T-Mobile website bug let hackers steal data with a phone number

Up until last week, a T-Mobile website had a serious security hole that let hackers access user’s email addresses, accounts and a phone’s IMSI network code, according to a report from Motherboard. Attackers only needed your phone number to obtain the information, which could be used in social engineering attacks to commandeer your line, or worse.

The security research who discovered the hole, Karan Saini from startup Secure7, notes that anyone could have run a script to scrape the data of all 76 million T-Mobile users and create a searchable database. “That would effectively be classified as a very critical data breach, making every T-mobile cell phone owner a victim,” he told Motherboard.

T-Mobile said in a statement that “we were alerted to an issue that we investigated and fully resolved in less than 24 hours. There is no indication that it was shared more broadly.” Saini notes that T-Mobile offered him a $1,000 reward as part of its bug bounty program.

A bunch of SIM swapping kids had [the hack] and used it for quite a while.

However, an anonymous hacker disputes T-Mobile’s claim that the bug wasn’t shared broadly, telling Motherboard that “a bunch of SIM swapping kids had [the hack] and used it for quite a while.” They could have exploited the data to “socially engineer,” or basically con, T-Mobile technicians into handing over replacement SIMs by pretending they’re the owners of the line. Motherboard also discovered a YouTube video dated August 6th that describes exactly how to execute the hack.

In fact, this is exactly what happened to Techcrunch writer John Biggs on August 22nd. After impersonating him and obtaining a replacement for his T-Mobile SIM, a hacker was able to quickly change his Gmail, Facebook, and other passwords, even though they were protected by two-factor SMS authentication.

It’s impossible to say whether the security hole helped the hackers swindle hapless T-Mobile tech support employees into sending them replacement SIMs, but it certainly appears plausible. (Tech support folks are supposed to require security question responses, invoices and other information, but often hand over SIMs to smooth-talking hackers without it.) We’ve reached out to T-Mobile and the FCC to find out if there was an uptick in such attacks over the last few months.

Source: Motherboard

Equifax breach included 10 million US driving licenses

10.9 million US driver’s licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers’ records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver’s licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency’s system.

While leaked SSNs and bank details are definitely worse, driver’s licenses contain some info that could make it easier to steal someone’s identity, including people’s height and eye color. A bad player could use the name, address and physical characteristics in those stolen licenses as a verfication for someone else’s identity or to carry out scams in someone else’s name. If you verified your identity using your license through Equifax’s website in the past and want to ensure your security, it’s probably best to get a new license number.

In case you’re in the UK and are more worried about the stolen UK consumer info, though, Equifax said it will contact the 693,665 affected individuals. The rest of the records only contain people’s names and birthdates, which aren’t considered sensitive information.

Source: The Wall Street Journal

Amazon’s new Kindle Oasis is waterproof and has a bigger screen

We called Amazon’s last Kindle Oasis “the perfect e-reader for the one percent.” That still describes the new Oasis, which Amazon is officially unveiling today. To be fair, it’s slightly less expensive than its predecessor, starting at $250/£230 instead of $290. It also includes some genuinely useful features: a larger 7-inch screen, an all-metal body, and yes, it’s waterproof. A decade after introducing its first e-reader, Amazon has finally delivered the first beach-ready Kindle.

If you didn’t like the design of the last Oasis… well, tough luck. Amazon basically refined its look for this year’s model. It’s still very thin (3.4 millimeters) on one end, with a larger hump on the other. While it appears lopsided, it actually feels balanced when you hold the Oasis one-handed. The big change this time is the larger 7-inch screen, which Amazon says can hold 30 percent more text than before. It still packs in a sharp 300ppi resolution (Amazon’s standard for the last few years), and includes 12 LEDs for uniform lighting.

The new Oasis marks the first time Amazon has moved beyond a 6-inch E-Ink display in its standard Kindles. The bulky Kindle DX featured a 9.7-inch screen, but that model was too expensive (it started at $489!) and unwieldy for most consumers. Amazon reduced the new Oasis’s bezel size and moved to a slightly larger frame to fit in the bigger screen. The case is also made of aluminum, another first for the Kindle line. Last year’s Oasis relied on an electroplated metal alloy over a standard plastic case.

The larger frame makes it slightly heavier — 194 grams, compared to its predecessor’s 131 grams. The new Oasis doesn’t feel as unnaturally light as the last model, which was one of my favorite aspects of that e-reader. Still, the new model is by far the sturdiest Kindle I’ve ever held, thanks to its metal case. It didn’t feel like it’d be uncomfortable to hold while diving into a new book for hours. And as I mentioned above, the new Oasis is also waterproof with an IPX8 rating. Amazon says it can withstand up to two meters of water for 60 minutes.

The company also managed to squeeze in a bigger battery into the Oasis for up to six weeks of reading time. The last model only had two weeks of juice on the e-reader itself, and its included leather case added another six weeks of reading. Unfortunately, that also means Amazon isn’t including a leather case anymore. That omission is likely what led to the price drop, which seems like a better deal in the long run. You can still pick up a separate leather case for $60, or a waterproof cloth case for $45.

Another first for the new Oasis? It’s launching with support for Audible audiobooks. You can connect it to any Bluetooth audio device and easily switch between the spoken word version of a book and the text. Of course, you’ll still have to buy the Audible and Kindle releases separately. You can also find a few titles on Amazon’s Kindle Unlimited service, which gives you access to a limited selection of books and audiobooks for $10 a month.

Amazon also included a few helpful accessibility features in the new Oasis. You can make the display invert black and white, giving it a black background and white text. That should make it easier to read at night. I’ve never seen that before on an E-Ink display — Amazon tells us they had to tweak some custom hardware to make it work. You’ve also got additional font size and boldness settings, which give you more customization of how text appears on the Oasis’s larger new display. (Those options will eventually appear on older Kindles.) And typography nerds will likely appreciate the new ragged right alignment, which displays text similar to printed books.

I didn’t have much time to demo the new Oasis, but it’s certainly intriguing. I’ve been a devotee of Amazon’s e-readers since the Kindle 2, and I was surprised just how different having a seven-inch screen felt. The text looked just as sharp and crisp as the last Oasis, Voyage and Paperwhite, all of which also feature a 300 DPI resolution. But I’d imagine it being much more convenient to get through long books without constantly turning pages. Speaking of which, the Oasis’s page turning is incredibly fast. It looks to be only a fraction of a second faster than the last model, but it’s one step closer to instantaneous E-Ink page turning.

The new Oasis starts at $250/£230 with 8GB of storage, and there’s also a $280/£260 model with 32GB of space (which could be ideal for serious Audible listeners). And if you’ve just got to have cellular connectivity, you can nab that together with 32GB of storage for $350/£320. You can preorder the Oasis today, and Amazon will start shipping them out on October 31st. Keep an eye out for our in-depth review in the coming weeks.

While the $120 Paperwhite remains the most sensible Kindle for most people, this new Oasis brings Amazon one step closer to its dream of an ideal e-reader: a magical piece of paper that contains every book on Earth.

Twitter: From microblogging to the president’s mouthpiece

For the social media obsessed, Twitter’s rise into the very fabric of our daily political lives might seem natural. But when you realize the site itself has only been around since 2006, Twitter’s near-daily headlines in major news organizations is something to ponder. Especially when you consider it wasn’t fully embraced as a newsgathering tool until 2010, when a US Airways aircraft made a miraculous landing on the Hudson River. Oh, such innocent times.

Twitter’s most recent big picture shift to allowing 280 characters is a true milestone, but its not the only one. Our timeline to 280 video will take you through all the highs and lows on the micro-blogging platform. And maybe, please Jesus, one day the company will finally add an edit button. (Hey, we can hope.)

UK government shares its ideas for making the internet safer

Back in May, the Conservatives promised to introduce a “digital charter” if they were voted back into power. Theresa May’s campaign was successful, which means it’s now time to turn manifesto pledges into action. Today, culture secretary Karen Bradley has published an Internet Safety Green Paper which forms part of the “Internet Safety Strategy.” That, in turn, is a portion of the digital charter, examining how the internet can be a safer and more inclusive place free of bullying and harassment. Other areas, such as simpler broadband switching and pricing, will be tackled later.

A big, but anticlimactic proposal is a levy on social media companies to fund awareness and preventative activity against harmful online behaviour. In the paper, Bradley explains that contributions would be collected “on a voluntary basis” through “agreement with industry.” That wording is a little different from the “industry-wide levy” announced five months ago. The paper does, however, state that this would be the plan “initially,” suggesting mandatory payments could be introduced in the future. “We may then seek to underpin this levy in legislation, to ensure the continued and reliable operation of the levy,” it reads.

The scheme would be supported by a social media code of practice. Its creation and basic purpose was set out in the Digital Economy Act 2017 earlier this year. Now, the government is consulting on whether to expand its scope. Additional guidance would tackle user content and behaviour, community guidelines, and how both should be enforced. It would also talk about reporting mechanisms for inappropriate content, removal policies and privacy controls. The code is voluntary, but the goverment hopes companies would sign on to “demonstrate their commitment to improving online safety for the benefit and protection of all their users.”

To track industry progress, the Department for Digital, Culture, Media & Sport (DCMS) wants an annual internet safety transparency report. Its purpose would be to monitor, benchmark and ultimately compare reporting mechanisms online. The hope is that this information would promote stronger, more effective action from companies, and provide a consistent set of data for politicians to refer to when shaping future laws.

The paper also suggests expanding the role of the UK Council for Child Internet Safety (UKCCIS) to encompass all internet users in Britain. The organisation, originally set up in 2010, currently has over 200 members and provides guidance for parents, children, schools and police officers. The new version would have a smaller, “higher-profile” board and immediately review all of the safety information currently available, identifying weak spots and then creating new resources accordingly.

The final point of interest is a “baseline,” or set of principles, aimed at Google, Apple and other app store managers. It would be voluntary and push technology companies to enforce better app descriptions, with clear information about age ratings, data collection, and how to report safety concerns. The government would also like app stores to promote, or somehow feature safety-conscious apps throughout the platforms. If they were on the homepage, or somewhere equally visible, it would provide a financial incentive for app developers to comply with best practices.

For now, the green paper is just a set of ideas. The government is requesting feedback from the public, politicians and industry stakeholders which will be taken under consideration before taking any of them further. Bradley argues that her ideas are “ambitious,” but “rightly so.” “Behaviour that is unacceptable in real life is unacceptable on a computer screen,” she said. “We need an approach to the Internet that protects everyone without restricting growth and innovation in the digital economy.”

Source: Internet Safety Strategy green paper (GOV.UK)

Nissan made a DualShock-controlled car to promote ‘GT Sport’

Professional racer Jann Mardenborough recently got the chance to live every Gran Turismo fan’s dream: he drove a real car using a DualShock 4 controller from aboard a helicopter. That car was a modified Nissan GT-R aptly called the GT-R /C, made to celebrate the automaker’s 20th year of involvement with Gran Turismo and GT Sport’s upcoming launch. The vehicle is fitted with four robots — one each to control the steering wheel, transmissions, brakes and throttle — and a micro-computer to receive commands from the unmodified DualShock.

That micro-computer is responsible for interpreting the joystick and button signals and transmitting those signals to the car’s onboard systems. Aboard the helicopter, Mardenborough got help from a sensor and a display on the cockpit that showed the GT-R /C’s speed. On his fastest lap that lasted one minute 17.47 seconds, the vehicle reached 131 mph and averaged 76 mph.

Mardenborough described the event as “once-in-a-lifetime, truly epic stuff.” Damn right. Most of us will never have the opportunity to drive it, but we can play Gran Turismo Sport when it drops for the PS4 on October 17th in the US, October 18th in Europe and Australia and October 19th in Japan. Nissan will also use the car in a tour of primary and secondary schools in the UK next year to promote future careers in STEM.

Source: Nissan

Apple Opening Two Mac Labs in India That Will Teach Students How to Create Music Using Logic Pro X

Apple today announced it will be opening two so-called “Mac Labs” at the KM Music Conservatory’s campuses in the Indian cities of Chennai and Mumbai. The labs will teach students how to create music using Logic Pro X.

Apple also said it will fund 10 full time musical scholarships at the learning institution for students from underprivileged backgrounds.

Great to be in Mumbai w/ @KMMC_Chennai. Proud to be supporting @arrahman & investing in the futures of these talented musicians & students. pic.twitter.com/mU2GzPMNfc

— Eddy Cue (@cue) October 11, 2017

Apple’s services chief Eddy Cue traveled to Mumbai this week, where he announced the news in person alongside A.R. Rahman, an Oscar-winning composer, producer, musician, and founder of the KM Music Conservatory.

“It’s an honour to be in Mumbai and I am humbled to be in the presence of the talented A.R. Rahman to make this announcement together,” said Cue. “Apple Music and the KM Music Conservatory share a deep love in discovering, sharing and nurturing musical talent and we’re proud to be supporting such an institution that is investing in the future arts and music community.”

The A.R. Rahman Foundation founded the KM Music Conservatory in 2008. The higher education institution offers a range of part-time and full-time courses in Western and Indian classical music and audio technology.

Tags: Eddy Cue, India
Discuss this article in our forums

California calls on the world’s only 747 SuperTanker to take on wildfires

Why it matters to you

The 747 SuperTanker is doing what it can to quell the deadly fires burning in Northern California.

You know it’s serious when you see the world’s only 747 SuperTanker fly overhead.

Dubbed “the world’s biggest fire extinguisher,” this awesome aerial firefighting machine has been called in to help with ongoing efforts to deal with wildfires devastating parts of Northern California.

The modified Boeing 747 is capable of dropping nearly 20,000 gallons of fire retardant in one go, and earlier this week it made six flights in the space of a single day from Sacramento to affected areas in Napa and Sonoma counties around 40 miles north of San Francisco. Each flight lasted between 31 and 47 minutes.

Footage broadcast on live TV earlier this week showed one of the 747’s runs, with the aircraft flying at low altitude to target the borders of burning expanses of dry vegetation. Reports suggest that 17 people have so far died in the fires, with more evacuations ordered on the evening of October 10.

The California Department of Forestry and Fire Protection (Cal Fire) called on the SuperTanker — operated by Global SuperTanker Services — as part of wider efforts to prevent the devastating wildfires from spreading further. The plane can fly with up to five non-crew members, for incident monitoring and mapping purposes, and can put down a line of retardant up to a mile long.

“If your house were on fire, would you call the fire department and ask them to send me the slowest, smallest fire truck you’ve got? Probably not,” Global SuperTanker Services CEO Jim Wheeler told the San Bernardino Sun recently, adding, “This is a force multiplier for the fire departments because there’s nothing else out there like it.”

The aircraft can get to any location in the mainland U.S. within about three hours from its Colorado Springs base. Since going into service eight years ago, the 747 SuperTanker has been called upon by several governments around the world, flying over fires in Spain, Israel, and Chile.

More often filled with passengers traveling to far-flung places, Boeing’s 747 aircraft, distinctive for its front-end hump, went into service in 1970. Until Airbus’s A380 came along in 2007, it was the biggest commercial airliner in the world in terms of physical size, and even had the power and strength to give the Space Shuttle a ride.

Microsoft Launcher review: A beautiful Android experience

Microsoft’s mobile efforts on Android continue to expand with the official rollout of Microsoft Launcher. But it’s in preview, so there are bugs to fix and a few areas to improve.

Microsoft Launcher is the upgraded version of the Microsoft Garage project Arrow Launcher, and we covered the key changes that came with that upgrade last week. It’s free and can be picked up from the Google Play Store.

After some heavy usage over the last few days, we’re breaking down what works, what doesn’t, and where Microsoft should take their launcher from here.

Design

As Microsoft Launcher gains more publicity, there have been some rumblings about how it doesn’t look like Windows 10 Mobile. It’s important to point out that it doesn’t seem to be the goal of Microsoft to make Android look exactly like Windows 10 Mobile. For example, you won’t find Live Tiles anywhere in the launcher. If you’re looking for as close to a facsimile of Windows 10 Mobile on Android as possible, there are other options, such as Squarehome 2.

But this isn’t a bad thing. Microsoft isn’t trying to turn Android into Windows 10 Mobile, they are trying to integrate Microsoft services into the Android experience while also adding some design elements that will be familiar to Windows users. And in that respect, Microsoft Launcher is phenomenal.

For example, there’s also an option for a transparent theme. With all the transparent design elements coming in the Windows 10 Fall Creators Update, having a glass effect throughout all of your devices helps them feel more like siblings. Microsoft Launcher’s transparency is found on every page in the launcher, including your newsfeed, calendar, people section, and more.

Other options, such as accent colors, allow you to extend the look used to on your PC, though at this time accent colors are limited to five options. This needs to increase dramatically to come close to the customization level available on Windows 10.

Even if you have no interest in making your phone look or feel like Windows 10, Microsoft Launcher is a great way to make your phone looks nice. The attention to detail that the developers put into the launcher adds up. Things like your profile photo smoothly shrinking and moving as you scroll through your newsfeed, the easy-to-navigate interface, and handy pages that you can pin and then swipe between make using an Android phone easier and better looking than many other launchers, especially the ones that come preinstalled on some Android phones.

Integration with Microsoft services and devices

Arrow Launcher already had features such as Wunderlist and Outlook calendar integration. Microsoft Launcher takes that idea further by bringing “Continue on PC” to Android. This lets you start doing things on your phone and easily jump to another device. This will be familiar to anyone who has taken advantage of Project Rome.

It’s a nice addition to Android and will hopefully get better over time. You can take a document you’re working on and push it over to your PC. It also works with links, even if you’re browsing on Chrome on your phone and have Edge as the default browser on PC. It works fairly well, though it can take a couple seconds to open on your PC.

While it is handy, it’s limited at this time. If you are listening to a song on Groove on your Android phone and click “Continue on PC,” it opens the app on your PC in a browser, which can then switch apps and open the song in the Groove Music app on your PC from the beginning of the song. This is a lot less elegant and functional than Spotify Connect, which will keep playing the same song seamlessly. (We should add that Groove is now dead.)

Microsoft is focusing on features like real-time co-editing in Office apps so there’s hope that a more seamless continuation between devices could come in the future, but it’s not here yet.

Other Microsoft services work well on Microsoft Launcher. The calendar page makes sure you’re only a few swipes away from seeing a beautiful layout of your agenda. You can have a page to jump to any of your recent documents. And there’s also a nice page you can pin for your to-dos that syncs with Wunderlist.

The services that are available work well but Microsoft needs to take this trend even further over time. The to-do list works very well but at the moment only syncs with Wunderlist and not Microsoft To-Do. The newsfeed in Microsoft Launcher is good looking and customizable but doesn’t have the option to sync with your Cortana notebook. And speaking of Cortana, Microsoft’s digital assistant has no native support within Microsoft Launcher. A pinnable Cortana page would be a great addition to the app.

The app is in preview so it’s understandable that features and integration need to be added but at this time you still need to do some extra steps to get that full Microsoft experience on your Android device.

Performance

Speaking of which, being in preview brings some performance bugs. Some users have spotted lag while vertically scrolling between their app pages. We’ve run into some issues with the launcher when connecting to a device via Miracast and then disconnecting it.

But overall the launcher is very solid. It’s fast and generally fluid, aside from some specific issues. It would be a lie to say that the launcher is perfect but considering it came out last week and has already seen an update, it’s clear that Microsoft is working to iron out any kinks.

One of the knocks on Android is that it can take effort and knowledge to set up. Microsoft Launcher is fast and performs well, while also being simple to use. If you are looking for an easier experience on Android or know someone who is, Microsoft Launcher did well in our testing.

Other things that need to be added

In addition to adding more integration with Microsoft services and some more options for customization, there are some features that need to be added to make Microsoft Launcher better as an Android launcher. A big one is a landscape mode. Phones may be getting taller and more portrait mode-oriented but there are still times that landscape mode is just better, like when you’re in the car. Above is what Microsoft Launcher looks like if forced into landscape mode by a third party app.

It would also be nice to have the feel of Microsoft Launcher come to the lock screen. The Microsoft Garage app Next Lock Screen is already available and highly rated but is due for a refresh. Adopting Next Lock Screen into the proper family of Microsoft apps on Android — the way Arrow Launcher was — would sprinkle your Android phone experience with Microsoft dust from unlock to everyday use.

Overall thoughts

Arrow Launcher was good, Microsoft Launcher is even better. While it isn’t perfect, it is a well designed, feature rich launcher that allows you to extend your Microsoft experience to and from your Android phone.

Over time, Microsoft can add more features and options to close the gap between your devices even further while also enhancing your phone experience.

If you’re looking for an easy to use a launcher that will enhance your overall phone experience as well as phone’s connections with Microsoft services and design, Microsoft Launcher is a must-have.

Do you like Microsoft’s decision to launch their own Android launcher? Have you tried Microsoft Launcher yet? Let us know in the comments.

The UK gets its first ocean-cleaning ‘Seabin’

It’s no secret that the world’s oceans are full of floating waste. Things like plastic not only pollute the natural ecosystem, but pose a very real threat to its inhabitants. Back in December 2015, we were first introduced to the concept of the Seabin, a floating natural fiber garbage bin that can suck in pollutants in docks and marinas and leave the water pristine.

Its creators needed help making the concept a reality, taking to Indiegogo to raise enough funds to deploy their marine disposal units all over the world. With over $260,000 in their pocket, two Australian surfers, Pete Ceglinski and Andrew Turton, have today embarked on that journey, installing the world’s first production Seabin in Portsmouth (UK) harbour.

The Times reports that the Seabin has been installed near the base of the Land Rover Ben Ainslie Racing (BAR) team. The group is typically known for its attempting to bring sailing’s most prestigious prize — the America’s Cup — back to Britain, but it’s also keen to reduce its environmental impact while doing so. The team has already committed to not eating meat on a Monday, only sources sustainable seafood and will now oversee the Seabin as it filters around the protected cages of over 1,000 oysters located near its pontoon.

The Seabin’s creators say that each unit can collect around 1.5kg of waste a day and hold up to 12kg until it’s full. That amounts to 20,000 plastic bottles or 83,000 plastic bags a year. It houses a large natural fibre net and the dock-based pump only collects debris floating on top of the water, including surface oils, ensuring fish are safe.

Plenty of other places are trialling the Seabin, including Spain’s Port Adriano and the Port of Helsinki (Finland). They will officially go on sale in “early November,” costing around £3,000 ($3,957).

Source: The Times