Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'smartphones'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 39 results

  1. Nokia and HMD Global Confirm MWC 2017 Launch Event for February 26 Hopefully, a couple of smartphones will be unveiled Despite the fact that Samsung has already confirmed it will not launch the Galaxy S8 at MWC, while Sony is rumored to show its new flagship in secret rooms only, this year's trade fair looks pretty promising when it comes to new devices. After successfully launching its first Nokia-branded smartphone in China, HMD Global will finally reveal its plans regarding the next handsets that will (hopefully) be available worldwide. Aside from the Nokia 6 that's exclusive available for purchase in China though major retailer JD.com, HMD Global plans to launch at least 5 or 6 other Android smartphones by the end of the year. Will it live up to the expectations? At least two other Nokia-branded handsets might be introduced at MWC 2017 on February 26, including the company's first flagship smartphone. Unfortunately, the expectations are very high now that new Nokia-branded phones will be once again available on the market, and we fear that HDM Global's new product might not live up to the hype. However, it's important to note that the Nokia that once was, will never be again. The Finnish giant has already decided to let another company handle the design, manufacturing and sale of Nokia-branded smartphones. Since we're less than one month away from Nokia's launch event, we won't have to wait too long to find out whether or not HMD will manage to meet Nokia fans' expectations. Naturally, it won't be able to appeal to everyone, but it would be nice to know that Nokia's spirit still lives in some (if not all) HMD Global's upcoming products. Source
  2. Nokia 6 Finally Goes on Sale Outside of China for $370 The phone is available in the Philippines in white color Well, it looks like starting tomorrow, the Nokia 6 will be available for purchase in another country, although customers will have to pay more. PinoyTechnoGuide reports major retailer Lazada will begin selling the Nokia 6 in the Philippines. As some of you probably know by now, Nokia 6 is available for purchase in China through JD.com retailer for only $245. However, customers in the Philippines will have to pay $370 for the mid-range smartphone. On the bright side (no pun intended), Nokia 6 will be available at Lazada in white color, which is rather odd considering HMD Global only released the smartphone in black version in China. It's also worth mentioning those who purchase the smartphone through Lazada will benefit from free shipping. We don't know if there's a purchase limit per customer, but it doesn't seems so. Checking out the specs listed by Lazada, it seems they're selling the same device that's been introduced in China not long ago. So, expect a mid-range smartphone running Android 7.0 Nougat operating system right out of the box, coupled with an octa-core 1.4GHz Qualcomm Snapdragon 430 processor. The Nokia 6's 16-megapixel rear-facing camera has already been compared to other cameras on flagships like the OnePlus 3T and Huawei Mate 9 Pro, and it performed admirably. There's also a secondary 8-megapixel camera in the front for those who like to take selfies. It also sports a 5.5-inch full HD (1080p) display with 2.5D scratch resistant Corning Gorilla Glass 3 coating. On the inside, the Nokia 6 packs 4GB RAM and 64GB of storage (expandable up to 128GB via microSD card). Source
  3. Lineage OS Announces A Bunch Of Newly Supported Devices For Its Preview Builds Last month, Cyanogen announced that it was shutting down its offices, leaving the future of CyanogenMod in question. However, from the company's digital ashes rose a new project called Lineage OS. The developer team behind the operating system announced that it would support more than 80 devices. However, at launch, it only supported a handful of devices. Now, the company has updated its roster of supported devices, adding a number of older handsets to the list. Previously, the developer team had only included the LG Nexus 5X, Huawei Nexus 6P, Motorola Moto G4 / G4 Plus, Nextbit Robin and Xiaomi Redmi 1S. The company has now updated its list of supported devices to include: Asus Nexus 7 2013 (4G / Wi-Fi) LG Nexus 5 Huawei Honor 5X LG G4 (T-Mobile / International) LG G3 S LG G3 Beat Motorola Moto X Pure (2015) Motorola Moto E Motorola Moto G Motorola Moto G4 Play OnePlus One Oppo Find 7a Oppo Find 7s Samsung Samsung Galaxy S III (AT&T / Sprint / T-Mobile / Verizon / International) Samsung Galaxy S II (International) Sony Xperia SP Xiaomi Mi 3w and Mi 4 Xiaomi Mi 5 Xiaomi Mi Max Xiaomi Redmi 3/Prime Xiaomi Redmi Note 3 As can be seen, the list of devices has increased drastically. That said, the developer team has not announced how many installs its operating system has garnered. Previously, the company had announced that experimental builds of Lineage OS had been downloaded more than 50,000 times. This figure is bound to change with more devices being supported everyday. You can download the latest nightly and experimental builds on supported handsets by heading over to the download page here. Source
  4. Nokia's Return to Smartphone Business Confirmed for 2017 An official slide from the company has spilled the beans Apparently, an official slide from Nokia's Capital Markets Day presentation has just leaked online and the folks over at NPU have been quick to report on it. The slide show Nokia's main topics for the next two years and the current one. While in 2016 Nokia focused on the launch of its incredible OZO VR camera, Withings acquisition and licensing its phone brand to HMD, the next two year will be even more exciting for the Finnish company. For example, in 2017 Nokia plans to strengthen its presence in the VR market, but it remains to be seen how it will be able to do that. Another important topic for Nokia fans, the comeback of the company to the smartphone business is happening next year as well. The Finnish giant notes in the presentation slide that “Nokia brand's return to smartphones” is to take place in 2017. Moreover, the company plans to expand patent licensing in mobile, automotive and consumer electronics during the same year. As for 2018, Nokia is going to work towards licensing its own VR technology, and hopes to grow considerably in remote patient care in Digital Health. The Finnish company also mentions that it will continue the patent licensing growth and diversification throughout 2018 as well. If you're a Nokia fans, 2017 is definitely going to be a very interesting year for you. At least two Android smartphones are expected to be unveiled in the first half of the year, but these won't be the only handsets Nokia will launch in 2017. The only thing that remains to clarify is when exactly the first Nokia-branded smartphones in a long while will be officially unveiled. Some bet on Mobile World Congress, which is scheduled to take place at the end of February, while other are more pessimist claim the first Nokia smartphones won't be announced until April/May. Source
  5. Android 7.1.1 Nougat Running Surprisingly Well on a 7-Year Old Galaxy S1 Samsung released the Galaxy S in June 2010 YouTuber XTvideos posted a video showing how Android 7.1.1 Nougat performs on the 7-year old Galaxy S smartphone, announced in March 2010 and released a couple of months later in June. The video shows the first boot of Galaxy S1 i9000 running the latest version of Android. Obviously, this is an unofficial CM version of Nougat, nobody expects Samsung to release an update for devices so old. The smartphone runs a bit slow, it takes some time to load the settings menu, and the phone is running a clean OS, no apps were flashed. The user installed CyanogenMod 14.1 on the Galaxy S (GT-I9000), and since it’s an unofficial version, the phone is a bit slow in certain areas. The phone also appears to have the December security patch, which was the latest when the video was uploaded. 512MB of RAM and Hummingbird chipset inside The video shows that 7.1.1 Nougat contains most of the features that you would expect, like a revamped notification area and even quick reply. The phone can open all settings menus and it provides the user with access to developer options, without crashing, freezing or shutting down. Samsung’s Galaxy S1 (GT-I9000) had a 4-inch AMOLED display with 480 x 800 pixel resolution and Corning Gorilla Glass coating on top. It ran Android 2.1 Eclair out of the box and later received an update to 2.3 Gingerbread. These two versions haven’t been included in Android Distribution reports for quite some time now, meaning that they’re market share is well below 0.1%. Moving on the Galaxy S1 came with 512MB of RAM, 8 or 16GB of internal storage which could be expanded to 32GB with a microSD card and ran a Hummingbird chipset or Exynos 3110 with a 1.0GHz Cortex-A8 processor, coupled with PowerVR SGX540 graphics processing units. Rear camera capacity reached 5MP with autofocus, while the secondary camera was VGA. The phone drew power from a removable 1,500mAh battery. Source
  6. How to Opt Out of iOS Beta Updates and Reinstall iOS 10.2.1 on Your iPhone/iPad The tutorial also applies to iPod touch devices iOS 10.2.1 is the first point release to the iOS 10.2 series. It received a total of four Beta/Public Beta versions during its entire development cycle since mid-December last year. The last one was seeded only ten days ago. Like many of us running the iOS 10.2.1 Public Beta 4 release, it turns out you'll not receive the final version of iOS 10.2.1, which some will say it's identical with the last Beta, but what if your device is not working properly and you are still experiencing bugs. For example, we found out that, since we've installed the last Public Beta versions of iOS 10.2.1 on our iPhone 6 device, some applications were very slow to load and not so responsive like they used to be. Also, we noticed major battery drains. Removing the iOS Public Beta profile If you're experiencing the same issues on your iPhone, iPad, or iPod touch device, it's time to refresh it by reinstalling the operating system. First off, make sure that you have a recent iCloud backup, or at least a local backup in iTunes. It's time to remove the Public Beta profile (you can always reinstall it at a later time if you still want to use upcoming Beta versions), so open the Settings app, go to General, scroll down to the Profile section and click it. Then, remove the iOS Beta profile by pressing the red "Delete Profile" button. Restoring the device and reinstalling iOS Connect your device to your personal computer, where the latest version of iTunes needs to be installed (make sure you have the latest version installed, 12.5.5 at the moment of writing). With the device connected to your PC, enter DFU mode. Entering DFU Mode is as simple as pressing and holding both the Power and Home buttons on your device until you see the Apple logo on the screen. Release the Power button but keep holding the Home one until the "Connect to iTunes" logo appears. iTunes will soon offer you the option to "Restore and Update" the device. Click the "Restore and Update" button and the application will tell you that iOS 10.2.1 is available. Click OK and let it download the update. Once iTunes completes downloading iOS 10.2.1 from Apple's servers, it will soon begin installing it on your device. You don't have to do anything at this point, just don't touch anything and make sure your computer has enough battery or that it's plugged in. Reset and erase the device to restore it from a backup Just before iOS 10.2.1 finishes installing, iTunes will display a message saying "Congratulations, your iPhone has been unlocked. To set up and sync this iPhone, click Continue." Click the "Continue" button and iTunes will immediately detect your device. At this point, you need to set up your device by pressing the Home button. Choose your preferred language and region. On the next screen, you'll have to connect to your Wi-Fi network. Then, enable the location services, or simply don't. It doesn't matter, because we're going to reset and erase the device anyway, so there's no need to set up Touch ID now. When you reach the home screen, open the Settings app, go to the Reset section and press on "Erase All Content and Settings." Erase your device, which will bring you to the setup screen again. So, this time, make sure that you set up everything correctly, including Touch ID, location services, etc., and, after entering your Apple ID, you can finally choose to restore from a backup. Select the restore method you want (we prefer the iCloud backup) and let your device restore the backup, which can take a few good minutes. Once everything is restored, you can unlock your device and access the home screen. Most of the apps will continue to download and install in the background, so you'll have to wait a little longer for everthing to be exactly like it was before you've started all this. Congratulations, you refreshed your device and have the final iOS 10.2.1 installed, too. Source
  7. Where Can You Download LineageOS, CyanogenMod's Replacement? It's only a matter of weeks since we learned that CyanogenMod was closing down and LineageOS would replace it. At the time, little was known about the launch schedule for the open source, Android-based operating system, but that has all changed. On Friday, the LineageOS team announced that builds will "start rolling out this weekend". At time of writing the downloads have yet to make an appearance, but there is a download portal ready for you to keep an eye on. The team excitedly says that "it's nearly 'go time' for builds to start flowing", and advertised the availability of the Lineage infrastructure status page. More usefully, there is also a wiki for the OS, as well as a stats page that shows (at time of writing) that even before builds have been officially made available, there have been more than 75,000 installs. But what about the all-important download page? There is now a LineageOS Downloads portal up and running, but despite the proclamation that downloads would roll out this weekend, the page currently disappointingly reads: "Coming soon". What's clear, however, is that LineageOS is about to arrive any second, and with this in mind the development team has shared further details about what to expect: More than this, eager users are provided with more details about how the actual installation process will work: If you're missing CyanogenMod, now is the time to turn your attention to the LineageOS download page. Source Alternate Source: First Official Lineage OS Builds To Roll Out This Weekend
  8. Hi All, Just wondering if Nokia with Canonical makes Ubuntu Touch Devices, does people love it and buy to help support Ubuntu Touch development? My wish is that Nokia should join hands with Canonical to make Ubuntu Devices. If that happens, all lazy s/w app giants will create apps supporting Ubuntu Touch platform. I'm calling s/w app giants as lazy bcoz if they would've supported Ubuntu Touch earlier, the OS could've been overtaking Android & Windows Phones(or Windows 10 Mobile) by now. All Nokia & Ubuntu/Linux fans(incl. myself) or devs out there, please suggest Nokia to create Ubuntu Devices in future ASAP. Please vote and provide feedback in comments(if any). Members please note that I'm referring to the future and not now. I'm not a fool to ask for/suggest a change in the first year of re-emerged Nokia. @steven36 & @teodz1984: Please read the desc carefully before providing comments.
  9. Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug! What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited What's the Issue: The vulnerability relies on the way WhatsApp behaves when an end user's encryption key changes. WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change. In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding. Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that "we were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." What Experts argued: According to some security experts — "It's not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration." Open Whisper Systems says — "There is no WhatsApp backdoor," "it is how cryptography works," and the MITM attack "is endemic to public key cryptography, not just WhatsApp." A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — "The Guardian's story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor." What's the fact: Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats. What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, "Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment." What? "...encryption protocol supposedly "backdoored" by WhatsApp…" NO! No one has said it's an "encryption backdoor;" instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption. As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly. Then Why Signal is more Secure than WhatsApp? You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — "WhatsApp has no backdoor." It's because there is always room for improvement. The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender. And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered. So, here WhatsApp chose usability over security and privacy. It’s not about 'Do We Trust WhatsApp/Facebook?': WhatsApp says it does not give governments a "backdoor" into its systems. No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users. But what about state-sponsored hackers? Because, technically, there is no such 'reserved' backdoor that only the company can access. Why 'Verifying Keys' Feature Can't Protect You? WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number. But here’s the catch: This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this. WhatsApp Prevention against such MITM Attacks are Incomplete WhatsApp is already offering a "security notifications" feature that notifies users whenever a contact's security code changes, which you need to turn on manually from app settings. But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense. Have you received a notification indicating that your contact's security code has changed? Instead of offering 'Security by Design,' WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually. The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys. What WhatsApp should do? Without panicking all one-billion-plus users, WhatsApp can, at least: Stop regenerating users' encryption keys so frequently (I clearly don't know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users. ...because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it. Source
  10. WhatsApp Security: Make This Change Right Now! Security researchers found a backdoor in the popular messaging application WhatsApp recently that could allow WhatsApp to intercept and read user messages. Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what is sent when both sender and recipient use the latest version of the application. It turns out however that there is a way for WhatsApp to read user messages, as security researcher Tobias Boelter (via The Guardian) found out. Update: In a statement sent to Ghacks, a WhatsApp spokesperson provided the following insight on the claim: WhatsApp has the power to generate new encryption keys for users who are not online. Both the sender and the recipient of messages are not made aware of that, and the sender would send any message not yet delivered again by using the new encryption key to protect the messages from third-party access. The recipient of the message is not made aware of that. The sender, only if Whatsapp is configured to display security notifications. This option is however not enabled by default. While WhatsApp users cannot block the company -- or any state actors requesting data -- from taking advantage of the loophole, they can at least activate security notifications in the application. The security researcher reported the vulnerability to Facebook in April 2016 according to The Guardian. Facebook's response was that it was "intended behavior" according to the newspaper. Activate security notifications in WhatsApp To enable security notifications in WhatsApp, do the following: Open WhatsApp on the device you are using. Tap on menu, and select Settings. Select Account on the Settings page. Select Security on the page that opens. Enable "show security notifications" on the Security page. You will receive notifications when a contact's security code has changed. While this won't prevent misuse of the backdoor, it will at least inform you about its potential use. Source Alternate Source - 1: WhatsApp Encryption Has Backdoor, Facebook Says It's "Expected Behaviour" Alternate Source - 2: WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages Alternate Source - 3: Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor' Alternate Source - 4: Your encrypted WhatsApp messages can be read by anyone Alternate Source - 5: How to protect yourself from the WhatsApp 'backdoor' Alternate Source - 6: 'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception [Updated] Detailed Explanation of the Issue and Prevention/Alternatives:
  11. uNav 0.64 Turn-by-Turn GPS Navigation App Now Available for Ubuntu Phones Map viewer and GPS navigator for car, bike and walking uNav 0.64 comes four months after version 0.63, which was a minor update improving the simulator, adding support for skipping confirmation of routes, rounding off the distance to the nearest turn in guidance mode, fixing the '¿¿¿' string in POI names, adding CartoDB layers, as well as a bash script to generate translations. Not that uNav 0.64 is a major release, but it looks like it adds some improvements than the previous version. Among these, we can mention centering on POI (Point of Interest) in search instead of in an area, correct roundabout of arrow directions for some countries, and Breton voice support. Available now for all Ubuntu Phone users uNav 0.64 also attempts to improve the out-of-the-box experience for newcomers by fixing the main window, which appeared to be unnecessarily large, spicing up the "empty state" of the application, remove "hairdresser" from the POI list, as well as to rename various translation files. If you're the proud owner of an Ubuntu Phone and you're running the latest version of the Ubuntu Touch mobile operating system (OTA-14), you should find the new uNav 0.64 release on the Ubuntu Store. Existing users can update the application right now through the usual channels. For those unfamiliar with uNav, it's an online and offline map viewer and GPS navigator powered by OpenStreetMap and Mapzen. It features convergence support, which means that you can use it on a desktop too if you're Ubuntu Phone can be converged. The app offers turn-by-turn navigation for bikes, cars, and walking. Source
  12. 2016 Xmas/Christmas Advent Calendar/Advents Kalender Collection by Me Here I share, My Own List of Active Xmas Advent Kalenders 2016[Almost Complete]: Please make sure that you don't miss any future days in the above Kalender[Calendar] Giveaways and Promotions. I hereby welcome nsaners to update this thread with more advent kalenders.
  13. HTC Might Sell Its Smartphone Business in 2017 Four companies are interested in the purchase A new rumor now claims the company has already decided to sell its smartphone business, which was bleeding money for a few years now. Ms Cher Wang, HTC general manager, is said to have already sent a message to her closest collaborators that the smartphones business will be sold in the spring, next year. Even though the Taiwanese media reports that HTC has denied these rumors, analysts claim that this is exactly what companies usually do before signing up the sale agreement. The same source state that there actually four companies interested in buying HTC's smartphone business and one of the them is from Taiwan, the handset maker's home turf. But would anyone be surprised if Google purchases HTC after the Taiwanese company rented its skills to manufacture the Pixel phones? It won't be the first time that the search giant acquires an important brand in the smartphone industry. Although it's a bit far-fetched at the moment, we won't know for sure until next year when HTC is supposed to make an official announcement regarding its smartphone division. If there's any truth in these rumors, HTC won't admit that its smartphone business is up for sale until it finds a buyer and, eventually, signs the sale agreement. It's also worth noting that this isn't the first time that reports about HTC's attempt to sell its mobile division, so if it didn't happened in the previous cases, they could be wrong this time as well. So, take these rumors with a grain of salt until we get official word about the matter. Source
  14. BadKernel Vulnerability Affects One in 16 Android Smartphones Security flaw affects Chromium browsers & WebView component The issue at play here has been discovered and fixed in the summer of 2015 and affected the Google V8 JavaScript engine, between versions 3.20 and 4.2. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. BadKernel flaw is trivial to exploit, just like Stagefright Researchers from Chinese cyber-security firm Qihoo 360 discovered that they could leverage the 2015 V8 bug to execute malicious code on Android devices via the vulnerable apps where the V8 engine had been embedded. This bug, nicknamed BadKernel, allowed them to steal data from the device, take over the user's camera, intercept SMS messages, and anything else they wanted. Since this was an RCE (Remote Code Execution) flaw, the attackers had full control over any affected smartphone. Because the BadKernel flaw can be exploited just by loading the content of a malicious web page, attackers face no difficulty in weaponizing and deploying BadKernel exploits. BadKernel affects countless of other apps Google ships the V8 engine with the Chromium mobile browser framework, used for the creation of mobile browsers such as Chrome and Opera. The V8 engine also ships with the WebView Android component, which mobile developers use inside their apps to view Web content inside the application, without opening a dedicated browser. Currently, many popular apps such as WeChat, Facebook, Twitter, or Gmail, use the WebView component. Vulnerable WebView versions are also the default on Android 4.4.4 up to version 5.1. Additionally, some SDKs, such as the Tencent X5.SDK, also deployed a custom V8 engine, based on the V8 versions vulnerable to BadKernel. This means that apps created with this SDK are also vulnerable to BadKernel attacks. This list is mainly comprised of Chinese mobile apps such as QQ, QQ Space, Jingdong, 58 City, Sohu, and Sina News. Many outdated apps still use vulnerable WebView components While the V8 engine is currently at version 5.1, the vulnerable versions are still embedded in many applications, some of which have remained out-of-date, while others have not been updated by their users. At the time of writing, the BadKernel flaw has received very little attention, despite being known since August 2016. "BadKernel is still relatively unknown in the US and Europe because it was discovered by the Qihoo 360 research group who published their original findings in Chinese, which was not easily accessible by the rest of the world," Clark Dong of Trustlook Mobile Security told Softpedia via email. All major smartphone vendors affected by BadKernel flaw Dong's company has compiled a list of smartphone models, Android and browsers versions that are currently vulnerable to this flaw. The list includes all the big industry names from Alcatel to HTC, and from Lenovo to Sony, just to name a few. Trustlook, who operates a mobile antivirus solution for Android devices, has leveraged telemetry data from its customers to gather some statistics on the number of potentially affected users. The company says that 41.48 percent of all Samsung smartphone models may be affected by the BadKernel flaw. Additionally, 38.89 percent of Huawei smartphone models may also affected, followed by 26.67 percent of all Motorola models, and 21.93% percent of all LG devices. The most affected country seems to be Peru, with one in every five devices vulnerable to BadKernel. Peru is followed by France (14.7 percent), Nigeria (12.4 percent), Bangladesh (10.2 percent), and Thailand (9.4 percent). Three in four LG built-in browsers affected by BadKernel The same telemetry data has also revealed that the most affected browsers are LG's built-in browser (75.1 percent of all installations are vulnerable), followed by Samsung's built-in browser (41 percent of all installations), and standalone mobile Google Chrome browsers (11 percent of all installations). Users that want to check to see if their device model is affected can consult this list on Trustlook's website, or they can install a dedicated BadKernel security scanner from the Play Store (how-to video here). To avoid exposing themselves to BadKernel attacks, users should always keep their apps up-to-date, and they should not delay installing Android OS system updates. Source
  15. Screens That Fold And Roll Will Arrive As Early As Next Year LG showed a display that can fold at CES 2016 in Las Vegas Screens that can roll up could appear in tablets that fold into the shape of smartphones Displays that can be folded and rolled up have been shown in prototype smartphones, wearables, and other devices -- but when will such products be available? Advances in technology suggest they aren't too far off in the future. Such devices could start showing up as early as next year or 2018, said Jerry Kang, senior principal analyst for emerging display technologies and OLED at IHS. Manufacturers are trying to launch them in devices like tablets that can fold into a smartphone-size device. It's possible to use these displays in wearable devices, but reliability, weight and battery life need to be considered, Kang said. Small folding screens will likely come before larger ones, mainly due to the economics of making such displays, Kang said. The displays will be based on OLED (organic light-emitting diode), which is considered a successor to current LED technology. OLEDs don't have lighting back-panels, making them thinner and more power efficient. At CES this year, LG showed a stunningly thin paper-like display that could roll up. The company projects it will deliver foldable OLEDs by next year. There are advantages to screens that can be folded or rolled up. They could lead to innovative product designs and increase the mobility of devices, Kang said. For example, it could be easier to fit screens around the contours of a battery and other components. It will also provide a level of flexibility in how a user can change the shape of a device. But challenges remain in making such screens practical, Kang said. A display has multiple functional layers such as cover lenses, touch panels and polarizers, all made of different materials. A large number of layers could limit the ability to bend and fold. But removing layers also presents problems. For example, removing the touch panel could make such a screen useless for smartphones and tablets. The size of batteries and circuits are of lesser concern in designing bendable screens, Kang said. The screens can be folded around components. Displays that can fold and roll are an extension of flexible displays, which are already in wearables, smartphones and TVs. For example, some TVs have flexible screens that are designed so that they can be slightly curved. Samsung and LG started using flexible AMOLED displays in smartphones in 2013 and are adapting those screens for wearables. Those companies are also leading the charge to bring displays that can bend and fold to devices. The sorts of flexible displays that are used in curved products are still in their infancy, but IHS projects such screens to continue siphoning market share from non-flexible displays. In 2022, 433.3 million flexible displays will ship, compared to 3.6 billion units of non-flexible displays. Source
  16. Here's How Secret Voice Commands Could Hijack Your Smartphone Google's voice assistant activation screen A muffled voice buried in a YouTube video can take over your phone, researchers say Kitten videos are harmless, right? Except when they take over your phone. Researchers have found something new to worry about on the internet. It turns out that a muffled voice hidden in an innocuous YouTube video could issue commands to a nearby smartphone without you even knowing it. The researchers describe the threat in a research paper to be presented next month at the USENIX Security Symposium in Austin, Texas. They also demonstrate it in this video. Voice recognition has taken off quickly on phones, thanks to services like Google Now and Apple's Siri, but voice software can also make it easier to hack devices, warned Micah Sherr, a Georgetown University professor and one of the paper’s authors. The team found that they could mangle voice commands so that humans can barely recognize the words but software still can. The result condenses the words into a demonic growl. "Ok Google, Open XKCD.com," the voice says, and a nearby phone opens that URL. It's easy to imagine how a hacker could direct a phone to a website containing malware, or instruct the phone to take a photo. It might not work every time, but it's a numbers game. If a million people watch a kitten video with a secret message embedded, 10,000 of them might have have their phone nearby. If 5,000 of those load a URL with malware on it,"you have 5,000 smartphones under an attacker’s control," Sherr said in a statement. If the hackers know the ins and outs of the voice recognition software itself, and know its internal workings. they can create voice commands that are even harder to decipher by humans. The researchers have uploaded samples of a scrambled voice command. In our tests with an Android phone, the commands sometimes went undetected or were misheard. When an audio sample asked "What is my current location," Google Now heard it as "procrastination." But other attempts worked fine. Another audio sample tells the phone to turn on airplane mode, which it did. To defend against the threat, developers of voice recognition software could incorporate filters to differentiate between human and computer-generated sounds, the paper said. Source
  17. It’s not a joke, the product is expected to be launched this year In today’s world smartphones can do almost anything, but the industry still insists on increasing these possibilities. In this search, one company has come up with a strange idea and created IZIVIBE — A smartphone cover that uses its vibration to turn itself into a dildo. Izivibe is a normal looking phone cover however it was developed with surgical and hypoallergenic silicone. The cover has its own app for iPhone and Apple Watch and comes with seven modes of vibration, which can be controlled by the phone user or from a distance by someone else through the app. As odd as it may sound, the company also lets users share their favorite vibration mode with friends and family using the same app. It seems like the developers didn’t learn anything from the recent research revealing that cybercriminals can hack Internet-connected toys, record videos and share them on the Internet. However, another major concern is if it is hygienic to use a phone as a vibrator? How clean is your phone?. According to a 2010 study conducted by UK’s Which Magazine, the average mobile phone can harbour 18 times more living bacteria than a flush handle on a gents’ toilet. Hackers get ready you have a job to do ?! Article source
  18. Here's another use for the smartphone as it invades daily life: in place of your debit card at your bank cash machine. The "cardless" automatic teller machine (ATM) is gaining ground in the US and around the world, with smartphone technology allowing for speedier and more secure transactions. Dozens of US banks are installing new ATMs or updating existing ones to allow customers to order cash on a mobile application and then scan a code to get their money without having to insert a bank card. US banking giants Wells Fargo, Bank of America and Chase are in the process of deploying the new ATMs, as are a number of regional banks and financial groups around the world. Makers of ATMs and financial software groups are ramping up to meet this demand. "We think our model (using smartphones) reduces a lot of vulnerabilities," said Doug Brown, who leads mobile technology for FIS Global, a major provider of software and technology for ATMs. Brown said the FIS cardless system is being used at some 2,000 ATMs operated by at least 28 banks in the United States "and we're looking to rapidly expand that." He said the system should be operational at some 80,000 machines in North America over the coming 18 months. And similar changes are coming in other countries, according to Brown. Reducing 'skimming,' fraud In addition to speeding the transaction time, the smartphone-based system aims to curb the growing problem of "skimming" in which criminals steal the data on a card, often by inserting devices into the ATM card slot. By some estimates, skimming cost the global banking industry some $2 billion in 2015 and can lead to other kinds of fraud when card data is stolen. "Consumers are aware of this, they really understand and welcome this," Brown said. Another security benefit, Brown said, is that authenticating on the handset reduces the time spent at the ATM to around 10 seconds instead of the typical 30 to 40 seconds "The performance is kind shocking to some people, they almost jump back at the instantaneous response," Brown said. "But it provides more physical security because they can make the transaction faster." Bank of America spokeswoman Betty Riess said the group is "currently developing a new cardless ATM solution" based on NFC or near field communication technology to allow customers to authenticate without the use of a card. "We'll roll out this capability in late February to associates in select ATMs in Silicon Valley, San Francisco, Charlotte, New York and Boston." Riess said. "It will be followed by a broader customer launch mid-year." Chase said it is planning a similar rollout sometime this year. "When we first roll this out, customers will be able to request an access code through the Chase mobile app and enter it at the ATM to do their transactions," said Chase spokesman Michael Fusco. "Later on, they will be able to use their digital mobile wallet to complete the transaction at the ATM." Wells Fargo is also on board, developing ATMs that will allow customers to use their smartphones to obtain and eight-digit token to authorize a cash withdrawal. The Wells Fargo system will support Android Pay, "and we'll continue to evaluate additional wallets," said spokesman Kristopher Dahl. Chicago-based BMO Harris, an affiliate of Bank of Montreal, began using smartphone technology at its 750 ATMs last March. 'Headless' ATMs Some of the new technologies will require only a software update to the ATM, while others will need new hardware. ATM manufacturer Diebold is testing a "headless" teller machine, without a screen or keypad, which dispenses cash from interaction on the smartphone. "What we are saying with this is forget the card reader, forget the PIN pad, we all have these devices in our pockets," said Dave Kuchenski, Diebold's senior business development manager for new technology. Customers need only verify their identity, which can be done with the device's fingerprint reader, or possibly with an iris scanner on the ATM. While some existing Diebold ATMs can work with mobile applications, Kuchenski said the new concept, in testing with Citibank and others, could provide "a better user experience." "We don't have to walk through the same process which we have had since the ATM has existed," he said. "If we're using a mobile phone, we no longer have the need for a card, we no longer have a need for a receipt printer, we've dematerialized a lot of the devices. Banks like this, because it has fewer moving parts, so it reduces the total cost of ownership." http://phys.org/news/2016-02-smartphones-cards-bank-machines.html
  19. Four U.S. lawmakers concerned with measures being considered in California and New York House bill would prevent patchwork of state laws banning smartphone encryption Four bipartisan members of Congress introduced legislation this week to preempt a potential patchwork of state and local government laws banning encryption on smartphones. The measure, called the ENCRYPT (Ensuring National Constitutional Rights for Your Private Telecommunications) Act of 2016, is intended to ensure a uniform national policy for encryption technology, according to a statement from the lawmakers. U.S. Rep. Ted W. Lieu (D-Calif.), joined Reps. Blake Farenthold (R-Texas), (Suzan DelBene, D-Wash.) and Mike Bishop (R-Mich.) in sponsoring the measure. The lawmakers are worried initially about bills sponsored by state legislators in California and New York that would ban encryption on any smartphone sold in their states. Encryption is used on many smartphones, including recent iPhones and Android phones, and is designed to protect a user’s personal data, such as private financial and health information, from snooping eyes. A decryption key is needed to open encrypted data, and that key is not typically available to smartphone makers and is only available to the phone user, often through a passcode. As a result, smartphone makers like Apple have told intelligence officials, the FBI and others that they cannot decrypt data on the latest smartphones, which are protected by full-disk encryption. The ENCRYPT bill arrived as FBI Director James Comey and others have tried to persuade tech giants to share encrypted data, especially on smartphones, to help them investigate crimes and terror attacks. Comey told the Senate Intelligence Committee on Tuesday that a phone used by one of the terrorists in the San Bernardino, Calif., shootings is still encrypted and cannot be hacked. He also said a woman killed in Louisiana last April used an encrypted iPhone that could provide clues to her killer. The proposals in New York and California, if passed, would require manufacturers of encrypted smartphones to enable decryption of data on the phones made after 2017. “A patchwork of 50 different encryption standards is a recipe for disaster that would create new security vulnerabilities, threaten individual privacy and undermine the competitiveness of American innovators,” Lieu said in a statement. “It is bad for law enforcement, bad for technology users and bad for American technology companies. National issues require national responses. The ENCRYPT Act makes sure this conversation happens in a place that does not distrupt interstate commerce.” Trade groups including Information Technology Industry Council and Internet Association and Internet Infrastructure Coalition quickly endorsed the ENCRYPT measure. New York Assemblyman Matthew Titone introduced a bill in June to block encrypted smartphones in that state. California Assemblyman Jim Cooper introduced a similar bill affecting smartphones sold in California in January. Both legislators are Democrats. SOURCE
  20. India's phone upgrade cycle is a big opportunity for Apple Apple reported record Q1 revenue yesterday, warning that Q2 iPhone sales may shrink slightly because global economic and social instability is bad for business. Wall Street responded its usual way and abandoned ship. Wall Street is wrong Apple already has a strategy for future growth. It has been developing it for years. I explored the importance of connected device proliferation and services provision yesterday, but today I want to explore Apple’s focus on India. India is the world’s second largest English language publishing market and audiences there prefer smartphones to eReaders when it comes to digital books, according to the London Book Fair this morning. (A big opportunity for iBookstore, services fans). When it comes to other forms of entertainment, it is significant that more than 67 percent of end-users in India, Southeast Asia and the Middle East use mobile as their primary way to watch movies, music videos and TV shows – the TV is no longer key. Why Apple? So why would these customers choose an Apple device in preference to eReaders and low cost alternatives? Some won’t, but the truth is that lower disposable incomes in the region means smartphones are often the user’s only computer. To get the significance of this you must abandon the privileged first world mindset in which the smartphone is a “choice”. In India (and elsewhere) it might be the first computer they’ve ever had. Smartphone unit sales in India rose 44 per cent in the second quarter of 2015 from a year earlier, said IDC. Not only this, but the Indian economy is expected to grow rapidly this year. However, Apple currently holds only a tiny (c.2%) portion of India’s smartphone sales, but this will change this year. Not only are India’s mobile consumers switching to 4G, but the region will become the world’s second biggest smartphone market in 2017, says Strategy Analytics. An Apple plan for India Apple’s rumored plan to launch a 4-inch iPhone 5se will help the company address a wider range of the market. Apple manufacturer, Foxconn, is investing $5 billion in building factories across India where it could make iPhones, hopefully reducing time and cost to market. Apple’s continued development of services, for example its intention to introduce person-to-person payments via Apple Pay (presumably in India) and its stated intention to open retail stores in India this year help shore up its offer. Those stores might be situated in one of the 100 smart cities India is building, equipped with next generation services and processes. The country also wants big firms, including Apple, to open for business there. (Apple CEO Tim Cook met with Indian Prime Minister Narendra Modi last year). India is ready “I see the demographics there also being incredibly great for a consumer brand, and for people that really want the best product,” Cook said during last night’s fiscal call. “We have been putting increasingly more energy in India.” As it resolves matters of distribution presence, price and local relevance, Apple already has lots of advantages to convince Indian consumers to buy its solutions, not least its incredibly high customer satisfaction rankings. Consumers in India already know about Apple’s advantages. “The love for the iPhone is there,” Carolina Milanesi, chief of research and head of US business at Kantar Worldpanel ComTech told South China Morning Post. The question is if Apple can take the lessons it learned in China and apply them there. "We purposely put the bulk of our emphasis from an emerging market point of view on China to really learn, and then we're going to take that learning to other markets," said Cook in 2011. He’s a shrewd dude. It’s that kind of leadership which means, even while the commentators and some investors declare the iPhone EOL, Piper Jaffray analyst, Gene Munster, hits us with this prediction: "If the macro headwinds continue to be an issue for AAPL, we would expect it to impact the entire market and would still view AAPL as a relative winner even in a down market environment as we believe tech investors would view the safety of Apple's capital return program as a positive.” I’m guessing Mac sales in India will also start climbing soon. SOURCE
  21. SanDisk, Toshiba double down, announce the world's highest capacity 3D NAND flash chips Toshiba's BiCS technology stacks 48 layers of microscopic NAND layers atop one another, vastly increasing memory density. Credit: Toshiba The new 3D NAND chip is designed for wide use in consumer, client, mobile and enterprise products SanDisk and Toshiba announced today that they are manufacturing 256Gbit (32GB), 3-bit-per-cell (X3) 48-layer 3D NAND flash chips that offer twice the capacity of the next densest memory. The two NAND flash manufacturers are currently printing pilots of 256Gb X3 chips in their new Yokkaichi, Japan fabrication plant. They are expecting to ship the new chips next year. (2016) Last year, Toshiba and SanDisk announced their collaboration on the new fab wafer plant, saying they would use the facility exclusively for three dimensional "V-NAND" NAND flash wafers. At the time of the announcement, the companies reported the collaboration would be valued at about $4.84 billion when construction of the plant and its operations were figured in. In March, Toshiba announced the first 48-layer 3D V-NAND chips; those flash chips held 128Gbit (16GB) of capacity. The new 256Gbit flash chip, which uses 15 nanometer lithography process technology, is suited for diverse applications, including consumer SSDs, smartphones, tablets, memory cards, and enterprise SSDs for data centers, the companies said. Based on a vertical flash stacking technology that the companies call BiCS [Bit Cost Scaling], the new flash memory stores three bits of data per transistor (triple-level cell or TLC), compared to the previous two-bit (multi-level cell or MLC) memory Toshiba had been producing with BiCS. Toshiba and SanDisk's Bit Cost Scaling (BiCS) 3D vertical NAND design. "This is the world's first 256Gb X3 chip, developed using our industry-leading 48-layer BiCS technology and demonstrating SanDisk's continued leadership in X3 technology. We will use this chip to deliver compelling storage solutions for our customers," Siva Sivaram, SanDisk's executive vice president for memory technology, said in a statement. SanDisk and Toshiba's fab operations in Yokkaichi, Japan where the new 48-layer 3D V-NAND chip is being produced. Last year, Samsung became the first semiconductor manufacturer to begin producing 3D NAND. Its V-NAND chip provides two to 10 times higher reliability and twice the write performance, according to Samsung. Samsung's V-NAND uses cell structure based on 3D Charge Trap Flash (CTF) technology. By applying the latter technologies, Samsung's 3D V-NAND can provide more than twice the scaling of today's 20nm-class planar NAND flash. Samsung is using its 3D V-NAND for a wide range of consumer electronics and enterprise applications, including embedded NAND storage and solid-state drives (SSDs). Samsung's 3D NAND flash chips were used to create SSDs with capacities ranging from 128GB to 1TB. SOURCE: http://www.computerworld.com/article/2956214/computer-hardware/sandisk-toshiba-double-down-announce-the-worlds-highest-capacity-3d-nand-flash-chips.html
  22. One of the world's largest smartphone makers is being sued by the Dutch Consumers' Association (DCA) for its lack in providing timely software updates to its Android smartphones. This doesn't surprise me, though. The majority of manufacturers fail to deliver software updates for old devices for years. However, the consumer protection watchdog in The Netherlands, The Dutch Consumentenbond, filed a lawsuit against Samsung, due to the manufacturer's grip over the local market compared to other manufacturers. Last year, the discovery of the scary Stagefright Security Bug, which affected over 1 Billion Android devices worldwide, forced Samsung to implement a security update process that "fast tracks the security patches over the air when security vulnerabilities are uncovered a security update process that "fast tracks the security patches over the air when security vulnerabilities are uncovered," and that the security updates will occur once per month. However, the watchdog also blames Korean OEM Samsung for not being transparent regarding the critical security updates, like the update to fix Stagefright exploits, that are necessary to "protect [its] consumers from cyber criminals and the loss of their personal data." Majority of Samsung Handsets Vulnerable to Issues According to DCA's own research, at least 82 percent of Samsung smartphones available in the Dutch market examined had not received any software updates on the latest Android version in two years. This failure in providing the software updates left the majority of Android devices vulnerable to issues on security and others. The DCA says that the agency has previously contacted Samsung many times and discussed the matter privately with the manufacturer giant to resolve the situation, but it failed to reach an agreement with the company, and so it decided to go to court. At this point, I should mention that these are entirely valid claims. Like most other manufacturers, Samsung doesn't provide timely software updates to its devices. No doubt, the Samsung Galaxy S6 series have received Stagefright patches on time, but the manufacturer failed to provide Stagefright fixes for its majority of midrange and entry-level Android devices. Furthermore, none of Samsung's devices currently runs the latest Android 6.0 Marshmallow, three months after it officially launched. DCA's Demands from Samsung The agency has requested the manufacturer to update all of its smartphone devices to the latest version of Android operating system for two years since the handset is purchased (not launched). In some ways, the agency wants Samsung to treat software updates as part of the warranty that has its length mandated at two years in the European Union. Source
  23. 2016 could only see low growth for the world’s largest smartphone maker, Samsung CEO admits Samsung has said it expects 2016 to be a difficult year as it looks to cement its place as one of the world’s leading electronics companies. In a New Year’s address to employees revealed today by Reuters, Samsung chief executive Kwon Oh-hyun said to expect low rates of growth worldwide as financial uncertainty continues in many markets around the globe. This, coupled with “a difficult business environment” created by greater competition in the firm’s main businesses, could lead to 2016 being an arduous year for the company, Kwon said. “Low global growth will persist this year with greater uncertainty stemming from issues such as financial risks for emerging countries,” Kwon (pictured left) warned, although neither he or Samsung would provide detailed financial forecasts. The company is set to release its financial results for the fourth quarter of 2016 on Friday, and will be hoping for the continuation of the improvement seen in its last results back in October. During that quarter, strong demand for its components offset fears about its smartphone business, leading the company to record a growth in operating profit for the first time in two years. This success had followed months of speculation surrounding Samsung’s prospects, as the company was reportedly planning to cut as much as 10 percent of staff at its South Korean headquarters, and would also be cutting back on general expenses by 50 percent next year in a pre-emptive move because of the ongoing slump in the smartphone market. Today’s statement is the latest in a series of potentially interesting moves from Samsung as it looks to ensure future successes in both old and new product areas. Last month, the company confirmed it is forming a team that will focus on automotive-related businesses amid reports it wants to build a smart car. The as-yet-unnamed automotive team will be separate of existing divisions at the company, and will be tasked with growing the sales of car components, particularly in-car entertainment, satellite navigation and autonomous driving technologies. Source
  24. Two kernel vulnerabilities were left unpatched on older devices running Android Jelly Bean and KitKat QuarksLAB, a security research company based in Paris, France, has stumbled upon two kernel vulnerabilities in Samsung Galaxy S4 devices which Samsung has decided to patch, but only for recent devices running Android Lollipop, and not for those with Jelly Bean or KitKat. The two vulnerabilities were discovered in February 2014 and reported to Samsung in August 2014, and they affect the samsung_extdisp driver of Samsung S4 (GT-I9500) devices. The first vulnerability, CVE-2015-1800, was found in the s3cfb_extdsp_ioctl() function, located in the "drivers/video/samsung_extdisp/s3cfb_extdsp_ops.c" file. This function contains a stack kernel memory disclosure, which can be used to leak sensitive memory information or even break kernel ASLR if enabled on the device. "The way to break ASLR is to 'leak' information from the target process. For instance, you'll leak the address of a structure you know (e.g. a memory structure describing the process)," as Fred Raynal, QuarksLAB CEO, told Softpedia. "You know that, in the memory map, this structure is always located at an offset of 1337 bytes from the beginning of the process. Hence, you can guess the base address. It is the leaked address of the structure - 1337 (the offset)." "Imagine you are blindfolded in a room you know. You'll walk around slowly looking to touch something you'll recognize," continued Mr. Raynal, trying to simplify the vulnerability's explanation. "Once you touch that table, you immediately are able to know where everything is. All you needed was one reference, one thing you knew (the table here, the address earlier)." The kernel vulnerabilities are an entry point for more dangerous attack vectors When we asked if this was important, Mr. Raynal told us, "Info leaks are useless by themselves. They are part of the attack vector, to defeat ASLR. [...] In the kernel, you need to leak an address. Once you have this address, you can have your memory overflow, or whatever other bug you are exploiting, working. It is the same whether we talk about desktop or mobile (the difference is only due to the way ASLR is implemented)." The second vulnerability, CVE-2015-1801, is a set of 4 kernel memory corruptions found in the s3cfb_extdsp_ioctl() function, located in the "drivers/video/samsung_extdisp/s3cfb_extdsp_ops.c" file. By exploiting this vulnerability, attackers could control destination pointers, and eventually end up overwriting some function pointers or values in the kernel space, causing a denial of service (DoS) state, or even elevating their privileges. Vulnerabilities will be patched only for devices running recent Android versions According to Jonathan Salwan, one of QuarksLAB's junior security researchers, Samsung took 3 months to acknowledge the bugs (November 2014), and only responded to QuarksLAB's emails after the company went public with their research on September 21, 2015. "They just acknowledged the issues, then went silent until this blog post popped," said Mr. Salwan. "Samsung just confirmed to us that the JB and KK families will not be patched and that the vulnerabilities are only patched on the LL family." Source
  25. LG DEVELOPS "LG ROLLY", FULL-SIZE KEYBOARD FOR POCKETS LG Looks to Increase Share of Growing Mobile Device Accessories Market SEOUL, Aug. 27, 2015 - In an effort to capture a larger share of the fast-growing mobile accessories market, LG Electronics (LG) will unveil the industry’s first solid rollable wireless portable keyboard at IFA 2015 in Berlin, Germany. Unlike other portable keyboards on the market, LG’s Rolly Keyboard (model KBB-700) folds up along the four rows to create an easy-to-carry “stick” that fits into one’s pocket as easily as any purse or briefcase. Featuring high-contrast keys and a fold-out mobile device stand, typing on Rolly Keyboard is extremely comfortable because its 17mm key pitch is nearly as generous as the 18mm key pitch found on most desktop keyboards. Made of impact-resistant and durable polycarbonate and ABS plastic, typing on the keyboard offers satisfying tactile feedback not found on flexible silicone keyboards. Two sturdy arms fold out to support smartphones as well as tablets 1 in an upright position. Simply unfolding the Rolly Keyboard enables the auto pairing function to connect easily to two different devices at the same time via Bluetooth 3.0 with the ability to toggle between the two with a simple key press. A single AAA battery powers the keyboard for up to three months of average use. “LG Rolly Keyboard is just one of the many premium input devices we’ll be unveiling in the coming months as we expand our accessories offerings,” said Seo Young-jae, vice president in charge of Innovative Personal Devices at LG Electronics Mobile Communications Company. “The goal was to create a product that could add more value to LG smartphones and tablets at the same time offering a unique design proposition that hadn’t been explored before.” The Rolly Keyboard will make its debut in September in the United States, followed by key markets in Europe, Latin America and Asia in the fourth quarter. Prices and details of availability will be announced locally at the time of launch. Visitors to IFA 2015 can see LG Rolly Keyboard up close in Hall 18 of Messe Berlin from September 4-9. ——————————————- 1 Supports tablets with displays up to 10 inches in diameter. Source