Super Mario Run(s) — Away With Your Money

If you are an Android user and a big fan of Super Mario beware: there is no Android version! There has been no official news on the Android version yet, let alone a version of the game. There is, however, a version circulating outside of Google Play market that will steal your bank account.

Right now attackers are taking advantage of the game’s popularity and Android users despair to spread malware posing as an Android version of Super Mario Run as they did in the past for Pokemon GO. The trojan is called Android Marcher and has been around since 2013, mostly targeting mobile users financial information. After installation, the application attempts to trick users with fake finance apps and a credit card page in an effort to capture banking details. The malware also locks out Google Play until the user supplies their credit card information.

In this new variant of Marcher, it can monitor the device and steal login data of regular apps, not just banking and payment apps, and send the stolen data back to command and control (C&C) servers. Facebook, WhatsApp, Skype, Gmail, the Google Play store are all vulnerable. Criminals can exploit these stolen accounts to carry out additional fraud.

Zscaler researchers advice is:

To avoid becoming a victim of such malware, it is a good practice to download apps only from trusted app stores such as Google Play. This practice can be enforced by unchecking the “Unknown Sources” option under the “Security” settings of your device.

We may add to turn on “App Verification”. Verify Apps regularly checks activity on your device and prevents or warns you about potential harm. Verify Apps is on by default, as is Unknown Sources turned off. Verify Apps also checks apps when you install them from sources other than Google Play. Of course, there is a privacy trade-off. Some information has to be sent about the apps you install back to Google.

The main advice is: use common sense. It’s common practice for companies to release official apps versions through Google Play and highly unlikely to do it via any other way.

Google Scrubs Brillo, Reveals Android Things

Another week goes by and another new IoT platform surfaces. Google has announced Android Things, a build of the mobile operating system designed for smart devices rather than the latest slab of mobile eye-candy. The idea is that the same Android tools, framework and APIs that will already be familiar to app developers can be used seamlessly on IoT Things as well as in the user’s palm.

Of course, if this is sounding familiar, it’s because you may have heard something of it before. Last year they announced their Project Brillo IoT platform, and this appears to be the fruit of those efforts.

So you may well be asking: what’s in it for us? Is this just another commercial IoT platform with an eye-watering barrier to entry somewhere, or can we join the fun? It turns out the news here is good, because as the project’s web site reveals, there is support for a variety of Intel, NXP, and Raspberry Pi development boards. If you have a Raspberry Pi 3 on your bench somewhere then getting started is as simple as flashing a disk image.

The Things team have produced a set of demonstration software in a GitHub repository for developers to get their teeth into. Never one to miss an opportunity, the British Raspberry Pi hardware developer Pimoroni has released an Android Things HAT laden with sensors and displays for it to run on.

The IoT-platform market feels rather crowded at times, but it is inevitable that Android Things will gain significant traction because of its tight connections with the rest of the Android world, and its backing by Google. From this OS will no doubt come a rash of devices that will become ubiquitous, and because of its low barrier to entry there is every chance that one or two of them could come from one of you. Good luck!

Pioneer AVIC Infotainment Units Hacked to Load Custom ROMs

Pioneer’s flagship AVIC line of in-car multimedia systems is compatible with both Android Auto and Apple Car Play, and offers all manner of multimedia features to the driver of today. What’s more, these in-dash wonders have spawned their own community, dedicated to hacking the units. The ultimate infotainment hack is to develop custom ROMs for these devices.

What this means is that owners of Pioneer AVIC units will eventually be able to flash a custom ROM onto their in-car device, allowing it to operate more like any other generic Android tablet on the market. The potential is there for installing custom applications, extra hardware (such as OBD II readers), or pretty much anything else you can do with an Android device.

The hack involves a whole lot of delicate steps, beginning with using a USB stick with a special image to boot the device into a test mode. This allows the internal SD card to be backed up, then overwritten with a new image itself.

Mostly, the hack has been used to allow map files to be updated on the internal SD card — inability to update maps has been a long festering thorn in the side of in-dash navigation systems. Users have been customizing this to suit their requirements, also adding speed camera locations and other features. But overall this hack is a great example of hacking something to get full control over the things you own. At the least, this will allow drivers to ditch the phones suction-cupped to the windshield and run common apps like Waze, Uber, and Lyft directly on the infotainment screen (assuming you can rig up an Internet connection).

Check out another great Android ROM hack — using a cheap old smartphone as a low-cost ARM platform.

The Joy of the ESP8266 and Blynk

I’ll admit it. I can be a little cheap. I also find it hard to pass up a bargain. So when I saw a robot kit at the local store that had been originally $125 marked down to $20, I had to bite. There was only one problem. After I got the thing home, I found they expected you to supply your own radio control transmitter and receiver.

Normally, that wouldn’t be a problem but lately… let’s just say a lot of my stuff is in storage and I didn’t have anything handy. I certainly didn’t want to go buy something that would double the cost of this robot that I really didn’t need to begin with.

However, I did have a few ESP8266 modules handy. Good ones, too, from Adafruit with selected 5 V I/O compatibility and an onboard regulator. I started thinking about writing something for the ESP8266 to pick up data from, say, a UDP packet and converting it into RC servo commands.

joymainSeemed like a fair amount of work and then I remembered that I wanted to try Blynk. If you haven’t heard of Blynk, it is a user interface for Android and Apple phones that can send commands to an embedded system over the Internet. You usually think of using Blynk with an Arduino, but you can also program the embedded part directly on an ESP8266. I quickly threw together a little prototype joystick.
Continue reading “The Joy of the ESP8266 and Blynk”

Smartphone Bench Instrument Apps: Disappointment or Delight?

If you are interested in electronics or engineering, you’ll have noticed a host of useful-sounding apps to help you in your design and build work. There are calculators, design aids, and somewhat intriguingly, apps that claim to offer an entire instrument on your phone. A few of them are produced to support external third-party USB instrument peripherals, but most of them claim to offer the functionality using just the hardware within the phone. Why buy an expensive oscilloscope, spectrum analyzer, or signal generator, when you can simply download one for free?

Those who celebrate Christmas somewhere with a British tradition are familiar with Christmas crackers and the oft-disappointing novelties they contain. Non-Brits are no doubt lost at this point… the crackers in question are a cardboard tube wrapped in shiny paper drawn tight over each end of it. The idea is that two people pull on the ends of the paper, and when it comes apart out drops a toy or novelty. It’s something like the prize in a Cracker Jack Box.

Engineering-oriented apps follow this cycle of hope and disappointment. But there are occasional exceptions. Let’s tour some of the good and the bad together, shall we?

Continue reading “Smartphone Bench Instrument Apps: Disappointment or Delight?”

An SDR For The Rest Of Them

If you are a radio enthusiast it is very likely that you will own at least one software defined radio. With the entry point into the world of SDRs starting with the ultra-cheap RTL2382 based USB receiver sticks originally designed for digital TV, it’s a technology that passed long ago into the impulse purchase bracket.

If you are not a radio enthusiast, or not even a Hackaday reader, you may not have heard of SDR technology. Even the humblest up-to-date radio or TV may well contain it somewhere within its silicon, but at the user interface it will still resemble the device you would have had in the 1950s: analogue tuning, or a channel-flipper.

It is interesting to see an attempt to market a consumer device that is unashamedly an SDR, indeed that is its unique selling point. The Titus II SDR bills itself as the “World’s First Consumer Ready SDR Package”, and is based around an Android tablet mated with a 100 kHz to 2 GHz SDR tuner and a pair of speakers in a portable radio styled case. It will support all modes including digital broadcasting through software plugins, and there will be an open plugin API for developers. They are taking pre-orders, and claim that the launch price will be under $100.

It sounds like an exciting product, after all who wouldn’t want a radio with those capabilities at that price! However it leaves us wondering whether the price point is just a little too ambitious for the hardware in question, and we’ll reluctantly say we’ll believe it when we see real devices on the market. A $100 consumer price doesn’t get you much in the tablet world, and that is from high-volume Chinese manufacturing without the extra cost of the SDR hardware and the overhead of smaller volume from a niche product. There are pictures online of real prototypes at trade shows, but we’d like to see a website with fewer renders and more hard plastic.

There is another angle to this device that might interest Hackaday readers though. It should remind anyone that building one yourself is hardly a difficult task. Take an RTL2382 stick with or without the HF modification, plug it into a tablet with an OTG cable, install an app like SDR Touch, and away you go. 3D print your own case and speaker surrounds as you see fit, and post the result on hackaday.io.

Via the SWLing Post.

When Your Screen Breaks In The Himalayas

If you’ve ever had the screen break on your laptop, you’ll know it can be rather annoying to have to use an external monitor for a while as you either wait for a replacement panel to arrive from the other side of the world, or wait for that new laptop you were just desperate for an excuse to upgrade to.

Spare a thought, then, for [tom bh] whose laptop screen broke while he was in Ladakh, Northern India. Two days bus ride from the nearest city in which he could hope to source a replacement part, he had to make do with the resources in front of him. A laptop with a broken screen, and his Android phone.

He was fortunate in that a few lines at the top of the screen still worked intermittently. So after logging in blind and finding himself in a shell, he could execute commands and then scroll the results up to the point at which they were visible. He first enabled an SSH server, then connected his phone via USB. A bit of work to find the laptop’s IP address, and he could get himself a laptop shell on his phone with an Android SSH client. He goes into detail about how he was able to use the laptop’s keyboard to emulate a Bluetooth device which he connected to the phone. He could then run a VNC server on the laptop and connect to it with a VNC client on the phone, resulting in a phone-sized laptop display using the laptop’s keyboard as input. Not a perfect physical terminal by any means, but enough for him to continue working.

His writeup is an especially interesting read for its side-by-side evaluation of the various different application choices he made, and contains some useful suggestions as to how anyone might prepare themselves for a dead screen related emergency.

We’ve featured a dead-screen laptop connected as a serial terminal with an Arduino in the past, but unlike this one that only gave its owner a prompt.

Via Hacker News.