Chinese smartphone maker Coolpad has created an extensive “backdoor” into its Android devices that can track users, serve them unwanted advertisements and install unauthorized apps, a U.S. security firm alleged today.
In a research paper released today, Palo Alto Networks detailed its investigation of the backdoor, which it dubbed “CoolReaper.”
“Coolpad has built a backdoor that goes beyond the usual data collection,” said Ryan Olson, director of intelligence at Palo Alto’s Unit 42. “This is way beyond what one malicious insider could have done.”
Coolpad, which sells smartphones under several brand names — including Halo, also called Danzen — is one of China’s largest ODMs (original device manufacturers). According to IDC, it ranked fifth in China in the third quarter, with 8.4% of the market, and has expanded sales outside of the People’s Republic of China (PRC) and Taiwan to Southeast Asia, the U.S. and Western Europe.
Tipped off by a string of complaints from Coolpad smartphone users in China and Taiwan — who griped about seeing advertisements pop up and apps suddenly appear — Palo Alto dug into the ROM updates that Coolpad offered on its support site and found widespread evidence of CoolReaper.
Of the 77 ROMs that Palo Alto examined, 64 contained CoolReaper, including 41 hosted by Coolpad and signed with its own digital certificate.
Other evidence that Coolpad was the creator of the backdoor, said Olson, included the malware’s command-and-control servers — which were registered to domains belonging to the Chinese company and used, in fact, for its public cloud — and an administrative console that other researchers had found last month because of a vulnerability in Coolpad’s backend control system. The console confirmed CoolReaper’s functionality.
BlackBerry Ltd rolled out its much anticipated Classic on Wednesday, a smartphone it hopes will help it win back market share and woo those still using older versions of its physical keyboard devices.
The Canadian mobile technology company said the new device, which bears striking similarities to its once wildly popular Bold and Curve handsets, boasts a larger screen, longer battery life, an expanded app library with access to offerings from Amazon.com Inc’s Android App store, and a browser three times faster than the one on its legacy devices.
“The conversation about BlackBerry has changed in the last year,” Chief Executive John Chen said as he launched the Classic at Manhattan’s upscale Cipriani restaurant. “We are here to stay, there is no question about that. Now we have to engineer our growth.”
He said BlackBerry had listened to its fans and brought back the command bar functionality that helped make its legacy phones easy to navigate.
When the company initially introduced its new BlackBerry 10 operating system and devices early in 2012 it put more emphasis on touchscreens, alienating many fans of its physical keyboard.
Those who moved to the new physical keyboard phones that BlackBerry launched later were unhappy that command keys such as the Menu, Back, Send and End buttons, along with the trackpad had been dropped.
With the Classic and the recent launch of its Passport smartphone, Chen is in some ways taking the company back to its roots, re-emphasizing the physical keyboard, rather than trying to compete directly against the touchscreen handsets of dominant rivals like Samsung Electronics and Apple.
“We expect the Classic to be the most popular BlackBerry enterprise device and the easiest transition for current BB7 (legacy device) users,” said Wells Fargo analyst Maynard Um.
Android apps really take advantage of those permissions they ask for to access users’ personal information: one online store records a phone’s location up to 10 times a minute, French researchers have found. The tools to manage such access are limited, and inadequate given how much information phones can gather.
In a recent study, ten volunteers used Android phones that tracked app behavior using a monitoring app, Mobilitics, developed by the French National Institute for Informatics Research (INRIA) in conjunction with the National Commission on Computing and Liberty (CNIL). Mobilitics recorded every time another app accessed an item of personal data — the phone’s location, an identifier, photos, messages and so on — and whether it was subsequently transmitted to an external server. The log of the apps’ personal information use was stored on the phone and downloaded at the end of the three months for analysis.
The volunteers were encouraged to use the phones as if they were their own, and together used 121 apps over the period from July to September. A similar study last year used a special iOS app to examine the way iPhone apps access users’ personal data.
Many apps access phones’ identifying characteristics to track their users, the researchers said. One of the few options users have to avoid this tracking is a switch in the “Google Settings” app to reset their phone’s advertising ID. That’s not much help, though, as apps have other ways to identify users. Almost two-thirds of apps studied in the three-month real-world test accessed at least one mobile phone identifier, a quarter of them at least two identifiers, and a sixth three or more. That allows the apps to build up profiles of their users for advertising purposes.
Location was one of the most frequently-accessed items of data. It accounted for 30 percent of all accesses to personal information during the test, and 30 percent of the apps studied accessed it at some point. The Facebook app recorded one volunteer’s location 150,000 times during the three-month period — more than once per minute, on average, while the Google Play Store tracked another user ten times per minute at times. Often, the only use apps make of such information is to serve personalized advertising, as was the case with one game that recorded a user’s location 3,000 times during the study.
“While the Internet of Things (IoT) conjures a vision of ‘anytime, any place’ connectivity for all things, the realization is complex given the need to work across interconnected and heterogeneous systems, and the special considerations needed for security, privacy, and safety,” co-wrote Google chief Internet evangelist Vint Cerf, in a blog post announcing the research program.
The ”Internet of Things” is technical shorthand describing what is expected to be a mass wave of portable devices and sensors that will gather information and send it over the Internet for purposes of analysis and monitoring. Over 50 billion things will be connected to the Internet by 2020, Cisco has estimated.
Google plans to issue two sets of awards, both meant to fuel work to be carried out over a year.
One set of grants will be for larger team projects that Google will pay between $500,000 and $800,000 to see completed. Google expects that the work could be undertaken either by an academician leading a team of researchers or by a graduate student “willing to dedicate a substantial portion of their research time to this expedition,” according to Google’s request for proposals document.
A smaller set of grants, ranging from $50,000 to $150,000, will also be given out. For these grants, Google is looking for “new and unorthodox solutions” in user interface and application development, in privacy and security, and in systems and protocols research, according to the blog post.
Facebook Inc has discontinued including results from Microsoft Corp’s Bing search engine on its social networking site.
The move, confirmed by a company spokesperson, comes as Facebook has revamped its own search offerings, introducing a tool on Monday that allows users to quickly find past comments and other information posted by their friends on Facebook.
The decision may reflect the increasing importance that Facebook sees in Web search technology, a market dominated by rival Google Inc.
Searches on Facebook have long been geared toward helping users connect with friends and to find other information that exists within the walls of the 1.35 billion-user social networking service. But for years, Facebook’s search results also included links to standalone websites that were provided by Bing.
“We’re not currently showing web search results in Facebook Search because we’re focused on helping people find what’s been shared with them on Facebook,” a company spokesperson told Reuters. “We continue to have a great partnership with Microsoft in lots of different areas.”
Microsoft was not immediately available for comment.
Facebook Chief Executive Mark Zuckerberg has flagged search as one of the company’s key growth initiatives, noting in July that there were more than 1 billion search queries occurring on Facebook every day and hinting that the vast amount of information that users share within Facebook could eventually replace the need to search the Web for answers to certain questions.
“There is more than a trillion posts, which some of the search engineers on the team like to remind me, is bigger than any Web search corpus out there,” Zuckerberg said on a conference call with analysts in July.
Microsoft’s Bing is the No.2 Web search provider in the U.S., with a nearly 20 percent share of the market according to industry research firm comScore.
Facebook and Microsoft have a longstanding relationship dating back to Microsoft’s $240 million investment in Facebook, for a 1.6 percent stake in the company, in October 2007. As part of that deal, Microsoft provided banner ads on Facebook’s website in international markets.
Third-quarter disk storage sales jumped 5.1 percent year over year, reaching $8.8 billion, according to research firm IDC. This was a change from the anemic growth the market saw earlier this year, brought on by falling demand in mature markets.
Sales of server-based storage with high capacity were up 10 percent in the third quarter. But the big bright spot was the influx of storage systems from original design manufacturers (ODMs) which design and produce hardware to other companies’ specifications. In the storage market, these manufacturers are bypassing traditional brands, selling directly to cloud service providers that put the equipment to use in hyperscale datacenters.
Similar trends appeared in an analysis of server market share published earlier by Gartner. It found that server purchases from ODMs by Google and Facebook were driving the market in the third quarter.
For the first time in its analysis of the storage market, IDC included ODMs’ sales. In the third quarter, ODMs collectively posted the highest level of growth, with their storage sales up 22 percent year over year.
Although the ODMs’ market share was only at 11.6 percent, the sales accounted for 43 percent of all storage capacity in the quarter.
IDC didn’t identify the ODMs, but the prominent ones are based in Taiwan and include Quanta Computer, Wistron Group and Inventec among others. The ODMs typically offer unbranded products, and they’ve been steadily growing in the server and storage market by selling directly to Google, Facebook and Amazon Web Services.
Increasingly Web services and cloud providers are tapping ODMs to design and build new storage architectures, “with limited or no involvement from traditional IT original equipment manufacturers,” IDC said.
Instead of requiring that users fill in the letters and numbers shown in a distorted image, sites that use Google’s reCAPTCHA service will be able to use just one click, answering a simple question: Are you a robot?
“reCAPTCHA protects the websites you love from spam and abuse,” wrote Vinay Shet, product manager for Google’s reCAPTCHA service, in a blog post. “For years, we’ve prompted users to confirm they aren’t robots by asking them to read distorted text and type it into a box… But, we figured it would be easier to just directly ask our users whether or not they are robots. So, we did! ”
Google on Wednesday began rolling out a new API that rethinks the reCAPTCHA experience.
CAPTCHA “can be hard to read and frustrating for people, particularly on mobile devices,” said Zeus Kerravala, an analyst with ZK Research. “People often have to put in the text several times. On the surface, this seems a good way to improve the user experience. It still requires human intervention, just something simpler.”
CAPTCHAs were created to foil computer programs that hackers or spammers use to troll for access to websites or to collect email addresses.
Google said CAPTCHAs are less useful than they have been, although they are still frustrating to everyday users.
“CAPTCHAs have long relied on the inability of robots to solve distorted text,’ wrote Shet. “However, our research recently showed that today’s artificial intelligence technology can solve even the most difficult variant of distorted text at 99.8% accuracy. Thus distorted text, on its own, is no longer a dependable test.”
The new API, along with Google’s ability to analyze a user’s actions — before, during, and after clicking on the reCAPTCHA box — let’s the new technology figure out if the user is human or not.
“The new API is the next step in this steady evolution,” Shet stated. “Now humans can just check the box and in most cases, they’re through the challenge.”
Italy’s Luxottica teaming up with U.S. chipmaker Intel Corp to develop glasses that combine its top fashion brands with technology that could allow wearers to access information about their health or location.
The world’s biggest eyewear maker said on Wednesday the frames developed with Intel would serve very specific purposes, and would not compete with its existing deal to manufacture and distribute Google Inc’s Internet-connected glasses.
Intel is also involved in the Google Glass project as its chips will replace components from Texas Instruments in the new version of the “smart” spectacles, according to a Wall Street Journal report this week.
“We’ve started to work on sensors which can detect, say, temperature or location,” Luxottica Chief Executive Massimo Vian told Reuters, declining to give further details about the deal with Intel.
“They provide their chips, we our brands,” he added.
Luxottica’s brands include Ray Ban, Oakley and Persol, while it has licenses to use brands including Chanel and Tiffany.
Intel, which was late to the smartphone and tablet industries, is striving to be at the forefront of future trends in mobile computing and expand into new markets, including smart watches and other Internet-connected “wearables”.
Earlier this year, it teamed up with watch retailer Fossil Group and fashion brand Opening Ceremony to develop wearable devices such as fashion bracelets with communications features and wireless charging.
Intel and Luxottica gave no financial details about their agreement, which will involve people from both companies working together in joint research and development teams. The first glasses are expected to be launched in 2015.
Morgan Stanley analysts estimated last month that shipments of wearable devices would grow to 248 million units in 2017 from 6 million in 2013, more than double industry estimates.
“Our goal is to deliver fantastic cross-platform apps that support the variety of email services people use today and help them accomplish more,” wrote Rajesh Jha, Microsoft corporate vice president for Outlook and Office 365, in a blog post announcing the purchase.
Over the past year, Microsoft has been extending its Office set of office productivity software and services so they can be accessed on non-Windows devices. The company has released Office apps for the iPad and iPhone, and is working on a version of Office for Android.
Founded in 2013, Acompli offers an iPhone and Android mobile e-mail client that streamlines many of the basic tasks around managing e-mail so they can be completed on the device itself, rather than by using a desktop client. Users have reported that the software works particularly well with Microsoft’s Exchange e-mail servers. Microsoft offers a basic version of Outlook for iPhones, though thus far it has seemingly garnered only a lukewarm response from users.
The free Acompli app offers advanced features such as the ability to view both calendar items and email side by side on the same screen. The calendar lets users email available times for proposed meetings and send a message when they are running late.
Microsoft plans to pair the Acompli development team with the team for its own Outlook e-mail client.
Terms of the deal were not disclosed, though tech website Re/Code reported that the acquisition was worth more than $200 million.
“Presumably, Intel would not get involved if Glass was a dying product,” said Scott Strawn, an analyst with IDC. “The really positive indication is if this comes along with an intention [by Intel] to invest and make new technologies that will solve a lot of the problems associated with Glass. That would be meaningful.”
The Journal, citing unnamed sources, reported that Texas Instruments Inc., which made the processor for the Glass prototype, is out and Intel is in. Intel plans to push Glass into vertical industries like healthcare networks and manufacturers.
Google did not respond to a request for comment. A spokeswoman for Intel would only say, “We work closely with Google across a number of areas, but we are not commenting on speculation.”
The report comes at a propitious time for Google, though, since it will quell talk of the company shelving Glass because of problems or lack of user interest.
Speculation heated up last month when Reuters reported that it had contacted 16 Glass developers and found only seven were still working on software for the wearable computer. The other nine had stopped working on their apps or ditched the project all together.
It didn’t help that Google co-founder Sergey Brin, who is frequently seen out sporting a pair of Glass, showed up at an upscale event without the computerized eyeglasses.
The implication was that Google was giving up on Glass — and the more than 10,000 early adopters who paid $1,500 for their wearable were out of luck.
At the time, Google pushed back, saying the company remains committed to pushing Glass forward, though there is no publicized launch date.
Analysts argued that while Google might be rethinking some Glass features or even tinkering with the form factor, it’s unlikely Google was giving up on the project — especially when it had just invested in Magic Leap Inc., an augmented reality company.
South Korea’s Samsung Electronics Co Ltd had decided to launch a new sub-$100 smartphone running on its own Tizen operating system in India later this month, South Korea’s Maeil Business Newspaper is reporting.
The paper, a local business daily, said Samsung will hold a press conference on Dec. 10 to launch its first Tizen smartphone, to be called the Z1. A Samsung Electronics spokeswoman declined to comment.
Samsung had initially planned to launch a Tizen smartphone in Russia in the third quarter but scrapped the plan. The firm said at the time that it wanted to further enhance the ecosystem behind Tizen. Only a handful of devices, including the firm’s smartwatch products, currently run on the platform.
The majority of Samsung’s mobile devices are based on Google’s Android platform. The South Korean firm’s push to develop its own operating system is part of efforts to reduce dependence on the U.S. firm, but delays in product launches have undercut expectations.
The company also just deleted thousands of negative online customer reviews of the smartphone on its website.
The latest discount first appeared on Amazon.com last week, dropping the unlocked 32GB price from its original $649 to $199; the price still includes one year of Prime service, worth $99, and is good through Cyber Monday (Dec. 1).
In addition to the price cut, Amazon deleted thousands of customer reviews of the product, leaving up only reviews posted since the price cut went into effect.
Just one review appeared as of noon ET Wednesday: “Dan” gave the Fire four stars out five and called the $199 price “awesome,” adding that he wished it ran pure Android. (It runs the Fire OS, an Android variant.)
An Amazon spokeswoman said there weren’t more reviews because the revised unlocked version just launched on its Web site. She said it has been upgraded with added features such as text translation, a secure corporate VPN and user interface and performance improvements; those added features will be rolled out to existing Fire customers over-the-air in coming weeks, she added.
By comparison, customer reviews back in late October scored the device with just 2.4 stars out of five, based on nearly 4,000 reviews.
Various negative complaints included access to too few apps and concerns that the Fire got hot to the touch. Some users called the phone “gimmicky,” pointing to various innovative features like Firefly for instant access to information on products and objects, customer support with Mayday and a sensor system with 3D-like capabilities called Dynamic Perspective.
Japan’s hemorrhaging technology giant Sony Corp plans to slice its TV and mobile phone product line-ups to cut costs, counting on multi-billion dollar revenue surges for its buoyant PlayStation 4 and image sensor businesses over the next three years.
Having lost ground to nimbler rivals like Apple Inc and Samsung Electronics Co Ltd in consumer electronics, Sony said on Tuesday its goal for TV and smartphones is to turn a profit, even if sales slide as much as 30 percent.
“We’re not aiming for size or market share but better profits,” Hiroki Totoki, Sony’s newly appointed chief of its mobile division told an investors’ conference. A poor showing by its Xperia smartphones has weighed heavily on recent earnings and Sony said more detail on plans for the unit will be unveiled before end-March.
Under its new three-year electronics business plan, Sony said it was aiming to boost sales for its videogame division by a quarter to as much as 1.6 trillion yen ($13.6 billion). It said that will be helped by personalized TV, video and music distribution services that should lift revenue per paying user.
At its devices division, which houses its image sensor business, Sony said sales could increase 70 percent to as much as 1.5 trillion yen. Sony’s sensor sales are already robust, with Apple using them in its iPhones while Chinese handset manufacturers are increasingly adopting them.
In a similar event last week for its entertainment units, the conglomerate said it was aiming to lift its movie and TV programming revenues by a third over the next three years.
A draft resolution calling for the break-up should be finalized early next week, with a vote potentially on Thursday, according to a report from The Financial Times. While the European Parliament has no formal power to break up the company, a vote to split Google could put pressure on the European Commission, the EU’s executive body.
The motion is backed by several German politicians and by the Parliament’s two largest political blocs, the European People’s Party and the Socialists, according to the newspaper. The Reuters news agency also reported on the plan.
A Google spokeswoman didn’t immediately respond to a request for comments about the proposed break-up motion.
Google currently faces a long-running antitrust investigation in the EU. Google and the EU’s previous antitrust commissioner, Joaquín Almunia, agreed to a set of terms back in February, but after complaints from online publishers and other groups, the commission demanded more concessions from Google.
Consumer Watchdog, a consumer rights group and long-time Google critic, applauded the move. “This is exactly what needs to happen,” John Simpson, Consumer Watchdog’s Privacy Project director, said by email. “Search should be separated from Google’s other businesses. We called for this back in 2010 and the need to do this has become even clearer as Google’s power has increased.”
In 2010, the group called on the U.S. Department of Justice to split Google’s search service from other lines of business.
“Office 365 Video provides organizations with a secure, company-wide destination for posting, sharing and discovering video content,” said Mark Kashman, a senior product manager with the Office 365 team, in a blog posting.
Kashman touted Video as a tool for internal communications, citing the examples of new-employee orientation, management messaging and worker training. Employees will also be able to contribute to a “Community” section, though most companies will probably frown on cat antic clips.
The service rolls out over the next few days to companies that have registered for Office 365′s First Release early distribution program, then through early 2015 to others.
Video will be available only to subscribers of Office 365′s plans for enterprises — E1 through E4 — and universities (A2 through A4). It will not be offered to consumer subscribers or firms with small business-oriented plans like Business Essentials, Business and Business Premium.
Kashman also said Office 365 plans for government agencies will get Video at some point, but he did not proffer a timeline.
The other requirement is SharePoint Online, an off-premises component of the enterprise and academic plans, but missing from the increasingly popular Office 365 ProPlus, the rent-not-buy plan used by organizations that have decided to retain their back-end services, like SharePoint and Exchange, on premises.
Although Office 365 Video has elements of consumer streaming services like Google’s YouTube, it’s strictly an in-house affair: It will be available only to employees, and then only those whom IT administrators have assigned access rights.