Sign up for our Technology Newsletter 
Stagefright 2.0 Exploits Android Vulnerabilities
Comments Off on Stagefright 2.0 Exploits Android Vulnerabilities
Newly found vulnerabilities in the way Android handles media files can allow attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.
The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report published Thursday.
The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android’s media libraries previews such files.
The Zimperium researchers found similar multimedia processing flaws earlier this year in an Android library called Stagefright that could have been exploited by simply sending Android devices a maliciously crafted MMS message.
Those flaws triggered a coordinated patching effort from device manufacturers that Android’s lead security engineer, Adrian Ludwig, called the “single largest unified software update in the world.” It also contributed to Google, Samsung and LG committing to monthly security updates going forward.
One of the flaws newly discovered by Zimperium is located in a core Android library called libutils and affects almost all devices running Android versions older than 5.0 (Lollipop). The vulnerability can also be exploited in Android Lollipop (5.0 – 5.1.1) by combining it with another bug found in the Stagefright library.
The Zimperium researchers refer to the new attack as Stagefright 2.0 and believe that it affects more than 1 billion devices.
Since the previous attack vector of MMS was closed in newer versions of Google Hangouts and other messaging apps after the previous Stagefright flaws were found, the most straight-forward exploitation method for the latest vulnerabilities is through Web browsers, the Zimperium researchers said.
Zimperium reported the flaws to Google on Aug. 15 and plans to release proof-of-concept exploit code once a fix is released.
That fix will come on Oct. 5 as part of the new scheduled monthly Android security update, a Google representative said.
Source-http://www.thegurureview.net/mobile-category/stagefright-2-0-exploits-android-vulnerabilities.html
U.S. LTE Speeds Drop
October 5, 2015 by admin
Filed under Around The Net
Comments Off on U.S. LTE Speeds Drop
The U.S. has dropped to No. 55 in LTE performance as speeds rise rapidly in countries that have lept ahead some early adopters of the popular cellular system.
The average download speed on U.S. 4G networks inched up to 10Mbps (bits per second) in the June-August quarter, according to research company OpenSignal. That was an improvement from 9Mbps in the previous quarter, but the country’s global ranking fell from 43rd as users in other countries made much larger gains.
The U.S. was one of the first countries with commercial LTE service when Verizon Wireless launched its network in late 2010. But other countries that adopted the system later started with better technology, and some have secured more frequencies or rolled out enhancements that U.S. carriers haven’t embraced as much, OpenSignal said.
New Zealand scored the highest average speed in the quarter with 36Mbps, coming up from nowhere in the rankings. But perennial standouts like South Korea and Singapore kept getting faster, too. The average LTE speed in Korea is now 29Mbps (up by 4Mbps), and in Singapore it’s 33Mbps, up by 5Mbps.
OpenSignal collects data on cellular performance through a free app that mobile subscribers can use to measure the speed they’re getting and find faster networks. The results announced Wednesday are based on readings from more than 300,000 users worldwide, the company said.
Countries like Hungary, the Dominican Republic and Morocco beat the U.S. in average LTE speed, but they aren’t necessarily smartphone paradises. Mobile users in America can use LTE more of the time, for example, because their carrier’s networks are built out. Subscribers in the U.S. are on LTE 78 percent of the time, on average, making the country No. 10 for what OpenSignal calls “time coverage.” Moroccan LTE may be fast, but 49 percent of the time, users there don’t get it, for example.
Source-http://www.thegurureview.net/mobile-category/u-s-falls-to-55th-place-worldwide-for-lte-speeds.html
Are Investors Losing Patience With Apple?
September 24, 2015 by admin
Filed under Around The Net
Comments Off on Are Investors Losing Patience With Apple?
Investors fear that Apple has run out of ideas after it released a version of Microsoft’s surface pro and an iPhone, which was the same as last year’s.
Apple’s Tim Cook might have thought yesterday, as he walked away from the cheering crowds of Apple employees and rabid New York Times writers, that he had won the day.
However, Apple shares fell 1.9 percent as shareholders realised that there were no transformative products that could jumpstart the company’s sales ahead of the crucial holiday season.
Apple shares usually drop an average of 0.4 percent on the day of iPhone announcements because the hype never matches the reality but this is a much bigger fall.
The big iPad received a raspberry because it was too big and similar to Microsoft’s Surface tablet and the new iPhones were too similar to those released a year ago. The Apple Surface Pro even came with a stylus, which is something that Apple fanboys mocked for years. In fact the only innovative thing about it was that it required recharging every ten hours making it the chocolate teapot of pencils.
All they had which was new was the 3D Touch which is a “so what?” technology which no one really needed or cares about. It was certainly not worth upgrading to get.
Jobs’ Mob has clearly given up on any pretence of “thinking different” and short of ideas has copied itself and others.
We expected the Apple TV announcement to be hugely disappointing. Apple has mostly dialled back its ambitions this year as it plans a bigger telly service announcement next year. But you would think that after all these years not upgrading the Apple TV, Jobs Mob could have come up with some more interesting hardware.
What we got were demonstrations showed tricks to make viewing easier voice control which can rewind a video for 15 seconds and turn on subtitles, when a viewer asks something like “What did she say?”
Oddly Cook said that Apple had worked really hard, and really long on that project. The new set-top box will include an app store and let developers create new software for Apple TV, including video games.
Again nothing that you can’t get elsewhere and probably a lot cheaper. We expect the Tame Apple Press will go into damage control limitation exercise and try to convince the world that everything is brilliant. Watch the comments below for statements from “Apple investors” claiming that their shares have gone up and that there was tons in yesterday’s rally to get excited about.
Source-http://www.thegurureview.net/computing-category/are-investors-losing-patience-with-apples-inventiveness.html
FCC Commits To 600 Mhz Wireless Spectrum Auction
September 21, 2015 by admin
Filed under Uncategorized
Comments Off on FCC Commits To 600 Mhz Wireless Spectrum Auction
LAS VEGAS — Federal Communications Commission Chairman Tom Wheeler has committed to a March 29 start date for an unprecedented auction of 600Mhz wireless spectrum currently under the control of the nation’s broadcasters.
The auction has already been delayed two years, but Wheeler was adamant it will move ahead on a timeline that allows input from broadcasters as well as from wireless providers that would be potential spectrum buyers.
The broadcast spectrum in the 600Mhz band offers the potential to wireless carriers to send data, including video and other multimedia at much faster speeds and with lower latency. Latency refers to the speed required to generate a response to a wireless signal.
“I’m supremely confident [the auction] starts March 29,” he said in keynote comments at CTIA Super Mobility Week 2015 here. Explaining the delays, he said the planned auction is like a “Swiss watch with so many moving parts.”
The FCC plans to issue a new public notice in October that will give further details on the planned schedule. Wheeler said that around Thanksgiving, broadcasters will be able to indicate whether they want to participate in offering up the spectrum they use today.
Once the FCC establishes pricing, the broadcasters can decide whether to move forward or withdraw from the process if the prices don’t meet their needs, Wheeler said. In January, wireless providers — including newcomers, possibly — will be prompted to express interest in joining the auction to buy spectrum.
Wheeler contended that the 600MHz spectrum auction shows the FCC is moving to free up spectrum that the cellular industry says it urgently needs.
Source-http://www.thegurureview.net/mobile-category/fcc-commits-to-600-mhz-wireless-spectrum-auction-in-march.html
Qualcomm To Wirelessly Charge BMWs
Qualcomm has launched its new Official Safety Car for season two of the FIA’s Formula E Championship.
For those not in the know, the Formula E Championship is for electric cars, and they are no longer the milk floats that English people get stuck behind in narrow streets.
The new Official Qualcomm Safety Car is the BMW i8 but it will be charged wirelessly with an advanced Qualcomm Halo 7.2kW wireless charging system.
The Qualcomm Halo 7.2kW wireless charging system delivers twice the amount of energy to the BMW i8′s batteries per hour as compared to last year’s 3.6kW system.
This halves the full charge time, enabling the vehicle to fully charge in one hour. Employing Qualcomm Halo DD technology, with magnetic architecture optimization, ensures higher coupling coefficients and drives lower system currents, higher inefficiencies and the ability to support higher power levels.
A Qualcomm spokesman said that an open championship has encouraged teams to develop their own powertrain tech.
This ensures that the racing remains highly competitive, and it supports the goal of Formula E to advance the development of new technologies for electric vehicles and to bring those technologies, vital to sustainable mobility, to the attention of millions of people around the globe, a spokesman said.
Qualcomm’s general manager of wireless charging, Steve Pazol said Qualcomm was excited to continue its support of Formula E in this second season.
Source-http://www.thegurureview.net/computing-category/qualcomm-to-wirelessly-charge-bmws.html
Has The iPhone Peaked in The U.S.?
August 21, 2015 by admin
Filed under Smartphones
Comments Off on Has The iPhone Peaked in The U.S.?
Apple’s vice like grip in the US smartphone market is falling off as sales of the overpriced gadgets slump.
Research outfit Kantar Worldpanel ComTech said the 2.3 per cent drop in US sales had been covered by rises in China, Japan and Australia.
But the fact that Apple’s home ground is the US and that it has become increasingly dependent on its iPhone, this statistic does not bode well, particularly as the company depends on continual growth to maintain its share price the whole lot is starting become unstuck.
For the second quarter of 2015, iPhone sales grew by 2.1 percent from the same quarter last year across Europe’s five biggest markets, namely the UK, Germany, France, Italy and Spain. Growth was strongest in the UK at 5.5 percent and weakest in Italy at only 0.1 percent. Beyond Europe, iPhone sales surged by 9.1 per cent in Australia, 7.3 percent in China and 2.7 percent in Japan.
It is worthwhile pointing that the European growth outside the UK, Australia and China is more indicative of a flat market rather than actual growth.
A possible reason for the fall in the US is better competition from Android where Apple’s Android rivals provided a tougher fight.
Carolina Milanesi, chief of research at Kantar Worldpanel ComTech, said in a press release. “In the U.S., as we forecasted last month, Android’s growth continued in the quarter ending June 30, with both Samsung and LG increasing their share sequentially. Forty-three percent of all Android buyers mentioned a ‘good deal on the price of the phone’ as the main purchase driver for their new device.”
“Android in the U.S. is undergoing its strongest consolidation yet, with Samsung and LG now accounting for 78 percent of all Android sales,” Milanesi added. “LG is the real success story of the quarter. Not only did it double its share of the US smartphone market once again, but it was also able, for the first time, to acquire more first-time smartphone buyers than Samsung.”
Screen size was the main driver for Android buyers across Europe, according to Dominic Sunnebo, business unit director at Kantar. Samsung and LG both sell big-screen “phablet” phones. Samsung’s Galaxy Note 4 sports a 5.7-inch screen, while LG’s G4 packs in a 5.5-inch screen.
Though the iPhone 6 Plus also uses a 5.5-inch display, iOS buyers are driven by a wider range of factors, Sunnebo said, including “phone reliability and durability, as well as the quality of the materials.”
Of course if you are member of Tame Apple Press you will forget to report the news and say the opposite and claim that the iPhone’s wonderful sales are a problem.
Malware Turns Computers Into Cellular Antenna
Comments Off on Malware Turns Computers Into Cellular Antenna
A team of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.
They’ve figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.
While other research has shown it possible to steal data this way, some of those methods required some hardware modifications to the computer. This attack uses ordinary computer hardware to send out the cellular signals.
Their research, which will be featured next week at the 24th USENIX Security Symposium in Washington, D.C., is the first to show it’s possible to steal data using just specialized malware on the computer and the mobile phone.
“If somebody wanted to get access to somebody’s computer at home — let’s say the computer at home wasn’t per se connected to the Internet — you could possibly receive the signal from outside the person’s house,” said Yisroel Mirsky, a doctoral student at Ben-Gurion University and study co-author.
The air-gapped computer that is targeted does need to have a malware program developed by the researchers installed. That could be accomplished by creating a type of worm that infects a machine when a removable drive is connected. It’s believed this method was used to deliver Stuxnet, the malware that sabotaged Iran’s uranium centrifuges.
The malware, called GSMem, acts as a transmitter on an infected computer. It creates specific, memory-related instructions that are transmitted between a computer’s CPU and memory, generating radio waves at GSM, UMTS and LTE frequencies that can be picked up by a nearby mobile device.
The GSMem component that runs on a computer is tiny. “Because our malware has such a small footprint in the memory, it would be very difficult and can easily evade detection,” said Mordechai Guri, also a doctoral student at Ben-Gurion.
HTC To Go High-End
August 18, 2015 by admin
Filed under Smartphones
Comments Off on HTC To Go High-End
Taiwanese smartphone maker HTC Corp said it will eliminate some jobs and discontinue models as part of its strategy to focus on high-end devices to better compete with the likes of AppleInc and Samsung Electronics.
“The cuts will be across the board,” Chief Financial Officer Chialin Chang told reporters after HTC reported a second-quarter loss and forecast another for the third-quarter. “They will be significant.”
Chang said the cost reductions would extend to the first quarter of next year, but declined to give further details.
A pioneer in early smartphones, HTC has been dismissed by industry watchers as confused, unoriginal and uncompetitive.
The company has been losing market share over the past few years, hit by intense competition at the high-end of the market from the likes of Apple and Samsung Electronics while budget Chinese rivals have also eclipsed its low-cost offerings.
HTC shares have fallen 51 percent so far this year. The stock closed 1.69 percent lower before the results were announced.
Chang said HTC was banking on selling high-end models in emerging smartphone markets such as India, where he said the company has a 20 percent market share of phones priced between $250-$400.
Analysts, however, are less optimistic, saying HTC is likely to continue to struggle for the next four quarters at least.
“We believe HTC will keep losing share in the smartphone market and will keep losing money,” analyst Calvin Huang with Taiwan’s SinoPac Securities wrote in a recent research note.
Can OSX Make Macs Vulnerable To Rootkits?
Comments Off on Can OSX Make Macs Vulnerable To Rootkits?
The software genii at Apple have redesigned their OSX software to allow malware makers to make designer micro-software that can infect Macs with rootkits.
Obviously the feature is one that Apple software experts designed specifically for malware writers, perhaps seeing them as an untapped market.
The bug in the latest version of Apple’s OS X allows attackers root user privileges with a micro code which could be packed into a message.
Security researcher Stefan Esser said that this was the security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.
The OS X privilege-escalation flaw stems from new error-logging features that Apple added to OS X 10.10. Plainly the software genii did not believe that standard safeguards involving additions to the OS X dynamic linker dyld applied to them because they were protected from harm by Steve Job’s ghost.
This means that attackers to open or create files with root privileges that can reside anywhere in the OS X file system.
“This is obviously a problem, because it allows the creation or opening (for writing) of any file in the filesystem. And because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege-escalation,” Esser said.
The vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. Importantly, the current beta version of 10.11 is free of the flaw, an indication that Apple developers may already be aware of the vulnerability.
An Apple spokesman said that engineers are aware of Esser’s post of course they did not say they would do anything about it. They will have to go through the extensional crisis involved in realising that their product was not secure or perfect. Then the security team will have to issue orders, signed in triplicate, sent in, sent back, queried, lost, found, subjected to an internal inquiry, lost again, and finally bury it in soft peat for three months and recycled as firelighters.
Microsoft To Release Advanced Threat Analytics
Comments Off on Microsoft To Release Advanced Threat Analytics
Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.
ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.
That final release will happen in August, which should give you plenty of time to get your head around it.
Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.
— Kevin Jones (@vcsjones) May 4, 2015
Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.
“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.
“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.
“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”
The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.
“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.
“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”
A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.