[HN Gopher] Haven: turn old Android phones into security cameras ___________________________________________________________________ Haven: turn old Android phones into security cameras Author : tosh Score : 224 points Date : 2020-02-23 14:00 UTC (8 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | 3fe9a03ccd14ca5 wrote: | Any idea if this or another project supports rtsp streaming so it | can be integrated into existing security systems? | dansnerd wrote: | Was literally going to do a ShowHN later this week for a side- | project I've been working on that hits roughly the same use- | cases: https://chewcam.com (just finishing up some last minor | bugs). | | Major difference looks to be broad vs narrow feature scope (haven | looks very in-depth, with lots of sensor options, etc), native | app vs browser based, and long-running (security camera) vs | short-lived sessions (hour or two here or there). | | Not sure if its appropriate to tack on-to this thread or if I | should make a separate one, but figured its closely enough | related that someone interested in Haven might be interested in | chewcam as well. | skrebbel wrote: | > Not sure if its appropriate to tack on-to this thread | | Shameless plugs are generally quite appreciated on HN, when | done respectfully at least. A large percentage of people here | are either entrepreneurs or wantrepreneurs, so understand the | struggle. | | Good luck with Chewcam! | tehlike wrote: | Can you contact me? Email is on profile. Not on the same use | case, but similar niche - home surveillance. | dr_kiszonka wrote: | I like the project, but have a slightly different use case. I | am describing it in case you were up for adding features to | your project or if you could point me towards something that | would help me. | | My grandmother has dementia. We would like to install two | cameras in her apartment; one in the hallway and another one in | the kitchen to check if she got out of bed, took her meds, make | sure she doesn't let strangers in, and doesn't wander out of | her apartment. Cameras such as Ring and Nest would be ideal, | but we can't afford them. If your app allowed us to both stream | the video continously and store it for at least 48h for up $5 a | month, we would use sign up instantly. | stevenicr wrote: | Two Wyze cams for $50 - solved. No monthly fee, has some AI | stuff that boxes around heads / people.. has android app | notifications, remote viewing.. | | Have a location that uses one of these on the inside plugged | into a battery backup and a blinkxt wireless cam on the | outside (can put these anywhere / wireless ) that needs fresh | l-ion batteries every couple months. | | no monthly fees, text alerts, apps with real time and | recordings of what happened earlier / yesterday.. | | no idea where the data is sent for these for their cloud, but | the Wyze also has on board sd card for secondary backup | data.. | | or how long they will last or the cloud will do the video for | free basically.. my samsung indoor cam lasted about 3 years | before it bricked and these a replacing that.. at that price | if they last that long it works for me. | lil1t wrote: | It might be an option to connect the cameras to some computer | (like an older laptop) via a USB extension cable and record | the video locally, while using VNC, TeamViewer or some other | remote desktop software to connect to that computer to view | both the stream and the records when needed. No need for a | cloud solution that way. | samstave wrote: | You should talk to robert zmrzli, a google engineer and | friend how also made wellnuo.com which is an active sensor | system for tracking exactly this use case. If your email is | in profile ill email intro you guys | pengaru wrote: | FWIW I've setup Raspberry Pi W cameras [0] as security and | garage door opener (w/relay on GPIO) cameras for | friends/family, using MotionEye [1] as the interface. | | I just use a cheap VPS like Vultr [2] to terminate persistent | ssh tunnels from the cameras and run a self-signed https | gateway into them. It's under $5/mo for the cheapest VPS | option. | | It's a bit of work to get it set up, but nothing crazy hard | if you know your way around something resembling a LAMP stack | and ssh tunnels. There's no third parties integrated so you | control the data and have a lot fewer privacy/safety concerns | in general. | | If there's no wifi available, at&t offers mobile hotspot | prepay service for as low as $25/mo. | | [0] https://www.adafruit.com/product/3414 | | [1] https://github.com/ccrisan/motioneye | | [2] https://www.vultr.com/ | andrewshadura wrote: | I'd recommend to use tinc instead of ssh tunnels. | jzawodn wrote: | Second that. Tinc is great for this. | pengaru wrote: | I've been relying on the command= syntax of | .authorized_keys to restrict what's possible, but I'm not | 100% confident in that being impervious to intrusion | should someone get access to the on-camera SSH tunnel | private keys. | | Wireguard is somewhere on my mental todo list for | possible replacement of these tunnels, but they do the | job and SSH is going to be listening either way to admin | the VPS. | StavrosK wrote: | Has anyone used this for a long time? I wonder how the camera | (and phone in general) will deal with being on 24/7. | andrewshadura wrote: | I tried using some similar app with HTC Desire X, it would | become hot and eventually powercycle. | NullPrefix wrote: | As opposed to only the microphone and location tracking being | on 24/7? | StavrosK wrote: | Yes, I guess? | Firerouge wrote: | I haven't used a camera on a device 24/7, but I have used | multiple tablets as a camera monitor for months on end. | | What I've found is, as long as it's reasonably modern | supporting fast charging, the device has no problem staying | on with full screen brightness. | | Some older devices can drain their batteries quicker than | their chargers work however | mister_hn wrote: | I appreciate such softwares and possibilities, but I would not | recommend using an old smartphone: continuously charging its | battery represents a huge risk, history just reminds us about | battery explosion, detective cables, defective wall chargers. | | If you add also that batteries, when aging, are a real risk, | then, thanks but no. | vbezhenar wrote: | May be there's market for fire-proof smartphone cases? | xfitm3 wrote: | You can buy a fireproof lipo charging bag today | RL_Quine wrote: | It's really a non concern. Realistically if there was a problem | it would present in normal usage when people are charging them | in bed. | | The amount of superstition about lithium batteries is crazy, | given how many of them are used in any household on a daily | basis. The battery is functionally not being used if a phone is | plugged in and the battery isn't drained. This misinformation | comes back from when people were using Nickel Cadmium cells | decades ago, those cells _were_ functionally continuously | charged because it caused absolutely no harm to them. | tjoff wrote: | Two major differences: | | The battery will be charged to 100% constantly. | | The battery will be much older and has worse capacity than | most consider even usable. | RL_Quine wrote: | > The battery will be charged to 100% constantly. | | So? That's a non-statement as far as safety goes. It's as | relevant as the color of my shirt, or the current date, or | the state of the moon. | officialjunk wrote: | remove the battery and leave it plugged in | NullPrefix wrote: | Would expect this to work only if by plugging in you mean | plugging in 3.7V to where the battery's terminals were. | | Can't recall succeeding to boot an Android phone with USB | charger and no battery. | gambiting wrote: | Nexus One works fine without a battery, but that's an | absolutely ancient phone by any standard. | nitrogen wrote: | The battery also has a built-in charge controller to | prevent overcharging, and if the capacity is significantly | lower, shouldn't the risk of that stored energy being | released also be lower since there's less energy stored? | RL_Quine wrote: | The phone has an on board charger. The battery itself has | its own controller which will disconnect the battery from | the charger if it goes over voltage, under voltage, or | over temperature. | | The "percentage charge" of a lithium cell isn't really | any measure of its safety. Even at 0% charge the cells | can still auto ignite, there's an incredible amount of | energy in them when they're considered to be empty. | geggam wrote: | I have left old phones plugged in because I used them with | wifi in the workshop. More than once I had to quit using a | certain phone because the bulging battery started getting | hot. | | Granted they were 5+ years old but its there. | danielh wrote: | The difference is that a phone might get hot when the camera | is running 24/7 and CPU load is high, e.g. due to motion | detection. | | To add some anecdata: I had an old iPhone (IIRC a 4s) running | as security cam for about 6 weeks. When I returned, the case | was cracked due to a swollen battery. | gambiting wrote: | ....and? I imagine the phone shut down and literally | nothing happened? Batteries are kind of designed to do that | in case of cell failure, actual fires are incredibly rare. | tjoff wrote: | If only batteries were still easily removable... | | I'm currently integrating (project is on pause but one day!) an | android tablet into an old car. And the battery was a | dealbreaker. | | So I've removed the battery and added an resistor to trick it | into booting anyway. Only problem is that android think the | battery is dead so it won't perform system updates unless I | first charge it. Which I guess is fine in this case since the | tablet is out of support anyway. | cellular wrote: | I wish phones would work with no battery when plugged in. | What resistor value, and where did you place the resistor to | be able to boot without a battery? | tjoff wrote: | Don't remember, if you are lucky there are guides for this | for your particular device. | | If I remember correctly there are four terminals, aside | from power one of them might be battery temperature which I | think is mandatory. I measured the resistance on the | original and mimicked it. Basically hardcoding the | temperature since I don't have a battery. But I could be | very wrong on this. Google it first! | RL_Quine wrote: | If you've ever wondered why cellphones don't work without a | battery present at all, even when plugged in, it's because | they're used as a capacitor effectively for the cellphone | radio. The peak currents of those can exceed several amps | momentarily so you need to have quite a lot of power on hand | (even exceeding the charger) for times when you want to | transmit. The amount of total energy being used from the cell | is close to nothing however. | | I'm surprised yours works at all, it must be fairly marginal. | tjoff wrote: | All I can say is that it isn't an uncommon operation to do. | | I have stress-tested it a bit and know that it won't be a | problem for me, certainly not for the music and navigation | I will be using it for. Also as far as radios go only | wifi+bluetooth. | winrid wrote: | You can get a $20 Android phone with a camera and removable | battery nowadays. | yyyk wrote: | Camera, removable battery and X% chance of having a | preinstalled rootkit (e.g. [0]). It's better to pay a bit | more in order to have peace of mind. | | [0] https://arstechnica.com/information- | technology/2016/11/power... | mrandish wrote: | Not a problem if you plan to wipe and root the phone | yourself. | _underfl0w_ wrote: | Looks like that could be mitigated by just flashing a new | firmware. LineageOS (formerly CyanogenMod) has a long | list of supported devices these days. Booting something | more open source seems like a good idea for a long- | running security camera app, as opposed to closed-source | stock Android builds. | yyyk wrote: | LineageOS is great, but I doubt it supports many $20 | phones. Porting is done by volunteers - people who buy | cheap phones are unlikely to make the effort. | | Also, in theory a rootkit could go into the embedded | firmware or use a closed source kernel module. In | fairness, that's not a big threat yet - cheap devices | tend to get cheap rootkits... | DyslexicAtheist wrote: | when haven was first in the news I found a T-Mobile store in my | city that had several android devices on display which had an | Internet connection and allowed downloads so I installed Haven on | them and set them up to send notifications to my phone. | | good times. | movedx wrote: | Haha! | | How did it go? How long did it last? Were you able to watch the | store remotely? | Craighead wrote: | Hows that system doing now? | e12e wrote: | > Note that it is not necessary to install the Signal app on the | device that runs Haven. Doing so may invalidate the app's | previous Signal registration and safety numbers. Haven uses | normal APIs to communicate via Signal. | | Hm, I wasn't aware there was a way to do authenticated e2e | encrypted signal messaging without a phone number? If there's an | Api, then any third party app can send signal messages now? | | I can't seem to find anything related to this at signal.org - | what am I missing here? | StavrosK wrote: | As far as I know, you need a phone number. I think they mean | that if you install Signal, it'll invalidate Haven's key. | RL_Quine wrote: | Right. Haven has its own registration, if you register the | number again it won't be able to use its own keys anymore. | RL_Quine wrote: | Signal doesn't support messaging without any number, no. You | can interact with it programmatically though if you give it a | dummy number (even twilio, etc work fine). I personally have a | REST endpoint running on a server that has its own number just | to be able to get notifications and so forth from my server | when I need it. | | I wrote the software with the intention of allowing it to be | used as a Twilio-like service, but I'm not sure how much | utility anybody else would get from it. The messages from the | source to the API obviously aren't protected, so the only use | case it has is convenience rather than security. The lack of a | signal implementation in a sane language (I'm interacting with | signal-cli, which is a wrapper around the Java one) makes this | a lot more difficult to just drop into other random tools | unfortunately. I might just end up releasing that service as an | open source tool if other people find it as something they'd | want to be using for their own purposes. | | Signal also has some pretty heavy rate limiting on things like | numbers which are annoying to hit because things just tend to | break. They don't have any other way of preventing spam and | crawling of the service though, so I completely understand it. | [deleted] | paulcarroty wrote: | Old phones can be used as security "microphone" too, heard people | use such nets for woods security - the sound of pile can be | easily detected. | ck2 wrote: | Reminds me there is a reddit thread on how airbnb has a | department that just deals with hidden camera reports because | there are so many. | | So this can be for great good or great evil (there's another app | to sweep for hidden cameras and look for IR reflection but that's | obviously imperfect and for another thread). | roamerz wrote: | This is great. If you use this app on a spare android phone for | vehicle security be careful because in the city where I live if | someone sees a phone in your vehicle- and many people are | looking- they will break your window and steal it. So maybe don't | put it in plain sight or disguise it as something else. | ipnon wrote: | Which city do you live in? | mrandish wrote: | Not the OP but I know that in San Francisco smash and grab | car break-ins have been at epidemic levels for a while and it | doesn't require having anything visible. It's simply that the | large number of urban tech workers increases the odds that | any reasonably nice, recent model-year vehicle will have a | high-end phone, tablet or laptop hidden within. | | I parked my car overnight in a large, well-lit city-owned | structure with cameras and live attendants 24/7. I parked | right under a light, near the elevator/stairs in a higher | traffic area and it still got a window smashed by someone | despite nothing being visible. Nothing was stolen because | there was nothing to steal but still annoying to file | insurance and get repaired. | | I know people that have reinforced metal lockboxes installed | in the back of their SUVs to secure their laptop bag. Most | people just take their laptop backpack everywhere but bag- | grabs are increasingly common and even more scary than car | break-ins. One guy I know who lives and works in downtown SF | doesn't have a car because he can walk just about everywhere | he regularly goes in the city. Last year he stopped taking | his laptop anywhere in SF and doesn't carry a backpack | anymore. He now just keeps a system at home and an identical | system at work. | dman wrote: | Didnt realize things had become so bad, will keep in mind | when I visit. | crystaldev wrote: | It isn't that bad. | mrandish wrote: | Yes, these and related issues combined with the insanely | high cost of living are causing a lot of people I know to | leave (or plan to soon leave) the bay area to work | remotely. People have lost hope things are going to | improve because the policies the local government enacts | to 'help' fix things keep triggering second-order | consequences that make things even worse. | | I don't live there anymore but used to like visiting | quite often. Now I avoid it whenever I can which is sad. | samstave wrote: | Not only that these are at high levels the city is | exploring a program to pay (using taxpayer dollars) for | window replacements for such victims, which is both right | and wrong at the same time... | mrandish wrote: | Wow. I hadn't heard that. It sounds like a plan only a | politician entirely unfamiliar with the concept | "unintended second-order effects" could possibly like. | notyourwork wrote: | Any of them seriously. Seattle, San Francisco, New York would | all have this problem. | telesilla wrote: | Which city would you expect you could leave a phone in the | car _without_ it being stolen? | saagarjha wrote: | Smaller, more suburban ones? | samoa42 wrote: | makes one appreciate being a euro. i dont even lock my car | ... | cerberusss wrote: | I live in Europe (the Netherlands) and I most definitely | empty my car. I've had two smashed windows, my dad has | had one, and besides, it's all uninsured: the insurance | companies do not consider the trunk of your locked car a | "safe place for valuables". | wenc wrote: | Which city in Europe? | [deleted] | samoa42 wrote: | srsly? consider relocating (to a smaller town) | salex89 wrote: | I really like the idea. However, I wanted to use it last summer | and really had mixed results, and it was a Nexus 5, which is no | slouch of a phone. I hope the detection and reporting (via | Signal) has improved over time. | steveeq1 wrote: | Does anyone know any open source security software that uses AI | to search for a particular event? ie: "only notify me when "X" | person enters the room, but not my dog"? | wizzwizz4 wrote: | You wouldn't need AI; just bias the motion detection system to | focus on human midriff and not dog head height. | steveeq1 wrote: | I used an arbitrary example. let's say my roommate comes in | and I don't want it to give a "false alarm" (another | arbitrary example) | stevenicr wrote: | I believe the https://www.netatmo.com/en-gb/security does on- | device AI that recognizes different people, and lets you use an | app to tap into and tell it sames (or other ids) of friendlys | to ignore. - Notify if new person is detected that has not been | labeled as 'supposed to be here usually' | | Last I looked into this you can have this avoid cloud data | processing completely, so it's private and smart. | | Haven't started using it yet, so can't give review and more | details yet. | yyyk wrote: | A friend uses an old phone as a power outage detector. The phone | is constantly charged but is set to automatically notify once | it's below (IIRC) 97% charge. If a blackout occurs, the battery | would drain and the phone would notify. It's not an accurate | measurement, but works well in practice. | Enginerrrd wrote: | Surely there's a system call that tells whether or not the | phone is charging? | saagarjha wrote: | There is: https://developer.android.com/training/monitoring- | device-sta... | yyyk wrote: | There must be, but my friend chose an almost out of the box | solution using an app from the Play Store, and the app only | supported alerts per charge level. | efreak wrote: | 3c toolbox might possibly be able to do this more flexibly; | it allows running shell scripts in scheduled tasks and | "watchers" (run hard on device status). Shell script can | _probably_ be used to send a text message. | pg_is_a_butt wrote: | Charging stops when the battery is full... pesky explosions. | OrgNet wrote: | not all old phones are created equal... some consume more power | then the charger can provide (they can't run continuously in that | case). | | But I do have a bunch of security footage that I don't want to | watch and I'm looking for software that can extract images from | the video that contain people | FreeHugs wrote: | Would love to see something like this but simpler: | | A simple open source Android app that I can connect to my WiFi | and then connect to from the outside so I can see what is going | on in my premises. | | So it should just wait for a connect from the outisde and when I | connect (via a browser) it turns on the camera and streams the | video. | | The app code should be as short as possible, so I can read and | compile it myself. So I can trust it. | shezi wrote: | There are several baby monitor apps that do something like | this. I don't know if any of them are open source. | | The keyword is baby monitor, that's what this functionality is | marketed as. | j1elo wrote: | That wouldn't make much sense, the point of these apps is to do | security surveillance (sort of), if you had to consciously | connect from time to time to see what happens in your premises | and review that everything is OK, you would do so the first two | days, then would forget about it. Like doing backups by hand. | | What you want is a baby monitor with video. | FreeHugs wrote: | you would do so the first two days, then would forget | about it | | If that happens: MISSION FUCKING ACCOMPLISHED! | | Because the whole point is to make me stop worrying about my | home when I am away. | j1elo wrote: | Really then just power off the device and there you go, | zero worries :) | | Now really, I've had a look and it seems there are a | variety of cloud baby monitor apps, that would allow for | the occasional check. | bobbychairs wrote: | Aren't you running a graat security risk when you run this on old | devices that often don't receive security updates? | Thriptic wrote: | Put it on a private VLAN (eg guest Network that can't be | reached from main network), pull the Sim card, uninstall all | non-essential software, turn off all non-essential services. | Mister_Snuggles wrote: | This is good advice for any sort of camera system, not just a | repurposed phone. | | I do this for my cameras, there's too much risk associated | with them phoning home to set them up any other way. | stevehawk wrote: | EVERYONE SHOUlD PUT ALL IO(S)T* DEVICES ON A PRIVATE VLAN :-D | | * "internet of shitty things" | saagarjha wrote: | No, that doesn't work. Everyone knows the S in IOT stands | for security. | leoedin wrote: | No security updates means potential for exploits, not | definitely exploited. If you don't open yourself up to exploits | by using the browser or untrusted apps, you're pretty unlikely | to be compromised even with an older phone. | beenBoutIT wrote: | If this concept gets popular enough eventually the majority | of users will start using the same old model Android | phone(Nexus 5, etc.). That's when all of the unpatched | vulnerabilities will become a serious problem that's | difficult to fix. | jdnenej wrote: | It's not difficult to fix. It's just that corporations want | you to throw out and buy a new phone every year. This is | what happens when you let the same company make the | software and the hardware. | [deleted] | craftyguy wrote: | That's absolutely not true, e.g.: | | https://insinuator.net/2020/02/critical-bluetooth- | vulnerabil... | | There was another one regarding the wifi chip used in many | popular phones a few months ago. ___________________________________________________________________ (page generated 2020-02-23 23:00 UTC)