Security researchers have discovered a bug in the Android WiFi Direct feature that could allow hackers to launch denial-of-service (DoS) attacks on Android devices.
WiFi Direct allows Android devices to connect to one another directly without needing a third-party device like a wireless router. The feature runs as standard in most Android smartphones today.
The guys at Core Security found the vulnerability, dubbed CVE-2014-0997, and said that a number of Android smartphones are vulnerable and can be affected by a DoS attack when scanning for WiFi Direct-capable devices.
An attacker could implement the DoS attack by sending a specially crafted 802.11 probe response frame “causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class”, said Core Security.
“On some Android devices processing a probe response frame with a WiFi-Direct (P2P) information element that contains a device name attribute with specific bytes generates a malformed supplicant event string that ends up throwing the IllegalArgumentException. As this exception is not handled the Android system restarts.”
In laymen’s terms, the attacker could essentially reboot an Android device remotely, knocking it off the wireless connection.
Devices currently affected by the bug include the Nexus 5 and Nexus 4 running Android version 4.4.4, the LG D806 and the Samsung SM-T310 running Android 4.2.2, and the Motorola RAZR HD running Android 4.1.2.
Core Security said that other devices could also be affected. Android 5.0 Lollipop is not vulnerable to the exploit, so the firm suggests that Android users should update to the latest version where possible.
Facebook is testing a scaled down version of its mobile app that requires far less data, which could boost usage of the social networking service among people with weaker Internet service or older phones.
Facebook “Lite” is available for devices running Android 2.2 and up. The size of the free app is 252 kilobytes, and it’s meant for 2G networks in areas with limited connectivity. Users can perform a bunch of basic functions like post status updates with photos, comment on people’s posts, message friends, have group conversations, and receive notifications. Posts from the news feed are meant to load quickly.
Early reviews on the Google Play store for the app have been positive, with many praising its low data and battery usage.
Facebook launched the app over the weekend in parts of Africa and Asia, said a report in TechCrunch. A Facebook spokeswoman declined to comment further.
The Lite app appears to be related to Facebook’s Internet.org project, which seeks to provide free access to Facebook and other basic Internet services in developing countries. The Internet.org app is already available in a handful of countries such as Zambia, Tanzania, Kenya and Colombia. In addition to Facebook, the app provides access to other services like the weather, Wikipedia, and health and educational information. Carriers can charge users for paid access to other services. In addition to Facebook, other founding partners of Internet.org include Ericsson, Nokia and Samsung.
With the Lite app, Facebook might be testing people’s responsiveness to a set of basic Facebook services without the ancillary ones. It may also help Facebook learn how it could further improve the functions of its Internet.org app.
Facebook tested a different stripped down version of its site in late 2009 and early 2010, although only for the desktop. It was shut down in April 2010.
It’s patch week again for Adobe Flash Player, and this time the update is designed to fix a critical security bug in the much-maligned browser’s multimedia plug-in.
Flash Player has been updated to version 22.214.171.1246 to solve the vulnerability previously identified in the APSA15-01 Security Bulletin. The bulletin now contains information about the new version.
Flash Player 126.96.36.1996 was released with auto-update enabled on 24 January, two days earlier than the expected distribution date.
The standalone release was released on 26 January, as Adobe anticipated in the original bulletin, and users or sysadmins can download the full exe/msi installer straight from the official site.
Flash Player 188.8.131.526 is now available for Internet Explorer and the plug-in based browsers on Windows and Mac systems.
A new version (184.108.40.2060) is available for Linux operating systems and Oracle Solaris on the same page that provides the Windows/Mac versions.
Adobe is also said to be working with the company’s “distribution partners” to make the update available for those browsers that embed the Flash plug-in, namely Internet Explorer 10 and 11 and Google Chrome.
Flash Player 220.127.116.116 is meant to end the exploitation of a zero-day vulnerability classified as CVE-2015-0311, for which a working exploit was already circulating in the wild.
Successful attacks via drive-by downloads were confirmed against machines running Internet Explorer and Firefox on Windows 8.1 and below.
The bug “could cause a crash and potentially allow an attacker to take control of the affected system”, Adobe warned in the original security bulletin.
Installing the updated version of the Flash Player plug-in is recommended.
The new Flash Player release contains no new features apart from fixing the CVE-2015-0311 bug.
Researchers at Georgia Institute of Technology have emerged from their smoke filled labs with an intelligent keyboard which cleans itself and can identify users by the pattern and style of their fingertips and keystrokes.
Dubbed the “human-machine interfacing” device, the keyboard was reported in the American Chemical Society’s academic journal “Nano.”
If it works it could provide a foolproof way to prevent unauthorized users from gaining direct access to computers and stop the return key being clogged with navel fluff.
Enabled by a system of “contact electrification,” the keyboard senses typing patterns, the level of pressure applied to keys and speed – and it is accurate enough to distinguish one individual user from another.
The keyboard harnesses energy generated from all that typing to either power itself or another small device. This means that you have to keep working or your keyboard will not work, so after a holiday both you and your keyboard might be sluggish.
“Conventional security measures such as personal identification numbers, tokens, or passwords can provide only limited protection, since they themselves are subject to illegitimate activities,” the research team wrote.
“Based on contact electrification, which is ubiquitous but under-explored, between human fingers and keys, the intelligent keyboard (IKB) converts typing motions on the keyboard into locally electric signals that can be harnessed for either touch-sensing or energy-harvesting purposes. Most significantly, the IKB allows a direct identification of personality in data input using the dynamic electronic signals generated when striking keys,” the article stated.
The scientists anticipate their device can be potentially applied “not only to self-powered electronics but also to artificial intelligence, cyber security, and computer or network access control.”
Cablevision System Corp said that it would launch in February a wireless Internet phone service to give customers an alternative to more expensive data plans from cellular companies such as AT&T and Verizon.
The “Freewheel” phone service, which runs on any WiFi connection, is an attempt by Cablevision to retain and potentially add subscribers at a time when cable companies are losing out to lower-priced, bundled TV and Internet services from telecom firms.
Cablevision said the phone service was the first of its kind to be launched by a cable company and aims to tap users seeking to download unlimited amounts of data on their mobile phones using WiFi, which is less expensive than a cellular connection.
Such services could pose a challenge to traditional telecom carriers. Currently, carrier Republic Wireless and Massachusetts-based startup Scratch Wireless offer users similar services that use WiFi to control data costs.
“There has been a dramatic shift in how consumers use their mobile devices: today, it’s all about data, and WiFi is now preferred and clearly superior to cellular,” Kristin Dolan, chief operating officer of Cablevision, said in the statement.
Cablevision, controlled by New York’s Dolan family, has been investing in its “Optimum” WiFi network since 2007, setting up over 1.1 million WiFi hotspots or access points in New York, New Jersey and Connecticut.
Cablevision’s WiFi phone service will be offered at $29.95 per month and $9.95 per month for subscribers of its “Optimum Online” service. It will be available exclusively on the Motorola Moto G smartphone that users will have to purchase, the company said.
The $180 Android phone will be sold to “Freewheel” users without a contract at a discounted price of $99.95, it added.
Several foreign-based operators of virtual private network (VPN) services said Friday that access to their services in China had been disrupted as a result of the crackdown and users are facing a harder time getting to some foreign websites.
Virtual private networks work by establishing an encrypted pipe between a computer or smartphone and a server in a foreign country. All communications are sent inside the pipe, effectively shielding Internet traffic from government filters that determine whether a site can be accessed. VPNs are used by Chinese citizens to get to external news sources and by resident foreigners and businesses for day-to-day communications.
StrongVPN, a commercial provider that operates a network of servers around the world, said users in China had recently begun experiencing connection problems to some of its sites. Comments alongside a company blog post indicate the list of sites affected is changing and sites that might work one day are failing the following day.
Another VPN provider, Golden Frog, told customers they might have more success connecting to services in Hong Kong or The Netherlands than those in the United States or Australia.
The Chinese government appears to be using two techniques to disrupt service, said Andrew Staples, a spokesman for Golden Frog. One, deep packet inspection, examines the data in Internet packets to try to determine if it’s a VPN connection. The other, IP blocking, shuts off traffic destined for the Internet addresses used by VPN servers.
ARM has created a course to teach IoT skills to students at University College London (UCL)
The course is designed to encourage graduates in science, technology, engineering and maths (Stem) to seek careers in IT.
The IoT Education Kit will teach students how to use the Mbed IoT operating system to create smartphone apps that control mini-robots or wearable devices.
Students are expected to be interested in building their own IoT business, or joining IoT-focused enterprises like ARM. The course will also try to limit the number of Stem graduates pursuing non-technology careers.
ARM reported statistics from a 2012 study by Oxford Policy and Research revealing how many engineering graduates (36 percent of males, 51 percent of females), technology graduates (44 percent, 53 percent) and computer scientists (64 percent, 66 percent) end up with non-Stem jobs.
The IoT Education Kit will be rolled out by UCL’s Department of Electronics from September 2015, with a week-long module for full-time and continuing professional development students.
The Kit comprises a complete set of teaching materials, Mbed-enabled hardware boards made by Nordic Semiconductor, and software licensed from ARM. A second teaching module for engineering graduates is being developed for 2016.
“Students with strong science and mathematical skills are in demand and we need to make sure they stay in engineering,” said ARM CTO Mike Muller.
“The growth of the IoT gives us a great opportunity to prove to students why our profession is more exciting and sustainable than others.”
UCL professor Izzat Darwazeh also highlighted the importance of Stem skills, saying that “many students are not following through to an engineering career and that is a real risk to our long-term success as a nation of innovators”.
South Korean smartphone maker LG Electronics Inc said on Thursday that it has not experienced any overheating problems with Qualcomm Inc’s new Snapdragon processor that is powering a curved-screen device going on sale later this month.
“I am very much aware of the various concerns in the market about the (Snapdragon) 810, but the chip’s performance is quite satisfactory,” Woo Ram-chan, LG vice president for mobile product planning, told reporters at a press event for the company’s G Flex2 smartphone.
The comment came after Bloomberg reported a day earlier that Samsung Electronics Co Ltd, the world’s top smartphone maker, decided not to use the new Qualcomm processor for the next flagship Galaxy S smartphone after the chip overheated during testing. Samsung and Qualcomm have declined to comment on the report, which cited unidentified sources.
Samsung is widely expected to unveil the new Galaxy S smartphone in early March, and Bloomberg reported that the Korean firm will use its own processors instead.
But LG’s Woo said on Thursday that internal tests for the G Flex2, powered by the new Qualcomm processor, show that the new product emits less heat than other existing devices. The new phone is scheduled to start selling in South Korea on Jan. 30.
“I don’t understand why there is a issue over heat,” he said.
The sprawling search company would sell the service directly to consumers, according to The Wall Street Journal, which cited unnamed sources. Tech news site The Information reported on the deals earlier this week.
Google is heavily involved in mobile through its Android operating system, the world’s most widely used mobile OS, as well as through selling mobile advertising, and is pushing to make more radio spectrum available for wireless services. But the partnerships with Sprint and T-Mobile would bring the company into the cellular business itself, offering Google phone plans directly to consumers.
The deals would make Google an MVNO (mobile virtual network operator), a carrier that doesn’t build or operate its own network but sells services that run on the partners’ infrastructure. Sprint is the third-largest U.S. mobile carrier and T-Mobile is the fourth largest.
As a powerful and well-heeled newcomer, Google might disrupt the cellular industry, just as it has the wired broadband business with its Google Fiberservice. The U.S. mobile industry has been wracked by new business models and falling prices in recent years.
It’s not clear whether the company will launch a full-scale national effort or a more limited rollout. There are terms in Google’s contract with Sprint that would allow for renegotiation if Google draws a huge number of subscribers, the Journal said.
Such an outcome would be a blow for Qualcomm’s prospects for 2015, with the company already having guided for weaker-than-usual annual revenue growth in a five-year outlook issued in November. Samsung, the world’s No.1 smartphone maker, has been one of the U.S. company’s top customers.
Qualcomm’s new Snapdragon 810 chip overheated during Samsung’s testing, Bloomberg reported. The South Korean company will use its own processors instead, Bloomberg said.
A Qualcomm spokesman declined to comment on the report. A Samsung spokeswoman said the company does not comment on rumours.
Analysts have said the Snapdragon 810 chip has been dealing with a variety of performance issues that may not be corrected in time for the launch of Samsung’s next Galaxy S smartphone.
The South Korean firm is widely expected to unveil the device on the sidelines of the Mobile World Congress trade show in early March. Samsung will need to ensure that the phone does not disappoint in order to keep its global market share from slipping further, analysts said.
Samsung has already used its own Exynos processors in flagship devices such as the Galaxy S5 to some extent, though analysts said Qualcomm’s Snapdragon chips were more widely used. Greater adoption of Exynos chips in Samsung smartphones would help boost sales for the struggling foundry business.
“Samsung will likely show off the new Galaxy S phone in about a month and a half, so one would have to assume that the chips have been tested a fair amount in order for them to be used,” said HMC Investment analyst Greg Roh.
Microsoft Researchers have worked out a way that means you will never have to plug in your phone again.
Yunxin Liu, Zhen Qin and Chunshui Zhao from Microsoft Research’s Beijing campus have developed a new system they call AutoCharge.
The researchers’ paper said that “wireless power methods have several disadvantages, preventing them from being used in our targeted usage scenarios”
Electromagnetic radiation of wireless power is much higher than wireless communications (Wi-Fi or 3G). Thus, safety to human bodies is a big issue in wireless power. As a result, wireless power is usually used only in extreme scenarios such as in outer space, for military purposes, or in very short ranges.
Radio frequencies used in wireless power are much lower than the frequencies of light, it is hard to emit the radio waves within a straight beam. This causes energy waste if the receiver is not large enough and makes it hard to ensure safety.
The current crop of wireless charging solutions for smartphones typically require special phone cases and ‘charging pads’, and work using electromagnetic induction. Power is transmitted only over a few centimetres.
However the researchers came up with a way of using solar power techniques to charge smartphones.
Indoor surrounding light is usually much than the sunlight and thus cannot be used to charge a smartphone but instead of relying on the sun, the team built a prototype charger that can be mounted on a ceiling and automatically locate a smartphone lying on a table, then charge it using a directed beam of light.
The light charger has two modes. In the ‘detection’ mode, it uses a camera and image recognition software to detect objects with the size and shape of a smartphone lying on a table. The charger will rotate until it detects an object that looks like a smartphone.
The device then enters charging mode and turns on its light. The prototype used an UltraFire CREE XM-L T6 Focusing LED Flashlight.
Intel’s CEO Brian Krzanich has shrugged off rumors that Apple is about to switch to ARM in future Mac releases.
Of course the Tame Apple Press is declaring that this will mean the end of Intel as we know it. AppleInsider even ran a story claiming that Intel’s mobile was effectively destroyed by Apple’s Ax ARM Application Processors
After all only five or six percent of the world run on Apple Macs so the loss of Apple business would be annoying to Intel but no great problem.
Krzanich says the rumors of Apple switching to ARM are just that anyway and not likely.
“Apple is always going to choose the supplier who can provide the most amount of capability in innovation to build on. They’re a company based on innovation.”
Krzanich, who maintains that Intel needs to continue focusing on delivering parts that are better than its competitors.
But does Intel have anything to worry about? Well not really. Apple Macs are at the expensive end of the market and they need chips to match their price tag – well at least half of their price tag. ARM is still a long way from matching anything remotely like the what Intel shoves under the bonnet of Apple macs.
Twitter Inc announced plans to acquire Indian mobile phone marketing start-up ZipDial, reportedly for $30 million to $40 million, as the U.S. microblogging service looks to expand in the world’s second-biggest mobile market.
Bengaluru-based ZipDial gives clients phone numbers for use in marketing campaigns. Consumers call the numbers and hang up before connecting and incurring charges, and then receive promotion-related text messages.
The start-up’s clients include International Business Machines Corp, Yum! Brands Inc’s KFC and Procter & Gamble Co’s Gillette.
The service capitalizes on a local tradition of communicating through so-called missed calls. A person may give a friend a missed call to signal arrival at an agreed destination, for instance, without having to pay the cost of a phone call.
Such “unique behavior” was behind ZipDial, the start-up said in a statement announcing the Twitter deal.
Twitter did not disclose terms of the purchase. Techcrunch, citing unidentified sources, reported the deal at $30 million to $40 million.
“This acquisition significantly increases our investment in India, one of the countries where we’re seeing great growth,” Twitter said in a statement.
The acquisition is the latest in India by global tech giants who have snapped up companies in a fledgling startup scene, concentrated in the tech hub of Bengaluru in southern India.
Last year, Facebook Inc bought Little Eye Labs, a start-up that builds performance analysis and monitoring tools for mobile apps. Yahoo! Inc bought Bookpad, whose service allows developers to add document viewing and editing to their own applications.
China’s Alibaba Group Holding Ltd , the world’s biggest e-commerce company, is piloting a mobile messaging app geared toward merging social networking with business, an Alibaba spokeswoman said, as the company expands its enterprise services.
The app, called DingTalk, was quietly made available in December and is still in beta testing, according to its website.
Capable of carrying conference calls and group messaging, DingTalk targets small- and medium-sized enterprises, many of which are already Alibaba’s customers. The company has 8.5 million active sellers on its various e-commerce platforms, according to Alibaba’s initial public offering prospectus.
It is not Alibaba’s first stab at a mobile messaging app and others have become hot property in the tech sector. The company’s arch-rival, Tencent Holdings Ltd, operates WeChat, known as Weixin in China, which has 468 million monthly active users and was estimated to be worth as much as $64 billion by brokerage CLSA.
Underscoring the appeal of such apps, Facebook Inc in October completed its $22 billion acquisition of WhatsApp.
But Alibaba’s previous attempt at a mobile messaging app, Laiwang, is seen by many analysts and industry observers as a dud, with the Chinese market dominated by Tencent’s WeChat.
By going for smaller companies, DingTalk is chasing a target audience that already includes many Alibaba clients. This fits with its broader enterprise strategy, including the Alibaba Cloud Computing business, which also serves Alibaba’s merchants as well as other companies.
“DingTalk is a versatile mobile communications app that fills a gap in the market for corporate mobile messaging,” the Alibaba spokeswoman said.
HP is about to put out two tablets later this year.
The names are expected to be the HP Pro Slate 10 EE G1 and HP Pro Tablet 10 EE G1 and they were found on the world wide wibble by Notebook Italia,.
Both tablets are powered by an Intel quad-core Bay Trail Atom Z3735F processor. Accompanying the processor package is 2GB of RAM, as well as 32GB of internal storage. Both the Pro Slate and Pro Tablet come with 10.1-inch displays, as well as 802.11n Wi-Fi, Bluetooth, and NFC.
The Pro Slate sticks with Android, while the Pro Tablet opts for Windows 8.1. The tablets mean they will each come with a stylus, but it would appear that the stylus is just a stand in for your finger, rather than doing anything useful.
Pro Slate will set you back $400.00 and Pro Tablet cost $499.
HP has yet to officially announce either device.