Security

Researchers Uncover Android Malware With Never-Before-Seen Spying Capabilities (arstechnica.com) 101

An anonymous reader quotes a report from Ars Technica: According to a report published Tuesday by antivirus provider Kaspersky Lab, "Skygofree" is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares. With 48 different commands in its latest version, the malware has undergone continuous development since its creation in late 2014. It relies on five separate exploits to gain privileged root access that allows it to bypass key Android security measures. Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, gelocation data, calendar events, and business-related information stored in device memory. Skygofree also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. Another never-before-seen feature is the ability to steal WhatsApp messages by abusing the Android Accessibility Service that's designed to help users who have disabilities or who may temporarily be unable to fully interact with a device. A third new feature: the ability to connect infected devices to Wi-Fi networks controlled by attackers. Skygofree also includes other advanced features, including a reverse shell that gives malware operators better remote control of infected devices. The malware also comes with a variety of Windows components that provide among other things a reverse shell, a keylogger, and a mechanism for recording Skype conversations.
Google

Google's Museum App Finds Your Fine Art Doppelganger (engadget.com) 66

The latest update to the Google Arts & Culture app now lets you take a selfie, and using image recognition, finds someone in its vast art collection that most resembles you. It will then present you and your fine art twin side-by-side, along with a percentage match, and let you share the results on social media. Engadget reports: The app, which appears to be unfortunately geo-restricted to the United States, is like an automated version of an article that circulated recently showing folks standing in front of portraits at museums. In many cases, the old-timey people in the paintings resemble them uncannily, but, other than in rare cases, that's not the case at all with Google's app. Google matched me with someone who doesn't look like me in the slightest, a certain Sir Peter Francois Bourgeois, based on a painting hanging in Dulwich Picture Gallery. Taking a buzz around the internet, other folks were satisfied with their matches, some took them as a personal insult, and many were just plain baffled, in that order.
The Almighty Buck

OnePlus Customers Report Credit Card Fraud After Buying From the Company's Website (androidpolice.com) 60

If you purchased a OnePlus smartphone recently from the official OnePlus website, you might want to check your transactions to make sure there aren't any you don't recognize. "A poll was posted on the OnePlus forum on Thursday asking users if they had noticed fraudulent charges on their credit cards since purchasing items on the OnePlus site," reports Android Police. "More than 70 respondents confirmed that they had been affected, with the majority saying they had bought from the site within the past 2 months." From the report: A number of FAQs and answers follow, in which OnePlus confirms that only customers who made credit card payments are affected, not those who used PayPal. Apparently, card info isn't stored on the site but is instead sent directly to a "PCI-DSS-compliant payment processing partner" over an encrypted connection. [...] OnePlus goes on to say that intercepting information should be extremely difficult as the site is HTTPS encrypted, but that it is nevertheless carrying out a complete audit. In the meantime, affected customers are advised to contact their credit card companies immediately to get the payments canceled/reversed (called a chargeback). OnePlus will continue to investigate alongside its third-party service providers, and promises to update with its findings as soon as possible.

According to infosec firm Fidus, there is actually a brief window in which data could be intercepted. Between entering your card details into the form and hitting 'submit,' the details are apparently hosted on-site, which could give attackers all the time they need to steal those precious digits and head off on a spending spree. Fidus also notes that the company doesn't appear to be PCI-compliant, but that directly contradicts OnePlus' own statement. We'll have to wait until more details emerge before we pass judgment.
Here's OnePlus' official statement on the matter: "At OnePlus, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated. This FAQ document will be updated to address questions raised."
Google

Why Uber Can Find You but 911 Can't (wsj.com) 199

Accurate location data is on smartphones, so why don't more wireless carriers use it to locate emergency callers? From a report, shared by a reader: Software on Apple's iPhones and Google's Android smartphones help mobile apps like Uber and Facebook to pinpoint a user's location, making it possible to order a car, check in at a local restaurant or receive targeted advertising. But 911, with a far more pressing purpose, is stuck in the past. U.S. regulators estimate as many as 10,000 lives could be saved each year if the 911 emergency dispatching system were able to get to callers one minute faster. Better technology would be especially helpful, regulators say, when a caller can't speak or identify his or her location. After years of pressure, wireless carriers and Silicon Valley companies are finally starting to work together to solve the problem. But progress has been slow. Roughly 80% of the 240 million calls to 911 each year are made using cellphones, according to a trade group that represents first responders. For landlines, the system shows a telephone's exact address. But it can register only an estimated location, sometimes hundreds of yards wide, from a cellphone call. That frustration is now a frequent source of tension during 911 calls, said Colleen Eyman, who oversees 911 services in Arvada, Colo., just outside Denver.
Android

Google Pulls 60 Apps From Play Store After Malware Exposes Kids To Porn (gizmodo.com) 49

Cyberthreat intelligence firm Check Point on Friday disclosed the existence of malicious code buried inside dozens of apps that displays pornographic images to users. Many of the apps are games reportedly geared toward young children. As a result, Google quickly removed the roughly 60 apps said to be affected from its Play Store. Gizmodo reports: While they appeared as such, the pornographic images displayed were not actually Google ads. Google supposedly maintains tight controls on all ads that appear in what it calls "Designed for Family" apps. The company also maintains a white-list of advertisers deemed safe for children under the ages of 13. None of the affected apps were part of Google's "Family Link" program, which is the category of recognized kid-friendly apps available across Google's platforms. The malware, dubbed AdultSwine, is said to have displayed the highly inappropriate images while also attempting to trick users into installing a fake-security app, or "scareware." After the fake "ads" were delivered, users would've received a "Remove Virus Now" notification, or something similar, designed to provoke users into downloading the scareware. The affected gaming apps included at least one which may have had up to 5,000,000 downloads -- Five Nights Survival Craft -- as well as many others which had between 50,000 and 500,000 downloads.
Cellphones

Future Samsung Phones Will Have a Working FM Radio Chip (androidpolice.com) 215

A few months ago, LG announced a partnership with NextRadio to unlock the FM chip in its smartphones. Now, Samsung is doing the same. Android Police reports: NextRadio made the announcement, rightly explaining that FM radio is essential in areas with low connectivity and in emergency and disaster situations where a connection might be difficult to obtain or maintain and where access to information could be a matter of life and death. With the chip unlocked, users will be able to listen to local radio on their phone using the NextRadio Android app. The press release mentions that "upcoming [Samsung] smartphone models in the U.S. and Canada" will have the FM chip unlocked, however I did find several existing Samsung devices with their FM chip enabled on NextRadio's site.
Cellphones

Samsung Will Unveil the Galaxy S9 Next Month At Mobile World Congress (theverge.com) 52

Samsung will unveil its next flagship handset, the Galaxy S9, next month at Mobile World Congress (MWC). DJ Koh, the company's smartphone chief, confirmed the launch to ZDNet at CES yesterday without offering a specific date. The Verge reports: The S9 (and, presumably, an S9 Plus) will be the successors to the S8 and S8 Plus, which launched at a Samsung event in New York last March before going on sale in April. The S8 and its bigger brother were a hit with critics, who praised the phones' gorgeous design and brilliant cameras. The phones were even good enough to make consumers forget about the disaster of the Galaxy Note 7 and its exploding batteries. Not much is known about the Galaxy S9 at this point, though we're not expecting any radical departures from the S8. A handful of leaked renders suggest it will look near-identical to its predecessor, with a slight tweak moving the rear fingerprint sensor to below the camera (rather than its current, awkward position of off to one side).
Cellphones

'I Tried the First Phone With An In-Display Fingerprint Sensor' (theverge.com) 70

Vlad Savov from The Verge reports of his experience using the first smartphone with a fingerprint scanner built into the display: After an entire year of speculation about whether Apple or Samsung might integrate the fingerprint sensor under the display of their flagship phones, it is actually China's Vivo that has gotten there first. At CES 2018, I got to grips with the first smartphone to have this futuristic tech built in, and I was left a little bewildered by the experience. The mechanics of setting up your fingerprint on the phone and then using it to unlock the device and do things like authenticate payments are the same as with a traditional fingerprint sensor. The only difference I experienced was that the Vivo handset was slower -- both to learn the contours of my fingerprint and to unlock once I put my thumb on the on-screen fingerprint prompt -- but not so much as to be problematic. Basically, every other fingerprint sensor these days is ridiculously fast and accurate, so with this being newer tech, its slight lag feels more palpable. Vivo is using a Synaptics optical sensor called Clear ID that works by peering through the gaps between the pixels in an OLED display (LCDs wouldn't work because of their need for a backlight) and scanning your uniquely patterned epidermis. The sensor is already in mass production and should be incorporated in several flagship devices later this year.
Software

Dell's Mobile Connect Application Will Allow Users To Easily Mirror Their Smartphone on PC; To Come Pre-installed On Company's Future PCs (venturebeat.com) 60

From a report on VentureBeat: Smartphones and computers were designed in different eras, and they don't really work well together, forcing us to split our time between them. But Dell is trying to change that with Dell Mobile Connect software, which makes the two devices more interoperable. [...] You can now make and receive phone calls directly from your computer, and you can also send and receive text messages on your PC screen. This allows you to stay connected on your PC without worrying that you're missing phone notifications or calls. And you can use any Android app on your PC. That allows you to bring your small-screen apps like games to a bigger screen. If your computer doesn't have a touchscreen, you can control the mirrored phone game with a keyboard and mouse. [...] Dell will preload the software on new Dell consumer and business PCs, and it has a free smartphone app that works on either Android or iOS. Dell Mobile Connect will be available on all new Dell Inspiron, XPS, Vostro, or Alienware purchased worldwide in January 2018 or later.
Google

Google Rebrands All Its Payment Solutions As 'Google Pay' (arstechnica.com) 69

An anonymous reader quotes a report from Ars Technica: Google just announced that it is merging all of its various payment programs into a single brand, called "Google Pay." Google Pay will be a one-stop shop for all your Google Payment needs: NFC smartphone payments, P2P transfers, and Web payments. Google's payment solution site has already clicked over to the new branding, and we'd guess a rebrand of the Android Pay app won't be far behind. The branding should start popping up on store credit card machines, too. So "Google Pay" is the new brand for every kind of payment Google offers -- all without the platform-specific branding problems of Android Pay. Google says this is "just the first step for Google Pay" and it "can't wait to share more."
Google

Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com) 268

Catalin Cimpanu, reporting for BleepingComputer: Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." Furthermore, Google says that tests on virtual machines used in cloud computing environments extracted data from other customers using the same server. The bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google's elite security team. These are the same bugs that have been reported earlier this week as affecting Intel CPUs. Google was planning to release details about Meltdown and Spectre next week but decided to publish the reports today "because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."
Desktops (Apple)

The 'App' You Can't Trash: How SIP is Broken in Apple's High Sierra OS (eclecticlight.co) 164

A reader shares a blog post that talks about why Mac running High Sierra 10.13.2 (and other versions near it) refuses to let users uninstall some third-party applications easily. For instance, when users attempt to uninstall BlueStacks, an Android emulator, the Finder shows this warning: "The operation can't be completed because you don't have the necessary permission." The blog post looks into the subject: The moment that we see the word permission, all becomes clear: it's a permissions problem. So the next step is to select the offending item in the Finder, press Command-I to bring up the Get Info dialog, and change the permissions. It does, though, leave the slight puzzle as to why the Finder didn't simply prompt for authentication instead of cussedly refusing. Sure enough, after trying that, the app still won't go and the error message is unchanged. Another strange thing about this 'app' is that it's not an app at all. Tucked away in a mysterious folder, new to High Sierra, in /Library/StagedExtensions/Applications, its icon is defaced to indicate that the user can't even run it. Neither did the user install it there. Trying to remove it using a conventional Terminal command sudo rm -rf /Library/StagedExtensions/Applications/BlueStacks.app also fails, with the report Operation not permitted.


Google

Google's Mysterious Fuchsia OS Can Now Run On the Pixelbook (theverge.com) 60

Google's mysterious operating system, dubbed Fuchsia, has been in the works for more than a year now with very few details about the OS made public. According to a new report from Chrome Unboxed, we have learned that Google has released documentation to allow developers to load Fuchsia onto the company's Pixelbook. The Verge reports: This isn't your typical developer operating system, and you'll need two machines to host and target a Pixelbook to load the OS. It's very much a work in progress, with early hints at a user interface and functions. It's still interesting that Google has chosen its own Pixelbook to experiment with, though. Fuchsia has mostly been linked to embedded systems like wearables and Internet of Things devices in the past, but testing was expanded to Intel's NUC and Acer's Switch Alpha 12 Chromebooks. Fuchsia has been created from the Google-built Zircon microkernel, and not the typical Linux kernels that hold Android and Chrome OS together. It's not immediately clear exactly why Google is building a new operating system, nor what devices it will run on. As testing spreads to more Chromebooks, some are now speculating this could be a successor to the "Andromeda" project that never materialized.
Google

$30 Unlocked Android Smartphones To Launch in India This Month (factordaily.com) 82

Several Indian smartphone manufacturers including Micromax, Intex and Lava plan to unveil a slew of Android smartphones priced around $30 in the coming weeks, Indian news outlet FactorDaily reported on Tuesday. These handsets would run Android Oreo Go, a lite version of Google's mobile operating system first unveiled last year. The report sheds light on India's smartphone market: With cheap smartphones, Google and the phone vendors hope to ride the wave of mass scale internet access on mobile phones in India. From a monthly consumption of 20 crore (200 million) GB of data about 16 months ago, Indians now consume over 150 crore (1.5 billion) GB a month making the country No. 1 among mobile data consuming countries. Much of this change is credited to aggressive data pricing plans by Reliance Jio, which launched services in September 2016.
Iphone

Apple's iPhones Were the Best-Selling Tech Product of 2017 (usatoday.com) 88

An anonymous reader quotes USA Today: Once again, the iPhone was the best-selling tech product of 2017, selling more units than the No. 2 through No. 5 products combined. According to Daniel Ives, an analyst with GBH Insights, who compiled the chart for USA TODAY, Apple will sell 223 million iPhones in 2017, up from 211 million phones the previous year... Apple took a risk in introducing three new iPhones for 2017...but all in all, Apple sold more iPhones total, although fewer than the peak year of 2015, when it moved 230 million units. (That was the year of the iPhone 6...)

The global market share for smartphones is dominated by Google's Android system, which owns 85%, compared to 15% for Apple's iOS, according to researcher IDC. But the iPhone is the most popular smartphone brand, having opened a huge gap compared to No. 2 Samsung's Galaxy phones at 33 million. However Samsung, which has a broader portfolio of phones, sells more overall. Indeed, in 2016, Samsung shipped over 320 million phones, most lower-priced phones sold outside the United States, like the J3, On8 and A9 lines.

Apple's strong performance through September earned CEO Tim Cook a $9.3 million bonus on top of his $3.06 million salary -- plus vesting of $89.2 million more in Apple stock. Here's the complete list of the five best-selling tech products of 2017:
  • Apple iPhones: 223 million
  • Samsung Galaxy S8 and Note 8 smartphones: 33 million
  • Amazon Echo Dot connected speakers: 24 million
  • Apple Watch: 20 million
  • Nintendo Switch video game console: 15 million

Programming

2017: The Year in Programming Languages (infoworld.com) 117

InfoWorld writes that 2017 "presented a mixed bag of improvements to both long-established and newer programming languages." An anonymous reader quotes their report: Developers followed a soap opera over Java, with major disagreements over a modularization plan for standard Java and, in a surprising twist, Oracle washing its hands of the Java EE enterprise variant. Microsoft's TypeScript, meanwhile, has increased in popularity by making life easier for developers looking for an alternative to JavaScript. Microsoft also launched Q#, a language for quantum computing...

In web development, developers received a lot of help building with JavaScript itself or with JavaScript alternatives. Among the tools released in 2017 were: Google's Angular 5 JavaScript framework, released in November, featuring a build optimizer and supports progressive web apps and use of Material Design components... And React, the JavaScript UI library from Facebook, went to Version 16 in September, featuring a rewriting of the React core to boost responsiveness for complex applications...

TypeScript was not the only JavaScript alternative making waves this year. For web developers who would rather use Google's Go (Golang) language instead of JavaScript, the beta Joy compiler introduced in December promises to allow cross-compilation. Another language that offers compilation to JavaScript -- although it began on the JVM -- is Kotlin, which has experienced rising fortunes this year. It was boosted considerably by Google endorsing it in May for building Android applications, which has been chiefly the domain of Java...

2017 also saw the release of the long-awaited C++ 17.

Another 2017 memory: Eric Raymond admitting that he hates C++, and predicting that Go (but not Rust) will eventually replace C -- if not a new language like Cx.
Android

Google Stops Selling the Pixel C Android Tablet (androidpolice.com) 48

Google is no longer selling the Pixel C, its flagship Android tablet released about two years ago. "Google's commitment to Android on tablets wasn't strong even then, and now the Pixel C is gone from the Google Store -- the listing page redirects you to the Pixelbook," reports Android Police. From the report: The Pixel C was an odd device. By all accounts, the hardware was originally intended to run Chrome OS, but Google couldn't get the platform ready for an all-touch device in time. So, the Pixel C became an Android slate. Google has been selling the device continuously since late 2015. It even offered some discounts on the tablet via the Google Store, which it almost never does for other devices. The 32GB Pixel C was pulled a while back, but Google kept the 64GB variant around. At a whopping $599, I doubt many people were buying it. Now, the Pixel C is completely gone from the Google Store, and there's no new tablet to replace it.
Cellphones

HTC, Motorola Say They Don't Slow Old Phones Like Apple Does (theverge.com) 133

After Apple confirmed last week that it reduces the performance of older iPhones to improve battery life, it has left many wondering whether or not other smartphone manufacturers do the same. HTC and Motorola are the two most recent OEMs to say they don't throttle their phones' processor speeds as their batteries age. The Verge reports: In emails to The Verge, both companies said they do not employ similar practices with their smartphones. An HTC spokesperson said that designing phones to slow down their processor as their battery ages "is not something we do." A Motorola spokesperson said, "We do not throttle CPU performance based on older batteries." The Verge also reached out to Google, Samsung, LG, and Sony for comment on whether their phone processors are throttled in response to aging batteries. A Sony spokesperson said a response would be delayed by the holidays, and a Samsung spokesperson said the company was looking into it. The responses begin to clarify whether or not throttling processor speeds is typical behavior in smartphones -- as of last week, we knew that Apple was doing it, but not whether it was common practice among competitors. HTC and Motorola's responses start to suggest that it's not.
Chrome

Chrome OS Will Finally Run Android Apps in the Background (engadget.com) 42

An anonymous reader shares a report: While it's no longer a novelty to run Android apps on your Chromebook, that doesn't mean they run well. To date, most of those apps pause when you switch away -- fine for a phone, but not what you'd expect on a computer with a multi-window interface. However, they're about to become far more functional. Chrome Unboxed has learned that the Chrome OS 64 beta introduces Android Parallel Tasks, which lets Android apps run at full bore regardless of what you're doing. You could watch a video in a mobile app while you're surfing the web, or take a break from a mobile game without jarring transitions. There's no guarantee that Android Parallel Tasks will reach the stable Chrome OS 64, so you might not want to plan a purchase around the feature.
Businesses

The Year in Crowdfunded PCs: Who Succeeded? Who Failed? (zdnet.com) 52

Sean Portnoy, writing for ZDNet: The ever-maturing PC industry hasn't deterred manufacturers large and small from embracing crowdfunding as a method of bringing new systems to market, whether they need the funds to produce their new product, or just want to gain publicity and guarantee some upfront sales. Not every launch on Kickstarter or one of its rivals is a roaring success, but enough are to keep the campaigns coming. It was no different in 2017, as several companies offered new devices for crowdfunding, although some of them were clearly drawing inspiration from the past. That includes the Gemini, which answers the question: What would a PDA look like in a world filled with smartphones that have essentially replaced it? That answer is a clam-shell handheld with a physical keyboard, 5.99-inch screen, and Android and Linux dual-boot capability (along with built-in Wi-Fi and 4G option to keep up with the times).

As unlikely as you might think such a device would be attractive in a world of iPhones, tablets, Chromebooks, and other portables, the company behind the Gemini, UK startup Planet Computers, easily surpassed its campaign target on IndieGogo, raising over $1.1 million. Another tiny computer, the GPD Pocket, doesn't look all that different from the Gemini, though it doesn't try to market itself specifically as a PDA. Instead, parent company GamePad Digital (or GPD) defines it as a 7-inch Windows laptop, complete with 8GB of RAM, 128GB solid-state drive, and full HD touchscreen.
The list goes on.

Slashdot Top Deals