Subscribe to:

Subscribe to :: ::

Is Android Security Working?

October 13, 2015 by Michael  
Filed under Computing

The tried and tested fake application threat has been felt again in the Android Play store, according to security research outfit ESET.

ESET is not new to this, nor is the Play store. The security firm said that the aim of the latest infections and attack is to take over a handset and flood it with advertising.

The infected applications are piggybacking on two popular games called Pou and Subway Surfers, both of which have been downloaded over 200,000 times.

“The apps pose as Cheats for Pou, Guide for Subway and Cheats For Subway, claiming to offer the same application functionality in apps. The payload of these applications is to deliver ads to users at regular intervals,” ESET said.

This sort of thing is common in a lot of apps, and is traditionally called advertising.

ESET said in a We Live Security blog post that this is much worse, explaining that once installed the application will resist all efforts at removal and will be a very stubborn presence and persistent marketing mouthpiece.

“While ad-supported applications are common in the Android ecosystem, there’s a clear boundary of behaviours that ESET cannot condone. These particular AdDisplay POUs [potentially unwanted applications] contain specialised self-protection functionalities that not only make the removal of the app from the Android device more difficult, but help it evade detection by Google Bouncer in the first place,” the firm said.

“When users realise that the apps are exhibiting very unusual behaviour and try to uninstall them, they will find that this is far from easy. The apps will ask the user to activate the device’s administrator rights. Thus, users may have difficulty removing this AdDisplay threat.”

The firm has announced workarounds for anyone suffering from the malware. We have, of course, asked Google for its own information and statements.

This isn’t the first time that Google Bouncer has been evaded for malicious gain. Perhaps the system is having some personal problems that are distracting it from work.




U.S. Decides Not To Pursue Laws Banning Encryption

October 13, 2015 by mphillips  
Filed under Around The Net

The Obama administration will not pursue legislation at this point to ban the encryption of communications by many technology services and product vendors, but will work on a compromise with industry, a senior U.S. official said.

“The administration is not seeking legislation at this time,” Federal Bureau of Investigation Director James Comey said in a statement before a Senate Committee on Homeland Security and Governmental Affairs.

Comey had previously asked for a “robust debate” on encryption of communications, saying that the technology could come in the way of his doing his job to keep people safe.

In his testimony, he said that the government is “actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services.”

Civil rights groups and the tech industry have asked President Barack Obama to take a stand against any dilution of encryption, including mandating the creation of backdoors for law enforcement, citing the right of individuals to use encryption for their privacy and security.

In a recent letter to Obama, Ed Black, president and CEO of industry body Computer & Communications Industry Association wrote that he was aware of an ongoing discussion within the administration regarding the growing availability of strong encryption in consumer products and communications systems, and its implications for criminal and counter-terrorism investigations.

“Technical and legislative policy proposals, from mandates to incentives, are being debated by a variety of stakeholders,” Black wrote.



Samsung Mongoose SoC Appears To Be A Performer

October 13, 2015 by Michael  
Filed under Computing

Leaks are dangerous as they are sometimes fake.  But if this one is true, it looks like Samsung has guns to match the Snapdragon 820 or the MediaTek Helios X20 high end processors.

The Mongoose (Exynos M1 or possibly branded as 8890 ) has been benchmarked by the popular GeekBench. The Galaxy S6 with Exynos 7420 occa-core scores 1143 in single score and 5150 in multi-core part of the test. We ran the numbers seconds ago so they are real. The new core, expected in early 2016 phone’s like the Galaxy S7 will perform much faster than that.



Chipset Single-Core Multi-Core
Samsung Exynos M1 Mongoose – 2.3GHz 2,294 6,908
Samsung Exynos M1 (Mongoose) – Power Saving 1,710 4,896
Samsung Exynos M1 (Mongoose) – Ultra Power Saving 1,100 3,209
Samsung Exynos 7420 1,483 5,150
Apple A9 2,487 4,330

The most significant is the performance gain in the single core score.  This went up from 1483 to 2,294 and show a huge increase in single core performance. Samsung comes close to Apple’s Flagship A9 processor when it comes to the single core performance.

The new Samsung Exynos M1 Mongoose at 2.3GHz scores 6,908 in the multi-core which is more than what the company  has with its Samsung Exynos 7420. Things are looking good for Samsung as this SoC might end up at least in some models of Samsung Galaxy S7, the new phone that is expected early next year. Some versions of S7 will come with Snapdragon 820 too and it will be interesting to see how 820 is performing in the real world.


AT&T Finally Offers Wi-Fi Calling

October 12, 2015 by mphillips  
Filed under Mobile

AT&T has finally rolled out Wi-Fi calling on newer-model iPhones running iOS 9  after winning permission from the Federal Communications Commission.

Wi-Fi Calling helps users get better connections indoors where cellular service can be spotty. Where permitted by a carrier, it can also eliminate international calling costs of up to $1 a minute.

T-Mobile and Sprint already offer Wi-Fi calls on certain devices, and T-Mobile started the practice as early as 2007 without securing the same permission from the FCC that AT&T received.

AT&T said the iPhone 6S, iPhone 6S Plus, iPhone 6 and iPhone 6 Plus will support Wi-Fi Calling if they have iOS 9 installed.

To add Wi-Fi calling to an eligible iPhone, according to Apple’s website, go to Settings> Phone> Wi-Fi Calling. You will then be prompted to answer a few questions.

With AT&T’s announcement, Verizon Wireless is expected to follow suit.

T-Mobile allows customers on certain devices to make Wi-Fi calls “virtually anywhere” there is Wi-Fi access. However, AT&T said its Wi-Fi Calling service will be available only when calling or texting from the U.S., Puerto Rico and the U.S. Virgin Islands.

AT&T didn’t offer an explanation for its restriction to those geographies.

In a blog post AT&T bemoaned that T-Mobile and Sprint were allowed to move ahead so much earlier, without receiving the same permission in the form of a waiver that AT&T sought and received.

“We are left scratching our heads as to why the FCC still seems intent on excusing the behavior of T-Mobile and Sprint who have been offering these services without a waiver for quite some time,” said Jim Cicconi, senior executive vice president of external affairs at AT&T.

The FCC waiver permits AT&T to begin offering Wi-Fi calling without also offering teletypewriter (TTY) communications for the deaf, hard of hearing and speech-impaired.

AT&T wants to set up RTT (Real Time Texting) instead, arguing it works better over the Internet. Once implemented, RTT would be backward compatible with TTY, AT&T said in a blog in July.

Roger Entner, an analyst at Recon Analytics, said AT&T probably sought and received the waiver to avoid an FCC fine for proceeding without permission.

He said Verizon has also proceeded slowly on Wi-Fi calling, hoping also to avoid a fine for the same reason.

“Verizon has not launched Wi-Fi calling but now that AT&T has the waiver, I would expect Verizon to launch shortly,” Entner said. “Sprint and T-Mobile didn’t bother to get a waiver and apparently they are less afraid of the FCC. Historically, they have gotten nicer treatment from the FCC.”





Qualcomm Goes LTE For Microsoft

October 12, 2015 by Michael  
Filed under Computing

Qualcomm has continued its friendship with Microsoft by extending its latest LTE-Advanced modem, the X12, to Windows 10 notebooks and tablets.

The chipmaker was the only major chip provider to optimize its architecture for Windows Phone, and Microsoft’s Lumia devices, which run on Snapdragon 808 and 810 chips.

The Windows 10 devices which come to market later this year will have the option to integrate cellular connectivity with the X12, X7 or X5 LTE modems, which support the Microsoft operating system’s native Mobile Broadband Interface Model (MBIM).

Qualcomm said this would give business users, in particular, a similar experience on their large-screened devices as on their smartphones, giving the particular examples of location-based services and security driving LTE usage on PCs and tablets.

Integrated cellular connectivity has not been so important for notebook users, outside of a few scenarios such as WiFi-less trains, most wireless access from notebooks, and even tablets, is over a WLAN.

Qualcomm makes WiFi chips for portable devices but it does not have such a big market share. Working with Microsoft means it could have a higher presence and a far better chance of delivering mass sales. The Surface Pro and its new Surface Book, is getting good reviews and might even be popular.


Apple Removes Data Spying Apps From Store

October 12, 2015 by mphillips  
Filed under Around The Net

Apple has removed several apps from its store that it said could pose a security risk by exposing a person’s Web traffic to untrusted sources.

The company recommended deleting the apps but did not name them, which may make it hard for people to know which apps put their data at risk.

The apps in question installed their own digital certificates on a person’s Apple mobile device. It would enable the apps to terminate an encrypted connection between a device and a service and view the traffic, which is a potential security risk.

Most websites and many apps use SSL/TLS (Secure Socket Layer/Transport Security Layer), a protocol that encrypts data traffic exchanged with a user. SSL/TLS is a cornerstone of Web security, ensuring data traffic that is intercepted is unreadable.

It is possible in some cases to interfere with an encrypted connection. Many enterprises that want to analyze encrypted traffic for security reasons will use SSL proxies to terminate a session at the edge of their network and initiate a new one with their own digital certificate, allowing them to inspect traffic for malicious behavior.

In that scenario, employees would likely be more aware or expect that kind of monitoring. But people downloading something from the App Store probably would have no idea of the access granted to their sensitive data traffic.

Apple checks applications to ensure that malicious ones are not offered in its store. Those checks are in large part the reason why Apple has had fewer problems with malicious mobile applications in its store.

Installing digital certificates isn’t itself a malicious action per se, but Apple may be concerned that users are not fully aware of the consequences of allowing an app to do so.




Kemoge Malware Menacing Android Phones

October 9, 2015 by mphillips  
Filed under Mobile

Smartphone owners running Google’s Android operating system in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.

Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores.

“This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat,” wrote Yulong Zhang, a staff research scientist with FireEye.

Whomever created Kemoge repackaged legitimate apps with the malware and then promoted them on websites and through in-app ads to persuade people to download them.

Zhang listed a dozed affected apps: Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, Shareit, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enhancer and Light Browser.

Third-party apps stores are considered risky places to download Android apps, as hackers frequently upload malicious apps to them. Google performs a security check on apps in its Play store, although harmful ones occasionally sneak in.

Kemoge not only displays unwanted ads, but it’s also loaded with eight root exploits that target a wide range of Android devices, Zhang wrote. A successful attack using those exploits means an attacker would have complete control over the device.

Kemoge will collect a device’s IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers, information on storage and apps, and send the information to a remote server.

That command-and-control server was still running, Zhang wrote. An analysis of traffic exchanged between an infected device and the server showed Kemoge also tries to uninstall antivirus apps.

FireEye came across an app called Shareit in Google’s Play store that was signed by the same digital certificate as the malicious one found on the third-party source.

The Google Play version of ShareIt did not have the eight root exploits or contact the command-and-control server, but it did have some of the same Kemoge code libraries. It now appears to be gone from Google Play.





Is The Tablet Space Drying Up?

October 9, 2015 by Michael  
Filed under Computing

Demand for Tablets is getting so weak that more chip suppliers plan to phase out their tablet-IC businesses.

The so-called “game-changing technology” when Apple launched it, is turning out to be just another fad – much like the iPod.

Digitimes reports that its deep throats in Taiwan-based IC design houses are giving up on tablets, which have been killed off by large-size smartphones. Tablet demand worldwide will likely decline 10-20 per cent in 2016 which will probably kill the fad off.

Shipments of tablets running Android OS might be less than 160 million units in 2015, and will fall further to 120-130 million in 2016, the sources predicted.

As a result, international vendors have decided to leave the tablet-IC market because of low prices which will yield them low profits. Meanwhile weak demand, price competition among tablet chip providers remains intense.

The only one to see an increase in sales has been MediaTek. Its shipments for tablets continue to grow and it aims to ship 45 million tablet chips in 2015. It is not sure what black magic the outfit is performing to buck the trend.  We hate to say we told you so, but this was inevitable.



Sony Says 2016 Is Make-Or-Break Year For Smartphone Unit

October 8, 2015 by mphillips  
Filed under Mobile

Sony Corp’s chief executive pegged 2016r as a make-or-break year for its struggling smartphones, saying it could consider other options for the unit if it failed to turn profitable.

After years of losses, Chief Executive Kazuo Hirai has engineered a successful restructuring drive at Sony, with recent results showing improvement thanks to cost cuts, an exit from weak businesses such as PCs, as well as strong sales of image sensors and videogames. But its smartphone business has been slow to turn around.

“We will continue with the business as long as we are on track with the scenario of breaking even next year onwards,” Hirai told a group of reporters on Wednesday. “Otherwise, we haven’t eliminated the consideration of alternative options.”

Sony and other Japanese electronics makers have struggled to compete with cheaper Asian rivals as well as the likes of Apple Inc and Samsung Electronics.

Sony phones including its Xperia-branded smartphones held only 17.5 percent of the market in Japan and less than 1 percent in the North America, according to company data last year.

The electronics giant in July lowered its forecast for its mobile communications unit to an operating loss of 60 billion yen in the current fiscal year from an earlier estimate of a 39 billion yen loss.

“I do have a feeling that a turnaround in our electronics business has shown progress. The result of three years of restructuring are starting to show,” he said. “But we still need to carry out restructuring in smartphones.”



Samsung Appears To Be Back In The Black

October 8, 2015 by Michael  
Filed under Computing

Samsung is expected to announce its first annual increase in quarterly profit in two years following a dismal third quarter in 2014, but word on the street is that things are not going well.

Samsung’s July-September operating profit to have risen 64 percent marking the first pickup since a record profit in the third quarter of 2013, but investors are not exactly excited.

Most of Samsung’s problems are its phone business. Though overall phone shipments likely rose, the brokerage says the greater share of lower-end products and price cuts for the Galaxy S6 models weighed heavily on the company’s bottom line.

At the lower end it launched new products targeting markets such as India, while at the high end it switched from plastic to metal, introduced curved screens and cut the price for its flagship Galaxy S6 devices after sales fell short of high expectations in the second quarter.

The smartphone market is saturated and no one is selling that many anymore. Chinese makers have eaten up its lower end market. New hardware features can be quickly matched by rivals. Samsung lacks service or software offerings that can pique consumer interest and not easily be replicated, a problem it hopes its recently launched Samsung Pay service can help address.

None of this has convinced investors that the company is back on track for sustained growth and the sustained growth is likely soon. The company is under pressure to return some of a cash pile of $53 billion through dividends or share buybacks.

Samsung’s semiconductor business probably remained its top earner for the fifth straight quarter as new premium phones came to market.


Big Blue Goes nVidia Inside

October 8, 2015 by Michael  
Filed under Computing

Big Blue has launched a line of Power processor-based, Linux-tuned machines which are helped out by Nvidia Tegra GPUs.

The three products based around Power 8 processors offering scale-out servers in preconfigured, single-click order, and bespoke options. They are

The S812LC, consisting of a single eight-core 3.32GHz processor or 10-core 2.92GHz processor, up to 1TB of system memory.

The S822LC for commercial computing, offering the same specs but with a second identical processor for up to 20 cores.

The S822LC for high performance offers identical specs to the S822LC but incorporates multiple Nvidia Tegra GPUs for creating visual interpretations of data quickly and easily.

Nvidia and IBM are close in the OpenPower Foundation and the 822 is supposed to be a lot quicker .

IBM said that the S822LC, with its 20 cores of Power 8 performance, is 2.7x per core, with 40 percent better price-performance ratio when running PostegreSQL.”

The difference with the LC range is its ability to run out of the box and off the shelf, meaning that customers can be up and running in under 30 minutes, IBM says.

List prices range from $6,595 to $11,990 off the shelf, with a price on request for the Nvidia-enabled version.



Verizon Finds New Use For Its ‘Supercookie’

October 8, 2015 by mphillips  
Filed under Mobile

Verizon’s purchase of AOL means that ads for some U.S. mobile users are about to get a whole lot more targeted.

The company has updated its privacy policy, saying that it now shares unique identifying information about users of its mobile phone network with the AOL Advertising Network, which claims as customers 74 of the top 100 websites tracked by ComScore.

The move will allow AOL to target ads at visitors to its sites and others using information from Verizon’s databases as well as its own. According to Verizon’s October 2015 privacy notice, the targeting criteria include visitors address, email address, age range, gender, interests, location, mobile web browsing history and app usage. The company can also track some non-mobile web browsing, to sites carrying AOL ads, it said.

Verizon links all this information together using a patchwork of identifiers, including ad IDs from Apple and Google, browser cookies from AOL, and its own Unique Identifier Header (UIDH) which it adds to mobile data traffic on its network. It’s this last item that ads significantly to AOL’s ad targeting power, as it’s easy to delete or change the other identifiers.

It’s also now possible to opt out of Verizon’s UIDH system too, thanks to reporting by ProPublica, which earlier this year revealed that the company was still using the identifier to track users who had deleted it.

Concern about targeted advertising is rising, with an increasing number of Internet users opting out of advertising altogether through the use of ad-blocking software. Apple recently made it possible to download content blockers for its Safari browser on iOS, prompting a flurry of players to enter the market.

Some see such blockers as a tool to force the online advertising industry to change its ways. One, Eyeo, deliberately lets through certain ads, as long as they are unobtrusive. It introduced has its own iOS content blocker — but also taken steps to win over other developers to its platform by making its process for allowing some ads through the blocker more transparent.



Google Issues Patch For Latest Stagefright Flaw

October 7, 2015 by mphillips  
Filed under Mobile

Google has released fixes for two new Stagefright-related vulnerabilities, one of which affects Android versions going back to 2008 and puts millions of users at risk.

The flaws were found by security company Zimperium, which also unearthed the original Stagefright flaws in April.

In an advisory Google said it didn’t appear that attackers have started exploiting the vulnerabilities yet.

The latest flaws are only slightly less dangerous than their predecessors, which allowed a device to be compromised merely by sending a specially crafted multimedia message (MMS). An attacker needed only to know the victim’s phone number.

To exploit the latest flaws, dubbed Stagefright 2.0, an attacker would have to convince a user to visit a website and play a piece of audio or video content.

The vulnerabilities relate to problems with how Android processes metadata within that content, Zimperium said in a blog post.

Google has released an over-the-air update for its Nexus Android devices and had notified its partners of the issues by Sept. 10, the company said.

Zimperium held off releasing proof-of-concept exploit code but will allow some of its partners to see it later this month, it said.

In light of the number of users affected by Stagefright, Google said in August it would begin issuing monthly security patches, mirroring steps taken years ago by companies including Microsoft for desktop software.

Still, fixing software problems on mobile devices is a disjointed affair and users are dependent on device manufacturers and operators for timely patching. After Google’s announcement, major manufacturers including Samsung and LG also committed to monthly patching.



SanDisk Building Industrial Strength Components For IoT

October 7, 2015 by mphillips  
Filed under Consumer Electronics

Consumers use flash memory cards in phones, tablets and cameras almost daily. But put those same cards in security cams, cellular base stations or the electrical grid and you’ll have a problem.

Industrial devices need flash that can work harder and withstand more extreme temperatures than consumer gear, and they’ll be operating out in the field years after a typical phone or camera card has been replaced. So SanDisk is introducing a line of components built for the Internet of Things.

IoT is expected to put thousands of sensors, meters, robots and machines into the field with growing needs to process and store data.

The SanDisk Industrial line includes cards for the familiar SD, microSD and eMMC (embedded MultiMediaCard) standards, but built to tougher specifications.

For example, the SanDisk Industrial XT SD Cards and XT iNAND embedded flash drives announced Monday are rated to work in temperatures as low as -40 degrees Celsius (-40 Fahrenheit), compared with -25 Celsius for a typical consumer SD card.

The industrial cards can also write more data before they have to be replaced: as much as 128TB, far more than is typical for a consumer-grade part, said Martin Booth, director of SanDisk Industrial and SanDisk Automotive. This kind of endurance is what’s needed in IoT devices like remote video cameras that will capture video around the clock for as long as five years, he said. Otherwise they would have to be replaced more frequently, a costly proposition if the owner needs to send out a truck and a technician.

Another feature, Enhanced Power Immunity, will help prevent data loss in case of power failure. It uses special firmware for recovering data if the power is cut off, something ordinary flash cards may not be able to do if, for example, the user pulls a card out of a PC while it’s still transferring data.

The new parts range in size from 4GB or 8GB up to 64GB and will cost more than comparable consumer-grade products, but less than twice as much, Booth said.




Will Cannonlake Leap Intel Past Four Cores?

October 7, 2015 by Michael  
Filed under Computing

Intel’s next-generation Cannonlake consumer-targeted processors could be the chip to leap from quad-core designs for the great unwashed.

An Intel engineer has been caught boasting on this Linkedin profile that he had a hand in Cannonlake system-on-chip (SoC) parts which integrated four, six, or eight processing cores with a Converged Coherent Fabric (CCF). He described this as acting like the Northbridge of an old-fashioned chipset setup.

Intel has not used this phrase before but it does explain some rather strange job adverts wanting a ‘Coherent Fabric Architecture Engineer.’ We have not met anyone in the fashion industry who was coherent let alone a fabric maker.

Intel has been making products with lots of processing cores but it seems addicted to four cores on consumer desktops (with or without the HyperThreading technology that extends it to running eight simultaneous threads.)

If the leak is right, then the 10nm Cannonlake family could be offered in hexa- and octa-core varieties.

Boosting the number of CPU cores on its next-generation products would allow the company to continue to tell software developers to concentrate on making the best use of CPU cores rather than looking to HSA and other than the general-purpose GPU  to boost performance.