app

35 Articles

Possible Spyware On Samsung Phones

January 9, 2020 by 118 Comments

[Editor’s note: There’s an ongoing back-and-forth about this “spyware” right now. We haven’t personally looked into it on any phones, and decoded Wireshark caps of what the cleaner software sends home seem to be lacking — it could be innocuous. We’re leaving our original text as-run below, but you might want to take this with a grain of salt until further evidence comes out. Or keep us all up to date in the comments. But be wary of jumping to quick conclusions.]

Samsung may have the highest-end options for hardware if you want an Android smartphone, but that hasn’t stopped them from making some questionable decisions on the software they sometimes load on it. Often these phones come with “default” apps that can’t be removed through ordinary means, or can’t even be disabled, and the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.

This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint, which are discussed in the post.

These revelations came about recently on Reddit from [kchaxcer] who made the original claims. It seems to be fairly legitimate at this point as well, and another user named [GeorgePB] was able to provide a temporary solution/workaround in the comments on the original post. It’s an interesting problem that probably shouldn’t exist on any phone, let alone a flagship phone competing with various iPhones, but it does highlight some security concerns we should all have with our daily use devices when we can’t control the software on the hardware that we supposedly own. There are some alternatives though if you are interested in open-source phones.

Thanks to [kickaxe] for the tip!

Photo from Pang Kakit [CC BY-SA 3.0 DE (https://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]

Give Yourself A Sixth Sense With An Arduino

September 28, 2018 by 11 Comments

If you carry a smartphone around in your pocket, you have a GPS navigation system, a compass, an altimeter, and a very powerful computer at your fingertips. It’s the greatest navigational device ever created. To use this sextant of the modern era you’ve got to look down at a screen. You need to carry a phone around with you. It’s just not natural.

For this entry into the Hackaday Prize, [Vojtech Pavlovsky] has an innovative solution to direction finding that will give you a sixth sense. It’s a headband that turns your temples into the input for a clever way to find yourself around the city or a forest, and it does it with just an Arduino and a few other bits.

The idea behind the Ariadne Headband is to create a haptic navigation system for blind people, runners, bikers, or really anybody. It does this by mounting four vibration motors on a headband, connecting those motors to an Arduino, sniffing data from a digital compass, and getting data over Bluetooth from an Android app.

All of these parts come together to form a new sense — a sense of direction. By simply telling the app to make sure you’re always oriented North, or to guide you along the grid of city streets, this headband becomes an inconspicuous and extraordinarily useful way to get around.

The HackadayPrize2018 is Sponsored by:

Easy Time-lapse Video Via Phone And Command Line

January 13, 2018 by 6 Comments

A good time-lapse video can be useful visual documentation, and since [Tommy]’s phone is the best camera he owns he created two simple shell scripts to grab time-lapse images and assemble them into a video. [Tommy]’s work is just the glue between two other things: an app that turns the phone into an IP camera with a web server on the local network, and the ability to grab a still image from that server on demand.

The app he uses for his iPhone normally serves video but has an undocumented feature that allows single frames to be downloaded by adding ‘/photo’ to the end of the URL, but the ability to get a still image is a common feature on IP camera apps for smartphones. His capture script (GitHub repository here) should therefore need only minor changes to work with just about any IP camera app.

Perching a phone over a workspace and using it to create a time-lapse with a couple of shell scripts is a great example of combining simple tools to get better functionality. It could be a good way to get additional use out of an older smartphone, too. Heck, even older dumbphones can still get some use out of them; Shmoocon 2017 brought us details on rolling your own 1G network.

Scratchy Brings Digital Clarity To The Vinyl World

April 1, 2017 by 18 Comments

If you walk the halls of audiophilia, you may be aware that there has been a huge amount of work put in to software designed to clean up older audio recordings without compromising the quality of the recording itself. Sometimes the results can be amazing, such as when a stereo image is created from parallel mono recordings made before stereo was even a glint in the eye of a 1930s EMI engineer.

Bob Widlar on analogue versus digital. Original: EDN
[Bob Widlar] on analogue versus digital. Original: EDN.
But what if you are at home, without the benefit of a state-of-the-art studio or high-end digital signal processing? How can you then have pop and crackle free sound from your hi-fi when you put on a piece of vinyl? [Paul Wallace] may just have the answer, he’s made a smartphone app called Scratchy which listens to the output of a turntable, identifies the track being played, and plays the appropriate MP3 file for a digital experience from vinyl. It uses the algorithm published by Shazam to recognize tunes. The software also has a learn mode during which it can be taught about new records in the collection. The app itself is written using the Xamarin framework and has its source code in his GitHup repository, so it’s possible it could be produced for other platforms as well as Android.

Now vinyl purists will be speechless with horror at this wanton desecration of their format while audiophiles will be fuming at the smeary-in-the-midrange MP3s, but we can see its appeal if your vinyl is on the grubby side. It’s fair to say though that the stereo here won’t be sporting it, you’ll tear our analogue signal path from our cold dead hands. Take a look for yourselves, he’s put up a video showing it in operation.

Continue reading “Scratchy Brings Digital Clarity To The Vinyl World”

Open Your Garage Door With Your Smartphone

January 31, 2017 by 42 Comments

The eternal enemy of [James Puderer]’s pockets is anything that isn’t his smartphone. When the apartment building he resides in added a garage door, the forces of evil gained another ally in the form of a garage door opener. So, he dealt with the insult by rigging up a Raspberry Pi to act as a relay between the opener and his phone.

The crux of the setup is Firebase Cloud Messaging (FCM) — a Google service that allows messages to be sent to devices that generally have dynamic IP addresses, as well as the capacity to send messages upstream, in this case from [Puderer]’s cell phone to his Raspberry Pi. After whipping up an app — functionally a button widget — that sends the command to open the door over FCM, he set up the Pi in a storage locker near the garage door and was able to fish a cable with both ethernet and power to it. A script running on the Pi triggers the garage door opener when it receives the FCM message and — presto — open sesame.

Continue reading “Open Your Garage Door With Your Smartphone”

Hackaday Prize Entry: Selfie Bot Let’s You Vlog Hands Free

July 8, 2016 by 23 Comments

[Sergey Mironov] sent in his SelfieBot project. His company, Endurance Robots, sells a commercial version of the bot, which leads us to believe that in a strange and maybe brilliant move he decided to just sell the prototype stage of the product development as a kit. Since he also gave away the firmware, STLs, BOM, and made a guide so anyone can build it, we’re not complaining.

The bot is simple enough. Nicely housed hobby servos in a 3D printed case take care of the pan and tilt of the camera. The base of the bot encloses the electronics, which are an Arduino nano, a Bluetooth module, and the support electronics for power and motor driving.

To perform the face tracking, the build assumes you have a second phone. This is silly, but isn’t so unreasonable. Most people who’ve had a smart phone for a few years have a spare one living in a drawer as back-up. One phone runs the face tracking software and points the bot, via Bluetooth, towards the user. The other phone records the video.

The bot is pretty jumpy in the example video, but this can be taken care of with better motors. For a proof-of-concept, it works. A video of it in action after the break.

Continue reading “Hackaday Prize Entry: Selfie Bot Let’s You Vlog Hands Free”

Hackaday Prize Entry: Wirelessly Charged Self-Heating Coffee Mug

May 16, 2016 by 14 Comments

Many productive hackers bleed a dark ochre. The prevailing theory among a certain group of commenters is that they’re full of it, but it’s actually a healthy sign of a low blood content in the healthy hacker’s coffee stream. [Bharath] is among those who enjoy the caffeinated bean juice on a daily basis. However, he’d suffer from a terrible condition known as cold coffee. To combat this, he built an app-enabled, wirelessly chargeable, self-heating coffee mug.

We know that most hackers don’t start off planning to build objects with ridiculous feature lists, it just happens. Is there an alternate Murphy’s law for this? Any feature that can be added will? The project started off as some low ohm resistors attached to a rechargeable power bank. A insulated flask with a removable inner stainless steel lining was chosen. The resistors were fixed to the outside with a thermal epoxy.

However, how do we control the resistors? We don’t want to burn through our battery right away (which could end up more literally than one would like), so [Bharath] added a Linkit One microcontroller from Seeed Studio. With all this power at his disposal, it was natural to add Bluetooth, a temperature sensor, and app control to the cup.

After getting it all together, he realized that while the insides were perfectly isolated from the liquids held in the flask under normal use, the hole he’d have to cut to connect to the charging circuit would provide an unacceptable ingress point for water. To combat this he added the wireless charging functionality.

With his flask in hand, we’re sure the mood boost from not having to slog through the dregs of a cold container of coffee will produce a measureable improvement in productivity. Video after the break.

Continue reading “Hackaday Prize Entry: Wirelessly Charged Self-Heating Coffee Mug”