DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Iphone

Inside a Phishing Gang That Targets Victims of iPhone Theft (krebsonsecurity.com) 15

tsu doh nimh writes: Brian Krebs has a readable and ironic story about a phishing-as-a-service product that iPhone thieves can use to phish the Apple iCloud credentials from people who have recently had an iPhone lost or stolen. The phishing service -- which charged as much as $120 for successful phishing attempts targeting iPhone 6s users -- was poorly secured, and a security professional that Krebs worked with managed to guess several passwords for users on the service. From there, the story looks at how this phishing service works, how it tracks victims, and ultimately how one of its core resellers phished his own iCloud account and inadvertently gave his exact location as a result. An excerpt from the report via Krebs On Security: "Victims of iPhone theft can use the Find My iPhone feature to remotely locate, lock or erase their iPhone -- just by visiting Apple's site and entering their iCloud username and password. Likewise, an iPhone thief can use those iCloud credentials to remotely unlock the victim's stolen iPhone, wipe the device, and resell it. As a result, iPhone thieves often subcontract the theft of those credentials to third-party iCloud phishing services. This story is about one of those services..."
Security

Many Smartphone Owners Don't Take Steps To Secure Their Devices (pewresearch.org) 143

From Pew Research's new report: More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone's apps or operating system, about 40% say they only update when it's convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten smartphone owners report they never update their phone's operating system (14%) or update the apps on their phone (10%).
Android

Kickstarter Campaign Aims To Add a Full Android Device To the Back of Your iPhone (macrumors.com) 158

A new Kickstarter campaign aims to expand the iPhone's functionality with its "Eye Smart iPhone Case," which features a fully functional Android device built into the case itself. The campaign was launched on March 1 and has already raised over $100,000. Mac Rumors reports: An always-on 5-inch AMOLED display is built into the case, which runs the Android 7.1 Nougat operating system. The case connects to the iPhone using its Lightning port to enable file transfers, power delivery, and more. A microSD card slot provides up to 256GB of storage for holding photos, videos, and other media, all of which is accessible using the Android file explorer. A built-in 2,800 mAh battery provides additional charge to the iPhone, and the Eye case itself supports Qi wireless charging. Two SIM card slots are included, and higher-end models support 4G LTE connectivity, so up to three phone numbers can be used with an iPhone. Android exclusive features, like native call recording, the file explorer, customization, file transfers, and Android apps are all made available to iPhone users via the Eye case. A 3.5mm headphone jack lets iPhone owners with an iPhone 7 or an iPhone 7 Plus to use wired headphones with the device, and the Eye case includes NFC, an IR blaster and receiver for controlling TVs and other devices, and a car mount. It's available for the iPhone 6 and later, and will allegedly be available for the new wave of iPhones coming in 2017 within a month of their release. The Smart iPhone Case is available for a Super early bird pledge of $95, with prices going up for 4G connectivity. The estimated retail price is between $189 and $229.
Security

It's Possible To Hack a Smartphone With Sound Waves, Researchers Show (cnbc.com) 41

A security loophole that would allow someone to add extra steps to the counter on your Fitbit monitor might seem harmless. But researchers say it points to the broader risks that come with technology's embedding into the nooks of our lives. John Markoff, writes for the NYTimes: On Tuesday, a group of computer security researchers at the University of Michigan and the University of South Carolina will demonstrate that they have found a vulnerability that allows them to take control of or surreptitiously influence devices through the tiny accelerometers that are standard components in consumer products like smartphones, fitness monitors and even automobiles. In their paper, the researchers describe how they added fake steps to a Fitbit fitness monitor and played a "malicious" music file from the speaker of a smartphone to control the phone's accelerometer. That allowed them to interfere with software that relies on the smartphone, like an app used to pilot a radio-controlled toy car. "It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words" and enter commands rather than just shut down the phone, said Kevin Fu, an author of the paper, who is also an associate professor of electrical engineering and computer science at the University of Michigan and the chief executive of Virta Labs, a company that focuses on cybersecurity in health care. "You can think of it as a musical virus."
Portables

Can Crowdfunding Bring Back The Netbook? (salon.com) 240

"The mini-laptop's market niche got swamped by the iPad and the phablet," writes Salon, since the stripped-down hardware of tablets made them cheaper to produce. But now netbooks could be making a grassroots-fueled comeback, "thanks to the lower costs in electronics manufacturing and the fact that individual investors can come together to crowdfund projects." An anonymous reader quotes Salon: Michael Mrozek, the Germany-based creator of creator of the DragonBox Pyra, says "I never understood why they were gone in the first place. I have no idea why you would use a tablet. I tried one, and it's awkward to use it for anything else than browsing the Web"... He has already managed to raise several hundred thousand dollars through a private pre-order system set up on his geek's paradise online store. Once those initial orders have been filled, Mrozek said he will probably start up a mainstream crowdfunding campaign for his Linux handheld... "The niche was always there, but thanks to the Internet and crowdfunding, it's easy to reach everyone who's interested in such a device so even a niche product still gets you enough users to sell it. That wasn't possible 10 years ago."
Meanwhile, in just under two weeks Planet Computer raised $446,000 on Indiegogo, more than double the original $200,000 goal for their netbook-like Gemini computer (with a keyboard designed by the creator of the original Psion netbook). Planet's CEO Janko Mrsic-Flogel says "It's a bit like Volkswagen bringing back the Beetle," and predicts that the worldwide demand for netbooks could reach 10 million a year.
Android

Malware Found Preinstalled On 38 Android Phones Used By 2 Companies (arstechnica.com) 54

An anonymous reader quotes a report from Ars Technica: An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected. Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators. Check Point didn't disclose the names of the companies that owned the infected phones. Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."
Desktops (Apple)

MAC Address Randomization Flaws Leave Android and iOS Phones Open To Tracking (theregister.co.uk) 56

New submitter cryptizard writes: Modern Android and iOS versions include a technology called MAC address randomization to prevent passive tracking of users as they move from location to location. Unfortunately, researchers have revealed that this technology is implemented sporadically by device manufacturers and is often deployed with significant flaws that allow it to be easily defeated. A research paper [published by U.S. Naval Academy researchers] highlights a number of flaws in both Android and iOS that allow an adversary to track users even when their phones are using randomized MAC addresses. Most significantly, they demonstrate that a flaw in the way wireless chipsets handle low-level control messages can be exploited to track 100% of devices, regardless of manufacturer or operating system.
Verizon

Verizon Wireless Wades Right Back Into the Net Neutrality Debate With Fios Deal (theverge.com) 37

An anonymous reader quotes a report from The Verge: Verizon is taking a page out of AT&T's book by zero rating its Fios cable TV service for all Verizon Wireless customers. That means that if you purchase your mobile data plan from Verizon Wireless and your cable TV plan from Fios, you can now use the Fios Mobile app to stream live channels and on-demand shows and not have it count against your monthly data cap. (It should be noted that Verizon Wireless and Fios are separate subsidiaries, but both are owned by Verizon Communications.) This builds on Verizon's previous decision to zero rate its Go90 mobile app for customers of its own wireless service, which net neutrality advocates see as prioritizing its own products to the detriment of those from competitors and upstarts. One notable exception here is for customers with unlimited mobile data plans. Streaming Fios Mobile content will in fact count toward the unlimited plans' 22GB a month cap, after which Verizon will cap speeds. This caveat is not made clear in Verizon's marketing language, and instead is found only in the App Store release notes.
Security

Nearly 200,000 Wi-Fi Cameras Are Open To Hacking (bleepingcomputer.com) 46

An anonymous reader quotes a report from BleepingComputer: What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors. Security researcher Pierre Kim says the firmware produced by this Chinese vendor comes with several flaws, which have all made their way down the line into the products of other companies that bought the white-label (unbranded) camera. In total, nearly 1,250 camera models based on the original camera are affected. At the heart of many of these issues is the GoAhead web server, which allows camera owners to manage their device via a web-based dashboard. According to Kim, the cameras are affected by a total of seven security flaws. Yesterday, Kim said that around 185,000 vulnerable cameras could be easily identified via Shodan. Today, the same query yields 198,500 vulnerable cameras. Proof-of-concept exploit code for each of the seven flaws is available on Kim's blog, along with a list of all the 1,250+ vulnerable camera models.
Network

T-Mobile Raises Deprioritization Threshold To 30GB (tmonews.com) 60

An anonymous reader quotes a report from TmoNews: T-Mobile's new deprioritization threshold is 30GB of usage in a single billing cycle. While T-Mo didn't make an official announcement about the change, you can see in this cached page that the network management policy says 28GB: "Based on network statistics for the most recent quarter, customers who use more than 28GB of data during a billing cycle will have their data usage prioritized below other customers' data usage for the remainder of the billing cycle in times and at locations where there are competing customer demands for network resources." Navigating to the webpage today now says 30GB. What this change means is that if you use more than 30GB of data in one billing cycle, your data usage will be prioritized below others for the remainder of that billing cycle. The only time that you're likely to see the effects of that, though, is when you're at a location on the network that is congested, during which time you may see slower speeds. Once you move to a different location or the congestion goes down, your speeds will likely go back up. And once the new billing cycle rolls around, your usage will be reset.
Google

Google Confirms Small Number of Pixel Phones Have Broken Microphones (theverge.com) 68

An anonymous reader shares a report on The Verge: Google says that a small number of Pixel phones have broken microphones that need to be sent back for replacement. The issue is seemingly not that widespread. Google claims the issue is present on less than 1 percent of devices -- the company also announced that it would replace defective phones last month, and it went largely unnoticed until now. Google says the primary cause for Pixels having microphone issues is a "hairline crack in the solder connection on the audio codec," which causes all three of the device's mics to go out at once. The issue has apparently been known about for several months now. Google says it's been "taking additional steps to reinforce the connection" since January and that phones built or refurbished since then should be fine.
AT&T

FCC Investigating Coast-To-Coast 911 Outage For AT&T Wireless Users (nbcnews.com) 53

AT&T says it has fixed a nationwide outage that prevented its wireless customers from making 911 emergency calls. "Service has been restored for wireless customers affected by an issue connecting to 911. We apologize to those affected," the company officials said in a statement. The outage was serious enough to gain the attention of the Federal Communications Commission. The FCC chairman, Ajit Pai, said via Twitter that they are investigating what went wrong. NBC News reports: The company didn't say how widespread the outage was, but as reports poured in from across the country, Karima Holmes, director of unified communications for the Washington, D.C., government, said her office had been "advised there is a nationwide outage for AT&T." At 10:20 p.m. ET, about 10 minutes before AT&T gave the all-clear, DownDetector, a site that monitors internet traffic for real-time information on wireless and broadband carriers, indicated that outage reports for AT&T were clustered most prominently around New York City, Philadelphia, Washington, D.C., Chicago, Miami, Dallas, Houston, San Francisco, Los Angeles and Seattle. But emergency authorities across the country confirmed 911 outages and publicized direct police, fire and ambulance dispatch telephone numbers that AT&T customers should call in emergencies.
Security

Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking? 140

dryriver writes: A client has given you confidential digital files containing a design for a not-yet-public consumer product. You need to work on those files on a Windows 10 PC that has a wireless chipset built into it. What can you do, assuming that you have to work under Windows 10, that would make 3rd party wireless access to this PC difficult or impossible? I can imagine that under a more transparent, open-source, power-user OS like Linux, it would be a piece of cake to kill all wireless access completely and reliably even if the system contains wireless hardware. But what about a I-like-to-phone-home-sometimes, non open-source OS like Windows 10 that is nowhere near as open and transparent? Is there a good strategy for making outside wireless access to a Windows 10 machine difficult or impossible?
Spam

Exploit that Caused iPhones To Repeatedly Dial 911 Reveals Grave Cybersecurity Threat, Say Experts (9to5mac.com) 71

Ben Lovejoy, writing for 9to5Mac: We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one 911 center was in 'immediate danger' of losing service, while two other centers had been at risk -- but a full investigation has now concluded that the incident was much more serious than it appeared at the time. It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call. The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating. Of the 6,500 911 call centers nationwide, just 420 are believed to have implemented a cybersecurity program designed to protect them from this kind of attack.
Communications

New Technique Turns Random Objects Into FM Radio Stations (thestack.com) 69

"A new technology is enabling everyday objects, such as posters and clothing, to be transformed into FM radio stations," reports The Stack, citing research from the University of Washington. An anonymous reader quotes their report. The team has introduced a technique called "backscattering" which uses ambient low-power radio signals to broadcast messages from random objects to smartphones in the local vicinity.The researchers hope that the development could help support various smart city applications, and picture a future where anything from a poster at a bus stop to a road sign can transmit audio updates and information to passers-by.

During testing, the researchers were able to use the backscattering technique to create a "singing poster" which could send out the music of an advertised band to smartphone users at a distance of up to 4 meters and to cars in an 18-meter [59-foot] radius. "What we want to do is enable smart cities and fabrics where everyday objects in outdoor environments -- whether it's posters or street signs or even the shirt you're wearing -- can 'talk' to you by sending information to your phone or car," explained lead faculty and UW assistant professor of computer science and engineering Shyam Gollakota.

Slashdot Top Deals