[HN Gopher] Haven: turn old Android phones into security cameras
___________________________________________________________________
Haven: turn old Android phones into security cameras
Author : tosh
Score : 224 points
Date : 2020-02-23 14:00 UTC (8 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| 3fe9a03ccd14ca5 wrote:
| Any idea if this or another project supports rtsp streaming so it
| can be integrated into existing security systems?
| dansnerd wrote:
| Was literally going to do a ShowHN later this week for a side-
| project I've been working on that hits roughly the same use-
| cases: https://chewcam.com (just finishing up some last minor
| bugs).
|
| Major difference looks to be broad vs narrow feature scope (haven
| looks very in-depth, with lots of sensor options, etc), native
| app vs browser based, and long-running (security camera) vs
| short-lived sessions (hour or two here or there).
|
| Not sure if its appropriate to tack on-to this thread or if I
| should make a separate one, but figured its closely enough
| related that someone interested in Haven might be interested in
| chewcam as well.
| skrebbel wrote:
| > Not sure if its appropriate to tack on-to this thread
|
| Shameless plugs are generally quite appreciated on HN, when
| done respectfully at least. A large percentage of people here
| are either entrepreneurs or wantrepreneurs, so understand the
| struggle.
|
| Good luck with Chewcam!
| tehlike wrote:
| Can you contact me? Email is on profile. Not on the same use
| case, but similar niche - home surveillance.
| dr_kiszonka wrote:
| I like the project, but have a slightly different use case. I
| am describing it in case you were up for adding features to
| your project or if you could point me towards something that
| would help me.
|
| My grandmother has dementia. We would like to install two
| cameras in her apartment; one in the hallway and another one in
| the kitchen to check if she got out of bed, took her meds, make
| sure she doesn't let strangers in, and doesn't wander out of
| her apartment. Cameras such as Ring and Nest would be ideal,
| but we can't afford them. If your app allowed us to both stream
| the video continously and store it for at least 48h for up $5 a
| month, we would use sign up instantly.
| stevenicr wrote:
| Two Wyze cams for $50 - solved. No monthly fee, has some AI
| stuff that boxes around heads / people.. has android app
| notifications, remote viewing..
|
| Have a location that uses one of these on the inside plugged
| into a battery backup and a blinkxt wireless cam on the
| outside (can put these anywhere / wireless ) that needs fresh
| l-ion batteries every couple months.
|
| no monthly fees, text alerts, apps with real time and
| recordings of what happened earlier / yesterday..
|
| no idea where the data is sent for these for their cloud, but
| the Wyze also has on board sd card for secondary backup
| data..
|
| or how long they will last or the cloud will do the video for
| free basically.. my samsung indoor cam lasted about 3 years
| before it bricked and these a replacing that.. at that price
| if they last that long it works for me.
| lil1t wrote:
| It might be an option to connect the cameras to some computer
| (like an older laptop) via a USB extension cable and record
| the video locally, while using VNC, TeamViewer or some other
| remote desktop software to connect to that computer to view
| both the stream and the records when needed. No need for a
| cloud solution that way.
| samstave wrote:
| You should talk to robert zmrzli, a google engineer and
| friend how also made wellnuo.com which is an active sensor
| system for tracking exactly this use case. If your email is
| in profile ill email intro you guys
| pengaru wrote:
| FWIW I've setup Raspberry Pi W cameras [0] as security and
| garage door opener (w/relay on GPIO) cameras for
| friends/family, using MotionEye [1] as the interface.
|
| I just use a cheap VPS like Vultr [2] to terminate persistent
| ssh tunnels from the cameras and run a self-signed https
| gateway into them. It's under $5/mo for the cheapest VPS
| option.
|
| It's a bit of work to get it set up, but nothing crazy hard
| if you know your way around something resembling a LAMP stack
| and ssh tunnels. There's no third parties integrated so you
| control the data and have a lot fewer privacy/safety concerns
| in general.
|
| If there's no wifi available, at&t offers mobile hotspot
| prepay service for as low as $25/mo.
|
| [0] https://www.adafruit.com/product/3414
|
| [1] https://github.com/ccrisan/motioneye
|
| [2] https://www.vultr.com/
| andrewshadura wrote:
| I'd recommend to use tinc instead of ssh tunnels.
| jzawodn wrote:
| Second that. Tinc is great for this.
| pengaru wrote:
| I've been relying on the command= syntax of
| .authorized_keys to restrict what's possible, but I'm not
| 100% confident in that being impervious to intrusion
| should someone get access to the on-camera SSH tunnel
| private keys.
|
| Wireguard is somewhere on my mental todo list for
| possible replacement of these tunnels, but they do the
| job and SSH is going to be listening either way to admin
| the VPS.
| StavrosK wrote:
| Has anyone used this for a long time? I wonder how the camera
| (and phone in general) will deal with being on 24/7.
| andrewshadura wrote:
| I tried using some similar app with HTC Desire X, it would
| become hot and eventually powercycle.
| NullPrefix wrote:
| As opposed to only the microphone and location tracking being
| on 24/7?
| StavrosK wrote:
| Yes, I guess?
| Firerouge wrote:
| I haven't used a camera on a device 24/7, but I have used
| multiple tablets as a camera monitor for months on end.
|
| What I've found is, as long as it's reasonably modern
| supporting fast charging, the device has no problem staying
| on with full screen brightness.
|
| Some older devices can drain their batteries quicker than
| their chargers work however
| mister_hn wrote:
| I appreciate such softwares and possibilities, but I would not
| recommend using an old smartphone: continuously charging its
| battery represents a huge risk, history just reminds us about
| battery explosion, detective cables, defective wall chargers.
|
| If you add also that batteries, when aging, are a real risk,
| then, thanks but no.
| vbezhenar wrote:
| May be there's market for fire-proof smartphone cases?
| xfitm3 wrote:
| You can buy a fireproof lipo charging bag today
| RL_Quine wrote:
| It's really a non concern. Realistically if there was a problem
| it would present in normal usage when people are charging them
| in bed.
|
| The amount of superstition about lithium batteries is crazy,
| given how many of them are used in any household on a daily
| basis. The battery is functionally not being used if a phone is
| plugged in and the battery isn't drained. This misinformation
| comes back from when people were using Nickel Cadmium cells
| decades ago, those cells _were_ functionally continuously
| charged because it caused absolutely no harm to them.
| tjoff wrote:
| Two major differences:
|
| The battery will be charged to 100% constantly.
|
| The battery will be much older and has worse capacity than
| most consider even usable.
| RL_Quine wrote:
| > The battery will be charged to 100% constantly.
|
| So? That's a non-statement as far as safety goes. It's as
| relevant as the color of my shirt, or the current date, or
| the state of the moon.
| officialjunk wrote:
| remove the battery and leave it plugged in
| NullPrefix wrote:
| Would expect this to work only if by plugging in you mean
| plugging in 3.7V to where the battery's terminals were.
|
| Can't recall succeeding to boot an Android phone with USB
| charger and no battery.
| gambiting wrote:
| Nexus One works fine without a battery, but that's an
| absolutely ancient phone by any standard.
| nitrogen wrote:
| The battery also has a built-in charge controller to
| prevent overcharging, and if the capacity is significantly
| lower, shouldn't the risk of that stored energy being
| released also be lower since there's less energy stored?
| RL_Quine wrote:
| The phone has an on board charger. The battery itself has
| its own controller which will disconnect the battery from
| the charger if it goes over voltage, under voltage, or
| over temperature.
|
| The "percentage charge" of a lithium cell isn't really
| any measure of its safety. Even at 0% charge the cells
| can still auto ignite, there's an incredible amount of
| energy in them when they're considered to be empty.
| geggam wrote:
| I have left old phones plugged in because I used them with
| wifi in the workshop. More than once I had to quit using a
| certain phone because the bulging battery started getting
| hot.
|
| Granted they were 5+ years old but its there.
| danielh wrote:
| The difference is that a phone might get hot when the camera
| is running 24/7 and CPU load is high, e.g. due to motion
| detection.
|
| To add some anecdata: I had an old iPhone (IIRC a 4s) running
| as security cam for about 6 weeks. When I returned, the case
| was cracked due to a swollen battery.
| gambiting wrote:
| ....and? I imagine the phone shut down and literally
| nothing happened? Batteries are kind of designed to do that
| in case of cell failure, actual fires are incredibly rare.
| tjoff wrote:
| If only batteries were still easily removable...
|
| I'm currently integrating (project is on pause but one day!) an
| android tablet into an old car. And the battery was a
| dealbreaker.
|
| So I've removed the battery and added an resistor to trick it
| into booting anyway. Only problem is that android think the
| battery is dead so it won't perform system updates unless I
| first charge it. Which I guess is fine in this case since the
| tablet is out of support anyway.
| cellular wrote:
| I wish phones would work with no battery when plugged in.
| What resistor value, and where did you place the resistor to
| be able to boot without a battery?
| tjoff wrote:
| Don't remember, if you are lucky there are guides for this
| for your particular device.
|
| If I remember correctly there are four terminals, aside
| from power one of them might be battery temperature which I
| think is mandatory. I measured the resistance on the
| original and mimicked it. Basically hardcoding the
| temperature since I don't have a battery. But I could be
| very wrong on this. Google it first!
| RL_Quine wrote:
| If you've ever wondered why cellphones don't work without a
| battery present at all, even when plugged in, it's because
| they're used as a capacitor effectively for the cellphone
| radio. The peak currents of those can exceed several amps
| momentarily so you need to have quite a lot of power on hand
| (even exceeding the charger) for times when you want to
| transmit. The amount of total energy being used from the cell
| is close to nothing however.
|
| I'm surprised yours works at all, it must be fairly marginal.
| tjoff wrote:
| All I can say is that it isn't an uncommon operation to do.
|
| I have stress-tested it a bit and know that it won't be a
| problem for me, certainly not for the music and navigation
| I will be using it for. Also as far as radios go only
| wifi+bluetooth.
| winrid wrote:
| You can get a $20 Android phone with a camera and removable
| battery nowadays.
| yyyk wrote:
| Camera, removable battery and X% chance of having a
| preinstalled rootkit (e.g. [0]). It's better to pay a bit
| more in order to have peace of mind.
|
| [0] https://arstechnica.com/information-
| technology/2016/11/power...
| mrandish wrote:
| Not a problem if you plan to wipe and root the phone
| yourself.
| _underfl0w_ wrote:
| Looks like that could be mitigated by just flashing a new
| firmware. LineageOS (formerly CyanogenMod) has a long
| list of supported devices these days. Booting something
| more open source seems like a good idea for a long-
| running security camera app, as opposed to closed-source
| stock Android builds.
| yyyk wrote:
| LineageOS is great, but I doubt it supports many $20
| phones. Porting is done by volunteers - people who buy
| cheap phones are unlikely to make the effort.
|
| Also, in theory a rootkit could go into the embedded
| firmware or use a closed source kernel module. In
| fairness, that's not a big threat yet - cheap devices
| tend to get cheap rootkits...
| DyslexicAtheist wrote:
| when haven was first in the news I found a T-Mobile store in my
| city that had several android devices on display which had an
| Internet connection and allowed downloads so I installed Haven on
| them and set them up to send notifications to my phone.
|
| good times.
| movedx wrote:
| Haha!
|
| How did it go? How long did it last? Were you able to watch the
| store remotely?
| Craighead wrote:
| Hows that system doing now?
| e12e wrote:
| > Note that it is not necessary to install the Signal app on the
| device that runs Haven. Doing so may invalidate the app's
| previous Signal registration and safety numbers. Haven uses
| normal APIs to communicate via Signal.
|
| Hm, I wasn't aware there was a way to do authenticated e2e
| encrypted signal messaging without a phone number? If there's an
| Api, then any third party app can send signal messages now?
|
| I can't seem to find anything related to this at signal.org -
| what am I missing here?
| StavrosK wrote:
| As far as I know, you need a phone number. I think they mean
| that if you install Signal, it'll invalidate Haven's key.
| RL_Quine wrote:
| Right. Haven has its own registration, if you register the
| number again it won't be able to use its own keys anymore.
| RL_Quine wrote:
| Signal doesn't support messaging without any number, no. You
| can interact with it programmatically though if you give it a
| dummy number (even twilio, etc work fine). I personally have a
| REST endpoint running on a server that has its own number just
| to be able to get notifications and so forth from my server
| when I need it.
|
| I wrote the software with the intention of allowing it to be
| used as a Twilio-like service, but I'm not sure how much
| utility anybody else would get from it. The messages from the
| source to the API obviously aren't protected, so the only use
| case it has is convenience rather than security. The lack of a
| signal implementation in a sane language (I'm interacting with
| signal-cli, which is a wrapper around the Java one) makes this
| a lot more difficult to just drop into other random tools
| unfortunately. I might just end up releasing that service as an
| open source tool if other people find it as something they'd
| want to be using for their own purposes.
|
| Signal also has some pretty heavy rate limiting on things like
| numbers which are annoying to hit because things just tend to
| break. They don't have any other way of preventing spam and
| crawling of the service though, so I completely understand it.
| [deleted]
| paulcarroty wrote:
| Old phones can be used as security "microphone" too, heard people
| use such nets for woods security - the sound of pile can be
| easily detected.
| ck2 wrote:
| Reminds me there is a reddit thread on how airbnb has a
| department that just deals with hidden camera reports because
| there are so many.
|
| So this can be for great good or great evil (there's another app
| to sweep for hidden cameras and look for IR reflection but that's
| obviously imperfect and for another thread).
| roamerz wrote:
| This is great. If you use this app on a spare android phone for
| vehicle security be careful because in the city where I live if
| someone sees a phone in your vehicle- and many people are
| looking- they will break your window and steal it. So maybe don't
| put it in plain sight or disguise it as something else.
| ipnon wrote:
| Which city do you live in?
| mrandish wrote:
| Not the OP but I know that in San Francisco smash and grab
| car break-ins have been at epidemic levels for a while and it
| doesn't require having anything visible. It's simply that the
| large number of urban tech workers increases the odds that
| any reasonably nice, recent model-year vehicle will have a
| high-end phone, tablet or laptop hidden within.
|
| I parked my car overnight in a large, well-lit city-owned
| structure with cameras and live attendants 24/7. I parked
| right under a light, near the elevator/stairs in a higher
| traffic area and it still got a window smashed by someone
| despite nothing being visible. Nothing was stolen because
| there was nothing to steal but still annoying to file
| insurance and get repaired.
|
| I know people that have reinforced metal lockboxes installed
| in the back of their SUVs to secure their laptop bag. Most
| people just take their laptop backpack everywhere but bag-
| grabs are increasingly common and even more scary than car
| break-ins. One guy I know who lives and works in downtown SF
| doesn't have a car because he can walk just about everywhere
| he regularly goes in the city. Last year he stopped taking
| his laptop anywhere in SF and doesn't carry a backpack
| anymore. He now just keeps a system at home and an identical
| system at work.
| dman wrote:
| Didnt realize things had become so bad, will keep in mind
| when I visit.
| crystaldev wrote:
| It isn't that bad.
| mrandish wrote:
| Yes, these and related issues combined with the insanely
| high cost of living are causing a lot of people I know to
| leave (or plan to soon leave) the bay area to work
| remotely. People have lost hope things are going to
| improve because the policies the local government enacts
| to 'help' fix things keep triggering second-order
| consequences that make things even worse.
|
| I don't live there anymore but used to like visiting
| quite often. Now I avoid it whenever I can which is sad.
| samstave wrote:
| Not only that these are at high levels the city is
| exploring a program to pay (using taxpayer dollars) for
| window replacements for such victims, which is both right
| and wrong at the same time...
| mrandish wrote:
| Wow. I hadn't heard that. It sounds like a plan only a
| politician entirely unfamiliar with the concept
| "unintended second-order effects" could possibly like.
| notyourwork wrote:
| Any of them seriously. Seattle, San Francisco, New York would
| all have this problem.
| telesilla wrote:
| Which city would you expect you could leave a phone in the
| car _without_ it being stolen?
| saagarjha wrote:
| Smaller, more suburban ones?
| samoa42 wrote:
| makes one appreciate being a euro. i dont even lock my car
| ...
| cerberusss wrote:
| I live in Europe (the Netherlands) and I most definitely
| empty my car. I've had two smashed windows, my dad has
| had one, and besides, it's all uninsured: the insurance
| companies do not consider the trunk of your locked car a
| "safe place for valuables".
| wenc wrote:
| Which city in Europe?
| [deleted]
| samoa42 wrote:
| srsly? consider relocating (to a smaller town)
| salex89 wrote:
| I really like the idea. However, I wanted to use it last summer
| and really had mixed results, and it was a Nexus 5, which is no
| slouch of a phone. I hope the detection and reporting (via
| Signal) has improved over time.
| steveeq1 wrote:
| Does anyone know any open source security software that uses AI
| to search for a particular event? ie: "only notify me when "X"
| person enters the room, but not my dog"?
| wizzwizz4 wrote:
| You wouldn't need AI; just bias the motion detection system to
| focus on human midriff and not dog head height.
| steveeq1 wrote:
| I used an arbitrary example. let's say my roommate comes in
| and I don't want it to give a "false alarm" (another
| arbitrary example)
| stevenicr wrote:
| I believe the https://www.netatmo.com/en-gb/security does on-
| device AI that recognizes different people, and lets you use an
| app to tap into and tell it sames (or other ids) of friendlys
| to ignore. - Notify if new person is detected that has not been
| labeled as 'supposed to be here usually'
|
| Last I looked into this you can have this avoid cloud data
| processing completely, so it's private and smart.
|
| Haven't started using it yet, so can't give review and more
| details yet.
| yyyk wrote:
| A friend uses an old phone as a power outage detector. The phone
| is constantly charged but is set to automatically notify once
| it's below (IIRC) 97% charge. If a blackout occurs, the battery
| would drain and the phone would notify. It's not an accurate
| measurement, but works well in practice.
| Enginerrrd wrote:
| Surely there's a system call that tells whether or not the
| phone is charging?
| saagarjha wrote:
| There is: https://developer.android.com/training/monitoring-
| device-sta...
| yyyk wrote:
| There must be, but my friend chose an almost out of the box
| solution using an app from the Play Store, and the app only
| supported alerts per charge level.
| efreak wrote:
| 3c toolbox might possibly be able to do this more flexibly;
| it allows running shell scripts in scheduled tasks and
| "watchers" (run hard on device status). Shell script can
| _probably_ be used to send a text message.
| pg_is_a_butt wrote:
| Charging stops when the battery is full... pesky explosions.
| OrgNet wrote:
| not all old phones are created equal... some consume more power
| then the charger can provide (they can't run continuously in that
| case).
|
| But I do have a bunch of security footage that I don't want to
| watch and I'm looking for software that can extract images from
| the video that contain people
| FreeHugs wrote:
| Would love to see something like this but simpler:
|
| A simple open source Android app that I can connect to my WiFi
| and then connect to from the outside so I can see what is going
| on in my premises.
|
| So it should just wait for a connect from the outisde and when I
| connect (via a browser) it turns on the camera and streams the
| video.
|
| The app code should be as short as possible, so I can read and
| compile it myself. So I can trust it.
| shezi wrote:
| There are several baby monitor apps that do something like
| this. I don't know if any of them are open source.
|
| The keyword is baby monitor, that's what this functionality is
| marketed as.
| j1elo wrote:
| That wouldn't make much sense, the point of these apps is to do
| security surveillance (sort of), if you had to consciously
| connect from time to time to see what happens in your premises
| and review that everything is OK, you would do so the first two
| days, then would forget about it. Like doing backups by hand.
|
| What you want is a baby monitor with video.
| FreeHugs wrote:
| you would do so the first two days, then would forget
| about it
|
| If that happens: MISSION FUCKING ACCOMPLISHED!
|
| Because the whole point is to make me stop worrying about my
| home when I am away.
| j1elo wrote:
| Really then just power off the device and there you go,
| zero worries :)
|
| Now really, I've had a look and it seems there are a
| variety of cloud baby monitor apps, that would allow for
| the occasional check.
| bobbychairs wrote:
| Aren't you running a graat security risk when you run this on old
| devices that often don't receive security updates?
| Thriptic wrote:
| Put it on a private VLAN (eg guest Network that can't be
| reached from main network), pull the Sim card, uninstall all
| non-essential software, turn off all non-essential services.
| Mister_Snuggles wrote:
| This is good advice for any sort of camera system, not just a
| repurposed phone.
|
| I do this for my cameras, there's too much risk associated
| with them phoning home to set them up any other way.
| stevehawk wrote:
| EVERYONE SHOUlD PUT ALL IO(S)T* DEVICES ON A PRIVATE VLAN :-D
|
| * "internet of shitty things"
| saagarjha wrote:
| No, that doesn't work. Everyone knows the S in IOT stands
| for security.
| leoedin wrote:
| No security updates means potential for exploits, not
| definitely exploited. If you don't open yourself up to exploits
| by using the browser or untrusted apps, you're pretty unlikely
| to be compromised even with an older phone.
| beenBoutIT wrote:
| If this concept gets popular enough eventually the majority
| of users will start using the same old model Android
| phone(Nexus 5, etc.). That's when all of the unpatched
| vulnerabilities will become a serious problem that's
| difficult to fix.
| jdnenej wrote:
| It's not difficult to fix. It's just that corporations want
| you to throw out and buy a new phone every year. This is
| what happens when you let the same company make the
| software and the hardware.
| [deleted]
| craftyguy wrote:
| That's absolutely not true, e.g.:
|
| https://insinuator.net/2020/02/critical-bluetooth-
| vulnerabil...
|
| There was another one regarding the wifi chip used in many
| popular phones a few months ago.
___________________________________________________________________
(page generated 2020-02-23 23:00 UTC)