Federal courts have opened the door for what may amount to the most substantial wifi upgrade in over twenty years. From a report: On Tuesday, a U.S. Court of Appeals for the District of Columbia Circuit issued a ruling where it supported the FCC's decision to divvy up 1,200MHz of spectrum in the 6GHz band for unlicensed use, a move that paves the way for the eagerly anticipated move to wifi 6E. Prior to the ruling, wifi was limited to broadcasting over 2.4GHz and 5GHz bands. That new spectrum represents the single largest addition since wifi was first introduced in 1989, the Verge notes. To put that in perspective, prior to the FCC's additions, wifi operated with just 400MHz of the spectrum. With that in mind, this new ruling should essentially increase the space available to wifi by four times.

When implemented, all this additional spectrum could provide enough capacity to allow seven maximum capacity wifi streams to broadcast in the same areas without interfering with one another, The Verge notes. Put more simply, this should translate to increased bandwidth with less interference for everyday users. Proponents of the FCC's decision, like agency Chair Jessica Rosenworcel, argue it will provide more wifi access in a greater number of places while simultaneously improving performance. All this extra space could also increase upload and download speeds as well.

"T-Mobile had another data breach," writes Slashdot reader motang. "This comes after the massive breach that affected millions of users this past summer." According to Android Police, a small number of accounts had their data viewed by an unknown individual -- including names, addresses, phone numbers, plan rates, and number of lines -- or fell victim to an unauthorized SIM swap, with a third subset of users facing both. From the report: For its part, the company has contacted individuals who were targeted in this breach, alerting them to specify what was or wasn't viewed and highlighting that this hacker stole no payment or password data to its knowledge. However, T-Mobile has yet to report any specifics about how many customers were directly affected. [...] It seems possible that this is another example of poor security practices, though we'll have to wait until T-Mobile delivers more information. The T-Mo Report was first to report the data breach.

An anonymous reader shares a report: The Motorola Razr was part of the first wave of foldable phones back in 2019, being the first to offer a clamshell form factor akin to the classic Razr feature phones. Motorola would follow up with the Razr 5G in late 2020, but Samsung's Galaxy Z Flip line had stolen its thunder by then. Now, Lenovo executive Chen Jin has revealed on Weibo that a third-generation Motorola Razr foldable is in the works. According to machine translation, the new foldable phone will have improved power, a tweaked interface, and a better appearance. It also seems like the phone could launch in China first.

An anonymous reader quotes a report from TechCrunch: As nostalgia goes, the Fisher-Price Chatter phone doesn't disappoint. The classic retro kids toy was given a modern revamp for the holiday season with the new release for adults which, unlike the original toy designed for kids, can make and receive calls over Bluetooth using a nearby smartphone. The Chatter -- despite a working rotary dial and its trademark wobbly eyes that bob up and down when the wheels turn -- is less a phone and more like a novelty Bluetooth speaker with a microphone, which activates when the handset is lifted. The Chatter didn't spend long on sale; the phone sold out quickly as the waitlists piled up. But security researchers in the U.K. immediately spotted a potential problem. With just the online instruction manual to go on, the researchers feared that a design flaw could allow someone to use the Chatter to eavesdrop.

Ken Munro, founder of the cybersecurity company Pen Test Partners, told TechCrunch that chief among the concerns are that the Chatter does not have a secure pairing process to stop unauthorized phones in Bluetooth range from connecting to it. Munro outlined a series of tests that would confirm or allay his concerns. [...] The Chatter doesn't have an app, and Mattel said the Chatter phone was released as "a limited promotional item and a playful spin on a classic toy for adults." But Munro said he's concerned the Chatter's lack of secure pairing could be exploited by a nearby neighbor or a determined attacker, or that the Chatter could be handed down to kids, who could then unknowingly trigger the bug. "It doesn't need kids to interact with it in order for it to become an audio bug. Just leaving the handset off is enough," said Munro.

An anonymous reader quotes a report from Gizmodo: A new report released by Ookla placed the U.S. at the very top of a list of 40 countries in terms of 5G availability. To determine this, Ookla tested to see what percent of users with 5G devices spent the majority of their time actually on 5G during Q3. Under that criteria, the U.S. ranked number one with 49.2% availability. But hold on, don't whip out your red, white, and blue foam finger just yet, it's not all good news. The actual download and upload speeds (in other words, the whole point) of 5G networks still vary significantly by country according to the report. Though the U.S. ranked first in availability, its actual download speeds were amongst the worst of early 5G adopter nations. Ookla placed median 5G download speeds at 93.73 Mbps in the US, far lower than the UK's 184.2 Mbps median and far lower still than South Korea, which led the pack at 492.48 Mbps. The U.S. placed around the same relative position for upload speeds as well. And while U.S. wireless customers can take some solace knowing they're on the top of the availability list, the list itself is unimpressive as a whole, especially in relation to the types of coverage necessary for 5G's most ambitious promises.

Boeing Chief Executive Dave Calhoun and Airbus Americas CEO Jeffrey Knittel have urged the Biden administration to delay planned deployment of new 5G wireless services, saying it could harm aviation safety. From a report: The executives in a joint letter seen by Reuters asked U.S. Transportation Secretary Pete Buttigieg to support postponing AT&T and Verizon's Jan. 5 deployment of C-Band spectrum 5G wireless. "5G interference could adversely affect the ability of aircraft to safely operate," the letter said, adding it could have "an enormous negative impact on the aviation industry." The industry and Federal Aviation Administration (FAA) have raised concerns about potential interference of 5G with sensitive aircraft electronics like radio altimeters.

Before Google Wifi was announced alongside the original Pixel phone, Google a year earlier released OnHub-branded routers from Asus and TP-Link. In late 2022, Google will end support for OnHub routers that will be seven years old at that time. 9to5Google reports: At six years old, currently, Google said "a lot has changed" in the router landscape, and that it will end support for them on December 19, 2022. This is according to emails that customers (via Droid-Life) have been receiving and a new support document. Until that date, "your OnHub router will continue to work as normal," but without security updates for new software features. The last combined OnHub and Google Wifi update came in October of 2019, while Google and Nest Wifi have had several OTAs since then. That said, a year later, the Google Home app added support for managing OnHub hardware ahead of the Google Wifi companion client getting deprecated.

Google recommends you "upgrade to a new Wi-Fi setup today" and emailed a 40% off Nest Wifi offer to existing OnHub router users that will be available until March 31, 2022. After December 19 next year, the OnHub router will continue to "provide a Wi-Fi signal" but no longer be manageable through the Google Home app, which is the downside of routers that are entirely managed via the cloud/companion app and do not offer local controls. While OnHub routers will continue to work and not disrupt existing networks, Google's decision to remove the ability to change basic settings is quite aggressive. Hopefully, the 2016 Google Wifi will see a longer support period.

Apple plans to add a 48-megapixel camera lens to the iPhone next year, followed by a periscope lens in 2023, according to analyst Ming-Chi Kuo. MacRumors reports: In a research note today with TF International Securities, obtained by MacRumors, Kuo said these iPhone camera upgrades over the next two years will help to boost Taiwanese manufacturer Largan Precision's market share, revenue, and profit. Kuo did not provide any further details, but he has previously claimed that the 48-megapixel camera will be limited to iPhone 14 Pro models and allow for 8K video recording, up from 4K currently. These high-resolution 8K videos would be suitable for viewing on Apple's AR/VR headset that is expected to launch next year, he said.

Kuo also previously claimed that iPhone 14 Pro models may support both 48-megapixel and 12-megapixel output, which would likely be achieved with a process known as pixel binning. Already in use on some Android smartphones, like Samsung's Galaxy S21 Ultra, pixel binning could allow iPhone 14 Pro models to shoot 48-megapixel photos in bright conditions and 12-megapixel photos in low-light conditions to preserve quality. Further ahead, Kuo reiterated his belief that at least one iPhone 15 model will gain a periscope lens in 2023, paving the way for significantly increased optical zoom. This lens would have folded camera optics, where light absorbed by the image sensor is bent or "folded," allowing for increased optical zoom while maintaining a compact design appropriate for smartphones.

A security researcher says an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk. From a report: Etizaz Mohsin told TechCrunch that the Airangel HSMX Gateway contains hardcoded passwords that are "extremely easy to guess." With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway's settings and databases, which store records about the guest's using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway's networking settings to unwittingly redirect guests to malicious webpages, he said. Back in 2018, Mohsin discovered one of these gateways on the network of a hotel where he was staying. He found that the gateway was synchronizing files from another server across the internet, which Mohsin said contained hundreds of gateway backup files from some of the most prestigious and expensive hotels in the world. The server also stored "millions" of guest names, email addresses and arrival and departure dates, he said. Mohsin reported the bug and the server was secured, but that sparked a thought: Could this one gateway have other vulnerabilities that could put hundreds of other hotels at risk? In the end, the security researcher found five vulnerabilities that he said could compromise the gateway -- including guests' information.

Necklaces and accessories claiming to "protect" people from 5G mobile networks have been found to be radioactive. The BBC reports: The Dutch authority for nuclear safety and radiation protection (ANVS) issued a warning about ten products it found gave off harmful ionizing radiation. It urged people not to use the products, which could cause harm with long-term wear. [...] The products identified included an "Energy Armor" sleeping mask, bracelet and necklace. A bracelet for children, branded Magnetix Wellness, was also found to be emitting radiation.

"Don't wear it any more, put it away safely and wait for the return instructions," the ANVS said in a statement. "The sellers in the Netherlands known to the ANVS have been told that the sale is prohibited and must be stopped immediately, and that they must inform their customers about this." The ANVS has published a full list of the products it identified as radioactive on its website. Further reading: Worried About 5G's Health Effects? Don't Be

wiredmikey shares a report from SecurityWeek: Security researchers at Google's Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations. If that makes you scratch your head, that was exactly the reaction from Google's premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group's Pegasus surveillance tool on iPhones.

"We assess this to be one of the most technically sophisticated exploits we've ever seen," Google's Ian Beer and Samuel Grob wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia. In its breakdown, Project Zero said the exploit effectively created "a weapon against which there is no defense," noting that zero-click exploits work silently in the background and does not even require the target to click on a link or surf to a malicious website. "Short of not using a device, there is no way to prevent exploitation by a zero-click exploit," the research team said.

The researchers confirmed the initial entry point for Pegasus was Apple's proprietary iMessage that ships by default on iPhones, iPads and macOS devices. By targeting iMessage, the NSO Group hackers needed only a phone number of an AppleID username to take aim and fire eavesdropping implants. Because iMessage has native support for GIF images (especially those that loop endlessly), Project Zero's researchers found that this expanded the attack surface and ended up being abused in an exploit cocktail that targeted a security defect in Apple's CoreGraphics PDF parser. Within Apple's CoreGraphics PDF parser, the NSO exploit writers abused Apple's implementation of the open-source JBIG2, a domain specific image codec designed to compress images where pixels can only be black or white. Describing the exploit as "pretty terrifying," Google said the NSO Group hackers effectively booby-trapped a PDF file, masquerading as a GIF image, with an encoded virtual CPU to start and run the exploit. Apple patched the exploit in September and filed a lawsuit seeking to hold NSO Group accountable.

Major U.S. air carriers warned on Wednesday that plans by AT&T and Verizon to use spectrum for 5G wireless services could be highly disruptive to air travel and cost air passengers $1.6 billion annually in delays. Reuters reports: Trade group Airlines for America (A4A) said if a new Federal Aviation Administration (FAA) directive for addressing potential interference from wireless transmissions had been in effect in 2019 "approximately 345,000 passenger flights, 32 million passengers, and 5,400 cargo flights would have been impacted in the form of delayed flights, diversions, or cancellations." At a hearing Wednesday, senators urged airlines to work to find a resolution. United Airlines CEO Scott Kirby said the 5G wireless issue "is the biggest and most damaging potential issue facing us. We want nothing more than to work to a solution." Southwest Airlines Chief Executive Gary Kelly said the FAA directive "would significantly impact our operations once it is deployed on Jan. 5." The wireless carriers are set to begin using the spectrum in just three weeks. Last week, the FAA issued new airworthiness directives warning interference from 5G wireless spectrum could result in flight diversions.

The aviation industry and FAA have raised significant concerns about potential interference of 5G with sensitive aircraft electronics like radio altimeters. In November, AT&T and Verizon agreed to delay the commercial launch of C-band wireless service until Jan. 5 after the FAA raised concerns. They also adopted precautionary measures for six months to limit interference. The FAA directives order revising airplane and helicopter flight manuals to prohibit some operations requiring radio altimeter data when in the presence of 5G C-Band wireless broadband signals. Aviation industry groups said they were insufficient to address air safety concerns. FCC Chairwoman Jessica Rosenworcel, who did not immediately comment on the airlines' analysis, has said she believes the issues can be resolved and spectrum safely used.

According to job listings on LinkedIn, Google appears to be working on an augmented reality device and operating system to pair with it. Ars Technica reports: On LinkedIn, operating system engineering director Mark Lucovsky announced that he has joined Google. He previously headed up mixed reality operating system work for Meta, and before that he was one of the key architects of Windows NT at Microsoft. "My role is to lead the Operating System team for Augmented Reality at Google," he wrote. He also posted a link to some job listings at Google that give the impression Google is getting just as serious about AR as Apple or Meta.

As 9to5Google discovered, one of the listings ("Senior Software Developer, Embedded, Augmented Reality OS") described Google's objective in clear terms: "Our team is building the software components that control and manage the hardware on our Augmented Reality (AR) products. These are the software components that run on the AR devices and are the closest to the hardware. As Google adds products to the AR portfolio, the OS Foundations team is the very first software team to work with new hardware." Other job listings say new hires will be working on an "innovative AR device." And one specifies that Google is "focused on making immersive computing accessible to billions of people through mobile devices." The roles are largely in the United States, but some are located in Waterloo, Ontario -- the HQ of Canadian smart glasses maker North, which Google acquired in 2020.

An anonymous reader quotes a report from The Washington Post: The U.S. Postal Service pursued a project to build and secretly test a blockchain-based mobile phone voting system before the 2020 election (Warning: may be paywalled; alternative source), experimenting with a technology that the government's own cybersecurity agency says can't be trusted to securely handle ballots. The system was never deployed in a live election and was abandoned in 2019, Postal Service spokesman David Partenheimer said. That was after cybersecurity researchers at the University of Colorado at Colorado Springs conducted a test of the system during a mock election and found numerous ways that it was vulnerable to hacking.

The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system. The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system.

The Postal Service system allowed people to cast votes on an Internet-connected mobile app similar to how they might add items to an online shopping cart or fill out an online survey. The votes were designed to be anonymous and to be recorded in multiple digital locations simultaneously. The idea is that each of those digital records would act as a check to verify the accuracy of the other records. This is essentially the same method that cryptocurrencies such as bitcoin use to ensure transactions are accurately recorded. But the system didn't protect against the numerous ways hackers might fake or corrupt votes, the University of Colorado researchers said. Those include impersonating voters, attacking the blockchain system itself so votes can't be trusted, flooding the system with information so it becomes too overwhelmed to function, and using techniques that undermine voters' privacy and the secrecy of the ballot. The researchers were able to successfully perform all those hacks during a mock election held on campus. "The Postal Service was awarded a public patent for the concept in August 2020, but had not previously revealed that it built a prototype system or tested it," the report notes.

Google's Pixel 6 line may have served as Android 12's big debut for higher-end phones, but Android 12 (Go edition) plans to bring many of the enhancements and features of Android 12 to lower-end phones, too. Google on Tuesday unveiled a host of new features for the Go edition that are set to roll out to devices in 2022. From a report: Google says that in addition to speed enhancements that'll help apps launch up to 30% faster, Android 12 (Go edition) will include a feature that'll save battery life and storage by automatically "hibernating apps that haven't been used for extended periods of time." And with the Files Go app, you'll be able to recover files within 30 days of deletion. Android 12 (Go edition) will also help you easily translate any content, listen to the news and share apps with nearby devices offline to save data, Google says. The company said Android Go has amassed 200 million users.

Apple has allowed app developers to collect data from its 1 billion iPhone users for targeted advertising, in an unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy. Financial Times: In May Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to "Ask App Not to Track," he clicked it and they vanished. Apple's message to potential customers was clear -- if you choose an iPhone, you are choosing privacy.

But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles. For instance Snap has told investors that it plans to share data from its 306m users -- including those who ask Snap "not to track" -- so advertisers can gain "a more complete, real-time view" on how ad campaigns are working. Any personally identifiable data will first be obfuscated and aggregated. Similarly, Facebook operations chief Sheryl Sandberg said the social media group was engaged in a "multiyear effort" to rebuild ad infrastructure "using more aggregate or anonymised data."

These companies point out that Apple has told developers they "may not derive data from a device for the purpose of uniquely identifying it." This means they can observe "signals" from an iPhone at a group level, enabling ads that can still be tailored to "cohorts" aligning with certain behaviour but not associated with unique IDs. This type of tracking is becoming the norm.

"Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them," reports Bleeping Computer, "even when running the latest firmware." Slashdot reader joshuark shared their report: The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people... Researchers at IoT Inspector carried out the security tests in collaboration with CHIP magazine, focusing on models used mainly by small firms and home users. "For Chip's router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version," Florian Lukavsky, CTO & Founder at IoT Inspector, told BleepingComputer via email. "The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other security issues...."

While not all flaws carried the same risk, the team found some common problems that affected most of the tested models:

- Outdated Linux kernel in the firmware
- Outdated multimedia and VPN functions
- Over-reliance on older versions of BusyBox
- Use of weak default passwords like "admin"
- Presence of hardcoded credentials in plain text form....

All of the affected manufacturers responded to the researchers' findings and released firmware patches.
The researchers demonstrated one exploit they found on one of the routers that extracted the AES key used for the firmware encryption, letting malicious firmware image updates pass verification checks on the device — and thus potentially planting malware on the router.

jd (Slashdot reader #1,658) shares another perspective on the same study from Security Week: Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity.

Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays?
But wait — it gets even more interesting...

The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.")

But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built.

While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities!

In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening!

An anonymous reader quotes a report from Reuters: Israel said on Thursday it was halting the use of mobile phone tracing to curb the spread of the new coronavirus variant Omicron, a practice that had been challenged by privacy watchdogs. Prime Minister Naftali Bennett's government authorized the surveillance technology, which matches virus carriers' locations against other mobile phones nearby to determine their contacts, to be used for Omicron cases on Nov. 27. That authorization will not be renewed after it lapses at midnight between Thursday and Friday, Bennett's office said in a statement, citing "up-to-date situational assessments."

The technology, originally developed by Israel's Shin Bet security agency for counter-terrorism and counter-espionage, had "contributed over the last week to the effort to break the chain of infection", the statement said. Israel has confirmed at three cases of the new variant and at least 30 others are suspected of having contracted it, the Health Ministry said. Earlier on Thursday, Israel's Supreme Court rejected a petition by four rights groups seeking to repeal the measure. "Considering the uncertainty around the Omicron variant and its effects..., it has not been proven that the Shin Bet authorization poses a disproportionate infringement on the right to privacy which would justify its striking down," the ruling said.

Apple's iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, Reuters reported Friday, citing people familiar with the matter. From the report: The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said. The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.