chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. Data including a GPS enabled device's location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device's location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices.

The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices.

Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.

An anonymous reader quotes a report from The Verge: Apple just published a letter to customers apologizing for the "misunderstanding" around older iPhones being slowed down, following its recent admission that it was, in fact, slowing down older phones in order to compensate for degrading batteries. "We know that some of you feel Apple has let you down," says the company. "We apologize." Apple says in its letter that batteries are "consumable components," and is offering anyone with an iPhone 6 or later a battery replacement for $29 starting in late January through December 2018 -- a discount of $50 from the usual replacement cost. Apple's also promising to add features to iOS that provide more information about the battery health in early 2018, so that users are aware of when their batteries are no longer capable of supporting maximum phone performance.

After Apple confirmed last week that it reduces the performance of older iPhones to improve battery life, it has left many wondering whether or not other smartphone manufacturers do the same. HTC and Motorola are the two most recent OEMs to say they don't throttle their phones' processor speeds as their batteries age. The Verge reports: In emails to The Verge, both companies said they do not employ similar practices with their smartphones. An HTC spokesperson said that designing phones to slow down their processor as their battery ages "is not something we do." A Motorola spokesperson said, "We do not throttle CPU performance based on older batteries." The Verge also reached out to Google, Samsung, LG, and Sony for comment on whether their phone processors are throttled in response to aging batteries. A Sony spokesperson said a response would be delayed by the holidays, and a Samsung spokesperson said the company was looking into it. The responses begin to clarify whether or not throttling processor speeds is typical behavior in smartphones -- as of last week, we knew that Apple was doing it, but not whether it was common practice among competitors. HTC and Motorola's responses start to suggest that it's not.

The FCC has approved the first wireless charger that works from up to three feet away. Engadget reports: San Jose-based startup, Energous, announced on Tuesday that it has received the first such FCC certification for power-at-a-distance wireless charging with its WattUp Mid Field transmitter. The transmitter converts electricity into radio frequencies, then beams the energy to nearby devices outfitted with a corresponding receiver. This differs from the resonant induction method that the Pi wireless charging system relies upon and offers a greater range than the Belkin and Mophie chargers that require physical contact with the device. The WattUp can charge multiple devices simultaneously and should work on any number of devices, from phones and tablets to keyboards and earbuds, so long as they're outfitted with the right receiver. What's more, the WattUp ecosystem is manufacturer-agnostic -- like WiFi -- meaning that you'll still be able to, for example, charge your Samsung phone even if the transmitter is made by Sony or Apple.

According to a report by Korean outlet ETnews (via The Investor), Apple placed an order for 180 million to 200 million OLED displays from Samsung's manufacturing branch, Samsung Display, for the next round of iPhones. Each display is estimated to cost $110, which could mean the deal is worth up to $22 billion. CNET reports: The recently released iPhone X was Apple's first phone to feature an OLED display, rather than an LCD panel. Samsung, on the other hand, has been using OLED displays in its phones for quite some time. Currently Samsung holds a near monopoly on the world's manufacturing of OLED screens. As a result, Apple had little choice but to turn to its rival for this type of screen. This isn't the first deal of its kind. Earlier this year it was reported that Apple bought 60 million OLED displays from Samsung, apparently for what would later become the iPhone X. According to the report, Apple's next order is up to four times larger than this previous order. Demand is so high that Samsung considered opening a new manufacturing plant to process Apple's order, the report said, but has been able to manufacture enough of the panels to fill Apple's order.

Jason Koebler, writing for Motherboard: The news that Apple throttles iPhones that have old batteries will reinvigorate the right to repair debate as the movement enters a crucial year. Third party repair shops say they've already seen an uptick in customers asking for battery replacements to speed up their slow phones, and right to repair activists who are pushing for state legislation that will make third party and self repair more accessible say Apple's secrecy about this behavior will give them a powerful rallying message. "If Apple were serious about battery life, they'd market battery replacements," Gay Gordon-Byrne, executive director of Repair.org, told me in an email. "Apple clearly has a big financial benefit when people decide their phones are too slow and head to the Apple Store for a new phone." Repair.org is a right to repair advocacy group that is made up largely of small, third party repair shops, which is spearheading the effort to get states to consider legislation that will make it easier to repair electronic devices.

An anonymous reader quotes a report from The Verge: Reddit users have noticed that Apple appears to be slowing down old iPhones that have low-capacity batteries. While many iPhone users have experienced perceived slowdowns due to iOS updates over the years, it appears that there's now proof Apple is throttling processor speeds when a battery capacity deteriorates over time. Geekbench developer John Poole has mapped out performance for the iPhone 6S and iPhone 7 over time, and has come to the conclusion that Apple's iOS 10.2.1 and 11.2.0 updates introduce this throttling for different devices. iOS 10.2.1 is particularly relevant, as this update was designed to reduce random shutdown issues for the iPhone 6 and iPhone 6S. Apple's fix appears to be throttling the CPU to prevent the phone from randomly shutting down. Geekbench reports that iOS 11.2.0 introduces similar throttling for low iPhone 7 low-capacity batteries.

When reached for comment, Apple basically confirmed the findings to The Verge, but disputes the assumed intention: "Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices. Lithium-ion batteries become less capable of supplying peak current demands when in cold conditions, have a low battery charge or as they age over time, which can result in the device unexpectedly shutting down to protect its electronic components. Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent the device from unexpectedly shutting down during these conditions. We've now extended that feature to iPhone 7 with iOS 11.2, and plan to add support for other products in the future."

An anonymous Slashdot reader is asking whether or not there are any alternatives to Android or iOS smartphones: Like most of us, I've owned a few smartphones over time, ranging from a Nokia E71 to a Samsung Android phone and now, an Apple iPhone. It is close to phone upgrade time, and I've been reviewing the features that I use on my phone. When I think honestly about it, the only features I really need are:

1. Phone calls (loads of conference calls, for which I use a wired headset with a microphone)
2. SMS Messaging (unlimited on my plan)
3. Navigation (very important, and is probably the most-used app on my phone)
4. Occasional internet browsing

All of this could be done by the Nokia E71, when Nokia Maps was a thing. If I want to move away from Apple, Google and the like, do I have any options now? Are there any trustable (and by trustable, I mean avoiding unknown Chinese manufacturers) phones in the market today that could do all four and (ideally) have better battery life than one day?

The FCC recently announced a new alert program called "Blue Alert" that will notify the public of threats to law enforcement in real time. "With the creation of a dedicated Blue Alert event code in the Emergency Alert System, state and local law enforcement will have the capability to push immediate warnings out to the public via broadcast, cable, and satellite providers, as well as to consumer smartphones through the Wireless Emergency Alert system," reports Android Police. From the report: Much like both the SILVER and AMBER alert programs, and utilizing the same notification system, Blue Alerts aim to warn the general public of threats to public safety and/or imminent danger. However, the police force focused alert system provides timely information to the public when police officers may be in danger. Chairman of the FCC and recent deregulator of the internet, Ajit Pai detailed the new FCC order saying, "Similar to the Amber Alerts that many are familiar with, Blue Alerts will enable authorities to warn the public when there is actionable information related to a law enforcement officer who is missing, seriously injured or killed in the line of duty, or when there is an imminent credible threat to an officer."

The December 14 order from the FCC activates the Blue Alerts service for one calendar year to deliver the notifications over the Emergency Alert System, and for 18 months over the Wireless Emergency Alert system.

An anonymous reader quotes a report from Newsweek: Security researchers have discovered a new form of powerful malware that secretly mines cryptocurrency on a person's smartphone, which can physically damage the device if it is not detected. Researchers from the Russia-based cybersecurity firm Kaspersky investigated the malware, dubbed Loapi, which they found hiding in applications in the Android mobile operating system. The malware works by hijacking a smartphone's processor and using the computing power to mine cryptocurrency -- the process of confirming cryptocurrency transactions by completing complex algorithms that generate new units of the currency. Loapi physically broke a test phone used to study the malware, after two days of the device being infected with it. "Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," the Kaspersky blog states.

The California Department of Public Health (CDPH) issued a warning against the hazards of cellphone radiation this week. They are asking people to decrease their use of these devices and suggest keeping your distance when possible. TechCrunch reports: The warning comes after findings were offered up this week from a 2009 department document, which was published after an order from the Sacramento Superior Court. A year ago, UC Berkeley professor Joel Moskowitz initiated a lawsuit to get the department to release the findings after he started looking into whether mobile phone use increased the risk of tumors. A draft of the document was released in March, but the final release is more extensive.

According to the Federal Communication Commission's website, there is no national standard developed for safety limits. However, the agency requires cell phone manufacturers to ensure all phones comply with "objective limits for safe exposure." The CDPH recommends not keeping your phone in your pocket, not putting it up to your ear for a prolonged amount of time, keeping use low if there are two bars or less, not sleeping near it at night and to be aware that if you are in a fast-moving car, bus or train, your phone will emit more RF energy to maintain the connection.

Readers share a report: The first text message was sent on Dec. 3, 1992, by British engineer Neil Papworth to Richard Jarvis, an executive at British telecom Vodafone. Typed out on a PC, it was sent to Jarvis's Orbitel 901, a mobile phone that would take up most of your laptop backpack. Although Papworth is credited with sending the first text message, he's not the so-called father of SMS. That honor falls on Matti Makkonen, who initially suggested the idea back in 1984 at a telecommunications conference. But texting didn't take off over night. First it had to be incorporated into the then-budding GSM standard. Today, about 97 percent of smartphone owners use text messaging, according to Pew Research, and along the way, a new set of sub-languages based on abbreviations and keyboard-based imagery has evolved.

The Washington Post ran a technology column asking what happens "when the face-mapping tech that powers the iPhone X's cutesy 'Animoji' starts being used for creepier purposes." It's not just that the iPhone X scans 30,000 points on your face to make a 3D model. Though Apple stores that data securely on the phone, instead of sending it to its servers over the Internet, "Apple just started sharing your face with lots of apps." Although their columnist praises Apple's own commitment to privacy, "I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered." "I think we should be quite worried," said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "The chances we are going to see mischief around facial data is pretty high -- if not today, then soon -- if not on Apple then on Android." Apple's face tech sets some good precedents -- and some bad ones... Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3D print a mini-me. "Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.
"From years of covering tech, I've learned this much," the article concludes. "Given the opportunity to be creepy, someone will take it."

dmoberhaus writes: Motherboard's Daniel Oberhaus spoke to Denver Gingerich, the programmer behind Sopranica, a DIY, community-oriented cell phone network. "Sopranica is a project intended to replace all aspects of the existing cell phone network with their freedom-respecting equivalents," says Gingerich. "Taking out all the basement firmware on the cellphone, the towers that track your location, the payment methods that track who you are and who owns the number, and replacing it so we can have the same functionality without having to give up all the privacy that we have to give up right now. At a high level, it's about running community networks instead of having companies control the cell towers that we connect to." Motherboard interviews Gingerich and shows you how to use the network to avoid cell surveillance. According to Motherboard, all you need to do to join Sopranica is "create a free and anonymous Jabber ID, which is like an email address." Jabber is slang for a secure instant messaging protocol called XMPP that let's you communicate over voice and text from an anonymous phone number. "Next, you need to install a Jabber app on your phone," reports Motherboard. "You'll also need to install a Session Initiation Protocol (SIP) app, which allows your phone to make calls and send texts over the internet instead of the regular cellular network." Lastly, you need to get your phone number, which you can do by navigating to Sopranica's JMP website. (JMP is the code, which was published by Gingerich in January, and "first part of Sopranica.") "These phone numbers are generated by Sopranica's Voice Over IP (VOIP) provider which provides talk and text services over the internet. Click whichever number you want to be your new number on the Sopranica network and enter your Jabber ID. A confirmation code should be sent to your phone and will appear in your Jabber app." As for how JMP protects against surveillance, Gingerich says, "If you're communicating with someone using your JMP number, your cell carrier doesn't actually know what your JMP number is because that's going over data and it's encrypted. So they don't know that that communication is happening."

Heart44 writes: A number of outlets are reporting a Samsung laboratory breakthrough allowing smaller and faster charging lithium-ion batteries using three-dimensional graphene. Digital Trends reports: "Scientists created a 'graphene ball' coating for use inside a regular li-ion cell, which has the effect of increasing the overall capacity by up to 45 percent and speeding up charging by five times. If your phone charges up in 90 minutes now, that number will tumble to just 18 minutes if the cell inside has been given a graphene ball boost. What's more, this doesn't seem to affect the cell's lifespan, with the team claiming that after 500 cycles, the enhanced battery still had a 78 percent charge retention. The graphene coating improves the stability and conductivity of the battery's cathode and electrode, so it's able to take the rigors of fast charging with fewer downsides." The technical paper describing how the graphene ball works and how it's produced is published in the journal Nature.

Dave Gershgorn, writing for Quartz: At the Neural Information Processing Systems conference in Long Beach, California, next week, Google researchers Hee Jung Ryu and Florian Schroff will present a project they're calling an electronic screen protector, where a Google Pixel phone uses its front-facing camera and eye-detecting artificial intelligence to detect whether more than one person is looking at the screen. An unlisted, but public video by Ryu shows the software interrupting a Google messaging app to display a camera view, with the peeking perpetrator identified and given a Snapchat-esque vomit rainbow. Ryu and Schroff claim the system works with different lighting conditions and poses, and can recognize a person's gaze in 2 milliseconds. Ostensibly, this AI software is able to work so quickly because it's being run on the phone, rather than sent for processing on the company's powerful cloud servers.

The Google Pixel 2 and Pixel 2 XL both feature a custom Intel "Visual Core" co-processor, which is meant to improve speed and battery life when shooting photos with Google's HDR+ technology. The chip has been hanging out in the phone not really doing much of anything -- until now. TechCrunch reports of a new developer preview of Android 8.1 due out today that puts the chip to use. "The component is expected to further improve the handsets' cameras, which were already scoring good marks, production issues aside." From the report: According to the company, Pixel Visual Core has eight image processing unit (IPU) cores and 512 arithmetic logic units. Using machine learning, the company says it's able to speed things up by 5x, with one tenth of the energy. Access to the chip, combined with the Android Camera API means third-party photo apps will be able to take advantage of the system's speedy HDR+. Sounds swell, right? Of course, this is still just an early preview, only available to people who sign up for Google's Beta program. That means, among other things, dealing with potential bugs of an early build. Google wouldn't give us any more specific information with regards to when the feature will be unlocked for the public, but it's expected to arrive along with the 8.1 public beta in December.

The White House is considering banning its employees from using personal mobile phones while at work. While President Trump has been vocal about press leaks since taking office, one official said the potential change is driven by cybersecurity concerns. Bloomberg reports: One official said that there are too many devices connected to the campus wireless network and that personal phones aren't as secure as those issued by the federal government. White House Chief of Staff John Kelly -- whose personal phone was found to be compromised by hackers earlier this year -- is leading the push for a ban, another official said. The White House already takes precautions with personal wireless devices, including by requiring officials to leave phones in cubbies outside of meeting rooms where sensitive or classified information is discussed. Top officials haven't yet decided whether or when to impose the ban, and if it would apply to all staff in the executive office of the president. While some lower-level officials support a ban, others worry it could result in a series of disruptive unintended consequences.

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."

An anonymous reader writes: A 10-year-old boy discovered he could unlock his father's phone just by looking at it. And his mother's phone too. Both parents had just purchased a new $999 iPhone X, and apparently its Face ID couldn't tell his face from theirs. The unlocking happened immediately after the mother told the son that "There's no way you're getting access to this phone."

Experiments suggest the iPhone X was confused by the indoor/nighttime lighting when the couple first registered their faces. Apple's only response was to point to their support page, which states that "the statistical probability is different...among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate." The boy's father is now offering this advice to other parents. "You should probably try it with every member of your family and see who can access it."

And his son just "thought it was hilarious."