Would you mind if someone openly used your phone to mine cryptocurrency?

Botnets are generally associated with a collection of computers that have been backed by malicious users in order to use those computers to earn revenue either by spreading malware, mining cryptocurrency, or other endeavors. However, Russian developer Alexey Khripkov claims to have created a legal botnet by installing bitcoin mining software onto the phones of users who download his popular Android games.

Khripkov has released a number of popular Android games and has an unusual plan to monetize those games. Rather than simply relying on micro-transactions or direct purchases, Khripkov uses his customers’ phones to mine for bitcoins.

In an interview with Forbes, Khripkov stressed that he was breaking no laws and wasn’t doing anything unethical in by setting up this botnet.

“‘Legal botnet’ is only words. It means I have control over thousands of devices,” he told Forbes. “I do not do any evil things like illegal botnets … In my app you can control mining, you enable if it’s acceptable for you or disable if you do not want it. It is not hidden for users, so it is fully legal.”

While Khripkov insists that he has done nothing wrong, some cyber-security firms disagree and many anti-virius companies have started blocking Puzzles, the game which includes the mining software. In a blog post, Ixia, said that programs such as Khripkov’s represented “the next generation of adware software” noting that “thousands of users of users are actively mining for the personal profit of app’s creator.”

Khripkov has denied that he is creating any form of malware, and even accused the anti-virus companies of being the real evil, saying that they create fake threats to scare users, but don’t do anything about real dangers. As an example of his concerns, Khripkov discussed the anti-virus software doesn’t block apps which request access to a device’s SD card, which could contain sensitive information. For his part, the Russian developer stressed that his app did not access any personal information.

While there is still room for debate surrounding Khripkov’s actions, it is undeniable that this year has seen an increase in the number of cryptocurrency-related exploits as the currency’s value has increased. Previously, these attacks were associated with the shady corners of the internet, but a recent report indicates that they have spread to legitimate websites across the internet.

This remote-control sex toy app is secretly recording your intimate adventures

The rapid rise of the Internet of Things has certainly raised some privacy concerns, but when the “thing” is a sex toy, that takes it to a whole new level. The Lovense vibrator app, which allows a user to remotely control a “bullet vibrator,” was found to be secretly recording and storing audio files while it was in use.

A Redditor named tydoctor discovered the sound files while he was reviewing his phone storage in advance of a factory reset. “The file was a FULL audio recording 6 minutes long of the last time I had used the app to control my SO’s remote control vibrator (We used it at a bar while playing pool),” he wrote.

A representative of Lovense responded on Reddit with a post claiming it was just a “minor bug” and the audio files were only saved locally. “Rest assured, no information or data is sent to our servers,” the company rep said. “This cache file currently remains on your phone instead of deleting itself once your session is finished. Also, when the file is created it overwrites itself (no new files are created).”

Lovense confirmed that the bug only affected Android users, and a later post announced that an new version of the app is now available for download from the Google Play Store. If you use this particular app, make sure you’re updated to version 3.0.7.

This isn’t the first time that Lovense and its “teledildonic” sex toys have seen some backlash over the connected nature of their products, as the International Business Times points out. Several months ago, a Bluetooth remote-controlled sex toy was hacked and activated, easily bypassing Lovense’s authentication.

In 2016, a class-action lawsuit was filed against the makers of the remote-control We-Vibe vibrator and associated phone app, which collected user’s data on company servers. In addition to email addresses, which linked specific users to their sex toys, the company also collected data on where and how often its customers used its products. Earlier this year, We-Vibe shelled out $3.75 million to settle the lawsuit, according to NPR.

The strange world of tech-friendly sex toys is booming, from sex robots to wearable devices, and security is not always the primary concern of manufacturers or users. Proceed at your own risk.

This remote-control sex toy app is secretly recording your intimate adventures

The rapid rise of the Internet of Things has certainly raised some privacy concerns, but when the “thing” is a sex toy, that takes it to a whole new level. The Lovense vibrator app, which allows a user to remotely control a “bullet vibrator,” was found to be secretly recording and storing audio files while it was in use.

A Redditor named tydoctor discovered the sound files while he was reviewing his phone storage in advance of a factory reset. “The file was a FULL audio recording 6 minutes long of the last time I had used the app to control my SO’s remote control vibrator (We used it at a bar while playing pool),” he wrote.

A representative of Lovense responded on Reddit with a post claiming it was just a “minor bug” and the audio files were only saved locally. “Rest assured, no information or data is sent to our servers,” the company rep said. “This cache file currently remains on your phone instead of deleting itself once your session is finished. Also, when the file is created it overwrites itself (no new files are created).”

Lovense confirmed that the bug only affected Android users, and a later post announced that an new version of the app is now available for download from the Google Play Store. If you use this particular app, make sure you’re updated to version 3.0.7.

This isn’t the first time that Lovense and its “teledildonic” sex toys have seen some backlash over the connected nature of their products, as the International Business Times points out. Several months ago, a Bluetooth remote-controlled sex toy was hacked and activated, easily bypassing Lovense’s authentication.

In 2016, a class-action lawsuit was filed against the makers of the remote-control We-Vibe vibrator and associated phone app, which collected user’s data on company servers. In addition to email addresses, which linked specific users to their sex toys, the company also collected data on where and how often its customers used its products. Earlier this year, We-Vibe shelled out $3.75 million to settle the lawsuit, according to NPR.

The strange world of tech-friendly sex toys is booming, from sex robots to wearable devices, and security is not always the primary concern of manufacturers or users. Proceed at your own risk.

This remote-control sex toy app is secretly recording your intimate adventures

The rapid rise of the Internet of Things has certainly raised some privacy concerns, but when the “thing” is a sex toy, that takes it to a whole new level. The Lovense vibrator app, which allows a user to remotely control a “bullet vibrator,” was found to be secretly recording and storing audio files while it was in use.

A Redditor named tydoctor discovered the sound files while he was reviewing his phone storage in advance of a factory reset. “The file was a FULL audio recording 6 minutes long of the last time I had used the app to control my SO’s remote control vibrator (We used it at a bar while playing pool),” he wrote.

A representative of Lovense responded on Reddit with a post claiming it was just a “minor bug” and the audio files were only saved locally. “Rest assured, no information or data is sent to our servers,” the company rep said. “This cache file currently remains on your phone instead of deleting itself once your session is finished. Also, when the file is created it overwrites itself (no new files are created).”

Lovense confirmed that the bug only affected Android users, and a later post announced that an new version of the app is now available for download from the Google Play Store. If you use this particular app, make sure you’re updated to version 3.0.7.

This isn’t the first time that Lovense and its “teledildonic” sex toys have seen some backlash over the connected nature of their products, as the International Business Times points out. Several months ago, a Bluetooth remote-controlled sex toy was hacked and activated, easily bypassing Lovense’s authentication.

In 2016, a class-action lawsuit was filed against the makers of the remote-control We-Vibe vibrator and associated phone app, which collected user’s data on company servers. In addition to email addresses, which linked specific users to their sex toys, the company also collected data on where and how often its customers used its products. Earlier this year, We-Vibe shelled out $3.75 million to settle the lawsuit, according to NPR.

The strange world of tech-friendly sex toys is booming, from sex robots to wearable devices, and security is not always the primary concern of manufacturers or users. Proceed at your own risk.

Join friends and family for a group purchase with PayPal’s new Money Pools

PayPal has launched a service that makes it easy to fundraise from friends and family members to reach a group goal. The new feature, called Money Pools, could be used to collect funds for anything from a surprise birthday party to raising money for a family member in need. It can also be used to collect money you’re owed, like when you picked up that $300 bar tab on your credit card and everyone promised to pay you back.

The service is safe and secure, but everyone who participates must have a PayPal account. The pools can be shared on Facebook and Twitter, or via messaging services WhatsApp or Messenger. If you prefer, the fundraising details can also be kept completely private and confidential.

You can put your friends on notice if they fail to pony up, like that one guy in your fantasy league who never pays his dues until the last minute. There’s no fee for the service if you’re transferring money from your PayPal or bank account, but there is a small charge when using a debit or credit card to contribute to the fund.

It’s basically a small-scale GoFundMe page for your circle of friends and family. When you set up a page, you can personalize it with a description and photo, as well as the goal and the deadline. The pool’s activity feed keeps you abreast of who’s already contributed. Similar to other fundraising services, the organizer only receives the money if the goal has been met, although you can easily extend the deadline if it has not been reached.

It’s easier than ever nowadays to share money between friends and chip in for various expenses. You can send cash while you’re Skyping, or chatting in Slack, using Facebook Messenger, or even tack it on as a Gmail attachment.

The cashless economy could already be upon us, thanks to digital transactions like MoneyPools. In 2014, most Americans carried less than $50 with them and half had less than $20, according to Forbes. The number of retailers that don’t accept cash continues to increase. It may not be long before physical bills and coins are a thing of the past.

Join friends and family for a group purchase with PayPal’s new Money Pools

PayPal has launched a service that makes it easy to fundraise from friends and family members to reach a group goal. The new feature, called Money Pools, could be used to collect funds for anything from a surprise birthday party to raising money for a family member in need. It can also be used to collect money you’re owed, like when you picked up that $300 bar tab on your credit card and everyone promised to pay you back.

The service is safe and secure, but everyone who participates must have a PayPal account. The pools can be shared on Facebook and Twitter, or via messaging services WhatsApp or Messenger. If you prefer, the fundraising details can also be kept completely private and confidential.

You can put your friends on notice if they fail to pony up, like that one guy in your fantasy league who never pays his dues until the last minute. There’s no fee for the service if you’re transferring money from your PayPal or bank account, but there is a small charge when using a debit or credit card to contribute to the fund.

It’s basically a small-scale GoFundMe page for your circle of friends and family. When you set up a page, you can personalize it with a description and photo, as well as the goal and the deadline. The pool’s activity feed keeps you abreast of who’s already contributed. Similar to other fundraising services, the organizer only receives the money if the goal has been met, although you can easily extend the deadline if it has not been reached.

It’s easier than ever nowadays to share money between friends and chip in for various expenses. You can send cash while you’re Skyping, or chatting in Slack, using Facebook Messenger, or even tack it on as a Gmail attachment.

The cashless economy could already be upon us, thanks to digital transactions like MoneyPools. In 2014, most Americans carried less than $50 with them and half had less than $20, according to Forbes. The number of retailers that don’t accept cash continues to increase. It may not be long before physical bills and coins are a thing of the past.

Broadcom buying Qualcomm could grind innovation to a screeching halt

Qualcomm is a tech success story that might be coming to an untimely end.

Most everyone has heard about Broadcom positioning itself to buy out Qualcomm. I’ll leave the complete financial strategy for the experts to sort through, but the gist is that Broadcom is trying to spend $70 per share (over $100 billion in total) to buy out Qualcomm, who wants no part of it. Many on Wall Street like the idea, as Broadcom will likely be able to play nice with Apple and Intel so stock prices rise for all three companies, and there is a good chance the deal could happen and not be rejected by regulators.

There’s a darker side, though, and it has to do with the abstract idea we call innovation. Specifically, that this takeover will kill the entrepreneurial spirit that Qualcomm fosters and new breakthroughs in the semiconductor space will suffer. Our own Daniel Bader goes into great detail about how this will affect the mobile space, and it is a must-read.

Why Broadcom’s $130 billion Qualcomm deal would be bad for mobile innovation

But the same issues that surround this potential deal that are bad for mobile are also bad for tech in general. And it goes a bit deeper because this would be a case of a company solely driven by profit suddenly overseeing the ideas and engineers that fuel much of the innovation for what comes next.

Qualcomm is pulling out all the stops

Qualcomm’s x50 5G modem.

I have no love for many of Qualcomm’s business practices, specifically their licensing of SEP (Standards Essential Patents) required for LTE connectivity. Their recent legal struggles over their fees is a worldwide story, but much of the press focuses on the case from Apple over SEP licensing fees. Many pundits and industry analysts think the way they charge for these necessary ideas and technology is unfair, and I’ve expressed the idea myself a time or two. But ultimately what industry experts think doesn’t matter because this is for the courts to decide. And so far, courts have sided against Qualcomm.

Qualcomm has to innovate or die once the courts are finished with them, and they know it.

But these very practices that put a tick in the “evil” column of Qualcomm’s business checklist also are the best thing that will ever happen to mobile semiconductor tech. Once the Apple (and Samsung and Intel and Huawei and MediaTek and every other company who makes products with an LTE connection) cash cow dies, Qualcomm will need a substantial source of income to make up for it. That means it is doing what it does best — innovate with a fury.

Excellent mobile ARM SoCs, 5G networking tech, image processing systems and likely plenty of things we haven’t seen are coming from Qualcomm at an incredible pace. These great products provide an affordable turnkey solution that any company can purchase to make its own products better. Simply put, there is no other company that can provide a single solution for connectivity, application processing, image acquisition and processing and audio capture and playback as good as Qualcomm’s. Individual pieces might not be the best-in-class, but the total package is unbeatable for use in the products we want to buy.

Qualcomm’s engineers are hungry, smart, and free to try the crazy ideas that make breakthroughs happen. This is a golden age of tech in action.

Broadcom and the status quo

Image courtesy Wired.

Broadcom equipment is expensive and everywhere even if we’re not as familiar with the name.

Broadcom is able to afford a $100 billion-plus purchase of Qualcomm because of what the company is. Starting as a company selling networking circuitry and ASIC (Application-specific integrated circuit) processors designed for industrial and commercial communications, the Broadcom Corporation was purchased by Avago Technologies Ltd. in 2016 for $37 billion. Avago CEO Hock Tan is universally accepted as a financial wizard who has perfected his craft at General Motors, PepsiCo, and Commodore. He promptly split and sold Broadcom to shape it into what it is today — a manufacturer of radio equipment for consumer products, but also a major supplier of analog and mixed-signal chips for the automotive industry as well as ASIC processors for communications and data-center equipment.

Part of the streamlining was of course killing or selling off ideas and projects that weren’t profitable. That’s how business works and why engineers and their passion for experimentation don’t usually make for a good CEO. There have been more than a few less than flattering words written about Tan, especially since the bid for Qualcomm was announced, but I can’t agree with any of them; the man seems to be incredibly good at what he is supposed to be good at. He knows how to make money.

Enough money that $130 billion can be waved around to attempt a purchase of a rival corporation.

Oil and water

The whole “problem” here, and rest assured that much of the financial sector doesn’t see any of it as a problem, is that a pragmatic businessman buying a company innovating to save its own life takes away a driving force in next-generation technologies.

We don’t need another company with billions in the bank; we need a company that makes great ideas work.

Had Qualcomm been unable to see problems coming with their current business model or failed to execute on the great ideas coming from their engineering departments, none of this would matter. Apple, Intel, Samsung and the FTC would punish Qualcomm to the point where it was no longer profitable and Broadcom could buy the pieces to try and squeeze a few more dollars from it. But that’s not how it played out.

Taking Qualcomm as it exists in the now and carving it up in order to keep what’s profitable and to satisfy regulators (so that one company doesn’t make every mobile Wi-Fi radio, for example) means one less company doing great things. And it just so happens that it would be the company doing the greatest things right now. This is easy for a mobile enthusiast to put into perspective: look at your phone. Does it take great photos? Can you connect to a data network at speeds that are double or triple what they were 24 months ago? Does your battery last all day? Qualcomm is a big part of anything you said “yes” for.

Keeping these two companies apart is best for the entire industry, including the companies themselves.

We should want a strong and profitable Broadcom, and I hope they can pick up NXP now that they’ve made Qualcomm’s bid on the company more difficult. But we need a strong Qualcomm, too. A future where the courts have forced Qualcomm to play nice with other companies but leaves it to come up with new and better ways to compute is in everyone’s best interests.

Google study shows how your account is most likely to be hijacked

Security threats like phishing, keylogging and third-party breaches are pretty common knowledge. Google wanted to gain a better understanding of how hijackers steal passwords and other sensitive data in the wild, though, so it conducted an analysis of online black markets from March 2016 to March 2017. The result? It found that among the three, phishing poses the biggest threat to your online security. Together with credential leaks, the two represent a threat “orders of magnitude larger than keyloggers.”

The tech titan found 788,000 credentials that were stolen via keyloggers, 12 million stolen via phishing and 3.3 billion exposed by third-party breaches within a year of investigating black markets. A total of 12 percent of the exposed records it found used Gmail addresses as a username, and seven percent of those accounts reused the Gmail password for other services, making them more vulnerable than the others.

Howevever, since Google incorporates safety measures to prevent strangers from logging into your account, the company also saw increasingly sophisticated tools capable of collecting data other than usernames and passwords. Among the phishing tools and keyloggers Google examined, 82 percent and 74 percent, respectively, have the capability collect IP addresses. It also found tools that can collect phone numbers, as well as devices’ make and model. Hijackers can then use those info to authenticate the identities of the accounts they’re stealing.

Mountain View says it applied what it learned from the study to its “existing protections and secured 67 million Google accounts before they were abused.” It launched new security features over the past year, as well, including Advanced Protection to secure the accounts of people most likely to be hacked, such as celebrities and politicians. Despite providing ample protection for your accounts, Google still recommends using a password generator and activating two-factor authentication to make your credentials “unphishable.”

Source: Google Security Blog

Security firm claims to thwart iPhone X’s Face ID with special mask

When Apple introduced Face ID security alongside the iPhone X, it boasted that even Hollywood-quality masks couldn’t fool the system. It might not be a question of movie-like authenticity, however — security researchers at Bkav claim to have thwarted Face ID by using a specially-built mask. Rather than strive for absolute realism, the team built its mask with the aim of tricking the depth-mapping technology. The creation uses hand-crafted “skin” made specifically to exploit Face ID, while 3D printing produced the face model. Other parts, such as the eyes, are 2D images. The proof of concept appears to work, as you can see in the clip below. The question is: do iPhone X owners actually have to worry about it?

The researchers maintain that they didn’t have to ‘cheat’ to make this work. The iPhone X was trained from a real person’s face, and it only required roughly $150 in supplies (not including the off-the-shelf 3D printer). The demo shows Face ID working in one try, too, although it’s not clear how many false starts Bkav had before producing a mask that worked smoothly. The company says it started working on the mask on November 5th, so the completed project took about 5 days.

Apple declined to comment when asked about the claim. However, Bkav is quick to acknowledge that the effort involved makes it difficult to compromise “normal users.” As with fake fingers, this approach is more of a concern for politicians, celebrities and law enforcement agents whose value is so high that they’re worth days of effort. If someone is so determined to get into your phone that they build a custom mask and have the opportunity to use it, you have much larger security concerns than whether or not Face ID is working.

More than anything, the seeming achievement emphasizes that biometric sign-ins are usually about convenience, not completely foolproof security. They make reasonable security painless enough that you’re more likely to use it instead of leaving your device unprotected. If someone is really, truly determined to get into your phone, there’s a real chance they will — this is more to deter thieves and nosy acquaintances who are likely to give up if they don’t get in after a few attempts.

Source: Bkav

Meet the ‘Hesla,’ a modded Tesla Model S that runs on hydrogen fuel

A gas supplier company in the Netherlands has effectively doubled the range of the Tesla Model S by adding hydrogen power to the electric luxury sedan. Dubbed the “Hesla,” the modification adds a second charging supply to the existing electrical system, using a tank of hydrogen as an alternative fuel source.

Last week, the Holthausen Group announced that it had begun testing the prototype vehicle. With a fully charged battery and a tank of hydrogen, the Helsa can travel close to 620 miles — nearly twice the range of the stock Model S P100D.

The project was not endorsed or supported by Tesla in any way, so Holthausen had to acquire a second-hand Model S for its modifications. Max Holthausen, one of the engineers, said it was difficult to add a second power source to the existing Tesla electrical system, calling it “a big maze.” After some engineering trickery, the Hesla prototype can run on power from either the existing battery or the hydrogen-powered fuel cells.

Don’t plan on tricking out your Model S with a hydrogen option anytime soon, however. The conversion runs nearly $60,000, according to The Drive, so a hydrogen-supplemented P100D would set you back more than $200,000.

Then there’s the problem of filling up the tank. As Futurism notes, there are only 39 hydrogen fueling stations in the U.S., with the vast majority located in California. Although hydrogen fuel cells are currently prohibitively expensive, industry executives predict that hydrogen-powered vehicles will be as cheap as hybrids in the near future.

Other automakers expect hydrogen power to be a viable alternative as soon as the next decade, according to an Autocar report from the Tokyo motor show. “In the early 2020s we will launch the next generation hydrogen fuel stack technology, and that will provide a substantial move forward,” said Naomichi Hata of Toyota, makers of the hydrogen-powered Mirai. “As a result of these gains we expect — in Japan at least — the same car type to cost the same price whether it is a hybrid or powered by hydrogen.”

Hydrogen fuel has its pros and cons, but other automakers such as Honda, Hyundai, and GM are embracing the new technology in their upcoming models. Hydrogen may well provide an alternative to fossil fuels that can power a clean-energy revolution for our transportation needs.