Are you going to be one that jumps in on the Smartwatch craze? If so choice one of the below watches you are most looking forward to as they are all soon to release. Or if you already have a Smartwatch go ahead and put it down.
Did you ever think your phone’s gyroscope could be used to monitor your conversations? Apparently it can. According to Wired, in a presentation at the Usenix security conference next week, researchers from Stanford University and Israel’s defense research group Rafael will present a way to eavesdrop on conversations using its gyroscopes, not its microphones. According to the report, gyroscopes, which are the sensors designed measure the phone’s orientation, can be tampered with to make them into eavesdropping sensors. Using a piece of software the researchers built called “Gyrophone,” they were able to make the gyroscope sensitive enough to pick up some sound waves, making them basic microphones. Further, there is no way to deny apps the ability to access gyroscopes the way users can for mics built into phones.
“Whenever you grant anyone access to sensors on a device, you’re going to have unintended consequences,” Dan Boneh, a computer security professor at Stanford, told Wired. “In this case the unintended consequence is that they can pick up not just phone vibrations, but air vibrations.”
However, the technique isn’t that practical for actual eavesdropping, the report said, noting that it works well enough to pick up a fraction of the words spoken near a phone. When the researchers tested the technique’s ability to discern the numbers 1 through 10 and the syllable “oh” in a simulation of how credit card numbers could be stolen, they could identify as many as 65 percent of digits spoken in the same room as the device by a single speaker. Wired Article.
Source: Fierce Wireless
This paper is actually half a year old – give or take – but it’s gotten a lot of attention recently due to, well, the fact that he has uploaded a PowerPoint from a talk about these matters, which is obviously a little bit more accessible than a proper scientific journal article.
For instance, despite Apple’s claims of not being able to read your encrypted iMessages, there’s this:
“In October 2013, Quarkslab exposed design flaws in Apple’s iMessage protocol demonstrating that Apple does, despite its vehement denial, have the technical capability to intercept private iMessage traffic if they so desired, or were coerced to under a court order. The iMessage protocol is touted to use end-to-end encryption, however Quarkslab revealed in their research that the asymmetric keys generated to perform this encryption are exchanged through key directory servers centrally managed by Apple, which allow for substitute keys to be injected to allow eavesdropping to be performed. Similarly, the group revealed that certificate pinning, a very common and easy-to-implement certificate chain security mechanism, was not implemented in iMessage, potentially allowing malicious parties to perform MiTM attacks against iMessage in the same fashion.”
There are also several services in iOS that facilitate organisations like the NSA, yet these features have no reason to be there. They are not referenced by any (known) Apple software, do not require developer mode (so they’re not debugging tools or anything), and are available on every single iOS device.
One example of these services is a packet sniffer, com.apple.pcapd, which “dumps network traffic and HTTP request/response data traveling into and out of the device” and “can be targeted via WiFi for remote monitoring”. It runs on every iOS device. Then there’s com.apple.mobile.file_relay, which “completely bypasses Apple’s backup encryption for end-user security”, “has evolved considerably, even in iOS 7, to expose much personal data”, and is “very intentionally placed and intended to dump data from the device by request”.
This second one, especially, only gave relatively limited access in iOS 2.x, but in iOS 7 has grown to give access to pretty much everything, down to “a complete metadata disk sparseimage of the iOS file system, sans actual content”, meaning time stamps, file names, names of all installed applications and their documents, configured email accounts, and lot more. As you can see, the exposed information goes quite deep.
Apple is a company that continuously claims it cares about security and your privacy, but yet they actively make it easy to get to all your personal data. There’s a massive contradiction between Apple’s marketing fluff on the one hand, and the reality of the access iOS provides to your personal data on the other – down to outright lies about Apple not being able to read your iMessages.
Those of us who aren’t corporate cheerleaders are not surprised by this in the slightest – Apple, Microsoft, Google, they’re all the same – but I still encounter people online every day who seem to believe the marketing nonsense Apple puts out. People, it doesn’t get much clearer than this: Apple does not care about your privacy any more or less than its competitors.
Source: OS News
Note: this is not mentioned in the original article but is definitely worth noting that there is at least one company put there that cares about your privacy and always has and is the leader in security. That’s BlackBerry of course, they should be recognized for how great they are and they continually get over looked unless it is for something negative. BlackBerry for life! Best mobile OS is BlackBerry 10, period.
An iOS device repair company in the UK reports third-party charging accessories are causing damage to a critical power management component in Apple’s iPhone 5, rendering the handset inoperable.
After seeing a rash of iPhone 5 handsets come in with battery charging issues, repair firm mendmyi was able to isolate the problem to unofficial USB adapters and USB-to-Lightning cables, the company reported on its blog earlier this week.
The theory is third-party charging accessories do not properly regulate electrical current flowing into the handset, which either burns out or renders inoperable a power distribution IC labeled “U2.” Located just beneath Apple’s A6 SoC on the iPhone’s logic board, the IC routes power to the battery and integrated charging controller, the sleep/wake button and controls certain USB functions.
Users affected by the issue may see iPhone battery levels remain at one percent while charging, unexpected shutdowns and partial or complete failure to power up when connected to a power source.
It is unclear if the problem is limited to the iPhone 5, but in theory cheap third-party products like USB adapters could potentially damage the sensitive circuitry of any iPhone model as they may not be built to acceptable tolerances and are thus unable to properly regulate voltage and current. As evidenced by Apple’s recent recall of European market 5-watt power adapters, even the world’s largest tech company runs into problems with manufacturing power regulating accessories.
Apple previously issued a warning to Chinese iPhone users last July asking that they use only official power adapters like those supplied with the device. The notice was issued after two people were electrocuted, one fatally, by iPhones connected to “counterfeit” adapters.
According to mendmyi, damaged U2 ICs can be replaced and the company charges 66 pounds, or roughly $112, for the service.
Source: Apple Insider
Ever since Amazon released the first Kindle Fire tablet,we’ve been curious to know is the company was interested in a Smartphone…
Rumors have shown that a Smartphone is in works for quite a time now,and rumors also have talked about unusual features like a multi camera gesture tracking system and a pseudo-3D eye tracking interface…
Rumors also talked about a launch as soon as this quarter,and that seems to be true as Amazon has revealed its plans for a June 18 event,where the company may well release the phone…
Amazon has also posted a teaser video,that doesn’t shows the device in question,but shows users interacting with it…and there talk of how it “moves with them” and the shorts of them moving there head back and forth to see how the product performs,fits nicely with our expectation of pseudo-3D eye tracking…
Evolving malicious tool adopts service model, grows increasingly complex
The market for malware tools is expanding, including the purchase of pre-made tools for a hefty fee from underground developers. One such tool aimed at Android, iBanking, promises to conduct a number of malicious actions including intercepting text messages, stealing phone information, pulling geolocation data and constructing botnets with infected devices. All it would cost to obtain the program is $5000, even after its source code leaked earlier in the year.
The iBanking malware has evolved from simply being able to steal SMS information, but has grown to be a much larger Trojan tool for would be data thieves. Applications injected with the iBanking code have hit the marketplace costumed as legitimate banking and social media apps as a way for users to be convinced to use them.
The apps often appear to users who have already been infected on desktop machines, prompting them to fill in personal information which then leads to an SMS message with a download link. Once the app is downloaded and installed, it begins feeding information to the attacker.
According to Symantec the tool is “one of the most expensive pieces of malware” the company has seen, especially for one with that sets up a service business. Other malware applications have paved the way for things like customer support and HTML control panels, but not at such a high price.
Part of the larger problem with iBanking is that it resists most attempts to reverse engineer the software, giving it a better strength against those trying to craft similar tools says an article from Ars Technica. iBanking uses encryption and code obfuscation to hide the commands and actions it carries out. This prevents researchers from breaking down the process of the malware, as well as keeping others from using the code to clone more software.
Chat systems like BBM (BlackBerry Messenger) are typically very secure, since they’re encrypted end-to-end. However, they still have a glaring flaw: if intruders do crack the code, they can see everything you’ve said. That’s where BlackBerry’s soon-to-launch BBM Protected comes in. As the company showed at its BlackBerry Experience Washington event (CrackBerry’s video is below), the new service makes it extremely difficult to spy on an entire conversation. Each message has its own random encryption key; even a very clever data thief would only get one tidbit at a time, so it could take ages to piece together a full chat.
BBM Protected will only be available for corporate-controlled BlackBerry devices when it launches as part of an enterprise suite in June, although that will include anything running the now-ancient BlackBerry OS 6 or higher. The chat client won’t be available for personal phones running BlackBerry Balance until early fall, while Android and iOS users will have to wait until late fall or early winter. All the same, it might be worth holding out if you’re really, truly worried that someone is watching your private discussions.
Entegra announced a rugged, modular tablet that’s configurable for a wide range of environments and applications, and supports both Android 4.2 and Linux.
Entegra’s CrossfirePro is unlike any tablet you’ve encountered: it’s the consummate chameleon of rugged slates, boasting a modularity that starts with its snap-in Qseven computer-on-module processing core and extends to nearly every aspect of its I/O and software. Though it ships standard with a 1.86GHz quad-core Intel Bay Trail M-series N2930 processor, the COM-based core supports alternatives ranging from faster or slower Intel and AMD x86 CPUs, to ARM-based SoCs. It also accepts I/O add-ons such as barcode scanners, magnetic strip readers, fingerprint scanners, smart card and NFC readers, and a variety of custom modules, says the company.
Entegra also offers three docks for the CrossfirePro, which support its use in office, point-of-sale, and vehicular environments. These would presumably be accompanied by snap-in or add-on modules, operating systems, and application software suitable to each market.
The photos below show how the Qseven COM and mSATA storage devices snap into compartments in the rear of the tablet.
To support such an extensive array of modularity, Entegra designed a unique mainboard that’s controlled by a PIC microcontroller. The PIC chip serves as a “traffic cop” to initialize and manage the options it discovers upon power-up, as illustrated in the diagram below.
For a full list of the specs follow the source link below.