Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Communications

NIST Prepares To Ban SMS-Based Two-Factor Authentication (softpedia.com) 61

An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
Iphone

Suspect Required To Unlock iPhone Using Touch ID in Second Federal Case (9to5mac.com) 198

An anonymous reader shares a report on 9to5Mac: A second federal judge has ruled that a suspect can be compelled to unlock their iPhone using their fingerprint in order to give investigators access to data which can be used as evidence against them. The first time this ever happened in a federal case was back in May, following a District Court ruling in 2014. The legal position of forcing suspects to use their fingerprints to unlock devices won't be known with certainty until a case reaches the U.S. Supreme Court, but lower court rulings so far appear to establish a precedent which is at odds with that concerning passcodes. Most constitutional experts appear to believe that the Fifth Amendment prevents a suspect from being compelled to reveal a password or passcode, as this would amount to forced self-incrimination -- though even this isn't certain. Fingerprints, in contrast, have traditionally been viewed as 'real or physical evidence,' meaning that police are entitled to take them without permission.Ars Technica has more details.
United States

New Illinois Law Limits Police Use Of Cellphone-Tracking Stingray (go.com) 32

An anonymous Slashdot reader quotes a report from ABC News: A new Illinois law limits how police can use devices that cast a wide net in gathering cellphone data... [Stingray] gathers phone-usage data on targets of criminal investigations, but it also gathers data on other cellphones -- hundreds or even thousands of them -- in the area. The new law requires police to delete the phone information of anyone who wasn't an investigation target within 24 hours. It also prohibits police from accessing data for use in an investigation not authorized by a judge.

A dozen other states have adopted such regulations, and Congress is considering legislation that would strengthen federal guidelines already in place... Privacy advocates worry that without limits on how much data can be gathered or how long it can be stored, law enforcement could use the technology to build databases that track the behavior and movement of people who are not part of criminal investigations.

Earlier this month a U.S. judge threw out evidence gathered with Stingray for the first time, saying that without a search warrant, "the government may not turn a citizen's cell phone into a tracking device." The ACLU has identified 66 agencies in 24 states using Stingray technology, "but because many agencies continue to shroud their purchase and use of stingrays in secrecy, this map dramatically underrepresents the actual use of stingrays by law enforcement agencies nationwide."
Android

Phones Without Headphone Jacks Are Here... and They're Extremely Annoying (mashable.com) 507

A few weeks ago, we had an intense discussion on what would happen if Apple's next iPhone doesn't have a headphone port -- and what that means for the rest of the industry, as well as the pros and cons of ditching the legacy port. Over the past few months, we have seen many smartphone manufacturers launch new handsets that don't have a headphone jack. Mashable has a report today in which it says that it is already causing frustration among users. From the article: In the Android camp, phones like Lenovo's Moto Z and Moto Z Force and China's LeEco have already scrapped the 3.5mm headphone jack; to listen to music on the company's three latest phones, users need to plug in USB Type-C headphones, go wireless, or use a dongle. I'm all for letting go of old technologies to push forward, but what is happening is actually going to make things worse. The headphone jack has worked for 50 years and it can work for another 50 more because it's universal. Headphones I plug into my iPhone work in an Android phone, in a BlackBerry, in my computer, in my PS4 controller, in my tablet, in any speaker with audio-out, and so on. I can walk into any electronics store and pick up a pair of headphones and not have to worry about compatibility with any of my devices. I know it'll work. [...] With a universal headphone jack, I never have to worry whether or not the crappy pack-in iPhone EarPods I have will work with the Android phone I'm reviewing or not. I also never have to worry if I'll be able to plug my headphones into a friend's phone to listen to some new song. Same applies for when I want to use my earbuds and headphones with another person's device. And there lies the real issue. I will need different dongles -- a Lightning-to-headphone-jack and a USB-Type-C-to-headphone-jack to be prepared because I do carry both iPhone and Android phone on me daily. Dongles also get lost.
Android

Do We Need The Moto Z Smartphones' New Add-On Modules? (hothardware.com) 56

This week saw the release of the Moto Z Droid and Force Droid, new Android smartphones from Motorola and Lenovo with snap-on modules. Slashdot reader MojoKid writes that the Z Force Droid "is sheathed behind Moto ShatterShield technology making it virtually indestructible." Motorola guarantees it not to crack or shatter if dropped... However, what's truly standout are Moto Mods, which are snap-on back-packs of sorts that add new features, like the JBL Speaker, Moto Insta-Projector and Incipio OffGrid Power Pack (2220 mAh) mods... Even the fairly complex projector mod fires up in seconds and works really well.
But the Verge has called it "a good phone headed down the wrong path," adding "this company is competing in the global smartphone market, not a high school science fair, and its success will depend on presenting better value than the competition, not cleverer design. Without the benefit of the value-projecting fairy dust of brands like Apple and Beats, Lenovo will have an uphill climb trying to justify its Moto Mods pricing with functionality and looks, and our review has shown that none of the company's extras are essential."
Android

Turn Your Android Phone Into a Laptop For $99 With the Superbook (techinsider.io) 123

An anonymous Slashdot reader writes: A company called Andromium is attempting to harness the processing power of your Android smartphone and turn it into a full fledged computer. The 'Superbook' consists of a 11.6-inch laptop shell, which you connect to your phone via a USB Micro-B or Type-C cable, and run the Andromium OS application (currently in beta, but available in the Play Store)... The leader of the project and Company co-founder Gordon Zheng, previously worked at Google and pitched the idea to them... They refused so he quit his job and founded Andromium Inc.

In December 2014 the company had introduced their first product which was a dock which used the MHL standard to output to external monitor. That campaign failed, however their newest creation, the Superbook smashed their Kickstarter goal in just over 20 minutes.

And within their first 38 hours, they'd crowdfunded $500,000. In an intriguing side note, Andromium "says it'll open its SDK so developers can tailor their apps for Andromium, too, though how much support that gets remains to be seen," reports Tech Insider. But more importantly, "Andromium says its prototypes are finished, and that it hopes to ship the Superbook to backers by February 2017."
Advertising

Google Tests Ads That Load Faster and Use Less Power (bbc.co.uk) 117

Slashdot reader Big Hairy Ian quotes a report from the BBC: Google says it has found a way to make ads load faster on web pages viewed on smartphones and tablets. The company said the ads would also be less taxing on the handsets' processors, meaning their batteries should last longer. The technique is based on work it has already done to make news publishers' articles load more quickly. But it is still in development, and one expert said Google still had questions to answer. The California-based company's online advertising revenue totalled $67.4 billion last year...
The technique limits the scope of JavaScript, and "provides its own activity measurement tools, which are said to be much more efficient," according to article. A Google software engineer explains that this technique "only animates things that are visible on the screen," and throttles animation to fewer frames per second for weaker devices -- or disables the animations altogether. "This ensures that every device gets the best experience it can deliver and makes sure that ads cannot have a negative impact on important aspects of the user experience such as scrolling."
Republicans

Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots (theregister.co.uk) 109

Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport, using common network names like "Google Starbucks" and "Xfinitywifi" as well as "I vote Trump! free Internet". An anonymous reader quotes this report from The Register: With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting... Some 68.3 percent of users' identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps... In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users.
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
Businesses

Cyanogen Inc. Reportedly Fires OS Development Arm, Switches To Apps (arstechnica.com) 121

An anonymous reader writes: Android Police is reporting that the Android software company Cyanogen Inc. will be laying off 20 percent of its workforce, and will transition from OS development to applications. The Android Police report says "roughly 30 out of the 136 people Cyanogen Inc. employs" are being cut, and that the layoffs "most heavily impact the open source arm" of the company. Android Police goes on to say that CyanogenMod development by Cyanogen Inc "may be eliminated entirely." Ars Technica notes the differences between each "Cyanogen" branding. Specifically, CyanogenMod is a "free, open source, OS heavily based on Android and compatible with hundreds of devices," while Cyanogen Inc. is "a for-profit company that aims to sell Cyanogen OS to OEMs." It appears that many of the core CyanogenMod developers will no longer be paid to work on CyanogenMod, though the community is still free to develop the software." Android Police details the firing process in their report: "Layoffs reportedly came after a long executive retreat for the company's leaders and were conducted with no advanced notice. Employees who were not let go were told not to show up to work today. Those who did show up were the unlucky ones: they had generic human resources meetings rather ominously added to their calendars last night. So, everyone who arrived at Cyanogen Inc. in Seattle this morning did so to lose their job (aside from those conducting the layoffs)." Early last year, Microsoft invested in a roughly $70 million round of equity financing for the then-startup Cyanogen Inc. Not too long before that, Google tried to acquire Cyanogen Inc., but the company turned down Google's offer to seek funding from investors and major tech companies at a valuation of around $1 billion. Cyanogen Inc. CEO Kirt McMaster once said the company was "attempting to take Android away from Google" and that it was "putting a bullet through Google's head."

UPDATE 7/25/16: Cyanogen CEO and cofounder Kirt McMaster took to Twitter to dispel some of the rumors, tweeting: "Cyanogen NOT pivoting to apps. We are an OS company and our mission of creating an OPEN ANDROID stands. FALSE reporting was outstanding."
Businesses

Apple: Pokemon Go Sets Record For Most Downloads In Its First Week (techcrunch.com) 35

An anonymous reader writes: Apple has confirmed to TechCrunch that Pokemon Go has attracted more downloads in the App Store during its first week than any other app in App Store history. What's even more surprisingly is that the app was only available in a few countries at the time -- it initially launched in New Zealand, Australia and the U.S. Apple didn't provide the number of downloads, but one can assume it's well into the millions. Pokemon Go is expected to become even more popular as it becomes available in more countries -- the game just launched in Japan today. With millions of downloads in the first week alone, Pokemon Go is expected to generate large sums of money for Apple. The Guardian is reporting that Apple will "rake in $3 billion in revenue from Pokemon Go in the next one to two years as gamers buy 'PokeCoins' from its app store."
Nintendo

Apple To Make $3 Billion From Pokemon Go (theguardian.com) 79

An anonymous reader writes from a report via The Guardian: We all know what Pokemon Go is, and we all know how successful it is. The Guardian is reporting that Apple will "rake in $3 billion in revenue from Pokemon Go in the next one to two years as gamers buy 'PokeCoins' from its app store, according to analysts." One pack of 100 PokeCoins costs about $1 in Apple's app store, but gamers can purchase as many as 14,500 PokeCoins for about $100. "We believe Apple keeps 30% of Pokemon Go's revenue spent on iOS devices, suggesting upside to earnings," Needham and Co brokerage analyst Laura Martin wrote in a client note on Wednesday. The game, which is also available on Android, had over 21 million active users after only being on the market for less than two weeks. It has also been rolled out in 35 countries since its U.S. debut. "Martin said Pokemon Go's ratio of paid users to total users was 10 times that of Candy Crush, the hit game from King Digital that generated more than $1 billion of revenue in both 2013 and 2014," reports The Guardian. Not only has Apple's stock risen since the launch of Pokemon Go, but Nintendo's stock has more than doubled.
Printer

Police 3D-Printed A Murder Victim's Finger To Unlock His Phone (theverge.com) 97

An anonymous reader quotes a report from The Verge: Police in Michigan have a new tool for unlocking phones: 3D printing. According to a new report from Flash Forward creator Rose Eveleth, law enforcement officers approached professors at the University of Michigan earlier this year to reproduce a murder victim's fingerprint from a prerecorded scan. Once created, the 3D model would be used to create a false fingerprint, which could be used to unlock the phone. Because the investigation is ongoing, details are limited, and it's unclear whether the technique will be successful. Still, it's similar to techniques researchers have used in the past to re-create working fingerprint molds from scanned images, often in coordination with law enforcement. This may be the first confirmed case of police using the technique to unlock a phone in an active investigation. Apple has recently changed the way iOS manages fingerprint logins. You are now required to input an additional passcode if your phone hasn't been touched for eight hours and the passcode hasn't been entered in the past six days.
Verizon

Verizon To Disconnect Unlimited Data Customers Who Use Over 100GB/Month 409

Verizon Wireless customers who have an unlimited data plan and use significantly more than 100GB a month will soon be disconnected from the network unless they agree to move to limited data packages that require payment of overage fees. Ars Technica reports: Verizon stopped offering unlimited data to new smartphone customers a few years ago, but some customers have been able to hang on to the old plans instead of switching to ones with monthly data limits. Verizon has tried to convert the holdouts by raising the price $20 a month and occasionally throttling heavy users but stopped that practice after net neutrality rules took effect. Now Verizon is implementing a formal policy for disconnecting the heaviest users.In a statement, Verizon said: "Because our network is a shared resource and we need to ensure all customers have a great mobile experience with Verizon, we are notifying a very small group of customers on unlimited plans who use an extraordinary amount of data that they must move to one of the new Verizon Plans by August 31, 2016." a Verizon spokesperson told Ars. "These users are using data amounts well in excess of our largest plan size (100GB). While the Verizon Plan at 100GB is designed to be shared across multiple users, each line receiving notification to move to the new Verizon Plan is using well in excess of that on a single device." FYI: The 100GB plan costs $450 a month.
Privacy

Edward Snowden's New Research Aims To Keep Smartphones From Betraying Their Owners (theintercept.com) 106

Smartphones become indispensable tools for journalists, human right workers, and activists in war-torn regions. But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location. To address the problem, NSA whistleblower Edward Snowden and hardware hacker Andrew "Bunnie" Huang have been developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. "We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don't," Snowden told Intercept. "It's basically to make the phone work for you, how you want it, when you want it, but only when." Snowden and Huang presented their findings in a talk at MIT Media Lab's Forbidden Research event Thursday, and published a detailed paper. From the Intercept article: Snowden and Huang have been researching if it's possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that "a phone can and will be compromised." [...] The research is necessary in part because most common way to try and silence a phone's radio -- turning on airplane mode -- can't be relied on to squelch your phone's radio traffic. Fortunately, a smartphone can be made to lie about the state of its radios. The article adds: According to their post, the goal is to "provide field-ready tools that enable a reporter to observe and investigate the status of the phone's radios directly and independently of the phone's native hardware." In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it's being dishonest about its radio emissions. Snowden and Haung are calling this device an "introspection engine" because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to also be able to sound an audible alarm and possibly to also come equipped with a "kill switch" that can shut off power to the phone if any radio signals are detected.Wired has a detailed report on this, too.
Cellphones

Corning Unveils Gorilla Glass 5, Can Survive Drops 'Up To 80% Of The Time' (theverge.com) 111

An anonymous reader writes from a report via The Verge: Corning has unveiled their new Gorilla Glass 5, which should make its way to high-end smartphones and other electronic devices later this year and into 2017. Gorilla Glass 5 is designed to improve drop performance from devices that are dropped onto rough surfaces from waist heigh to shoulder height. Corning says it can survive up to 80 percent of the time when dropped from 1.6 meters. For comparison, Gorilla Glass 4, which was released in the fall of 2014, was marketed as being twice as tough as the previous version and twice as likely to survive drops onto uneven surfaces from about a meter high. Some things to note include the fact that in Corning's tests, the 80 percent survival rate was with pieces of glass that were 0.6mm thick -- Corning now makes glass as thin as 0.4mm. Depending on how thin manufacturers want the glass in their devices, the durability results may vary. Also, most of demos consisted of dropping the glass face down, rather than on its side or corner. Corning's vice president and general manger John Bayne said if the glass is dropped in such a way, it's going to depend on the overall design of the phone, not just the glass. Gorilla Glass 5 is currently in production, though the company says we'll hear more about it "in the next few months." There's no word as to whether or not the glass will be ready in time for the wave of devices expected this fall.

Slashdot Top Deals