An anonymous reader quotes Bleeping Computer: Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target's phone with root privileges. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co. Ltd.. This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group.
It apparently affects more than 55 low-end/burner phones from BLU, Infinix Mobility, DOOGEE, LEAGOO, IKU Mobile, Beeline, and XOLO. According to the article, the binary performing the insecure updates "also includes code to hide its presence from the Android OS, along with two other binaries and their processes... Without SSL protection, this OTA system is an open backdoor for anyone looking to take control of it." Even worse, three domains were hard-coded into the binaries, two of which were unregistered, according to the researchers. "If an adversary had noticed this, and registered these two domains, they would've instantly had access to perform arbitrary attacks on almost 3,000,000 devices without the need to perform a Man-in-the-Middle attack."

An anonymous reader writes:The China Consumers Association (CCA) has asked Apple to investigate "a considerable number" of reports by users of iPhone 6 and 6s phones that the devices have been shutting off and cannot be turned back on again, it said on Tuesday. The reported problems specifically involve users seeing their iPhones automatically shut off despite 50-60 percent battery levels, and the involuntary shutting off in room temperature or colder environments, as well as the inability to turn the cellphone back on despite continuous battery charging, the statement said. "In view that Apple iPhone 6 and iPhone 6s series cellphones in China have a considerable number of users, and the number of people who've reported this problem is rather many, China Consumer Association has already made a query with Apple," the association said in a statement on its website.

Bleeping Computer warns that "The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed...when the attacker controls a rogue WiFi access point." The new WindTalker attack leverages the "channel state information" in WiFi signals. An anonymous reader quotes their article: Because the user's finger moves across the smartphone when he types text, his hand alters CSI properties for the phone's outgoing WiFi signals, which the attacker can collect and log on the rogue access point... By performing basic signal analysis and signal processing, an attacker can separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed... but it can be improved the more the user types and the more data the attacker collects.
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."

Google is only expected to push the mobile web further now that there are 2 billion active Chrome installs. At the Chrome Dev Summit, Google's vice president of Chrome engineering and the conference's opening speaker said, "We have over 2 billion Chrome instances that are active," which makes Chrome a platform with immense power. The company is expected to reveal how the platform's unbeatable reach earns Chrome and browsers in general a place on the big stage. CNET reports: That power is essential to making Google's vision a reality. If it succeeds, that browser icon might be the one you reach for on your home screen a lot more often. Success on that front also could help restore the fortunes of the web, the closest the computing industry has come to freeing us from software that works only on one device or another, like a Windows laptop but not an iPhone. In an era when tech giants wield tremendous power, the web levels the playing field and makes it easier for new competitors to join the game. It's no wonder Google is pushing the mobile web. This month, browser usage on tablets and phones for the first time surpassed usage on PCs, analytics firm StatCounter said. In October, global mobile and tablet browsing accounted for 51.3% compared to the desktop's 48.7%. However, in other parts of the world the desktop is still king. For example, in the UK the desktop accounts for 55.6% of browsing, 58% in the U.S. and 55.1% in Australia. StatCounter CEO Aodhan Cullen said: "This should be a wake up call especially for small businesses, sole traders and professionals to make sure that their websites are mobile friendly. Many older websites are not. Mobile compatibility is increasingly important not just because of growing traffic but because Google favors mobile-friendly websites for its mobile search results."

A new Kickstarter campaign aims to sell you fingerprint stickers that, when applied to a pair of gloves, allow you to unlock a mobile device that's protected with a fingerprint scanner. The sticker is powered by Nanotips and is "made with an extremely adhesive conductive material that can be applied to any surface for touch capability." Gizmodo reports: You can of course still access a fingerprint-secured smartphone using regular touchscreen-friendly gloves by simply punching in your passcode on-screen, but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside? We shouldn't, and these Taps stickers will allow you to use your mobile device's touchscreen and fingerprint reader, for unlocking your phone or making a purchase, even while your actual fingers (and fingerprints) are being kept warm and toasty inside a glove. After applying a textured stick to the tip of your glove, you just have to register it as an approved fingerprint using your smartphone's security settings. You might assume this would mean that anyone with a Taps sticker on their gloves could access anyone else's protected phone. But according to its creators, using nanoparticle technology every single Taps sticker has an individual and unique artificial print ensuring that only your gloves can access your device. That being said, there is still the risk of someone stealing your gloves, which is easier than stealing your fingerprints, so you'll have to weigh the security risks introduced versus the added convenience these offer.

Steve Ballmer once said Apple's iPhone would flop because it cost too much -- though he now admits that he failed to anticipate carriers subsidizing the cost of the phone. But that was only the beginning. An anonymous reader quotes Fortune: The former CEO of Microsoft says he and Gates drifted apart over Microsoft's move into the hardware business in the early 2010s, according to Bloomberg. Ballmer says he was the one who pushed for Microsoft to design smartphones and tablets at a time when Apple was already well established. He says Gates and the board seemed reluctant to do so. "There was a fundamental disagreement about how important it was to be in the hardware business," Ballmer told Bloomberg. "I had pushed Surface. The board had been a little -- little reluctant in supporting it. And then things came to a climax around what to do about the phone business."
Microsoft eventually took a $900 million write down for its first tablet, the Surface RT -- plus most of the value of their $9.5 billion acquisition of Nokia Oyj's handset unit as Microsoft pushed into hardware. "Ballmer's only regret: not doing it sooner," Bloomberg reports, adding that Surface is now profitable and this year will generate more than $4 billion in sales.

Orome1 quotes HelpNetSecurity: "Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a vice president at a global technology company. The name of the malicious package is 'com.android.protect', and it comes disguised as a Google Play Services app. It disables Samsung's SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher." The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.
According to the article, "chances are someone took advantage of the physical access they had to the device to do the dirty deed."

An anonymous reader quotes a report from TechCrunch: No one can claim there hasn't been ample warning. The Samsung Galaxy Note 7 saga dragged out over multiple months, encompassing two recalls, several travel bans and then, ultimately, the untimely end for the troubled handset. Even still, some people just have trouble letting go. Starting November 18, Note 7 owners will not be able to connect to mobile networks in New Zealand, courtesy of a joint effort by Samsung and the The New Zealand Telecommunications Forum (TCF) to "blacklist" the device. No calls, no texts, no mobile data. Users will still be able to access WiFi, but the device will essentially be turned into a big Samsung iPod Touch. Samsung New Zealand added that it will work to contact all remaining Note 7 owners twice prior to the shut down, "to ensure they have received adequate notice." It remains to be seen whether the company will take similar action in other markets. "Numerous attempts by all providers have been made to contact owners and ask them to bring the phones in for replacement or refund, this action should further aid the return of the remaining handsets," TCF's CEO said in a statement issued today.

Scientists from the University of California discuss how they plan on fixing broken devices with magnetic ink particles. "Just like the human skin is stretchable and self-healing, we wanted to impart a self-healing ability to printed electronics," Amay Bandodkar, a member of the research team, tells The New York Times. The Verge reports: Sensors printed with this ink would magnetically attach to each other when a rip or tear occurs, automatically fixing a device at the first sign of disintegration. The published study focused on creating sensors that can be incorporated with fabrics. The result is smart clothing that can repair cuts up to three millimeters long in 50 milliseconds. In a sample video, a sensor used to light a small bulb gets snipped in half. In seconds, magnets in the sensor pull the two sides back together and slowly light the bulb again. To create the self-healing effect, the team used pulverized neodymium magnets typically found in refrigerators and hard drives and combined them into the ink. This helps the researchers avoid the traditional process of adding chemicals and heat, which could take hours to complete. Bandodkar estimates that $10 worth of ink can create "hundreds of small devices" that can help reduce waste, since you won't need to throw these wearables and gadgets out when they're broken. "Within a few seconds it's going to self-heal, and you can use it over and over again."

Apple has just received a patent, titled "electronic devices with carbon nanotube printing circuits," that suggests future iPhones may be foldable -- at least to some degree. Geek reports: Based on the language in the patent, it doesn't sound like Apple is specifically talking about a device that has a fully bendable display. It mentions one that can bend "along edges of touch sensors or displays." The carbon nanotube PCBs provide flexibility for some of the phone's internals, but not all of them. Those other parts will likely be covered by other patents if Apple is genuinely working on a seamless foldable device. The usual caveats apply here. For now, this is simply yet another patent padding Apple's already massive portfolio. Could they be planning to release an iPhone that folds in half? Definitely.

MojoKid writes: There aren't many phones on the market currently that can boast an edge-to-edge display with minimal or no bezel on top and bottom, save for perhaps Xiaomi's recently unveiled Mi MIX. However, word on the web is that the field will expand by at least one more next year, and specifically with Samsung's Galaxy S8. This runs contrary to a previous rumor that the Galaxy S8 might only come with a curved edge display. That would be surprising since Samsung needs to sell as many Galaxy S8 phones as possible after the Galaxy Note 7 debacle. Only offering a curved edge model could be counterproductive to that goal, though offering an edge-to-edge display could be the spark Samsung needs. Park Won-sang, a principal engineer at Samsung Display noted the division would roll out a full-screen smartphone display with a "display area ratio [that] reaches more than 90 percent next year," during the iMiD 2016 display exhibition in Seoul last week. The engineer added that Samsung may even extend the display area ratio to 99 percent in the years ahead, which would mean virtually the entire front of the phone would be the screen. In case you're wondering, most of today's smartphones utilize a display area to bezel ratio of around 80 percent.

An anonymous reader writes: "High-frequency audio 'beacons' are embedded into TV commercials or browser ads," reports New Scientist. "These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device...Some shopping reward apps, such as Shopkick, already use it to let retailers push department or aisle-specific ads and promotions to customers' phones as they shop."

But now Fortune reports that some apps "often actively listen for ultrasound signals, even when the app itself is closed, creating a new and relatively poorly-understood pathway for hacking." In addition, security researchers "have already found ways to mine cloaked IP addresses. Speaking to New Scientist, team member Vasilios Mavroudis suggests that an app's always-on microphone access could be leveraged to monitor conversations (and, if you're not paranoid already, to decipher what you're typing). The 'beacons' that transmit ultrasound data can also be spoofed to manipulate apps' user data."

"Investigators are calling it a 'digital canvass' -- the high-tech equivalent of knocking on thousands of doors for information," reports the CBC, describing how an Ontario police department sent text messages to 7,500 potential witnesses of a homicide using phone numbers from a nearby cell tower's logs. Police obtained the numbers through a court order, and sent two texts -- one in English, and another one in French -- asking recipients to "voluntarily answer a few simple questions..." Slashdot reader itamblyn writes: On one hand, this seems like the natural progression from the traditional approach of canvassing local residents by putting up flyers and knocking on doors. On the other hand, I think one can reasonably ask -- Are we OK with this approach...? Do we want this to happen whenever there is a major crime?
The article adds that the police force "will keep the numbers on file until the killing is solved, officers said at a news conference on Wednesday... Investigators will also consider calling the numbers of people who don't respond voluntarily, but they would be required to obtain another court order to do so."

BUL2294 writes: Following the arrests earlier this month in India of call center employees posing as IRS or immigration agents, USA Today and Consumerist are reporting that the U.S. Department of Justice has charged 61 people in the U.S. and India of facilitating the scam, bilking millions from Americans thinking they were facing immediate arrest and prosecution. "According to the indictment (PDF) -- which covers 20 individuals in the U.S. and 32 people and five call centers in India -- since about 2012 the defendants used information obtained from data brokers and other sources to call potential victims impersonating officers from the IRS or U.S. Citizenship and Immigration Services," reports Consumerist. The report adds: "To give the calls an air of authenticity, the organization was able to 'spoof' phone numbers, making the calls appear to have really come from a federal agency. The callers would then allegedly threaten potential victims with arrest, imprisonment, fines, or deportation if they did not pay supposed taxes or penalties to the government. In instances when the victims agreed to pay, the DOJ claims that the call centers would instruct them to go to banks or ATMs to withdraw money, use the funds to purchase prepaid stored value cards from retail stores, and then provide the unique serial number to the caller. At this point, the operations U.S.-based counterparts would use the serial numbers to transfer the funds to prepaid reloadable cards. The cards would then be used to purchase money orders that were transferred into U.S. bank accounts of individuals or businesses. To make matters worse, the indictment claims that the prepaid debit cards were often registered using personal information of thousands of identity theft victims, and the wire transfers were directed by the organizations using fake names and fraudulent identifications. The operation would then use 'hawalas' -- a system in which money is transferred internationally outside of the formal banking system -- to direct the pilfered funds to accounts belonging to U.S.-based individuals.

An anonymous reader shares a report on the Guardian:A startup bankrolled by Bill Gates is about to conduct the first public trials of high-speed body scanners powered by artificial intelligence (AI), the Guardian can reveal. According to documents filed with the US Federal Communications Commission (FCC), Boston-based Evolv Technology is planning to test its system at Union Station in Washington DC, in Los Angeles's Union Station metro and at Denver international airport. Evolv uses the same millimetre-wave radio frequencies as the controversial, and painfully slow, body scanners now found at many airport security checkpoints. However, the new device can complete its scan in a fraction of second, using computer vision and machine learning to spot guns and bombs. This means passengers can simply walk through a scanning gate without stopping or even slowing down -- like the hi-tech scanners seen in the 1990 sci-fi film Total Recall. A nearby security guard with a tablet is then shown either an "all-clear" sign, or a photo of the person with suspicious areas highlighted. Evolv says the system can scan 800 people an hour, without anyone having to remove their keys, coins or cellphones.

If you happen to walk through the Museum of Modern Art in New York between December to March of next year, you may see 176 emoji on display next to Van Gogh and Picasso. On Wednesday, the museum announced that Shigetaka Kurita's original pictographs would be added to its collection. Los Angeles Times reports: Nearly two decades ago, Shigetaka Kurita was given the task of designing simple pictographs that could replace Japanese words for the growing number of cellphone users communicating with text messages. Kurita, who was working for the Japanese mobile carrier NTT Docomo at the time, came up with 176 of them, including oddities like a rocking horse, two kinds of umbrellas (one open, one closed) and five different phases of the moon. He called them emojis. An estimated 74% of Americans now use emojis every day, nudging the written word to the side in favor of a medium that can succinctly and playfully convey emotions in a society often more adept at texting than talking. That marriage of design and utility prompted the art world to take notice. Museum officials say emojis are the modern-day answer to an age-old tradition of communicating with pictures. "Emojis as a concept go back in the centuries, to ideograms, hieroglyphics and other graphic characters, enabling us to draw this beautiful arch that covers all of human history," said Paola Antonelli, a senior curator at MoMA. "There is nothing more modern than timeless concepts such as these."

All LTE networks and devices are vulnerable to a new attack demonstrated at the Ruxon security conference in Melbourne. mask.of.sanity shared this article from The Register: It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads... The attacks work through a series of messages sent between malicious base stations spun up by attackers and targeted phones. It results in attackers gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM networks where only voice and basic data services are available...

[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."

Though regulators may not agree, "Time Warner and AT&T reps claim this is necessary just to compete," warns Mr D from 63. Reuters reports: The tie-up of AT&T Inc and Time Warner Inc, bringing together one of the country's largest wireless and pay TV providers and cable networks like HBO, CNN and TBS, could kick off a new round of industry consolidation amid massive changes in how people watch TV... Media content companies are having an increasingly difficult time as standalone entities, creating an opportunity for telecom, satellite and cable providers to make acquisitions, analysts say. Media firms face pressure to access distribution as more younger viewers cut their cable cords and watch their favorite shows on mobile devices. Distribution companies, meanwhile, see acquiring content as a way to diversify revenue.
The deal reflects "big changes in consumption of video particularly among millennials," according to one former FCC commissioner, and the article also reports that the deal "will face serious opposition." Massachusetts Democrat Edward Markey warned "we need more competition, not more consolidation... Less competition has historically resulted in fewer choices and higher prices for consumers..." And in a Saturday speech, Donald Trump called it " an example of the power structure I'm fighting...too much concentration of power in the hands of too few."

An anonymous Slashdot reader quotes the Daily Herald: Investigators in Lancaster, California, were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday. The government argued that this did not violate the citizens' Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities...

"I was frankly a bit shocked," said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, when he learned about the scope of search warrant. "As far as I know, this warrant application was unprecedented"... He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a "clever end-run" around constitutional rights.

More performers -- and other venues -- are discovering a new anti-piracy technology called Yondr -- including comedian Dave Chappelle. Slashdot reader HughPickens.com quotes the New York Times: Fans are required to place their cellphones into Yondr's form-fitting lockable pouch when entering the show, and a disk mechanism unlocks it on the way out. Fans keep the pouch with them, but it is impossible to snap pictures, shoot videos or send text messages during the performance while the pouch is locked.

'I know my show is protected, and it empowers me to be more honest and open with the audience,' says Dave Chappelle...But some fans object to not being able to disseminate and see live shows via videotape...
"In this day and age, my phone is how I keep my memory," one live-music fan told the Washington Post, adding "If you don't want your music heard, then don't perform it." But the device is becoming more common, and according to the Times it's now also being used at weddings, restaurants, schools, and when movies are being prescreened.