We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
msm1267 (2804139) writes "The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks. Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges. The vulnerability occurs in the way PMS handles updates to the myriad flavors of Android in circulation today. The researchers say PMS improperly vets apps on lower versions of Android that request OS or app privileges that may not exist on the older Android version, but are granted automatically once the system is updated.
The researchers said they found a half-dozen different Pileup flaws within Android's Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said." Handily enough, the original paper is not paywalled.
itwbennett (1594911) writes "Oppo Electronics has taken off the wraps on its first LTE phone, and it packs more technology than most if not all laptops. The Find 7 is a 5.5" phone and is the first to support 2560 x 1440 resolution [538 PPI] (by comparison, the Samsung Galaxy S5 has 441 PPI). 'Another striking and unique feature of the phone is its 2.5GHz quad-core Qualcomm Snapdragon 801 processor,' writes blogger Andy Patrizio. 'This is Qualcomm's first chip to feature its Gobi True 4G LTE World Mode, supporting LTE FDD, LTE TDD, WCDMA, CDMA1x, EV-DO, TD-SCDMA and GSM4. Translation: this phone will work on LTE all over the world.'"
An anonymous reader writes "Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease [original, paywalled paper] by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware."
First time accepted submitter techpolicy (3586897) writes "The big four wireless carriers are spending millions of dollars to hire professors, fund Washington think tanks and to meet with the Federal Communications Commission to try to convince the agency to write rules for an upcoming auction of spectrum that favor them, according to an article posted by the Center for Public Integrity in Washington. The frequencies are needed to bolster or build out their nationwide networks — and this kind of low-band spectrum won't be up for sale for a very long time. The biggest fight is over a rule that would limit how much AT&T and Verizon can get of these valuable frequencies. How it plays out will determine who has control over your smartphone."
itwbennett (1594911) writes "A pair of Google's Project Tango phones, the prototype smartphone packed with sensors so it can learn and sense the world around it, is heading to the International Space Station on the upcoming Orbital 2 mission where they will be used to help develop autonomous flying robots. Work on the robots is already going on at NASA's Ames Research Center in Silicon Valley, and this week the space agency let a small group of reporters visit its lab and see some of the research."
itwbennett (1594911) writes "For the past several months Tor developers have unsuccessfully been trying to convince Apple to remove from its iOS App Store what they believe to be a fake and potentially malicious Tor Browser application. According to subsequent messages on the bug tracker, a complaint was filed with Apple on Dec. 26 with Apple reportedly responding on Jan. 3 saying it would give a chance to the app's developer to defend it. More than two months later, the Tor Browser app created by a developer named Ronen is available still in the App Store. The issue came into the public spotlight Wednesday when people involved in the Tor Project took to Twitter to make their concerns heard. Apple did not respond to IDG News Service's request for comment."
colinneagle writes "In a blog post, Andy Patrizio laments the trend — made more common in the mobile world — of companies pushing software updates ahead without the ability to roll back to previous versions in the event that the user simply doesn't like it. iOS 7.1, for example, has reportedly been killing some users' battery power, and users of the iTunes library app TuneUp will remember how the much-maligned version 3.0 effectively killed the company behind it (new owners have since taken over TuneUp and plans to bring back the older version).
The ability to undo a problematic install should be mandatory, but in too many instances it is not. That's because software developers are always operating under the assumption that the latest version is the greatest version, when it may not be. This is especially true in the smartphone and tablet world. There is no rollback to be had for anything in the iOS and Android worlds. Until the day comes when software developers start releasing perfectly functioning, error-free code, we need the ability to go backwards with all software."
First time accepted submitter fabrica64 writes "The Brazilian government has today started blocking mobile phones not sold in Brazil (Portuguese-language original), i.e. not having paid sales taxes here. The blocking is based on IMEI, and if you come to Brazil for the World Cup in June and think of buying a Brazilian SIM card to call locally at lower rates, then it won't work because your mobile's IMEI will be blacklisted as not sold in Brazil. This is not a joke, it's true!"
concertina226 writes "There's less than a month to go before Samsung launches its new flagship Galaxy S5 smartphone worldwide on 11 April, and the new device has still not gone into mass production due to camera module manufacturing problems. The 16 megapixel camera module consists of six plastic pieces, one more piece than in the existing 13 megapixel camera modules in the Galaxy S4. The problem that Samsung is having is that even though the number of plastic pieces has gone up, the thickness of each piece has remained the same, so in order to fit the new camera module into the Galaxy S5, the lens makers will likely have to develop new technology to make thinner lenses. Not only that, joining six pieces together instead of five for the 13 megapixel camera modules increases the risk of optical faults surfacing at the lens manufacturers' plants dramatically."
coondoggie writes "The Defense Advanced Research Projects Agency (DARPA) has moved along a project it says would use hot-spot enabled drones to bring wireless communications to even the most distant and harsh environments. The project known as Fixed Wireless at a Distance is designed specifically to overcome the challenge inherent with cell communication in remote areas and this week the agency awarded L-3 $16.4 million to support the next iteration of the system."
itwbennett writes "The trouble with Google Voice is that the way we use phones has changed — and it hasn't kept up with the times: 'Fewer people have a mobile phone and a business line and a home line that might make One Number For All so. Text message costs (which are actually close to nothing) are almost always bundled into contract costs. Automatic voice transcription, while still a mean feat, is no longer such a magic trick,' writes Kevin Purdy in a blog post explaining why he's breaking up with Google Voice. The main problem is that, despite some very cool features, Google Voice doesn't play well with others — even apps in its own family. And it doesn't look as though that's going to get better anytime soon." I've been very happy with Google Voice for a few years now, and one reason is the transcribed voice messages, which may get hilariously garbled sometimes, but are almost always correct enough to be useful.
SmartAboutThings writes "The European Union has voted in favor of a draft legislation which lists among the 'essential requirements' of electrical devices approved by the EU a compatibility with 'universal' chargers. According to a German MEP, this move will eliminate 51,000 tonnes of electronic waste. The draft law was approved by an overwhelming majority: 550 votes to 12. At the moment, according to estimates, there are around 30 different types of charger on the market, but manufacturers have two years at their disposal to get ready for the new restriction."
An anonymous reader writes "The laptop has undergone many changes over the past decade. At various times, netbooks, ultrabooks, and Chromebooks have been en vogue. Over the past several months, we've seen signs of the next step in the laptop's evolution: Android/Windows dual-boot laptops. Several companies have built these machines already, including Asus and its upcoming Transformer Book Duet TD300. However, neither Google nor Microsoft seem to want such an unholy marriage of operating systems, and they've both pressured Asus to kill off the dual-boot product lines. Asus has now complied. 'Google has little incentive to approve dual-OS models, since that could help Microsoft move into mobile devices where Android is dominant. ... Microsoft has its own reasons for not wanting to share space on computers with Google, particularly on business-oriented desktop and laptop PCs that could give the Internet giant an entry point into a Microsoft stronghold. Computer makers that make dual-OS machines risk jeopardizing a flow of marketing funds from Microsoft that are an important economic force in the low-margin PC business.'"
hcs_$reboot writes "Masatoshi Son, SoftBank CEO, remembers the early days when he tried to cut a deal with Steve Jobs in order to be the first to offer the not-even-named-iPhone-yet- 'new phone' from Apple, back in 2005. At the time, Son didn't even own a mobile carrier. He then purchased Vodafone, and was indeed the first to sell the iPhone in 2008 (then Au-Kddi in 2011, and DoCoMo in 2013). Today, 75% of smartphones sold in Japan are iPhones."
Nerval's Lobster writes "For years, Microsoft remained adamant about its licensing fees for Windows Phone: if a smartphone manufacturer wanted to include the software on its devices, it would need to pay Microsoft a certain amount per unit. That was a logical strategy for Microsoft, which became a very big company thanks to licensing fees for Windows and other platforms. Unlike some of those other products, however, Windows Phone has struggled for adoption in its marketplace, which is dominated by Apple and Google. In response, suggests the Times of India, Microsoft may have dumped licensing fees for two Indian smartphone makers, Karbonn and Lava (Xolo). Microsoft's biggest rival, Google, gives its Android mobile operating system away for free, a maneuver that helped it gain spectacular market-share in a relatively short amount of time. If Microsoft pursues a similar strategy in different markets, it could encourage more smartphone manufacturers to produce Windows Phone devices, which could increase the platform's market-share—but there are no guarantees that scenario will actually play out. The smartphone market is increasingly saturated, and Microsoft's opponents have no intention of allowing Windows Phone to gain any ground."
gnujoshua writes "Paul Kocialkowski (PaulK), a developer for the Replicant project, a fully free/libre version of Android, wrote a guest blog post for the Free Software Foundation announcing that whlie hacking on the Samsung Galaxy, they "discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a back-door that lets the modem perform remote file I/O operations on the file system." They then replaced the proprietary program with free software.
While it may be a while before we can have a 100% free software microcode/firmware on the the cellular hardware itself, isolating that hardware from the rest of your programming and data is a seemingly important step that we can take right now. At least to the FSF anyhow. What do others think: is a 100% free software mobile device important to you?"
An anonymous reader writes "Developers of the Free Software Foundation-endorsed Replicant OS have uncovered a backdoor through Android on Samsung Galaxy devices and the Nexus S. The research indicates the proprietary Android versions have a blob handling communication with the modem using Samsung's IPC protocol and in turn there's a set of commands that allow the modem to do remote I/O operations on the phone's storage. Replicant's open-source version of Android does away with the Samsung library to fend off the potential backdoor issue."
An anonymous reader sends this quote from OLPC News about whether the One Laptop Per Child project can expect to continue much longer: "Here is a question for you: 8 years on, would you recommend anyone start a new deployment with XO-1 laptops? With the hardware now long past its life expectancy, spare parts hard to find, and zero support from the One Laptop Per Child organization, its time to face reality. The XO-1 laptop is history. Sadly, so is Sugar. Once the flagship of OLPC's creativity in redrawing the human-computer interaction, few are coding for it and new XO variants are mostly Android/Gnome+Fedora dual boots. Finally, OLPC Boston is completely gone. No staff, no consultants, not even a physical office. Nicholas Negroponte long ago moved onto the global literacy X-Prize project." A response from OLPC says their mission is "far from over." They add, "OLPC also has outsourced many of the software and development units because the organization is becoming more hardware and OS agnostic, concentrating on its core values – education."
An anonymous reader writes "Apple and Samsung couldn't agree on a patent cross-license even though their CEOs met recently. What could be the reason (or one of the reasons) is that Apple is asking for obscenely high patent royalties. At the March 31 trial an Apple-hired expert will present to a California jury (already the third jury trial in this dispute) a damages claim of $40 per device (phone or tablet) for just a handful of software patents. The patents are related to, but don't cover all aspects and elements of, functionalities like slide-to-unlock, autocorrect, data synchronization, unified search and the famous tap-on-phone-number-to-dial feature. Google says there are 250,000 patentable inventions in a smartphone. On average, Apple wants $8 per patent per device. That would add a patent licensing bill of $2 million to each gadget. So Apple and Samsung will be back to court again later this month."
New submitter Adam Jorgensen writes "Last week my 4-week old Moto G phone was stolen while getting onto the train at Salt River in Cape Town, South Africa. That in itself is no big deal. Cellphone theft is a huge problem here in South Africa and I've had at least two previous cellphones stolen. The big deal this time, for me at least, was that this was the first time I've lost an Android phone to theft. When I actually sat down and thought about it, losing a fully configured Android phone is actually a big deal as it provides ready access to all kinds of accounts, including ones Google account. This could potentially allow the thief to engage in all kinds of malicious behavior, some of which could have major implications beyond the scope of the theft.
Luckily for me it seems that the thief did the usual thing: Dumped the SIM card, wiped the phone, and switched it off. It's probably had its IMEI changed by now and been sold on to some oblivious punter, possibly some oblivious punter in another country. Still, the potential for serious issue is making me have second thoughts about replacing the phone with anything capable of doing much more than calling. My question is this: Are there any serious solutions out there for Android that secure against theft?"
The Chicago Tribune reports that Yik Yak, a mobile app that can (among other things) be used for anonymous communications, has drawn complaints from several local schools, who are unhappy that students can use it to bully or pester others. "'The problem, as you might imagine, is that the anonymity is empowering certain individuals to post comments about others that are hurtful, harassing and sometimes quite disturbing,' Joseph Ruggiero, head of the Upper School at Francis W. Parker School in the Lincoln Park neighborhood, wrote in an email to parents last week. ... In light of the controversy, Yik Yak's co-founder said the company was disabling the app in the Chicago area and will attempt to specifically prevent it from being used on high school or middle school grounds."
theodp writes "Android is free and open," reiterated Google Android Chief Andy Rubin in 2010 as Microsoft launched Windows Phone 7. Rubin added, 'Competition is good for the consumer and if somebody has an idea for a feature or a piece of functionality in their platform and Android doesn't do it, great. I think it's good to have the benefit of choice, but in the end I don't think the world needs another platform.' But now, CNET and Digitimes report that Google is holding up the Asus Transformer Book Duet TD300 (specs), a laptop-tablet hybrid that can instantly switch between Android and Windows 8.1. A source familiar with the Asus Duet told CNET that Google is the one that has not favored the idea, while Microsoft has not, to date, been actively opposed to the idea. 'If true,' reports Apple Insider, 'it may not be the first time Google has helped to quash such a product.' South Korean electronics giant Samsung quietly canceled plans for its hybrid Ativ Q tablet last year, and Digitimes notes that Asus may not be the only company to bow to Google's wishes."
mattydread23 writes with an opinion piece naming a few reasons Firefox OS is likely to succeed "It's geared toward low-powered hardware in a way that Google doesn't care as much about with Android, it's cheap enough for the pre-paid phones that are much more common than post-paid in developing countries, and most important, there are still 3.5 billion people in the world who have feature phones and for whom this will be an amazing upgrade." I'd push greater commitment to keeping the essential components of the system under FOSS licenses onto the head of that list.
alphadogg writes "Having lots of Wi-Fi networks packed into a condominium or apartment building can hurt everyone's wireless performance, but Stanford University researchers say they've found a way to turn crowding into an advantage. In a dorm on the Stanford campus, they're building a single, dense Wi-Fi infrastructure that each resident can use and manage like their own private network. That means the shared system, called BeHop, can be centrally managed for maximum performance and efficiency while users still assign their own SSIDs, passwords and other settings. The Stanford project is making this happen with inexpensive, consumer-grade access points and SDN (software-defined networking)."
rjmarvin writes "Samsung looks to have found a way around voice commands for smart glasses by projecting an augmented reality keyboard onto users' hands. Galaxy Glass wearers' thumbs are used as input devices, tapping different areas of their fingers where various keys are virtually mapped. According to the August 2013 patent filing with the WIPO and South Korea's Intellectual Property Office, Samsung states that voice controls are too imprecise a technology, which are too heavily impacted by the noise levels of the surrounding environment."
An anonymous reader writes with this excerpt from Help-Net Security (based on the linked Trend Micro report): "Every country's cybercriminal underground market has distinct characteristics, and with 500 million national mobile Internet users and the number continuously rising, the Chinese underground market is awash with cyber crooks buying and selling services and devices aimed at taking advantage of them. Trend Micro's senior threat researchers Lion Gu has been scouring forums, online shops and QQ chats to give us a sense of what is actually going on on this burgeoning mobile underground. Mobile apps that stealthily subscribe users to premium services are, naturally, very popular with cyber crooks in China as in the rest of the world. Premium service numbers can also be bought on underground markets. Network carriers usually assign premium service numbers to qualified service providers, but obviously some of them are not [averse to] selling them on to criminals."
BUL2294 writes "The Chicago Tribune is reporting that, over the next few months in Chicago, Comcast is turning on a feature that turns customer networks into public Wi-Fi hotspots. After a firmware upgrade is installed, 'visitors will use their own Xfinity credentials to sign on, and will not need the homeowner's permission or password to tap into their Wi-Fi signal. The homegrown network will also be available to non-subscribers free for several hours each month, or on a pay-per-use basis. Any outside usage should not affect the speed or security of the home subscriber's private network. [...] Home internet subscribers will automatically participate in the network's growing infrastructure, although a small number have chosen to opt out in other test markets.' The article specifically mentions that this capability is opt-out, so Comcast is relying on home users' property, electricity, and lack of tech-savvy to increase their network footprint." Comcast tried this in the Twin Cities area, and was apparently satisfied with the results, though subscribers are starting to notice.
An anonymous reader writes "Back in 2012, Android accounted for 79 percent of all mobile malware. Last year, that number ballooned even further to 97 percent. Both those data points come from security firm F-Secure, which today released its 40-page Threat Report for the second half of 2013. More specifically, Android malware rose from 238 threats in 2012 to 804 new families and variants in 2013. Apart from Symbian, F-Secure found no new threats for other mobile platforms last year."
alphadogg writes "A second federal bill that proposes 'kill-switch' technology be made mandatory in smartphones as a means to reduce theft of the devices was introduced Monday. The kill switch would allow consumers to remotely wipe and disable a stolen smartphone and is considered by proponents to be a key tool in combating the increasing number of smartphone robberies. The Smartphone Theft Prevention Act was introduced into the U.S. House of Representatives as H.R. 4065 by Jose Serrano, a New York Democrat, as a companion to a Senate bill that was introduced Feb. 13. The two follow a similar law proposed by officials in California last month."
sfcrazy writes "Linux is on a roll. After conquering the smartphone space, Android is now dominating the tablet space. According to a new study by Gartner, 'the tablet growth in 2013 was fueled by the low-end smaller screen tablet market, and first time buyers; this led Android to become the No. 1 tablet operating system (OS), with 62 percent of the market.'" Also, everyone is buying tablets.(~200 million sold in 2013 vs ~115 million in 2012). Microsoft still only has 2% of the tablet market.
An anonymous reader writes "A village in the West Papua central highlands runs a telecom network out of a box latched to a tree. The network runs on open source. 'OpenBTS, an all-software cellular transceiver, is at the heart of the network running on that box attached to a treetop. Someday, if those working with the technology have their way, it could do for mobile networks what TCP/IP and open source did for the Internet. The dream is to help mobile break free from the confines of telephone providers' locked-down spectrum, turning it into a platform for the development of a whole new range of applications that use spectrum "white space" to connect mobile devices of every kind. It could also democratize telecommunications around the world in unexpected ways. ... It is a 2G GSM system with two operating channels (GSM absolute radio-frequency channel numbers, or ARFCNs) in the 900MHz range, putting out 10 watts of signal power from an omnidirectional antenna. That gives the system a range of about five kilometers under ideal conditions, but in reality it averages about a three kilometer range because of vegetation and terrain (1.86 miles to 3.10 miles). The whole system is installed in a weatherproof box up a tree and draws less than 80 watts of power.'"
Bismillah writes "The Vodafone Foundation's Mini Instant Network cellular access site is deployable in ten minutes and can be carried on as hand luggage on commercial airliners. It's only 2G, but hey ..." This reminds me a bit of the Gargoyles in Neal Stephenson's Snow Crash, and useful for more than just emergencies.
itwbennett writes "Who doesn't love free text messages? People who try to transition from an iPhone to any other phone, that's who. Apple's Messages app actively moves conversations away from paid text messages to free Messages. Very convenient until you want to leave your iPhone and switch back to plain old text messages because suddenly you'll be unable to receive text messages from your iPhone-toting friends. There's an obscure workaround, and Samsung, which has a vested interest in the matter, has a lengthy guide to removing your iPhone as a registered receiver of Messages . But the experience is just annoying enough that it might be the kind of thing that would keep someone from making a switch — and that's when it starts to feel like deliberate lock-in, and not so much like something Apple overlooked."
jfruh writes "Steven R. Spriggs was ticketed and fined $165 for violating California's law on cell phone use while operating a motor vehicle, which states that you can only use a phone while driving if you have a hands-free device. But he appealed the judgement, arguing that the law only applied to actually talking on the phone, whereas he had been caught checking his GPS app. Now an appeals court has agreed with him. The law in question was enacted in 2006, before the smartphone boom."
mpicpp writes "It looks thicker than most of the phones you see at Best Buy, but Boeing's first smartphone isn't meant to be used by the average person. The company that's known for its airplanes is joining the smartphone game with the Boeing Black, targeted at people that work in the security and defense industry. One of its security features is self-destructing if it gets into the wrong hands, although not quite in the Mission Impossible sense. According to the company's letter to the FCC, the phone will have screws with a tamper-proof coating, revealing if a person has tried to disassemble it. 'Any attempt to disassemble the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' writes Bruce Olcott, an attorney for Boeing."
An anonymous reader writes "Earlier this week, Google Android chief Sundar Pichai spoke at the Mobile World Congress where he explained, rather bluntly, that Android is designed to be open more so than it's designed to be safe. He also added that if he were a hacker today, he too would focus most of his efforts on Android on account of its marketshare position." Related: wiredmikey writes "Boeing is launching 'Boeing Black phone,' a self-destructing Android-based smartphone that the company says has no serviceable parts, and any attempted servicing or replacing of parts would destroy the product. 'Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,' the company explained. ... The device should not be confused with the new encrypted Blackphone, developed by the U.S. secure communications firm Silent Circle with Spanish manufacturer Geeksphone."
harrymcc writes "Google is releasing more details on Project Ara, its effort — originally spearheaded by Motorola — to reinvent the smartphone in a form made up of hot-swappable modules that consumers can configure as they choose, then upgrade later as new technologies emerge. Google is aiming to release about a year from now."
alphadogg writes "Ahead of a major new spectrum auction scheduled for next year, America's four major wireless carriers are jockeying for position in the frequencies available to them, buying, selling and trading licenses to important parts of the nation's airwaves. Surging demand for mobile bandwidth, fueled by an increasingly saturated smartphone market and data-hungry apps, has showed no signs of slowing down. This, understandably, has the wireless industry scrambling to improve its infrastructure in a number of areas, including the amounts of raw spectrum available to the carriers. These shifts, however, are essentially just lateral moves – nothing to directly solve the problems posed by a crowded spectrum. What's really going to save the wireless world, some experts think, is a more comprehensive re-imagining of the way spectrum is used."
An anonymous reader writes "Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans. The team designed and simulated an attack by a virus, called 'Chameleon,' that not only could spread quickly between homes and businesses, but avoided detection and identified the points at which WiFi access is least protected by encryption and passwords. The research appears in EURASIP Journal on Information Security." The technical details are explained in the journal article.
An anonymous reader writes "Jeff Atwood, co-founder of Stack Overflow, says the mobile app ecosystem is getting out of hand. 'Your platform now has a million apps? Amazing! Wonderful! What they don't tell you is that 99% of them are awful junk that nobody would ever want.' Atwood says most companies trying to figure out how to get users to install their app should instead be figuring out just why they need a mobile app in the first place. Fragmentation is another issue, as mobile devices continue to speciate and proliferate. 'Unless you're careful to build equivalent apps in all those places, it's like having multiple parallel Internets. "No, sorry, it's not available on that Internet, only the iOS phone Internet." Or even worse, only on the United States iOS phone Internet.' Monetization has turned into a race to the bottom, and it's led to worries about just what an app will do with the permissions it's asking for. Atwood concludes, 'The tablet and phone app ecosystem is slowly, painstakingly reinventing everything I hated about the computer software industry before the web blew it all up.'"
exomondo writes "Following hot on the heels of the iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system. It is a security bug that can be used as a vector for malware to capture touch screen, volume rocker, home button and (on supported devices) TouchID sensor presses, information that could be sent to a remote server to re-create the user's actions. The vulnerability exists in even the most recent versions of iOS and the authors claim that they delivered a proof-of-concept monitoring app through the App Store."
pacopico writes "About 24 years ago, a tiny chip company came to life in a Cambridge, England barn. It was called ARM, and it looked quite unlike any other chip company that had come before it. Businessweek has just published something of an oral history on the weird things that took place to let ARM end up dominating the mobile revolution and rivaling Coke and McDonald's as the most prolific consumer product company on the planet. The story also looks at what ARM's new CEO needs to do not to mess things up."
alphadogg writes "U.S. cellphone carriers were offered a technology last year that supporters say would dramatically cut incidents of smartphone theft, but the carriers turned it down, according to sources with knowledge of the proposal. The so-called 'kill-switch' software allows consumers to remotely wipe and render their phones useless if stolen. Law enforcement and politicians believe the incentive for stealing a smartphone or tablet would be greatly reduced if the technology became standard, because the devices could quickly be rendered useless. A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S. The proposal followed pressure from the offices of the San Francisco District Attorney and the New York Attorney General for the industry to do more to prevent phone theft."
squiggleslash writes "Despite some industry skepticism, Nokia has indeed been working on an Android smartphone and finally unveiled the Nokia X today. As rumored, it's not a Google Play compatible device, running instead a Google-less AOSP build with a Nokia app store, and Windows Phone style shell. The budget phone will also not be marketed in North America. The Media seems convinced Microsoft — who are in the process of acquiring Nokia — will kill the project, but it's hard to see why Nokia would be working on such a project at this time if Microsoft had plans to do this."
wiredmikey writes "Users of iOS devices will find themselves with a new software update to install, thanks to a certificate validation flaw in the mobile popular OS. While Apple provides very little information when disclosing security issues, the company said that an attacker with a 'privileged network position could capture or modify data in sessions protected by SSL/TLS.' 'While this flaw itself does not allow an attacker to compromise a vulnerable device, it is still a very serious threat to the privacy of users as it can be exploited through Man-in-the-Middle attack,' VUPEN's Chaouki Bekrar told SecurityWeek. For example, when connecting to an untrusted WiFi network, attackers could spy on user connections to websites and services that are supposed to be using encrypted communications, Bekrar said. Users should update their iOS devices to iOS 7.0.6 as soon as possible." Adds reader Trailrunner7: "The wording of the description is interesting, as it suggests that the proper certificate-validation checks were in place at some point in iOS but were later removed somehow. The effect of an exploit against this vulnerability would be for an attacker with a man-in-the-middle position on the victim's network would be able to read supposedly secure communications. It's not clear when the vulnerability was introduced, but the CVE entry for the bug was reserved on Jan. 8."
Nerval's Lobster writes "Google's Advanced Technology and Projects Group is working on a new initiative, Project Tango, which could allow developers to quickly map objects and interiors in 3D. At the heart of Project Tango is a prototype smartphone with a 5-inch screen, packed with hardware and software optimized to take 3D measurements of the surrounding environment. The associated development APIs can feed tons of positioning and orientation data to Android applications written in Java, C/C++, and the Unity Game Engine. In addition to a 'standard' 4-megapixel camera, the device features a motion-tracking camera and an aperture for integrated depth sensing; integrated into the circuitry are two computer-vision processors. Google claims it only has 200 developer units in stock, and it's willing to give them to independent developers who can submit a detailed idea for a project involving 3D mapping of some sort. The deadline for unit distribution is March 14, 2014. In theory, developers could use ultra-portable 3D mapping to create better maps, visualizations, and games. ('What if you could search for a product and see where the exact shelf is located in a super-store?' Google's Website asks at one point.) The bigger question is what Google intends to do with the technology if it proves effective. Google Maps with super-detailed interiors, anyone?"
An anonymous reader writes "Sailfish, the Linux-based mobile operating system developed by Finnish devicemaker Jolla, has reached version 1.0. Sailfish arose from the ashes of several failed and interrupted projects to bring a new, major Linux-based platform to mobile devices. It's already running on phones sold in India and Russia, but more importantly, Sailfish was designed to be easily ported to existing Android devices. It's also built to support many Android apps. Jolla will begin providing complete firmware downloads during the first half of the year."
An anonymous reader writes "Attackers have crafted the E-Z-2-Use malware code that exploits a 14-month-old vulnerability in Android devices. The vulnerability exists in the WebView interface a malicious website can utilize it to gain a remote shell into the system with the permissions of the hijacked application. Vulnerable devices are any device that is running a version earlier than 4.2 (in which the vulnerability was patched) which is a staggeringly large amount of the market. The vulnerability is in Android itself rather than the proprietary GMS application platform that sits atop the base operating system so it is not easily patched by Google."
colinneagle writes "Amid all the talk about Microsoft forking Android for a smartphone OS, one suggestion involves a look back to Microsoft's DOS days. Microsoft DOS was designed per IBM's specification to run exclusively on IBM's PC hardware platforms. Phoenix Technologies employed software developers it nicknamed 'virgins,' who hadn't been exposed to IBM's systems, to create a software layer between Microsoft's DOS system and PCs built by IBM's competitors. This helped Microsoft avoid infringing on IBM's patents or copyrights, and subsequently helped fuel the explosive growth of PC clones. Microsoft could use the same approach to 'clone' the proprietary Android components in its own Android fork. This would prevent copyright infringement while giving Microsoft access to Google Play apps, as well as Android's massive base of developers." Microsoft (or anyone) could generate a lot of goodwill by completely replacing the proprietary bits of Android; good thing that doing so is a work in progress (and open-source, too), thanks to Replicant. (Practically speaking, though, couldn't Google just make access to the Play Store harder, if Microsoft were to create an Android-alike OS? Even now, many devices running Android variants don't have access to it.)
An anonymous reader writes "Include Security unveiled new research showing that users of the popular online dating app Tinder were at significant risk due to a vulnerability they discovered in the geo-location feature of the application. This vulnerability allowed Tinder users to track each another's exact location for much of 2013. Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user. This resulted in a privacy violation for the users of the application." Include Security has posted a video that shows how the the flaw could be exploited, before it was fixed last month.