Jump to content

Search the Community

Showing results for tags 'mobile'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 54 results

  1. Coronavirus case confirmed at Samsung's mobile device factory in South Korea Samsung has confirmed that one of its employees working at its mobile device factory in Gumi City, South Korea has been infected with coronavirus. The company says it has already closed that facility and the shutdown will last until Monday. In a press statement, the tech giant announced that other workers who came in contact with the infected employee have been put under self-quarantine. They will also be tested for possible infection. The floor where the infected employee worked has also been shut down until February 25, Tuesday. The Gumi factory is responsible for producing smartphones meant mostly for the domestic market of Samsung. That said, the company will continue operations at its chip and display factories in other parts of South Korea. Coronavirus has disrupted the tech community over the past couple of months, most notably when tech companies such as LG, Nvidia, ZTE, and Ericsson have started withdrawing from the Mobile World Congress that was set to take place in Barcelona later this month. Samsung was also reported to be cutting back on its MWC presence due to safety concerns related to the virus. Eventually, the GSM Association decided to cancel the event entirely following an escalation of "global concern regarding the coronavirus outbreak". Source: Coronavirus case confirmed at Samsung's mobile device factory in South Korea (Neowin)
  2. Punit Verma

    Samsung launches Galaxy S20

    Samsung released the whole new Galaxy S20. What do you think about the new members of the Galaxy series?
  3. If there were any major sites that took a web traffic pummeling in 2019 it was Yahoo and Tumblr. That’s according to a new report from SimilarWeb. The report looks back on key web trends in 2019. Among those trends were some pretty bad news for some sites. Particularly, SimilarWeb’s report says Tumblr saw its web traffic plummet 33% since 2018, when the site banned adult content. Yahoo saw a similar drop from its 2017 numbers, falling 33.6% during the period. Other key findings from the report: Total web traffic is on the rise, growing 8% in 2019 to 223 billion visits per month to the top 100 websites worldwide. Mobile is fueling much of that growth. While desktop web traffic decreased 3.3% since 2017, mobile web traffic shot up 30.6% over the same period. But with the mobile web comes shrinking attention spans. The report says that visitors are spending 49 seconds less on websites per visit than they did three years ago. The top 10 sites took 167.5 billion visits per month in 2019–a 10.7% increase. Mobile visits claim the majority of visits made to “vice” sites–those that involve porn and gambling. The U.S. leads the world when it comes to visiting the websites. In 2019, over 300 billion visits per month to sites were made from America. The takeaway? Mobile is quickly becoming the new norm, but websites are going to have to work harder to keep visitor attention as our attention spans continue to shrink. Source
  4. The Firefox Browser is not as private as you may think – especially on iOS and Android. Mozilla recently announced that they would be allowing any Firefox user a means to request Mozilla to delete stored telemetry data that is tied to said user. Mozilla maintains “strict limits” on how long they store this logged telemetry data, but any duration is too long if the telemetry data can be associated with an individual Firefox browser instance on a particular IP address through a government request. Sure, the collection of this telemetry data can be turned off, but the vast majority of Firefox users are not using Firefox with telemetry turned off, and are therefore incredibly vulnerable. The change by Mozilla comes as a result of the California Consumer Privacy Act (CCPA), a state law which came into effect at the turn of the new year. 2020 is a year of clear vision, and we get to start it off with the revelation that Firefox stores telemetry data in a way that can be traced back to an individual user. After all, how else would Mozilla be able to delete just your telemetry data upon request? To answer this question, Privacy Online News reached out to Mozilla and a Mozilla spokesperson explained how the telemetry data is associated with your browser instance: “By default, Mozilla collects limited data from Firefox to help us understand how people are using the browser, such as information about the number of open tabs and windows or number of webpages visited. This does not include data that can reveal sensitive information about users’ activity online, such as search queries or the websites users visit. The data collected is associated with a randomly generated identifier that is unique to each Firefox client. We refer to this as a clientID. That clientID is not linked to you personally or any sensitive data (for example to your name or phone number) but to your local Firefox software installation. It is never shared with third-parties. Full public documentation about this data collection, including the identifier, can be found here. When users choose to delete their telemetry, the Firefox browser will submit this identifier to Mozilla and we will then delete data on our servers associated with this ID.” Specifically, when you request your telemetry data be deleted from Mozilla’s servers, you do so by sending a “deletion-request” ping which by virtue of how internet pings work, includes a timestamp, your IP address and your unique client ID – as confirmed by Mozilla. That is all the information that’s needed to tie your telemetry data back to your specific browser instance. Mozilla confirmed to Privacy Online News that all this data is stored, but they don’t seem to consider it a privacy issue because they are stored separately. A Mozilla spokesperson explained how the IP address of all telemetry pings, not just the deletion-request ping, is stored: “Mozilla does initially receive the IP as part of telemetry technical data. The IP is then stripped from the telemetry data set and moved to an environment with restricted access for security and error review purposes only. By moving the IP address into this restricted environment this de-identifies the collected telemetry data.” Firefox stores your telemetry data in a way that can be tied back to you While the fact that Firefox collects telemetry data may be well known to some security minded researchers, and even viewed as acceptable because of reasons such as “debugging,” it is quite the revelation that Mozilla actually maintains this data in a way that is matchable to an individual user’s IP address that is requesting said data be deleted. Mozilla even tried to downplay the impact of their privacy decision, saying in their announcement: “To date, the industry has not typically considered telemetry data “personal data” because it isn’t identifiable to a specific person, but we feel strongly that taking this step is the right one for people and the ecosystem.” While it is arguable that telemetry data isn’t technically “personal data” when it is viewed on its own without other information; however, if there’s a way to link a given set of telemetry data to a particular Firefox browser instance and IP address – and Mozilla just revealed that there is – then that telemetry data all of a sudden becomes the most personal of data. What does Firefox telemetry data include? According to the Mozilla wiki, telemetry data includes all the information needed to answer the following questions: How long does it take Firefox to start? How long does it take Firefox to load a web page? How much memory is Firefox consuming? How frequently do the Firefox cycle collector and garbage collector run? Was your session successfully restored when you last launched Firefox? Reading into the questions, the technical pieces of data that Firefox needs to store to be able to answer these questions become apparent. Stay tuned to future posts from Privacy Online News that will dive into the Firefox codebase to showcase what constitutes telemetry data stored by Mozilla in association with your Firefox browser instance. For a preview, simply type about:telemetry into your Firefox browser. For Android and iOS versions of Firefox, parts of this telemetry data – and more – are also shared with a third party company called Leanplum. What is Leanplum and why is it on Firefox for iOS and Android? Firefox on the popular mobile operating systems iOS and Android has even larger privacy concerns beyond the telemetry data that is stored by Mozilla. Leanplum is a mobile advertising company that also receives your personal information, courtesy of Mozilla. According to Mozilla Firefox’s support website: Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor, which has its own privacy policy. This data allows us to test different features and experiences, as well as provide customized messages and recommendations for improving your experience with Firefox.” Mozilla sends information to Leanplum under the guise of testing different features. More information, also from Mozilla’s support team, gets into the specifics: Leanplum tracks events such as when a user loads bookmarks, opens new tab, opens a pocket trending story, clears data, saves a password and login, takes a screenshot, downloads media, interacts with search URL or signs into a Firefox Account.” The horror story continues: “Leanplum receives data such as country, timezone, language/locale, operating system and app version.” More specific information on what Leanplum collects from your mobile Firefox browser can be found from the Leanplum privacy policy, which Mozilla defers to in their own support text possibly because it’s so heinous: “[…] we automatically collect certain information, which may include your browser’s Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the Web site that you visited immediately prior to accessing any Web-based Service, the actions you take on our Service, and the content, features, and activities that you access and participate in on our Service. We also may collect information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message.” The opening up of a privacy option to allow all users (not just Californian users) to delete telemetry data reveals a deeper, darker truth: that the popular browser actually keeps track of telemetry data in a way that can be connected back to your specific browser instance and IP address. Revelations like these are exactly what should be occurring after proper privacy laws are written, passed, and enacted. Just with this revelation, arguably, the CCPA has already done so much more than the GDPR for internet privacy. Firefox is not the privacy conscious browser that it has been masquerading as. Not on the desktop, and certainly not on mobile. About the Author Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master's in Digital Currency from the University of Nicosia as well as a Bachelor's from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin. Interesting discussion about this article at Hacker News here Side Note : make sure to disable their telemetry if you dont want to be spied on if you use Firefox Source
  5. MessageTap malware is meant to be installed on Short Message Service Center (SMSC) servers, on a telco's network. One of China's state-sponsored hacking groups has developed a custom piece of Linux malware that can steal SMS messages from a mobile operator's network. The malware is meant to be installed on Short Message Service Center (SMSC) servers -- the servers inside a mobile operator's network that handle SMS communications. US cyber-security firm FireEye said it spotted this malware on the network of a mobile operator earlier this year. HOW MESSAGETAP WORKED FireEye analysts said hackers breached a yet-to-be-named telco and planted the malware -- named MessageTap -- on the company's SMSC servers, where it would sniff incoming SMS messages, and apply a set of filters. First, MessageTap would set SMS messages aside to be stolen at a later point if the SMS message's body contained special keywords. "The keyword list contained items of geopolitical interest for Chinese intelligence collection," FireEye said. "Sanitized examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government." Second, MessageTap would also set SMS messages aside if they were sent from or to particular phone numbers, or from or to a device with a particular IMSI unique identifier. FireEye said the malware tracked thousands of device phone numbers and IMSI codes at a time. PART OF APT41'S ARSENAL The company's analysts linked the malware to a relatively new Chinese hacker group it calls APT41 [PDF report]. In a previous report, FireEye said that APT41 stood apart from other Chinese groups because besides performing politically-motivated cyber-espionage, the group's members also carried out financially-motivated hacks, most likely for their private benefits. Furthermore, FireEye also found evidence on the hacked telco's network that APT41 interacted with the mobile operator's call detail record (CDR) database -- a database that stores metadata on past phone calls. FireEye said APT41 queried for the "CDR records [that] corresponded to foreign high-ranking individuals of interest to the Chinese intelligence services." While FireEye didn't name the hacked telco or the spied on targets, Reuters journalists said that MessageTap was related to China's efforts to track its Uyghur minority, with some of these efforts involving hacking telcos to track Uyghur travelers' movements. CHINESE HACKING OPERATIONS ARE CHANGING The discovery of this campaign is significant, in the grand scheme of things of Chinese cyber-espionage operations, as a whole. For the past years, Chinese hacking groups have been known for their smash-and-grab approach, where they hacked a target and stole as much data as they could, to analyze it at later points. APT41's modus operandi shows a carefully planned and very targeted surveillance operation aimed at a very small group of targets. That's different from what Chinese hacking groups have done in the past, but it appears to have become the norm these days -- if we take into account the CCleaner and ASUS Live Update hacks, where Chinese hackers also breached a company just to go after a small subset of its customers. The overall arch is that Chinese hacker groups are now getting very good at targeted operations, on par with what we've usually seen from US or Russian operations. On a side note, FireEye's report today also confirms a general trend of Chinese hackers going after telecom opertions, first detailed in a June 2019 Cybereason report which found that Chinese government hackers had breached the networks of at least ten foreign mobile operators. Source: Chinese hackers developed malware to steal SMS messages from telco's network (via ZDNet)
  6. JayDee

    Laptop Not Reading Galaxy S9

    Hello Nsaners, hope someone can assist me with the following. I have a Galaxy S9 with the latest update installed (G960FXXU7CSJ1/G960F0CM7CSJ1/G960FXXU7CSI6). I have been trying to connect it to my laptop but I keep failing every single time. The below are checked more than once • Android Driver correctly installed • USB debugging is enabled • Wiped cache partition • Tried different cable • Tried the USB C converter that came with the phone. No USB detected
  7. steven36

    5G isn’t ready for me

    Don't fool yourself. It's not ready for you, either. Over the spring and summer, the first 5G networks lit up over the US, with all the major carriers offering a 5G service of some kind. However, there are still only a few compatible phones to go around, the best of which is probably Samsung's Galaxy S10 5G. It's practically an entirely new phone. Samsung substantially upgraded its S10 with more cameras (six) and a third more battery than the standard S10 -- more capacity than the S10 Plus, too. It's an impressive phone on paper even before considering that it's made for next-gen 5G networks. It's been a few months since Chris Velazco tested 5G networks at launch in Chicago, so it was time for another network test -- this time, on the other side of the Atlantic. The plan was simple enough: pit the Galaxy S10 5G against the Galaxy S10 OG in London, UK. Vodafone provided both phones, so we could see how the phones fared on the same network. Now, the state of the UK's 5G is a little behind the US, despite the stark size difference between the two countries. Two carriers, EE and Vodafone, already have working 5G networks across a handful of cities and areas. Meanwhile, the UK's other two networks, O2 and Three, will launch their 5G services later this year. Vodaphone recently expanded its next-gen network further, so it seemed like a good time to see how far its 5G network has come. TL;DR: it still has a long way to go. You've heard the 5G sales pitch a hundred times before, regardless of carrier or country. Incredible leaps in data speeds, more reliability, new use cases. Gaming in the cloud! Instant 4K streaming! Stuff we can't even imagine yet! So, with Ookla's SpeedTest, Netflix, a bunch of app updates and some Fortnite grudge matches, I headed out in search of 5G. That search took longer than expected, though things were made easier by a heat map, provided by Vodafone online, here. It attempts to show service availability, and while it helped my search, 5G spots are, well, spotty. Over a few weeks' testing, the Galaxy S10 5G mostly kept itself on 4G. Once I picked up a Galaxy S10 to compare, I found the 5G model was largely matching the data speeds of the 4G one, even when I managed to trigger a 5G connection. Speed is meant to be the easy-to-communicate benefit of 5G; carriers say the service will be ten times faster than current 4G LTE speeds -- if everything works as it should. This is a very hard thing to measure in the early days of 5G. Independent tests show Vodafone's 4G data speeds circle around 20Mbps, on average. And with 5G, the phone network is promising average speeds of 150 to 200Mbps and peak speeds that will reach 1Gbps. According to other tests, like Tom's Guide, 5G networks in the US are already seeing max download speeds that are almost three times faster than the peaks on 4G LTE networks, at a blistering 1.8 Gbps versus 678 Mbps. But that's just optimistic talk of perfect conditions -- the realities of signal reception are going to ruin those speeds. The visible difference, for me, came less from blazing data speeds and more from reliability. As 4G signal choked on the Galaxy S10, the S10 5G came into its own, generally giving sub 200 Mbps data speeds, when 4G devices struggled to give me 20 Mbps. (It's that 10-times speed thing -- just not quite as high-speed as I'd hoped.) When I had 5G signal, Netflix episodes downloaded twice as fast as on 4G, and perhaps the most visible proof of 5G's potential, streaming and scrubbing through to midway of an episode took seconds, while on 4G, it had to really think about it. Sadly, my outdoors Fortnite tests came undone over a mere 4GB update (possible on 4G and 5G, yes, but life is too short), so I took the phones back to the office to play. While playing, there weren't any notable differences between the two S10 models, both with more than enough graphical power to handle Fortnite. Both gave me a reliable steady connection -- I mean, plenty of people test fate by playing Fortnite on mobile data already. So, it's probably the conclusion you were expecting: 5G will be great when it gets here. But that's not right now. The good news, though, is that 4G networks are going from strength to strength, at least in urban areas. But that makes the advancements of 5G harder to cheerlead in a pithy paragraph, and perhaps for carriers, harder to hinge the sale of a new smartphone on. And if my mileage varied hugely, imagine the chances of hooking a 5G signal outside major cities. Carriers are rolling out the service slowly, adding cities and expanding coverage, but it's a process that takes time. It's highly likely this is why rumors about Apple's new iPhones suggest no 5G capabilities. Not yet. If you're looking for a Samsung phone ready for a next-gen service, you can probably wait until 2020. The S10 5G is gorgeous and capable and has a big ole battery. But it's marquee feature doesn't make enough impact. Source
  8. Hi All, Just wondering if Nokia with Canonical makes Ubuntu Touch Devices, does people love it and buy to help support Ubuntu Touch development? My wish is that Nokia should join hands with Canonical to make Ubuntu Devices. If that happens, all lazy s/w app giants will create apps supporting Ubuntu Touch platform. I'm calling s/w app giants as lazy bcoz if they would've supported Ubuntu Touch earlier, the OS could've been overtaking Android & Windows Phones(or Windows 10 Mobile) by now. All Nokia & Ubuntu/Linux fans(incl. myself) or devs out there, please suggest Nokia to create Ubuntu Devices in future ASAP. Please vote and provide feedback in comments(if any). Members please note that I'm referring to the future and not now. I'm not a fool to ask for/suggest a change in the first year of re-emerged Nokia. @steven36 & @teodz1984: Please read the desc carefully before providing comments.
  9. Fuchsia may hold the key to the future of Android, Chrome, and everything in between Photo:" Android and Chrome chief Hiroshi Lockheimer speaking at a live recording of The Vergecast at Google I/O 2019 in Mountain View, California. Google Fuchsia remains shrouded in mystery, but the company is slowly beginning to open up about the next-generation operating system, what its purpose is, and what devices it might power. At Google’s I/O developer conference this past week, Android and Chrome chief Hiroshi Lockheimer offered some rare insight into Fuchsia, albeit at a very high level, in front of public audiences. What we do know about Fuchsia is that it’s an open source project, similar to AOSP, but could run all manner of devices, from smart home gadgets to laptops to phones. It’s also known to be built on an all-new, Google-built kernel called “zircon,” formerly known as “magenta,” and not the Linux kernel that forms the foundation of Android and Chrome OS. Beyond that, we don’t know much and have only really seen a brief peek at a prototype Fuchsia-powered user interface two years ago. There have also been reports over the last 12 months or so regarding Google Fuchsia dev tests on the Pixelbook and nebulous plans for a product development timetable that would see an official Fuchsia device released in three to five years. Plus, the Google Home Hub (now called the Nest Hub) is thought to be one of the test devices for Fuchsia. But onstage during a live recording of The Vergecast yesterday, Lockheimer finally opened up about the ultimate goal of Fuchsia. “We’re looking at what a new take on an operating system could be like. And so I know out there people are getting pretty excited saying, ‘Oh this is the new Android,’ or, ‘This is the new Chrome OS,’” Lockheimer said. “Fuchsia is really not about that. Fuchsia is about just pushing the state of the art in terms of operating systems and things that we learn from Fuchsia we can incorporate into other products.” He says the point of the experimental OS is to also experiment with different form factors, a hint toward the possibility that Fuchsia is designed to run on smart home devices, wearables, or possibly even augmented or virtual reality devices. “You know Android works really well on phones and and you know in the context of Chrome OS as a runtime for apps there. But Fuchsia may be optimized for certain other form factors as well. So we’re experimenting.” Lockheimer became somewhat cryptic at the end of his answer, following it up with, “Think about dedicated devices... right now, everybody assumes Fuchsia is for phones. But what if it could be used for other things?” At a separate Android fireside chat held at Google I/O earlier today, Lockheimer provided some additional details, although still similarly cryptic in his specifics. “It’s not just phones and PCs. In the world of [the Internet of Things], there are increasing number of devices that require operating systems and new runtimes and so on. I think there’s a lot of room for multiple operating systems with different strengths and specializations. Fuchsia is one of those things and so, stay tuned,” he told the audience, according to 9to5Google. Source
  10. A quirk in Google’s search algorithm turned me into Facebook’s customer support. I’m waiting for the subway when the phone rings. On the other end of the line an angry woman is shouting at me about her Facebook account. I hang up. A few hours later, I’m walking to get some lunch when someone calls. “I forgot my Facebook password,” the man says. I sigh, and—once again—explain that I can’t help. Later, while at my desk, someone else calls up. “I’m trying to get a hold of Facebook,” a man says. “They are taking my American rights away from me. They’re anti-free spech, anti-American, they’re pro Muslim.” The man says Facebook disabled his account after he wrote a post that, he explains, “wasn’t even horrible.” This keeps happening. In the last three days, I’ve gotten more than 80 phone calls. Just today, in the span of eight minutes, I got three phone calls from people looking to talk to Facebook. I didn’t answer all of them, and some left voicemails. Initially, I thought this was some coordinated trolling campaign. As it turns out, if you Googled “Facebook phone number” on your phone earlier this week, you would see my cellphone as the fourth result, and Google has created a "card" that pulled my number out of the article and displayed it directly on the search page in a box. The effect is that it seemed like my phone number was Facebook's phone number, because that is how Google has trained people to think. Considering that on average, according to Google’s own data, people search for “Facebook phone number” tens of thousands of times every month, I got a lot of calls. “[Google is] trying to scrape for a phone number to match the intent of the search query,” Austin Kane, the director for SEO strategy for the New York-based consulting company Acknowledge Digital, told me in an email. “The first few web listings ... don't actually have a phone number available on site so it seems that Google is mistakenly crawling other content and exposing the phone number in Search Engine Results Pages, thinking that this is applicable to the query and helpful for users.” (Vice Media is a client of Acknowledge Digital.) When I reached out to Facebook’s PR to get their thoughts, a spokesperson started his email response with: “Huh, that’s an odd one.” I obviously can’t blame Facebook for Google’s faulty algorithm. But the fact that Facebook does not have a customer support number is contributing to this. (Facebook, instead, offers a portal for users who need help.) Of course, I could blame VICE’s formidable SEO. Or I could blame myself, for putting my phone number in my stories as a way to get tips from readers who might have something newsworthy to share. But on this query, Google's algorithm was clearly broken—for some reason, it thought it was a good idea to extract and prominently display a phone number from article hosted on vice.com that’s titled “Facebook’s Phone Number Policy Could Push Users to Not Trust Two-Factor Authentication.” Google's search algorithms are why it became so powerful in the first place, but sometimes, however, the algorithm is painfully stupid. In 2017, The Outline showed that Google often displayed completely wrong information at the top of the results when people searched for things like “Was President Warren Harding a member of the KKK?” or “Why are firetrucks red?” The article delved into the so-called “featured snippets,” those big boxes at the top of search results that are supposed to give users a quick answer to what they’re looking for. The Outline piece proved that in the search for convenience, Google was getting things wrong. In a nutshell, this is another example of that exact same problem. Motherboard has previously explained, for example, that Google's overreliance on Wikipedia has left it open to trolling—the company's "knowledge box," which shows up on the right hand side of search results for some queries, are often pulled from Wikipedia, which led in one case to the search engine equating the Republican party with "Nazism." On Wednesday, I told Google that my number was being mistakenly shown when people searched for "Facebook phone number." A few hours later, a Google spokesperson said they would remove my number as soon as possible. “This feature is generally used to surface phone numbers from websites and make it easy for users to find them. In this case it was a triggering error and was pulling the phone number you had listed at the end of the article,” a company spokesperson wrote in an email. “There's also the coincidence that your article happened to be about Facebook and phone numbers, so it was highly relevant to that query and was ranking high up in results, adding to the confusion for people when your number appeared towards the top of the results page.” After reaching out to Google to get my number removed, the company fixed it. And now, when you Google "Facebook phone number" on mobile, the number that is shown is from an NPR article, which explains that the number Google was displaying is associated with a Facebook scam. Thankfully, that number is now out of service, but it doesn't give me any more faith in Google's algorithm. At least people will stop calling me. Podcast via SoundCloud Source
  11. It’s not the apps – they’ve got better. It’s not even the devices – they’re faster, slicker, with shortcuts and enhancements that make it easier, but not good. The problem is the medium itself – mobile communication has aspired to take over the entirety of our business communication, but the awkward way in which we type and the inconsistencies of a purely touch-based interface utterly shred precision and accuracy. I should also be clear that I’m talking about phone-based communication. Allegedly, Jack Dorsey, CEO of both Twitter and Square, doesn’t even use a laptop or computer. The article (and many others) have hinted that this may mean he only uses a phone, which I consider utterly preposterous – unless he has entire team members dedicated to tasks that are arduous on mobile – like writing long-form content. Accurate, detailed and well-formatted content simply doesn’t work on mobile. It’s not there, and on tablets is only just becoming viable, as they cross back into the realm of becoming, well, laptops. The issues with phone-based communication in business are obvious: Formatting is difficult Editing is difficult Fast, consistent and detailed communication is significantly slower than on a desktop Interoperability in apps is incredibly poor – even in iOS, which has improved leaps and bounds, but still requires bouncing between apps, leading to confusion and lost data It’s inefficient The success of Gmail’s smart replies, though most commonly discussed on desktop, is a glimpse toward a future of automation that isn’t totally automated, but takes the awkwardness in constructing communication out of the equation. Here’s how I see this happening in the next 10 years. Autocomplete for entire emails Templating is nothing new in business email, but the next logical step is natural language processing and machine learning that can create and customize the workflows for you. This isn’t something that’s going to be unique to mobile – on the contrary, it’ll have a huge effect on desktop communication – but it’s something that will be so common and necessary to making your phone that bit more effective in business. For example, once you finish a phone call with someone, your automated mobile inbox could create a follow-up template with line items to fill in, scheduled to send at the right time. A more complex system would understand your conversations with a prospect in advance, and at a particular time of day would prompt you to send a follow-up email at the right time. Another might be the simpler and more particular stuff – the creation of agendas before meetings handled automatically, with the right people in the “to:” and “CC” field, with the correct dates and formatting handled for you. Why this is so applicable to mobile is that you don’t have to handle the nitty gritty – it’s almost adjacent to a tinder experience of swiping left or right on what particular email to sent. Content creation on demand While certain emails may be created based on certain factors, days and calls you’ve made, your mobile phone could actually be a far more efficient interface if AI was capable of creating the emails from scratch based on ones you’d sent before. This (in line with what I’ve said about chatbots previously) is where a chatbot connected to AI is necessary. The creation of an email would be a conversation with a bot that could understand the context of both what you’re saying, your current inbox, and your contacts, and say “okay, you want to put together a short (400-500) word summary of a financial document, sent to Bob, Sally and Barbara” based on a few things. It could then understand a document (after confirming what you’d just said) and produce an email based on it – free of grammatical and spelling errors, and with a quick review you’d have it out the door. This would work incredibly well on mobile – all you need is a quick glance versus a full-screen review. It’ll require trust, but once it works, it will be amazing. There are also smaller-scale yet wonderful ideas you could build from such a system based on more casual conversation. For example, you could direct the email assistant to reach out to someone to catch up, with a little bit of an update about how things have been, with some suggested dates to meet up, and perhaps a few questions to get them thinking on a reply. Finally, as a salesperson this is a natural solution to quick and efficient prospecting – the natural language processing of an AI could learn our particular personal touches, and the general parts of a personalized, thoughtful email can be researched by the AI based on more than just databases you populate, but on recent things in the news, financials from Crunchbase and beyond. Active, intelligent responses One of those incredibly annoying feelings is getting an email when mobile that you’re not able to fully respond to before you get back to your desk. Our AI-based mobile future is one that has an inbox capable of reading itself and producing informed, accurate responses. If someone asks you if you’re able to make a call at 2PM PST, your inbox should be able to consider both your calendar and how many meetings you have booked that day. If you’re free, it produces a well-worded and grammatically sound “yes,” with an invitation prompt filled in with your Zoom conference link attached along with the right people invited. If you’re not free, it can intelligently see the rest of your calendar, and produce a response that’s empathetic and suggesting other answers. More interestingly, it could also respond with potential attachments or links to your Google Drive or other cloud storage. Someone requesting the latest version of a document is a cross-platform annoyance, but is particularly awkward when mobile – unless your inbox can see what it is, respond, suggest a document to you, and create a “here it is – let me know what you think!” reply. Intelligent replies that trigger entire other workflows already exist (we’ve already built some!), but your inbox should, with the right connections, be able to take care of these for you. When a contract’s requested, assuming the right boilerplate contract exists, your inbox could read the request, fill in the necessary details (or request them all on its own), create the signature boxes, send out the contract for signature, and when it’s completed send out a summary email internally to tell everyone the good news. The napkin math of doing that on mobile is headache-inducing – more than likely leading you to give up halfway and head back to the office. Your inbox gets smarter every day While many of these ideas can cross multiple platforms, your mobile device is an incredibly efficient interface for executing commands with those you trust. We’re used to turning on our lights, opening our cars and unlocking our doors with our phones because it’s a tap or two to make them happen – we swipe, we tap, and it’s done. If mobile email could be condensed and automated so that the repetitive, exhausting actions of email are taken away, the entire experience could be vastly preferable to the desktop. Better yet, your desktop emails could become more personal, more focused and more about what you want to do versus have to do. Source
  12. When I start my laptop, in the taskbar from process tab, I found the disk is showing 100% and my laptop becomes slow. My antivirus sais it's OK. What's the problem?
  13. The service will roll out nationwide by year-end, in Cuba, one of the least connected countries. People record videos with their mobile phones of a street musician's performance in Cuba. Communist-run Cuba has started providing internet on the mobile phones of select users as it aims to roll out the service nationwide by year-end, in a further step toward opening one of the Western Hemisphere’s least connected countries. Journalists at state-run news outlets were among the first this year to get mobile internet, provided by Cuba’s telecoms monopoly, as part of a wider campaign for greater internet access that new president Miguel Diaz-Canel has said should boost the economy and help Cubans defend their revolution. Analysts said broader web access will also ultimately weaken the government’s control of what information reaches people in the one-party island state that has a monopoly on the media. Cuba frowns on public dissent and blocks access to dissident websites. “It’s been a radical change,” said Yuris Norido, 39, who reports for several state-run news websites and the television. “I can now update on the news from wherever I am, including where the news is taking place.” Certain customers, including companies and embassies, have also been able to buy mobile data plans since December, according to the website of Cuban telecoms monopoly ETECSA, which has not broadly publicized the move. ETECSA has said it will expand mobile internet to all its 5 million mobile phone customers, nearly half of Cuba’s population, by the end of this year. ETECSA did not reply to a request for more details for this story. Whether because of a lack of cash, a long-running US trade embargo or concerns about the flow of information, Cuba has lagged behind in web access. Until 2013, internet was largely only available to the public at tourist hotels in Cuba. But the government has since then made increasing connectivity a priority, introducing cybercafes and outdoor Wi-Fi hotspots and slowly starting to hook up homes to the web. Long before he took office from Raul Castro in April, 58-year-old Diaz-Canel championed the cause. “We need to be able to put the content of the revolution online,” he told parliament last July as vice president, adding that Cubans could thus “counter the avalanche of pseudo-cultural, banal and vulgar content.” Cuba could use subsidies to encourage the use of government-sponsored applications, analysts said. Last month, ETECSA launched a free Cuba-only messaging application, Todus, while Cuba’s own intranet with a handful of government-approved sites and email is much cheaper to access than the wider internet. In a 2015 document about its internet strategy that leaked, the Cuban government said it aimed to connect at least half of homes by 2020 and 60 percent of phones. But many Cubans are skeptical. ETECSA president Mayra Arevich told state-run media in December it had connected just 11,000 homes last year. “I’ve been many times to the ETECSA shop to ask if they can give us home access,” said Yuneisy Galindo, 28, at a Wi-Fi hotspot on one of Havana’s thoroughfares. “But they tell us they still aren’t ready and will call us.” Most mobile phone owners have smartphones, although Cuba is only now installing 3G technology, even as most of Latin America has moved onto 4G, with 5G in its final testing phase. “This rollout will expand slowly at first and then more quickly, if the government is increasingly confident that it can control any political fallout,” said Cuba expert Ted Henken at Baruch College in the United States. The price could prove the biggest restriction for many, though. Hotspots currently charge $1 an hour, compared with an average state monthly wage of $30. It was not clear what most Cubans will pay for mobile internet, but ETECSA is charging companies and embassies $45 a month for four gigabytes. Source
  14. Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents. But while mobile devs have learned to filter user input for dangerous strings, some of these devs have not learned their lesson very well. Business logic on the client-side... like it's 1999 In a research paper published earlier this year, Abner Mendoza and Guofei Gu, two academics from Texas A&M University, have highlighted the problem of current-day mobile apps that still include business logic (such as user input validation, user authentication, and authorization) inside the client-side component of their code, instead of its server-side section. This regretable situation leaves the users of these mobile applications vulnerable to simple HTTP request parameter injection attacks that could have been easily mitigated if an application's business logic would have been embedded inside its server-side component, where most of these operations belong. But while leaving business logic on the client-side might sound more of an app design mistake, it is actually a big security issue. For example, an attacker can analyze a mobile app (that he installed on his device) and determine the format of the web requests sent to the mobile app's servers after the user's input is validated. The attacker can then modify a few parameters of these requests in order to poison the desired action Millions of apps potentially affected In a research paper titled "Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities," Mendoza and Gu have recently taken a look at this ancient, yet still valid, attack vector. The two researchers created a system named WARDroid that mass-analyzes mobile apps, determines the format of their web requests, and tries to determine if these are vulnerable to these types of attacks. Researchers said they tested WARDroid on a set of 10,000 random popular apps from the Google Play Store. "We detected problematic logic in APIs used in over 4,000 apps, including 1,743 apps that use unencrypted HTTP communication," researchers said. Bt since WARDroid was not a secure indicator that the app's communications template was vulnerable, the two researchers also manually analyzed 1,000 random apps from the ones flagged by their system, confirming that 962 used APIs with validation logic problems. Extrapolating this numbers to the whole Google Play Store, the two academics believe millions of apps might be vulnerable. Issues found in banking and e-commerce apps For example, some of the apps where they found problematic API logic include a banking app, where they said they were able to modify transaction details. Similarly, they also found validation logic flaws in gift card apps that allowed them to load a test account with money to spend at various stores, and similar validation logic flaws in the communications model of apps build using the Shopify SDK. This latter flaw allowed the research team to buy products for negative prices, creating discounts inside Shopify-based mobile stores. "You never wanna trust the client input. This is a harsh lesson that should have already been learned from the lessons on the web platform and web applications," Mendoza said on stage while presenting his research at the 39th IEEE Symposium on Security and Privacy, held in San Francisco two weeks ago. "This work highlights that this continues to be the problem —input validation and just being very cognisant of validating or sanitizing input," said Mendoza, also highlighting that server-side business logic should be as strict as the client-side validation logic, if not stricter. Source
  15. For the second time this week, a company has been found to have accidentally exposed customer data to virtually anyone. Following TeenSafe's incident, it seems that it's now T-Mobile who has left information unprotected due to a bug. The flaw was discovered in April by security researcher Ryan Stevenson. The information was exposed through a portal hosted on a T-Mobile subdomain that could be found using search engines such as Google. According to a report by ZDNet, the page is meant for use by T-Mobile employees and it contained a hidden API that allowed them to look up customer information by simply adding the customer's phone number at the end of the web address. The problem is the site wasn't protected by a password, and anyone who stumbled upon the webpage could have obtained customer data, including their address, full name, billing account number, tax ID number, and even account PINs which are used by customers when contacting phone support. After the bug was reported, T-Mobile fixed the problem and the website now requires visitors to sign in. The company also rewarded Stevenson with $1,000 as part of its bounty program, saying: The company also says that it has no evidence that customer data was stolen via this portal, though history has shown that the scale of these incidents is sometimes not immediately clear. Source
  16. HTC's latest flagship smartphone, the U12+ was launched yesterday with top-of-the-line features and a premium price. However, a smaller, standard U12 lacking some of the features does not exist. To avoid any confusion for consumers, HTC has now explained the reason behind the bizarre naming. In recent times, most smartphones such as the Samsung Galaxy S9 or the iPhone 8 among flagships, or the Moto G6, Redmi 5 and such like in the mid-range, come with a "plus" variant that offers an additional feature or more than the standard variant. HTC has revealed that the U12+ is that variant which features a tall 6-inch WQHD+ screen, the latest Snapdragon 845 chipset, 6 GB of RAM and 128 GB of internal storage, and will compete directly with the other plus flagships featuring similar specifications. According to Android Headlines, the company discussed the strange naming multiple times before finally going ahead with it. Although the size of the device is still marginally smaller than the S9 Plus, the rest of the features of the U12+ are on par with the beefed-up variant from Samsung which helped the decision. It seems that the company does not have any plans to launch a standard variant in the near future and the company's explanation should help those holding out for one in making a decision. HTC launched the U11 last year and followed it up with an incremental update in the form of the U11+ about six months later. In this case as well, we may see some variant of the U12 launch at a later time, but given HTC's dropping sales numbers over the last few years it makes sense that the Taiwanese company is sticking to a small portfolio of devices in a bid to target the right competition. Source
  17. Facebook's Marketplace is getting an update today in the US, shifting it from peer-to-peer transactions to a service which connects professionals to clients. To give a brief summary of Marketplace, it is a section of the Facebook app that facilitates transactions between users. For instance, a Facebook user could open marketplace and buy a used laptop, or decide to sell a vehicle or some old clothes. More importantly for the purpose of this article, it was a user-to-user affair, and only exchanged goods, not services. Today, Facebook is taking its first step to redefining Marketplace as a space where users can connect with professional contractors for personal projects. The firm is starting this slow change with the introduction of "home services", allowing users to contact professionals like plumbers, cleaners and other contractors via the marketplace interface. It's a US exclusive feature right now, and Facebook is partnering with three big names in the business; Handy, HomeAdvisor and Porch. Facebook says that it's integration with these three firms be able to "provide an all-in-one place to complete your next home project" and make it easy to get a quote and close the deal with minimal fuss. You'll be able to appraise professionals by their ratings and reviews, and Facebook will show you credentials and location information to simplify your decision making, Just like with regular Marketplace purchases, you'll be able to use Messenger to contact the contractor at every stage, Facebook is rolling out this service from today and plans to make it available all across the U.S. in the coming weeks. No word on global availability has been given at this time. Source
  18. Dropbox has announced in a blog post today that it's making significant improvements to its mobile apps to improve the collaboration experience on the platform. The new improvements to Dropbox come just one day after Microsoft announced its own set of improvements to OneDrive. For starters, the company is introducing a new File Activity feature. This will allow users to see all the actions taken by other teammates on each file. This includes the history of edits and shares for all users, but users in the Dropbox Professional and Business Advanced tiers will even be able to see the viewer history from the file preview without having to leave the app. This feature is rolling out to the iOS version of the app, but it will be coming to Android soon. The file preview page will also let users add comments and feedback to a file for other teammates to see, and the sharing experience has been made easier across the app, with more visible share buttons. The apps are also getting a redesigned home screen, which gathers the user's starred items and recent files in a centralized place. This should make it easier to find the most relevant files whenever the user opens the app. Lastly, the company says it recently added drag and drop support in iOS 11, which works inside the app and - on the iPad - across apps in split-screen mode. Source < Here >
  19. This day was bound to come, and many expected it to come much sooner than today. Verizon has finally removed the listing for the Microsoft Lumia 735 from its website, which means that there are no longer any official resellers in the United States from which you can purchase one of Microsoft's first party Windows phones. Verizon's Lumia 735 was listed as out of stock for months, and as no longer available for months after that. But if you searched for 'Lumia' on the carrier's website, you'd still see the handset pop up with a price on it. Now, it's finally gone, and you can only find a support page. Verizon was the last major retailer to stop selling Lumias, with Microsoft removing them from its own online store last June. The Windows 10 Mobile devices did make another brief appearance on the Store in February, although it was never made clear if any ended up being sold. If you're still a die-hard Windows phone user, there are still just two options left, unless you want to resort to getting something off of a third-party marketplace like eBay. Microsoft is still selling HP's Elite x3 for $299 and Alcatel's IDOL 4S for $169. Currently, only the latter is in stock, although stock for both of them come and go pretty frequently, so if Microsoft doesn't have the one you want, keep checking back. More details < Here >
  20. Lumen Privacy Monitor is a free application for Google Android that monitors connections that applications make on a device it runs on to uncover communication with tracking servers and data collecting. Created as an academic research project, Lumen Privacy Monitor provided the researchers with a large set of data to analyze. The results were published in the paper "Apps, Trackers, Privacy, and Regulators A Global Study of the Mobile Tracking Ecosystem" (access PDF here). One of the key findings was that the research team managed to identify 233 new trackers that were not listed on popular advertising and tracking blocklists. Lumen Privacy Monitor Android users need to have a strong stomach during installation and on first run: the app requires lots of permissions, needs to install a root certificate, will monitor encrypted and normal traffic by default, and send anonymized data to the researchers. The application requires access to personal data on the device to determine leaks. The researchers note that personal data is never submitted. Still, the application is not open source and it is clear that the privileges that it requests are cause for concern. If you give permissions to the app, install the root certificate and flip the monitoring switch to on, you will get detailed reports about application activity and leaks. Lumen Privacy Monitors monitors apps while it runs. The main interface displays the three tabs leaks, apps and traffic. Leaks display personal or device information that apps may leak. A severity rating is Apps lists all applications that the monitoring app picked up with options to display a detailed report about individual apps. Traffic offers an overview of the analyzed traffic. It includes information about HTTPS and other connections, bandwidth, and the overhead that ads and analytics scripts and connections cause. Apps The Apps group is probably the most interesting as it reveals important information to you. A tap on a monitored application displays interesting information such as the list of domains the application tried to establish connections to, the number of trackers and the overhead caused by them, leaks and traffic overviews, and the list of requested permissions. The list of connections is certainly useful as you can determine whether these connections appear to be valid or not. While you may need to research domains before you understand why the application may want to connect to it, you'd quickly find out if an app connects to tracking servers or makes other unwanted connections. The list of permissions includes risk assessments for each permission which you may use to determine whether to keep an application installed or remove it. Closing Words What I like particularly about Lumen Privacy Monitor is that it reveals the overhead that ads and tracker connections cause, the connections an app makes, and the data leaks of applications. It would be better if the researchers would consider releasing the application as open source to address concerns about the application's wide-reaching permission requests and installation of a root certificate. What you do with the information is entirely up to you. You could consider removing applications or install apps that block connections to trackers to prevent data leaks. Ghacks.net
  21. ESET Mobile Security & Antivirus PREMIUM v4.0.8.0 + Key Requirements: 4.0+ Overview: ESET Mobile Security is a premium cyber security solution that protects your smartphone and tablet. After installing, you automatically get to try all PREMIUM features for 30 days – without subscribing. Then you can upgrade to PREMIUM, or continue with basic protection, which is lifetime for FREE. BENEFIT FROM FREE FEATURES ✓ On-demand Scan triggered by the user ✓ On-access Scan of downloaded applications and files ✓ Quarantine ✓ Anti-Theft – with Remote Lock, Remote Siren and GPS Localization activated by SMS ✓ Support ✓ USSD vulnerability protection ✓ Tablet friendly interface SUBSCRIBE TO PREMIUM FEATURES ✪ Proactive Anti-Theft with web interface on my.eset.com ✪ Anti-Phishing ✪ Scheduled scanning ✪ On-charger scan ✪ Automatic updates ✪ SMS/MMS/Call blocking ✪ Device Monitoring of important settings ✪ Application Audit TRY PROACTIVE ANTI-THEFT ★ Integration with _my.eset.com web interface for Android devices and Windows laptops protected by ESET Smart Security ★ Suspicious state – Autonomous action when wrong PIN/pattern is entered or unauthorized SIM change detected ★ Camera Pictures – Front/back camera snapshots ★ On Screen Message – Customizable message to potential device finder ★ Low Battery – If the device hits critical battery level, its current location is sent to my.eset.com ★ User IP Address Details – Listing of IP addresses the device was connected to if marked as missing JOIN OUR BETA TESTING COMMUNITY Get your hands on the latest versions of ESET Mobile Security and help us shape the future of our Android apps by following this link: _https://play.google.com/apps/testing/com.eset.ems2.gp PERMISSIONS In order to protect your Android device and valuable information, we will ask you to grant ESET various permissions. ESET will NEVER use these permissions for data collection or Marketing purposes. Promise! For a detailed explanation of what each type of permission is used for, please see our Knowledge Base _http://kb.eset.com/android IF SOMETHING DOESN’T WORK If you are experiencing any issues with the latest version of ESET Mobile Security & Antivirus, please send us the log files using the in-app form, which you can access by pushing the menu button (generally a hardware button located in the lower part of the device) and then tapping on ‘Customer Care’. FEEDBACK After you install ESET Mobile Security & Antivirus, you will become part of our community, which will enable you to send your feedback. If you have any suggestions, questions or just want to say hello, please send us an e-mail to [email protected] What's New - Small bug-fixes and optimizations Key until 2019 This app has no advertisements More Info: https://play.google.com/store/apps/details?id=com.eset.ems2.gp&hl=en Download Instructions: https://uploadocean.com http://turbobit.net
  22. Nova Launcher Prime APK V5.5.3 Cracked [Unlocked] Nova Launcher Prime The highly customizable, performance driven, home screen replacement Accept no substitues! Nova Launcher is the original and most polished customizable launcher for modern Android Features Ok, Google – Use Google Search’s hotword right from the home screen, just say the words Ok, Google. Color Theme – Set the highlight accent color for the launcher Also individual Color controls for labels, folders, unread count badges, drawer tabs and background Icon Themes – Find thousands of icon themes for Nova Launcher on the Play Store Subgrid positioning – Much greater control than standard launchers, Nova Launcher allows you to snap icons or widgets half way through the desktop grid cells Customize App Drawer – Custom tabs, Vertical or Horizontal scrolling, Custom effects Infinite scroll – Never far from your favorite page, loop through the desktop or drawer continously Backup/Restore – Sophisticated backup/restore system allowing you to backup your desktop layout and launcher settings Scrollable Dock – Create multiple docks and scroll between them Widgets in dock – Place any widget in your dock, such as a 4×1 music player widget Import Layout – No need to rebuild your desktop from scratch, Nova Launcher can import from most popular launchers. Including the one that came with your phone. Fast – Nova Launcher is highly optimized to do it’s work quickly and quietly, keeping the animations smooth and letting you use your phone as fast as you can move your fingers. Unlock the following extras with Nova Launcher Prime Gestures – Swipe, pinch, double tap and more on the home screen to open your favorite apps Unread Counts – Never miss a message. Unread count badges for Hangouts, SMS, Gmail and more using the Tesla Unread plugin Custom Drawer Groups – Create new tabs or folders in the app drawer Hide Apps – Keep a clean app drawer by hiding never used apps Icon Swipes – Set custom actions for swiping on app shortcuts or folders More scroll effects – Such as Wipe, Accordion, and Throw What’s New?(5.5.3 + 5.0.8) Pixel Style Launcher Improved Transition Dynamic Icons that pulls badges from notification content Backport of Android 7.1 and many more! Option to disable dynamic icons Dots! Android O style notification badges Google Now Integration! Swipe Right Internal Changes Adaptive Icons like Oreo How to install it? Uninstall previous version of Nova Launcher apk & Tesla Unread Plugin Install all of the apks given in the archive. Launch Nova Launcher Enjoy! Download Nova_Launcher-Prime-5.5.3-Final.apk (link corrected)
  23. 50 Phone Wallpapers (all 1440x2560, no watermarks) DOWNLOAD : https://imgur.com/gallery/C3pQs
  24. A probe by Citizen Lab at the University of Toronto and computer security firm Kaspersky Lab has uncovered a massive network of mobile malware for all phone types that is sold by an Italian firm to police forces around the world. The malware, dubbed Remote Control System (RCS), was produced by a company called Hacking Team. It can subvert Android, iOS, Windows Mobile, Symbian and BlackBerry devices. The study found 320 command-and-control (C&C) servers for RCS running in over 40 countries, presumably by law enforcement agencies. Kaspersky has developed a fingerprinting system to spot the IP addresses of RCS C&C servers and found the biggest host is here in the Land of the Free, with 64 discovered. Next on the list was Kazakhstan with 49, Ecuador has 35, just beating the UK which hosts 32 control systems. "The presence of these servers in a given country doesn't mean to say they are used by that particular country's law enforcement agencies," said Sergey Golovanov, principal security researcher at Kaspersky Lab. "However, it makes sense for the users of RCS to deploy C&Cs in locations they control – where there are minimal risks of cross-border legal issues or server seizures." The Milan-based firm that developed RCS boasts on its website that its malware can crack any mobile operating system and remain undetected while doing so. Based on documents leaked to Citizen Watch, the firm may be correct in its claims. The documents detail how the RCS system works. Once a target is identified by cops or g-men the malware is sent out and installed, either by tricking the user with a spearphishing attack or by exploiting vulnerabilities in the target's operating system. The Hacking Team has devoted a lot of time to hacking Android systems with great success. But the documents suggest that it has also found a way to crack Apple's iOS, albeit with a rather tricky attack vector. It appears that RCS won't work against iOS phones unless they have been jailbroken. But, if an unjailbroken iPhone is hooked up to an infected computer, then a remote-operated jailbreak can be carried out without the owner's knowledge using a tool like Evasi0n – then the malware can be installed easily. Once on a target's mobile, the RCS software can intercept and record all phone calls, SMS messages, chat conversations from apps such as Viber, WhatsApp and Skype, grab any files or pictures on the handset, spy on the calendar, look up the user's location, and take screenshots whenever the operator specifies, as well as harvesting data from third-party applications like Facebook. The malware's operator runs the code from behind an anonymizing firewall and the code can be tailored to provide little or no evidence that surveillance is taking place. The code is optimized to avoid running down the handset's battery, and can even get around the mobile data usage statistics displayed by the operating system. While Hacking Team says that its software should only be used to track down criminal targets, Citizen Watch says it has found samples of the code aimed at political targets in Saudi Arabia, Malaysia, Morocco and Ethiopia. "This type of exceptionally invasive toolkit, once a costly boutique capability deployed by intelligence communities and militaries, is now available to all but a handful of governments," said Citizen Watch. "An unstated assumption is that customers that can pay for these tools will use them correctly, and primarily for strictly overseen, legal purposes. As our research has shown, however, by dramatically lowering the entry cost on invasive and hard-to-trace monitoring, the equipment lowers the cost of targeting political threats." Source
  25. Special report Voicemail inboxes on two UK mobile networks are wide open to being hacked. An investigation by The Register has found that even after Lord Leveson's press ethics inquiry, which delved into the practice of phone hacking, some telcos are not implementing even the most basic level of security. Your humble correspondent has just listened to the private voicemail of a fellow Regjournalist's phone, accessed the voicemail inbox of a new SIM bought for testing purposes, and the inbox of someone with a SIM issued to police doing anti-terrorist work. I didn’t need to use nor guess the login PIN for any of them; I faced no challenge to authenticate myself. There was a lot of brouhaha over some newspapers accessing people's voicemail without permission, but one of the strange things about it all is that at no stage have any fingers been pointed at the mobile phone networks for letting snoops in. And some doors are still open. It's believed the infiltrated inboxes merely had default PINs, or passcodes that were far too easy to guess, allowing eavesdroppers to easily drop by. People were urged to change their number codes for their voicemail, but, as we shall see, that advice is useless – you simply don't need to know a PIN to listen to someone's messages. Going down the rabbit holeThe login flaw was discovered during development work I was doing on a virtual mobile phone network that's aimed at folks who struggle with modern technology: it allows, for example, an elderly subscriber to ring up a call centre and ask to be put through to a friend or relative, rather than flick through a fiddly on-screen contacts book. In this case, the operator makes the connection between the subscriber and the intended receiver, but the "calling line identification" (CLI) shown at the receiving end is that of the subscriber and not of the call centre. CLI is the basis of caller ID in the UK, but it's a bit of a misnomer because it can be changed as required. I’d long suspected that miscreants were hacking voicemail by spoofing their CLIs to fool the phone system into thinking it was the handset collecting the messages – but surely that's too easy? It is trivial to set an arbitrary CLI when making a call. I had to find out if voicemail systems were vulnerable to spoofing. I was emboldened by an email from Register reader Sebastian Arcus, who had set up some software for making voice calls over the internet (VoIP in other words) using his mobile phone number, and was surprised that he was able to collect his voicemail from his VoIP client without having to hand over an access PIN. I was further goaded in a chat in the pub with Reg man Andrew Orlowski, who bet me I couldn’t hack his voicemail. I should’ve asked for money to back that one up. How it should work and how it falls apartIf you call your voicemail service from a handset linked to the account, you go through to your message inbox without the need to enter a PIN, presumably as a convenience. Use any other phone and you are asked for a PIN access code. If there is no PIN set, you don’t get to the voicemail. So far, so good. The special sauce here is how does the mobile phone network know which phone you are calling from? The easy way is to look at the CLI sent when establishing a call. Unfortunately, as our reader found out, this caller identification isn’t at all secure and can be spoofed, so we looked at Three, EE (and Orange), O2 and Vodafone. How well do the big four networks protect your private voicemail?We set up a VoIP handset to inject the necessary code to tell the network that our handset had the mobile number of the voicemail account we wanted to hack. We then dialled the voicemail service number to see if it would let us in. All networks have two voicemail numbers: a shortcode that you use from the mobile, and a long number when you call in from another phone or sometimes when you are abroad and the shortcode doesn’t work on the network you’ve roamed to. We could only use the long number because we were not on the mobile network under test. The issue is: what does the voicemail system do when you dial the long number from a handset which identifies itself as being a subscriber? We’ll get the secure ones out of the way first. We couldn’t hack either Vodafone or O2, so their systems must rely on more than simply checking the CLI sequence in a call. Vodafone handles the issue best. All calls to the long number ask you both for the number of the phone you are collecting the voicemail for and for a PIN. It ignores the caller display completely.O2 got confused. The call wasn't placed, and we got instead a message generated by our VoIP system saying the number we were calling wasn’t available. O2 uses a system where you call your own mobile number and press star when you get the intro message to get to the voicemail menu. We suspect that calling from the mobile number on the VoIP network just confused everything, the voicemail system went round and round in circles until our VoIP timed it out. But the results with Three and EE were shocking. I’d just bought a new pay-as-you-go SIM on Three, put credit on it, and set up the voicemail, which asks for a PIN right up front. I then switched off the mobile and called it using another phone to leave a voice message. We programmed the VoIP system to present the Three mobile number to the network and dialled the long number for collecting voicemail. We got straight through as though we were using handset with the Three SIM. It's enough to make your scr-EE-m It was similar with EE. Our man Orlowski has a phone on the EE network, so we programmed his mobe number into the VoIP phone and called the voicemail long number. We got straight in. Unfortunately he didn’t have any voicemail, so we called from another phone, left a message and then called back on the VoIP phone and listened to it. Testing with an Orange number (Orange and T-Mobile UK are part of EE) was more interesting. For this, we turned to a contact who works closely with the kinds of people who legally carry concealed guns – anti-terrorist, organised crime, under-cover, witness protection and the like. They use a mix of SIMs from Vodafone and Orange. So we called him, explained what we were going to do first, and then spoofed his Orange number. We got in, but didn’t want to listen to his voicemail. So we changed the greeting message. Anyone calling him would learn that he had changed his name to “Mabel”. It makesfraping look tame. We did however find that with Orange it would sometimes ask for a PIN and sometimes not. We put this down to routing. We suspect – and such things are the day-job for one of the people helping me – that when the call went through some routes its illegitimacy was spotted, and when it went through others the call went straight through as though it was kosher. The urgent issue is for EE and Three to make their systems secure. We’ve deliberately not given blow by blow details of how to spoof the CLI, but we can’t be the only people to have figured this out. It's not like the networks have not been warned. The majority of the information presented to the Leveson inquiry on how to hack voicemail was redacted, but in a brief public document [PDF] the danger of CLI spoofing is mentioned. And the mobile networks' own industry body, the GSMA, also warned of the danger in its voicemail security guidelines published in February 2012. In this document the GSMA talks about fraud as well as security. It points to the danger that a crook could register a premium-rate number and then use that number to leave a message on the mark's voicemail. By spoofing the CLI, the miscreants can then pick up the message and return the call, raking in the profits from the premium-rate call. What Three and EE must do next There is a lot that the two networks could do. Using CLI, or at least CLI alone, is shoddy. As a telco, they get all the necessary signalling information to know if the call is coming from their network or another one. This is true even if the handset is roaming, not least so that they can charge you for the call. Networks are never shy of charging for calls. They can also look at the Home Location Register (HLR) and see if the phone calling them is actually in a call. By using these techniques they don’t have to resort to the Vodafone system of always asking you for your number and a PIN when you call the long voicemail collection number, but they could be sure that you are who you say you are. The network also gets the cell tower ID and IMEI of the incoming call. Now these are different systems, but linking the two together would be belt and braces. We approached Three about this, and a spokesman said: "The advice we've always given customers about security is to mandate their PIN. This is particularly so for people who worry that if a phone is stolen, it might be used to access their voicemail. This advice is given under the voicemail security pages of the Three website."Meanwhile, EE wanted to reassure its customers that it is investigating and systems are being updated to mitigate this technical issue. EE also gave us this statement" First and foremost it’s illegal to access a voicemail account without the owner’s permission. If any customer has concerns about voicemail security we would advise them to follow a few simple steps on their device and set up PIN entry. Comment The mobile phone networks are more than missing a trick. While they complain about how the over-the-top players, such as WhatsApp and Skype, are stealing their lunch money, they do have one thing no one else can offer: complete control over the signalling and voice path. They could offer security at a level that would command a significant premium and yet they leave the door keys under the flower pot. Source
×
×
  • Create New...