kozalp
22nd August 2009, 09:39 AM
Hi everyone,
I will be a little paranoid over here so don't take it hard on me =)
I've been using a i-mate k-jam for a long time and switched to touch hd on january. Interestingly the biggest similarity and annoyance for me was the softwares pre-installed to download some sort of data over internet and bugging every week to download new signatures/data and bugging even more if you fail to download.
eTrust found out to be useless and I can't really pinpoint why most handheld GPS devices doesn't really require to update this kind of information (Please correct if I'm wrong).
We might assume the transaction is a simple wget/http download which wouldn't carry any other information to the other party that someone from that IP downloaded something. But if there is a handshaking or at least some kind of a http post is inplace, it could be also sending a unique device idea which would let the guys in Taiwan track our devices our a map.
As I said I'm just being paranoid and making almost a conspiracy theory here but still the possibility exists.
So how can we be sure they are not sending any information out?
We can set up a proxy and mirror incoming traffic from a source ip (phones ip) and dump it with wireshark. Then we will need to define the proxy on our phone and click download.
Is there a wireshark/ethereal kind of packet capture software which can run on these devices? It could ease the job.
Reverse engineering the code? Not experienced in that but It should be quite small when the you think the job it supposed to do.
Any comments, thoughts, help, information - greatly appreciated.
BR, Kaya
I will be a little paranoid over here so don't take it hard on me =)
I've been using a i-mate k-jam for a long time and switched to touch hd on january. Interestingly the biggest similarity and annoyance for me was the softwares pre-installed to download some sort of data over internet and bugging every week to download new signatures/data and bugging even more if you fail to download.
eTrust found out to be useless and I can't really pinpoint why most handheld GPS devices doesn't really require to update this kind of information (Please correct if I'm wrong).
We might assume the transaction is a simple wget/http download which wouldn't carry any other information to the other party that someone from that IP downloaded something. But if there is a handshaking or at least some kind of a http post is inplace, it could be also sending a unique device idea which would let the guys in Taiwan track our devices our a map.
As I said I'm just being paranoid and making almost a conspiracy theory here but still the possibility exists.
So how can we be sure they are not sending any information out?
We can set up a proxy and mirror incoming traffic from a source ip (phones ip) and dump it with wireshark. Then we will need to define the proxy on our phone and click download.
Is there a wireshark/ethereal kind of packet capture software which can run on these devices? It could ease the job.
Reverse engineering the code? Not experienced in that but It should be quite small when the you think the job it supposed to do.
Any comments, thoughts, help, information - greatly appreciated.
BR, Kaya