exomondo writes "Following hot on the heels of the iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system. It is a security bug that can be used as a vector for malware to capture touch screen, volume rocker, home button and (on supported devices) TouchID sensor presses, information that could be sent to a remote server to re-create the user's actions. The vulnerability exists in even the most recent versions of iOS and the authors claim that they delivered a proof-of-concept monitoring app through the App Store."
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
pacopico writes "About 24 years ago, a tiny chip company came to life in a Cambridge, England barn. It was called ARM, and it looked quite unlike any other chip company that had come before it. Businessweek has just published something of an oral history on the weird things that took place to let ARM end up dominating the mobile revolution and rivaling Coke and McDonald's as the most prolific consumer product company on the planet. The story also looks at what ARM's new CEO needs to do not to mess things up."
alphadogg writes "U.S. cellphone carriers were offered a technology last year that supporters say would dramatically cut incidents of smartphone theft, but the carriers turned it down, according to sources with knowledge of the proposal. The so-called 'kill-switch' software allows consumers to remotely wipe and render their phones useless if stolen. Law enforcement and politicians believe the incentive for stealing a smartphone or tablet would be greatly reduced if the technology became standard, because the devices could quickly be rendered useless. A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S. The proposal followed pressure from the offices of the San Francisco District Attorney and the New York Attorney General for the industry to do more to prevent phone theft."
squiggleslash writes "Despite some industry skepticism, Nokia has indeed been working on an Android smartphone and finally unveiled the Nokia X today. As rumored, it's not a Google Play compatible device, running instead a Google-less AOSP build with a Nokia app store, and Windows Phone style shell. The budget phone will also not be marketed in North America. The Media seems convinced Microsoft — who are in the process of acquiring Nokia — will kill the project, but it's hard to see why Nokia would be working on such a project at this time if Microsoft had plans to do this."
wiredmikey writes "Users of iOS devices will find themselves with a new software update to install, thanks to a certificate validation flaw in the mobile popular OS. While Apple provides very little information when disclosing security issues, the company said that an attacker with a 'privileged network position could capture or modify data in sessions protected by SSL/TLS.' 'While this flaw itself does not allow an attacker to compromise a vulnerable device, it is still a very serious threat to the privacy of users as it can be exploited through Man-in-the-Middle attack,' VUPEN's Chaouki Bekrar told SecurityWeek. For example, when connecting to an untrusted WiFi network, attackers could spy on user connections to websites and services that are supposed to be using encrypted communications, Bekrar said. Users should update their iOS devices to iOS 7.0.6 as soon as possible." Adds reader Trailrunner7: "The wording of the description is interesting, as it suggests that the proper certificate-validation checks were in place at some point in iOS but were later removed somehow. The effect of an exploit against this vulnerability would be for an attacker with a man-in-the-middle position on the victim's network would be able to read supposedly secure communications. It's not clear when the vulnerability was introduced, but the CVE entry for the bug was reserved on Jan. 8."
Nerval's Lobster writes "Google's Advanced Technology and Projects Group is working on a new initiative, Project Tango, which could allow developers to quickly map objects and interiors in 3D. At the heart of Project Tango is a prototype smartphone with a 5-inch screen, packed with hardware and software optimized to take 3D measurements of the surrounding environment. The associated development APIs can feed tons of positioning and orientation data to Android applications written in Java, C/C++, and the Unity Game Engine. In addition to a 'standard' 4-megapixel camera, the device features a motion-tracking camera and an aperture for integrated depth sensing; integrated into the circuitry are two computer-vision processors. Google claims it only has 200 developer units in stock, and it's willing to give them to independent developers who can submit a detailed idea for a project involving 3D mapping of some sort. The deadline for unit distribution is March 14, 2014. In theory, developers could use ultra-portable 3D mapping to create better maps, visualizations, and games. ('What if you could search for a product and see where the exact shelf is located in a super-store?' Google's Website asks at one point.) The bigger question is what Google intends to do with the technology if it proves effective. Google Maps with super-detailed interiors, anyone?"
An anonymous reader writes "Sailfish, the Linux-based mobile operating system developed by Finnish devicemaker Jolla, has reached version 1.0. Sailfish arose from the ashes of several failed and interrupted projects to bring a new, major Linux-based platform to mobile devices. It's already running on phones sold in India and Russia, but more importantly, Sailfish was designed to be easily ported to existing Android devices. It's also built to support many Android apps. Jolla will begin providing complete firmware downloads during the first half of the year."
An anonymous reader writes "Attackers have crafted the E-Z-2-Use malware code that exploits a 14-month-old vulnerability in Android devices. The vulnerability exists in the WebView interface a malicious website can utilize it to gain a remote shell into the system with the permissions of the hijacked application. Vulnerable devices are any device that is running a version earlier than 4.2 (in which the vulnerability was patched) which is a staggeringly large amount of the market. The vulnerability is in Android itself rather than the proprietary GMS application platform that sits atop the base operating system so it is not easily patched by Google."
colinneagle writes "Amid all the talk about Microsoft forking Android for a smartphone OS, one suggestion involves a look back to Microsoft's DOS days. Microsoft DOS was designed per IBM's specification to run exclusively on IBM's PC hardware platforms. Phoenix Technologies employed software developers it nicknamed 'virgins,' who hadn't been exposed to IBM's systems, to create a software layer between Microsoft's DOS system and PCs built by IBM's competitors. This helped Microsoft avoid infringing on IBM's patents or copyrights, and subsequently helped fuel the explosive growth of PC clones. Microsoft could use the same approach to 'clone' the proprietary Android components in its own Android fork. This would prevent copyright infringement while giving Microsoft access to Google Play apps, as well as Android's massive base of developers." Microsoft (or anyone) could generate a lot of goodwill by completely replacing the proprietary bits of Android; good thing that doing so is a work in progress (and open-source, too), thanks to Replicant. (Practically speaking, though, couldn't Google just make access to the Play Store harder, if Microsoft were to create an Android-alike OS? Even now, many devices running Android variants don't have access to it.)
An anonymous reader writes "Include Security unveiled new research showing that users of the popular online dating app Tinder were at significant risk due to a vulnerability they discovered in the geo-location feature of the application. This vulnerability allowed Tinder users to track each another's exact location for much of 2013. Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user. This resulted in a privacy violation for the users of the application." Include Security has posted a video that shows how the the flaw could be exploited, before it was fixed last month.
First time accepted submitter paulbes writes "Jan Koum picked a meaningful spot to sign the $19 billion deal to sell his company WhatsApp to Facebook [Wednesday]. Koum, cofounder Brian Acton and venture capitalist Jim Goetz of Sequoia drove a few blocks from WhatsApp's discreet headquarters in Mountain View to a disused white building across the railroad tracks, the former North County Social Services office where Koum, 37, once stood in line to collect food stamps. That's where the three of them inked the agreement to sell their messaging phenom –which brought in a minuscule $20 million in revenue last year — to the world's largest social network." Forbes overstates the apparent selling price by a few billion dollars; big numbers, either way. [Update: 02/20 13:51 GMT by T : The $19 billion makes sense, if you include retention bonuses in the form of restricted stock units.] Another reader points out the interesting fact that "Acton — himself a former Apple engineer — applied for jobs at both Twitter and Facebook way before WhatsApp became a wildly popular mobile app. Both times he was rejected."
An anonymous reader writes in about a possible game changer in wireless technology that embraces interference with great results: "It's one of those elegant inventions that only surface maybe once a decade. If it works at scale, according to IEEE Spectrum, it could 'radically change the way wireless networks operate, essentially replacing today's congested cellular systems with an entirely new architecture that combines signals from multiple distributed antennas to create a tiny pocket of reception around every wireless device.' This scheme could allow each device to use the full bandwidth of spectrum available to the network, which would 'eliminate network congestion and provide faster, more reliable data connections.' And the best part? It's compatible with 4G LTE phones, which means it could be deployed today." The idea is that an array of dumb antennas are deployed and a very powerful cluster computes signals that are sent from all of them which then appear to be a single coherent signal to only a single device. There's a short paper on the Distributed In Distributed Out technique, but it is a bit light on the mathematical details.
An anonymous reader writes "Mark Shuttleworth just had a conference call with the press where he announced Canonical has partnered with BQ in Europe and Meizu in China to manufacture Ubuntu phones that will ship in 2014. By the time devices ship, the hope is to have ports of the top 50 Android and iOS apps available on Ubuntu." Mark Shuttleworth notes "The mobile industry has long been looking for a viable alternative to those that reign today. Ubuntu puts the control back into the hands of our partners and presents an exciting platform for consumers, delivering an experience which departs from the tired app icon grid of Android and iOS and provides a fluid, content-rich experience for all."
Nerval's Lobster writes "The remote-access management flaw that allowed TheMoon worm to thrive on Linksys routers is far from the only vulnerability in that particular brand of hardware, though it might be simpler to call all home-based wireless routers gaping holes of insecurity than to list all the flaws in those of just one vendor. An even longer list of Linksys (and Cisco and Netgear) routers were identified in January as having a backdoor built into the original versions of their firmware in 2005 and never taken out. Serious as those flaws are, they don't compare to the list of vulnerabilities resulting from an impossibly complex mesh of sophisticated network services that make nearly every router aimed at homes or small offices an easy target for attack, according to network-security penetration- and testing services. For example, wireless routers (especially home routers owned by technically challenged consumers) are riddled with security holes stemming from design goals that emphasize usability over security, which often puts consumers at risk from malware or attacks on devices they don't know how to monitor, but through which flow all their personal and financial information via links to online banking, entertainment, credit cards and even direct connections to their work networks, according to a condemnation of the Home Network Administration Protocol from Tenable Network Security. Meanwhile, a January 2013 study from Rapid7 found 40 million to 50 million network-enabled devices, including nearly all home routers, were vulnerable to exploits using UPnP. Is there any way to fix this target-rich environment?" If only there were an easily upgradeable open source router operating system to which vendors could add support for their hardware leaving long term maintenance to a larger community.
An anonymous reader writes "Beyond your smartphone screen lies an infinitely more interesting world, if only you could get past the myopic app view you're currently bound to. Glen Martin ponders the existential unease lying at the root of the Internet of Things: 'We're already cyborgs: biological matrices augmented by wirelessly connected silicon arrays of various configurations. The problem is that we're pretty clunky as cyborgs go. We rely on screens and mobile devices to extend our powers beyond the biological. That leads to everything from atrophying social skills as face-to-face interactions decline to fatal encounters with garbage trucks as we wander, texting and oblivious, into traffic. So, if we're going to be cyborgs, argues Breseman, let's be competent, sophisticated cyborgs. For one thing, it's now in our ability to upgrade beyond the screen. For another, being better cyborgs may make us — paradoxically — more human.'"
An anonymous reader writes "One of Android's biggest draws is its roots in open source. It enables a broad range of device manufacturers to work from the same code base, and provides app developers with more insight into the platform they're building on. But openness isn't a binary condition — there are many shades of gray. While Android is technically very open, from a practical standpoint it's much more difficult for device makers to distance themselves from Google, if that's their preference. 'Phone manufacturers and carriers that want to use Google's services must conform to Google's device standards, a stricter requirement than what basic AOSP requires. For some, this is a catch. For others, it's merely the cost of doing business. ... [Dianne Hackborn, one of Android's tech leads,] defends Google's right to include proprietary services, and to keep them proprietary, saying that its no different than any other proprietary app on Android. That's not entirely true, since Google does keep some API development to itself, but to its credit the company does open-source most of the new APIs introduced to Android.'"
alphadogg writes "Pressure on the cellphone industry to introduce technology that could disable stolen smartphones has intensified with the introduction of proposed federal legislation that would mandate such a system. Senate bill 2032, 'The Smartphone Prevention Act,' was introduced to the U.S. Senate this week by Amy Klobuchar, a Minnesota Democrat. The bill promises technology that allows consumers to remotely wipe personal data from their smartphones and render them inoperable. But how that will be accomplished is currently unclear. The full text of the bill was not immediately available and the offices of Klobuchar and the bill's co-sponsors were all shut down Thursday due to snow in Washington, D.C."
UnderAttack writes "A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is being used to mass-exploit various Linksys routers right now. Infected routers will start scanning for vulnerable systems themselves, leading to a very fast spread of this 'worm.'"
Sockatume writes "If you want to ship a phone with Google's apps on it, you need to license them. A copy of the OEM licensing agreement from 2011 was recently leaked, and Ars Technica provides a summary. Amongst the rules: a company licensing Google Apps can't act in a way that would fragment Android, but must also maintain the platform's open-ness; most of Google's services must be included; Google apps must be defaults, and placed within a couple of clicks of the default home screen. No surprises, but it's interesting to see the details laid out."
puddingebola writes "Nokia is preparing to release its first Android phone, as the lost market share in emerging markets from the death of Symbian has never been recovered. Windows Phone could never be adapted to the entry level devices that have driven growth in these markets, necessitating the move. From the article, 'Nokia was once the king of cellphones in emerging markets. But it has lost ground because it was slow to respond to Android's popularity in many countries. In India, where Nokia's Symbian-powered phones held a big share of cellphone sales just a few years ago, Android was installed on 93% of new smartphones shipped there last year, according to estimates from research firm IDC.'"