Gadgets

Hacking TiVO, PS2, Palm, GPRS, or your riding bikes

Access vulnerability on Android tablet

I made my first ever “Black Friday” purchase last week.  Staples (for those outside North America, this is a “big box” office supplies store with a large computer and tech section) had a door-crasher special of a Digital2 brand 7″ tablet, running Android 4.1, marked down from $250 to $70.  We had to go past a Staples on an errand, so I stopped in and got it.

I don’t quite regret getting it: particular at that price it is probably worth it.  I may do a review of its shortcomings at some point.  (Low memory, poor storage management, slow performance, limited battery, incompatible with some apps, poor file management options, many functions irregular.)  However, I came across something this morning that indicates a weakness.

One of the oddities is that there is no indication of charging or battery unless the tablet is on.  So, while charging, I had the tablet on to check the battery level.  The indicator icons are on the lower right of the screen on this model, and, in order to get more details on the charge, I touched that area.  But I had forgotten to unlock the device.

Lo and behold, it brought up the quick indicator list anyway, and, along with it, the notifications.  Prodding at this, I found that I couldn’t get into the settings menu proper, but I could access any of the notification messages.  And, once into any of those apps I had full access.

(This sounds similar to a number of lock-screen vulnerabilities that I’ve heard of on various Android and iOS versions and devices, but it seemed to be simpler and more direct than most.)

(Photo) Copyist’s error?

Students of the classics and ancient documents are used to checking for copyist errors, but a photocopier?

And, of course, you can’t trust the machine to check the copy against the original, since it will probably make the same mistake every time.

Actually, with absolutely everything in the world going digital, this type of problem is becoming inevitable, and endemic.  Analogue systems have problems, but digital systems are subject to catastrophic collapse.

Why can’t my laptop figure out what time zone I’m in, like my cell phone does?

We got new cell phones (mobiles, for you non-North Americans) recently.  In the time since we last bought phones they have added lots of new features, like texting, cameras, email and Google Maps.

This, plus the fact that I am away on a trip right now, and Gloria has to calculate what time it is for me when we communicate (exacerbated by the fact that I never change the time zone on the laptops to local time), prompted her to ask the question above.  (She knows that I have an NTP client that updates the time on a regular basis.  She’s even got the associated clocks, on her desktop, in pink.)

Cell phones, of course, have to know where they are (or, at least, the cellular system has to know where they are) very precisely, so they can be told, by the nearest cell tower, what time it is (or, at least, what time it is for that tower).

Computers, however, have no way of knowing where they are, I explained.  And then realized that I had made an untrue statement.

Computers can find out (or somebody can find out) where a specific computer is when they are on the net.  (And you have to be on the net to get time updates.)  Some Websites use this (sometimes startlingly accurate) information in a variety of amusing (and sometimes annoying or frightening) ways.  So it is quite possible for a laptop to find out what time zone it is in, when it updates the time.

Well, if it is possible, then, in these days of open source, surely someone has done it.  Except that a quick couple of checks (with AltaVista and Google) didn’t find anything like that.  There does seem to be some interest:

http://stackoverflow.com/questions/8049912/how-can-i-get-the-network-time-from-the-automatic-setting-called-use-netw

and there seems to be an app for an Android phone:

https://play.google.com/store/apps/details?id=ru.org.amip.ClockSync&hl=en

(which seems silly since you can already get that from the phone side), but I couldn’t find an actual client or system for a computer or laptop.

So, any suggestions?

Or, anybody interested in a project?