Adesso writes: A serious security problem in the default Samsung keyboard installed on many of the company's cellphones has been lurking since December 2014 (CVE-2015-2865). When the phone tries to update the keyboard, it fails to encrypt the executable file. This means attackers on the same network can replace the update file with a malicious one of their own. Affected devices include the Galaxy S6, S5, S4, and S4 mini — roughly 600 million of which are in use. There's no known fix at the moment, aside from avoiding insecure Wi-Fi networks or switching phones. The researcher who presented these findings at the Blackhat security conference says Samsung has provided a patch to carriers, but he can't find out if any of them have applied the patch. The bug is currently still active on the devices he tested.

An anonymous reader writes: According to a Reuters report BlackBerry may launch an Android phone with a hardware keyboard. If true, it's a definite shift in their business model. "We don't comment on rumors and speculation, but we remain committed to the BlackBerry 10 operating system, which provides security and productivity benefits that are unmatched," said the company in an email. Google declined to comment.

An anonymous reader tips news that South Korea has stepped up its efforts to fight an outbreak of Middle East Respiratory Syndrome (MERS) after the number of known cases keeps increasing rapidly. World health officials are not recommending general travel restrictions, but members of the public are being advised not to do so. Nearly 2,000 schools have been closed, and 2,300 people are in quarantine. The South Korean government is also taking the unusual step of using mobile phones to track which citizens may have been in contact with confirmed MERS patients. The outbreak in South Korea has been traced back to a man who went to multiple medical centers in mid-May seeking treatment for his symptoms. The government is apologizing for its slow response to the situation, and hoping the economic damage won't be too bad.

An anonymous reader writes: Operating as personal offline versions of iTunes and Spotify, the téléchargeurs, or downloaders, of Mali are filling the online music void for many in the country. For less than a dime a song, a téléchargeur will transfer playlists to memory cards or directly onto cellphones. Even though there are 120,000 landlines for 15 million people in Mali, there are enough cellphones in service for every person in the country. The spread of cell phones and the music-sharing network that has followed is the subject of this New York Times piece. From the article: "They know what their regulars might like, from the latest Jay Z album to the obscurest songs of Malian music pioneers like Ali Farka Touré. Savvy musicians take their new material to Fankélé Diarra Street and press the téléchargeurs to give it a listen and recommend it to their customers....This was the scene Christopher Kirkley found in 2009. A musicologist, he traveled to Mali hoping to record the haunting desert blues he loved. But every time he asked people to perform a favorite folk song or ballad, they pulled out their cellphones to play it for him; every time he set up his gear to capture a live performance, he says, 'five other kids will be holding their cellphones recording the same thing — as an archivist, it kind of takes you down a couple of notches.'”

jfruh writes: Microsoft's acquisition of Nokia's handset business was mostly focused on gaining a hardware line that ran the company's Windows Phone OS; but in the process, Microsoft also gained ownership of some model lines that are classified as "feature phones" and some that are straight up dumb, and they're still coming out with new models, confusingly still bearing the "Nokia" brand. The $20 Nokia 105 as billed as "long-lasting backup device" and comes with an FM radio, while the $30 Nokia 215 is "Internet-ready" and comes with Facebook and Twitter apps.

New submitter kaizendojo sends a report from the Associated Press indicating the FBI has a small fleet of planes that fly across the U.S. carrying surveillance equipment. The planes are registered with fictitious companies to hide their association with the U.S. government. The FBI says they're only used for investigations that are "specific" and "ongoing," but they're often used without getting permission from a judge beforehand. "Some of the aircraft can also be equipped with technology that can identify thousands of people below through the cellphones they carry, even if they're not making a call or in public. Officials said that practice, which mimics cell towers and gets phones to reveal basic subscriber information, is rare." The AP identified at least 50 FBI-controlled planes, which have done over 100 flights since late April. The AP adds that they've seen the planes "orbiting large, enclosed buildings for extended periods where aerial photography would be less effective than electronic signals collection."

Lirodon writes: Its funky rear-mounted buttons may have left critics divided, but the LG G2 is still a pretty capable Android device. While it has gotten an update to Android 5.0 "Lollipop" in some major markets (including the United States, of course), one major holdout is Canada. Reports are surfacing that LG's Canadian subsidiary has decided not to release the update for unknown reasons. But, what about custom ROMs? Well, they handled that too: they have refused to release Lollipop kernel source for the Canadian variant of the device. It is arbitrary actions like this that cause Android's fragmentation problems. A curious note, LG has not specifically made reference to the bugs other users have been having with the update.

Ars Technica has a look at the experimental multi-window mode in the just-announced Android M. It's not a headlining feature yet: "buggy, busted, and buried, but intriguing nonetheless" is how Ars describes it. Android Police is similarly faint in its praise. All that might be true, but to many users even a partly working multi-window mode would be welcome, especially one blessed by Google. (Some Samsung users have had multi-window support for a while, but not built into the OS proper, and multi-window capabilities can be found via app, too.)

itwbennett tips news that Uber has amended its privacy policy, making it much simpler to read and understand. But the policy also includes changes to what data Uber collects about its riders. Beginning July 15th, the Uber phone app will keep track of a rider's location while it's running in the background. Uber says riders will be able to opt out of this tracking. The policy changes also allow for advertising using the rider's contact list: "for example the ability to send special offers to riders' friends or family." The revision of Uber's privacy policy followed complaints at the end of last year that the company was overstepping its bounds.

Patrick O'Neill writes: Tens of millions of daily subway riders around the world can be tracked through their smartphones by a new attack, according to research from China's Nanjing University. The new attack even works underground and doesn't utilize GPS or cell networks. Instead, the attacker steals data from a phone's accelerometer. Because each subway in the world has a unique movement fingerprint, the phone's motion sensor can give away a person's daily movements with up to 92% accuracy.

An anonymous reader writes: After a records request by Ars, the sheriff in San Bernardino County (SBSD) sent an example of a template for a "pen register and trap and trace order" application. The county attorneys claim what they sent was a warrant application template, even though it is not. The application cites no legal authority on which to base the request. "This is astonishing because it suggests the absence of legal authorization (because if there were clear legal authorization you can bet the government would be citing it)," Fred Cate, a law professor at Indiana University, told Ars. "Alternatively, it might suggest that the government just doesn't care about legal authorization. Either interpretation is profoundly troubling," he added. Further documents reveal that the agency has used a Stingray 303 times between January 1, 2014 and May 7, 2015.

An anonymous reader writes: For those of us who don't need or want a smartphone, what would be the best dumb phone around? Do you have a preference over flip or candy bar ones? What about ones that have FM radio? Do any of you still use dumb phones in this smart phone era? Related question: What smart phones out now are (or can be reasonably outfitted to be) closest to a dumb phone, considering reliability, simplicity, and battery life? I don't especially want to give up a swiping keyboard, a decent camera, or podcast playback, but I do miss being able to go 5 or more days on a single charge.

HughPickens.com writes: Jamie Doward reports at The Guardian that according to a recent study in the UK, the effect of banning mobile phones from school premises adds up to the equivalent of an extra week's schooling over a pupil's academic year with the test scores of students aged 16 improved by 6.4% after schools banned mobile phones, "We found that not only did student achievement improve, but also that low-achieving and low-income students gained the most. We found the impact of banning phones for these students was equivalent to an additional hour a week in school, or to increasing the school year by five days." In the UK, more than 90% of teenagers own a mobile phone; in the US, just under three quarters have one. In a survey conducted in 2001, no school banned mobiles. By 2007, this had risen to 50%, and by 2012 some 98% of schools either did not allow phones on school premises or required them to be handed in at the beginning of the day. But some schools are starting to allow limited use of the devices. New York mayor Bill de Blasio has lifted a 10-year ban on phones on school premises, with the city's chancellor of schools stating that it would reduce inequality.

The research was carried out at Birmingham, London, Leicester and Manchester schools before and after bans were introduced (PDF). It factored in characteristics such as gender, eligibility for free school meals, special educational needs status and prior educational attainment. "Technological advancements are commonly viewed as increasing productivity," write Louis-Philippe Beland and Richard Murphy. "Modern technology is used in the classroom to engage students and improve performance. There are, however, potential drawbacks as well, as they could lead to distractions."

An anonymous reader writes with news that members of British intelligence agency GCHQ have been granted immunity from prosecution for any laws they might have violated while hacking into citizens' computers or cellphones. The immunity was granted by changes to the Computer Misuse Act that weren't noticed until now, and not discussed or debated when implemented. While different legislation has long been thought to grant permission for illegal activities abroad, civil rights groups were unaware that domestic hacking activities were covered now as well. The legislative changes were passed on March 3rd, 2015, long after domestic spying became a hot-button issue, and almost a year after Privacy International and several ISPs filed complaints challenging it.

An anonymous reader writes: It's generally known that if you call 911 from a cell phone in the USA, you will be connected to the nearest Public Safety Access Point, whether or not the phone has an active account. This is the basis for programs that distribute donated phones for emergency-only use. However, the FCC has proposed a rule change that would eliminate the requirement for telephone companies to connect 911 calls made by NSI (non-service-initialized) phones. The main reason for the proposed rule change are the problems caused by fraudulent 911 calls made through NSI phones. Yet respondents cited by the FCC show that as many as 30% of 911 calls from NSI phones are for legitimate emergencies. The comment period for the proposed rule change ends on June 6th, 2015.

An anonymous reader writes with news that Mark Shuttleworth plans to have a Ubuntu smartphone that can be used as a PC out sometime this year. "Despite the recent announcement that Windows 10 phones will be able to be used as PCs when connected to an external monitor, Ubuntu—the first operating system to toy with the idea—hasn't conceded the smartphone-PC convergence race to Microsoft just yet. 'While I enjoy the race, I also like to win,' Ubuntu Foundation founder Mark Shuttleworth said during a Ubuntu Online Summit keynote, before announcing that Canonical will partner with a hardware manufacturer to release a Ubuntu Phone with smartphone-PC convergence features this year.

An anonymous reader writes: An editorial at Tom's Hardware makes the case that Google's Android fragmentation problem has gotten too big to ignore any longer. Android 5.0 Lollipop and its successor 5.1 have seen very low adoption rates — 9.0% and 0.7% respectively. Almost 40% of users are still on KitKat. 6% lag far behind on Gingerbread and Froyo. The article points out that even Microsoft is now making efforts to both streamline Windows upgrades and adapt Android (and iOS) apps to run on Windows.

If Google doesn't adapt, "it risks having users (slowly but surely) switch to more secure platforms that do give them updates in a timely manner. And if users want those platforms, OEMs will have no choice but to switch to them too, leaving Google with less and less Android adoption." The author also says OEMs and carriers can no longer be trusted to handle operating system updates, because they've proven themselves quite incapable of doing so in a reasonable manner.

According to Wikipedia, 'Project Ara is the codename for an initiative that aims to develop an open hardware platform for creating highly modular smartphones.' Google is the sponsor, and the project seems to be moving faster than some people expect it to. There's a Project Ara website, of course, a GitHub repository, a Facebook page, even an Ara subreddit. During his conversation with Timothy Lord, Ara firmware project lead (and spokesman) Marti Bolivar said it won't be long before prototype Ara modular phones start user testing. Meanwhile, if you want to see what Marti and his coworkers have been up to lately, besides this interview, you can read a transcription of his talk (including slides) from the January Project Ara Developers Conference in Singapore.

An anonymous reader writes: Chinese internet and media giant Tencent Holdings has today launched an operating system for mobile devices such as internet-connected phones, TVs, smartwatches and other IoT products. Tencent Operating System (OS) TOS+ is open to all developers and manufacturers free of charge should they agree to share their revenue – a framework similar to Google's popular Android mobile OS. The new Tencent OS offering, which provides voice recognition and mobile payment systems, will rival other home-grown operating systems looking to conquer the smart hardware arena with connected wearables, TVs and smart homeware technology. These competitors include smartphone maker Xiaomi and Asia's largest internet company Alibaba, who hopes to see its recently launched Yun OS eventually installed on tens of millions of smartphones. The Chinese systems for mobile and hardware products provide an alternative to Google's services, which constantly face challenges across the country due to strict censorship and licensing laws.

janimal writes: The iPhone used to be the smartphone that "just works." Ever since the 4S days, this has been true less and less with each generation. My wife's iPhone 6 needs to be restarted several times per week for things like internet search or making calls to work. An older 5S I'm using also doesn't consistently stream to Apple TV, doesn't display song names correctly on Apple TV and third party peripherals. In short, as features increase, the iPhone's stability is decreasing. In your opinion, which smartphone brand these days is taking up the slack and delivering a fully featured smartphone that "just works"?