Best launchers for theming your Android phone
Customization is my favorite part of Android.
Android provides us with so much freedom, allowing us to completely scrap the setup and the launcher that came with our phones and replace it with something that suits us more. Years ago, before I knew what Nova Launcher and icon packs were, I was trying to make my phone look less blockish and boring. Our phones hold our lives — shouldn’t they hold some of our personality and style, too?
Whether you’ve got theming down to an art or you’re just looking for something a little more flexible than your current launcher, these are the best of the best when it comes to theming launchers. They are also two of the best launchers on the market, period.
Here’s why you should have Nova Launcher and Action Launcher in your theming toolkit.
The Best: Nova Launcher
Nova Launcher is one of the few constants in the launcher scene: Nova Launcher is coming up on its sixth birthday this winter, and it has been consistently awesome. Nova Launcher has a small learning curve, but once you learn your way around Nova Settings, the theming world is your oyster, and Nova holds quite a few pearls.
The biggest pearl from a theming standpoint is Subgrid Positioning. This allows users to resize widgets and place icons halfways between traditional grid boxes. So you can resize a widget to be 4×1.5 or even .5x.5 if you want. This increased freedom when placing and sizing widgets is invaluable when it comes to lining up elements in complex themes, or even placing element precisely in relation a detailed wallpaper. The ability to stretch widgets to the edges of the grid and the screen almost helps users make more immersive themes with edge-to-edge widgets. Subgrid positioning is a small feature with a big impact, which gives it a distinct advantage over Action Launcher.
Try doing this in Action Launcher. I dare you.
Nova Launcher also allows you to set any color you like for your launcher elements, including transparency. You can even use hex codes to color-match elements of your desired theme exactly, and we’ve taken advantage of this in several themes. Getting the colors right on your app drawers, folders, and search bars might seem trivial to some, and it’s something most launchers don’t bother allowing you to change, but for a theming launcher, it is crucial.
If there’s a downside to Nova Launcher, it’s that while everything is laid out in the settings in a fairly straightforward manner, it still takes time to edit everything individually. Nova Launcher is like a Swiss Army knife: there’s so many attachments you never think you’ll need but if you ever do, all you have to do is pull each one out until you find what you need.
Runner-Up: Action Launcher
Action Launcher, on the other hand, is more like a switchblade: very quick, very sharp, but without the bottle opener or the nail trimmer. Now, don’t get me wrong, Action Launcher has a lot of features, and a lot of customization, but almost all of it is geared towards productivity. There’s quite a lot of theming potential, but there are a few things missing that keep it from overtaking Nova Launcher in this category.
One of Action Launcher’s most well-known features are their Covers, which allow you to replace a folder icon with the first icon in your folder, and allows you to quickly open that first app with a tap, while opening the folder with a swipe. It’s a nice feature, but I’m sorry to say that from a theming perspective, Nova does it better, albeit clunkier. To activate a Cover on Action Launcher, you simply open the folder, tap the three-dot menu, and tap Make Cover. In order to set a custom folder icon, you must make a folder a Cover, then change the icon of the app that becomes the Cover.
Action Launcher’s Covers are easy, but lack the customization in look and function of Nova Launcher’s folders.
When setting up a Cover on Nova, you long-press a folder, Edit it, then activate Swipe to open folder and set the tap action to the first app in your folder… or any other app or Nova shortcut you want. You can also set a custom folder icon regardless of using Swipe to open in Nova Launcher, as folder icons can be edited just like any other shortcut. It’s definitely easier on Action Launcher, but you can do it more ways on Nova, especially in relation to theme-building.
Another feature where Action Launcher opts for a simpler but ultimately less useful implementation is Quicktheme. Quicktheme allows you to quickly set colors that are decided by the colors in your wallpaper, and if Quicktheme pulls the right colors for your wallpaper, it’s great.
The problem is, a lot of times, Quicktheme can miss colors we want to use in our theme (especially accent colors), and you can’t manually pick a color if it gets missed: you have to re-apply your wallpaper and hope that Quicktheme gets it that time. If you’re using a Live Wallpaper like Touch Circle or KLWP, your chances of getting the right colors are slim to none, as Action Launcher pulls colors from the icon rather than the actual live wallpaper.
It’s wonderful to have all your color options on one page, but I need all colors at my disposal, not six that may or may not match my wallpaper plus basic black, white and grey.
Now, all of this is not to say Action Launcher can’t be used for good themes. Action Launcher currently has an excellent take on the Pixel theme, allowing you to better customize Pixel folder icons and their iconic Quickbar than Nova. Action Launcher isn’t quite as flexible, but it is a lot more nimble, and for users who switch themes the way most of us switch clothes, that counts for a lot.
The Verdict
It is a wonderful time to be an Android themer, because Nova Launcher and Action Launcher just keep getting bigger, better, and bolder than ever. Both launchers are actively adding the latest Pixel features to their launchers, from the dock search bar to Adaptive icons. Action Launcher handles the dock search bar a little better because of its heavy investment in the Quickbar already, while Nova Launcher’s implementation of Adaptive icons is a little cleaner and more adaptive to legacy icons.
Nova Launcher does more, and Action Launcher does some of it faster. If you’re not as nitty-gritty with your grids and widget placements, Action Launcher will get your theme up and get you on your way without much fuss. If you care about the little details, or just need the freedom of being to chose just about everything in your launcher, Nova Launcher is your launcher.
So long as the color choices in Action Launcher are limited to a few algorithm-picked hues and grid sizes limit your icon sizes and folder placement, Nova Launcher will remain the launcher I theme in. And judging by the reception Nova Launcher receives anywhere it’s mentioned, it’ll remain the theming launcher many, many others use.
Where are the other launchers?
I wish I could tell you there’s a lot of great theming launchers out there. But there aren’t. There are certainly theming launchers beyond Nova and Action, but none can play on their level.
Apex Launcher is (slowly) making a comeback, but it’s still a long, long way from being feature competitive again. ADW Launcher 2.0 is another launcher rising from stagnation, but the UI still needs work, and the configurations aren’t easy to use. GO Launcher is spammy. Buzz Launcher’s controls are awkward and it doesn’t play well with Google Play theme elements. Total Launcher and Lightning Launcher are so powerful but too complicated for most users (even for me!).
Then there are dozens of decent general-use launchers that can do what we call ‘light-duty’ theming: custom wallpapers, icon packs, and resizable widgets. This includes launchers like Smart Launcher, Arrow Launcher, and Aviate Launcher. They are capable launchers, but they can’t compete with Action Launcher for theming, nor can they compete with Nova Launcher.
Updated October 2017: We’ve updated this article to include the progress made by theming launchers in the last several months, such as Google Now pages coming to both launchers and Android Oreo feature implementation.
These are the router makers that have patched KRACK WPA2 Wi-Fi flaws
Is your router receiving the attention it needs in light of the KRACK WPA2 Wi-Fi hack?
An exploit that has taken the “protected” out of Wi-Fi Protected Access II (WPA2) means that your wireless network is likely not as safe as you once thought. What security researcher Mathy Vanhoef is calling “KRACK” attacks the handshake portion of the WPA2 protocol. Mobile Nations Senior Editor Jerry Hildenbrand put together a comprehensive guide on exactly how the exploit works and how you can protect yourself, also mentioning some information on patches containing a fix. To help you stay on top of which vendors are patching the vulnerability, we rounded them up here.
Router vendors that have issued KRACK patches
As mentioned in Hildenbrand’s article, the best way to protect yourself from this exploit is to not use Wi-Fi at all until a proper fix has been proven. CERT has released notes on the KRACK problem, including a list of vendors whose equipment is vulnerable.
Some security-minded companies have already worked on fixes and are offering patches. Check back often, as we will keep this list updated.
- Arch Linux: WPA Supplicant patch, Hostapd patch
- Aruba
- Debian/Ubuntu
- Mikrotik
- Netgear: WAC120, WAC505/WAC510, WAC720/730, WN604, WNAP210v2, WNAP320, WNDAP350, WNDAP620, WNDAP660, WND930
- Ubiquiti
There are also a number of vendors listed as “Not affected” on the CERT website without further explanation from the vendors themselves. These include:
- Arista
- Lenovo
- VMWare
Pixel 2 live wallpapers are now available to download
The new live wallpapers will work on Android 6.0 Marshmallow and above.
Google’s Pixel 2 is shaping up to be one of the year’s best phones, and while the non-XL model might not have the most attractive hardware, both variants will ship with some of the best Android software around. One of the many features shown off at the October 4 announcement event was the Pixel 2’s updated live wallpapers, and thanks to a developer by the name of Pranav Pandey, you can now download these on any Android phone running 6.0 Marshmallow or above.
Last year’s Pixel introduced “live earth” wallpapers that moved with your home screen to create for some added depth, and the Pixel 2’s “live wallpapers” take things a step further by introducing even more moving and interactive parts. One wallpaper shows Lagos, Portugal with crashing waves on a rocky shore, while another showcases hot air balloons flying over Monument Valley, Utah.
There are also Glimmer wallpapers that brighten up when touching your home screen, Gooey ones with virtual goo that responds and reshapes itself based on your taps and swipes, and even real-time views of Mars and the Moon.
If it seems like a lot of Pixel 2 features have been ported over to other phones recently, that’s because they have been. Static Pixel 2 wallpapers were made available to download prior to these live ones, and along with that, the Pixel 2’s launcher and camera app were released as well.
The Pixel 2 is an expensive phone, and while these apps and wallpapers won’t give you the exact same experience found on Google’s latest and greatest, they sure can get you close.
You can download the Pixel 2 live wallpapers here.
Google Pixel 2 and Pixel 2 XL
- Pixel 2 FAQ: Everything you need to know!
- Google Pixel 2 and 2 XL hands-on preview
- Google Pixel 2 specs
- Google Pixel 2 vs. Pixel 2 XL: What’s the difference?
- Join our Pixel 2 forums
Google Store
Project Fi
Verizon
Drone hits a commercial plane for the first time in Canada
A twin-engined commercial prop aircraft has struck a drone for the first time in Canada, says Minister of Transport Marc Garneau. The Skyjet Beech King Air 100 was on approach to Jean Lesage International Airport in Québec City when it hit an unknown type of UAV. Garneau said that the drone was flying at around 1,500 feet, three miles from the airport — 500 feet above the legal limit. The plane landed safely and sustained only minor damage, but “it could have been a lot more serious,” he told the CBC.
Any aircraft in an ATC (air traffic control) area around airports must have clearance to be there, and drones aren’t permitted above 90 meters (about 300 feet) in Canada, under penalty of a $3,000 fine. “It’s important to note that aircraft are particularly vulnerable when on final approach coming in,” said Garneau, a three-time space shuttle astronaut. “The pilot is concentrating on landing properly.”
Governments around the world have struggled to balance passenger safety with the commercial needs of drone pilots. The US Federal Aeronautics Administration (FAA) recently released its own rules that require daylight or dusk operation within the pilot’s line of sight. Commercial drone pilots must be at least 16 years old and need to pass an Aeronautical Knowledge Test before they can get their remote pilot certificate. Heights are limited to 400 feet, but the FAA has issued numerous waivers for that rule.
In Canada, the rules implemented in March of this year are even more strict — drones must keep about 5.6 miles away from any airport or body of water where aircraft take off. Anyone found to have endangered an aircraft could be subject to a $25,000 fine. “When it comes to safety, I don’t think anything is overkill,” said Garneau at the time.
Via: CNET
Source: Transport Canada
Astronomers just measured a whole lot more than gravitational waves
A couple of weeks ago, the LIGO (Laser Interferometer Gravitational-Wave Observatory) and Virgo teams announced the detection of another set of gravitational waves — the fourth since LIGO’s first detection in September of 2015. The observations of these ripples in spacetime are extraordinary in and of themselves, no matter how many times we record them. However, while the first three sets of gravitational waves recorded were by the two LIGO observatories, the fourth was also detected by a newly established third — Virgo — located in Italy. And having three detectors allows researchers to triangulate the source of those waves with extraordinary precision.
The importance of that precision was made clear today when the LIGO and Virgo teams announced a fifth gravitational wave detection, the source of which was able to be quickly located. This allowed dozens of other observatories to hone in on it and collect additional data including visual, X-ray, infrared, ultraviolet and radio wave recordings — meaning researchers all around the world just collected, and are continuing to collect, a massive trove of information that has given us the most detailed look at a gravitational wave-generating event ever.
The previously recorded gravitational waves were caused by black holes merging many millions of light-years away. However, these new waves, recorded on August 17th, originated from the merging of two neutron stars — very small but incredibly massive stars. They’re what’s left over after a massive star collapses and all of the protons and electrons get packed tightly together. They’re around the size of a city, but 1.3 to 2.5 times the mass of our Sun. Just a teaspoon of a neutron star’s matter can weigh more than one billion tons. The gravitational wave recordings indicated that this latest event was much closer than previous ones, around 130 million light-years from Earth.
Around the same time that LIGO and Virgo picked up the signal, a bright flash of gamma rays was detected by NASA’s Fermi space telescope, and combined, those data allowed researchers to pinpoint which direction the waves were coming from. Armed with that knowledge, thousands of researchers around the world, manning more than 70 ground- and space-based observatories, were mobilized and all of them began collecting additional data from the neutron star merger. “This event has the most precise sky localization of all detected gravitational waves so far,” Jo van den Brand, spokesperson for the Virgo collaboration, said in a statement. “This record precision enabled astronomers to perform follow-up observations that led to a plethora of breathtaking results.”
This strategy, called multi-messenger astronomy, has been a goal of LIGO researchers from the very beginning because observing these sorts of events with gravitational waves and light at nearly the same time can provide far more detail than either can alone. “This detection opens the window of a long-awaited ‘multi-messenger’ astronomy,” David Reitze, executive director of the LIGO Laboratory, said in a statement. “It’s the first time that we’ve observed a cataclysmic astrophysical event in both gravitational waves and electromagnetic waves — our cosmic messengers. Gravitational-wave astronomy offers new opportunities to understand the properties of neutron stars in ways that just can’t be achieved with electromagnetic astronomy alone.”
And the collection of data was truly a team effort. Once astronomers around the world were notified of the detection, the hunt began for the source. David Cook, a postdoc at Caltech, quickly made a list of 50 possible galaxies that could be hosting the neutron star merger. A few hours later the Swope Telescope located in Chile detected an optical signal that seemed to match the gravitational wave and gamma ray signals in a galaxy called NGC 4993. Shortly after that, the Gemini South telescope — also in Chile — detected an infrared signal from the same area.
So what have we learned from this event so far? Quite a lot actually, and more information is still being collected. The head of Caltech’s astrophysical data analysis group for LIGO, Alan Weinstein, said, “The detection of gravitational waves from a binary neutron star merger is something that we have spent decades preparing for. On that morning, all of our dreams came true.”
One major finding was that neutron stars give off gamma ray bursts when they merge, which had only been theorized before. But Fermi’s initial recording, along with the confirmation from the European Space Agency’s INTEGRAL gamma ray observatory, have finally provided researchers with solid evidence.
Secondly, a big question about where the heavy elements of our universe come from may have been answered. The lightest elements, hydrogen and helium, are thought to have been formed during the Big Bang while heavier elements from lithium up to iron are generated by stars. But where most of the other elements come from has been a bit of an unknown. That is, until now. Infrared observations from the likes of the Gemini Observatory, the European Very Large Telescope and the Hubble Space Telescope showed that the neutron star merger produced those heavier elements. “For the very first time, we see unequivocal evidence of a cosmic mine that is forging about 10,000 earth-masses of heavy elements, such as gold, platinum and neodymium,” said Mansi Kasliwal, leader of the Global Relay of Observatories Watching Transients Happen project, a collaboration made up of dozens of astronomers and 18 telescopes on six continents.
There were a handful of surprises, though. The gamma ray signals that spewed out of the merger were surprisingly weak. And, even a week after the gravitational wave detection, researchers still hadn’t observed any X-rays or radio waves. X-rays were eventually detected by NASA’s Chandra X-ray Observatory nine days after the merger. It took 16 days for the Very Large Array in New Mexico to pick up any radio waves. These delayed waves and wimpy gamma ray signals spurred Kasliwal and her colleagues to design an explanatory model wherein a pressurized cocoon-like structure forms during the merger that traps the waves.
While the radio waves may be the slowest to arrive, they stick around much longer than the others and bring with them a ton of information, which could include how much energy was in the explosion, how much mass was spewed out and whether the merger might have an impact on star formation. “The radio emission arrives last but persists much longer than emissions at other wavebands,” said Caltech astronomer Gregg Hallinan. “Radio comes late, and it comes slow, but it brings amazing information about the cosmic cataclysm.”
This event is the most intensively studied transient astronomical occurrence in history and it’s hard to overstate just how important it is. It has not only provided scientists with far more data than they’ve ever had on such an event, it demonstrated just how wildly effective multi-messenger astronomy is. With a global web of observatories all focused on the same target, we stand to make substantial advances in our understanding of how the universe formed and continues to evolve. “The story that is unfolding for this event is more complete than for any previous event in astronomical history,” said Hallinan in a statement. “This complete story — both hearing and seeing the violent universe — is the gift of multi-messenger astronomy,” he continued. Laura Cadonati, a physics professor at Georgia Tech and the spokesperson for the LIGO Scientific Collaboration said, “This detection has genuinely opened the doors to a new way of doing astrophysics. I expect it will be remembered as one of the most studied astrophysical events in history.”
The data described today in a handful of papers published in Science and Physical Review Letters are just the beginning. Observatories around the world will be releasing more findings in the weeks and months to come and many will continue to observe the effects of the neutron star merger for months, even years. And this is just one event. “We even more eagerly anticipate the detection of gravitational waves from different kinds of known, extremely energetic astrophysical objects, like rapidly spinning pulsars, supernovae and neutron star quakes,” said Weinstein, “and, especially, from heretofore unknown astrophysical objects.” It is truly an astoundingly exciting time.
Images: LIGO-Virgo/Frank Elavsky/Northwestern (Stellar Masses); UC Santa Cruz and Carnegie Observatories/Ryan Foley (Swope Telescope Optical Image); LIGO-Virgo (Participating Observatories)
Safety is Elon Musk’s chief concern for new SpaceX rocket
Over the weekend, Elon Musk hosted a Reddit AMA as a follow-up to his presentation at the 2017 International Astronautical Congress. During that speech, Musk unveiled quite a few different ideas that will revolutionize space travel, from a new rocket called “BFR” (for “big fucking rocket”) to a moon base and a trip to Mars by 2024. He took to r/space to answer questions about these many new ideas, and we’ve rounded up some of the most interesting answers from the AMA.
In response to a question asking what will be sent in the first missions to Mars, Musk responded that SpaceX’s goal will be to transport colonists and make sure the basic necessities for survival were in place. He compared it to building the transcontinental railway. “A vast amount of industry will need to be built on Mars by many other companies and millions of people,” Musk explained, which makes clear he’s not planning on SpaceX colonizing Mars singlehandedly.
Musk addressed safety issues when it comes to using BFR for transportation around the Earth. SpaceX’s goal is to reach (or even exceed) current levels of safety for passenger airlines. The focus of the Raptor engines is on reliability; they’ll have a flak shield to protect them, as well as more engines than most airlines to ensure redundancy. “That will be especially important for point to point journeys on Earth,” Musk said. “The advantage of getting somewhere in 30 mins by rocket instead of 15 hours by plane will be negatively affected if ‘but also, you might die’ is on the ticket.
Safety was also cited as the reason that the Raptor engines were downscaled from roughly 300 tons-force to 170 tons-force. After cheekily responding to a question addressing the downscaling with, “We chickened out,” Musk cited the possibility of engine failure as the reason behind the decision. The ship’s mass decreased between the previous IAC talk and this one; the engine downscaling is in proportion to that. “In order to be able to land the BF Ship with an engine failure at the worst possible moment, you have to have multiple engines,” he explained “The difficulty of deep throttling an engine increases in a non-linear way, so 2:1 is fairly easy, but a deep 5:1 is very hard.”
Musk also addressed his vision for a future city on Mars. The illustration provided shows ships that appear to have been used to construct the colony. One commenter asked whether that meant the first two spaceships would remain on Mars permanently as a part of the city. Musk’s answer was succinct: “Wouldn’t read too much into that illustration.”
Another commenter asked about landing sites for the Mars base. Were the priorities on science or safety? As was a theme throughout this AMA, safety and survival are the paramount concerns. “Landing site needs to be low altitude to maximize aero braking, be close to ice for propellant production and not have giant boulders,” he said. “Closer to the equator is better too for solar power production and not freezing your ass off.”
If you’re interested in technical specs and getting down into the nitty gritty, you should check out the full AMA for yourself. Musk answers quite a few detailed and well thought out questions (including a warning that the future design of the fuel tanker for the BFS will look “kinda weird.”)
Via: The Verge
Source: Reddit
The Analog Super Nt Mini is Nintendo’s SNES Classic for grown-ups
Just as the NES Classic Edition broke ground before the SNES Classic, Analogue is also following up on Nintendo’s wallet-grab on our childhood memories with another premium, no-compromise mini console that plays the gaming carts of yesteryear, and solves some of our issues with the official miniature SNES. This is all, however, for a premium price. Naturally.
The main selling point of the Super Nt Mini is that it doesn’t tap emulation to play retro games. You can use old cartridges to play your games exactly like they were — for better and worse. Yep, it’s accurate and lag-free, but there’s also no save state feature, like that found on the official mini console. The Super NT does, however, add aspect ratio preservation for your wide-screen TV, as well as multiple resolution options, scanlines and scaler options to make sure games look as old as you remember them looking. It’s also outputting your favourite 16-bit chip loops at 48kHz — high-fidelity (for a SNES) audio.
This is also the first complete FPGA (field-programmable gate array) Super Nintendo console — Analogue says it’s designed to “preserve video game history, with the respect it deserves.” But don’t worry, there’s still wireless controller options. I mean, we’re not savages.
Compared to Nintendo’s version, Analogue is positioning its mini-SNES as a premium product. There are black, see-thru and classic-colored consoles to choose from, each priced at $190, while wireless controllers (from 8bitdo) also come in the same color options at $40 a pop. Interestingly, this makes the console much cheaper than its predecessor, the Nt Mini. However, with those wireless controller prices — there’s none in-box — it still brings the price up to just below $300. In comparison, the SNES Classic retailed for $80.
While we’ve got the prices, we still don’t know an exact launch date. However, given we know everything else, and have plenty of images of it, we’d suspect it’s going to arrive sooner rather than later.
Google WiFi adds site blocking to its family-friendly features
Google WiFi is a router that prioritizes ease of setup and use; it’s a great option for people who want to combine quick setup with advanced family-friendly controls. Now, they’re adding even more to the mix. Today, the company announced that Google WiFi offers site blocking, which allows parents to control access to over 8 million explicit websites. It will be available over the next day from within the Google WiFi app.
The technology works by taking advantage of Google SafeSearch, which was created in 2009. The new Google WiFi feature allows parents to turn on SafeSearch for certain devices across their network, which will then block all identified sites with adult content. Because SafeSearch is constantly on the lookout for new sites with explicit content, the blocked list will update in real time.
Source: Google
Major Wi-Fi Vulnerabilities Uncovered Put Millions of Devices at Risk, Including Macs and iPhones
Mathy Vanhoef, a postdoctoral researcher at Belgian university KU Leuven, has discovered and disclosed major vulnerabilities in the WPA2 protocol that secures all modern protected Wi-Fi networks.
Vanhoef said an attacker within range of a victim can exploit these weaknesses using so-called KRACKs, or key reinstallation attacks, which can result in any data or information that the victim transmits being decrypted. Attackers can eavesdrop on network traffic on both private and public networks.
As explained by Ars Technica, the primary attack exploits a four-way handshake that is used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
As a result, attackers can potentially intercept sensitive information, such as credit card numbers, passwords, emails, and photos. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
Note that the attacks do not recover the password of any Wi-Fi network, according to Vanhoef. They also do not recover any parts of the fresh encryption key that is negotiated during the four-way handshake.
Websites properly configured with HTTPS have an additional layer of protection, as all communications between the browser and the website are encrypted, but Vanhoef warned many can still be bypassed.
Since the vulnerabilities exist in the Wi-Fi standard itself, nearly any router and device that supports Wi-Fi is likely affected, including Macs and iOS devices. Android and Linux devices are particularly vulnerable since they can be tricked into installing an all-zero encryption key instead of reinstalling the real key.
This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key.
As a proof-of-concept, Vanhoef executed a key reinstallation attack against an Android smartphone. In the video demonstration below, the attacker is able to decrypt all data that the victim transmits.
iOS devices are vulnerable to attacks against the group key handshake, but they are not vulnerable to the key reinstallation attack.
Fortunately, the vulnerabilities can be patched, and in a backwards-compatible manner. In other words, a patched client like a smartphone can still communicate with an un-patched access point like a router.
Vanhoef said he began disclosing the vulnerabilities to vendors in July. US-CERT, short for the United States Computer Emergency Readiness Team, sent out a broad notification to vendors in late August. It is now up to device and router manufacturers to release any necessary security or firmware updates.
Despite the vulnerabilities, Vanhoef says the public should still use WPA2 while waiting for patches. In the meantime, steps users can take to mitigate their threat level in the meantime include using a VPN, using a wired Ethernet connection where possible, and avoiding public Wi-Fi networks.
Vanhoef is presenting his research behind the attack at both the Black Hat Europe and Computer and Communications Security conferences in early November. His detailed research paper (PDF) is available today.
Tags: security, wi-fi
Discuss this article in our forums
Apple Begins Selling Bose SoundLink Micro Bluetooth Speaker Online and In Stores
Apple recently added a new Bluetooth speaker to its retail and online stores, called the “SoundLink Micro” and created by Bose. Spotted by Japanese blog Mac Otakara [Google Translate], the $109.95 speaker seems to have appeared on Apple’s website around October 11, and has subsequently launched in some retail stores as well.
The SoundLink Micro is designed for durability and comes with an IPX7 waterproof rating, equivalent to the Apple Watch’s rating and ability to withstand submersion up to 1 meter for up to 30 minutes. The speaker’s durability can resist dents, cracks, and scratches, and the package also includes a tear-resistant strap to attach to a backpack or cooler.
In terms of music playback, the speaker can last up to six hours, and if you have two of them they can be paired together for stereo or “Party Mode” playback. When synced to an iPhone, the SoundLink Micro supports access to Siri and lets you take calls right from the speaker. Bose’s speaker measures at 3.87 inches tall by 3.87 inches wide, and includes a Micro USB charging cable.
Two-day shipping is available as of writing for the SoundLink Micro, and it appears that the device has already arrived at most Apple retail stores. For the locations that don’t have stock today, many list availability dates later this week, around October 18. Visit Apple.com to check out more information on the speaker, which also comes in Orange, Black, and Blue color options.
Tag: Bose
Discuss this article in our forums
AIVAnet 