Broadcom Wi-Fi Chipset in Recent Devices Vulnerable to Attack

There is a proof-of-concept example code that shows a vulnerability in the firmware of two wireless chips produced by Broadcom, the BCM4325 and the BCM4329.

Some of the recent devices that have these Broadcom wireless chips are:

    • iPhone 4,
    • iPad
    • iPad 2
    • HTC Droid
    • Incredible 2
    • Motorola Droid X2
    • Some Edge model cars manufactured by Ford with built-in Wi-Fi

When executing the vulnerability the attack renders the Wi-Fi connection unusable for the duration of the attack. Once the attack is over, the device will work normally. Other features of the device are unaffected by the Wi-Fi disruption.

According to Andrés Blanco, a researcher from Core Security told Ars Technica, “The only requirement to exploit the vulnerability is to have a wireless card that supports raw inject of 802.11 frames,”

Andrés Blanco did say, “We are not sure that we could retrieve private user data but we are going to look into this,” which does make this vulnerability seem less threatening.

Advertisements

Android Apps Expose Personal Data Because of Flaws in SSL Implementations

German researchers analyzed a sample of 13,000 Android applications and found that more than 1,000 contained serious flaws in their SSL implementations.

The researchers from Leibniz University in Hannover and Philipps University of Marburg published this paper (PDF), showing their findings. They found that 17 percent of the SSL-using apps in their sample suffered from implementations that potentially made them vulnerable to man-in-the-middle MITM attacks.

The researchers claim they were “able to capture credentials from American Express, Diners Club PayPal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary e-mail accounts, and IBM Sametime”.

In addition, since virus software also uses SSL, “We were able to inject virus signatures into an anti-virus app to detect arbitrary apps as a virus or disable virus detection completely.”

This issue has come about because of developers misusing the SSL settings the Android API offers.

Examples given by the researchers including apps that are instructed to trust all certificates presented to them. (There were 21 of 100 apps selected for a MITM test) of that 20 of the MITM-tested apps were configured to accepts certificates regardless of its associated hostname (for example, an app connecting to PayPal would accept a certificate from another domain). Other issues included SSL stripping and “lazy” SSL implementations by developers.

The researchers also noted that a number of apps provided insufficient feedback to users, for example, failing to tell the user whether or not it was using SSL to transmit user credentials.

RIM’s Secure Element Manager Solution to Power NFC mobile payments in Canada

RIM has been developing a system designed to securely manage credentials on SIM cards that will work on all types of various mobile devices to bring NFC payment capabilities to consumers.

EnStream LP, the joint venture between Bell Mobility Inc., Rogers Wireless Partnership and TELUS Communications Company announced today that RIM’s Secure Element Manager Solution is to be used to power NFC mobile payments in Canada.

“Working with EnStream, we’re delivering a service that will enable speed, security and convenience in mobile, contactless payment. RIM’s SEM solution will help deliver mobile payments and other NFC services to all carriers across all handset platforms that support NFC technology in Canada.” According to Andrew MacLeod, Managing Director for Canada at RIM.

Press Release

RIM’s Secure Element Manager Solution to Power NFC Mobile Payments in Canada

WATERLOO, ONTARIO–(Marketwire – Oct. 22, 2012) – Research In Motion (RIM) (NASDAQ:RIMM)(TSX:RIM) today announced that it has been selected by EnStream LP, a joint venture of Bell Mobility Inc., Rogers Wireless Partnership and TELUS Communications Company, to provide its Secure Element Manager (SEM) solution to manage credentials on wireless handsets in Canada that support Near Field Communication (NFC) services. NFC is the technology that can make secure, convenient and contactless mobile payments a reality for Canadian wireless handset users.

RIM’s SEM solution is designed to securely manage credentials on SIM (subscriber identity module) cards installed in all types of mobile devices, including BlackBerry® smartphones, Android™ devices, and Windows phones. “We selected RIM for their long-standing relationships with mobile operators and financial institutions, and their track record of operating a secure network for connected services,” said Almis Ledas, Chief Operating Officer of EnStream. “By adopting the secure GSMA Global Platform standard and using SEM infrastructure hosted and operated by RIM, consumers and financial institutions can have full confidence in financial credentials enabled through EnStream.”

“More than 1 in 4 smartphones shipped worldwide in 2013 is expected to include NFC technology,” said senior practice director Jeff Orr of market intelligence firm ABI Research. “With an additional 5 million NFC-enabled smartphones shipping to Canada next year and upwards of 65 million over the next 5 years, consumers will increasingly turn to mobile payments instead of a separate debit or credit card.”

“RIM is very pleased to play a key role in this Canadian mobile payments solution,” said Andrew MacLeod, Managing Director for Canada at RIM. “Working with EnStream, we’re delivering a service that will enable speed, security and convenience in mobile, contactless payment. RIM’s SEM solution will help deliver mobile payments and other NFC services to all carriers across all handset platforms that support NFC technology in Canada.”

Through the infrastructure that RIM’s SEM solution provides, financial institutions in Canada will have a single gateway allowing them to support any customer with an NFC-enabled smartphone that wants to enable a “mobile wallet” application. RIM’s SEM solution provides the infrastructure that will securely manage information credentials for NFC payments, which can be used by any financial institution, carrier, or smartphone.

“For banks and for Canadian consumers, RIM’s SEM solution is designed to make payment with your smartphone both seamless and secure. Whether you’re filling your gas tank, picking up a coffee, or buying groceries, making a purchase will be as simple as tapping your smartphone,” added MacLeod.

RIM has been recognized as a leader in providing mobile payments for some time with BlackBerry smartphones becoming one of the first smartphones to be certified for SIM-secure NFC payments using MasterCard PayPass®, and are also approved for use with Visa® payWave. More recently, RIM announced the ability to use NFC-enabled BlackBerry smartphones to replace access badges for buildings with secure entry requirements.

Currently, a range of BlackBerry® 7 smartphones, including the BlackBerry® Bold™ series and select BlackBerry® Curve™ smartphones, are NFC-enabled.

About Research In Motion

Research In Motion (RIM), a global leader in wireless innovation, revolutionized the mobile industry with the introduction of the BlackBerry® solution in 1999. Today, BlackBerry products and services are used by millions of customers around the world to stay connected to the people and content that matter most throughout their day. Founded in 1984 and based in Waterloo, Ontario, RIM operates offices in North America, Europe, Asia Pacific and Latin America. RIM is listed on the NASDAQ Stock Market (NASDAQ:RIMM) and the Toronto Stock Exchange (TSX:RIM). For more information, visit www.rim.com or www.blackberry.com.

Forward-looking statements in this news release are made pursuant to the “safe harbor” provisions of the U.S. Private Securities Litigation Reform Act of 1995 and applicable Canadian securities laws. When used herein, words such as “expect”, “anticipate”, “estimate”, “may”, “will”, “should”, “intend,” “believe”, and similar expressions, are intended to identify forward-looking statements. Forward-looking statements are based on estimates and assumptions made by RIM in light of its experience and its perception of historical trends, current conditions and expected future developments, as well as other factors that RIM believes are appropriate in the circumstances. Many factors could cause RIM’s actual results, performance or achievements to differ materially from those expressed or implied by the forward-looking statements, including those described in the “Risk Factors” section of RIM’s Annual Information Form, which is included in its Annual Report on Form 40-F (copies of which filings may be obtained at www.sedar.com or www.sec.gov). These factors should be considered carefully, and readers should not place undue reliance on RIM’s forward-looking statements. RIM has no intention and undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

The BlackBerry and RIM families of related marks, images and symbols are the exclusive properties and trademarks of Research In Motion Limited. RIM, Research In Motion and BlackBerry are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners. RIM assumes no obligations or liability and makes no representation, warranty, endorsement or guarantee in relation to any aspect of any third party products or services.

Logomotion Launches NFC MicroSD Card

Prague-based company Logomotion has launched a microSD card that can be used to add NFC mobile payments capabilities to standard mobile phones using two secure elements.

The microSD device is the LGM Card and it has been designed to work with a wide range of mobile phones. According to Logomotion this is, “including those where the SD slots are in seemingly problematic locations, such as under the device’s battery or under a protective metal outer cover”.

The company adds that there are new revenue opportunities for banks because of the patent-pending dual secure element architecture of the LGM Card.

“The issuing bank personalizes one payment chip using normal card account data of a customer,” says Dave Riffelmacher, CEO of Logomotion. “The second payment chip is pre-personalized with a virtual POS terminal which enables secure, profitable micro payments with smaller merchants and at mobile content internet shops using the customer’s account data.”

The LGM Card is available in small sample quantities now, before there is mass market production of the NFC-enabled microSD card which is due to begin during the first quarter of 2013. “In mass market quantities, the price of LGM Card will not be significantly higher than the price of normal memory cards with comparable memory capacity,” says Riffelmacher.

Acoustic Barcodes Use Sounds to Relay Information (Video)

Youtube Video demonstrating acoustic barcodes and showing different ways this technology can be used.

These acoustic barcodes are really pretty cool and there seems to be some useful ways they can be used in everyday life. Though with technology like NFC and QR Codes this might not be the easiest way to transfer information. But the acoustic barcodes don’t require any sort of special technology on the phone side, not even a camera, which could be a big feature.

The idea behind the acoustic barcodes is basically the same as a regular barcode, an app easily converts the different dots and dashes to a data value, similar the squares of a QR code. But with the acoustic barcodes the data that is converted is retrieved from sounds.

Using a phone, pen or any other object really you slide the object across a series of grooves that creates a unique, identifiable snippet of sound that is read by the app and converted. Like Morse code for machines.

The examples given on the above video really show that there are almost unlimited possibilities to using this cool technology, but we probably still won’t see this being used often with all the easier forms of technology that are being built into phones now.

Computer Virus Being Spread Using SOPA Alerts

The piece of legislation, Stop Online Piracy Act (SOPA), was dropped from United States Congress in January of this year. But it has returned, just not in the same form.

This time SOPA is showing up on users PC’s. Basically it is a virus that uses the SOPA bill to scare victims into paying $200. The virus locks down your computer and then only offers to unlock it if you pay the fee. This scam uses a lot of American government seals to make it look official and genuine.

It warns the victim that their IP address is on a blacklist after distributing illegal content. It then tells the victim to send a MoneyPak or a Western Union wire to pay for their fee. If the user doesn’t pay up, the virus threaten the user saying they will lose all their data.

It won’t delete all of your data on your PC, but it should be removed as soon as possible.

New PC Malware Disguised as Antivirus Software to Scam You

There is new malware that is infecting PC’s and most people would never even realize it was there.

The malware comes from a rogue software group called FakeRean. According to McAfee it poses as an antivirus, claiming it scanned your computer and that your computer is infected and to buy the antivirus protection offered so that your computer will be safe. But in reality it takes control of your GUI to extort money out of you using these scare tactics.

The renegade software is showing up on different version of Windows, changing into the iteration of the operating system you’re running on.

Below is what you should be on the lookout for.

On Windows 7

On Windows Vista

On Windows XP

ANZ to Launch NFC Payments Service in 2013

Australian banking group ANZ has begun an NFC payments trial and announced plans to launch a commercial service in 2013.

ANZ is using the Samsung Galaxy S III Android phones to conduct it’s payment trial. Last year the bank tested a microSD-based NFC solution.

According to the bank, “ANZ has selected Android based on customer feedback that their preference is for built-in NFC support rather than requiring an additional component such as an NFC-enabled cover or memory card”.

“Customers who use multiple payment cards and who would prefer to live in a cashless world will enjoy the benefits of the ANZ mobile wallet,”, according to ANZ.

“No PIN code will be required for transactions under A$100 (US$101.80), payments will be charged directly to customers’ accounts, and customers will see an electronic receipt on their mobile phone screen immediately following their transactions.”

Apple Maps Discloses Location of Classified Taiwan Military Base

The Hsinchu base is a brand new top secret $1.2 billion radar facility in Taiwan. The above image is a screen shot of Apple’s iOS Maps that clearly shows the location of this military base.

Since this was located using Apple’s new mapping software, that means there are millions of people with access to satellite images of a classified military facility.

The importance of the Hsinchu base is pretty large according to PhysOrg:

    The Hsinchu base houses a cutting-edge long-range radar procured from the United States in 2003. Construction of the radar is expected to be completed by the end of the year. The ultra-high-frequency radar, supplied by US defence group Raytheon, is capable of detecting missiles launched as far away as Xinjiang in China’s northwest, military officials say. They say the radar, which cost $1.23 billion, is designed to give Taiwan minutes of extra warning in case of a Chinese missile attack.

Boeing Testing Truck-Mounted High Energy Laser

The High Energy Laser Mobile Demonstrator (HEL MD)

The High Energy Laser Mobile Demonstrator (HEL MD)

There are solid-state high-energy lasers already being tested on the sea and in the air, now Boeing is continuing development of a truck-mounted system.

The system is similar in concept to Boeing’s Laser Avenger that is intended for combating unmanned aerial vehicles (UAVs), but boasts a more powerful laser for countering a wider variety of threats, including rockets, artillery, mortars, as well as UAVs.

In 2009, testing of the Laser Avenger used a 1-kilowatt, solid-state laser system mounted on an Avenger ground combat vehicle. But this truck-mounted system will use a 10-kilowatt, solid-state laser incorporated with the High Energy Laser Mobile Demonstrator (HEL MD) system, with an even more powerful laser to be used in the future according to Boeing.

The HEL MD program will now enter Phase II high-power testing as part of a follow-on contract that supports development and testing for the next three years. This is a joint development effort between Boeing and the U.S. Army Space and Missile Defense Command (SMDC).

Field tests using the high-power, solid-state laser will be conducted over the next year to demonstrate the system’s ability to “acquire, track, damage and defeat threat-representative targets.”