Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 67

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Microsoft

Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks (theverge.com) 121

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: "We have released a security update to address this issue," says a Microsoft spokesperson in a statement to The Verge. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices "in the coming weeks." Google's own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.
Security

WPA2 Security Flaw Puts Almost Every Wi-Fi Device at Risk of Hijack, Eavesdropping (zdnet.com) 236

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. From a report: The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: hackers can eavesdrop on your network traffic. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk. "If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website. News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.
Crime

Dutch Police Build a Pokemon Go-Style App For Hunting Wanted Criminals (csoonline.com) 62

"How can the police induce citizens to help investigate crime? By trying to make it 'cool' and turning it into a game that awards points for hits," reports CSO. mrwireless writes: Through their 'police of the future' innovation initiative, and inspired by Pokemon Go, the Dutch police are building an app where you can score points by photographing the license plates of stolen cars. When a car is reported stolen the app will notify people in the neighbourhood, and then the game is on! Privacy activists are worried this creates a whole new relationship with the police, as a deputization of citizens blurs boundaries, and institutionalizes 'coveillance' -- citizens spying on citizens. It could be a slippery slope to situations that more resemble the Stasi regime's, which famously used this form of neighborly surveillance as its preferred method of control.
CSO cites Spiegel Online's description of the unofficial 189,000 Stasi informants as "totally normal citizens of East Germany who betrayed others: neighbors reporting on neighbors, schoolchildren informing on classmates, university students passing along information on other students, managers spying on employees and Communist bosses denouncing party members."

The Dutch police are also building another app that allows citizens to search for missing persons.
Google

Google Slashes Prices of Its USB-C Headphone Dongle Following Minor Outrage (mashable.com) 193

At its hardware event last week, Google unveiled its two new flagship smartphones: the Pixel 2 and Pixel 2 XL. While these devices feature high-end specifications and the latest version of Android, they both lack headphone jacks, upsetting many consumers who still rely heavily on wired headphones. To add insult to injury, Google announced a USB-C adapter for a whopping price of $20 -- that's $11 more than Apple's Lightning to 3.5mm adapter. This resulted in some minor outrage and caused Google to rethink its decision(s). As reported by 9to5Google, Google decided to slash the price of the dongle by over 50%. It is now priced at a more reasonable $9.
IOS

Latest iOS Update Shows Apple Can Use Software To Break Phones Repaired By Independent Shops (vice.com) 126

The latest version of iOS fixes several bugs, including one that caused a loss of touch functionality on a small subset of phones that had been repaired with certain third-party screens and had been updated to iOS 11. "Addresses an issue where touch input was unresponsive on some iPhone 6S displays because they were not serviced with genuine Apple parts," the update reads. "Note: Non-genuine replacement displays may have compromised visual quality and may fail to work correctly. Apple-certified screen repairs are performed by trusted experts who use genuine Apple parts. See support.apple.com for more information." Jason Koebler writes via Motherboard: "This is a reminder that Apple seems to have the ability to push out software updates that can kill hardware and replacement parts it did not sell iPhone customers itself, and that it can fix those same issues remotely." From the report: So let's consider what actually happened here. iPhones that had been repaired and were in perfect working order suddenly stopped working after Apple updated its software. Apple was then able to fix the problem remotely. Apple then put out a warning blaming the parts that were used to do the repair. Poof -- phone doesn't work. Poof -- phone works again. In this case, not all phones that used third party parts were affected, and there's no reason to think that, in this case, Apple broke these particular phones on purpose. But there is currently nothing stopping the company from using software to control unauthorized repair: For instance, you cannot replace the home button on an iPhone 7 without Apple's proprietary "Horizon Machine" that re-syncs a new home button with the repaired phone. This software update is concerning because it not only undermines the reputation of independent repair among Apple customers, but because it shows that phones that don't use "genuine" parts could potentially one day be bricked remotely.
Iphone

Apple To Ditch Touch ID Altogether For All of Next Year's iPhones (macrumors.com) 131

Earlier this week, a report said that Apple is planning to equip next year's iPad Pro with the hardware necessary for Face ID. Now, according to KGI Securities analyst Ming-Chi Kuo, it appears the company is taking that one step further with its 2018 iPhones. All of the iPhones Apple plans to produce next year will reportedly abandon the Touch ID fingerprint sensor in favor of facial recognition. Mac Rumors reports: According to Kuo, Apple will embrace Face ID as its authentication method for a competitive advantage over Android smartphones. Kuo has previously said that it could take years for Android smartphone manufacturers to produce technology that can match the TrueDepth camera and the Face ID feature coming in the iPhone X. Face ID, says Kuo, will continue to be a major selling point of the new iPhone models in 2018, with Apple planning to capitalize on its lead in 3D sensing design and production. Kuo's prediction suggests that all upcoming 2018 iPhones will feature a full-screen design with minimal bezels like the iPhone X, meaning no additional models with the iPhone 8/iPhone 8 Plus design would be produced. That would spell the end of the line for Touch ID in the iPhone, which has been available as a biometric authentication option since 2013.
Businesses

Qualcomm Seeks China iPhone Ban, Escalating Apple Legal Fight (bloomberg.com) 36

Qualcomm filed lawsuits in China seeking to ban the sale and manufacture of iPhones in the country, the chipmaker's biggest shot at Apple so far in a sprawling and bitter legal fight. From a report: The San Diego-based company aims to inflict pain on Apple in the world's largest market for smartphones and cut off production in a country where most iPhones are made. The product provides almost two-thirds of Apple's revenue. Qualcomm filed the suits in a Beijing intellectual property court claiming patent infringement and seeking injunctive relief, according to Christine Trimble, a company spokeswoman. "Apple employs technologies invented by Qualcomm without paying for them," Trimble said. An Apple spokesman didn't immediately respond to a request for comment on Friday. Qualcomm's suits are based on three non-standard essential patents, it said. They cover power management and a touch-screen technology called Force Touch that Apple uses in current iPhones, Qualcomm said. The inventions "are a few examples of the many Qualcomm technologies that Apple uses to improve its devices and increase its profits," Trimble said. The company made the filings at the Beijing court on Sept. 29. The court has not yet made them public.
Google

Google Is Really Good At Design 183

Joshua Topolsky, writing for The Outline: The stuff Google showed off on October 4 was brazenly designed and strangely, invitingly touchable. These gadgets were soft, colorful... delightful? They looked human, but like something future humans had made; people who'd gotten righteously drunk with aliens. You could imagine them in your living room, your den, your bedroom. Your teleportation chamber. A fuzzy little donut you can have a conversation with. A VR headset in stunning pink. A phone with playful pops of color and an interface that seems to presage what you want, when you want it. It's weird. It's subtle. It's... good. It's Google? It's Google.

It was only a few years ago that Google was actually something of a laughing stock when it came to design. As an aggressively engineer-led company, the Mountain View behemoth's early efforts, particularly with its mobile software and devices, focused not on beauty, elegance, or simplicity, but rather concentrated on flexibility, iteration, and scale. These are useful priorities for a utilitarian search engine, but didn't translate well to many of the company's other products. Design -- the mysterious intersection of art and communication -- was a second-class citizen at Google, subordinate to The Data. That much was clear from the top down.

Enter Matias Duarte, the design impresario who was responsible for the Sidekick's UI (a wacky, yet strangely prescient mobile-everything concept) and later, the revolutionary (though ill-fated) webOS -- the striking mobile operating system and design language that would be Palm's final, valiant attempt at reclaiming the mobile market. Duarte was hired by Google in 2013 (initially as Android's User Experience Director, though he is now VP of design at the company), and spearheaded a complete reset of the company's visual and functional instincts. But even Duarte was aware of the design challenges his new role presented. "I never thought I'd work for Google," he told Surface Magazine in August. "I had zero ambition to work for Google. Everybody knew Google was a terrible place for design." Duarte went to work on a system that would ultimately be dubbed Material Design -- a set of principles that not only began to dictate how Android should look and work as a mobile operating system, but also triggered the march toward a unified system of design that slowly but surely pulled Google's disparate network of services into something that much more closely resembled a singular vision. A school of thought. A family.
Android

Is the Chromebook the New Android Tablet? (computerworld.com) 182

An anonymous reader shares a report from Computerworld, where JR Raphael makes the case for why it's time to call the Chromebook the new Android tablet: What does a traditional Android tablet do that a convertible Chromebook doesn't? No matter how long you mull, it's tough to come up with much. Nowadays, a Chromebook runs the same apps from the same Google Play Store. It has an increasingly similar user interface, with a new touch-friendly and Android-reminiscent app launcher rolling out as we speak. It's likely to have an Android-like way of getting around the system before long, too, not to mention native integration of the Google Assistant (which is launching with the newly announced Pixelbook and then presumably spreading to other devices from there). But on top of all of that, a Chromebook offers meaningful advantages a traditional Android tablet simply can't match. It operates within the fast-booting, inherently secure, and free from manufacturer- or carrier-meddling Chrome OS environment. The operating system is updated every two to three weeks, directly by Google, for a minimum of five years. That's a sharp contrast to the software realities we see on Android -- and if you think the updates on Android phones are bad, let me tell you: The situation with Android tablets is worse.

In addition to the regular selection of Android apps, a Chromebook also gives you a desktop-caliber browser experience along with a laptop-level keyboard and capable trackpad. (And, as a side perk, that means you've got a built-in multi-mode stand for your tablet, too.) It's the best of both worlds, as I've put it before -- a whole new kind of platform-defying, all-purpose productivity and entertainment machine. And while it won't immediately lead to the outright extinction of traditional Android tablets, it certainly makes them seem like a watered-down and obsolete version of the same basic experience.

Books

Amazon Finally Makes a Waterproof Kindle (theverge.com) 64

After 10 years of Kindles, Amazon has finally made a kindle e-reader with an IPX8 waterproof rating. The new Kindle Oasis features a 7-inch display and aluminum back. The Verge reports: Unlike last year's Kindle Oasis, which used a magnetic case you attached to the e-reader to extend its battery life, the new Oasis relies entirely on its built-in battery. It has a similar physical design, with one thicker side that tapers down on the other side, for one-handed reading. But Amazon has made a point of saying that it managed to fit in a bigger battery, while keeping the tapered side of the device at 3.4 millimeters. The resolution of the e-paper display is the same at 300 ppi, but it has a couple extra LED lights now for a brighter, more even-looking display. And it also has ambient light sensors that adjust the brightness as you move from room to room, or from outdoors to indoors. There are physical page-turn buttons, plus the touchscreen page-turn option; Amazon says it's worked on both the hardware and software side of things to make page-turning feel faster. The new e-reader has been tested in two meters of water for up to 60 minutes. It's also been tested in different water environments, like hot tubs, pools, and bubble baths.
Operating Systems

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users (bleepingcomputer.com) 164

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Cellphones

Security, Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded (softpedia.com) 82

prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.
IBM

How Does Microsoft Avoid Being the Next IBM? (arstechnica.com) 223

An anonymous reader quotes a report from Ars Technica: For fans of the platform, the official confirmation that Windows on phones isn't under active development any longer -- security bugs will be fixed, but new features and new hardware aren't on the cards -- isn't a big surprise. This is merely a sad acknowledgement of what we already knew. Last week, Microsoft also announced that it was getting out of the music business, signaling another small retreat from the consumer space. It's tempting to shrug and dismiss each of these instances, pointing to Microsoft's continued enterprise strength as evidence that the company's position remains strong. And certainly, sticking to the enterprise space is a thing that Microsoft could do. Become the next IBM: a stable, dull, multibillion dollar business. But IBM probably doesn't want to be IBM right now -- it has had five straight years of falling revenue amid declining relevance of its legacy businesses -- and Microsoft probably shouldn't want to be the next IBM, either. Today, Microsoft is facing similar pressures -- Windows, though still critical, isn't as essential to people's lives as it was a decade ago -- and risks a similar fate. Dropping consumer ambitions and retreating to the enterprise is a mistake. Microsoft's failure in smartphones is bad for Windows, and it's bad for Microsoft's position in the enterprise as a whole.
Microsoft

PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations (betanews.com) 180

BrianFagioli shares a report from BetaNews: With Cortana's in-context assistance, it's easier to keep your conversations going by having Cortana suggest useful information based on your chat, like restaurant options or movie reviews. And if you're in a time crunch? Cortana also suggests smart replies, allowing you to respond to any message quickly and easily -- without typing a thing," says The Skype Team. The team further says, "Cortana can also help you organize your day -- no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled. So, whether you're talking about weekend plans or an important work appointment, nothing will slip through the cracks."

So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.

Iphone

Face ID Is Coming To the iPad Pro Next Year, Says Report (macrumors.com) 73

According to MacRumors, KGI Securities analyst Ming-Chi Kuo said iPad Pro models set to be released in 2018 will come equipped with a TrueDepth Camera and will support Face ID. Apple is believed to be adding TrueDepth cameras to the iPad Pro to introduce a user experience that's consistent with the iPhone X and boost competitiveness. From the report: According to Kuo, TrueDepth Cameras will be limited to the iPad Pro, which is Apple's main flagship tablet device. Kuo also predicts 2018 iPhone models will adopt the new camera technology coming in the iPhone X, as he has mentioned in a previous note: "We predict iOS devices to be equipped with TrueDepth Camera in 2018F will include iPhone X and 2018 new iPhone and iPad models. Because of this, we believe more developers will pay attention to TrueDepth Camera/ facial recognition related applications. We expect Apple's (U.S.) major promotion of facial recognition related applications will encourage the Android camp to also dedicate more resources to developing hardware and facial recognition applications."
Android

Slashdot Asks: Does the World Need a Third Mobile OS? 304

Now that it is evident that Microsoft doesn't see any future with Windows Phone (or Windows 10 Mobile), it has become clear that there is no real, or potential competitor left to fight Android and iOS for a slice of the mobile operating system market. Mozilla tried Firefox OS, but that didn't work out either. BlackBerry's BBOS also couldn't find enough taker. Ideally, the market is more consumer friendly when there are more than one or two dominant forces. Do you think some company, or individual, should attempt to create their own mobile operating system?
Cellphones

Alphabet's Balloons Will Bring Cellphone Service To Puerto Rico (wired.com) 65

An anonymous reader writes:Hurricanes Irma and Maria wiped out more than 90 percent of the cellphone coverage on Puerto Rico. Now the FCC has given "Project Loon" permission to fly 30 balloons more than 12 miles above the island for the next six months, Wired reports, to temporarily replace the thousands of cellphone towers knocked down by the two hurricanes.

Each balloon can service an area of 1,930 miles, so the hope is to restore service to the entire island of Puerto Rico and parts of the U.S. Virgin Islands. In May Project Loon, part of Google's parent company Alphabet, deployed its technology in Peru and later provided emergency internet access there during serious flooding. (Those balloons were acually launched from Puerto Rico.) These new Project Loon balloons will be "relaying communications between Alphabet's own ground stations connected to the surviving wireless networks, and users' handsets," according to the article, which reports that eight wireless carriers in Puerto Rico have already consented to the arrangement.

Portables

Can Cheap Android Tablets Bridge the Digital Divide? (teleread.org) 111

It's now possible to buy a 7-inch Android tablet for under $50 -- for example, the Nook Tablet 7 or Amazon's cheapest Fire tablet. "Since the Fire can now easily install regular Android apps, it has become useful out of all proportion to its price," writes long-time Slashdot reader Robotech_Master, noting that for many applications tablets can replace a desktop or laptop computer. TeleRead.org is even arguing this could be what bridges the digital divide: [N]ot just for reading ebooks and assisting in education, but for more basic tasks. People with low or no incomes could search and apply for better jobs. Students could do homework and term papers on their tablet if their siblings or parents are using the desktop.
Besides the obvious applications like email and web browsing, $50 Android tablets also offer cheap phone calls via Google Hangouts. (You can even get your own phone number through Google Voice.) Calling the tablets "a full-fledged internet terminal... easily within reach of even the lowest-income families," the article concludes "I can hardly wait to see where these tablets go from here."
Iphone

Apple Doesn't Deliberately Slow Down Older Devices According To Benchmark Analysis (macrumors.com) 163

According to software company Futuremark, Apple doesn't intentionally slow down older iPhones when it releases new software updates as a way to encourage its customers to buy new devices. MacRumors reports: Starting in 2016, Futuremark collected over 100,000 benchmark results for seven different iPhone models across three versions of iOS, using that data to create performance comparison charts to determine whether there have been performance drops in iOS 9, iOS 10, and iOS 11. The first device tested was the iPhone 5s, as it's the oldest device capable of running iOS 11. iPhone 5s, released in 2013, was the first iPhone to get a 64-bit A7 chip, and iOS 11 is limited to 64-bit devices. Futuremark used the 3DMark Sling Shot Extreme Graphics test and calculated all benchmark scores from the iPhone 5s across a given month to make its comparison. The higher the bar, the better the performance, and based on the testing, GPU performance on the iPhone 5s has remained constant from iOS 9 to iOS 11 with just minor variations that Futuremark says "fall well within normal levels." iPhone 5s CPU performance over time was measured using the 3DMark Sling Shot Extreme Physics test, and again, results were largely consistent. CPU performance across those three devices has dropped slightly, something Futuremark attributes to "minor iOS updates or other factors."

Slashdot Top Deals