Privacy

'TeenSafe' Phone Monitoring App Leaked Thousands of User Passwords (zdnet.com) 24

An anonymous reader quotes a report from ZDNet: At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children. The mobile app, TeenSafe, bills itself as a "secure" monitoring app for iOS and Android, which lets parents view their child's text messages and location, monitor who they're calling and when, access their web browsing history, and find out which apps they have installed. But the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.

"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," said a TeenSafe spokesperson told ZDNet on Sunday. The database stores the parent's email address associated with their associated child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.

Android

The Verge Goes Hands-On With the 'Wildly Ambitious' RED Hydrogen One Smartphone (theverge.com) 38

It's been almost a year since RED, a company known for its high-end $10,000+ cameras, teased a smartphone called the RED Hydrogen One. Several months have passed since the phone was announced and we still don't know much about it, aside from it having a very industrial design and "Hydrogen holographic display." Earlier this week, AT&T and Verizon confirmed that they'll launch the device later this year. Now, The Verge's Dieter Bohn has shared his hands-on impressions with the device, which he claims to be "one of the most ambitious smartphones in years from a company not named Apple, Google, or Samsung." Here's an excerpt from the report: The company better known for high-end 4K cameras with names like "Weapon" and "Epic-w" isn't entering the smartphone game simply to sell you a better Android phone. No, this phone is meant to be one piece of a modular system of cameras and other media creation equipment -- the company claims it will be "the foundation of a future multi-dimensional media system." To that end, it has a big set of pogo-pins on the back to connect it to RED's other cameras also to allow users to attach (forthcoming) modules to it, including lens mounts. If it were just a modular smartphone, we'd be talking about whether we really expected the company to produce enough modules to support it.

RED is planning on starting with a module that is essentially a huge camera sensor -- the company is not ready to give exact details, but the plan is definitely more towards DSLR size than smartphone size. Then, according to CEO Jim Jannard, the company wants any traditional big camera lens to be attached to it. Answering a fan question, he joked that support for lenses will be "pretty limited," working "just" with Fuji, Canon, Nikon, Leica, and more. [...] The processor inside will be a slightly-out-of-date Qualcomm Snapdragon 835, but it seemed fast enough in the few demos I was able to try. Honestly, though, if you're looking to get this thing just as a phone, you're probably making your decision based on the wrong metrics. It's probably going to be a perfectly capable phone, but at this price (starting at $1,195) what you're buying into is the module ecosystem.

Software

Popular 'Gboard' Keyboard App Has Had a Broken Spell Checker For Months 46

The popular Gboard keyboard app for iOS and Android devices has a fundamental flaw. According Reddit user SurroundedByMachines, the red underline has stopped appearing for incorrectly spelled words since November of last year -- and it doesn't appear to be limited to any one device. Issues with the spell checker have been reported on multiple devices across Android and iOS. A simple Google search brings up several different threads where people have reported issues with the feature.

What's more is that nobody at Google seems to get the memo. The Reddit user who first brought this to our attention filed several bug reports, left a review, and joined the beta channel to leave feedback there, yet no response was given. "Many people have been having the issue, and it's even been escalated to the community manager," writes SurroundedByMachines. Since the app has over 500 million downloads on the Play Store alone, this issue could be frustrating a lot of users, especially those who use their phones to send work emails or write documents. Have you noticed Gboard's broken spell checker on your device? If so, you may want to look into another third-party keyboard, such as SwiftKey or Cheetah Keyboard.
Cellphones

Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years (nextgov.com) 95

Long-time Slashdot reader Zorro quotes Nextgov: The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.

Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.

A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"
Canada

People Hate Canada's New 'Amber Alert' System (www.cbc.ca) 278

The CBC reports: When the siren-like sounds from an Amber Alert rang out on cellular phones across Ontario on Monday, it sparked a bit of a backlash against Canada's new mobile emergency alert system. The Ontario Provincial Police had issued the alert for a missing eight-year-old boy in the Thunder Bay region. (The boy has since been found safe)... On social media, people startled by the alerts complained about the number of alerts they received and that they had received separate alerts in English and French... Meanwhile, others who were located far from the incident felt that receiving the alert was pointless. "I've received two Amber Alerts today for Thunder Bay, which is 15 hours away from Toronto by car," tweeted Molly Sauter. "Congrats, you have trained me to ignore Emergency Alerts...."

The CRTC ordered wireless providers to implement the system to distribute warnings of imminent safety threats such as tornadoes, floods, Amber Alerts or terrorist threats. Telecom companies had favoured an opt-out option or the ability to disable the alarm for some types of alerts. But this was rejected by the broadcasting and telecommunications regulator. Individuals concerned about receiving these alerts are left with a couple of options: they can turn off their phone -- it will not be forced on by the alert -- or mute their phone so they won't hear it.

Long-time Slashdot reader knorthern knight complains that the first two alerts-- one in English, followed by one in French -- were then followed by a third (bi-lingual) alert advising recipients to ignore the previous two alerts, since the missing child had been found.
United States

40 Cellphone-Tracking Devices Discovered Throughout Washington (nbcwashington.com) 60

The investigative news "I-Team" of a local TV station in Washington D.C. drove around with "a leading mobile security expert" -- and discovered dozens of StingRay devices mimicking cellphone towers to track phone and intercept calls in Maryland, Northern Virginia, and Washington, D.C. An anonymous reader quotes their report: The I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City... The I-Team's test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours. "I suppose if you spent more time you'd find even more," said D.C. Councilwoman Mary Cheh. "I have bad news for the public: Our privacy isn't what it once was..."

The good news is about half the devices the I-Team found were likely law enforcement investigating crimes or our government using the devices defensively to identify certain cellphone numbers as they approach important locations, said Aaron Turner, a leading mobile security expert... The I-Team got picked up [by StingRay devices] twice off of International Drive, right near the Chinese and Israeli embassies, then got another two hits along Massachusetts Avenue near Romania and Turkey... The phones appeared to remain connected to a fake tower the longest, right near the Russian Embassy.

StringRay devices are also being used in at least 25 states by police departments, according to the ACLU. The devices were authorized by the FCC back in 2011 for "federal, state, local public safety and law enforcement officials only" (and requiring coordination with the FBI).

But back in April the Associated Press reported that "For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages... More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware."
Software

In Virtual Reality, How Much Body Do You Need? (nytimes.com) 34

An anonymous reader quotes a report from The New York Times: Will it soon be possible to simulate the feeling of a spirit not attached to any particular physical form using virtual or augmented reality? If so, a good place to start would be to figure out the minimal amount of body we need to feel a sense of self, especially in digital environments where more and more people may find themselves for work or play. It might be as little as a pair of hands and feet, report Dr. Michiteru Kitazaki and a Ph.D. student, Ryota Kondo. In a paper published Tuesday in Scientific Reports, they showed that animating virtual hands and feet alone is enough to make people feel their sense of body drift toward an invisible avatar (Warning: source may be paywalled; alternative source). Their work fits into a corpus of research on illusory body ownership, which has challenged understandings of perception and contributed to therapies like treating pain for amputees who experience phantom limb.

Using an Oculus Rift virtual reality headset and a motion sensor, Dr. Kitazaki's team performed a series of experiments in which volunteers watched disembodied hands and feet move two meters in front of them in a virtual room. In one experiment, when the hands and feet mirrored the participants' own movements, people reported feeling as if the space between the appendages were their own bodies. In another experiment, the scientists induced illusory ownership of an invisible body, then blacked out the headset display, effectively blindfolding the subjects. The researchers then pulled them a random distance back and asked them to return to their original position, still virtually blindfolded. Consistently, the participants overshot their starting point, suggesting that their sense of body had drifted or "projected" forward, toward the transparent avatar.

Google

Google Is Making An AR Headset With New Qualcomm Chips (theverge.com) 11

Google is reportedly working on a standalone augmented reality headset that will use new Qualcomm chips. "It will be built by Taiwanese computer maker Quanta," reports The Verge. "The project is still in its early stages, according to documents obtained by WinFuture." From the report: The AR headset is supposed to be similar to Microsoft's HoloLens, a headset that came out in 2016 and is aimed at design, training, and industrial use. The Google AR headset that's in development will reportedly be self-contained and powered by a Qualcomm chip, rather than tethered to another device. It will also include cameras and microphones. The headset is currently going by the name "Google A65." There's no release date yet for the Google A65 as it's still in the prototype stage, according to WinFuture. The headset won't only operate like a HoloLens, but it will use the same chips. HoloLens is rumored to be getting an update this year, with a new ARM-powered design and an improved field of view. The Qualcomm chips that will reportedly be used in both the new HoloLens and the new Google headset are the Qualcomm QSC603 four-core chips, based on ARM architecture.
Android

With Steam Link App, Your Smartphone Can Be An Imperfect Gaming Monitor (arstechnica.com) 47

Ars Technica's Kyle Orland shares his experience with Valve's recently announced Steam Link app, which lets users play games running on a PC via a tablet, mobile phone, or Apple TV on the same network. The app launches today for Android 5.0+ devices; iOS support is "pending further review from Apple." From the report: Valve isn't kidding when it says a Wi-Fi router in the 5Ghz band is required for wireless streaming. I first tested iPad streaming on the low-end 2.4Ghz router provided with my Verizon FiOS subscription (an Actiontec MI424WR), with a wired Ethernet connection to my Windows gaming rig on the other end. The Steam Link network test warned me that "your network may not work well with Steam Link," thanks to 1- to 2-percent frame loss and about 15ms of "network variance," depending on when I tested. Even graphically simple games like The Binding of Isaac ran at an unplayably slowed-down rate on this connection, with frequent dropped inputs to boot.

Switching over to a 5GHz tri-band router (The Netgear Nighthawk X6, to be precise), the same network test reported a "fantastic" connection that "look[s] like it will work well with Steam." On this router, remotely played games ran incredibly smoothly at the iPad's full 1080p resolution, with total round-trip display latency ranging anywhere from 50 to 150ms, according to Steam Link's reports (and one-way "input lag" of less than 1ms). At that level of delay, playing felt practically indistinguishable from playing directly on the computer, with no noticeable gameplay impact even on quick-response titles like Cuphead.

Wireless Networking

Ask Slashdot: Which Is the Safest Router? 378

MindPrison writes: As ashamed as I am to admit it -- a longtime computer user since the Commodore heydays, I've been hacked twice recently and that has seriously made me rethink my options for my safety and well-being. So, I ask you dear Slashdot users, from one fellow longtime Slashdotter to another: which is the best router for optimal safety today?
Privacy

Cell Phone Tracking Firm Exposed Millions of Americans' Real-time Locations (zdnet.com) 38

Earlier this week, ZDNet shed some light on a company called LocationSmart that is buying your real-time location data from four of the largest U.S. carriers in the United States. The story blew up because a former police sheriff snooped on phone location data without a warrant, according to The New York Times. ZDNet is now reporting that the company "had a bug in its website that allowed anyone to see where a person is located -- without obtaining their consent." An anonymous reader shares an excerpt: "Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD. student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call. "The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here." The "try" website was pulled offline after Xiao privately disclosed the bug to the company, with help from CERT, a public vulnerability database, also at Carnegie Mellon. Xiao said the bug may have exposed nearly every cell phone customer in the U.S. and Canada, some 200 million customers.

The researcher said he started looking at LocationSmart's website following ZDNet's report this week, which followed from a story from The New York Times, which revealed how a former police sheriff snooped on phone location data without a warrant. The sheriff has pleaded not guilty to charges of unlawful surveillance. He said one of the APIs used in the "try" page that allows users to try the location feature out was not validating the consent response properly. Xiao said it was "trivially easy" to skip the part where the API sends the text message to the user to obtain their consent. "It's a surprisingly simple bug," he said.

Android

OnePlus 6 Launched With 6.28-inch Display, Snapdragon 845 CPU, and Headphone Jack (phonedog.com) 109

OnePlus has launched their newest flagship smartphone today at an event in London. The OnePlus 6, as it is called, features a 6.28-inch 2280x1080 display with 19:9 aspect ratio and notch, Snapdragon 845 octa-core processor with up to 8GB of RAM, 16- and 20-megapixel rear-facing cameras, 3,330mAh battery, 3.5mm headphone jack, and Android 8.1 Oreo running out of the box with support for Android P coming soon. Strangely, the phone features a glass build construction but no support for wireless charging. OnePlus claims the glass back will be better for transmitting radio waves, but it's likely included in preparation for the OnePlus 6T, which will likely launch several months later and include wireless charging. PhoneDog reports: Around on the back of the OnePlus 6 is a vertically stacked dual rear camera setup that's now in the center of the phone for symmetry. There's a 16MP camera with Sony IMX 519 sensor, f/1.7 aperture, and support for optical image stabilization and electronic image stabilization, as well as a 20MP camera with Sony IMD 376K sensor and f/1.7 aperture. Also included are portrait mode and slow-motion 480fps video capture features.

The body of the OnePlus 6 is made of Gorilla Glass 5, which OnePlus says will be better for transmitting radio waves. Rounding out the OP6's spec list is a 16MP front-facing camera, NFC, Bluetooth 5.0, USB-C, an alert slider, and a 3.5mm headphone jack. On the security side of things, there's a rear fingerprint reader and face unlock, and when it comes to wireless capabilities, the OnePlus 6 supports 40 global LTE bands as well as 4x4 MIMO for speeds up to 1Gbps.
The OnePlus 6 will be available on May 22 with the following prices: 6GB/64GB: $529; 8GB/128GB: $579; 8GB/256GB: $629.
Robotics

Researchers Create First Flying Wireless Robotic Insect (newatlas.com) 64

An anonymous reader quotes a report from New Atlas: You might remember RoboBee, an insect-sized robot that flies by flapping its wings. Unfortunately, though, it has to be hard-wired to a power source. Well, one of RoboBee's creators has now helped develop RoboFly, which flies without a tether. Slightly heavier than a toothpick, RoboFly was designed by a team at the University of Washington -- one member of that team, assistant professor Sawyer Fuller, was also part of the Harvard University team that first created RoboBee. That flying robot receives its power via a wire attached to an external power source, as an onboard battery would simply be too heavy to allow the tiny craft to fly. Instead of a wire or a battery, RoboFly is powered by a laser. That laser shines on a photovoltaic cell, which is mounted on top of the robot. On its own, that cell converts the laser light to just seven volts of electricity, so a built-in circuit boosts that to the 240 volts needed to flap the wings. That circuit also contains a microcontroller, which tells the robot when and how to flap its wings -- on RoboBee, that sort of "thinking" is handled via a tether-linked external controller. The robot can be seen in action here.
Cellphones

Lenovo Teases a True All-Screen Smartphone With No Notch (cnet.com) 177

An anonymous reader quotes a report from CNET: Notches, it seems, are the new black. Originally seen -- and often criticized -- on the Essential PH-1 and iPhone X in 2017, the trend of adding notches to Android phones has only accelerated this year as phone makers look to maximize the screen size. But the Lenovo Z5 is going the other way: It's truly all-screen, and notch-free. At least, that's according to a sketch shared last Friday by Lenovo VP Chang Cheng on Weibo, a Twitter-like platform in China. Cheng's teaser post says (according to Google Translate) that the Lenovo Z5 is the company's new flagship phone. Besides that, the post leaves it pretty vague.

All-screen phones look cool, but they challenge the manufacturer to find a place to put front cameras, sensors and other hardware. That's why we see bezels on some phones and notches on others. It's not clear what Lenovo plans to do with the front camera on the Lenovo Z5. Cheng's post claims that "four technological breakthroughs" and "18 patented technologies" were made for the phone, but doesn't go into details.
One of the first smartphones to launch with an edge-to-edge display was the Xiaomi Mi Mix. It launched with next to no bezel or notch, leaving many to wonder where the earpiece would be. What Xiaomi managed to do was use what it calls "cantilever piezoelectric ceramic acoustic technology." Basically, it's a component that converts electrical energy into mechanical energy to transfer to the phone's internal metal frame, which then vibrates to create sound. It's possible the Z5 relies on a similar technology, or bone conduction technology found in many headphones and some smartphones.

Aside from the front-facing camera and ambient light sensors, the other components that are typically found on the front of smartphones are relatively easy to drag-and-drop to different locations. For example, the speakers in the Z5 are likely bottom facing and the navigation controls are almost certainly software based. The question is whether or not it's worth having a true all-screen smartphone if it means there's no front-facing camera, ambient light sensors, or stereo speakers.
AMD

AMD Integrates Ryzen PRO and Radeon Vega Graphics In Next-Gen APUs (zdnet.com) 76

The three biggest PC OEMs -- Dell, HP, and Lenovo -- are now offering AMD Ryzen PRO mobile and desktop accelerated processing units (APUs) with built-in Radeon Vega graphics in a variety of commercial systems. There are a total of seven new APUs -- three for the mobile space and four for the desktop. As AMD notes in its press release, the first desktops to ship with these latest chips include: the HP Elitedesk G4 and 285 Desktop, the Lenovo ThinkCentre M715, and the Dell Optiplex 5055. ZDNet's Adrian Kingsley-Hughes writes about what makes Ryzen PRO so appealing: Ryzen PRO has been built from the ground up to focus on three pillars -- power, security and reliability. Built-in security means integrated GuardMI technology, an AES 128-bit encryption engine, Windows 10 Enterprise Security support, and support for fTPM/TPM 2.0 Trusted Platform Module. One of the features of Ryzen PRO that AMD hopes will appeal to commercial users is the enterprise-grade reliability that the chips come backed with, everything from 18-moths of planned software availability, 24-months processor availability, a commercial-grade QA process, 36-moth warranty, and enterprise-class manageability.

There are no worries on the performance front either, with the Ryzen PRO with Vega Graphics being the world's fastest processor currently available for ultrathin commercial notebooks, with the AMD Ryzen 7 PRO 2700U offering up to 22 percent more productivity performance than Intel's 8th-generation Core i7-8550U in testing carried out by AMD. AMD has also designed the Ryzen PRO processors to be energy-efficient, enabling up to 16 hours of battery life in devices, or 10.5 hours of video playback. The Ryzen PRO with Vega Graphics desktop processors are also no slouches, opening up a significant performance gap when compared to Intel Core i5 8400 and Core i3 8100 parts.
AMD also announced that it is sampling its second-generation Threadripper 2900X, 2920X and 2950X products. "For Threadripper Gen2 you can expect a refresh of the current line-up; an 8-core Threadripper 2900X, a 12-core Threadripper 2920X and of course a 16-core Threadripper 2950X," reports Guru3D.com. "AMD will apply the same Zen+ tweaks to the processors; including memory latency optimizations and higher clock speeds."

AMD has something for the datacenter enthusiasts out there too. Epyc, AMD's x86 server processor line based on the company's Zen microarchitecture, has a new promo video, claiming more performance, more security features, and more value than Intel Xeon. The company plans to market Epyc in an aggressive head-to-head format similar to how T-Mobile campaigns against Verizon and AT&T. Given Intel Xeon's 99% market share, they sort of have to...

Slashdot Top Deals