Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'Phone'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 69 results

  1. A photo of a person's eye taken at a medium distance is more than enough to trick a Samsung Galaxy S8 smartphone, according to researchers from the Chaos Computer Club (CCC). Samsung added the iris scanner authentication feature with the release of the Galaxy Note 7 model, launched last year, but the feature was hardly used as the company was forced to recall Galaxy Note 7 handsets due to faulty batteries that kept catching fire out of the blue. Arguably, it's with the company's latest line of flagship products where this feature will be really tested and used by most of its customers. Camera, printer, glue, and a contact lens Launched on March 29, the Galaxy S8 model is Samsung's most advanced product to date, featuring multiple biometrics authentication systems on top of the classic pattern and PIN locking systems. This includes a fingerprint scanner, a facial recognition system, and an iris scanner. According to research published today, it took a CCC researcher less than two months to breake the latter. Named Jan “Starbug” Krissler, this CCC researcher realized that by taking a photo of a phone owner's face, an attacker with physical access to the device would be able to unlock the phone just by printing the photo on paper and flashing it in front of the phone's front camera. But there's a trick to the attack. Modern iris scanners (and facial recognition systems) are programmed to use image depth in order to distinguish between (2D) photos and a human's real (3D) eye. Krissler bypassed this hurdle by gluing a contact lens on top of the image depicting the eye. This created a round surface on top of the iris photo, which was more than enough to trick the phone. Use a Samsung printer for best results (How ironic!) To get the best results, Krissler recommends that users take photos using a camera's night-shot mode, as it captures iris details better for individuals with darker eye colors. Ironically, Krissler also said he achieved the best results when he printed the iris photos using a Samsung laser printer. According to the researcher, "a good digital camera with 200mm-lens at a distance of up to five meters is sufficient to capture suitably good pictures to fool iris recognition systems." Samsung Pay wallet technology in danger The attack is worrisome on different levels. First off, Samsung announced the iris scanner feature would also be used to approve payments sent via Samsung Pay. The attack announced today not only endangers data stored on the phone but also funds stored in the user's Samsung Pay wallet. Second, many users that opt to use the iris scanners are inherently in danger because photos of someone's iris — or face for that matter — are incredibly easy to come by in today's age when everybody shares high-quality photos on a regular basis. For now, experts from the Chaos Computer Club recommend that users continue to use classic PIN-based authentication systems. Below is a video showing a step-by-step guide to how the iris scanner bypass works. Researcher has a history of hacking biometrics The researcher behind this attack has a long history of hacking biometrics systems. Krissler is the same person that two years ago had successfully bypassed the biometric security of Apple's Touch ID (fingerprint authentication) system. In the same year, the researcher also bypassed Panasonic's Authenticam BM-ET200 iris recognition technology, using nothing more than images he obtained off Google Image Search. In late 2014, Krissler achieved his biggest hack after he created a clone thumbprint of the German Defense Minister just by photographing her hand at a press conference. Earlier this year, Spanish phone expert MarcianoTech bypassed the Galaxy S8 facial recognition system two days after Samsung launched the phone. MarcianoTech bypassed the facial recognition scanner by using a photo of his face stored on another smartphone. If someone finds a way to bypass the Samsung Galaxy S8 fingerprint scanner in the following weeks, Samsung should just scrape its entire biometrics authentication systems and start from scratch for its next smartphone flagship series. Source
  2. Almost all recent OnePlus smartphones are vulnerable to attacks that can downgrade the phone's operating system and expose the device to previously patched security flaws. Mobile security expert Roee Hay of Aleph Research discovered the vulnerabilities and reported the problems to OnePlus in January, but the company failed to address any of the issues. According to Hay, the vulnerabilities affect OnePlus models such as X, 2, 3, and 3T, running both OxygenOS and HydrogenOS, which are custom versions of the Android OS running on OnePlus phones. Attack is possible because of OTA update process via HTTP Hay says that an attacker can launch an attack and hijack the phone's Over-The-Air (OTA) update process, which is susceptible to man-in-the-middle (MitM) attacks because it's handled via HTTP instead of HTTPS. The researcher says that even if OnePlus OTA update packages are signed to prevent the installation from unauthorized locations, they aren't verified based on version or timestamp. This slip-up allowed Hay to install an older version of the OxygenOS or HydrogenOS, downgrading the phone to a previous OS version that was susceptible to previously patched security flaws. The video below shows Hay performing the OS downgrade attack. In addition, Hay also discovered that an attacker could also install OxygenOS on devices designed to support HydrogenOS, the precursor of OxygenOS. In some cases, installing the superior OS on an older product would lead to crashes or a permanent denial of service. Last but not least, Hay also installed another version of the Android ROM boot-up package on different OnePlus devices. For example, the OnePlus X ROM on a OnePlus One device and vice versa, causing again, a denial of service state due to hardware incompatibilities. Physical access attack is also possible Besides these scenarios that rely on performing a MitM attack on the OTA update, the Aleph Research expert discovered that an attacker with physical access to the device could also reboot the phone into Recovery Mode and sideload the OTA package that way. Unlike the MitM attack that was universal, this second attack vector only worked on OnePlus 3 and 3T models, and where the Secure Start-up feature is disabled. This is the second time Hay has taken the hammer to OnePlus security. Back in March, the researcher published another piece of research that showed how an attacker could hijack OnePlus 3 and 3T models with a malicious charger. Videos of those previous vulnerabilities being exploited — which OnePlus developers patched — are available below. Source
  3. A JavaScript file secretly loaded without your knowledge on a site, or app you load on your mobile device, can access data from various sensors and collect information needed to guess the passwords or PIN a user is entering on his device. This novel attack technique was discovered and explored by a team of scientists from the University of Newcastle in the UK, who say the script can collect data from around 25 sensors, which together, allow an attacker to infer what the user types on his device. Not all sensors are restricted by OS permissions The attack is successful because mobile operating systems do not restrict applications, such as browsers, from accessing all these sensors. The current built-in permissions model asks users to grant an app access to sensors such as GPS, camera, or microphone, but not to data from the phone's accelerometer, gyroscope, proximity, NFC, and rotation sensors. Due to lowering costs, these sensors are now becoming a common feature in modern smartphones, but mobile operating systems are lagging behind. Attack relies on malicious JavaScript code The four-man research team wrote a JavaScript file called PINlogger.js which accesses these ungoverned sensors and logs sensor usage data. If the user allows the browser or a tainted app to run in the background of his phone, while using another app, the PINlogger.js script will continue to collect sensor data. If at any point the user enters PINs or passwords, PINlogger.js records the data and sends it to an attacker's server. The more sensors the phone is equipped with, the more data the attacker has at his disposal to deduce what the user has typed. "It’s a bit like doing a jigsaw – the more pieces you put together the easier it is to see the picture," says Dr. Siamak Shahandashti, a Senior Research Associate in the School of Computing Science and one of the researchers that worked on the study. Attackers can guess PINs with a high degree of accuracy Just by listening to motion and orientation sensor streams, which do not require special permissions to access, researchers said that an artificial neural network they've trained was able to crack four-digit numerical PINs on the first try with a 74% accuracy based on the data logged from 50 user devices. The accuracy grew to 86% and 94% when the neural network was allowed a second and third try, respectively. Further, the algorithm coould also be adapted to handle full alpha-numerical characters. According to researchers, the entire point of their research was to raise awareness to the vast number of smartphone sensors which applications can access, and for which mobile OS vendors haven't yet included in their standard permissions model. Some browser vendors have implemented fixes The research team has also filed bug reports with several browser vendors. Following the team's reports, starting with Firefox 46 (April 2016), Mozilla has restricted JavaScript access to motion and orientation sensors to only top-level documents and same-origin iframes. Similarly, starting with iOS 9.3 (March 2016), Apple implemented a similar restriction for Safari. The issue remains unresolved in Chrome. In the future, researchers would like to see mitigations solutions at the OS level, rather than applications. The full research paper was published today in the International Journal of Information Security, and is entitled "Stealing PINs via mobile sensors: actual risk versus user perception." At the top of this article there is a video of PINlogger.js collecting sensor data from an iOS device. Source
  4. Even before its official launch, smartphone experts are criticizing Samsung Galaxy S8 phones after one of their colleagues managed to bypass the facial recognition feature that ships with these phones by flashing a photo of himself in front of the phone. In terms of bypass techniques, facial recognition systems getting fooled by photos is as bad as it gets, right there with storing passwords in cleartext. The flaw was spotted by Spanish phone expert MarcianoTech, who was testing the device at its official launch, at the Unpacked event that took place yesterday in New York, USA. The phones expert was actually live on Periscope when he first tricked the S8 with a photo of himself, shown via another device. The YouTube video above shows just the S8 facial recognition bypass. Samsung launched the S8 with many new security features, such as an iris scanner and a fingerprint sensor. MarcianoTech didn't attempt to fool the iris scanner with a photo of his eye but expect such tests in the following days. Experts believe the same flaw affects the S8+ model. As said before, tricking a face recognition feature with a photo is a big no-no, as this is the first thing developers of biometrics software makers test. If a facial recognition feature can accurately distinguish between individuals, the next test is usually the one for image depth, as not be fooled by 2D images. Source
  5. A new adware family named Crusader will rewrite tech support phone numbers returned in Google search results, display ads, and show popups pushing tech support scams. Current versions of Crusaders are installed on victims' computers via software bundles. Users usually download a free application, whose installer also adds Crusader. The adware takes the form of a Chrome extension, Firefox add-on, and Internet Explorer Browser Helper Object. Because it's delivered as a browser extension, Crusader is in the privileged position of listening and modifying the user's entire Internet traffic. All the malicious actions Crusader takes are detailed in a configuration file the adware downloads after it infects each user, and at every boot-up. The config file is retrieved following an HTTP request at: http://demo1.geniesoftsystem.com/Crusader/index.php/api/getdetails?data={%22id%22:%221%22,%22keyword%22:%22antivirus%22,%22count%22:%225%22,%22country%22:%22[country]%22} Based on Bleeping Computer's tests, the only country this server returns a configuration file is for India. The content of the configuration file also makes us believe Crusader is still in development because many options contained the words "demo" and appeared to be placeholder settings. Below, we'll go over Crusader's config file, one block at a time. The above block shows that Crusader has the ability to change the browser's homepage and default search engine settings to the crook's provided URL. Currently, both values are google.co.in, the official URL of Google India. "data": { "userid": "1", "default_search_url": "https:\/\/www.google.co.in", "default_homepage": "https:\/\/www.google.co.in", "default_setting_status": "true", "popup_status": "true", "popunder_status": "", "textdisplayads_status": "true", "searchmarketing_status": "true", "urlredirection_status": "true", "broadredirection_status": "true", "banner_status": "true", "banner_replacement_status": "true", "popupOverlay_status": "true", "catfishbanner_status": "true", "object_browser_status": "true", "search_text": "antivirus", "splitwindow_status": "true", "youtube": [ ], Other settings reveal that Crusader was conceived with intentions to show popup ads, popunder ads, insert banner ads on top of other websites, replace existing page banners, and redirect users to specific URLs. Each of these features can be turned on or off, based on the latest configuration file crooks upload to their C&C server. The config snippet below directs Crusader to display a pop-up containing the configured site when a user searches for a particular keyword. In this example, if a user searches for "quickbook support" it will open a popup that displays www.preranatechnologies.net, why if you search for "free movies" it displays www.esolvz.net. "keywordlist": { "popup_compaign_name1": "Quickbook Campaign", "popup_includekeyword1": "quickbook support", "popup_url1": "www.preranatechnologies.net", "popup_exclude_url1": "", "popup_browser1": "Internet_Explorer,Chrome,Firefox", "popup_exclude_macadd1": "", "popup_frequency_date1": "02\/01\/2023", "popup_filter_ip1": "0", "popup_compaign_name2": "demo", "popup_includekeyword2": "free movies", "popup_url2": "www.esolvz.net", "popup_exclude_url2": "", "popup_browser2": "Internet_Explorer,Chrome,Firefox", "popup_exclude_macadd2": "", "popup_frequency_date2": "02\/20\/2018", "popup_filter_ip2": "0" }, More campaigns could be added in this block, to show more popups, advertising other sites, all depending on the list of preconfigured keywords. The below config snippet directs Crusader to open a new unfocused window (popunder ad) for amazingdeals.online/daily_deals/, every type the user navigates to amazon.co.uk. "popunderlist": { "popunder_include_url1": "amazon.co.uk", "popunder_url1": "http:\/\/amazingdeals.online\/daily_deals\/", "popunder_exclude_url1": "", "popunder_compaign_name1": "demo", "popunder_browser1": "Internet_Explorer,Chrome,Firefox" }, The next block is currently empty, but we presume it's a feature to insert or replace ads in Google or Bing search results themselves or to convert text on a page into clickable advertisements. "TextDisplayaddslist": [ ], Now, this is the most interesting block, because the settings above tell the adware to snoop on search queries and replace the contact number for various security products. "searchMarketinglist": { "antivirus_keyword1": "dell support number", "antivirus_contact1": "8622009987", "antivirus_exclude_macadd1": "", "antivirus_browser1": "Internet_Explorer,Chrome,Firefox", "antivirus_filter_ip1": "0", "antivirus_keyword2": "norton support number", "antivirus_contact2": "9143109610", "antivirus_exclude_macadd2": "", "antivirus_browser2": "Internet_Explorer,Chrome,Firefox", "antivirus_filter_ip2": "0" }, Currently, the adware will replace the phone number returned in search results for Dell and Norton whenever the user searches for "dell support number" or "norton support number." We presume more options could be added to target other antivirus vendors. This is both a self-defense mechanism and a marketing tool. If users detect something wrong with their browser and looks up the support number in Google, intsead of the legitimate number being displayed, Crusader will rewrite the text and display a different number. When a user calls this number they will be redirected to a tech support call center, where an operator disguising themselves as representative for those two companies might sell him services or products he doesn't need. This code block tells the Crusader adware to redirect all search queries for "hotel goa" to Hilton.com. In the future, expect links with affiliate IDs in this section, as the crook could earn a nice profit by driving traffic to certain websites. "redirectionlist": { "urlredirection_compaign_name1": "demo", "urlredirection_current_url1": "hotel goa", "urlredirection_target_url1": "www.hilton.com", "urlredirection_frequency_time1": "150 views", "urlredirection_exclude_macadd1": "", "urlredirection_frequency_date1": "2\/20\/2018", "urlredirection_filter_ip1": "0" }, Currently empty, we presume this is another URL redirection system that also hijacks search results. The term "broad," might imply this is a more generic en-masse URL redirection mechanism. "broadredirectionlist": [ ], This block tells Crusader to replace banner ads with the crook's own. Currently, this block loads a generic banner that links to Facebook. "bannerreplacement_list": { "replace_compaign_name1": "demo", "replace_url1": "https:\/\/www.facebook.com\/", "banner_name1": "BR00036", "sponsor_type1": "facebook", "replace_banner1": "http:\/\/demo1.geniesoftsystem.com\/Crusader\/uploads\/banners\/aerojetobj_1487159946_1487911841.jpg", "exclude_macadd1": "", "banner_replacement_frequency_date1": "2\/20\/2018", "banner_replacement_filter_ip1": "0" }, We haven't seen this feature in action, but we presume it's another keyword search hijacking feature. "splitwindow_list": { "Advertisement_compaign_name1": "demo", "Advertisement_URL1": "http:\/\/preranatechnologies.net\/", "Your_Keyword1": "vicidial", "Search_Engine1": "Google,Yahoo,Bing", "split_window_frequency_date1": "2\/20\/18", "split_window_filter_ip1": "0" }, The code below is used to show popup ads when users visit a certain website, in this case, wow.com. The banners show a fake antivirus alert and are obvious lures for tricking users in calling tech support scammers. "popupoverlaylist": { "overlay_compaign_name1": "demo", "overlay_include_url1": "http:\/\/www.wow.com\/", "banner_name1": "P0002", "overlay_banner1": "http:\/\/demo1.geniesoftsystem.com\/Crusader\/uploads\/banners\/file-system-warning (US1)_1487948400.gif", "overlay_frequency_date1": "2\/20\/2018", "overlay_compaign_name2": "demo", "overlay_include_url2": "www.cyboscan.com", "banner_name2": "P0004", "overlay_banner2": "http:\/\/demo1.geniesoftsystem.com\/Crusader\/uploads\/banners\/file-system-warning-(US2)_1487955020.gif", "overlay_frequency_date2": "2\/20\/2018", "overlay_compaign_name3": "demo", "overlay_include_url3": "www.facebook.com", "banner_name3": "P0005", "overlay_banner3": "http:\/\/demo1.geniesoftsystem.com\/Crusader\/uploads\/banners\/file-system-warning-(AU)_1489010023.gif", "overlay_frequency_date3": "2\/20\/2018" }, You can see an example of an injected ad below. These last two blocks in the configuration file are for injecting floating banners on top of other sites, at the bottom of the browser window. "catfishbannerlist": { "cat_compaign_name1": "demo", "cat_url1": "www.bing.com", "banner_name1": "C0002", "cat_frequency_time1": "150 views", "cat_banner1": "< body >< center >< a href=\"http:\/\/www.yahoo.com\" target=\"blank\">< img src=\"http:\/\/demo1.geniesoftsystem.com\/Crusader\/uploads\/download3.jpg\" border=\"0\" height=\"89\" width=\"727\"\/>< \/a>< \/center>", "catfish_frequency_date1": "2\/20\/2018", "cat_filter_ip1": "0" }, "bannerinjection": { "banner_compaign_name1": "demo", "banner_url1": "www.ask.com", "banner_header1": "< body>< center>< a href=\"\" target=\"blank\">< img src=\"http:\/\/demo1.geniesoftsystem.com\/Crusader\/uploads\/82e85b2a94b3d4371b42189b9d69eb05.jpg\" border=\"0\" height=\"89\" width=\"727\"\/>< \/a>< \/center>", "banner_footer1": "< body>< center>< a href=\"\" target=\"blank\">< img src=\"http:\/\/demo1.geniesoftsystem.com\/Crusader\/uploads\/ithaca-nightlife-night-life-astro-image-1001.jpg\" border=\"0\" height=\"89\" width=\"727\"\/>< \/a>< \/center>", "banner_name1": "B0002", "banner_excludemacadd1": "", "banner_frequency_date1": "2\/20\/2018", "banner_filter_ip1": "0" } The config file currently shows these banners on top of the Ask.com and Bing homepages, but they could be overlaid, in theory, on top of any website. At this point Crusader appears to be in a testing mode, but if it is currently live or becomes live, you can use this guide to remove Crusader from your system. Article source
  6. If you’ve ever noticed that your phone’s battery goes from 60% to 50% in a matter of minutes, only to remain on 50% for what seems like ages, it probably means the battery needs to be calibrated. Why Your Phone’s Battery Percentage Becomes Inaccurate This is a problem that occurs in most battery-powered electronics these days, so this process should work on iPhone, Android, and even tablets or laptops (almost all of which use lithium ion batteries). While it’s really not that big of a problem, it can be a bit annoying when your phone says you have 25% battery left, only to look again and see that it’s nearly dying. The reason for this is simple. Batteries naturally degrade over time, and their capacity slowly decreases. But your phone isn’t always great at measuring that—if your battery has degraded to 95% of its original capacity, your phone might still report that as 95% full, instead of 100% full (the “new normal”). Calibrating your battery can fix this. How to Calibrate Your Phone’s Battery Luckily, calibrating your smartphone’s battery is an easy task—it just takes a bit of time and patience. First, let your phone drain completely to the point where it shuts itself off. You can confirm that the battery is completely dead by trying to turn it on—you’ll usually be greeted with a dead battery icon before the phone shuts off again after a few seconds. Next, without turning it back on, plug your phone into the charger and let it charge up to 100%, leaving the phone off the entire time it’s charging. Some people suggest leaving it on the charger for an extra hour or so, just to make sure the battery gets all the juice it can, but that’s completely up to you and not extremely necessary. After that, turn your phone on and wait for it to boot up. Once it gets to the home screen, confirm that the battery meter shows 100%, then unplug it from the charger. Once unplugged, the battery is now calibrated and you can begin to use your phone again like normal. How Often Should You Calibrate Your Battery? There’s really no official rule on how often you should calibrate your phone’s battery. And technically, you don’t really need to do it at all if you don’t care how accurate the percentage is, especially if you’re vigilant about keeping the battery charged up anyway. If you want the most accurate battery stats, you’ll probably want to calibrate the battery every two to three months. Again, you can go longer if you want (I only do it every six months or so), just know that your battery percentage may be a little off. Battery Calibration Doesn’t Make the Battery Last Longer You may see other articles discussing how calibrating your battery can prolong its lifespan, or improve battery life. But long story short: it doesn’t. In fact, the best way to keep your battery healthy is to perform shallow discharges, not run it down to zero regularly—which is why you should probably only calibrate it every few months or so. However, according to Battery University, there’s no apparent harm to calibrating your phone’s battery, and it’s recommended that you do so from time to time. Article source
  7. The man who developed a bot that frustrates and annoys robocallers is planning to take on the infamous Windows support scam callers head-on. Roger Anderson last year debuted his Jolly Roger bot, a system that intercepts robocalls and puts the caller into a never-ending loop of pre-recorded phrases designed to waste their time. Anderson built the system as a way to protect his own landlines from annoying telemarketers and it worked so well that he later expanded it into a service for both consumers and businesses. Users can send telemarketing calls to the Jolly Roger bot and listen in while it chats inanely with the caller. Now, Anderson is targeting the huge business that is the Windows fake support scam. This one takes a variety of forms, often with a pre-recorded message informing the victim that technicians have detected that his computer has a virus and that he will be connected to a Windows support specialist to help fix it. The callers have no affiliation with Microsoft and no way of detecting any malware on a target’s machine. It’s just a scare tactic to intimidate victims into paying a fee to remove the nonexistent malware, and sometimes the scammers get victims to install other unwanted apps on their PCs, as well. “I’m calling it a ‘Broadside’ campaign against Windows Support and the fake IRS.” Anderson plans to turn the tables on these scammers and unleash his bots on their call centers. “I’m getting ready for a major initiative to shut down Windows Support. It’s like wack-a-mole, but I’m getting close to going nuclear on them. As fast as you can report fake ‘you have a virus call this number now’ messages to me, I will be able to hit them with thousands of calls from bots,” Anderson said in a post Tuesday. “It’s like when the pirate ship turns ‘broadside’ on an enemy in order to attack with all cannons simultaneously. I’m calling it a ‘Broadside’ campaign against Windows Support and the fake IRS.” The Windows support scam is an old one, much like the fake IRS phone scams that have been victimizing consumers for several years. They typically involve large call centers and multiple layers of workers making the calls, transferring victims, and setting up new schemes. Anderson has posted several example recordings of the Windows scammers hitting his Jolly Roger bot and becoming increasingly agitated. Anderson said he’s still working out the details of how the operation will work and is hesitant to reveal too much about it. He said he did a test run recently and called a specific scammer’s number several hundred times via 20 separate lines and the scammers turned off the target number quickly. “I do not want to expose too much about what I’m doing because obviously it can be used for mischief or malice. This is likely why Microsoft or Apple don’t do anything about this. It will take a pirate,” Anderson said via email. Article source
  8. A couple years ago there was a promo giveaway. This one is different. By giving them a five star rating on Google Play and sending them a screenshot, they will get you a Pro license free. Just go to the following page and look for the following. It is easy to find. How to get free registration code? 1.Go to Google Play to rate Apowersoft Phone Manager 5 stars. 2.Take a screenshot of your 5 star review and send it to us via Online Form, we will send you free registration code soon. https://www.apowersoft.com/store/phone-manager.html
  9. This is new giveaway & expire in 16 hours from now. https://www.apowersoft.com/phone-manager Just share & get your key from below link https://www.apowersoft.com/promotion NO NEED TO GIVE 5 STAR RATING & SEND SCREEN SHOT
  10. Hacker Steals 900 GB of Cellebrite Data This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here. The hackers have been hacked. Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone. Cellebrite is popular with US federal and state law enforcement, and, according to the hacked data, possibly also with authoritarian regimes such as Russia, the United Arab Emirates, and Turkey. The data appears to have been taken, at least in part, from servers related to Cellebrite's website. The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company's my.cellebrite domain. This section of the site is used by customers to, among other things, access new software versions. Motherboard verified the email addresses in the cache by attempting to create accounts on Cellebrite's customer login portal. In the majority of cases, this was not possible because the email address was already in use. A customer included in the data confirmed some of their details. The dump also contains what appears to be evidence files from seized mobile phones, and logs from Cellebrite devices. According to the hacker, and judging by timestamps on some of the files, some of the data may have been pulled from Cellebrite servers last year. “Cellebrite recently experienced unauthorized access to an external web server,” the company said in a statement on Thursday after Motherboard informed it of the breach. “The company is conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system. The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system,” the statement continues. Cellebrite advised customers to change their passwords as a precaution, and added that it is working with relevant authorities to assist in their investigation. Access to Cellebrite's systems has been traded among a select few in IRC chat rooms, according to the hacker. “To be honest, had it not been for the recent stance taken by Western governments no one would have known but us,” the hacker told Motherboard. The hacker expressed disdain for recent changes in surveillance legislation. In 2014 a hacker calling themselves “PhineasFisher” publicly released 40GB of data from surveillance company Gamma International. Gamma makes intrusion software that can remotely switch on a target's webcam, siphon off their emails, and much more. The following year, PhineasFisher targeted Italian company Hacking Team, and published a trove of emails and other internal documents from the company. Although the terms of this Cellebrite breach are somewhat different—the hacker has not dumped the files online for anyone to download—similarities seem to remain, especially in the hacker's vigilante motivation. The hacker, however, remained vague as to the true extent of what they had done to Cellebrite's systems. “I can't say too much about what has been done,” the hacker told Motherboard. “It's one thing to slap them, it's a very different thing to take pictures of [their] balls hanging out.” Source
  11. Oh Wow, Okay: A Phone Peripheral For Sending Realistic Feeling Kisses The Kissenger is an iPhone peripheral that two people can use to send kisses to one another. How? Let me copy/paste that for you while I practice kissing my teddy bear. What? One day there's going to be a frog that needs me to turn her back into a princess and I plan on becoming king. High precision force sensors are embedded under the silicon lip to measure the dynamic forces at different parts of your lips during a kiss. The device sends this data to your phone, which transmits it to your partner over the Internet in real time. Miniature linear actuators are used to reproduce these forces on your partner's lips, creating a realistic kissing sensation. Kissenger provides a two-way interaction just like in a real kiss. You can also feel your partner's kiss on your lips when they kiss you back. Man, I can't wait to use one of these in public. I am going to send everybody I know the most sensual, sloppiest kisses I can muster. "Um, is that guy licking his phone?" THIS IS HOW THE FRENCH DO IT. "Now he's putting it down his pants." Don't act like that's not why they made this in the first place. "This checkout line is taking forever." Listen -- I'll be with you just as soon as I finish ringing this gentleman up. Source
  12. I recently got a Huawei Y6 Pro phone (Android 5.1.1) and decided to root it but I couldn't root it. tried more than 10 rooting programs on Computer (Kingo Root, iroot, Vroot, one-click root, wondershare mobile manager, Root genius, framaroot etc etc.) using APK on phone (Kingo root, Vroot, iroot etc etc.) ALL of them failed to root this phone! TWRP doesn't support it as well, the device not listed on their support page. there is also no custom rom for it but that's not the case here since i just wanna root it not replace the rom. most of the error messages i got are: this device not supported, this device is not vulnerable to the exploits in this app etc. any thoughts?
  13. 50 Phone Wallpapers (all 1440x2560, no watermarks) DOWNLOAD : https://imgur.com/gallery/C3pQs
  14. In a major decision back in 2014, the Supreme Court finally ruled that police need a warrant to search someone’s cellphone when making an arrest. That case, Riley v. California, was a major privacy victory. Now, it's being interpreted by a federal court in Illinois to mean that even opening a phone to look at the screen qualifies as a “search” and requires a warrant. The Illinois case involves a sting operation that ensnared Demontae Bell, an alleged drug dealer accused of illegal possession of an AK-47 assault rifle. An officer testified that while interrogating Bell he pulled out a confiscated flip phone and opened it, revealing a picture of the rifle, which Bell had set as his home screen's wallpaper. That was then used as grounds for a warrant to search Bell's phone for metadata about when and where the photo was taken. The officer claimed he opened the phone in order to turn it off. But on Wednesday, the judge ruled police have no right to open a suspect's phone and look at the screen without first getting a warrant, even if it's just to turn it off, since the Riley case clearly established doing so is a “search” under the Fourth Amendment. “Officer Sinks' opening of Bell's cell phone exceeded a 'cursory inspection' because he exposed to view concealed portions of the object—i.e., the screen,” wrote Judge James E. Shahid. “Because Officer Sinks had to manipulate the phone to view the picture on the screen, that picture was by definition not in 'plain view'.” That suggests that even if your device isn't locked with a passcode, a cop wouldn't be allowed to turn on the screen and look for incriminating notifications or messages without a search warrant. The Supreme Court did say there are “exigent circumstances” for allowing warrantless searches, however, including imminent threats to officer safety (checking if there's a razor blade concealed in the phone's case, for example) and preventing destruction of evidence (preventing the phone from receiving a remote wiping command). “Yet neither the government's response, nor the warrant affidavit, asserted that the officer in this case opened Bell's cell phone out of concern for officer safety or preservation of evidence,” Judge Shahid wrote. Thus, “The search of Bell's cell phone violated the Fourth Amendment prohibition against unreasonable searches and seizures.” Nevertheless, the judge denied Bell's motion to suppress evidence from the illegal search, reasoning that based on other testimony given about Bell's illegal rifle, “the photo would have ultimately been discovered.” source
  15. DroidCamX Wireless Webcam Pro v6.3 Patched Requirements: Android 2.1 and up Overview: Use your phone as a webcam on your PC over WiFi, USB or Bluetooth. You can also use DroidCamX as an "IP/Surveillance Camera" via your Internet browser virtually on all networks. PC Client (and some setup) REQUIRED. Windows or Linux clients available. Follow in-app messages. It is recommended that you try the FREE version of Droidcam first to make sure everything works (PC client is same for both versions). DroidCamX features: - Chat using "DroidCam Webcam" on your computer (Skype/Yahoo/MSN/etc.) - Various video formats and resolutions - Audio support* ("DroidCam Microphone", experimental) - IP/Surveillance Camera via your Internet Browser (No computer client required, Will work on almost all networks/computers) - MJPEG feed accessible by other apps and programs - Turn on Camera Flash LED light, Zoom ** The latest versions of Skype (6.xx) may not detect DroidCam, please check the Help section at dev47apps.com. ** If the Market fails to download the app, log on to your Google Checkout/Wallet account, Cancel the order and try again. ** Some of the features are only available if your phone is running Android 2.2+ * Audio support is experimental: - Available on Windows XP - 7 only, as an optional install - 64-bit Windows will block the audio driver by default - Not available via Bluetooth - On Android 2.3 (Gingerbread) audio recording is delayed delivered in larger chunks, not allowing DroidCam to stream and play-back smoothly. This seems to be fixed as of Android 4.0. What's New v6.3 Bug fix: Hide action bar when dimming screen. Feature: Streaming is now done from a background service, and if supported by your device, you can put DroidCam into background and use other apps in parallel. Note that turning the screen off may still put Wifi to sleep and drop the connection. This feature introduces a new permission for the app. http://www.datafilehost.com/d/cac93b48
  16. Privacy advocates warn feds about surreptitious cross-device tracking 1939, back when ads used to be safe. Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person's online behavior across a range of devices, including phones, TVs, tablets, and computers. The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product. Cross-device tracking raises important privacy concerns, the Center for Democracy and Technology wrote in recently filed comments to the Federal Trade Commission. The FTC has scheduled a workshop on Monday to discuss the technology. Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn't been an easy way to track activity on one and tie it to another. "As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them," CDT officials wrote. "Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person." The officials said that companies with names including SilverPush, Drawbridge, and Flurry are working on ways to pair a given user to specific devices. Adobe is developing similar technologies. Without a doubt, the most concerning of the companies the CDT mentioned is San Francisco-based SilverPush. CDT officials wrote: SilverPush's ultrasonic cross-device tracking was publicly reported as long ago as July 2014. More recently, the company received a new round of publicity when it obtained $1.25 million in venture capital. The CDT letter appears to be the first time the privacy-invading potential of the company's product has been discussed in detail. SilverPush officials didn't respond to e-mail seeking comment for this article. Cross-device tracking already in use The CDT letter went on to cite articles reporting that cross-device tracking has been put to use by more than a dozen marketing companies. The technology, which is typically not disclosed and can't be opted out of, makes it possible for marketers to assemble a shockingly detailed snapshot of the person being tracked. "For example, a company could see that a user searched for sexually transmitted disease (STD) symptoms on her personal computer, looked up directions to a Planned Parenthood on her phone, visits a pharmacy, then returned to her apartment," the letter stated. "While previously the various components of this journey would be scattered among several services, cross-device tracking allows companies to infer that the user received treatment for an STD. The combination of information across devices not only creates serious privacy concerns, but also allows for companies to make incorrect and possibly harmful assumptions about individuals." Use of ultrasonic sounds to track users has some resemblance to badBIOS, a piece of malware that a security researcher said used inaudible sounds to bridge air-gapped computers. No one has ever proven badBIOS exists, but the use of the high-frequency sounds to track users underscores the viability of the concept. Now that SilverPush and others are using the technology, it's probably inevitable that it will remain in use in some form. But right now, there are no easy ways for average people to know if they're being tracked by it and to opt out if they object. Federal officials should strongly consider changing that. News source
  17. Cortana can have your phone send a text reply via your PC Last week, we exclusively showcased a new feature in Windows 10 that allows Cortana to send SMS messages and showcase missed call alerts. Windows 10 desktop build 10565 includes an option to alert you when you miss a phone call, and now works seamlessly with Windows 10 Mobile build 10572. With the latest Windows 10 Mobile build (10572), you can now use Cortana to notify you on your PC if you missed a call on your phone. When you miss that call, you can easily reply with a text right from your PC — and Cortana will have your phone send that message! How cool is that? You can even open Cortana and say “text” along with the name of your contact. Cortana will then take your message and send it from your phone. You need Windows 10 Mobile build 10572 and Windows 10 desktop build 10565 (or higher) to utilize this new feature. Source
  18. The end of apps like Lumia Storyteller and Lumia Beamer is a 'streamlining' of those available Microsoft announced Friday that it will cease development of several apps Nokia developed for Windows Phone as the company streamlines the photo experience on Windows 10 Mobile. In a post to Microsoft's Lumia Conversations blog, Editor-in-Chief Tiina Jaatinen said that Lumia Storyteller, Lumia Beamer, Photobeamer and Lumia Refocus will have their online services shut down after October 30, and the apps will no longer be available. The Lumia Panorama and Video Uploader will continue to function, but Microsoft won't be updating those apps any more. All of the apps have been pulled from the Windows Store, but those people who already have them installed on their devices will be able to keep them. After Oct. 30, those apps that rely on online services to work will cease to function. It's bad news for people who rely on software like Lumia Beamer, which allows users to display a still from a phone's screen on another device, but it's not clear exactly how many people will be affected by the change. The post said that it's ceasing work on those apps to focus on the Photos and Camera apps for Windows 10 Mobile, the next version of the company's operating system for phones that's supposed to be released sometime this fall. According to Jaatinen, many of the features of these apps are already included in the Photos and Camera apps on Windows 10 Mobile, but not everything will be making the trip. Case in point: the Lumia Storyteller app, which uses information about when and where a photo was captured to create a video collage of images doesn't have an analog in the current system apps for Windows 10 Mobile. It's hard to say what will come of that app after the shutdown of its online service, which is used for sharing the videos with other people over the web. Some of the shutdowns make a degree of sense because of new functionality included in Windows 10 Mobile. One of the operating system's marquee features is Phone Continuum, which will allow users to mirror the contents of certain phones to external displays. It's a higher-fidelity experience than what Lumia Beamer currently offers, but will require a dock and new phone hardware in order to work. The culling of these apps is in line with Microsoft's mobile strategy of late. In July, the company announced that it was cutting 7,800 jobs, primarily in the mobile phone business that it acquired from Nokia. CEO Satya Nadella said at the time that the company would have a tighter focus on creating a smaller number of phones for particular markets, rather than producing a full line of handsets like it used to following the Nokia acquisition. Source
  19. Microsoft Lumia DENIM​ Update Last night I decided to do an update to my Lumia 630, to my surprise the long awaited DENIM Update was finally here in preparation for the Windows 10 Upgrade... Many details are covered at the link mentioned above but one which I am quite happy about is the fact that now on Windows Phones.. We have the ability to create a personal WiFi Hotspot. This interests me a great deal as I will no longer have to buy another SIM Card and pay a data plan for my tablet.. Owning the phone for the first few months made me quite jealous and perturbed at the fact that iPhone users had this capability right on the phone natively and yet Microsoft did not. Many attempts at ​connecting virtual Wifi Routers.. Proxy connections and fake apps which did not do as advertised later I gave up with no hope.. Now I am a happy Wind​ows Phone owner.
  20. Canadian teen shot to death after tracking down missing cell phone A Canadian teen was shot and killed Sunday morning after using a mobile-tracking app to find his cell phone, a June 16 article from CBC News reports. The app lead 18-year-old Brampton, Ontario native Jeremy Cook to a strip mall in London, Ontario, where he got into a confrontation with three men in a car. After Cook asked the men about his cell phone, they tried to drive away, police say. Cook then held onto the driver-side door of the moving car and shots were fired. Now, Ontario police are on a manhunt for three black males between the ages of 18 and 21 who are believed to be involved in the shooting. The car witnesses saw at the strip mall, a Mazda sedan, was found wrecked and abandoned near the crime scene. Police also recovered Cook’s phone and are reviewing surveillance footage from the mall’s parking lot. In light of this case, Ontario police are trying to warn smartphone users about the dangers of tracking down their missing cell phones. While they say a mobile-tracking app can be a useful tool, users must practice common sense and caution when searching for their lost devices. Cook’s desire to track down his cell stems from nearly unbreakable relationship with technology, analyst Sanjay Khanna told CBC. Not only are phones expensive to replace, but they can contain private personal data. Otherwise, they are generally the main way a person, especially an 18 year old, stays connected to the world at large. http://www.examiner.com/article/canadian-teen-jeremy-cook-shot-to-death-after-tracking-down-missing-cell-phone
  21. The iPhone, the Galaxy S6, and a few other high price smartphones have fingerprint sensors for extra security, and authorization of payments; but the tech is expensive, and therefore hasn’t reached mainstream, lower cost devices yet. A team of researchers at Yahoo Labs have developed Bodyprint, a biometric authentication system which uses your phone’s touchscreen as the scanner. Only it’s not for fingerprints, it’s for ears. Bodyprint uses the touchscreen’s capacitive sensor in place of a dedicated fingerprint sensor, and doesn’t need any additional hardware, or special sensors to work. This means it could be easily integrated into any phone with a capacitive screen — and that’s almost every phone sold today. Why can’t Bodyprint be used to scan fingerprints? This is the downside of using the screen — the image sensor just doesn’t have the resolution to capture enough detail to be used for fingerprint identification. The large area makes up for the loss in overall image quality, and in addition to recognizing ears, Bodyprint also looks at palm and finger grip position, a fist, and the phalanges of a hand. The team demonstrates Bodyprint using a Nexus 5 smartphone. In the accompanying video, holding the phone up to answer a call will activate Bodyprint, which will unlock and connect only if the ear print matches the phone’s owner. Additionally, a dual fist unlock procedure is shown for securing files — meaning secret documents can only be opened and viewed when both parties are present. How about accuracy? Over the course of 864 individual trials, Bodyprint returned a 99.5 percent precision rate, and a low 7.8 percent rejection rate for ear prints. Other body parts had a slightly higher rejection rate of 26.8 percent. The rejection rates will fall when the image resolution on capacitive sensors increases, and Bodyprint’s special algorithms can be tweaked to lower the rejection rate, but at the expense of precision — something which could be used for accessing less sensitive data. At the moment, Bodyprint is a research project, and not something ready to be integrated into our smartphones. However, it proves the potential is there for the future, and biometric scanning doesn’t have to be limited to the most expensive devices. http://www.digitaltrends.com/mobile/bodyprint-biometric-capacitive-screen-scanner-news/
  22. Turing Robotic Industries (TRI) has announced a new device called the Turing Phone that promises to provide end-to-end encryption and a more sustainable production process than a regular smartphone. Announced today, the device uses decentralized authentication to encrypt any communications and comes with its master public key and unique private key pre-installed with the phone. Additionally, if you’re communicating with another Turing Phone, the two devices can directly verify their idendity, side-stepping the need to route it via a Key Distribution Center. And what’s the end result of all this encryption and security? “A protected communications network that is entirely insulated from cyber-threats and privacy intrusions. Within this circle of trust, users can exchange sensitive data such as social security numbers or bank wiring instructions and know that the information will reach only the device intended,” the company says. In addition to the Turing UI, the device will run Android 5.0 as standard. Other key specs include a 5.5-inch full HD display, 13-megapixel rear-facing camera, an 8-megapixel selfie snapper and a 3,000mAh battery. As well as being robust in terms of security, the chassis of the device is also stronger than the average phone, according to the team. It’s made from a material called ‘Liquidmorphium’, which a spokesperson described as an “unbendable” metal that’s stronger than titanium or steel and more resistant to shock and screen breakages. Whether or not you think there’s a need for full end-to-end encryption could be up for debate, but given ongoing reports of governmental snooping and increasing requests for personal data, no one could call you paranoid for supporting the idea. Or perhaps you just want a device that stands out from the crowd that’s made out of Liquidmorpheum. A spokesperson said the SIM-free 64GB version of the handset should arrive with buyers before the end of August and costs around $740, while the 128GB model will cost about $870. ➤ Turing Robotic Industries thenextweb
  23. Apple is unstoppable. It is the most valuable company ever, selling record numbers of devices around the world. But for the first time, I’ve held a phone in my hands that I think should give Apple pause. And here’s the funny thing: You can’t even get it here. During a press event not long ago, where it introduced itself to US journalists, Chinese smartphone upstart Xiaomi gave away phones to the reporters in the crowd. Yes, the company’s flagship handset, the Mi Note, has been out for a few weeks. But holding one still felt like a big deal. When the phones went on sale in China last month, they reportedly sold out in three minutes. Here in the US, you can’t get a Mi Note or any other Xiaomi phone at all. I’m an Apple user, though not out of any great devotion to the company. I use Apple stuff because it works for me. It does everything I need, when I need it, without the slightest trouble. But after a few weeks of playing with the Mi Note, I could easily ditch my iPhone for one. Not because it’s a big revelation, or anything radically different. Quite the opposite: I could switch because it doesn’t feel that different. And at half the price of a comparable iPhone, that similarity makes all the difference. A Phone for the Rest of the World This isn’t a review, because I’m not a gadget geek. Which is the point. I’m like most people with an iPhone. I like things that work, that make my life better, and when I find something that does both, I stick with it. As such, I’d argue that converting me is a bigger deal than getting some hardcore Apple partisan to switch. Presidential candidates don’t try to sway the other party’s base; it’s the swing voters who make all the difference. And like mushy moderates, my tech preferences are based more on the experience than the specs. Of course, my preferences don’t matter in this brewing rivalry, at least not yet, since Xiaomi doesn’t sell its phones in the US. But even as Apple reported its best quarter yet in “greater China,” Xiaomi became China’s bestselling smartphone maker. And if Xiaomi can, in theory, anyway, get me on an Android phone, then it’s not so surprising that a larger share of the surging Chinese smartphone market—more than 420 million units shipped in 2014—is opting for Xiaomi instead of Apple. I could switch because it doesn’t feel that different. And at half the price of an iPhone, that similarity makes all the difference. Xiaomi’s answer to the iPhone 6 Plus feels very much like its rival. Its screen is a bit bigger. It’s a bit thinner, too, and weighs nearly a half-ounce less. The Mi Note’s screen is comparably gorgeous at an identical 1080p. It has a higher-resolution camera that takes beautiful pictures, and a slightly bigger battery. I was able to get all my favorite apps from Google Play. The hardware and software are smooth, snappy, and, above all, elegant, an advantage Apple has long had over most of its Android rivals. And all this for $370 without a contract. I will say I missed Touch ID, but that’s exactly the kind of picayune feature geekery that will have little influence on which company dominates the market in China and India. Xiaomi sells its phones for so little because it’s decided it’s not a hardware company; instead, it likes to say it’s an Internet company, a maker of online services onto which the phones merely serve as windows. Because I was using the Mi Note in the US, I wasn’t able to do much with MiUI, the online platform that Xiaomi has leveraged to capture 100 million users so far. But again, I’m not the one who matters to Xiaomi anyway. American consumers like myself look at MiUI and say, “that looks like iOS or Google or Amazon.” But for Chinese consumers, MiUI isn’t something that was designed for the US market and adapted to suit China. Xiaomi clearly has looked at the US market and said, “Apple’s got that locked down. Let’s build a phone for the rest of the world.” And the world has responded. Future Fans One more thing. The Mi Note is the first thing ever that has made my kid forget about the iPad. For anyone without children under 10, the iPad is to that age group as raw meat to a lion: Try to take it away and you might get bitten. That all changed when the Mi Note came home. When I finally thought to ask today, no one could even say where the iPad was, because I realized we had always relied on the kid to keep track. His quick adoption of what he calls “the Chinese phone” speaks to the ease of transition from iOS onto Xiaomi’s take on Android. It also speaks to what should be Apple’s other great cause for concern. Yes, Xiaomi could fizzle out as quickly as it flared up if its gamble on internet services doesn’t make up for the money it’s not making selling handsets for so little. But if its business model works, it could well have landed in the US by the time my kid reaches the age where he is starting to buy his own devices. For his generation, Xiaomi could be as viable a choice as Apple. Ironically, my experience with the Mi Note probably means one more sale for Apple. I still have a puny iPhone 5S, but I’ve become a big-screen convert thanks to the Mi Note. Because I can’t get one here, I’ll probably end up getting a 6 Plus. http://www.wired.com/2015/02/xiaomis-great-new-phone-lot-like-iphone-apple-take-note/
  24. IDC has released its latest numbers for smartphone OS market share, and unfortunately, it means we can likely close the book on Windows Phone. Windows Phone has a tech journalist problem. A lot of tech journalists, myself included, like Windows Phone. It’s stylish and attractive, and its UI makes sense — at least at the top level, and in a way Windows 8 never did on the desktop. But the way tech journalists get excited about an OS is to have a flagship device, and we haven’t had a really good one since the Nokia Lumia Icon, which Verizon never marketed, and the Lumia 1020 and HTC 8X before it. Microsoft has countered that Windows Phone is the phone for everyone, and as a result, we’ve seen nothing but low-end to midrange devices here in the US like the Lumia 830, and low-end phones in other countries. That strategy hasn’t worked either, though. The way consumers get excited about a phone is to be able to buy it, in stores, with employees that care about selling them, and with tons of apps people want to run that their friends are already running. Microsoft has had the opposite of that experience. IDC’s latest research data is disturbing if you’re a Microsoft fan. Essentially, almost the entire world market (96.3 percent) is stabilizing around Android and iOS. While global shipments of Windows Phones increased 4.2 percent, from 33.5 to 34.9 million units, its market share actually fell back down below three percent, which is a horrible sign. (BlackBerry has completely flatlined, but we knew that already, and the company itself is clearly repositioning for the enterprise market.) I’ve owned, used, and written both positive and critical columns about Windows Mobile devices for years. I’ve been a pretty strong proponent of Windows Phone since its inception, because it was both so beautiful and streamlined compared with what came before, and because it was fundamentally different, yet equally as useful and valid as the way iOS and Android are designed. Up until now, Windows Phone has struggled, because only its owners love it. Not developers, not wireless carriers, and not the device manufacturers necessary to create a robust ecosystem around it. When popular apps finally appeared, they’re crippled compared with the Android and iOS versions. Microsoft never had a good browser or even a real version of Office for far too long with Windows Phone. And for some reason, Microsoft never figured out how to leverage the awesome Xbox 360 to create some kind of killer mobile gaming experience. Some people are still bullish that the new Windows Phone 10 will change things. It’s finally going to realize the “one state, multiple devices” paradigm. It’s Microsoft’s first shot at branding a new series of devices on its own, instead of with Nokia’s name on them. And the OS certainly looks good on its own, if still way unfinished. I love the new notification bar, and the new photo app and OneDrive integration look great. (I’m not big on voice activation, so I’ll leave the Cortana analysis to others; I never use Google Now or Siri, either.) But if Microsoft is targeting a fall release — and that looks highly optimistic, given that the company will still have to build phones and then get them approved on U.S. carriers — the outlook for Microsoft is dim. They have tremendous cash reserves, so this isn’t about Microsoft going out of business or anything sensationalist like that. The desktop is going nowhere, and Windows 10 could be a smash success like Windows 7 was, from what I’m seeing. I can’t wait to build a new PC running Windows 10 when the opportunity arrives. (I had less kind things to say about Windows 8.1.) But Windows Phone 10 is a different, and much sadder story. http://www.extremetech.com/mobile/199817-windows-phone-10-is-dead-before-it-even-arrives
  25. Smartphone users might balk at letting a random app like Candy Crush or Shazam track their every move via GPS. But researchers have found that Android phones reveal information about your location to every app on your device through a different, unlikely data leak: the phone’s power consumption. Researchers at Stanford University and Israel’s defense research group Rafael have created a technique they call PowerSpy, which they say can gather information about an Android phone’s geolocation merely by tracking its power use over time. That data, unlike GPS or Wi-Fi location tracking, is freely available to any installed app without a requirement to ask the user’s permission. That means it could represent a new method of stealthily determining a user’s movements with as much as 90 percent accuracy—though for now the method only really works when trying to differentiate between a certain number of pre-measured routes. Spies might trick a surveillance target into downloading a specific app that uses the PowerSpy technique, or less malicious app makers could use its location tracking for advertising purposes, says Yan Michalevski, one of the Stanford researchers. “You could install an application like Angry Birds that communicates over the network but doesn’t ask for any location permissions,” says Michalevski. “It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption.” PowerSpy takes advantage of the fact that a phone’s cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says. One of the machine-learning tricks the researchers used to detect that “noise” is a focus on longer-term trends in the phone’s power use rather than those than last just a few seconds or minutes. “A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise,” the researchers write. “We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement.” Even so, PowerSpy has a major limitation: It requires that the snooper pre-measure how a phone’s power use behaves as it travels along defined routes. This means you can’t snoop on a place you or a cohort has never been, as you need to have actually walked or driven along the route your subject’s phone takes in order to draw any location conclusions. The Stanford and Israeli researchers collected power data from phones as they drove around California’s Bay Area and the Israeli city of Haifa. Then they compared their dataset with the power consumption of an LG Nexus 4 handset as it repeatedly traveled through one of those routes, using a different, unknown choice of route with each test. They found that among seven possible routes, they could identify the correct one with 90 percent accuracy. “If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile,” says Michalevsky. “We show that those similarities are enough to recognize among several possible routes that you’re taking this route or that one, that you drove from Uptown to Downtown, for instance, and not from Uptown to Queens.” Michalevsky says the group hopes to improve its analysis to apply that same level of accuracy to tracking phones through many more possible paths and with a variety of phones—they already believe that a Nexus 5 would work just as well, for instance. The researchers also are working on detecting more precisely where in a known route a phone is at any given time. Currently the precision of that measurement varies from a few meters to hundreds of meters depending upon how long the phone has been traveling. The researchers have attempted to detect phones’ locations even as they travel routes the snooper has never fully seen before. That extra feat is accomplished by piecing together their measurements of small portions of the routes whose power profiles have already been pre-measured. For a phone with just a few apps like Gmail, a corporate email inbox, and Google Calendar, the researchers were able determine a device’s exact path about two out of three times. For phones with half a dozen additional apps that suck power unpredictably and add noise to the measurements, they could determine a portion of the path about 60 percent of the time, and the exact path just 20 percent of the time. Even with its relative imprecision and the need for earlier measurements of power use along possible routes, Michalevsky argues that PowerSpy represents a privacy problem that Google hasn’t fully considered. Android makes power consumption data available to all apps for the purpose of debugging. But that means the data easily could have been restricted to developers, nixing any chance for it to become a backdoor method of pinpointing a user’s position. Google didn’t respond to WIRED’s request for comment. This isn’t the first time that Michalevsky and his colleagues have used unexpected phone components to determine a user’s sensitive information. Last year the same researchers’ group, led by renowned cryptographer Dan Boneh, found that they could exploit the gyroscopes in a phone as crude microphones. That “gyrophone” trick was able to to pick up digits spoken aloud into the phone, or even to determine the speaker’s gender. “Whenever you grant anyone access to sensors on a device, you’re going to have unintended consequences,” Stanford professor Boneh told WIRED in August when that research was unveiled. Stanford’s Michalevsky says that PowerSpy is another reminder of the danger of giving untrusted apps access to a sensor that picks up more information than it’s meant to. “We can abuse attack surfaces in unexpected ways,” he says, “to leak information in ways that it’s not supposed to leak.” Read the full PowerSpy paper below. https://www.scribd.com/doc/256304846/PowerSpy-Location-Tracking-using-Mobile-Device-Power-Analysis http://www.wired.com/2015/02/powerspy-phone-tracking/