The NSA tried to use app stores to send malware to targets
It shouldn’t come as a surprise to hear that the NSA worked on iOS and Android malware meant to capture information from a target’s phone, but actually getting the software onto phones? That’s tricky. To help solve that problem, the NSA (and the rest of the Five Eyes intelligence community) attempted to hijack data being sent to and from app stores like those run by Samsung and Google. According to a document leaked by Edward Snowden, obtained by The Intercept and published by the CBC, it was mostly in search of a way to implant secret surveillance payloads into those data connections in hopes of identifying an Arab Spring in action in other countries.
The project (code-named IRRITANT HORN) was deemed successful in the slide deck published today, noting that the team managed to “identify connections from the countries to application and vendor servers in non-5 Eyes countries.” Though the group looked especially closely at a Google app store server in France along with similar servers in Cuba, Senegal, Morocco and Russia, its biggest payoff came thanks to a popular mobile app called UCBrowser that’s owned and operated by Chinese e-commerce giant Alibaba. Upon closer investigation, the group discovered that the app was leaking user data — think phone numbers, device information and SIM card identifiers — back to servers in China. Naturally, the Five Eyes teams cooked up even more complex objectives if they found success in cracking those secure connections. The Intercept notes they also aimed to send “selective misinformation” to targeted phones in a bid to muck with dangerous or sensitive operations, not to mention quietly harvest information about certain users by way of those app store servers. Intelligence teams in the US, Canada, the UK, Australia and New Zealand worked on IRRITANT HORN for a good chunk of 2011 and 2012, though it’s not clear how (or if) their work has progressed since then.
Filed under: Mobile
Source: IRRITANT HORN (,pdf), CBC News, The Intercept
HTC’s rumoured 7-inch H7 tablet gets spotted with Quad-core CPU and Dual-SIM support
If you discount manufacturing the Nexus 9 tablet for Google, HTC has been out of the tablet market for quite a while, with its last offerings being the JetStream and Flyer devices. Thanks to a recent tumour and today’s spotting of the HTC H7 tablet on India’s import-export database, Zauba, it seems that HTC are gearing up to re-enter the tablet market before the end of the second quarter.
The listing states that seven H7 tablet devices were shipped to India for testing. It even reveals the basic specifications of the tablet:
- 7-Inch display
- 1.2GHz Quad-core processor
- 1GB RAM
- 16GB Internal storage
- Dual-SIM
Interestingly, the H7 will support Dual-SIM’s which is somewhat unusual for tablets, even in India where it is a common feature for smartphones. The listing says that the tablets are worth INR 9,565, around $150. As you can probably tell from the specifications, the H7 tablet appears to be headed for the budget segment. I’m sure that it won’t be long until we an image of the H7 tablet leaks, or until HTC themselves make an announcement.
Source: Zauba
Via: PhoneArena
Come comment on this article: HTC’s rumoured 7-inch H7 tablet gets spotted with Quad-core CPU and Dual-SIM support
Sprint’s Samsung Galaxy Note 4 update makes device less appealing to thieves
It looks Sprint’s Samsung Galaxy Note 4 is getting some added protection. The carrier is pushing out a new update to their Samsung Galaxy Note 4, further protecting the device against thievery.
Before Lollipop, devices were relatively easy to steal and wipe data off of, as factory resets rarely required passwords. Most devices with Lollipop have that feature now, except Sprint’s Galaxy Note 4. However, the carrier is pushing out an update today, adding that feature to the Galaxy Note 4.
When you receive and install the update, your software version should be N910PVPU2BOE1. Keep in mind that not everyone will receive the update yet, as updates roll out in stages and could take up to a couple weeks to get to everyone.
source: Sprint
Come comment on this article: Sprint’s Samsung Galaxy Note 4 update makes device less appealing to thieves
Cyanogen’s Platform SDK offers collection of APIs to developers
Developers working with software developed by Cyanogen have access to a new open source platform SDK that is loaded with APIs from the company itself and the CyanogenMod community.
The Platform SDK allows developers to work with existing (and future) APIs to build upon the very popular CyanogenMod. The first item that Cyanogen offered an example of was with a Quick Tile. A Quick Tile acts as a simple toggle for a setting within an app. Cyanogen’s example showed how a phone’s ‘Bike Mode’, something developed at a recent hackathon, can be turned on/off with a Quick Tile.
Cyanogen explained how Stanford University’s TreeHacks hackathon contributed to the creation of the Platform SDK:
Our general takeaway was that we needed to improve the approachability of CyanogenMod; to modularize it in such a way that developers can more easily get access to key parts of the platform. The hackathon made us realize that developing against an SDK rather than to an entire platform is a lot more approachable for developers, providing a lower barrier of entry to get a quality product up and running in a shorter span of time.
The Platform SDK is currently in an early stage, so expect plenty of adjustments to be made on a regular basis.
You can click here to get started with the Cyanogen Platform SDK.
Source: Cyanogen
Come comment on this article: Cyanogen’s Platform SDK offers collection of APIs to developers
Leaked benchmark reveals that the OnePlus Two will pack a Snapdragon 810 processor
Earlier today, a leaked GeekBench report surfaced online for what we believe to be OnePlus’ upcoming flagship smartphone of 2015, the OnePlus Two. The benchmark reveals that the handset is set to pack a Qualcomm Snapdragon 810 processor, in addition to 3GB of RAM.
Unfortunately, that’s the only details the written account disclosed. However, we suspect the device will ship with a 2560 x 1440p 2K display, a 21-megapixel rear-facing camera, an 8-megapixel front-facing shooter, 32GB of internal storage and a 3300 mAh non-removable battery.
What else would you like to see on board the OnePlus Two? Be sure to let us know in the comments section below.
Via: GizChina
Source: Primate Labs
Come comment on this article: Leaked benchmark reveals that the OnePlus Two will pack a Snapdragon 810 processor
Telegram users can design their own custom stickers
The millions of people around the world using Telegram can create and send their very own custom stickers. The messaging service announced this week that artists can send submit their custom sticker sets to the Telegram @stickers bot for approval. In return, users are provided with permanent link for the set to save and share with others.
Sharing a sticker set can be done either by sending the direct link or the receiver can select ‘Add to Stickers’ upon receiving one. The entire set is then added. Within Telegram’s settings, users can remove entire sticker sets.
Come comment on this article: Telegram users can design their own custom stickers
NSA planned to use the Play Store to implant spyware on target smartphones
It’s no (longer a) secret that the NSA has planted its feelers deep into the very foundation of the Internet. Allegedly, the US spy agency has even obtained access to Google’s data centers, though it’s not clear whether this happened with Google’s cooperation.
When it can’t legally force its way onto private systems, the NSA does its best to sneak in – case in point, a pilot program called Irritant Horn, that saw the NSA and its allies attempt to hijack the connection between a target smartphone and the Play Store (then called Android Market).
The information about Irritant Horn comes from documents provided by Edward Snowden to The Intercept and CBC. The program, which appears to have been in its early stages in 2011-2012, had NSA analysts use a type of man-in-the-middle attack to implant spyware on Android devices connecting to the Android Market or Samsung’s apps store. Basically, besides the requested app, the targets were served malicious software that allowed spooks to eavesdrop on everything that happened on the device. The NSA even explored using the capability to modify the target device, for propaganda or disinformation purposes.
It’s not clear what came to be of this program, though it’s very likely that NSA is still actively working on finding and exploiting this, or similar, vulnerabilities.
The Intercept/CBC report also mentions a seemingly unrelated exploit discovered by NSA in UC Browser, an Android browser with more than 100 million downloads. UC Browser, according to the NSA document, “leaked” information about user activities and sent it back to servers in China (UC Browser is owned by Chinese tech giant Alibaba). According to analysis by Citizen Lab, a Canadian research group, UC Browser leaked “users’ search queries, SIM card numbers and unique device IDs;” Citizen Lab alerted Alibaba about the vulnerability, which has reportedly been fixed in an update to UC Browser from earlier this month. Alibaba claims that the leak was not intentional, though the edited NSA document leaves room for interpretation.
This is the latest in a series of controversial reports that questions the NSA’s active exploitation of weaknesses in the computer systems of American companies. Some argue that the NSA should privately disclose vulnerabilities in order to protect the interests of US citizens, while others think the end justifies the means.
For more details, check out The Intercept.
Despite Popular Kickstarter, Pebble Seeks $5 Million Loan ‘To Stay Afloat’ [iOS Blog]
Popular smartwatch maker Pebble appears to be in some financial trouble, according to a few sources “close to the company,” as reported by TechCrunch. The company is having trouble maintaining its growth, turning to a bank in its home base of Silicon Valley for not only a $5 million loan but a $5 million line of credit. According to those same sources, banks in the Valley have been turning down Pebble’s financial support requests repeatedly.
The smartwatch company’s rocky monetary troubles come a few weeks after a well-publicized Kickstarter campaign, which reached its $500,000 goal in under 20 minutes of going live. The project’s final funding amount – which received numerous stretch goals along the way – saw 78,471 backers pledge $20,338,986 for the new slimmer design and color display smartwatch.
The company actually received around $18 million from the Kickstarter campaign, after fees, and currently staffs about 150 people with more being hired in new positions. Despite all of this success, and an infusion of forward momentum thanks directly to Apple’s Apple Watch-focused “Spring Forward” event, the logistics of running the company have forced CEO Eric Migicovsky and fellow company heads to seek venture capitalist funding “in order to stay afloat.”
TechCrunch‘s source also noted that numerous employees were unhappy with the company’s direction “as it turns to face competitors from Apple, Android, and outside.” This is perhaps alluding to the company’s nonchalant attitude towards poking fun at Apple on its own website and Migicovsky’s somewhat apathetic responses to Apple’s impending entrance into the smartwatch market.
With Pebble facing such troubles just a few weeks after the Apple Watch launch, two events that may yet still be unrelated, it’ll be interesting to see how Apple’s competitors in the smartwatch market maneuver themselves to stay successful in an ever-growing and crowded field. Still, some employees are happy with Pebble and see a good future for the still-fairly-young company. “We’re a young company. The outlook for Pebble is very positive,” said a current employee who preferred to remain anonymous when speaking with TechCrunch. “It’s been a remarkable journey thus far.”
Apple Watch Bands Now Available in Select Apple Stores
At least one Apple Store in the United States appears to be now stocking standalone Apple Watch bands per the photo below submitted by MacRumors reader Alireza. The photo was allegedly taken at an Apple Store in Miami and appears to show both the Sport Band and Classic Buckle on the shelves.
Google Maps gets even more detailed traffic features
Google has updated Maps with more specific traffic alerts just in time to help you dodge Memorial Day traffic nightmares. The app can already route you around closures and other problems using crowdsourced traffic data, but now it’ll give you an explanation for why a detour is recommended with a dismiss-able card. For instance, it’ll let you know whether it’s recommending a route because it’s the fastest option, or because it helps you avoid an incident. Moreover, it’ll now give you a heads up on traffic conditions as soon as you enter your destination, telling you if its smooth sailing ahead or a cluster-you-know-what.
In the same blog post, Google also revealed trends from Memorial Day 2014. It noted that you were most likely to search for a beach or cemetery — not a surprising development on a holiday that honors people who died serving their country. Popular destinations included Carmel, CA, Long Island, NY and Santa Barbara, CA. The new app still isn’t available, but Mountain View said it would arrive before the weekend.
Filed under: Cellphones, Internet, Google
Source: Google
AIVAnet 
