Chinese smartphone maker Coolpad has created an extensive “backdoor” into its Android devices that can track users, serve them unwanted advertisements and install unauthorized apps, a U.S. security firm alleged today.
In a research paper released today, Palo Alto Networks detailed its investigation of the backdoor, which it dubbed “CoolReaper.”
“Coolpad has built a backdoor that goes beyond the usual data collection,” said Ryan Olson, director of intelligence at Palo Alto’s Unit 42. “This is way beyond what one malicious insider could have done.”
Coolpad, which sells smartphones under several brand names — including Halo, also called Danzen — is one of China’s largest ODMs (original device manufacturers). According to IDC, it ranked fifth in China in the third quarter, with 8.4% of the market, and has expanded sales outside of the People’s Republic of China (PRC) and Taiwan to Southeast Asia, the U.S. and Western Europe.
Tipped off by a string of complaints from Coolpad smartphone users in China and Taiwan — who griped about seeing advertisements pop up and apps suddenly appear — Palo Alto dug into the ROM updates that Coolpad offered on its support site and found widespread evidence of CoolReaper.
Of the 77 ROMs that Palo Alto examined, 64 contained CoolReaper, including 41 hosted by Coolpad and signed with its own digital certificate.
Other evidence that Coolpad was the creator of the backdoor, said Olson, included the malware’s command-and-control servers — which were registered to domains belonging to the Chinese company and used, in fact, for its public cloud — and an administrative console that other researchers had found last month because of a vulnerability in Coolpad’s backend control system. The console confirmed CoolReaper’s functionality.
The U.S. Consumer Financial Protection Bureau has filed a lawsuit against Sprint Corp over unauthorized charges on customers’ cellphone bills, a practice known as cramming, in the agency’s first foray into mobile payments.
Marking the third cramming-related government enforcement action this year, the CFPB alleges that from 2004 through 2013, the wireless carrier allowed third parties to charge consumers tens of millions of dollars for services like ringtones or text-message horoscopes that consumers had not requested, while keeping 40 percent of the gross revenue.
The Federal Communications Commission is weighing a $105 million cramming fine against Sprint.
“Sprint mistreated consumers egregiously by creating a billing system that invited illegal third-party charges and processed them in a highly irresponsible manner,” the CFPB’s director, Richard Cordray, said.
Sprint expressed disappointment in being the target of the CFPB’s lawsuit and disputed the accusations, listing various steps it said it took to monitor third-party charges, such as hiring an outside compliance vendor and vetting billing companies.
“We strongly disagree with (the CFPB’s) characterization of our business practices,” Sprint spokeswoman Stephanie Vinge Walsh said in a statement.
“It appears the CFPB has decided to use this issue as the test case on whether it has legal authority to assert jurisdiction over wireless carriers,” she said in an email.
In July, the Federal Trade Commission sued T-Mobile US Inc over similar billing issues, and in October, the FCC and the FTC settled such a case with AT&T Inc.
For the CFPB, which oversees consumer financial products such as mortgages and credit cards, this case marked the first public action coordinated with the FCC.
“If a company is processing payments over a mobile network, that’s something that the bureau has jurisdiction over,” the CFPB’s deputy enforcement director, Jeff Ehrlich, told reporters. “We’ll take action against anyone who violates the consumer financial protection laws.”
FCC spokespeople said the FCC and the CFPB have agreed to continue close cooperation “on this and other cases on behalf of wireless customers nationwide.”
BlackBerry Ltd rolled out its much anticipated Classic on Wednesday, a smartphone it hopes will help it win back market share and woo those still using older versions of its physical keyboard devices.
The Canadian mobile technology company said the new device, which bears striking similarities to its once wildly popular Bold and Curve handsets, boasts a larger screen, longer battery life, an expanded app library with access to offerings from Amazon.com Inc’s Android App store, and a browser three times faster than the one on its legacy devices.
“The conversation about BlackBerry has changed in the last year,” Chief Executive John Chen said as he launched the Classic at Manhattan’s upscale Cipriani restaurant. “We are here to stay, there is no question about that. Now we have to engineer our growth.”
He said BlackBerry had listened to its fans and brought back the command bar functionality that helped make its legacy phones easy to navigate.
When the company initially introduced its new BlackBerry 10 operating system and devices early in 2012 it put more emphasis on touchscreens, alienating many fans of its physical keyboard.
Those who moved to the new physical keyboard phones that BlackBerry launched later were unhappy that command keys such as the Menu, Back, Send and End buttons, along with the trackpad had been dropped.
With the Classic and the recent launch of its Passport smartphone, Chen is in some ways taking the company back to its roots, re-emphasizing the physical keyboard, rather than trying to compete directly against the touchscreen handsets of dominant rivals like Samsung Electronics and Apple.
“We expect the Classic to be the most popular BlackBerry enterprise device and the easiest transition for current BB7 (legacy device) users,” said Wells Fargo analyst Maynard Um.
Android apps really take advantage of those permissions they ask for to access users’ personal information: one online store records a phone’s location up to 10 times a minute, French researchers have found. The tools to manage such access are limited, and inadequate given how much information phones can gather.
In a recent study, ten volunteers used Android phones that tracked app behavior using a monitoring app, Mobilitics, developed by the French National Institute for Informatics Research (INRIA) in conjunction with the National Commission on Computing and Liberty (CNIL). Mobilitics recorded every time another app accessed an item of personal data — the phone’s location, an identifier, photos, messages and so on — and whether it was subsequently transmitted to an external server. The log of the apps’ personal information use was stored on the phone and downloaded at the end of the three months for analysis.
The volunteers were encouraged to use the phones as if they were their own, and together used 121 apps over the period from July to September. A similar study last year used a special iOS app to examine the way iPhone apps access users’ personal data.
Many apps access phones’ identifying characteristics to track their users, the researchers said. One of the few options users have to avoid this tracking is a switch in the “Google Settings” app to reset their phone’s advertising ID. That’s not much help, though, as apps have other ways to identify users. Almost two-thirds of apps studied in the three-month real-world test accessed at least one mobile phone identifier, a quarter of them at least two identifiers, and a sixth three or more. That allows the apps to build up profiles of their users for advertising purposes.
Location was one of the most frequently-accessed items of data. It accounted for 30 percent of all accesses to personal information during the test, and 30 percent of the apps studied accessed it at some point. The Facebook app recorded one volunteer’s location 150,000 times during the three-month period — more than once per minute, on average, while the Google Play Store tracked another user ten times per minute at times. Often, the only use apps make of such information is to serve personalized advertising, as was the case with one game that recorded a user’s location 3,000 times during the study.
SoftBank subsidiary Sprint Corp dropped its bid to acquire the No. 4 U.S. carrier in August but the companies did not rule out future consolidation.
The Japanese telecommunications company is now transferring “the bulk” of manpower out of its West Coast operations, including dispersing development engineers to Sprint headquarters in Kansas, said the people, who declined to be identified because the move has not been made public.
SoftBank is also considering renting out one of two buildings it leased at an annual cost of over $3 million to accommodate a T-Mobile-driven expansion, the people said. The building has stood largely empty, they said.
The failed bid by Japan’s acquisitive No. 3 mobile carrier was a rare setback for founder Masayoshi Son. The billionaire encountered resistance from U.S. regulators, who insisted on keeping the number of major wireless carriers at four.
“There were people sent to Silicon Valley for the purpose of making (mobile phone) platforms, but that job was done and there’s nothing else to do,” said one of the people.
SoftBank spokesman Matthew Nicholson said some SoftBank employees are moving back to Tokyo or going to Kansas as certain joint projects between the company and Sprint have finished. He declined to comment regarding the relationship between the departures and the failed bid to acquire T-Mobile.
SoftBank bought No.3 U.S. carrier Sprint last year for $22 billion as part of an overseas expansion that has included investments across Asia.
Chief Operating Officer Kevin Turner told Japanese news service Nikkei on Wednesday that the new system would be released “early next fall.”
Microsoft has not publicly set a firm timetable for the release of Windows 10, but only last week suggested the possibility of an earlier release.
“By next late summer and early fall we’ll be able to bring out this particular OS (operating system). That’s the current plan of record,” Turner told the Credit Suisse Technology Conference last Thursday.
An autumn release would put Windows 10 on track for launch three years after Windows 8, which got a mixed reception as it confused many traditional PC users with a design more suited to tablets.
Microsoft unveiled the name Windows 10 in late September, saying the jump in numbers from 8 to 10 marked a leap as it looks to unify the way people work on tablets, phones and traditional computers.
An early test version of Windows 10 – which blends the traditional look and much-loved start menu with newer features – has been available for download from Microsoft’s website for more than two months.
Windows is still a core part of Microsoft’s business and dominates the desktop computing market with 1.5 billion users. But the growth of smartphones and tablets means Windows now runs on only about 14 percent of computing devices worldwide, according to tech research firm Gartner.
Ericsson has thrown a spanner into Chinese firm Xiaomi’s expansion plans, and has reportedly stopped it from selling handsets in India.
According to reports, this is already happening. We have asked Ericsson to confirm its role and what it wants to say about it. It told us that the reports are true and that it is ready to defend itself.
“It is unfair for Xiaomi to benefit from our substantial R&D investment without paying a reasonable licensee fee for our technology. After more than 3 years of attempts to engage in a licensing conversation in good faith for products compliant with the GSM, EDGE, and UMTS/WCDMA standards, Xiaomi continues to refuse to respond in any way regarding a fair license to Ericsson’s intellectual property on fair, reasonable and non-discriminatory (FRAND) terms,” it said in a statement.
“Ericsson, as a last resort, had to take legal action. To continue investing in research and enabling the development of new ideas, new standards and new platforms to the industry, we must obtain a fair return on our R&D investments. We look forward to working with Xiaomi to reach a mutually fair and reasonable conclusion, just as we do with all of our licensees.”
Xiaomi has responded to Bloomberg but it declined to say too much until it has access too all of the information.
“Our legal team is currently evaluating the situation based on the information we have,” said the spokesperson. “India is a very important market for Xiaomi and we will respond promptly as needed and in full compliance with India laws.”
The banning on the sale of devices was approved by a court in Delhi India, according to reports, and is based on an Ericsson claim on eight patents that it owns.
Xiaomi has bold plans for its own future and sees itself competing against rivals like Samsung and Apple. It has given itself between five and 10 years to do this, and will presumably want to include the Indian market in those plans.
Intel’s platform is like a set of building blocks based on the chipmaker’s components and software for companies to create smart, connected devices, Doug Davis, head of Intel’s Internet of Things business, said at a launch event in San Francisco.
It also aims to make it easier to connect to data centers in order analyze data collected from devices’ sensors.
“We’re creating compute capability in end-point devices that scale from our highest performance Xeon processor to the Quark family of products,” Davis said, referring to Intel’s chips.
After moving slowly in recent years to adapt its personal computer chips for smartphones and tablets, Intel is determined to make sure it is on the leading edge of future computing trends, industry experts and company executives have said.
Adding processors, sensors and web connectivity to devices from soccer balls to industrial machinery, an emerging trend dubbed the Internet of Things, has become a new battleground for Intel, rival Qualcomm and other technology companies.
The install base of wireless gadgets will more than double by the end of the decade, with most of the growth coming from smart devices other than PCs and smartphones, according to market research firm ABI Research.
Intel’s Internet of Things Group had $530 million in revenue in the September quarter. That accounted for just 4 percent of Intel’s total revenue in the quarter, but it grew 14 percent over the previous year, which was faster than the company’s PC business.
Dell, SAP, Tata Consultancy, Accenture and other companies are working with the new reference model, Davis said.
New versions of wireless technology standards aren’t often a big deal, there are far too few car chases and full frontal nudity, but the latest Bluetooth 4.2 is apparently going to change that. The new spec allows Bluetooth devices to connect to the Internet through newer home routers supporting IPv6. This should drastically simplify home automation, as it would avoid the need for dedicated Bluetooth hubs or devices with built-in Wi-Fi.
This will bring about some significant changes. Home automation plans are stuffed up by the fact that each service sells its own proprietary hub for connecting smart light bulbs, switches and sensors. This adds to the cost and complexity of home automation, because users may need multiple hubs to connect all the devices they want.
Bluetooth 4.2 should cut down on the overhead, so that even if two groups of products don’t talk to one another, you won’t need separate hardware. Bluetooth 4.2 includes new protections against Beacons, which can locate and send notifications to nearby Bluetooth devices.
Some retailers have been using Beacons to track and alert their shoppers, but with Bluetooth 4.2, users will have to opt in to the specific alerts they want to see. This works by having users download an app that effectively whitelists the store in question. Bluetooth 4.2 also uses new encryption and hash algorithms to protect wireless communications.
The systems data transfer should be up to 2.5 times faster, and connections over Bluetooth Smart and should be even more power efficient than before. Some of the new features (including Internet connectivity) won’t be around until later this month or early next year. In any case, we probably won’t start seeing phones, tablets and smart devices with Bluetooth 4.2 on board until later next year.
BlackBerry Ltd and NantHealth, a healthcare-focused data provider,has rolled out a secure cancer genome browser, giving doctors the ability to access patients’ genetic data on the BlackBerry Passport smartphone.
Earlier this year, BlackBerry bought a minority stake in privately held NantHealth. The mobile technology company sees healthcare as one of the niche sectors in which it has an advantage, due to the heightened focus on patient privacy and BlackBerry’s vast networks that can manage and secure data on mobile devices.
The company said the cancer genome browser on the BlackBerry Passport enables deep, interactive reporting on genomics data for physicians. It gives oncologists a tool to view individual genetic patterns in a disease and allows them to highlight relevant treatment options.
BlackBerry launched the square-screened Passport device in September, the oddly shaped device was fashioned in a sense to tailor to the needs of the physicians, with a wider screen that allows for better viewing of X-rays, scans and documents.
“Our partnership with BlackBerry has really been able to create a scalable super-computer in the palm of the hands of the doctor,” said Patrick Soon-Shiong, chief executive of NantHealth.
BlackBerry Chief Executive John Chen said he expects this roll-out to get healthcare professionals interested in the Passport.
The genome browser is fully encrypted to allow deployment to enable clinicians to securely access patient data as soon as it is available, wherever they are.
The browser will be demonstrated at the Consumer Electronics Show (CES) in Las Vegas in January and it will be pre-loaded on BlackBerry Passport devices and available to the professional community in early 2015. The browser will also be available on certain other devices running on rival platforms, but secured by BlackBerry’s network.
Michael Fey has left Intel Security Group to become chief operating officer at Blue Coat. Blue Coat is apparently not the traditional garb of a British Holiday Camp entertainer, but apparently a privately owned network security company.
Fey was one of the few top McAfee managers to stay with the company after it was bought by Intel in 2011. McAfee is now part of Intel Security Group, where Fey had been chief technology officer. Fey said that his role at Blue Coat would be “very similar” to his old job but he was allowed to focus on the cloud and the advanced threats space more.
“Blue Coat had tremendous growth behind the scenes and now I get to focus on taking that growth and trying to get it to the billion-dollar revenue mark,” he told Reuters.
Since the $7.7 billion acquisition by Intel, McAfee has lost senior managers and key talent in technology development, research and sales. At Blue Coat, Fey will replace David Murphy, who will stay on as a strategic adviser to the board.
AT&T now says it will continue its already-announced fiber optic network expansion to 100 cities, moving away from comments by AT&T CEO Randall Stephenson after President Obama voiced support for net neutrality last month.
The move brought a strong response from critics who say the carrier’s fiber optic plans are mostly bogus and were designed as a competitive play against the ongoing Google Fiber rollout. The purported delay in AT&T’s investments was quickly seen as an empty threat.
In a letter to the Federal Communications Commission (FCC) sent Nov. 25, AT&T said won’t limit future fiber-to-the-premises deployments to 2 million homes as part of its $49 billion deal to acquire DirecTV. That contrasts with what Stephenson said Nov. 12.
“To the contrary, AT&T still plans to complete the major initiative we announced in April to expand our ultrafast GigaPower fiber network in 25 major metropolitan areas nationwide.” Robert Quinn, AT&T senior vice president for regulatory matters, said in the letter.
In his Nov. 12 appearance at a Wells Fargo investors conference, Stephenson had said AT&T would stop fiber rollouts beyond the 2 million for the DirecTV deal: adding: “We can’t go out and just invest that kind of money deploying fiber to 100 cities other than these 2 million not knowing under what rules that investment will be governed.” The 100 cities are included in the 25 metro areas AT&T cited in its letter to the FCC. Stephenson later said to Fox Business Network that it might be two to three years before AT&T starts investing again in fiber optic network rollouts to 100 cities.
Since it won’t limit its fiber deployment to 2 million homes, AT&T also told the FCC that it didn’t need to provide documents surrounding any decision to delay. AT&T also redacted from public view any details on its fiber rollout in the letter.
The company said it will now require less information from users flagging inappropriate content and that it will be easier to submit tweets and accounts for review, even when wrongful behavior is simply observed and not received directly.
“We are nowhere near being done making changes in this area,” Shreyas Doshi, director of product management and user safety said in a message posted on Twitter’s website.
“In the coming months, you can expect to see additional user controls, further improvements to reporting and new enforcement procedures for abusive accounts.”
Users also will be able to view all the accounts they have blocked in a new blocked accounts page accessible from the settings menu on Twitter.
The changes, which will be rolled out to all users in the next few weeks, include modifications designed to speed up Twitter’s response by better streamlining and prioritizing reports of abusive content, technology news website The Verge reported.
A way to block multiple accounts at once also appears to be in the works, according to The Verge.
Twitter has faced criticism in the past over a response to harassment and abuse deemed too lax by many of its users.
In December last year, the company was forced to nix a change to its “block” feature under criticism that the new policy still allowed blocked users to interact with those who had blocked them.
Earlier this year, a survey by online advocacy groups found that nearly half of Americans under the age of 35 have been bullied, harassed or threatened online.
Twenty-four percent of the people surveyed said the harassment happened on Twitter.
“Our goal is to deliver fantastic cross-platform apps that support the variety of email services people use today and help them accomplish more,” wrote Rajesh Jha, Microsoft corporate vice president for Outlook and Office 365, in a blog post announcing the purchase.
Over the past year, Microsoft has been extending its Office set of office productivity software and services so they can be accessed on non-Windows devices. The company has released Office apps for the iPad and iPhone, and is working on a version of Office for Android.
Founded in 2013, Acompli offers an iPhone and Android mobile e-mail client that streamlines many of the basic tasks around managing e-mail so they can be completed on the device itself, rather than by using a desktop client. Users have reported that the software works particularly well with Microsoft’s Exchange e-mail servers. Microsoft offers a basic version of Outlook for iPhones, though thus far it has seemingly garnered only a lukewarm response from users.
The free Acompli app offers advanced features such as the ability to view both calendar items and email side by side on the same screen. The calendar lets users email available times for proposed meetings and send a message when they are running late.
Microsoft plans to pair the Acompli development team with the team for its own Outlook e-mail client.
Terms of the deal were not disclosed, though tech website Re/Code reported that the acquisition was worth more than $200 million.
Yahoo Mail is back up and running after 11 days of downtime, although the service is unlikely to have many users left.
Yahoo confirmed that the service had returned to life in a statement, noting that the severed underwater cable to blame for the outage had been put back together.
A spokesperson for the company said: “The underwater fibre cable has been repaired and Yahoo Mail performance has returned to normal levels.”
Yahoo Mail has bounced back to life after a whopping 11 days of downtime. The firm first confirmed the problem on 20 November.
“We are aware that Yahoo Mail is slow or inaccessible for some of our users,” the firm elaborated in a statement sent to The INQUIRER last week.
“The issues were a result of an underwater fibre cable cut, caused by a third party while fixing a separate cable.
“The engineering team has rerouted email traffic to mitigate accessibility issues. A cable repair ship has been mobilised to fix the issue.
“We apologise for the inconvenience as we certainly understand email is a critical service for our customers.”
The length of the outage makes it unlikely that Yahoo Mail has a lot of users left hanging around, as many threatened to switch to Gmail or Outlook.
Several took to a forum on the downdetector.com site to voice their wrath.
On 26 November, Patti Wood complained: “My issues are 1) can’t use the email 2) I was never notified there was an issue. They should have posted it somewhere such as the log in page. Still waiting. Then they give you the phone number which refers you back to where you started and it goes round and round.”
Karen Dermody added, “Yet again, can’t get into Yahoo email. This is getting really ridiculous. Also third time this week for me.”
Many of the posters say they’ve already switched to Gmail owing to the downtime, or plan to move across shortly.
Typically, Yahoo Mail users have flocked to Twitter about the outage. One complains: “If Yahoo was #RBS they’d be fined £56m for locking us out of our accounts. How am I expected to run my business with #yahoomaildown?”
Another adds: “Nobody panic, @yahoomail are confident they will have the problem fixed by Christmas.”
Yahoo Mail’s downtime came just days after the company inked a deal with Mozilla to become the default search engine for Firefox in the US.