creepy data-slurper. The abilities to create accounts on your device, download without notification, take your WiFi details and location, and record audio are not what you’d expect to be necessary in this application. He also looks into the Xiaomi web services the app uses to phone home, revealing some interesting quirks along the way.

This story has received some interest across the Internet, quite rightly so since it represents a worrying over-reach of corporate electronic intrusion. It is interesting though to see commentary whose main concern is that the servers doing the data-slurping are in China, as though somehow in this context the location is the issue rather than the practice itself. We’ve written before about how some mildly sinister IoT technologies seem to bridge the suspicion gap while others don’t, it would be healthy to see all such services subjected to the same appraisal.

As a postscript, [Peadar] couldn’t get the app to find his wife’s Yeelight, let alone control it. That the spy part of the app works while the on-the-surface part doesn’t speaks volumes about the development priorities of its originator.

Image: Xiaomi Yeelight website.

Edward Snowden Introduces Baby Monitor for Spies

Famed whistleblower [Edward Snowden] has recently taken to YouTube to announce Haven: an Open Source application designed to allow security-conscious users turn old unused Android smartphones and tablets into high-tech monitoring devices for free. While arguably Haven doesn’t do anything that wasn’t already possible with software on the market, the fact that it’s Open Source and designed from the ground up for security does make it a bit more compelling than what’s been available thus far.

Developed by the Freedom of the Press Foundation, Haven is advertised as something of a role-reversal for the surveillance state. Instead of a smartphone’s microphone and camera spying on its owner, Haven allows the user to use those sensors to perform their own monitoring. It’s not limited to the camera and microphone either, Haven can also pull data from the smartphone’s ambient light sensor and accelerometer to help determine when somebody has moved the device or entered the room. There’s even support for monitoring the device’s power status: so if somebody tries to unplug the device or cut power to the room, the switch over to the battery will trigger the monitoring to go active.

Thanks to the Open Source nature of Haven, it’s hoped that continued development (community and otherwise) will see an expansion of the application’s capabilities. To give an example of a potential enhancement, [Snowden] mentions the possibility of using the smartphone’s barometer to detect the opening of doors and windows.

With most commercially available motion activated monitor systems, such as Nest Cam, the device requires a constant Internet connection and a subscription. Haven, on the other hand, is designed to do everything on the local device without the need for a connection to the Internet, so an intruder can’t just knock out your Wi-Fi to kill all of your monitoring. Once Haven sees or hears something it wants you to know about it can send an alert over standard SMS, or if you’re really security minded, the end-to-end encrypted Signal.

The number of people who need the type of security Haven is advertised as providing is probably pretty low; unless you’re a journalist working on a corruption case or a revolutionary plotting a coup d’etat, you’ll probably be fine with existing solutions. That being said, we’ve covered on our own pages many individuals who’ve spent considerable time and effort rolling their own remote monitoring solutions which seem to overlap the goals of Haven.

So even if your daily life is more John Doe than James Bond, you may want to check out the GitHub page for Haven or even install it on one of the incredibly cheap Android phones that are out there and take it for a spin.

Continue reading “Edward Snowden Introduces Baby Monitor for Spies”

3D-Printed Robot Golem Only a Tiny Bit Creepy

ASPIR, the Autonomous Support and Positive Inspiration Robot is an goblin-sized robot, designed by [John Choi], aims to split the difference between smaller hobbyist robots and more robust but pricy full-sized humanoids only a research institute could afford. By contrast, [John] estimates it cost a relatively meager $2,500 to create such a homunculus.

The robot consists of 33 servos of various types moving the limb, controlled by an Arduino Mega with a servo control shield seated on it. The chassis uses 5 kg of filament and took 300 hours to print, and it has a skeleton made up of aluminum hex rods. Spring-loaded RC shocks help reinforce the shoulders. There are some nice touches, like 3D-printed hands with living hinge fingers, each digit actuated by a metal-gear micro servo. It stores its power bricks in its shins. For sensors it includes a chest-mounted webcam and a laser distance sensor.

The main design feature is the Android smartphone serving as its brains, and also — at least cosmetically — its eyes. Those eyes… might be just a teensy bit too Chucky for our taste. (Nice work, [John]!)

Hybrid Interface Brings Touchscreen to Rigol Scope

With pervasive smartphones and tablets, the touch interface is assumed for small LCD screens, and we’ve likely all poked and pinched at some screen, only to find it immune to our gestures. Manufacturers have noticed this and begun adding touch interfaces to instruments like digital oscilloscopes, but touch interfaces tend to be an upgrade feature. But thanks to this hybrid oscilloscope touchscreen interface, even the low-end scopes can get in on the action.

It only makes sense that [Matt Heinz] started with one of the most hackable scopes for this build, which was his Master’s thesis project. Using an Android tablet as an auxiliary interface, [Matt] is able to control most of the main functions of the scope remotely. Pinching and expanding gestures are interpreted as horizontal and vertical scaling, while dragging the displayed waveform changes its position and controls triggering. While it’s not a true touchscreen scope, the code is all open source, so can a true aftermarket Rigol touchscreen be far away?

Rigol hacks abound here — you can talk to them in Linux, increase the bandwidth, or just get a look at their guts.

Continue reading “Hybrid Interface Brings Touchscreen to Rigol Scope”

Joe Activation with a WiFi-Controlled Electrical Outlet

[Mike] is the only one in his house who drinks coffee, and uses a simple single-serving brewer with no auto-on feature. And since no one really wants to have to stand around making coffee in the morning, [Mike]’s solution was to IoT-ize his electrical socket.

MQTT Dash is an Android app “for nerds only ;)”

The project consists of a relay board controlled by an ESP8266-packing Adafruit Huzzah. It’s all powered by a 9V power supply with a regulator supplying the relay coil and Huzzah with 5V. [Mike]’s using CloudMQTT to communicate with the outlet.

We often see these automation projects hit a wall when it comes to adding a user-side dashboard. [Mike] is using a free Android app called MQTT Dash which allows for a number of different UI components and even had coffee maker icons already built in. It’s certainly worth a look for your own projects. [Mike] uses it to turn on the outlet for 10 minutes, and by the time he grabs half-and-half the outlet is already off again.

It turns out that connecting coffee pots to the Internet is a driving force among out readers. This one alerts the whole office when the coffee is done, while another one is controlled by Alexa. Then again, sometimes all you can do is reverse engineer the Internet of coffee.

Detecting Dire Diseases – with a Selfie?

They say the eyes are the windows to the soul. But with a new smartphone app, the eyes may be a diagnostic window into the body that might be used to prevent a horrible disease — pancreatic cancer. A research team at the University of Washington led by [Alex Mariakakis] recently described what they call “BiliScreen,” a smartphone app to detect pancreatic disease by imaging a patient’s eyes.

Pancreatic cancer is particularly deadly because it remains asymptomatic until it’s too late. One early symptom is jaundice, a yellow-green discoloration of the skin and the whites of the eyes as the blood pigment bilirubin accumulates in the body. By the time enough bilirubin accumulates to be visible to the naked eye, things have generally progressed to the inoperable stage. BiliScreen captures images of the eyes and uses image analysis techniques to detect jaundice long before anyone would notice. To control lighting conditions, a 3D-printed mask similar to Google’s Cardboard can be used; there’s also a pair of glasses that look like something from [Sir Elton John]’s collection that can be used to correct for ambient lighting. Results look promising so far, with BiliScreen correctly identifying elevated bilirubin levels 90% of the time, as compared to later blood tests. Their research paper has all the details (PDF link).

Tools like BiliScreen could really make a difference in the early diagnosis and prevention of diseases. For an even less intrusive way to intervene in disease processes early, we might also be able to use WiFi to passively detect Parkinson’s.

Continue reading “Detecting Dire Diseases – with a Selfie?”