Showing posts sorted by relevance for query smartphone. Sort by date Show all posts
Showing posts sorted by relevance for query smartphone. Sort by date Show all posts

Android Vulnerability- Hacker Can Gains Complete Control Into Your SmartPhone

Posted by Avik Sarkar On 2/27/2012 07:40:00 pm

Android Vulnerability- Hacker Can Gains Complete Control Into Your SmartPhone  
 
Security experts have discovered a serious flaw in a component of the operating system of Google Inc’s widely used Android smartphone that they say hackers can exploit to gain control of the devices. Researchers at startup cyber security firm CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices.
CrowdStrike, which will demonstrate its findings next week at a major computer security conference in San Francisco, said an attacker sends an email or text message that appears to be from a trusted source, like the user’s phone carrier. The message urges the recipient to click on a link, which if done infects the device. At that point, the hacker gains complete control of the phone, enabling him or her to eavesdrop on phone calls and monitor the location of the device, said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike.
Google spokesman Jay Nancarrow declined comment on Crowdstrike’s claim. Alperovitch said the firm conducted the research to highlight how mobile devices are increasingly vulnerable to a type of attack widely carried out against PCs. In such instances, hackers find previously unknown vulnerabilities in software, then exploit those flaws with malicious software that is delivered via tainted links or attached documents. He said smartphone users need to prepare for this type of attack, which typically cannot be identified or thwarted by mobile device security software.
“With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices,” said Alperovitch, who was vice president of threat research at McAfee Inc before he co-founded CrowdStrike.
Researchers at CrowdStrike were not the first to identify such a threat, though such warnings are less common than reports of malicious applications that make their way to online websites, such as Apple’s App Store or the Android Market.
In July 2009, researchers Charlie Miller and Collin Mulliner figured out a way to attack Apple’s iPhone by sending malicious code embedded in text messages that was invisible to the phone’s user. Apple repaired the bug in the software a few weeks after the pair warned it of the problem.
The method devised by CrowdStrike currently works on devices running Android 2.2, also known as Froyo. That version is installed on about 28 percent of all Android devices, according to a Google survey conducted over two weeks ending February 1. Alperovitch said he expects to have a second version of the software finished by next week that can attack phones running Android 2.3. That version, widely known as Gingerbread, is installed on another 59 percent of all Android devices, according to Google. CrowdStrike’s method of attack makes use of a previously unpublicized security flaw in a piece of software known as webkit, which is built into the Android operating system’s Web browser.


-Source (MyBoradband, Google, CrowdStrike)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nokia is Developing "Meltemi" Linux OS For Low-end Smartphones

Posted by Avik Sarkar On 10/02/2011 03:25:00 pm


Nokia has underlined the importance of low-cost smartphones and now it appears that the company is developing a Linux-based OS for smartphones that will cost less than US$100 without subsidies.
The new OS is code-named "Meltemi," and the project is being led by Mary McDowell, Nokia's executive vice president in charge of mobile phones, according to sources familiar with the matter, the Wall Street Journal reported on Thursday.
The company has been hinting at plans for a reboot of its low-end smartphone portfolio. At its Connection event in Singapore Nokia said that Qt -- a Linux-compatible cross-platform application and user interface framework -- would be a good fit for lower-end devices, and before that McDowell said that Nokia needs to find a replacement for Series 40, according to Carolina Milanesi, research vice president at Gartner.
"So if you put the two together, we can see where this would fit in," said Milanesi.
Series 40 is the OS Nokia today uses on its feature phones, a product segment that is going away as users want smartphones. Nokia dabbled with a Linux phone two years ago, introducing the N900 running Linux. On the record, Nokia is keeping mum about its plans.
"Of course, we don't comment on future products or technologies. However, I can say that our Mobile Phones team has a number of exciting projects in the works that will help connect the next billion consumers to the Internet," a spokesman said via email.
Nokia choosing Windows Phone over Android has put the company in a tight spot when it comes to low-end smartphones. There is no question that Android is pushing the price of smartphones to levels that are considerably lower than that of smartphones based on Windows Phone in the near-term, which means that Nokia has a gap in its portfolio, according to Ben Wood, director of research at CCS Insight. "That means Nokia either needs to scale up Series 40 and make it a more robust competitor with a smart-like experience or look at alternative options, and [Meltemi] could be one of the other options," said Wood.
Nokia can't afford to bet its entire future on Windows Phone and if it wants to remain the volume leader it needs to step up its efforts in the low-end smartphone segment, he said.
The low-end smartphone market is increasingly important and will become the largest smartphone market segment, according to Francisco Jeronimo, research manager at IDC. Sales of less expensive smartphones are already growing faster that high-end models in Western Europe and the availability of low-end smartphones will be crucial to increase sales in emerging markets, he said.

The opportunity is so big that no one can afford to ignore it, not even Apple, Jeronimo said, adding that he won't be surprised if the company releases a cheaper version of the iPhone next week. For Nokia, a logical venue for the public launch of Meltemi would be at Nokia World in London at the end of October. The drawback is that Meltemi risks being drowned by the expected launch of Nokia's first Windows Phone, according to Wood. 


-News Source (PC World)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BlackBerry 6 WebKit Vulnerability Patched, RIM Publishes Full Security Advisory

Posted by Avik Sarkar On 10/26/2011 04:47:00 am


This latest security advisory goes to show why RIM’s current model for carrier approved OS updates is not ideal. RIM put out what they call a security notice about a BlackBerry 6 WebKit browser vulnerability back in March of this year for an exploit found in the BlackBerry 6 Browser at Pwn2Own that month. RIM said back then that devices updated to OS 6.0.0.526+ were safe from the vulnerability. They then finally issued a security advisory this week for the same old vulnerability with quite a few more details about it. The reason RIM took so long to release the advisory was because RIM had to wait for carriers to approve the security software update. RIM provided the fix within two weeks of learning of the vulnerability. Now SIX MONTHS LATER RIM has found that “a sufficient number of wireless services providers” have made the update available to their customers.
Overview:-
This security advisory addresses three specific vulnerabilities affecting the implementation of open source WebKit technology in the BlackBerry Browser in BlackBerry 6. Successful exploitation of the vulnerabilities requires the BlackBerry smartphone user to browse to a website that the attacker has maliciously designed. A successful attack could result in remote code execution (RCE) on a smartphone running BlackBerry 6. An attacker exploiting these vulnerabilities could read or write to the built-in media storage section of a BlackBerry smartphone or to the media card but could not access user data that the email, calendar, and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone.
The most severe of the three vulnerabilities has a CVSS score of 6.8. The least severe has a CVSS score of 5.0. At this time there is no evidence of the vulnerabilities being used in attacks against the BlackBerry platform, and RIM is not aware of any impact to BlackBerry customers as a result of these vulnerabilities. 
Note:- KB26132 was previously published as a Security Notice to responsibly advise customers about the existence of one of the three vulnerabilities, which had been publicly disclosed, and provide workaround options in lieu of a software update to address that issue for all affected customers. This Security Advisory replaces that Security Notice and provides full details of publicly available software updates that address that issue and two related issues, and urges affected customers to upgrade.

For more details click Here



-News Source (RIM & Berry Review) 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Linux-based mobile OS Targeting Android

Posted by Avik Sarkar On 7/31/2011 03:47:00 pm


A Linux-based mobile OS is set to launch in China, presenting a possible threat to competitors as they vie for smartphone and tablet customers in the Asian market.
Chinese ecommerce company Alibaba says it will launch its Aliyn OS at the end of the month, after working on it for three years. Phone manufacturer Tianyu intends to sell the Aliyn-based K-Touch Cloud-Smart Phone W700 for $416 in several days, with plans to market a tablet soon.
Aliyn's main features include the ability to run Android apps in the cloud, as well as those created with JavaScript and HTML5. It offers users cloud-based email, data, text message and photo storage too, besides regular web search and GPS.
"Introducing cloud apps to mobile devices not only brings a whole new user experience, but also greater ease for third-party mobile software developers who will be able to use Internet technology such as HTML5 and JavaScript to reduce the complexity in the app development process," said Wang Jian, president of Alibaba Cloud Computing.
In most regions of the world, Aliyn would face fierce and nearly devastating competition from Google's Android and Apple's iOS. But in China where Tianyu's new phone is set to launch, the OS may have a chance. The country's mobile broadband infrastructure is still underdeveloped and essentially up for grabs to whoever can create the biggest presence there first.
China is still behind in the smartphone market, though 3G subscriber numbers jumped nearly 50 percent to almost 70 million last April. But given the country's enormous population, 70 million is a small number compared to the U.S. market, in which nearly half of phone owners have smartphones.
If Aliyn can create a foothold in time, then, it may stand a chance against planned marketing onslaughts from rivals Apple, Google and Nokia, which are also angling for the Chinese market.
Apple's COO Tim Cook reportedly held talks with China Mobile to introduce the iPhone on its network. Doing so would give it 600 million more customers in the country, especially if Apple also decides to provide a cheaper, prepaid version of its iPhone 3GS.
Android smartphone maker HTC also reports increased success in the Asian market, shipping 11 million smartphones inside China this last quarter.
Other Android phone manufacturers too have their eyes on the populous country, as analysts predict over one billion people there will own smartphones in the next five years.
Nokia too is looking to push into Asia with lower-end handsets, which could take a chunk out of smartphone sales since the latter tend to be more affordable.
The competition is fierce, but this unexplored market is up for grabs, and upstarts like Aliyn may see success if it can grapple with rivals for the upper hand. 

-News Source (Mobiledia)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android 4.4 'KitKat' -The More Compatible, Intelligent and Simple Android Ever

Posted by Avik Sarkar On 12/07/2013 12:33:00 am

Android 4.4 'KitKat' All You Need to Know-The More Compatible, Intelligent and Simple Android Ever 

Earlier we have discussed several times on android- which is one of the world's most popular and widely used operating system based on Linux kernel, mainly designed for smartphones and tablet computers. Since last four years we have got various flavor of android among them 2.2 (Froyo), 2.3.3–2.3.7 (Gingerbread), 3.2 (Honeycomb), 4.0.3–4.0.4 (Ice Cream Sandwich) & 4.1.x-4.3.x (Jelly Bean) successfully drawn public attention and gained popularity. After the success of Jelly Bean, now Google has introduced Android 4.4 nicknamed 'KitKat.' Official website of android explained the reason of this nomenclature -'as everyone finds chocolate so tempting, we decided to name the next version of Android after one of our favorite chocolate treats, the KitKat®!' Immediately after this release android 4.4 is vogue as with this version of android Google improved performance and memory usage, makes this version more compatible than ever; you can easily try KitKat on your older smartphones. Now lets illuminate android 4.4 briefly-

Introduction:-
Readers, I will introduce a simple way the new features of the version of android, "The KitKat" Accompanies the more intelligent and simple search for Android, says the official Google blog, and more importantly, Should Have compatibility with older devices. This means more people que can have access to the innovations than other Android updates.

Performance and improved use of memory:-
Many of the major changes are the KitKat under the hood. The overall performance should improve, especially in relation to RAM. The Android developers site says "KitKat streamlines all the key components to reduce memory consumption", so even older smartphones running Android 4.4 will be faster and more responsive - even with 512MB of RAM. The multitasking should work better and you can switch applications without lock your smartphone.

Simpler and more powerful: (Google Now)
The Google Now gained much prominence in KitKat, with quick, more cards, and more features without using their hands. Not too can wake up your smartphone to start a search and take a picture saying only "OK Google Now"? It's like Google Glass, but on your smartphone.
The Google Now will also gain space on your homescreen, if you want (and you can slide left to right to find it), and Google will add more cards to make your smartphone smarter automatically suferindo things based on your interests , location, and more.

Support SMS, location sharing, and animated GIFs in Hangouts:-
Google announced this week that Hangouts will turn the main messaging app - is text messaging, video calls and instant. If you hate having your conversations scattered in several different apps, with KitKat you need only Hangouts, which replaces the old Mail app.
The use of location sharing can be very convenient when you're meeting a friend and wants to tell exactly where it is.
Finally, if you like to put emojis in messages, are present in many new keyboard Google.

Improvements in NFC, Cloud Printing and File Management:-
The KitKat also includes improvements that developers can now use apps to improve their apps. Regarding the NFC, it may automatically take you to the right app when you touch your device into a payment terminal. Printer manufacturers can develop served to send print files from Android to your printer. And the new framework for access to storage provides a consistent way to access files stored in other facilities in other apps (eg, open or save files in Dropbox or Box when you're in the browser).
In short, I will whole heartily agree with Google while saying -KitKat 4.4 is Smart, simple, and truly yours To know more about Android 4.4 'KitKat' click here

While concluding this article, I on behalf of Team VOGH, want to thank our new guest editor Mr. Rafael Souza, for sharing his view and extensive thought on android 4.4. Rafael we love you. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

iPhone Can Be Used As Spyware & Can Snoop Desktop Typing

Posted by Avik Sarkar On 10/20/2011 11:12:00 pm



A team of researchers at Georgia Tech have demonstrated how they were able to spy on what was typed on a regular desktop computer's keyboard via the accelerometers of a smartphone placed nearby. Normally when security researchers describe spyware on smartphones, they mean malicious code that can be used to snoop on calls, or to steal the data held on mobile phones.
In this case, however, researchers have described how they have put software on smartphones to spy on activity outside the phone itself - specifically to track what a user might be doing on a regular desktop keyboard nearby. It sounds like the stuff of James Bond, but the researchers paint a scenario where a criminal could plant a smartphone on the desk close to their target's keyboard and use specialist software to analyse vibrations and snoop on what was being typed. It's a quite beautiful twist on how bad guys could use microphones to "hear" keystrokes and spy on your passwords.
Patrick Traynor, an assistant professor in Georgia Tech's School of Computer Science, admits that the technique is difficult to accomplish reliably but claims that the accelerometers built into modern smartphones can sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.
"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Traynor. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."
Indeed, a photograph of the researcher shows him posing with what appears to be an Android smartphone.

The study's authors also determined that because the smartphone had to be within a range of just three inches from the keyboard, phone users who left their phones in their pockets or purses, or simply moved them further from the keyboard would be well defended.
The researchers admitted that the likelihood of an attack of this nature "right now is pretty low", and I'm not planning to lose any sleep over the threat. Nevertheless, if you manage to get the chance do take some time to read the paper: "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers"

-News Source (NS, Computer World, Georgia Tech's School)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft blocks updates for cracked versions of Windows Phone 7

Posted by Avik Sarkar On 5/14/2011 04:55:00 pm


Microsoft is constantly and successfully combats pirated copies of its operating systems. Recently, they decided to apply their skills to its new operating system Windows Phone 7, as the company reported in its official blog.
Smartphone owners, upgrade your phone based on WP7 any way different from the official way to upgrade the firmware now can not get operating system updates. With utility Zune is no longer possible to install firmware 7392, which was released on May 3 and includes important bug fixes. All new firmware will automatically check for software smartphone and if it detects illegal software then install the new firmware version will be discontinued.
The latest version of flash, buyout will install smartphone with cracked software - 7390 (NoDo) released in March.
For the first time Windows Phone 7 was hacked in November 2010. This allowed users to install applications from any source, not from the official store Microsoft. At the end of the week, program to crack Chevron WP has been removed from easy access by developers. The reason for such action was an agreement with Microsoft, the deal were not disclosed.
Nonetheless, the creators of Chevron WP7, in his twitter reported that Microsoft is still considering the possibility to allow users to update the firmware hacked versions of smartphones.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nokia will Launch Mobiles with Microsoft Platform In 2011

Posted by Avik Sarkar On 6/21/2011 05:26:00 pm


Nokia is facing steep competition from competitors in several products. At the top end of the market it is struggling against smart phones such as Apple's iPhone, Research in Motion's Blackberry as well as Android, and on the lower end against emerging market phone makers who are dropping their prices.Nokia will start to deliver the Windows-based mobile phones in bulk next year, CEO Stephen Elop said in a speech at a technology trade show in Singapore. Finnish handset maker Nokia Corp. plans to introduce its first mobile phones using the Microsoft Windows operating system this year, the company's chief executive said Tuesday.  "Our primary smartphone strategy is to focus on the Windows phone," Elop said. "I have increased confidence that we will launch our first device based on the Windows platform later this year and we will ship our product in volume in 2012." Elop has acknowledged Nokia has been too slow to meet the challenge from competitors and has hinted that the company would drop its cellphone prices. Last month, the company warned both sales and profit margins in the second quarter would be substantially below previous forecasts. Nokia also unveiled Tuesday its N9 smartphone, which is based on the MeeGo platform. The company said it plans to launch up to 10 new Symbian-based smartphones over the next 12 months. Elop said the N9 would go on sale later this year, but declined to specify the date or price. Nokia developed MeeGo last year in a partnership with U.S. chipmaker Intel Corp. In February, Nokia turned to Microsoft's Windows Phone software as its main smartphone operating system.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Think Android: National Security Agency Disclosed Smartphone Strategy

Posted by Avik Sarkar On 3/06/2012 08:42:00 pm

Think Android: National Security Agency (NSA) Disclosed Smartphone Strategy
The National Security Agency has come up with a security design that currently depends on Google Android smartphones, though the NSA contends it doesn't want to be wedded to any particular smartphone operating system. But its current "Fishbowl" phones, as they are called, are beefed-up highly secured Motorola Android smartphones that use double-encryption for voice traffic and a unique routing scheme for 3G network traffic back to the NSA first for security purposes. This design makes them suitable for classified information sharing with other like smartphones, according to Margaret Salter, technical director at NSA's information assurance directorate, who spoke about the so-called "Fishbowl" project, which today focuses on voice use of smart phones.
"We wanted to use the commercial standards that are out there," said Margaret Salter, technical director in NSA's information assurance directorate. "We wanted plug and play — but that was hard." The NSA also wants interoperability in order not to be trapped in vendor ok-in, but this is turning out to be hard to achieve. Earlier in January 2012 NSA has released the first public release of the Security Enhanced (SE) Android Project, a program designed to find and plug security holes and risks in the Android flavor of Linux. SE Android is based on the NSA’s SELinux, first released in 2000.
The NSA looked at SSL VPN as a standard and left no stone unturned in exploring commercial SSL VPN for mobile, but found utter lack of interoperability across vendor products. Salter said NSA also was frustrated with the lack of interoperability in Unified Communications Systems (UCS) products, noting that buying one piece often meant buying several others, there being little evidence of multi-vendor interoperability. So with some frustration, NSA changed to go with an open-source Session Initiation Protocol (SIP) server for the present. NSA also switched its mobile security strategy toward IPSec VPN, where things looked better in terms of interoperability than SSL VPN, and selected the Secure Real-Time Transport Protocol for Voice App and Transport Layer Security (TLS) with keys. This all means "the voice call is doubly encrypted," Salter said. "There's VoIP encryption and IPsec encryption."


-Source (IT World)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

eCrypt Me & eCrypt One On One -Incredible Email Security Solution (More Security & Privacy)

Posted by Avik Sarkar On 3/23/2012 03:44:00 pm

eCrypt Me & eCrypt One On One- Incredible Email Security Solution (More Security & Privacy

To implement more security and privacy eCrypt Technologies has developed two incredible email security solutions in the United States. ‘eCrypt Me’ and ‘eCrypt One On One’ are the two latest security solutions which are cost-effective, user-friendly and easy to use. Both solutions are available on a trial basis on the company’s website. ‘eCrypt Me’ is a web based email security solution that offer a secure environment to users of all types of email. ‘eCrypt One On One’ is an email encryption software for BlackBerry smartphone users. Both of the email security solutions use a combination of AES256 and ECC521 algorithms to secure all data. According to Brad Lever, CEO of eCrypt technologies - “Our goal is to provide the highest level of security to users across the world. We believe in making security solutions simple yet effective, so that implementation of our solutions does not become a headache for our users”

Brief Description:- 
‘eCrypt Me’ offers a web based email encryption, secure file storage and secure document sharing platform to all existing email addresses, whether its Gmail, Yahoo Mail, Hotmail, POP, IMAP, Exchange, GroupWise, or other. Users can use their existing email identities to send and receive emails on the platform. The web based email security solution includes a secure File Vault which secures online document storage and file sharing. The email security solution is very easy to use and secured data in unsecured, public, free Wi-Fi environments, preventing unauthorized data interception threats. For BlackBerry smartphone users, ‘eCrypt One on One’ provides the highest level of encryption, unbeatable by hackers. The encryption software is downloaded directly to the smartphone and embeds itself into the BlackBerry operating system. The software generates unique random key sets for each contact. Users can select which messages to encrypt by adding contacts to the software’s Secure Contact List. ‘eCrypt One on One’ has been designed to encrypt emails sent between two people. 

For More information & to use eCrypt Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Deodorizes Sniffable Android Security Flaw

Posted by Avik Sarkar On 5/20/2011 06:51:00 pm



A new round of patching has begun for Android phones, the vast majority of which were found to be vulnerable to hackers if the owner was using it on an open WiFi network. The flaw affected 99.7 percent of all Android smartphones running Android 2.3.3 and earlier versions because they don't use a secure HTTPS connection, according to researchers.

Google (Nasdaq: GOOG) has begun rolling out a patch to fix a security flaw in versions 2.3.3 and earlier of its Android mobile operating system.
That flaw affects all Google services using the ClientLogin authentication protocol.
It lets hackers access any personal data available through Android's application programming interfaces (APIs).
"The flaw is now fixed for all versions of Android worldwide," Google spokesperson Randall Sarafa told LinuxInsider.
The patch is being rolled out in stages over several days, Sarafa said.

The Hole in Android
The flaw gained media attention after it was publicized by the University of Ulm.
Here's how it works: When an application wants to get access to Android's APIs, it requests an authentication token through ClientLogin by providing an account name and password.
The system then returns an authorization token, which is good for up to two weeks.
If the token is used in requests sent over unencrypted networks, such as WiFi networks, hackers can steal it. They can then use the token to access any personal data made available through the service API.
The hackers will gain full access to the victim's calendar, contacts information, or private Web-based photo albums. They'll be able to view, delete, or modify any calendar events, contacts, or private pictures, the Ulm University researchers said.
The flaw affected 99.7 percent of all Android smartphones running Android 2.3.3 and earlier versions because they don't use a secure HTTPS connection, the researchers said.
Google's patch forces an HTTPS connection for calendar and contacts sync on Android, Sarafa said.

More on the Flaw

Authentication tokens are widely used for online services such as eBay (Nasdaq: EBAY). They are also used by software and application vendors such as Microsoft (Nasdaq: MSFT) and Splunk, and in Apple's (Nasdaq: AAPL) iOS mobile operating system.
There was a problem with the authentication token on Android because Google's implementation was faulty, Paul Laudanski, director of ESET's cyber threat analysis center, told LinuxInsider.
"The entry point is having an unpatched or vulnerable Android system connecting to Google services using ClientAuth over an unencrypted public WiFi network," Laudanski explained. "The correct implementation is to transmit the authorization token in a secured manner."
Google services transmit the authorization token as an open text message, which can be easily stolen.
If the technology is implemented correctly and the authorization tokens are sent securely, then even if an unencrypted WiFi network is used, the user information would appear as garbage to snoopers, Laudanski pointed out.
Google's implementation of the technology may not have been faulty in and of itself, argues Mike Paquette, chief strategy officer at Top Layer Security.
"The problem appears to be the use of the ClientLogin protocol, allowing these sniffable authentication protocols, combined with a long expiry time," Paquette told LinuxInsider. "This makes exploits practical and even likely," he added.
Android smartphone owners should stay away from heavily used public WiFi hotspots, Paquette warned. "It's likely that attackers would target areas with large numbers of users of public WiFi in order to have the greatest return," he explained.

Old Problems Refreshed

The security flaw in Android was apparently first discovered by Dan Wallach of Princeton University, who blogged about it in February.
In an experiment during his undergraduate security class, he set up a sniffer with fellow students to listen in on his Android smartphone. They used Wireshark and Mallory.
Wireshark is a network protocol analyzer for Unix and Windows. Mallory is a transparent TCP and UDP proxy. It can be used to access network streams and assess mobile Web applications, among other things.
UDP, the User Datagram Protocol, is one of the core members of the Internet Protocol (IP) Suite. It lets applications directly send messages, or datagrams, to other hosts on an IP network.
The team found that Google doesn't encrypt traffic to Google Calendar, although it properly encrypts traffic to Gmail and Google Voice. Eavesdroppers could see victims' calendar transactions and likely impersonate them on Google Calendar, Wallach found.
The University of Ulm researchers built on Wallach's research.
Android smartphone users should apply the same security precautions to their devices as they would do with their laptops, Torsten George, vice president of marketing Reach More Customers with Live Chat - Free Whitepaper at Agiliance, told LinuxInsider.
"Smartphones are essentially taking on the role of a regular computer," George pointed out. "Thus, they are just as vulnerable to attack by cybercriminals as regular laptop or desktop computers."
Because they lack built-in security, smartphones "open up a bigger attack surface than traditional computer devices," George added

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Your Car At Risk, Hackers Can Attack Modern Cars Remotely

Posted by Avik Sarkar On 12/16/2011 01:33:00 pm


Hackers could attack modern cars without even touching them, as new car models roll off the line loaded with complex IT systems running millions of lines of software code, it's become evident that hacking a car to gain external control of it is possible. While actual cases in the field are rare, the industry is moving to secure its systems and prevent cars from becoming a major target said by Brian Jackson a security researcher. In the exclusive report he said: An unsuspecting driver opens her door and steps into her new car, placing her smartphone on the dash as it connects with the in-car infotainment system for hands-free features. Little does she know there's a Trojan virus on her phone just waiting to be connected to a car – and it executes malicious code on the vehicle's embedded software. Suddenly a hacker has the ability to track her car, unlock the doors, or even control the climate controls and speaker volume.
It sounds like a scene out of the next James Bond film, but the above scenario could be a reality today. As auto makers look to woo consumers with snazzy in-car technology features, they are also opening up personal vehicles to the underground community of hackers that have long targeted computer users. In-car IT systems such as Ford's Sync or General Motor's OnStar could be opening up exploits that allow hackers to take control of your car without even laying hands on it.
While complex in-car IT systems are so new that actual car hacking cases in the field are virtually non-existent, researchers have demonstrated it's possible. But investigations into car hacking by police may be impossible at this point because of a lack of forensics capability to detect malware. All the more reason for security vendors like McAfee, now a division of Intel Corp., to push car manufacturers to pay serious attention to security.
“It shouldn't be the responsibility of the consumers to have to secure these systems,” says Tim Fulkerson, senior director of marketing at McAfee embedded security group. “Just as manufacturers have built in seat belts and air bags, now that they're moving to software innovation, they need to bring software security into these vehicles.”
Best known for its PC antivirus software, McAfee is now working with car makers to build secure enough systems that consumers won't end up buying virus scan software for their ride. When it comes to car makers and securing IT system, Fulkerson says it “is certainly not their area of expertise.”
Perhaps that's why a team of car-hacking researchers from the University of Washington and the University of California at San Diego have had so much success. Dubbed the Center for Automotive Embedded Systems Security (CAESS), the team demonstrated in May 2010 how a criminal with physical access to a car could implant malware. Then in August 2011, the team showed an external car hacking attack could be mounted through various paths including Bluetooth and cellular radio.
One such attack was executed after the researchers reverse-engineered a car's telematics operating system and found the program responsible for handling Bluetooth functions. From there, they planted a Trojan horse (a piece of malicious software) on an HTC Dream smartphone that monitors for new Bluetooth connections and if it finds a telematics unit, sends the payload.
Researchers were also able to use special hardware to “sniff” the MAC address of the Bluetooth connection needed for pairing new devices with the telematics unit. After cracking the password through brute force, or machine-assisted repeat attempts, the Trojan could be uploaded from a device in the attacker's hands.
But seeing such an attack executed in the wild today is unlikely, according to Patrick Neal, a program coordinator for crime and intelligence analysis at the B.C. Institute of Technology (BCIT). He had his students explore car hacking methods identified by the CAESS group and others. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Why did Microsoft spend $8.5bn on Skype? (Detailed Report)

Posted by Avik Sarkar On 5/16/2011 04:36:00 pm


Microsoft Skype
In a bold move, Microsoft acquires Nokia and catapults itself to the top of the smartphone world. The full integration of Windows Phone 7 software into Nokia hardware will result in a better user experience for customers, a zero-fragmentation platform for developers, easier deployment of a smaller number of SKUs for retailers, and more reliable update management for carriers.
It's worked before. Microsoft's hardware/software integrated devices, Xbox and Kinect, are enjoying strong revenue growth and great margins: $1.9bn revenue last quarter, 50% more than last year, with 10% operating profit.
In a prepared statement, Microsoft CEO Steve Ballmer says:
I welcome Stephen Elop back into my executive staff. His brief leave of absence has allowed us to more fully explore the possibilities of combining the best smartphone hardware, Nokia's, with the best OS, Windows Phone 7. Google's anticompetitive Android free and open licensing practices unfairly tilted the playing field against our better product; they made it impossible for us to sell Windows Phone 7 software. Instead, we're now ready to do battle with Apple from a superior position: a stronger product carrying the Windows Everywhere flag, wider carrier distribution around the world, and more retail partners in US, Europe, and BRIC nations. With our acquisition of Nokia, we're now a $100bn company, back where we belong: at the top of the high-tech industry.
When I woke up, I heard a different story: Microsoft bought Skype for $8.5bn.
We all know Skype: free voice and video calls from computer to computer, plus paid services if you need to dial a phone. As Skype prepared for its long-awaited IPO, we got financial data from their S-1filing with the SEC. S-1s are always instructive: This is usually the first time a private company opens the kimono – and the SEC watches closely as you prepare to sell shares to widows and orphans.
The Profit & Loss statement in Skype's S-1 looks like this:
With revenue of $860m in 2010, Skype's operating profit is a modest $20m, with a net loss of $69m due to interest expenses stemming from $686m in long-term debt. Except for in 2008, when they saw a $42m profit, Skype has racked up huge losses, including $1.4bn in 2007 and $370m in 2009.
(Technically, these figures straddle two different corporate structures because of Skype's complicated history. Started in 2003 as an independent European company, Skype was acquired by eBay in 2005 for a price pegged between $2.6bn and $3.1bn. After the acquisition, eBay discovered its ownership of Skype was "encumbered": A crucial piece of Skype's technology was owned by another company, Joltid, which was essentially in the hands of Niklas Zennström, one of Skype's founders. eBay settled with Joltid for about 14% of Skype. This caused wags to say the crafty Skype founders sold the company twice – and it certainly didn't make the ex-management consultants running eBay look so sharp. In 2009, eBay sold 70% of Skype to private equity and venture investors in a transaction that valued the company at $2.75bn.)
Why did Microsoft pay $8.5bn – 10 times the company's revenue – for a business that has changed hands so many times, never made money, and comes with substantial debt? (Admittedly, the $686m debt number is manageable – for Microsoft).
One eloquent answer comes from Brad Horowitz, a partner at the Andreessen Horowitz venture firm started by Netscape's founder. Horowitz invokes the network effect: A large number of users attracts more users and so on, in a kind of gravitation well:
500,000 new registered users per day – 170 million connected users – 30 million users communicating on the Skype platform concurrently – 209 billion voice and video minutes in 2010
And he concludes:
Today, I tip my hat to an old rival, Microsoft. By acquiring Skype, Microsoft becomes a much stronger player in mobile and the clear market leader in internet voice and video communications. More importantly, Microsoft gets a team, ably led by the exceptional Tony Bates, that can compete with anyone.
Well, this is a nice encomium to the guys who transformed the venture firm's $50m investment in Skype a few months ago into a $150m payday. My own venture investor hat is tipped to MM. Andreessen and Horowitz.
But not so much to Steve Ballmer.
Looking at Microsoft's recent quarterly numbers, we see the continuation of a now old and getting older tradition: losses in the Online Services Division. Only a few weeks ago, TechCrunch wondered: When Will Microsoft's Internet Bloodbath End? Business Insider provided a vivid illustration for the problem:
In just the past 12 months, Microsoft has lost $2.5bn in its online business. They spend $2 to make $1 in revenue. Buying and "integrating" Skype will make the picture even redder.
So, again, why spend $8.5bn on Skype?
The official explanation is that Skype will be targeted at professional users. For these, Microsoft already has a product called Lync, although not many have heard of it. And they have Messenger for consumers. (Actually, it's Windows Live Messenger for Windows and Microsoft Messenger for the Mac.) I don't think it's unfair to ask how, how well, and when Microsoft's Grand Unified Messaging platform will effectively exist, and how it will be monetised.
Given Microsoft's track record, there isn't much evidence of its ability to perform such integration, nor of its ability to move a big platform forward at a competitive pace, certainly not faster than what Google seems able to do with Google Voice, Talk and Google Video for Business.
The theory must be that every Windows PC will come with "Skype inside". But that isn't much progress: There are already 170 million connected Skype users, and 500,000 new registrations everyday. And imagine how carriers will react when they see a Skype client bundled with every Windows Phone 7 device, further pushing them towards their preordained destination: dumb pipes.
Today, Skype is joyfully used in both consumer and business environments. It's not perfect, but the price is right and Skype is now a verb. The next thing we know, Microsoft will take a good if imperfect service and "improve" it by integrating it with Office or SharePoint (a good product on its own). And, at some point, Microsoft will try to make us pay for it. In more ways than one.
But, again, the history isn't there. Microsoft's ability to successfully charge for a formerly free product is lacking.
Reactions to the Skype deal have been negative, if not downright derisive. Many see the Skype acquisition as more evidence that Microsoft can't innovate, or even effectively copy and out-implement any more. One local exec asked, rhetorically, how much it'd take to re-implement Skype. $100m? $1bn? It's not a question of money. Microsoft spends tons in R&D: 15% of sales, about $9bn per year. (Apple spends 2% of revenue, less than $2bn.) Think of iTunes: it's been out there for close to 10 years and there's no iTunes clone coming out of Redmond. Microsoft has to buy what it no longer has the people or the culture to create – or copy.
David Pogue, the NY Times' tech guru, thinks this acquisition will go where so many went before: to failure by mediocrity and to poisoning by matrix management.
Ben Brooks, a Microsoft shareholder – and not the disgruntled kind – comments on the Skype deal and concludes: The Ballmer Days Are Over. Perhaps, but who can tackle the job of turning Microsoft around?
In last year's 30 May Monday Note, I wrote Ballmer had opened the "Second Envelope". He was running out of explanations: first blame your predecessor, then fire a few subordinates. Next, you're out of excuses and out the door.
Since then, a few more subordinates have decided to "spend more time with their families": CTO Ray Ozzie, who wrote a long, long farewell memo (don't do that, it doesn't make you look good); tablet executive Bill Mitchell; Bob Muglia, president of the server and tools division. We'll exclude Stephen Elop, the president of the business division who went on to rescue Nokia, as he might have left of his own volition – or of his seeing Ballmer looking for the next excuse.
Last year, I noted Microsoft's stock had been stagnant for almost 10 years. Things haven't improved since then:
In the past 12 months, Microsoft's stock has fallen by 11% while the Nasdaq climbed 25%, Google 7%, and Apple 44%.
Having run out of ideas and envelopes, is Ballmer spending $8.5bn of Microsoft's $50bn cash, its biggest acquisition so far, as a desperate tentative to keep the company, or himself, in the game?



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Malicious Android Application Stealing User Data & Personal Information

Posted by Avik Sarkar On 4/16/2012 12:32:00 pm

Malicious Android Application Stealing User Data & Personal Information 

Yet again security vulnerability found in Android application. An information security company has warned about malicious Android smartphone applications that steal and transmit personal data, such as contact information stored in users' address books. The company said these types of free applications have been downloaded up to 270,000 times, indicating that potentially millions of people have had their personal information stolen. An Internet security expert said, "It's possible that creating applications that transmits users' information without consent can be considered a crime under the Penal Code, which criminalises the creation of computer viruses." The malicious application only has three buttons: Steal SD Card Contents, Steal App Data, and Upload Identifying Data.Every application has at least read-only access to the contents of this external storage. No Permissions scans the /sdcard directory and returns a list of all non-hidden files. All the files discovered can be fetched. The worrying part is that the SD card usually stores some of our most private files, including photos, backups, external configuration files, and, in some cases, even Open VPN certificates.
According to NetAgent, a Tokyo-based information security company, the applications were disguised as video tutorials for popular games on Google Inc.'s Android operating system. The applications were named by affixing the expression "the Movie" to existing game titles. The company found at least 16 of these applications.
The company's analysis revealed that when these applications are activated, they can automatically transmit not only a person's telephone number, their e-mail address and the phone's ID number, but also the personal names, telephone numbers and e-mail addresses of contacts stored on the smartphone's address book. Although the creators of these applications aren't well known, the stolen information was sent to the same domestic server. When users download the malicious applications, a message pops up on the display screen requesting permission for access to contact information. What ever the malicious application was immediately deleted from Android market. For additional information click here.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

Posted by Avik Sarkar On 11/04/2012 04:52:00 am

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

AT&T a leader in telecommunication services, announced a brand new service which calls "AT&T Locker" that will allow iPhone and Android smartphone customers of AT&T to store 5GB worth of videos and photos for free in AT&T's cloud. The most interesting thing is that, the service is available through a free app in the Apple App Store or the Google Play store. And it allows users to store roughly 5,000 average sized photos in the cloud. The app requires subscribers use either an iPhone 3GS or newer device. And Android users must be on version 2.1 or higher of the Android OS. Users can choose to upload new photos and video via Wi-Fi, AT&T's cellular network or both. Customers can manage those photos and share them through the app on the smartphone or on the AT&T Locker web page. AT&T plans to incorporate additional features in future versions of AT&T Locker. And the company didn't say whether higher storage options will be available.
This service is exactly similar to Apple's iCloud service also allows up to 5GB of free storage. And it also offers Photo Stream, which allows its iPhone users to automatically store photos in Apple's cloud and share them across multiple iOS devices as well as share them with other people. The service stores up to 1,000 pictures automatically and this storage doesn't count against the iCloud storage limits. Google also offers storage in its Google Drive service. This service also offers up to 5GB of free storage. You can store anything here from pictures to documents to music. Of course there are also other options for storing photos and other digital content including Dropbox and Microsoft's SkyDrive which is also a very handy option. 



Brief Description:-

AT&T Locker™ allows you to Store, sync and share your photos, videos and documents in one convenient place. AT&T Locker is an app that lets you store, sync and share your data in one safe, convenient place. Your content is easy to access on your computer and phone from virtually anywhere. Photos and videos can be backed up automatically from your phone. It's also easy to share to email, Facebook and Twitter. First 5 GB of storage is free. Additional storage is available for the low monthly price of just $3.99 for 30GB or $9.99 for 100GB.

• Photos and videos can be automatically uploaded to your AT&T Locker from your phone
• Easily access your photos, videos and documents from your phone and computer
• Easy to share to email, Facebook and Twitter
• First 5 GB of storage is free. Additional storage is available.
• Your content is secure and backed up in the cloud
• Store your favorite memories in a safe and convenient place
• Store music from your computer to your AT&T Locker



-Source (AT&T, Cnet)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"Asha" News Smartphone By Nokia (Lumia 800 & Lumia 710)

Posted by Avik Sarkar On 10/29/2011 07:10:00 am



Amid loss of market share to Apple and Samsung in the smartphone category, Finnish phone maker Nokia has launched two new phones with Windows Operating System in the price range between Rs 19,000-Rs 29,000. In a bid to retain its leadership position in the Indian market, the company also announced a new series — Asha, a Hindi word for hope.
Nokia has for the first time showcased six new phone models at the ongoing Nokia World 2011 conference, that includes four models of the ‘Asha’ series priced between €60 (about Rs 4,100) and €115 (about Rs 8,000), and two new smartphones with Windows operating system platforms branded as ‘Lumia 800’ and ‘Lumia 710’ priced at €420 (about Rs 29,000) and €270 (about Rs 19,000) respectively.
The company plans to launch the new products across the globe, including India starting this year end. Nokia will soon roll out a marketing campaign ‘The Amazing Everyday’ globally to support the new launches. 
Commenting on the ‘Asha’ series, Stephen Elop, Nokia president and CEO, said: “Asha signifies Nokia’s focus on connecting million of people to new opportunities that help them reach their aspirations.” 
While three Asha models will be launched this year, one model will be launched early next year. For more information click Here
  
-News Source (Yahoo, Nokia) 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

New BlackBerry 7 OS promises improved performance but no Android apps Flash

Posted by Avik Sarkar On 5/04/2011 05:52:00 pm


Research In Motion's (NASDAQ: RIMM) upcoming BlackBerry 7 operating system for smartphones won't include several of the key features that were added to RIM's new BlackBerry PlayBook tablet, a RIM executive said during the company's annual BlackBerry World event.
RIM's vice president of handheld software product management, Andrew Bocking, said smartphones running the new OS will not support Android applications. The PlayBook launched last month with two optional "app players" that provide a runtime environment for BlackBerry Java applications as well as apps running Android 2.3.
Flash also isn't included in the BlackBerry 7 plan as RIM is putting its focus on the new QNX OS to support Flash content in the web browser. The upcoming BlackBerry 7-based Bold 9900's 1.2 GHz processor is supposed to fulfill Adobe's hardware requirements for Flash support, PCMag.com noted.
Bocking also said that BlackBerry 7 will not be backward-compatible with previous BlackBerry smartphones. This new OS runs solely on dual-core devices, and the existing RIM portfolio does not include any dual-core units.
BlackBerry 7 smartphones are expected to go on sale this summer and they promise improved performance and built-in support for Near Field Communications technology. BlackBerry 7 powers the new Liquid Graphics touchscreen, which touts faster, smoother performance for touch-based navigation, web browsing, pictures, video and graphics-intensive gaming. According to RIM, Liquid Graphics offers up to 60 frames-per-second performance with instant UI action/response. In addition to Liquid Graphics performance gains, the new BlackBerry 7 browser includes a new just in time JavaScript compiler to improve web page load time speeds alongside support for additional HTML5 elements.
The other new features are voice-activated search and BlackBerry Balance, which separates personal content from corporate content on the smartphone.
It's not known exactly when the PlayBook's QNX OS will run on smartphones, but Al Hilwa, program director of applications development software with IDC, said it's clear that the OS will come to smartphones in the next year.
"Major platform transitions take time and what the Playbook launch shows, if anything beyond a really capable piece of hardware, is that rushing devices to market before they are baked doesn't help anybody," he said. "RIM should take its time to bring out QNX phones incrementally and with the right capabilities. The Playbook rollout has been a tough software experiment, but it is an experiment that will help the QNX phones be that much more robust when they come."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search