Related
Open your car with your Windows Mobile device ?
It's not impossible!
I'm looking for information on this topic especially on
MERCEDES BENZ cars.
I'm a proud owner of an IR locking/unlocking MB C-class
and would like the convenience of opening and closing
my car with my cell-phone.
In the past (with my old MB E-class, including one of the first IR opening keys, in which the ignition was still started with a proper key) I was able to do this
stunt with something called a Pocket PC without cell phone capabilities.
I simply downloaded an IR sending/receiving program and was able to open and
close my car with it. However keep in mind that the algorithm wasn't really innovative and the 'coding' that the key/car did was not very elaborate.
Now with my w203 model, I get the feeling that it would be a bit more complicated to adapt such a key into my cell phone.
So I am looking for a developer who could, together with me, make such a software that would receive several lock/unlock codes via IR from the key-remote and find the 'pattern' in order to specifically program the remote to resemble the key.
I was thinking of maybe even making a little app out of it and suggest the marketing of it for a little ammount - like 5 $ for a full-licence.
Of course we would offer the app free of charge to all the beta-testers on xda-developers.
I hereby declare that I had this idea on the 8th of August 2010 at 14:25 CET.
P.S.: There is some services out there - like the mbrace service that offer similar options. Yet, I don't want users to pay 100ths of $ for a simple unlocking service. I think that this basic (and impressive to geeks and girls) function should be free or for a small fee.
Ad
I'd also like to add a thing:
Unlocking cars equipped with transmission other than IR would obviously rather be a large problem, which couldn't be fixed easily. Since those ways of transmission are based on other bands (radio band for instance) and on frequencies our mobiles do not support. This can - in my opinion - be only fixed by installing a prepaid phone tweaked to trigger the car opening system when called or send a specific sms or data package to unlock.
If someone can draw a circuit, please do
As a licenced ham radio opperator i can tell you that the merc dont lock unlock with ir at all its on a tumbler radio frequency way above the frequencys a mobile phone can reach and due to the tumbler it picks a random frequency every time so could not be done via a phone/pda also merc have a patern on the unlocking equipment, then imagine an unlocker thats via a hackable program ....... how long before folk have got it unlocking cars that dont belong to them.... could be fun,if you a car thief. but there is easyer options ,as some hamradio equipment definatly unlock/locks some cars not all ..
WRONG. it's not on a random feequency each time. it's a rolling code which is all placed in the same frequency but it has a frequency that's definetly not IR.
It works sometimes.
Hem radio is fun!
A friend of mine in the U.S. is a hem radio operator too.
However I must disagree with you partially.
You are certainly right, that some (especially the newer) models of MB, DO NOT use IR as a means of communication between car and key. So a solution as suggested in my second post would be suitable.
HOWEVER I know (because I have one and I did IT) that it is possible in older models, as they have an IR based key/door opening system. That's why there is a little block (usually on the drivers side) on the handle of the door. That's where the IR device on the car is located.
As I said ... with my old Pocket PC it was a piece of cake to read out the code from the IR Key with WinRemote application and open up the car with the Pocket PC. (We're talking about a MB 1995 E 200 Diesel)
UPDATE: Such IR keys ... according to some key-programming websites were used between 1997 and 2005 in cars without the keyless go option.
http://phandroid.com/2012/07/26/hac...ble/?utm_medium=referral&utm_source=pulsenews
Sent from my HTC One XL using xda app-developers app
good read good thing i keep my nfc off all the time
Can anyone confirm that the radio is actually off when NFC is unchecked in settings?
Sent from my HTC One XL using xda app-developers app
This vulnerability affects very few users. Furthermore, those users that it does affect must have their phone's screen turned on for the vulnerability to be exploited. Surely if you have your screen on, you'd be aware of any foul play from third parties; why are you worried?
Screen has to be on and it has to be VERY close or near (hence the n in nfc)
Sent from my Nocturnal HOX
JamesR913 said:
Screen has to be on and it has to be VERY close or near (hence the n in nfc)
Sent from my Nocturnal HOX
Click to expand...
Click to collapse
Screen on, device unlocked *and* within a few cm of this device (this is the NFC antenna portion of the device, not just anywhere on the device).
I'm rather interested in how exactly this could be done. Though I reckon it could potentially be dangerous to publicly release that info, I could call it a case of "it's not a bug, it's a feature" and do pretty useful things with it. I'm thinking along the lines of making the phone connect to wifi, which without such hacks is only possible if the phone that scans it has one from a number of NFC apps installed. Pre-installing that app too just so you can log into wifi at someone's house kind of eliminates the purpose of using NFC to login in the first place.
If you programmed a NFC tag with a url that contained embedded javascript (or escaped characters that would later unescape to javascript) *and* the browser interpreted them instead of ignoring them or invalidating the whole url... maybe. But it's a big 'if'.
Most new-ish browsers now disallow Javascript in URLs. The other main attack vector would be a trusted site with reflected XSS vulnerability (ie, a site that renders URL-encoded parameters into the rendered page, like a 404 page that displays the requested URL within the error message), but it's more likely that an attacker would just host his own page since the URL target of a NFC tag is opaque until read, anyway.
The main thing: don't allow NFC to launch the browser without previewing the URL's value, and don't preview the url's value in any container that can be induced to interpret its content as HTML.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
Well, if it is possible to make someone connect to wifi using javascript, then it might be interesting to put a small website online with just that bit of javascript. I could then put a hyperlink to that page in the NFC tag. Would still require internet access, but it would use a lot less data to work that way (the normal way is installing an app first, which costs way more data) and it would also be faster and require less actions. From the user's view, it is a lot more elegant. This would mean you don't have to inject the javascript directly into the url and run the risk of the url being blocked by the browser.
Bad side is that you will in all likelyhood practically be putting your wifi password on the internet. That might be a major security issue.
That is assuming it is possible to make devices connect to wlan using javascript, which I understand from your post it is, though I can't find out any information on this.
What do you think about this theory?
It depends mainly upon how Android handles NFC events. If it fires an intent that relays the NFC tag's content to a handler that blindly fires it off as another intent, or blindly opens it in a browser window... well... there's a good chance that Bad Things(tm) will eventually happen somehow. If Android makes at least half an attempt to sanitize the NFC-read content, and doesn't have any command-injection vulnerabilities along the way, it'll probably be OK.
I'm still reading up on Android's specific implementation of it. Much of what I wrote above is actually based on naive handling of QR-encoded URLs.
Speaking in the abstract, the worst thing I can imagine an end user doing today is downloading (or writing) cobbled-together handler with no sanity-checking or sanitizing that registers itself as a listener for NFC events, gets the user to make it the official handler, then does something completely stupid, like reading the String straight from the tag and using it to blindly construct a new Intent and fire it off. The thought of someone doing that gives me chills.
what if someone where to place a chip near a pay-pass location while using google wallet? what then?
A 'chip' ? Basically nothing, except possible denial-of-service due to interference (you can't read two tags simultaneously).
There's nothing magic about NFC. At the end of the day, it's basically a low-ceremony moderate-speed serial link that allows parasitic powering of low-cost radio+eeprom modules in the form of tags. It's what you and the software make of it.
NFC payments are no more or less inherently secure than online paypal purchases encrypted with SSL. In the grand scheme of things, the actual data transfer is usually the *least* of your problems, compared to how the data is stored on your end & handled on the other end.
Would you ever allow your PC to indiscriminately send $10 via Paypal to anybody who manages to plug in a flash drive for 7 seconds? Then don't run a payment client that automatically satisfies any payment request you literally wave in front of it without at least requiring some form of affirmative confirmation & approval from you.
Can a badly-implemented NFC app be cloned or impersonated? Sure. And so can your Visa card, if you hand it to the waiter & he swipes it through his own capture device when you aren't looking. That's why you never, ever want to agree to TOS that leave you on the hook for basically unlimited charges.
NFC payments backed by Visa or Mastercard are a wonderful thing. If somebody defrauds you, you fill out a form, file a police report if necessary, and maybe pay $50 if you have bad credit & your issuer feels like they can screw you as a subprime customer. Otherwise, that's the end of it, unless the bank can prove you committed fraud or engaged in wantonly reckless and unfathomably stupid behavior.
NFC payments backed by my checking account, and no daily hard purchase limit like $50? No. Way. In. HELL. I had a debit card stolen 10 years ago. By the time the bank contacted me, my account was overdrawn by almost $5,000. For almost a week, I couldn't even cash a check from my parents, because it would have just gotten absorbed by the overdraft. I spent 2 days just fighting with the bank to get the ongoing $29+ overdraft fees (for legit expenses autopaid after the thief overdrew my account) waived (after they finally credited the fraudulent charges back to me, ~2 weeks after it happened, and I was able to argue that they wouldn't have *been* overdrafts if the bank had done its job and noticed charges for stores and things I've never bought in my life). The truth is, it's *very* hard to unwind and fix a checking account catastrophe.
So, in summary:
* wave my phone over a sensor to blindly pay $3 and board a subway train that's going to depart without me in 17 seconds if I don't run like a mofo up the escalator, paid from a fund that gets topped off $25 at a time, at most twice per week? Sure.
* wave my phone over a vending machine that requires a pin code the first time I do it at a new location, is backed by a credit card, and maxes out at $10/day? Sure.
* ditto SPECIFICALLY for Taco Bell.
Bigger charges? Ask me, and make me explicitly authorize them after demonstrating my knowledge of a passphrase.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
NFC is absolutely insecure. It was discussed by Steve Gibson of GRC on last week's (Oct 3rd) podcast of Security Now.
http://twit.tv/show/security-now/372
It was discussed by him, and if you read the whole thing, he basically said exactly what I did. NFC itself is security-neutral. It's a slow short-range wireless serial port.
If someone wrote a proof-of-concept app that ran on your PC, monitored COM1 at 9600-8-N-1 & responded to "transfer://amt=100&acct=123456789" by blindly transferring $100 to account #123456789 without even asking for confirmation, would you declare that serial ports are "totally insecure", too?
NFC is a hardware capability. Nothing less, nothing more. Software can use it for good *or* mischief. Include a compensating control that requires physical affirmation of intent, and legal controls to limit your total liability, and its use for payment is no worse than a prepaid transit card. Security isn't a thing, it's a process with layers of things, some of which WILL occasionally fail.
Remember, if a mugger marches you up to an ATM with a gun in your back, the bank isn't going to refund your withdrawal, either.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
bitbang3r said:
Remember, if a mugger marches you up to an ATM with a gun in your back, the bank isn't going to refund your withdrawal, either.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
Click to expand...
Click to collapse
WOW that sucks. My bank would. Sucks to be you.
Sent from my squirrel.
Just wondering if anyone had any thoughts regarding the New York Times article from yesterday about the spyware built into the firmware on Blu phones. They mentioned in the article that the company also provides services for Huawei, "According to its website, Adups provides software to two of the largest cellphone manufacturers in the world, ZTE and Huawei. Both are based in China." NYT (possible paywall)
I'm generally not super paranoid about privacy with my Android phones, I let Google track me etc. However, I realize that corporate espionage is a real issue, and my phone gets emails and calendar notifications for my work as well as my personal accounts. Given that the watch has the ability to directly connect to wifi (and therefore communication to the greater internets isn't necessarily limited to how the phone interacts with the watch) I am rather concerned that the watch may also have some "phone home" type of spyware along the lines of what was found in the Blu phones.
Only way I can really think of to test this would be to get a wireshark off a dedicated wireless network that the watch and a test phone would be connected to for an extended period of time and sift thru the traffic... Anyone have any better ideas? I'm hesitant to crack open the watch and physically disable the wifi feature for fear of damaging the watch permanently or disabling functionality leveraged by the new version of android wear coming in the near future.
I'm paranoid about my privacy but I think sending data to China is the same as sending data to NSA, especially when I'm not American. So one company(?) knows one thing, another the other and they don't share their data with each other so no one really knows everything about me. Unless they somehow get all the data, I don't mind one more company(?) to know. If they all agreed not to spy I would be happy.
I know, I know...but I love this phone.
I am planning a trip in March and was looking for some advice. I am happy to powerdown the phone completely during the flight.
Has anyone successfully flown with the phone...either in their carry on or in their checked baggage?
Thanks,
"The U.S. Department of Transportation (DOT), with the Federal Aviation Administration (FAA) and the Pipeline and Hazardous Materials Safety Administration (PHMSA), today announced it is issuing an emergency order to ban all Samsung Galaxy Note7 smartphone devices from air transportation in the United States. Individuals who own or possess a Samsung Galaxy Note7 device may not transport the device on their person, in carry-on baggage, or in checked baggage on flights to, from, or within the United States. This prohibition includes all Samsung Galaxy Note7 devices. The phones also cannot be shipped as air cargo."
Quoted from https://www.transportation.gov/briefing-room/dot-bans-all-samsung-galaxy-note7-phones-airplanes
I definitely share in the frustration of not being able to travel with it. I'd just like to say that the panic and fear mongering worked and caused a massive knee-jerk reaction which led to a over reaction (in my opinion). That said, the damage is done and now even legislation has been passed. Do not put yourself in the situation where you could get in a LOT of trouble! Think about it before you risk it; you'll be on the "news" for certain lol ...but really, if they catch you, the trouble you could find yourself in would be life changing. Activate another phone for your trip, leave the Note at home and take a DSLR camera for the pictures that you would have been able to take with the note! I want to 'risk' it so badly; however, knowing that it could cost me dearly (financially, public perception, and the effects on my loved ones even). ....it may be nothing, but it may be EVERYTHING.
I may have taken mine on Delta and Southwest flights just before Christmas with no issues. They aren't looking for them, and I'm not getting on the plane advertising it. If they were to ask, my response was to be... "What? My Note 5?"
I just read that Galaxy S9 will be able to measure blood pressure through sensor near the back camera. Anyone know some more about it? How accurate it can be? Will it be available to some other apps than My BP Lab?
Reasonably accurate. The tech has been around for a while. It's not accurate enough for medical professionals to use it yet, but should give you a round enough figure for fitness tracking. I expect it will be enough to tell you if you are reasonably high or low, but not as precise as the automated cuffs you can get at the pharmacy. Basically the same level as you get from the HRM sensor - good enough to tell you if there's a problem.
Has anyone tried this yet? I haven't found the function yet on my S9, Shealth only opts for an ability to log it from an actual measuring device. The phone itself doesn't seem to be able to.
Yes, it is in the SHealth app. And it seems quite ok. I have around 56 bpm, which is ok. After a bit of activity it said 89 bpm, I have the Exynos version
doza102 said:
Yes, it is in the SHealth app. And it seems quite ok. I have around 56 bpm, which is ok. After a bit of activity it said 89 bpm, I have the Exynos version
Click to expand...
Click to collapse
That would be heart rate, not blood pressure.
Now i feel really stupid.... Sorry, my bad
doza102 said:
Now i feel really stupid.... Sorry, my bad
Click to expand...
Click to collapse
Easily done ?
Was looking for the same thing. There will be an app called "my bp lab" which will be available on 15th March on playstore.
https://www.indiatoday.in/technolog...uld-be-life-saving-to-some-1177779-2018-02-26
mix1987 said:
Was looking for the same thing. There will be an app called "my bp lab" which will be available on 15th March on playstore.
https://www.indiatoday.in/technolog...uld-be-life-saving-to-some-1177779-2018-02-26
Click to expand...
Click to collapse
I came across that info as well, it's a shame they didn't integrate the feature into S Health. It would seem like the logical thing to do.
I think they will integrate it when the s9 launches on March the 16th with an stealth update
Word is the app is suppose to be released today on the Play Store (yet to be seen). It will be integrated into SHealth when it is installed. I've seen the apk for download but I don't trust it.
I downloaded the My BP Lab app on my S9+ today, but i cant seem to get it to take my BP level, not sure what i am doing wrong, but i get to a point where it asks me what kind of BP cuff i have, my choices are...
- A&D blood pressure cuff (1200 ultraConnect, UA-1200CNBLE)
- other type of blood pressure cuff
- don't have a blood pressure cuff
not sure what to do here, i have tried the first two options but it doesnt seem to read my BP when i put my finger on the sensor on the back of the S9+.
It's up now: https://play.google.com/store/apps/...earch.bp&rdid=org.sagebionetworks.research.bp
The app doesn't give you an actual blood pressure reading, it just gives a comparison to a baseline. So, no way to really check accuracy at this point.
Illrigger said:
It's up now: https://play.google.com/store/apps/...earch.bp&rdid=org.sagebionetworks.research.bp
The app doesn't give you an actual blood pressure reading, it just gives a comparison to a baseline. So, no way to really check accuracy at this point.
Click to expand...
Click to collapse
yup thats quite sad, although if you look at the screenshots of the app it shows the actual value. Hoping they just integrate it into Shealth.
silentwitness1 said:
yup thats quite sad, although if you look at the screenshots of the app it shows the actual value. Hoping they just integrate it into Shealth.
Click to expand...
Click to collapse
There are pictures out on Twitter from some insiders showing it integrated into SHealth, so it's probably coming with an update eventually. They may wait until after the 3-week study is over to encourage people to use it - I can't blame them for that, the potential of the amount of data they can collect through this is amazing. Potentially millions of people of all ages and health profiles all giving multiple readings per day is a data set that most studies can only dream about.
It's US only for now.
And yes, it DOES give an actual blood pressure figure, not just a percentage form the baseline. But to get that, you first have to take your bloody pressure with a proper device, and input those number. Then take a reading with the phone straight away, so that it can take a baseline.
Check this article:
https://www.phonearena.com/news/We-...o-the-test-as-blood-pressure-monitor_id103241
I'd like to get an app where multiple users can get the bp checked. Unfortunately with the UCSF study app, it's only for one person, and apparently the calibration only works for that one person. Would be nice if they could share that tech with other developers (or other developers use the tech to develop an app with this capability).
gwtx2 said:
Word is the app is suppose to be released today on the Play Store (yet to be seen). It will be integrated into SHealth when it is installed. I've seen the apk for download but I don't trust it.
Click to expand...
Click to collapse
Well it's May 29th and no update yet to Samsung Health for BP - I wouldn't be surprised if Samsung is concerned about any legal ramifications (I've heard that some people like to sue Corporations) lol ?
Ha, until today, I never knew that Samsung Health could take your blood oxygen using the sensor. It's not that accurate though because I had mine checked at the doctor and it was 97 but when I checked it using the sensor in SH it wouldn't get higher than 88. I have found that the BP readings tend to be more accurate when compared to my cuff though.