Possible Spyware On Samsung Phones

January 9, 2020 by Bryan Cockfield 118 Comments

[Editor’s note: There’s an ongoing back-and-forth about this “spyware” right now. We haven’t personally looked into it on any phones, and decoded Wireshark caps of what the cleaner software sends home seem to be lacking — it could be innocuous. We’re leaving our original text as-run below, but you might want to take this with a grain of salt until further evidence comes out. Or keep us all up to date in the comments. But be wary of jumping to quick conclusions.]

Samsung may have the highest-end options for hardware if you want an Android smartphone, but that hasn’t stopped them from making some questionable decisions on the software they sometimes load on it. Often these phones come with “default” apps that can’t be removed through ordinary means, or can’t even be disabled, and the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.

This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint, which are discussed in the post.

These revelations came about recently on Reddit from [kchaxcer] who made the original claims. It seems to be fairly legitimate at this point as well, and another user named [GeorgePB] was able to provide a temporary solution/workaround in the comments on the original post. It’s an interesting problem that probably shouldn’t exist on any phone, let alone a flagship phone competing with various iPhones, but it does highlight some security concerns we should all have with our daily use devices when we can’t control the software on the hardware that we supposedly own. There are some alternatives though if you are interested in open-source phones.

Thanks to [kickaxe] for the tip!

Photo from Pang Kakit [CC BY-SA 3.0 DE (https://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]

See You On The Dark Side Of The Moon: China’s Lunar Radio Observatory

December 23, 2019 by Dan Maloney 6 Comments

For nearly as long as there has been radio, there have been antennas trained on the sky, looking at the universe in a different light than traditional astronomy. Radio astronomers have used their sensitive equipment to study the Sun, the planets, distant galaxies, and strange objects from the very edge of the universe, like pulsars and quasars. Even the earliest moments of the universe have been explored, a portrait in microwave radiation of the remnants of the Big Bang.

And yet with all these observations, there’s a substantial slice of the radio spectrum that remains largely a mystery to radio astronomers. Thanks to our planet’s ionosphere, most of the signals below 30 MHz aren’t observable by ground-based radio telescopes. But now, thanks to an opportunity afforded by China’s ambitious lunar exploration program, humanity is now listening to more of what the universe is saying, and it’s doing so from a new vantage point: the far side of the moon.

Continue reading “See You On The Dark Side Of The Moon: China’s Lunar Radio Observatory” →

The $5 FPGA

November 3, 2019 by Al Williams 60 Comments

You ever wonder exactly what’s inside that cheap stuff you get from China? Sometimes it is cheap parts you’ve never heard about. Case in point: if you are willing to import, you can score an FPGA board for about $5. The downside? You’ve probably never heard of the GOWIN Semi GW1N — one of the Little Bee FPGAs — that’s onboard.

There is some English documentation which leaves room for interpretation and you’ll have to use their IDE. Then again, it might be a fun puzzle to get one of these working. Looks like Seeed has them available for $4.90.

According to the Wiki, the onboard chip is GW1N-LV1QN48C6/I5, equipped with 1152 LUT4 logic resources, 1 PLL and a total of 72Kbit SRAM. The development board brings out all I/O interfaces. There’s also 64 Mbits of PSRAM. The board also has an RGB interface for a display, a 24 MHz clock, and the USB programming/debugging interface.

We didn’t try it, but the development tool looks to be available for Windows or Linux. Browsing through the wiki gives the impression it is usable, although probably simple — which could be an advantage compared to some other tool suites.

Worth a try? The Lattice chips are not that expensive and are well supported by open source tools. Then again, people want to try the very cheap (under a dime) CPU that is in a lot of products. So why not FPGAs, too?

MIT Mini Cheetah Made And Improved In China

October 19, 2019 by Gerrit Coetzee 21 Comments

We nearly passed over this tip from [xoxu] which was just a few links to some AliExpress pages. However, when we dug a bit into the pages we found something pretty surprising. Somewhere out there in the wild we…east of China there’s a company not only reverse engineering the Mini Cheetah, but improving it too.

We cover a lot of Mini Cheetah projects; it’s a small robot that can do a back-flip after all. When compared to the servo quadruped of not so many years ago it’s definitely exciting magic. Many of the projects go into detail about the control boards and motor modifications required to build a Mini Cheetah of your own. So we were especially interested to discover that this AliExpress seller has gone through the trouble of not just reverse engineering the design, but also improving on it. Claiming their motors are thinner and more dust resistant than what they’ve seen from MIT.

To be honest, we’re not sure what we’re looking at. It’s kind of cool that we live in a world where a video of a research project and some papers can turn into a $12k robot you can buy right now. Let us know what you think after the break.

The Price Of Domestic Just In Time Manufacturing

September 29, 2019 by Kerry Scharfglass 37 Comments

Hardware is hard, manufacturing only happens in China, accurate pricing is a dark art. Facts which are Known To Be True. And all things which can be hard to conquer as an independent hardware company, especially if you want to subvert the tropes. You may have heard of [Spencer Wright] via his superb mailing list The Prepared, but he has also been selling an unusual FM radio as Centerline Labs for a few years. Two years ago they relaunched their product, and last year the price was bumped up by a third. Why? Well, the answer involves more than just a hand wave about tariffs.

The Public Radio is a single-station FM radio in a mason jar. It’s a seemingly simple single purpose hardware product. No big mechanical assemblies, no complex packaging, not even any tangential accessories to include. In some sense it’s an archetypically atomic hardware product. So what changed? A normal product is manufactured in bulk, tested and packaged, then stored in a warehouse ready to ship. But TPR is factory programmed to a specific radio station, so unless Centerline wanted one SKU for each possible radio station (there are 300) this doesn’t work. The solution was domestic (US) just in time manufacturing. When a customer hits the buy button, a unit is programmed, tested, packed, and shipped.

As with any business, there is a lot more to things than that! The post gives the reader a fascinating look at all the math related to Centerline Labs’ pricing and expenses; in other words, what makes the business tick (or not) including discussion of the pricing tradeoffs between manufacturing different components in Asia. I won’t spoil the logical path that led to the pricing change, go check out the post for more detail on every part.

We love hearing about the cottage hardware world. Got any stories? Drop them in the comments!

Chinese Radio Telescope Hopes To Find Exoplanets FAST

September 28, 2019 by Al Williams 21 Comments

People who enjoy radio are constantly struggling to find a place to erect a bigger and better antenna. Of course it’s a different story and the most hardcore end of the spectrum: radio astronomers. The Chinese are ready to open up a new radio telescope called FAST (Five-hundred-meter Aperture Spherical Radio Telescope). As the name implies, it is 500 meters in diameter which is about 1,600 feet — that five and a half American football fields or about four and half of the other kind of football field.

The new telescope will be the largest single-dish observatory in the world and will offer about twice the area of the next-largest single-dish instrument at Arecibo. The project is in a very remote location, presumably to reduce the level of local radio interference — it’s hard to find radio quiet zones in heavily populated areas.

Scientists hope the huge antenna will help solve the mystery of fast radio bursts and may even study exoplanets. In fact, earlier this year, the instrument detected hundreds of fast radio bursts from a source, many of which were too faint to be heard by lesser antennas. There are also plans to examine pulsars in an attempt to discover ripples in space-time. The location in the Dawodang depression of the Guizhou province uses about 4,400 panels and 2,000 mechanical winches to focus radio energy.

Other telescopes that use multiple dishes have more resolution and, in fact, FAST adds 3 dozen 5 meter commercial dishes to get an increase in resolution of 100 times. Of course, you could build your own, although to get up to 500 meters might be a stretch. If your backyard isn’t that big, you can build a tiny radio telescope too.

Manufacturing In China Hack Chat

July 8, 2019 by Dan Maloney 5 Comments

Join us on Wednesday 10 July 2019 at noon Pacific for the Manufacturing in China Hack Chat with Jesse Vincent!

It started out where many great stories start: as a procrastination project. Open source developer Jesse Vincent decided that messing around with a new keyboard design was a better thing to spend time on than whatever he was supposed to be doing, and thus Keyboardio was born.

Their heirloom-grade keyboards of solid maple and with sculpted keycaps are unique to the eye and to the touch, but that’s only part of the Keyboardio story. Jesse has moved further down the road of turning a project into a product and a product into a company than most of us have, and he’s got some insights about what it takes. Particularly in climbing the learning curve of off-shore manufacturing, which will be the focus of this Hack Chat. Join us to learn all about the perils, pitfalls, and potential rewards of getting your Next Big Idea manufactured in China.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday July 10 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.