General > General Technical Chat
China spying using common car battery monitor?
<< < (5/7) > >>
SiliconWizard:

--- Quote from: Siwastaja on June 01, 2023, 11:21:48 am --->Android app requires location permissions to work.

I don't think it counts as spying. If I understood correctly, Android literally and explicitly asks user's permission for location data, and people willingly click "yes", so what's the issue?

--- End quote ---

Uh, the issue is that the app won't work without it, so whether users are AWARE of it (or even asked about it) or not matters only if users are willing NOT to use the app.
Otherwise, once granted access to location, the app can do pretty much what it pleases with it.
Not sure I get your point. Obviously it's "spying" only if the app actively tracks and uploads your location, which sure the app is not FORCED to do, but you can bet that many will.

And this whole Bluetooth Android location thing is mind-boggingly stupid. That would be a good reason enough to ditch Android.
haxrob:
Hi all, first time poster on eevblog - really enjoying reading the variety of view points in the discussions in this thread. Thanks for showing in interest in this minor endeavor.  ;D

On the topic of the Bluetooth permissions - with iOS you don't need to hand out all the neighboring (mobile) cell ids, GPS coordinates and wifi network BSSIDs for BLE scanning - and I'm pretty OK with that.

Based on some comments in this thread, it appears there some interest on developing a new application to replace the official version. That's enough to give me motivation to finish reversing this interface. Here is what i've done so far:
https://doubleagent.net/hardware/ble/bluetooth/2023/05/22/a-car-battery-monitor-tracking-your-location-part2.

And the resulting python code to read the voltages from the device over BLE:
https://gist.github.com/x1sec/3af7efdcd3465aac09093081c32ba321

What needs to be implemented next is to be able to obtain archived voltage readings stored in the device's memory for when it isn't paired.

I'll also be tackling the firmware for the SoC at some point. Waiting for the debugger for the Texas Instruments CC2541 to arrive. In the post linked above, I provide a way to pull firmware it uses for OTA updates from their cloud servers. It's bundled in a proprietary format so there is some further reversing work to be done here.

FYI I have reported my findings to Jaycar and and have responded promptly - immediately initiating an investigation on their side.
NiHaoMike:
I think it would be good to add a feature to send tracking with fake data to really show them how much the users hate tracking, of course have it disabled by default so it would be opt in. (What should it be called? I vote "chaffing" after the aerial combat device.)
RJSV:
My doctor's conventional office uses Google enterprise stuff, although I don't recall the exact product name, but has a logo, and I've also seen Google 'Play' involved in the various office interactions.
Radio receivers unavailable retail now, so you get a choice of some crippled podcast that has horrible drop-outs, and, YouTube style advertisements have been creeping in, starting May 2023.
   If you get tired of the seemingly crippled podcast you MUST get the APP.
After all, you never did PAY for that (free) radio show.  Congress, early in the days of radio broadcasting, specifically placed measures to ensure a decent flow of info traffic to the public, meaning that a large part of that intent was to avoid the whole 'gouging' or exploitation of listener by way of excessive charges.

   Many of the medical office situations involve staff that certainly are tone-deaf to this whole discussion, saying things like "What's the big deal, you sign up, get the APP,...and then you can access all your (private medical data!  Convenient !"

   You might then ask "How did Google get my private medical data?"...
By reading it, in the WEB Portal App.
Funny thing, I just realized, the host of those APPs has your private data, but if you haven't signed up, you don't have access; they have more of your stuff than you do, in that case !
mendip_discovery:

--- Quote from: Infraviolet on June 01, 2023, 05:18:36 pm ---"20 years ago blocking stuff from the internet was easy but now it's a nightmare."
A virtual machine perhaps, isolate not-entirely trustworthy programs within it? Then cut off internet access from/to that VM in VirtualBox/VMWare's settings. The programs would run slower, but with modern hadware usually not even enough to be noticeable.

--- End quote ---

Back then not every program had a reason to phone home but now everything needs the internet to check you have a current subscription, updates checks and cloud stuff. Back in the 2000s, I remember running ZoneAlarm so you allow individual programs access to the internet and turn it off later. It did help cut down on your 56k dial-up grinding to a halt just because something was calling home to report your recent usage.

On a phone, it's a nightmare. I recently had to install an app so I could connect to a boroscope that uses WiFi. While in use it's fairly safe as I have to connect to the WiFi of the camera unit so its not connected to the outside world, but I don't like having the app on my phone.



--- Quote --- You might then ask "How did Google get my private medical data?"...
--- End quote ---

I remember with a charity someone suggested we make a list of all the members and put pins on a map to see the coverage we had. Then someone pointed out that this is a big risk with the DPA as Google will harvest the names and the postcodes for these people and add them to the collective. They even stated sending URLs to development web pages via Google can cause the crawlbot to know of it and crawl it shortly afterwards exposing your work to the rest of the world. I did think this was paranoia but I was assured it was true and given the job the person saying it had, there was a good chance he had actually read the terms and conditions for things.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod