I totally agree. If I had know the “always on even when explicitly disabled” part when I was planning my purchase, it could well have decided otherwise.
OTOH, I’ve been doing some tests here, and it seems the MC3000 Bluetooth interface won’t allow more than one connection at a time. So a simple solution to that security SNAFU is simply to keep a client connected all the time; it could be the app, but even better is the mc3000ble.py I modded to work as my logger – right now it connects once per minute, gets the data, and disconnects (so I can connect with the app to monitor how the process is going from the other side of my home) but changing it to just keep connected all the time is quite easy, will just have to bring up a web server (easy with Python) and instead of connecting via the app, use a standard browser in the phone
I have basically been doing that. I leave the old Galaxy 6 connected. I have a 10K mAh power bank connected to it. Just charge that occasionally. I use the charger enough that this is more convenient anyway… Though I have never thought of it as a security measure…
Not sure I understand you correctly, but you mean you connect the powerbank to the charger and then the phone to the powerbank (both connections via USB) and then start the app on the phone and let it connect to the charger via Bluetooth and then leave it on, right?
If so, yes that should work to prevent any possible remote battery detonation attacks.
The battery on the S6 has lost capacity. Power bank to the charging port on the S6. BT to MC3000. SO the phone stays connected for far longer than if I just used the phone’s battery. Really just about constantly because I swap and charge power banks as needed.
I think you said that the MC3000 shows up as a BT device when BT is turned off. Can you still connect to it when BT is turned off?
I mean I can see a situation where the radio might be on, but the MC3000 would not accept connections. I suppose I could just try it myself… I can say that here. About 40 feet away through a couple of drywall walls. My phones and tablets cannot even see the MC3000 with BT turned on. From outside maybe 15 feet away through an exterior brick wall, I cannot see the MC3000 with any device I tried. In fact with the old S6, I have to be in the same room to maintain the connection.
Just to clarify, I don’t have the official app, the connection is coming from a general purpose BLE proberator. It might be that the device connects but won’t comply with instructions. I’ll try to ask my partner to install the app and test things out later.
App connects, charger ignores commands and provides no feedback so at least there’s that. It’s still a shitty way of doing things- BT off should mean BT is off. I’m tempted to go in and remove or destroy the BT module to be honest.
Thanks for checking!! So it appears that it does not turn off the radio, the switch only tells the Mc3000 not to use it. Which may be enough. But I agree… off should mean OFF !!
Thanks for the further clarifications and testing @Mandrake50 and @m03da.
I’m not entirely sure about BT being on and just being ignored… at the very least it’s announcing itself to the world, so a roaming attacker will scan it and perhaps be prepared for the time you do turn it on.
Anyway, when the time comes to mod mine, it should be relatively simple to just put a switch between the VCC and the BT module so as to de-energize it when not in use – that should take care of any and all issues.
I’m pretty sure the behavior @m03da described is more of a bug than a feature… would be interesting to hear what SkyRC has to say, but they will probably label it as WONTFIX.
The point being, I would want bluetooth on, but not “accepts connections and commands from absolutely anyone within range, no matter who” - it should only accept connections from devices the user has explicitly paired, needing physical access to pair.
I wouldn’t accept a keyboard or speaker that let anyone use it unauthenticated, and would return it as defective. A highly configurable battery charger can easily be used to deliberately start a fire…
Nice. Put it on github when you’re done
Maybe I’d get one, put it on a smart socket, then if something else grabs the bluetooth connection, I could have the monitoring program cut the power to it.
They have to upgrade software for a bug.
I know there aren’t new firmware version so we need new charger with color touch screen, 26800, bluetooth with password😬
I’m waiting this new charger for years
Exactly. But Bluetooth access on the MC3000 (like, alas, its USB “PC Link” access) seems “bolted on”, not engineered-in as it should: it’s just sits there “open to the world”, doesn’t use any pairing or encryption.
I have the impression the BT module was just connected to one of the central MCU serial ports, and the person responsible for that integration just programmed the BT module in the simplest possible way, as a “pass-through” from the app to that serial port.
That (and more) would OFC be trivial to fix if we just had the source code for the MC3000 firmware… which unfortunately SkyRC doesn’t publish.
Thanks! the only reason I didn’t put it up yet (nor sent a PR to its author) it’s because it’s a real mess right now – I’ve been reverse-engineering the app (more successfully than the firmware, fortunately) to try and incorporate more functionality into mc3000ble.py than simple monitoring, so the program is full of debugging code, “dead” commented-out blocks that didn’t work out (the charger refusing commands that from my reverse engineering it ought to have accepted), etc.
If you want to take a peek and promise not to curse me too much I can put the current WIP somewhere and PM you a link.
Maybe I’d get one, put it on a smart socket, then if something else grabs the bluetooth connection, I could have the monitoring program cut the power to it.
That’s a great idea! I use a couple of these guys for a lot of stuff here, with the tasmota firmware it’s just about perfect: Sonoff Pow R2 - Tasmota, the plug can be turned off with just a simple curl
And it would be trivial to incorporate a “call this external command when you loose the Bluetooth link”.
Will incorporate that idea as soon as I finish my current mod (which is to incorporate sending an entire program to each slot, and the webserver to monitor the operation without having to depend on the app).
I sporadically saw the warning, thinking it’s being updated and the warning shows for a bit whenever Bromite lags behind upstream Chromium, i.e. whenever there’s a new release of Chromium that hasn’t yet been inclued in Bromite but I’ve checked now and sure enough, it’s quite a bit more than one version! Thanks for bringing this up!
I can put the current WIP somewhere and PM you a link.