Category Archives: Smartphone

Researchers show how to turn a phone’s gyroscope into a crude microphone for eavesdropping

Did you ever think your phone’s gyroscope could be used to monitor your conversations? Apparently it can. According to Wired, in a presentation at the Usenix security conference next week, researchers from Stanford University and Israel’s defense research group Rafael will present a way to eavesdrop on conversations using its gyroscopes, not its microphones. According to the report, gyroscopes, which are the sensors designed measure the phone’s orientation, can be tampered with to make them into eavesdropping sensors. Using a piece of software the researchers built called “Gyrophone,” they were able to make the gyroscope sensitive enough to pick up some sound waves, making them basic microphones. Further, there is no way to deny apps the ability to access gyroscopes the way users can for mics built into phones.

“Whenever you grant anyone access to sensors on a device, you’re going to have unintended consequences,” Dan Boneh, a computer security professor at Stanford, told Wired. “In this case the unintended consequence is that they can pick up not just phone vibrations, but air vibrations.”

However, the technique isn’t that practical for actual eavesdropping, the report said, noting that it works well enough to pick up a fraction of the words spoken near a phone. When the researchers tested the technique’s ability to discern the numbers 1 through 10 and the syllable “oh” in a simulation of how credit card numbers could be stolen, they could identify as many as 65 percent of digits spoken in the same room as the device by a single speaker. Wired Article.

Source: Fierce Wireless

Advertisements

Backdoors and surveillance mechanisms in iOS devices

image

This paper is actually half a year old – give or take – but it’s gotten a lot of attention recently due to, well, the fact that he has uploaded a PowerPoint from a talk about these matters, which is obviously a little bit more accessible than a proper scientific journal article.

For instance, despite Apple’s claims of not being able to read your encrypted iMessages, there’s this:

“In October 2013, Quarkslab exposed design flaws in Apple’s iMessage protocol demonstrating that Apple does, despite its vehement denial, have the technical capability to intercept private iMessage traffic if they so desired, or were coerced to under a court order. The iMessage protocol is touted to use end-to-end encryption, however Quarkslab revealed in their research that the asymmetric keys generated to perform this encryption are exchanged through key directory servers centrally managed by Apple, which allow for substitute keys to be injected to allow eavesdropping to be performed. Similarly, the group revealed that certificate pinning, a very common and easy-to-implement certificate chain security mechanism, was not implemented in iMessage, potentially allowing malicious parties to perform MiTM attacks against iMessage in the same fashion.”

There are also several services in iOS that facilitate organisations like the NSA, yet these features have no reason to be there. They are not referenced by any (known) Apple software, do not require developer mode (so they’re not debugging tools or anything), and are available on every single iOS device.

One example of these services is a packet sniffer, com.apple.pcapd, which “dumps network traffic and HTTP request/response data traveling into and out of the device” and “can be targeted via WiFi for remote monitoring”. It runs on every iOS device. Then there’s com.apple.mobile.file_relay, which “completely bypasses Apple’s backup encryption for end-user security”, “has evolved considerably, even in iOS 7, to expose much personal data”, and is “very intentionally placed and intended to dump data from the device by request”.

This second one, especially, only gave relatively limited access in iOS 2.x, but in iOS 7 has grown to give access to pretty much everything, down to “a complete metadata disk sparseimage of the iOS file system, sans actual content”, meaning time stamps, file names, names of all installed applications and their documents, configured email accounts, and lot more. As you can see, the exposed information goes quite deep.

Apple is a company that continuously claims it cares about security and your privacy, but yet they actively make it easy to get to all your personal data. There’s a massive contradiction between Apple’s marketing fluff on the one hand, and the reality of the access iOS provides to your personal data on the other – down to outright lies about Apple not being able to read your iMessages.

Those of us who aren’t corporate cheerleaders are not surprised by this in the slightest – Apple, Microsoft, Google, they’re all the same – but I still encounter people online every day who seem to believe the marketing nonsense Apple puts out. People, it doesn’t get much clearer than this: Apple does not care about your privacy any more or less than its competitors.

Source: OS News

Note: this is not mentioned in the original article but is definitely worth noting that there is at least one company put there that cares about your privacy and always has and is the leader in security. That’s BlackBerry of course, they should be recognized for how great they are and they continually get over looked unless it is for something negative. BlackBerry for life! Best mobile OS is BlackBerry 10, period.

These paintings require a smartphone to be viewed properly

image

Too many people seem to think they can’t see an artwork properly unless it’s viewed through a smartphone lens. The formerly contemplative, tech-free spaces of art galleries and museums have become hubs of annoying photo-snapping and Instagramming adults.

Brooklyn-based conceptual artist J. Robert Feld finds this alarming. “People rush through a museum, like a scavenger hunt, capturing images in their devices, as if that’s an appropriate substitute for pausing and contemplating the work,” he tells Co.Design.

To explore our phone-induced disconnection, Feld created a painting series that requires that you view it through a smartphone camera–in order to see it properly. In Mondrian Inverted: The Viewer Is Not Present, Feld faithfully reproduced Dutch painter Piet Mondrian’s abstract geometric compositions–but inverted their color schemes. White stripes turn black; red becomes teal; deep blues become ochre. The inverted paintings look oddly familiar but somehow off. But when you look at them through the inverted color function on your iPhone or Android phone, the colors flip back, and the composition appears as Mondrian originally painted it.

image

“The paintings themselves aren’t the work: The act of looking through the phone and seeing the painting appear more real and recognizable on the screen than on the wall in front of you is the concept of the series,” Feld says. This sense of hyperreality, something we’ve all experienced when staring at screens, is what Feld intentionally incorporates into painting. He’s making a point, of course, about our disconcertingly slight and double-time way of seeing. “The experience of looking through the smartphone is more pleasurable than simply looking at the painting directly,” Feld says. The concept might seem gimmicky at first, but it’s a wry comment on the device addiction that we all to some extent suffer from.

But why Mondrian? Feld chose Mondrian because of its universal appeal and familiarity. And although Mondrian died virtually unknown and penniless, his style–characterized by primary colors wedged in by black lines on an X and Y-axis–is universally recognizable to the art-touring masses. “It’s the Helvetica of modern art,” Feld says. “You don’t need an MFA to understand what I’m conveying; you just need a smartphone.”

Here’s how to invert the paintings in the slide show above:

To invert on iOS: Settings > General > Accessibility > Accessibility Shortcut > Invert Colors.

To invert on a Mac: System Preferences > Accessibility >Display > Invert Colors.

For more photos follow the source link below.

Source: Fast Company

Third-party chargers, Lightning cables reportedly damage iPhone power management IC

image
An iPhone 5 logic board with U2 power management IC circled in blue. | Source: mendmyi

An iOS device repair company in the UK reports third-party charging accessories are causing damage to a critical power management component in Apple’s iPhone 5, rendering the handset inoperable.

After seeing a rash of iPhone 5 handsets come in with battery charging issues, repair firm mendmyi was able to isolate the problem to unofficial USB adapters and USB-to-Lightning cables, the company reported on its blog earlier this week.

The theory is third-party charging accessories do not properly regulate electrical current flowing into the handset, which either burns out or renders inoperable a power distribution IC labeled “U2.” Located just beneath Apple’s A6 SoC on the iPhone’s logic board, the IC routes power to the battery and integrated charging controller, the sleep/wake button and controls certain USB functions.

Users affected by the issue may see iPhone battery levels remain at one percent while charging, unexpected shutdowns and partial or complete failure to power up when connected to a power source.

It is unclear if the problem is limited to the iPhone 5, but in theory cheap third-party products like USB adapters could potentially damage the sensitive circuitry of any iPhone model as they may not be built to acceptable tolerances and are thus unable to properly regulate voltage and current. As evidenced by Apple’s recent recall of European market 5-watt power adapters, even the world’s largest tech company runs into problems with manufacturing power regulating accessories.

Apple previously issued a warning to Chinese iPhone users last July asking that they use only official power adapters like those supplied with the device. The notice was issued after two people were electrocuted, one fatally, by iPhones connected to “counterfeit” adapters.

According to mendmyi, damaged U2 ICs can be replaced and the company charges 66 pounds, or roughly $112, for the service.

Source: Apple Insider

Amazon May Release Smartphone on June 18th

image

Ever since Amazon released the first Kindle Fire tablet,we’ve been curious to know is the company was interested in a Smartphone…
Rumors have shown that a Smartphone is in works for quite a time now,and rumors also have talked about unusual features like a multi camera gesture tracking system and a pseudo-3D eye tracking interface…
Rumors also talked about a launch as soon as this quarter,and that seems to be true as Amazon has revealed its plans for a June 18 event,where the company may well release the phone…

Amazon has also posted a teaser video,that doesn’t shows the device in question,but shows users interacting with it…and there talk of how it “moves with them” and the shorts of them moving there head back and forth to see how the product performs,fits nicely with our expectation of pseudo-3D eye tracking… 

Source: Tech-Met

Android malware tool iBanking commands $5000 price for attackers

image

Evolving malicious tool adopts service model, grows increasingly complex

The market for malware tools is expanding, including the purchase of pre-made tools for a hefty fee from underground developers. One such tool aimed at Android, iBanking, promises to conduct a number of malicious actions including intercepting text messages, stealing phone information, pulling geolocation data and constructing botnets with infected devices. All it would cost to obtain the program is $5000, even after its source code leaked earlier in the year.

The iBanking malware has evolved from simply being able to steal SMS information, but has grown to be a much larger Trojan tool for would be data thieves. Applications injected with the iBanking code have hit the marketplace costumed as legitimate banking and social media apps as a way for users to be convinced to use them.

The apps often appear to users who have already been infected on desktop machines, prompting them to fill in personal information which then leads to an SMS message with a download link. Once the app is downloaded and installed, it begins feeding information to the attacker.

According to Symantec the tool is “one of the most expensive pieces of malware” the company has seen, especially for one with that sets up a service business. Other malware applications have paved the way for things like customer support and HTML control panels, but not at such a high price.

Part of the larger problem with iBanking is that it resists most attempts to reverse engineer the software, giving it a better strength against those trying to craft similar tools says an article from Ars Technica. iBanking uses encryption and code obfuscation to hide the commands and actions it carries out. This prevents researchers from breaking down the process of the malware, as well as keeping others from using the code to clone more software.

Source: Electronista

BlackBerry’s ultra-secure chat gives each message its own security key

image

Chat systems like BBM (BlackBerry Messenger) are typically very secure, since they’re encrypted end-to-end. However, they still have a glaring flaw: if intruders do crack the code, they can see everything you’ve said. That’s where BlackBerry’s soon-to-launch BBM Protected comes in. As the company showed at its BlackBerry Experience Washington event (CrackBerry’s video is below), the new service makes it extremely difficult to spy on an entire conversation. Each message has its own random encryption key; even a very clever data thief would only get one tidbit at a time, so it could take ages to piece together a full chat.

BBM Protected will only be available for corporate-controlled BlackBerry devices when it launches as part of an enterprise suite in June, although that will include anything running the now-ancient BlackBerry OS 6 or higher. The chat client won’t be available for personal phones running BlackBerry Balance until early fall, while Android and iOS users will have to wait until late fall or early winter. All the same, it might be worth holding out if you’re really, truly worried that someone is watching your private discussions.

Source: Engadget

BlackBerry Tumblr app Trapeez available in Beta Zone

image

The native Tumblr app Trapeez developed by Kisai Labs has a beta version, version 1.5.0.0 available in BlackBerry Beta Zone.

Google Chrome working on latest BlackBerry 10.3 leak

image

Using the latest leaked version of BlackBerry 10.3 software version 10.3.0.296. I haven’t yet had a chance to try any other Google apps and in earlier versions of BlackBerry 10 you could not use any apps that require Google Services. A couple more screen shots of Chrome running perfectly on my Z10.

image

image

Is CryptoLocker Ransomware arriving on Android?

image
The U.S. version of the Android malware purporting to be CrytoLocker.

CrytoLocker Ransomware, the malware that locked up PCs until you paid off $300 and the so-called Menace of the Year, may have jumped from Windows to Android.

ThreatPost reports that the Reveton cyber-crime gang is advertising an Android version of CryptoLocker. This program seems to have no way to actively infect an Android smartphone or tablet. To get it you have to actually download the APK file.

To trick you into doing this, the malware masquerades as a porn application. As you’d expect, this malware is designed to hide out on porn sites. If I’d said it once, I’ve said it a thousand times, never download Android apps from third-party sites of any sort and don’t, no matter what operating system you’re running, download programs from porn sites.

If you’re fool enough to do this anyway and get infected, any time you try to use your device, you’ll be shown a warning display that accuses you of viewing child pornography or equally ugly and illegal porn. It then goes on to say that you’ll face a jail term of five to 11 years, unless, of course, you make a payment of $300 via MoneyPak. This is a legitimate pre-paid debt card service.

At this time, it’s unclear if this malware, labeled Koler.A really is a port of CryptoLocker or simply a malware program using the infamous ransomware name in vain. From the limited experience security companies have had with this program it seems most likely it is not actually encrypting your files.

That said, getting rid of Koler.A is currently a major annoyance. Android anti-virus programs don’t have a fix for it yet. If you can move the program’s icon to the trash, however, that “seems” to get rid of the program. The trick is you only have five seconds to delete it before the ransomware screen takes over your display.

For more information and the original story follow the source link below.

Source: ZD Net