Millions of Android devices have flawed full disk encryption
Hackers can use brute force to break into tens of millions of Android devices using full disk encryption, thanks to a series of security issues linked specifically to Android kernel flaws and Qualcomm processors, Neowin reports. The vulnerabilities were uncovered by security researcher Gal Beniamini, who is working with Google and Qualcomm to patch the problems — and some of the flaws have already been addressed. However, a few of the issues may not be patchable, instead requiring new hardware, the report says.
Any phone using Android 5.0 or later uses full disk encryption, the same security feature at the heart of Apple’s recent fight with the FBI. Full disk encryption makes all data on a device unrecognizable without a unique key. Even though modern Android devices use this security feature, Beniamini’s research found that an attacker can exploit kernel flaws and vulnerabilities in some of Qualcomm’s security measures to get that encryption key. Then, all that stands between the hacker and a device’s information is a password.
Since any attack on an Android device would still require brute force and additional hacking methods, this isn’t an immediate security threat for a majority of users. But, it is notable for those who put their complete trust in full disk encryption.
We’ve reached out to Qualcomm for comment on the flaw and will update this story as the company responds.
Update: A Qualcomm spokesperson gave Engadget the following comment:
“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). QTI continues to work proactively both internally as well as with security researchers such as Gal Beniamini to identify and address potential security vulnerabilities. The two security vulnerabilities (CVE-2015-6639 and CVE-2016-2431) discussed in Beniamini’s June 30 blog post were also discovered internally and patches were made available to our customers and partners. We have and will continue to work with Google and the Android ecosystem to help address security vulnerabilities and to recommend improvements to the Android ecosystem to enhance security overall.”
Source: Gal Beniamini
Brazil freezes Facebook funds over WhatsApp evidence spat
A Brazilian court has frozen 19.5-million reals ($6-million) of Facebook’s cash after the social network’s messaging service, WhatsApp, failed to hand over data as part of a criminal investigation. Reuters reports that Brazilian law enforcement sought access to messages that could link drug smugglers from a number of recent raids. The court targeted Facebook Inc, as WhatsApp doesn’t have any financial operations in the country.
The action is the latest in a long line of similar moves from the Brazilian government. In recent months, WhatsApp has been blocked (more than once), and a Facebook executive was arrested — also due to failure to hand over messages or user data.
In this case, the frozen funds are equal to the total fines WhatsApp has incurred for not complying with law enforcement’s demands. There’s no mention of the service being blocked this time, so it’s possible the government is trying a different tact. The larger issue, for both sides, is that since April, WhatsApp has been encrypting all its messages end to end, so it couldn’t hand over the content of communications after that date even if it wanted to.
The messages involved in the drug smuggling investigation were likely sent before the activation of encryption, but Facebook reportedly claimed that messages weren’t stored anyway. There’s no official comment from Facebook or WhatsApp at this time.
Source: Reuters
ICYMI: Salamander bot and allergy cells: Good for something
Today on In Case You Missed It: A robotic salamander was invented by the EPFL and has a true to life spinal cord. Also researchers at the University of Virginia School of Medicine found that immune cells that normally create an over-reaction in some people, resulting in allergies or asthma, may also protect people against a certain kind of fatal infection.
Finally, University of Buffalo researchers are making their own lava, you know, for science. As always, please share any interesting tech or science videos you find by using the #ICYMI hashtag on Twitter for @mskerryd.
FreedomPop SIM serves up 10GB of data for £10 per month
Mobile provider FreedomPop is best known for its Basic 200 tariff, which gives users 200 minutes, 200 texts and 200MB of 4G data each month absolutely free. The company balances the books by way of overage charges and various paid, bolt-on features, as well as offering premium plans on 30-day contracts. And the latest of these is nothing short of bonkers. FreedomPop’s currently offering a SIM-only tariff with unlimited calls, unlimited texts and 10GB of data each month for a mere £10 per month.
First, the bad news: This is a time-sensitive offer. Though FreedomPop tells us it might decide to widen the window, as it stands this deal will disappear towards the middle of next week — to be replaced by the usual 2GB top-tier plan. Usually we’d ignore such a transient promotion, but then, there’s the good news: The 10GB tariff itself is permanent. That means as long as you jump on the deal before it expires, unlimited calls, texts and all that data will be yours for £10 per month.
If that sounds like insanely good value, you’re right — the only minor inconvenience being FreedomPop’s reliance on mobile apps to handle calling and messaging (it’s primarily an “over-the-top,” data-supported service, you see). Take a look around and you’d be hard-pressed to find anything comparable. Among the four major carriers, for example, Three’s £11 per month deal is the best around, and that only provides 200 minutes, unlimited texts and 500MB of data.
Via: ISPreview
Source: FreedomPop
Facebook adds new features to its Messenger bots
Several weeks ago, Facebook launched chatbots for Messenger, essentially letting you do everything from ordering flowers to finding the latest movie recommendations just by talking to a bot. Since then, over 11,000 bots have launched on Messenger and more than 23,000 developers have signed up on the company’s Wit.ai bot engine. Now, Facebook has announced a few more updates to its Messenger Platform that should please both users and developers alike.
For one thing, users can now offer star ratings and feedback for developers for these bots, just like they can with apps. There’s also a new feature called Quick replies, which are essentially buttons that refer to the bot’s most recent messages, thus allowing for faster conversations. So, for example, it might ask you to pick a color of a hat and simply offer “Red” or “Green” as the two Quick reply options. Bots will also now have the option of persistent navigation options in the window itself, just in case you forget a text command.
There’ll also now be an account linking option that’ll let businesses connect their customers’ accounts with their Messenger accounts. You could then hook up your account at, say, 1-800-Flowers, with your Messenger account for more personalized service. Facebook says it’s a secure protocol, but rest easy, security-conscious; account-linking will be opt-in.
Last but not least, bots will now have the option of sending GIFs, video, audio as well as files. If you’re interested in learning more about new Messenger bots, Facebook has also announced a new Messenger blog that’ll feature more about the up-and-coming platform.
Source: Facebook
Google is working on a VR version of Chrome for Android
Google had a lot to say about its VR ambitions at this year’s I/O, and it looks like a more immersive web browsing experience will be part of those plans. Road to VR reports that the latest versions of Chrome Beta and Chrome Dev for Android have a couple notable features that will make hopping around the web in VR a reality. The beta version of Chrome now has WebVR abilities that allows for more engaging experiences when you visit a website that’s designed for virtual reality. As was recently noted by Chromium guru François Beaufort, the Chrome Dev now offers a “VR shell” that would allow Cardboard and Daydream users to browse the internet with a headset.
As Road to VR notes, the VR shell isn’t full functional just yet, but should be only a matter of time before it and other virtual reality features pop up in stable beta versions. With the way VR on the web currently works, you have to take off that headset when you come to a site that isn’t properly equipped. However, Google’s pending solution for Android mean you wouldn’t have to do that as the so-called shell would accommodate those non-VR-ready sites.
Samsung already built a browser for its Gear VR. Of course, that headset only works with the company’s own handsets, so it’s not open for a wide audience. By adding virtual reality browsing for Chrome, Google can offer the feature to users of Cardboard and its upcoming Daydream setup. The company also revealed that Google Play would get a dedicated VR section so you’ll know exactly where to find the apps and content you’re after. For desktop users, Google is said to be working on a version of Chrome that supports the Oculus Rift and HTC Vive.
Source: Road to VR, François Beaufort
Dell discontinues its Android tablets in favor of Windows 2-in-1s
Another Android tablet maker bites the dust. Dell has decided to end distribution of its Android tabs and will instead focus on Windows 2-in-1 devices. This means several things: One, the company will no longer offer its Venue brand of Android tablets or the Android-based Wyse Cloud Connect, which can be used to turn displays into viable PCs. The reason isn’t so complicated, either. Dell simply believes that the slate-style tablet market has become oversaturated. Customers aren’t demanding these types of products as often, which lead to this decision. What is in demand, Dell notes, is the 2-in-1 computer line.
“We are seeing 2-in-1s rising in popularity since they provide a more optimal blend of PC capabilities with tablet mobility,” a Dell spokesperson explained in an email to PC World. It’s definitely a business decision that makes sense, but it may frustrate those who have already invested in Dell’s Android products, as the company will no longer be offering OS upgrades to its Venue tablets.
“For customers who own Android-based Venue products, Dell will continue to support currently active warranty and service contracts until they expire, but we will not be pushing out future OS upgrades,” Dell explained. While it’s easy to understand why Dell is moving away from its tablet line in the first place, this is an important point to keep in mind if you might be deciding on a new tablet in the future to sate that Android habit.
Via: PCWorld
US wiretap operations encountering encryption fell in 2015
The US government has been very vocal recently about how the increase in encryption on user devices is hampering their investigations. The reality is that according to a report from the Administrative Office of U.S. Courts, law enforcement with court-ordered wiretaps encountered fewer encrypted devices in 2015 than in 2014.
In regards to encrypted devices, the reports states: “The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to seven in 2015. In all of these wiretaps, officials were unable to decipher the plain text of the messages. Six federal wiretaps were reported as being encrypted in 2015, of which four could not be decrypted.”
This is out of 2,745 state and 1,403 federal for a grand total of 4,148 wiretaps, an increase of 17 percent over 2014. So while surveillance increased, the amount of times law enforcement encountered encryption decreased.
Earlier this year the Department of Justice and FBI were locked in a court battle with Apple over an encrypted iPhone used by San Bernardino shooter Syed Rizwan Farook. The government eventually dropped the case after finding a third party to help it bypass the phone’s security.
But it started a national debate about personal devices and encryption. Tech companies want their customers to be secure while law enforcement want backdoors or keys to encrypted devices for investigations. But it looks like when it comes to wiretaps, encryption isn’t as big a problem as many would suspect.
Via: The Intercept
Source: Administrative Office of US Courts
Karma, the shareable hotspot, finally supports private networks
Only a few months after killing unlimited data and rolling out new subscription plans, Karma is now ready to offer its customers a long requested feature: private networks. The company made a name for itself with shareable hotspots, which always broadcast publicly and allow anyone with a Karma network to hop on. Now, it’s finally giving you more control over your hotspot network. The only catch? It’s a part of the company’s new premium features, which are an additional fee on top of its existing data plans.
Customers on Karma’s pay-as-you-go Refuel plan ($15 per gigabyte) will have to pay $15 a month for premium features, while it’ll cost people using its Pulse subscription plans (starting at $40 a month for 5GB) an additional $5 a month. Refuel users can try out the premium features for $10 for their first month, while Pulse members will get it free for one month. And if you’re just getting started, you’ll have to pick up the company’s $149 Karma Go hotspot as well.
Karma’s private network feature works just like any other hotspot: It’ll let you secure your network with a password, allowing only the people you want to join in. Naturally, you’ll be able to change the name of your hotspot, and you can even add emojis to the name (something not every hotspot and router supports). Another plus to having a private Karma network? You can actually connect other devices that don’t have web browsers (think set-top boxes, wearables and the like).
Of course, with a private network you won’t be able to take advantage of the free credit Karma offers when people connect to your open network. Currently, Refuel customers get an extra 100MB of data whenever someone else connects to their hotspot, and Pulse members get $1 off their next bill. It’s a shame to see Karma back away from its core concept, but it also makes sense. Sometimes you just need to have more control.
Source: Karma
Facebook’s Paper news-reading app to shut down next month
Facebook has announced that it is shutting down its news-reading app Paper. The application was introduced in 2014 as an alternative to the main Facebook app, featuring a sleek layout with a complete focus on showcasing articles — rather than status updates from your friends. As unexpected as the announcement may be, it shouldn’t come as a surprise considering that last year Facebook shuttered Creative Labs, the design team behind Paper.
According to a message being displayed on the app, which was only available for iOS, it will no longer be supported as of July 29th. “We know that Paper really resonated with you — the people who used it,” reads the farewell message on Paper, “so we’ve tried to take the best aspects of it and incorporate them into the main Facebook app.”
In other words, thank you for using it, but it’s time to go back to the real Facebook app.
Thank you for using Paper
In 2014 we launched Paper, a standalone app designed to give people a new way to explore and share stories from friends and the sources they care about. Today we’re announcing that we are ending support for the app and users will no longer be able to log into the app after July 29.
We know that Paper really resonated with you–the people who used it–so we’ve tried to take the best aspects of it and incorporate them into the main Facebook app. For example, the same team that built Paper also built Instant Articles—a fast and interactive experience for reading articles in News Feed—using many of the same tools, design elements, and fundamental ideas as Paper. Our goal with Paper was to explore new immersive, interactive design elements for reading and interacting with content on Facebook, and we learned how important these elements are in giving people an engaging experience.
We know not all the features you love will move over to Facebook, but we hope you’ll continue to notice elements from Paper improving the Facebook experience for everyone. We can’t thank you enough for using the app and exploring Paper with us over the past couple of years.
-The Paper team
Via: The Verge
AIVAnet 