Category: Wireless


Apple patches serious security holes in iOS devices

Filed under: 3G, 4G, Apple, Applications, Cybersecurity, Exploit, iOS, iPhone, iPhone Repair, Jailbreak, Repairs, Security, Software, Technology, Telecom, Unlocking, Wireless by Ryan Boese — Leave a comment
May 7, 2012

Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here’s the skinny of this batch of updates:

  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine. These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google’s Pwnium contest at this year’s CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue was discovered and reported by Google’s security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  1. Navigate to Settings
  2. Select General
  3. Select About. The version after applying this update will be “5.1.1″.

Ryan says: As always, do not update to 5.1.1 if your iPhone is unlocked or jailbroken already or if you plan doing this in the future.

Tags: , , , , , , , , , , , , , , , , , , ,
Comment

New iPhone app enables self-destructing sext messages

Filed under: 3G, 4G, Applications, Cybersecurity, Exploit, Internet, iPhone, Mobile, Software, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
May 7, 2012

Sexting, or the act of sending sexually explicit messages or photographs between mobile phones, continues to grow increasingly popular. Mobile users often have private photos posted to the Internet without their permission, and politicians and celebrities alike have taken explicit photos that using mobile devices that were eventually leaked. Unfortunately for Anthony Weiner, the congressman wasn’t aware of an iPhone app by the name of Snapchat. The program is available for free in Apple’s App Store and allows users to send photos that self-destruct within 1-10 seconds. Images cannot be saved in the app, and Snapchat will even notify users if the recipient takes a screenshot — though there is no way to prevent screenshots from being taken, of course. It should also be noted that images are stored on the developer’s servers, and while the company “attempt(s) to delete image data as soon as possible after the message is transmitted,” it cannot guarantee messages will always be deleted. “Messages, therefore, are sent at the risk of the user,” the company’s privacy policy warns.

Source: Forbes / BGR

Tags: , , , , , , , , , , , , , , ,
Comment

If You Have a Smart Phone, Anyone Can Now Track Your Every Move

Filed under: Applications, Cybersecurity, Exploit, GPS, Mobile, Security, Technology, WiFi, Wireless, Wireless Internet by Ryan Boese — Leave a comment
April 20, 2012

Location services company Navizon has a new system, called Navizon I.T.S., that could allow tracking of visitors in malls, museums, offices, factories, secured areas and just about any other indoor space. It could be used to examine patterns of foot traffic in retail spaces, assure that a museum is empty of visitors at closing time, or even to pinpoint the location of any individual registered with the system. But let’s set all that aside for a minute while we freak out about the privacy implications.

Most of us leave Wi-Fi on by default, in part because our phones chastise us when we don’t. (Triangulation by Wi-Fi hotspots is important for making location services more accurate.) But you probably didn’t realize that, using proprietary new “nodes” from Navizon, any device with an active Wi-Fi radio can be seen by a system like Navizon’s.

Navizon’s technology is also reminiscent of the location data provided to retailers and marketers by Skyhook’s Spotrank system, which has a different set of pros and cons: That data is available for every point on the planet, but it only includes devices running Skyhook software.

The rollout of this technology means there are now at least three ways that users can track their locations indoors, where GPS is generally useless — bluetooth beacon, Spotrank (and proprietary vendor) databases of Wi-Fi hotspots, and Navizon’s I.T.S. nodes. It also marks the second way (that I know of) for you to be tracked via the location of your phone, whether you want to be or not. (The first requires access to your cell phone carrier, and is used for example to locate your position when you make a 911 call.)

It shouldn’t be surprising that carrying around a little RF transmitter in your pocket makes you visible to all sorts of tracking technology. Maybe it’s simply the (inevitable) commercialization of this fact that is somehow unnerving.

 

 

Source: Technology Review

Tags: , , , , , , , , , , , , ,
Comment

WARNING: Factory Resetting your Android may leave private data on your device

Filed under: Android, Applications, Blackberry, Cybersecurity, Exploit, Google, Mobile, OpenSource, Security, Technology, Wireless by Ryan Boese — Leave a comment
March 31, 2012

It’s never fun to have to issue a warning, but a new study by the LA Times indicates that the Factory Reset function on Android devices may not work as advertised. The site worked with a security expert to run a test on BlackBerry, Android, and iOS devices as well as PCs. It discovered that important, sensitive data could be retrieved on a large portion of Android devices even after the Factory Reset feature had been properly used.

Robert Siciliano, an identity theft expert from McAfee performed the experiment, where he purchased 30 used devices (mostly smartphones and laptops) from random users on Craigslist. His goal was to see how smart people were about removing their personal information from phones, but as it turns out, even though a majority of owners did correctly Factory Reset their Android devices, he was still able to retrieve vital data like “Social Security numbers, child support documents, credit card account log-ins, and a host of other personal data.” This finding is all the more disturbing since he could find no problems with the way iPhones, iPads, or BlackBerry devices delete their data. The only other weak link was Windows XP, which is so old it’s almost expected.

We’ve reached out to Google’s Android team to try and learn more about this potential vulnerability, but have not heard back as of publication. We’ll update this article if and when we get some answers.

Until we learn more, we don’t recommend that you don’t sell your used Android devices to anyone that you don’t know or trust. It’s quite possible that personal information could be leaked from it.

Ryan: I’ve owned a couple Android phones and I also have the Galaxy Tab.. I am back to BlackBerry and using the 9900, I find Android Phones to drop calls and bug out with force close errors more often like I like when using a phone.  And I can’t seem to drop this keyboard.. emails are much quicker on a BlackBerry than other devices. It would be interesting if RIM decided to let other companies use their keyboard design.

Source: DigitalTrends

Tags: , , , , , , , , , , , , , , , , ,
Comment

Tether: Wireless tethering for only $30 per year

Filed under: Android, Apple, Blackberry, Computers, Internet, iPhone, iPhone Repair, iPhone Tether, Technology, Tethering, WiFi, Wireless, Wireless Internet by Ryan Boese — Leave a comment
March 12, 2012

For those of you constantly traveling and unable to access a Wi-Fi connection for your Mac or PC, but unwilling to dish out the $360 a year that some carriers will require for native tethering, you can download Tether’s application for $15 for the first year and $30 for the years following.

While jail breaking is one option for avoiding the cost of tethering, other people may find that paying $30 per-year is worth avoiding the hassle of hacking a phone. Plus, for those of us who have a tendency to drop our phones, voiding the warranty and keep customer support and geniuses at bay is also reason enough to avoid the hack — which is why Tether is such a great service.

Initially launched in November 2011, Tether was originally accepted into Apple’s iTunes App Store. But the app was taken down only a few days later because it violated Apple’s terms. Since then, the team had been creating a workaround. And now, they’ve unveiled the latest version of Tether, built using its patent-pending technology, made possible by HTML5. This time around, the team decided to forgo the app’s submission to Apple altogether, seeing as how acceptance into the iTunes App Store was highly unlikely. Instead, Tether is entirely We-based, letting it bypass Apple’s scrutiny.

The service is available for Blackberry, iPhone and Android, and will currently work for any carrier throughout the world. But it’s a game of cat and mouse. Once the major carriers discern how to distinguish a tethered phone using HTML5 from a non-tethered phone, Tether users will run the risk of being forcibly upgraded to the carrier’s tethering plan, or risk being charged extra for the data sent while being tethered to your computer as per the carrier’s terms of service.

Using Tether isn’t too difficult as the video below will show you. You’ll need to download and install the appropriate software for your operating system, and proceed to create an ad-hoc network on your computer by entering in a password (if desired) for the auto-generated SSID. Note that if once Tether is open on your desktop, your current Wi-Fi connection will be disabled to make way for the tethered connection.

On your phone, find and select the ad-hoc network from list of available Wi-Fi. Then, using your mobile browser, you will be required to log into your paid account on tether.com/web. After logging in, you’re tethered and able to browse the Web on your computer right away.

 

Source: DigitalTrends

Tags: , , , , , , , , , , , , , , , , , ,
Comment

Apple wins ‘device destroying’ injunction against Motorola

Filed under: Android, Apple, Applications, Google, iPhone, Mobile, Motorola, OS, Repairs, Software, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
March 2, 2012

Apple, which continues to disrupt the mobile space with its patent litigation, has successfully won a case against rival Motorola, in which a photo management patent was infringed.

The German court ruling said that the “zoomed in” mode for viewing photos on Motorola’s Android handsets infringed the Apple-held patent, but not the “zoomed out” mode. EU Patent No. EP2059868 originally derived from another patent, which allowed photos to ‘bounce’ when they are over-scrolled; because people will attempt to claim anything nowadays.

FOSS Patents author Florian Mueller understands that Apple could order the destruction of devices if it chooses so.

“If Apple enforces the ruling, it can even require Motorola to destroy any infringing products in its possession in Germany and recall, at MMI’s expense, any infringing products from German retailers in order to have them destroyed as well.”

Having said that, Motorola played down the fears that devices could be subject to such ghastly ends by saying that doesn’t expect the ruling to affect future sales, and that it has “implemented a new way to view photos”, reports Bloomberg with a spelling mistake.

While Motorola can continue selling the devices, it did not comment on Mueller’s comments that would lead to ultimately the mass graves of Motorola phones. Motorola has said that it has already sought a workaround to prevent its smartphones from infringing Apple’s patent, thus rendering the court’s judgement effectively useless.

It appears from this, that not only is Germany a hot bed of patent activity, litigation — and frankly, trolling — but while one company sues another, the defendant in each case is more often than not forced to simply modify the software of the phones.

If you thought the patent wars were all in Apple’s favour, you would be wrong. It was just over a week ago when Apple pulled the plug on its iCloud and MobileMe push email feature within the borders of Germany, after Motorola won a patent claim of its own.

Source: ZDNet

Tags: , , , , , , , , , , , , , , , , , ,
Comment

iOS loophole gives developers access to photos, sources say a fix is coming

Filed under: Apple, Applications, Cybersecurity, Exploit, Hackers, iPhone, Jailbreak, Mobile, Repairs, Security, Software, Technology, Wireless by Ryan Boese — Leave a comment
February 29, 2012

Another day, another iOS security concern. Today’s confidence-defeating news comes from Nick Bilton at the New York Times. Bilton writes at the paper’s Bits blog that a loophole has been discovered in iOS which allows third-party developers access to your iPhone, iPad, or iPod touch’s photo and video location data… as well as the actual photos and videos themselves. It appears that if an app asks for photo location data on your device (and you approve the request for permission), that application will also be able to slurp down the photos and videos stored on your phone without any further notification. The Times report mirrors an earlier story from 9to5 Mac which detailed security issues on the platform.

Bilton had an unnamed developer create a dummy application which would replicate the offending functionality, and the developer was able to easily poach location information as well as photos and video from a test device. Other developers — such as Curio co-founder David E. Chen — sounded off on the issue. Chen told the Times that, “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.” Camera+ developer John Casasanta said that, “It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library.” The article also suggests that this loophole may have been introduced with the release of iOS 4 in 2010.

We reached out to Apple about the issue, but the company declined to comment.

All hope might not be lost, however. We spoke to sources familiar with the situation, and were informed that a fix is most likely coming for the loophole. According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature. If we had to guess, the fix will likely come alongside a patch for Apple’s other recent security issue — the ability for apps to upload your address book information without warning.

This story has clear echoes of that controversy, which came to light when a developer discovered that the app Path was downloading all of your device’s contact information to the company’s servers. In a follow-up report, we discovered that Path wasn’t the only app grabbing your info.

It will be interesting to see how Apple reacts to security breaches of this nature in the future. The company has long made it clear that it’s working to respect user’s privacy; at a glance it looks like these recent slip-ups are exceptions, not the rule.

Source: The Verge

Tags: , , , , , , , , , , , , , , , , , , ,
Comment

HTC tool unlocks bootloader on some Android devices

Filed under: Android, Applications, Bootloader, HTC, Technology, Telecom, Unlocking, Wireless by Ryan Boese — Leave a comment
December 31, 2011

Last summer, phone maker HTC raised eyebrows by announcing it would enable users to unlock the bootloaders on some of its most popular phones, enabling technically-inclined customers to root the devices and install custom operating systems or, really, any darn thing they like. Now, HTC has come through, releasing a tool to unload the bootloader on phones launched after September 2011. HTC also says it is working to make the bootloader operational on phones launched before September 2011.

The company has offered a complete list of devices currently supported by the tool. HTC notes some devices may never be supported by the unlock tool due to operator restrictions.

HTC had previously gone to some lengths to lock down bootloaders on its Android devices—partly as a defense against malicious software—but reversed course in the face of strong feedback from technically-inclined customers who feel that the ability to install their own custom operating systems is a key element of Android’s “openness.” (HTC says it was “overwhelmed by the enthusiasm of our fans.”) After all, what’s the point of an operating system being available as open source if programmers can’t download it and install it on devices?

For ambitious users, unlocking the bootloader may be a quick way to get Android 4 Ice Cream Sandwich onto HTC devices without waiting for official updates.

HTC is clear that it not officially supporting devices that have been unlocked with the bootloader, merely allowing users to unlock their devices at their own risk—and may mean they’re no longer covered by device warranties. HTC also notes that it’s possible unlocking devices may have unintended consequences, including overheating.

Ryan:  Ultimately, the main reason why I sold my HTC Desire Z and went back to BlackBerry was because of the buggy HTC Sense interface.  I am glad HTC is giving its customers more choice by allowing them to use a bootloader, “at their own risk” of course.

Source: DigitalTrends

Tags: , , , , , , , , , , , , , , , ,
Comment

Any GSM phone vulnerable to new scam: researcher

Filed under: Cybersecurity, Exploit, GSM, Hackers, Mobile, Security, Tablets, Technology, Telecom, Wireless by Ryan Boese — 3 Comments
December 27, 2011

A well-known expert on mobile phone security says a vulnerability in a widely used wireless technology could allow hackers to gain remote control of phones, instructing them to send text messages or make calls.

They could use the vulnerability in the GSM network technology, which is used by billions of people in about 80 percent of the global mobile market, to make calls or send texts to expensive, premium phone and messaging services in scams, said Karsten Nohl, head of Germany’s Security Research Labs.

Similar attacks against a small number of smartphones have been done before, but the new attack could expose any cellphone using GSM technology.

“We can do it to hundreds of thousands of phones in a short timeframe,” Nohl told Reuters in advance of a presentation at a hacking convention in Berlin on Tuesday.

Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up across Eastern Europe, Africa and Asia. Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.

The phone users typically don’t identify the problem until after they receive their bills and telecommunications carriers often end up footing at least some of the costs.

Even though Nohl will not present details of attack at the conference he said hackers will usually replicate the code needed for attacks within a few weeks.

Source: Reuters

Tags: , , , , , , , , , , ,
Comment

Samsung, You’re Doing It Wrong With Android 4.0

Filed under: 3G, 4G, Android, Applications, Droid, Google, Internet, Mobile, Samsung, Tablets, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
December 25, 2011

The No. 2 bestselling Samsung smartphone in history won’t officially see an upgrade to Android 4.0, leaving owners to decide among buying a newer phone, sticking with Android 2.3, or hacking on a custom build of Google’s latest mobile operating system. The reason Samsung won’t be offering such an upgrade? According to Samsung Tomorrow by way of the Verge, Samsung’s own customized TouchWiz user interface is the answer, which sounds more like a lame excuse than a valid explanation.

Samsung’s Galaxy Tab—a 7-in. slate I’ve been using daily for more than a year now—is also on the “won’t see Android 4.0″ list, says the Samsung Tomorrow blog. I can understand we’re looking at a smartphone and a tablet that made their debut in 2010, and there’s a limited shelf life for future updates on mobile devices. What I don’t understand, nor accept, is that the issue is Samsung’s user interface software. Even worse, I think Samsung is shooting itself in the foot. Here’s why.

You have to treat current customers well. On the one hand, I can see Samsung’s stance if it chooses not to bring Ice Cream Sandwich (ICS) to these older devices. From a financial standpoint, those handsets and tablets are already sold, and Samsung has earned all the income it’s going to from the sale of such devices. To bring Android 4.0 to the Galaxy S and Galaxy Tab, the company would have to invest time, effort, and money to deliver the software. It has no financial incentive to do so. But customers don’t care about that and could decide to buy a competing product if they feel slighted.

Software add-ons should never stop product advances. Some people like TouchWiz, and some don’t. The same could be said for HTC’s Sense. Both are user interface add-ons atop Google Android, and neither should be the primary cause of stopping an Android update. HTC once fell into this same trap with Gingerbread on its Desire handset and eventually compromised by removing some custom apps to make room for the update.

This isn’t a technical issue, it’s a bad decision. My first thought about this situation was that perhaps the Galaxy S and Galaxy Tab didn’t have the horsepower to run Android 4.0. Yet the Nexus S, made by Samsung, will get the ICS software, and it has very similar specifications to the Galaxy S in terms of memory, storage capacity, and processor. And I’m willing to bet the Android enthusiast community will have a custom build of Android 4.0 for both devices, if it doesn’t already. How sad is it that external developers can make this happen, when Samsung can’t?

Will most people who own a Samsung Galaxy S or Galaxy Tab be in an uproar over this? Probably not, as they’ll likely never know about Samsung’s decision, nor will they be thinking about Android 4.0 for devices that are 18 months old. But the decision sets a bad precedent and suggests that Samsung is more concerned with selling newer hardware than supporting existing customers and their current devices.

My suggestion would be a compromise of sorts: Offer a stock version of Android 4.0 for these devices with the customer understanding and accepting the fact that the TouchWiz interface will no longer be available after the upgrade. Unless there’s a real technical reason for the lack of an Android 4.0 upgrade—something Samsung should make clear—this might be the best answer. It wouldn’t cost nearly as much for Samsung to develop and test, while consumers thinking Samsung has let them down might be more accepting of the situation.

Ryan:  Samsung needs to seriously get their &%#* together.  I would like to update my Samsung Galaxy Tab, I find it buggy and it force closes way too much, too bad I will be forced to workaround this to put 4.0 on myself manually.

 

Source: BusinessWeek

Tags: , , , , , , , , , , , , , , ,
Comment