Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Rowhammer Attack Can Now Root Android Devices ( 26

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."
Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 72

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.

Chrome For Android Gets Its Own Canary Channel ( 22

Google is bringing bleeding-edge Canary channel for Chrome to Android. Through Canary channel, the company introduces early versions of Chrome upgrades to the early adopter and developers, and seeks feedback. Prior to this, Canary channel was available for the desktop version of Chrome. Alex Mineer, APK Administrator & Bug Basher said, "Just like the Canary channel for other platforms, new versions are built from the most recent code available and often contain a variety of new features, enhancements, and bug fixes. These builds are shipped automatically with no manual testing, which means that the build can be unstable and may even stop working entirely for days at a time. However, the goal is for Canary to remain usable at all times, and the Chrome team prioritizes fixing major issues as quickly as possible."

1 In 2 Samsung Galaxy Note 7 Owners To Switch To iPhone 7, Says Analyst ( 212

Branding Brand recently conducted a post-recall study asking Samsung Galaxy Note 7 users which smartphones they would consider upgrading to. While 40 percent of them said they are ready to jump ship to a different manufacturer, 30 percent of respondents said they are likely going to be switching to the iPhone. However, according to one analyst, that number could be even higher. Softpedia reports: KGI analyst Ming-Chi Kuo said in a note to investors that approximately 50 percent of those who ordered a Note 7 are now very likely to go for an iPhone 7, as customer trust is collapsing in the Samsung ecosystem and all these buyers are no longer planning to stick with phones manufactured by the South Korean firm. Between 5 to 7 million Note 7 orders are likely to transfer to Apple, the analyst says, and the iPhone 7 Plus is expected to be the main model benefitting from this transition. Other Android phone manufacturers, including Huawei, are also likely to benefit from Samsung's fiasco, and Google itself could also record an increase in Pixel sales following the Note 7 demise. But Apple will certainly take the lion's share here, mostly thanks to the iPhone 7 Plus currently being positioned as a direct rival to the Note 7.

UK Police Begins Deployment of 22,000 Police Body Cameras ( 65

An anonymous reader writes: London's Metropolitan Police Service has begun a roll-out of 22,000 Body Worn Video (BWV) cameras to officers over the city's 32 boroughs after ten years of country-wide trials. The device, which records video only when the officer decides, has a 130-degree field of view and a 30-second buffer which permits police to begin recording even after an event has started. The makers of the camera also provide an Android/iOS app which can allow a remote viewer to connect to an officer's camera, effectively turning police operatives into walking CCTVs. Academic research has suggested that use of BWV cams can reduce complaints against officers by 93%, and the Met contends that the new technology, whose cloud-based systems erases unwanted videos after 31 days, is particularly effective in domestic violence cases.

Android Trojan Asks Victims To Submit a Selfie Holding Their ID Card ( 25

An anonymous reader writes from a report via Softpedia: Untrained and gullible Android users are now the target of an Android banking trojan that asks them to send a selfie holding their ID card. The trojan, considered the most sophisticated Android trojan known today, is named Acecard, and this most recent version has been detected only in Hong Kong and Singapore for now. The purpose of requiring a selfie of the victim holding his/her ID card is for the crook to prove himself when making fraudulent bank transactions, calling tech support posing as the victim, or for taking over social media accounts for Facebook or Twitter, which often require ID scans in the case of account takeover disputes. The report adds: "A previous version of the Acecard trojan hid inside a Black Jack game delivered via the official Google Play Store. In the most recent version of this threat, security experts from McAfee have found a new version of the Acecard trojan hidden inside all sorts of apps that pose as Adobe Flash Player, pornographic apps, or video codecs. All of these apps are distributed outside of the Play Store and constantly pester users with permission requirement screens until they get what they want, which is administrator rights. Once this step is achieved, the trojan lays in hiding until the user opens a specific app. McAfee experts found that when the user opens the Google Play app, the trojan springs a new social engineering trap."

Facebook Now Lets You Use Google Cast or AirPlay To Stream Video On Your TV ( 31

Facebook has made it a high priority over the years to improve its video platform so that it can better compete with the monolithic video service that is YouTube. Today, the company has added another feature, one that allows users to stream Facebook video content to the Apple TV via AirPlay and to various Google Cast-enabled devices. Digital Trends reports: The feature is available on the Facebook iOS app and, according to Facebook, it will be available on Android soon. The best thing about it, however, is how easy it is to use. Simply find a video you want to watch, then tap the TV button and select which device the app should stream to. Another highlight of the feature is that it is truly built for Facebook -- that is to say, when you are watching a video on the big screen, your phone is not on lockdown until the video is over. Instead, you can keep scrolling through the News Feed, treating your TV as more of a second screen than simply a mirror of your phone.

Google News Introduces Fact Check Feature -- Just In Time For the US Election ( 367

An anonymous reader quotes a report from The Next Web: Google today introduced a new feature that will tag and help find "fact checking in large news stories." Tagged articles will show up in the new story box on, as well as in the Google News and Weather app for iOS and Android in the US and UK. There's a two-pronged approach to detecting fact checking. First Google looks for actual markup in the site's source code. Then Google looks for pages "that follow the commonly accepted criteria for fact checks." You can learn more about the process here. To be clear, the tags show up in small grey text above the article links -- Google itself isn't passing judgement, nor does it tell you the source article's conclusion in search results. It's merely a sign that says "hey, read me to find out the truth." Still, it's a nice way to make sure readers are at least forming opinions based on fact rather than fiction.

Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor ( 95

An anonymous reader writes from a report via Softpedia: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled. There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command, provides instructions on how to detect if a phone is affected. "Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.

Pokemon Go Could Add 2.83 Million Years To Users' Lives, Says Study ( 156

An anonymous reader quotes a report from CNNMoney: A new study from Microsoft Research found that the most interested Pokemon Go players took 26% more steps than before using the app. The largest behavior changes were seen among sedentary users. No matter their gender, age, weight or lifestyle, Pokemon Go users began to move more -- taking an extra 194 steps a day once they started using the app. (That's the equivalent of walking roughly one tenth of a mile.) The researchers estimate that Pokemon Go has added 144 billion steps to U.S. physical activity. That's 143 roundtrips to the moon. The study was published online this month in the Cornell Library University. Since activity reduces mortality risks, the researchers estimated that Pokemon Go could add 2.83 million years to the life expectancy of an assumed 25 million U.S. users. Based off research that showed walking reduces mortality, the researchers calculated that Pokemon Go users who continued to walk an extra 1,000 steps a day would enjoy 41.4 days of additional life expectancy. The Microsoft scientists examined data shared by 31,793 users of Microsoft Band, a wearable device, and Bing, the company's search engine. They compared the movement data from the wearables with users' web search queries. Pokemon Go players were identified by web searches that indicated they were playing the game. The Microsoft team also looked at four of the most popular health apps on Apple and Android devices. They found these apps had little impact on a person's behavior. The activity levels of Pokemon Go users changed far more.

Android 7.1 To Roll Out To Nexus Devices in December; Preview Goes Out This Month ( 26

Google said today it will roll out Android 7.1 to a range of Nexus devices -- including Nexus 6 -- later this year (December). A developer preview of Android 7.1 will be available to enthusiasts later this month. From an Engadget report: They also confirmed what 7.1 will bring to the table. Aside from Daydream VR support, most of the new features focus on giving developers more options to spruce up their apps' functionality. First, they can now make custom shortcuts, much like the ones popping up in iOS via 3D Touch. There's also support for image keyboards so users can insert stickers or GIFs within apps. For carriers and calling apps, 7.1 has APIs for multi-endpoint calling and telephony configuration. Lastly, developers can now route users to a Settings page to free up storage space by deleting unused files.

Nokia Crawls Towards Comeback With New Phones Announcement ( 73

An anonymous reader shares a report on The Register: The "new Nokia" appears going for volume rather than margins as it makes a comeback into phones. A new venture called HMD Global has licensed the rights to the Nokia brand for use in phones, which will be made by Foxconn. Three or four new Nokia-branded devices will be launched, Nokia's China chief suggested in August, with the first to be announced before Christmas. Benchmarks for one device, named in the benchmarks as the "D1C" have been spotted, indicating a solid midrange device, with 3GB of RAM, and Android Nougat 7. The CPU is identified as a Qualcomm Snapdragon 430 octa core running at 1.4Ghz. In 2013, Microsoft bought the exclusive right to use the Nokia brand for phones, for a limited period. That exclusivity period expires at the end of this year.

Cyanogen Gets a New CEO, Shifts Away From Selling a Full Mobile Operating System ( 49

An anonymous reader quotes a report from TechCrunch: Cyanogen, a startup behind its own, alternative version of the Android operating system, now has a new CEO. In the wake of reports that the company exaggerated its success in terms of active users, layoffs, and difficulties scaling, Cyanogen's co-founder and CEO Kirt McMaster will be transitioning into an "Executive Chairman" role, while Lior Tal, previously COO, will now assume the CEO position. In addition, Steve Kondik, Cyanogen's co-founder and CTO, will be taking on a new role as Chief Science Officer, the company announced. He will report Stephen Lawler, the company's SVP of Engineering. Today's blog post from new CEO Tal also somewhat acknowledged the company's struggles, and announced plans to shift in its business model with the launch of a new Cyanogen Modular OS program. "in recent years, Android and the mobile ecosystem changed," wrote Tal. "Android has become extremely fragmented causing serious security vulnerabilities and few or no incentives to device manufacturers to deliver software upgrades and/or security patches," he said. "Increased demand for lower-priced smartphones, coupled with the specifications arms race, has left manufacturers focused on scale and efficiency while compromising investment in software and services. Innovation cannot happen in a vacuum, which is what we have today," Tal added. The company will be moving away from its former model which involved it shipping the full-stack of the operating system, the company says. Its new program will instead allows manufacturers to introduce their own, customizable smartphones that use different parts of the Cyanogen OS via dynamic modules and MODs, while still using the ROM of their choice. That means they could still run stock Android on their devices, then pick and choose the pieces of Cyanogen's technology they want to also add. The full Cyanogen OS is still available and being sold, but is no longer the main focus. In July, Cyanogen Inc. laid off 20 percent of its workforce and sent a letter from McMaster to employees admitting that, despite shipping millions of devices with its OS, was "not scaling fast enough nor in an efficient manner."

Baidu's Voice Recognition Software Is More Accurate Than Typing ( 55

The massive Chinese web services company Baidu has launched their sophisticated new TalkType 'keyboard' which defaults to voice recognition app. An anonymous reader quotes The Stack: Baidu claims that the app's speech recognition is more accurate than actual typing, having developed and tested the technology alongside speech software experts at Stanford University...The researchers concluded that Baidu's technology was three times faster than a typical user typing in English. The results showed that the TalkType error rate was 20.4% lower than an English texter hunting and tapping for letters. The accuracy was even greater for those typing in Mandarin, with the error rate dropping 63.4% when using TalkType.
Of course, last year Baidu was also accused of gaming the testing for their image-recognition software.

Android 7.1 Nougat's Changelog Reveals Pixel-Exclusive Features Not Available To Nexus Devices ( 116

With the launch of the Google Pixel and Pixel XL yesterday, Google failed to mention the fact that vanilla Android is dead. The Pixel and Pixel XL run Android 7.1 Nougat, custom software made solely for the new Pixel devices and not for past Nexus smartphones. A changelog for Android 7.1 reveals that Nexus smartphones and tablets will not get Pixel-specific features. They won't get the Pixel Launcher or Google Assistant. BGR reports: Google is trying to set the Pixels apart by giving them special features, and it's not like that's an irrational business decision. But the Pixels might change the way Android fans buy devices. Before, you could go for Nexus to get the hottest Android features as soon as Google released Android updates, or you could buy anything else and hope for speedy software upgrade. Now, it seems that you'll have to buy Pixel to get a full Android experience as Google envisions it, or get anything else and never experience Android in its full glory. Some of the Pixel product-specific features, as mentioned in the changelog found by Android Police, include: Pixel Launcher, Google Assistant, unlimited original quality photo/video backup to Google Photos, phone/chat support, and various cosmetic changes.

Amazon Piles On the Prime Benefits With New 'Prime Reading' Perk ( 54

Amazon today unveiled the latest perk for Prime members in the United States: Prime Reading. With this, the company is offering access to "over a thousand" Kindle books, comics, magazines and more. The selection will rotate, the company says, suggesting that you should be able to read titles that aren't available today. GeekWire adds: The new perk, Prime Reading, lets Amazon Prime members access more than 1,000 e-books from best-selling authors at no extra charge, read a rotating selection of popular magazines, and read content from the company's Kindle Singles library, including classic short stories and essays. Prime reading is available on the Kindle app for iOS and Android, and on the company's Kindle e-readers and Fire tablets. The new perk comes in addition to the Kindle Owners' Lending Library, which lets Prime members who own Amazon devices borrow one e-book a month from a larger selection of titles. Separate from a Prime membership, Amazon offers the $10/month Kindle Unlimited e-book subscription service.Amazon Prime program costs $99 per year.

BadKernel Vulnerability Affects One In 16 Android Smartphones ( 58

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.

Toyota's Kirobo Mini Companion Robot To Sell For $400 ( 62

An anonymous reader quotes a report from Digital Trends: Three years ago a small robot called Kirobo blasted into space, headed for the International Space Station. When it arrived, the 34-cm-tall, Toyota-made android became best buddies with Japanese astronaut Koichi Wakata, accompanying him around the station, engaging in polite conversation, and even showing emotion according to the subject matter. Following Kirobo's successful space jaunt, the car company decided to back the development of a smaller version of the already small robot, calling it -- rather appropriately -- Kirobo Mini. It unveiled the diminutive droid at the 2015 Tokyo Motor Show. Toyota announced on Monday that Kirobo Mini will go on sale in Japan next year for 39,800 yen (about $390), though a 300-yen (about $2.95) monthly subscription fee will also be necessary. Besides the robot itself, you'll also receive a "cradle" that's designed to fit inside a car's cup holder, ensuring that the robot travels in style wherever you take it. An ad (video) released by Toyota over the weekend shows Kirobo Mini hanging out with families, couples, the elderly, singletons, and students, with everyone visibly enthralled by its ability to say the right thing at the right time. However, Kirobo Mini's specific functionality, and the extent to which it'll be able to interact with humans, is yet to be revealed.

The Microsoft Band Is Dead ( 58

Microsoft's fitness-band line of devices have not be very well adopted over the years. Last month it was reported that Microsoft will be killing off the Lumia brand in favor of a new Surface Phone brand. Now, it appears the company is discontinuing its Band devices, as it has removed all references to them from its Microsoft Store listing online. Mary Jo Foley writes via ZDNet: A tipster who asked not to be named showed me a cached version of the Microsoft Online Store listing from yesterday, October 2, which included Band devices; today, October 3, references to the Band devices are gone from the company's Store sites. Microsoft also removed the Band software development kit (SDK) today, which isn't surprising given it's no longer selling Band 2 devices. Microsoft is believed to have disbanded the software team that was looking to bring Windows 10 to the Band a couple months ago. I've gotten various tips that at least some of the Band hardware team members have dispersed, too, with some moving to other Microsoft hardware teams inside the company. Even though sources of mine have said Microsoft is planning to phase out its fitness band devices and to have no plans to roll out a Band 3 device any time soon (or likely, ever), company officials still haven't completely conceded that it's the end of the line for Band. I asked again today and have yet to get an updated statement from the company regarding when and why Band devices were removed from Microsoft's online stores. A spokesperson sent me the following statement: "We have sold through our existing Band 2 inventory and have no plans to release another Band device this year. We remain committed to supporting our Microsoft Band 2 customers through Microsoft Stores and our customer support channels and will continue to invest in the Microsoft Health platform, which is open to all hardware and apps partners across Windows, iOS, and Android devices."

Google, Lagging Amazon, Races Across the Threshold Into the Home ( 52

Google will unveil its answer to Amazon's Echo at an event on Tuesday, the New York Times reports. The Google Home device, which looks like an "air freshener," is expected to go on sale later this month (Editor's note: the link could be paywalled; alternate source), the publication added. The Google Home is powered by what Google calls Assistant, which uses "artificial intelligence" to understand what users are saying and respond conversationally with the best answers. "Amazon is the accidental winner here," Scott Galloway, a professor of marketing at the Stern School of Business at New York University, told the paper. "Amazon got there first, which is superimpressive, and it has been a huge hit." From the report: Google is a leader in natural language processing -- the ability to turn spoken words into terms that computers can digest -- and its search engine is the starting point for how most people get answers on the internet. In fact, the company says 20 percent of Google searches on mobile phones are done by voice. So why didn't Google create an Echo-like device before Amazon? In part, Google was hindered by a balkanized structure that prevented different groups within the company from working together, according to four current and former employees. Google, based in Mountain View, Calif., had a large team working on voice search but its focus was on an app for smartphones. The company had a separate team working on the Android operating system, which runs on smartphones, tablets and internet-connected home devices, and they were building virtual assistant technology into mobile devices.Google is also expected to launch two new smartphones, expected to be called Pixel and Pixel XL. Earlier today, both the phones showed up on a retailer's website, revealing their specifications. The Guardian reports: The leaked images show two sizes of the phone -- a regular and "XL" version, USB-C fast charging, a new interface, video calling and the Google Assistant, which first launched within the company's Allo messaging app. Both devices will have 32GB or 128GB of storage, 4GB of RAM, Qualcomm's latest 821 processor, AMOLED screens, fingerprint scanners on the back, an eight-megapixel selfie camera and a 12-megapixel camera on the back with optical image stabilisation, according to the smartphone retailers listings which have since been removed.

Slashdot Top Deals