IT Support and Hardware for Clinics
32.1K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Apple Malware Outbreak: Infected App Count Grows

Apple Malware Outbreak: Infected App Count Grows | IT Support and Hardware for Clinics | Scoop.it

The number of apps infected in the first large-scale Apple App Store malware outbreak is far higher than was first believed, according to the cybersecurity firm FireEye, which reports that at least 4,000 apps were infected with XcodeGhost malware.


In the wake of the discovery of a six-month malware campaign last week, early estimates were that dozens of apps had been infected with the XcodeGhost malware, which could be used by attackers to steal data from devices, including users' Apple passwords, as well as launch phishing attacks.


But FireEye now reports that the number of infected iOS apps is far higher than researchers initially suspected. "Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store," the company says in a Sept. 22 blog post.

Apple did not respond to a request for comment on that report and has so far declined to respond to questions about how many apps may have been infected.


FireEye has not released a full list of all infected apps, but spokeswoman Darshna Kamani tells Information Security Media Group that most of them are aimed at Chinese-language users. Previous reports, meanwhile, had warned that such popular apps as the WeChat messaging app and the Didi ride-hailing app were infected, and that infected apps were used not just by Chinese users, but globally.


The malware attack was perpetrated by attackers offering for download a pirated version of Apple's free Xcode software - which is used to build iOS and Mac OS X applications - that added malware to every app when it was compiled. An anonymous developer has claimed credit for the attack campaign, saying it was a "mistaken experiment," although numerous security experts have dismissed that claim.

Apple Squashes Bad Apps

Apple says that it has seen no evidence that any personal information was compromised. The company says it has been excising all apps that were built using a malicious version of Xcode and working with developers to ensure that they only use the official Xcode tool.

"We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used," Apple says in an XcodeGhost FAQ. "We're not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords. ... Malicious code could only have been able to deliver some general information such as the apps and general system information."


But other security firms have warned that the malware could have been used for malicious purposes. "XcodeGhost is reported to be the first instance of the iOS App Store distributing a large number of trojanized apps," FireEye says. "The malicious apps steal device and user information and send stolen data to a command and control server. These apps also accept remote commands, including the ability to open URLs sent by the [C&C] server. These URLs can be phishing webpages for stealing credentials, or a link to an enterprise-signed malicious app that can be installed on non-jailbroken devices."

Chinese social media and gaming giant - and WeChat developer - TenCent published a report on Sept. 20 warning that the malware could be used to remotely control devices and launch man-in-the-middle attacks against users. It also found that at least 76 of the top 5,000 apps in Apple's China app store were infected with XcodeGhost.

In its XcodeGhost FAQ, Apple has listed the top 25 most popular infected apps - which include WeChat, Didi, Railroad 12306, Baidu Music and NetEase Music - noting that "after the top 25 impacted apps, the number of impacted users drops significantly." It has also promised to make it easier - and quicker - for Chinese developers to download Xcode, because the difficulty of obtaining the official software reportedly drove developers to obtain it from non-official sources.


China is a massive and growing market for Apple, accounting for $13.2 billion in revenue in its last financial quarter, compared to $20.2 billion in the United States and $10.3 billion in Europe. In January 2014, Apple reported that Chinese developers had already launched 130,000 apps via Apple's app store.


Before this malware attack, only five malicious apps had ever successfully made it into the App Store, according to cybersecurity firm Palo Alto Networks.

Timeline: XcodeGhost Discovery

On Sept. 14, China's Computer Emergency Response Team issued a warning about the danger of using unofficial versions of Xcode. Just days later, Chinese researchers began reporting that at least a handful of apps had been infected with XcodeGhost malware, after which the count of infected apps has continued to skyrocket.


On Sept. 20, the XcodeGhost-Author account-holder on China's Weibo social media platform claimed credit for the malware campaign, saying the ability to trojanize the Xcode software had been an "accidental discovery," and that it had been distributed as "a one-time, mistaken experiment" to see if it could be used to push advertisements to infected devices, The Wall Street Journal reports.


The message claimed that the capability had never been exploited and noted that the malware was only ever designed to collect basic user and device data. "And 10 days ago, I actively shut down the server and deleted all the data, so it will not have any effect on anyone," it said.

While it is impossible to verify those claims, many security experts have dismissed them, saying the attacker's intentions were obviously nefarious. "The entire process was plotted and planned," mobile Internet security expert Lin Wei told China Central Television, pointing to a campaign that used multiple Internet accounts to make the software available - via multiple websites - over a six-month period, The Wall Street Journal reports.

Recommendation: Uninstall Apps

Pending updates from every developer that shipped an infected app, information security experts recommend that users uninstall all apps that were known to be infected. "Developers are releasing updated, clean versions of their apps. The best fix, if one of your apps is listed, is to uninstall it," says Lee Neely, a senior IT and security professional at the U.S. Department of Energy's Lawrence Livermore National Laboratory, in a recent SANS Institute newsletter.


Neely says that both iOS developers and Apple are to blame for the XcodeGhost malware outbreak. "This malware made it into the Apple App store due to social engineering of developers and a shortfall of Apple's code review process," he says. "When you own the compiler/IDE [integrated code environment], you own the apps created with it."

more...
No comment yet.
Scoop.it!

Messaging And The Apple Watch

Messaging And The Apple Watch | IT Support and Hardware for Clinics | Scoop.it

Although the Apple Watch boasts the ability to instantly notify users with important updates — breaking news stories, changes to their bank account or the achievement of a fitness goal — its 42mm screen can be a major constraint for developers and designers.


This is especially true for messaging applications, which must figure out how to create an essentials-only design that enables two-way communication without the luxury of a keyboard. When designing a messaging application for the Apple Watch there are several key considerations that must be kept in mind to ensure developers are creating something people will actually use.

Is the Apple Watch Worthy?

Jonathan Ive’s team developed the Apple Watch to help solve the problem they themselves created: smartphone addiction. Between the constant influx of notifications and the 24/7 connectivity to work, we are prisoners of our own devices.


Reluctantly, I’ll admit that I’m guilty of this in my personal life. As I play with my kids on a Saturday afternoon in the park, I can’t help but discreetly sneak a look at my phone every few minutes. We just cannot free ourselves from the thought of missing something important.


While critics claim otherwise, the Apple Watch actually frees us from our constant surreptitious phone-checking habit. By filtering the most important alerts and providing immediate notifications that can be absorbed with a glance, the Apple Watch causes users to pick up their phone less frequently and only for matters that involve a response.

Between the constant influx of notifications and the 24/7 connectivity to work, we are prisoners of our own devices.

Given the nature and purpose of the Apple Watch, the first question companies should ask is whether or not their business app interaction is worthy of immediate interruption. For enterprise messaging, the answer is a resounding Yes. The instant nature of messaging lends itself naturally for a new communication medium like the Apple Watch.

Starting From Scratch

Just like every app does not belong on the Apple Watch, every iPhone interface will not transfer to the face of a wristwatch. Over-simplification is important. You may think your iPhone app is sleek and simple, but everything changes when you drastically reduce the screen size.

Simplifying isn’t just about design; it’s about reducing the number of available features on the app. Many of the browsing or text-heavy portions of a smartphone platform are no longer applicable on the watch form factor, requiring developers to determine which features are used the most and eliminate the rest.

Color palettes on the Apple Watch also matter. Despite the assumption that a color palette would be the easiest part of the Apple Watch transition, it usually cannot be replicated from the smartphone. The Apple Watch’s black background and small screen size completely change the game, meaning that the de-saturated colors often used in traditional branding appear muted and are difficult to read, which forces designers to switch over to bright, high-contrast colors.

The Need For Context-Intelligent Responses

First and foremost, the Apple Watch is a notification platform. Punching out a lengthy message isn’t feasible without a keyboard, so messaging apps face a unique challenge not met by notification-based platforms. As we worked to solve this problem, we kept coming back to one central theme: speed.


Apple Watch users should be able to glance down at their wrist, instantly absorb the information they need and move on with their day. This is why Apple’s User Interface Guidelines suggest that app developers keep all interactions with the watch to less than 30 seconds.


With a 30-second time constraint, how do you empower users to read a notification and reply, while avoiding the often-awkward voice response? We focused on context-intelligent emojis and canned text responses to reply quickly. While the basic forms of both of these technologies have been available for years, they lacked context and the ability to accurately predict a user’s reply. That’s beginning to change.


Right now, enterprise messaging applications offer a series of canned responses, such as “Yes, I’m available now” or “We closed the deal.” Eventually, messaging applications will be able to gather relevant data to enable the creation of personalized and relevant response options.

For example, if a colleague asks to do lunch at 1pm, the app could gather information from a user’s calendar, current location, past preferences and outside data (such as access to OpenTable) to suggest personalized responses, such as “I’m not available until 1:30. Let’s meet at Salt House on Mission Street. They have tables available at that time.”

Looking Ahead

With the recent watchOS 2 announcement, which will support native apps as well as third-party complications, it is clear Apple views enriched third-party apps as critical to delivering a fully integrated wearable experience. Still, the full potential of messaging apps will not be realized until the Apple Watch can function without the iPhone.

Independent of this crutch, and with the capabilities of everything from instant communication to project management, the Apple Watch stands to become the ultimate convener, allowing users to seamlessly manage both their personal and professional lives.

more...
No comment yet.
Scoop.it!

Apple Obtains Touch ID-Related Patents From Biometric Security Firm Privaris

Apple Obtains Touch ID-Related Patents From Biometric Security Firm Privaris | IT Support and Hardware for Clinics | Scoop.it

Apple has been working to acquire the intellectual property assets of Charlottesville, Virginia-based biometric security firm Privaris, according to CNN. Privaris recently transferred 26 of its 31 patents to the iPhone maker, including 4 patents in December 2012 and dozens more in October 2014

The patents are primarily related to fingerprint and touchscreen technology that could lead to Touch ID improvements on future devices. Last February, well-informed KGI Securities analyst Ming-Chi Kuo told investors that the next iPhone will have animproved Touch ID with reduced errors.


"For example, one of Privaris' patents covers the ability to use a touchscreen and fingerprint reader at the same time. Another invention of Privaris' could allow you to open a door with your iPhone by scanning your fingerprint and holding your phone up to a reader, similar to how you pay for items with Apple Pay."


While the transferred patents have fueled acquisition rumors, the Privaris website has not been updated since 2010 and seemingly none of the company's senior executives or other employees have updated their LinkedIn profiles with positions at Apple. 

Accordingly, it is more likely that Privaris has scaled down or went out of business and Apple has acquired the company's patent portfolio and other intellectual property. However, the possibility of an acquisition cannot be entirely ruled out. 

Privaris, which reportedly raised $29 million in funding, developed a lineup of PlusID personal biometric devices to access computers, networks, websites, software, VPNs, secured printers and online apps. 

The company has also offered several other products and services related to access control systems, fingerprint authentication, biometric computer security, biometric security software and access cards, all technologies that fall within the realm of Touch ID. 

more...
No comment yet.
Scoop.it!

Google, Apple, Microsoft and Mozilla team up to create faster browsers

Google, Apple, Microsoft and Mozilla team up to create faster browsers | IT Support and Hardware for Clinics | Scoop.it

Engineers at GoogleAppleMicrosoft and Mozilla are partnering to createWebAssembly (a.k.a wasm), a bytecode for use in the browsers of the future that promises up to 20 times faster performance.


WebAssembly is a project to create a new bytecode (a machine-readable instruction set that’s quicker for browsers to load than high-level languages) that’s more efficient for both desktop and mobile browsers to parse than the full source code of a Web page or app.


Browsers currently use JavaScript to interpret code and enable functionality on websites such as forms and dynamic content. Improvements have been made to load times via asm.js, but bytecode-based systems like .NET are faster.


Proposed as a standard that could one day be implemented in all browsers, WebAssembly could bring app-like performance to Web content and apps.


Until WebAssembly becomes more widely available, the coalition of developers plan to bridge the gap with a JS script that will convert wasm to Mozilla’s widely supported asm.js for browsers that don’t support the new format yet.


WebAssembly is still very much in its early days: neither its specifications nor its high level design have been finalized yet. However, with major browser developers behind the project, it should see the light of day soon enough.

more...
No comment yet.
Scoop.it!

Smartphone thefts drop as kill switch usage grows

Smartphone thefts drop as kill switch usage grows | IT Support and Hardware for Clinics | Scoop.it

Phone theft used to be a growth industry. The snatch-and-run stealing of iPhones even had its own clever moniker: Apple picking. But such thefts might be in decline. Last year, 2.1 million Americans had phones stolen, according to a nationally representative survey conducted by the Consumer Reports National Research Center. (Another 3.1 million smartphones were lost.) In 2013, about 3.1 million phones were stolen, according to our previous survey.

The two Consumer Reports surveys employed slightly different methodology, which could account for some of the drop, but there is other evidence of a decline—and the trend might accelerate now that Android devices seem poised to embrace kill switches, which allow you to deactivate your stolen or lost phone. 

Smartphones have allowed users to remotely wipe their data for years. But in 2013 prosecutors across the country started calling for technologies that disable, or “brick,” stolen phones to deter thieves from stealing them for resale overseas. Minnesota and California both passed laws requiring manufacturers to make progress on installing anti-theft features by July 1, 2015.

Apple is well ahead of the deadline. After the company added a kill switch to its Find My iPhone app in 2013, police departments around the country reported that iPhone thefts dropped. Then, Activation Lock became a default feature last fall with the launch of the iPhone 6 and 6 Plus. Samsung also added a kill switch—called Reactivation Lock—to a few phone models in 2013. But, in general, Android phones haven’t had the technology. To protect their devices, consumers had to download aftermarket security apps.


Many expected Android Lollipop 5.0 to resolve that problem in late 2014, but manufacturers didn’t implement the kill switch, presumably because of performance issues. Now, all eyes are trained on Lollipop 5.1, due to roll out this summer. Given the helter-skelter, one-off approach phone companies take to their mobile operating systems, however, it will be a long time before a kill switch comes to all Android models.

The technology could eventually save U.S. consumers $3.4 billion,according to calculations by William Duckworth, a statistics and data science professor at Creighton University. (His 2014 study included the costs of replacing handsets and a portion of the money consumers spend on phone insurance.)

Kill switches aside, many phone owners do an abysmal job of protecting their mobile devices, the new Consumer Reports survey found. Among survey respondents, only 46 percent set a screen lock using a four-digit PIN or a stronger method such as a lengthy password or fingerprint. Just 33 percent backed up their data, including photos and contacts, to a computer or online service. Built-in security technology can only get a consumer so far—to reap the benefits, you actually have to use it.

more...
No comment yet.
Scoop.it!

Why Apple believes smarter services and devices won't compromise your privacy

Why Apple believes smarter services and devices won't compromise your privacy | IT Support and Hardware for Clinics | Scoop.it

Apple's message today was abundantly clear: We value your privacy more than anyone else.


Amid a flurry of announcements ranging from a new music service to a smarter, more proactive version of Siri, Apple executives hammered the point home on Monday during the company's Worldwide Developers Conference that it takes your personal information seriously.


"If we do look up something on your behalf, such as traffic, it's anonymous," said Craig Federighi, senior vice president of software for Apple, at the event in San Francisco. "You are in control."


Apple's mission to maintain your privacy, a theme that was set up by CEO Tim Cook last week when he said "morality demanded" that people have the right to keep their affairs to themselves, is a key advantage in the escalating battle over a slate of services that are designed to manage your connected life, which can range from your smartphone to your car. It's also a less-than-subtle shot at Google, a company that similarly wants to be everything in your life -- but is keen to use your information to enable more relevant ads.


"Apple is drawing the line as to what belongs to customers and Apple vs. everyone else," said Ramon Llamas, an analyst at IDC. "It's a sense of trust that Apple is evangelizing, perhaps as a way to set itself apart from other platforms."


At the same time, Apple wants its services and programs to be more effective at helping you. Another theme of the conference keynote speech was heightened intelligence, whether it's the ability to ask a question in natural language to either its Siri digital assistant or Spotlight app, to even the curated playlist and song recommendations delivered to you via Apple Music. It's part of a broader trend of smarter, more proactive assistants, which include Google Now and its Now On Tap service, and Microsoft's Cortana.


Unlike the other services, Apple was clear that many of the actions taken by its smarter assistants occur within the device, or traveling through the cloud without its knowledge. It's a function of its core business model: generating revenue and profits off its devices, with software and services driving demand for those products.

That stands in contrast with Google, which typically generates advertising off its many free services, or Microsoft, which makes money off the services that you use.


"There's a difference between the device knowing you vs. the company behind the device," said Carolina Milanesi, an analyst at Kantar WorldPanel. "That is very subtle."

Siri, Spotlight get smarter

A highlight of Apple's announcements was the ability to ask questions in a natural language to Siri, the company's virtual assistant. The new functions include the ability to set reminders or pull up photos from a specific location. It can also offer suggestions on contacts for meetings or apps you should be using.


The new features come as Google and Microsoft tout the expanded capabilities of their own assistants. Microsoft, for instance, said its Cortana assistant will live on both smartphones and other Windows 10-powered devices.


For Apple, it's also part of a broader push to make iOS 9 anticipate your needs.

more...
No comment yet.
Scoop.it!

What Apple has learned from ResearchKit so far

What Apple has learned from ResearchKit so far | IT Support and Hardware for Clinics | Scoop.it

Apple operations chief Jeff Williams says that ResearchKit — the suite of medical research tools for the iPhone that Apple launched in March — has already helped researchers make a lot of interesting discoveries.


Apple originally partnered with five different companies and research centers to create apps that study Parkinson's, diabetes, asthma, breast cancer, and heart disease.


With the assurance that Apple itself will never see their data, iPhone owners can use the apps, letting researchers collect huge amounts of data "at a fraction of the cost." 


William's said on stage at Re/code's Code Conference on Wednesday that data from the Parkinson's app in particular has already surfaced some valuable insight for researchers. 

The Parkinson's app, called Parkinson mPower (which stands for Mobile Parkinson Observatory for Worldwide, Evidenced-based Research), was developed by the non-profit research organization Sage Bionetworks in partnership with two University of Rochester physicians, Dorsey and Karl Kieburtz, and Aston University mathematics professor Max Little.


For example, comparing the tests of people who have Parkinson's and who use the app to the results of people who decided to join the app as part of the control group, Williams says that researchers made a startling observation:


Amongst the people who signed up as part of the control group, some of them exhibited symptoms similar to those who have Parkinson's. This could mean several things, including — potentially — that some of the people in the "control" group may have the disease as well. Since ResearchKit isn't a legal diagnostic tool yet, these results are still very preliminary. Plus, the study was only observational, meaning the researchers have no direct control over the experiment (they can't assign some people to develop Parkinson's and others to not develop it) and simply observe the way participants use the app.


Another valuable data point comes from looking at how people's medication affects their test results. After someone with Parkinson's takes their medicine, for example, that person should ideally have an easier time completing the app's tests, which include recording their voice and tapping their phone's screen as fast as they can. Subtle voice changes in tremor and volume as well as changes in dexterity have been shown to be a good way to measure the severity of Parkinson's symptoms, according to the University of Rochester Medical Center


For many of the app's recent users who reported taking their medicine regularly, however, their test results did not appear to improve significantly, said Williams.


That's incredibly useful data for patients and doctors who want to see what effect — if any — their medication is having. 


"If we only got these two learnings out of this app, it would already be worth it," Williams says.


In addition to its data on Parkison's, said Williams, another app called the asthma app is helping researchers at Mount Sinai pinpoint different triggers for asthma.


In Texas, for example, heat came up as one of the main possible triggers for asthma in people who use the app. In New York, on the other hand, the most popular trigger amongst users appeared to be anger. 


Getting that information only took researchers weeks and months instead of years, like it usually would, Williams said. 

more...
No comment yet.
Scoop.it!

Apple and Google ask Obama to leave smartphone security alone

Apple and Google ask Obama to leave smartphone security alone | IT Support and Hardware for Clinics | Scoop.it

FBI director James Comey has asked Congress for help getting around the upgraded encryption on Apple's smartphone, something he believes is creating too high a hurdle for law enforcement. It's not clear if his calls for new legislation have much chance for success, but they are clearly causing ripples in Silicon Valley. In a letter obtained by The Washington Post, tech heavyweights like Apple and Google call on President Obama to reject any new laws that would weaken security.

Better domestic surveillance is not an easy sell


There have been laws kicking around Congress for a while that would create the kind of backdoors Comey and other security hawks have been pushing for. CALEA II is one such bill, but it trips over all the outsized fears about government surveillance that the public has long held, even more so in the wake of Edward Snowden and revelations about just how much of our everyday communication is being vacuumed up by the NSA.


As we wrote back in October of 2014, that means "Comey's left exactly where we started, making ominous noises and generating headlines favorable to the FBI, but not actually doing anything. It's a bluff, a way to nudge public opinion without committing the bureau to anything. This isn't a crypto war — it's a pageant."


more...
No comment yet.
Scoop.it!

The first Apple Watch update arrives with faster app performance

The first Apple Watch update arrives with faster app performance | IT Support and Hardware for Clinics | Scoop.it

The Apple Watch arrived on the scene with at least a few rough edges, but the crew at 1 Infinite Loop is trying to smooth at least some of them today. The company has released a 1.0.1 update for the Watch that improves performance across the board, and should be a particular help with third-party apps hosted on your iPhone -- many of which seemingly took forever to load in the original release. The difference isn't dramatic in our experience, but it is there. Your wristwear should also do better jobs with Siri voice recognition and calculating fitness data (such as calories and distance), and the interface supports seven extra languages ranging from Brazilian Portugese to Turkish. This doesn't include any of the big interface-level features hinted at in recent rumors, but it's good to see Apple's first wearable get some much-needed polish.


more...
No comment yet.
Scoop.it!

Law Banning Default Encryption Unlikely

Law Banning Default Encryption Unlikely | IT Support and Hardware for Clinics | Scoop.it

Laws rarely, if ever, keep up with technology, but even if they could, the consequences could prove more harmful than the benefits.

That was evident at an April 29 hearing of the House Oversight and Government Reform Subcommittee on Information Technology that addressed the encryption - and security - of mobile devices.

 Upholding civil liberties and civil rights are not burdens. They make all of us safer and stronger. 


Here's the problem the panel addressed that faces law enforcement: Encryption is the default setting for new Apple iPhone and Google Android mobile devices, meaning that law enforcement cannot gain access to encrypted data on the devices even if they have a search warrant. To gain access, the manufacturers would have to create a so-called "backdoor," and give law enforcement a special key to decrypt data on mobile devices. Without such a key, law enforcement could gain access only with the permission of the devices' owners, an unlikely scenario if the encrypted data contains incriminating evidence.

"We call it 'going dark,' and it means that those charged with protecting the American people aren't always able to access the information necessary to prosecute criminals and prevent terrorism even though we have lawful authority to do so," FBI Executive Assistant Director Amy Hess told lawmakers.

Backdoor Benefits

Hess furnished the subcommittee with examples on how accessing data enabled forensics experts to solve crimes, including kidnaping, false rape accusation and murder.


"Today's encryption methods are increasingly more sophisticated, and pose an even greater challenge to law enforcement," she said. "We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet or a laptop - evidence that may be the difference between an offender being convicted or acquitted - but we cannot access it."


Advocates of giving law enforcement a backdoor key include President Obama and FBI Director James Comey. At the Congressional hearing, Suffolk County (Mass.) District Attorney Daniel Conley voiced strong support: "The Fourth Amendment allows law enforcement access to the places where criminals hide evidence of their crimes, once the legal threshold has been met," Conley testified. "In decades past, these places were car trunks and safety deposit boxes; today they are computers and smartphones."

Questioning Motives of Apple, Google

Conley dismissed Apple's and Google's contention that the default encryption they offer on their devices safeguards consumers' privacy.

"Their nominal commitment to privacy rights would be far more credible if they were forbidding themselves access to their customers' interests, search terms and consumer habits, but as we all know, that's not a step they're willing to take," Conley said. "Instead, they're taking full advantage of their customers' private data for commercial purposes while building an impenetrable barrier around evidence in legitimate, court-authorized criminal investigations."


Hess and Conley make a somewhat sound argument. After all, police, with the proper court order, can break into filing cabinets to retrieve evidence. But the rules of the physical world don't always translate well into the virtual one. And other witnesses at the hearing made more compelling arguments for why creating an electronic backdoor is a very bad idea.


"Unfortunately, harsh technical realities make such an ideal solution [a backdoor] effectively impossible, and attempts to mandate one would do enormous harm to the security and reliability of our nation's infrastructure, the future of our innovation economy and our national security," said cryptographer Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania. "We just can't do what the FBI is asking without weakening our infrastructure."

Undermining U.S. Cybersecurity

Providing a backdoor would undermine America's cybersecurity. "While the FBI would have us believe that law enforcement alone will be privy to our sensitive data, history demonstrates that bad actors will always be ahead of the curve and find an avenue to manipulate those openings," said Jon Potter, president of Application Developers Alliance, a trade group. "As one well-regarded cryptographer said, 'You can't build a backdoor that only the good guys can walk through.'"

Creating a backdoor could potentially cost the American economy billions of dollars in lost business. Kevin Bankston, policy director of the think tank New America's Open Technology Institute, says a backdoor would give foreign users, including corporations and governments that especially rely on the security of technologies, even more incentive to avoid American wares and turn to foreign competitors. "To put it bluntly," he said, "foreign customers will not want to buy or use online services, hardware products, software products or any other information systems that have been explicitly designed to facilitate backdoor access for the FBI or the NSA."

Encryption Mitigates Risks

But the most compelling argument for retaining default encryption that's beyond the reach of law enforcement is that it makes everyone safer, especially on smartphones. "The vast amount of personal information on those devices makes them especially attractive targets for criminals aiming to commit identity theft or other crimes of fraud, or even to commit violent crimes or further acts of theft against the phone's owner," Bankston said.


"By taking this step for their customers and turning on encryption by default," he said, "mobile operating system vendors have completely eliminated the risk of those crimes occurring, significantly discouraged thieves from bothering to steal smartphones in the first place, and ensured that those phones' contents will remain secure even if they are stolen."


It's an argument that can persuade even the most ardent supporters of law enforcement and intelligence agencies. The subcommittee's chairman - freshman Republican William Hurd of Texas, a former undercover CIA agent and cybersecurity strategist, concluded the hearing by opposing offering law enforcement a backdoor. "I hold everyone in law enforcement and the intelligence community to a higher standard," he said. "Upholding civil liberties and civil rights are not burdens. They make all of us safer and stronger."


more...
Jan Vajda's curator insight, May 2, 2015 1:53 PM

Přidejte svůj pohled ...

Scoop.it!

Researchers find another terrifying iOS flaw

Researchers find another terrifying iOS flaw | IT Support and Hardware for Clinics | Scoop.it

It can't have escaped your attention that security experts have declared open season on Apple products over the last few weeks. At San Francisco's RSA conference, an even more terrifying exploit has been revealed that has the power to send your iPhone or iPad into a perpetual restart loop. Mobile security firm Skycure has discovered that iOS 8 has an innate vulnerability to SSL certificates that, when combined with another WiFi exploit, gives malicious types the ability to create "no iOS zones" that can render your smartphones and tablets unusable. Before you read on, grab a roll of tinfoil and start making a new case for your iPhone.

Broadly speaking, any app that uses SSL certificates - which is almost all of them - can be fed a dummy certificate that causes it to crash. If, however, you can feed that same dodgy data into the operating system itself, then the hardware will be thrown into a perpetual loop of failed restarts. That can be easily achieved if you can set up a WiFi network to behave like one of the trusted setups that iOS automatically tries to connect to. So, as Gizmodo says, all it takes is for someone to build a nefarious network, name it "attwifi" and they've got a honeytrap.

Skycure has already reported its findings to Apple and won't give away any more details should it give hackers free reign to brick thousands of devices. Until the problem is fixed, users are advised not to trust free WiFi networks, keep iOS updated and, should they wander into a "no iOS zone," get out, quickly.


more...
No comment yet.
Scoop.it!

Apple Systems Vulnerable to Bug

Apple Systems Vulnerable to Bug | IT Support and Hardware for Clinics | Scoop.it

Kaspersky Lab has released information on a vulnerability, dubbed "Darwin Nuke," discovered by its security researchers in the kernel of Darwin - an open-source component of Apple's OS X and iOS operating systems. This vulnerability leaves OS X 10.10 and iOS 8 devices exposed to remotely activated denial-of-service attacks that can damage the user's device and impact any enterprise network to which it is connected.


According to Kaspersky's SecureList Blog, the vulnerability is connected with the processing of an IP packet that has a specific size and invalid IP options, enabling attackers to cause a denial of service on devices with 64-bit processors and OS X v10.10 or iOS v8 or lower versions installed.


This means that attackers can send just one incorrect network packet to the victim, and the victim's system will crash. The bug was discovered in December 2014 and shared with Apple.

Apple confirms that the vulnerability CVE 2051-1105, has been fixed in its latest software releases: OS X Yosemite v10.10.3 for Macintosh PCs; iOS v8.3 for Apple mobile devices (iPhone, iPads); and the Apple TV v7.2 software update.


How it Works


The "Darwin Nuke" vulnerability can be exploited by an attacker by sending an IP packet of specific size and with invalid IP options to a device with OS X 10.10 or iOS 8. The OS on the device crashes after processing the incorrect network packet.

Kaspersky Lab's blog states that the IP packet needs to meet the following conditions to crash the system:


  • The IP header size should be 60 bytes;
  • The IP payload size should be less than or equal to 65 bytes;
  • The IP options should be incorrect (invalid option size, class, etc.)


When these conditions are met, the OS panic function is engaged and the system is shut down in emergency mode, the researchers say. "At first sight, it is very hard to exploit this bug, as the conditions attackers need to meet are not trivial ones. But persistent cybercriminals can do so, breaking down devices or even affecting the activity of corporate networks," says Anton Ivanov, senior malware analyst at Kaspersky Lab.


Routers and firewalls would usually drop incorrect packets with invalid option sizes, Ivanov says. But the researchers discovered several combinations of incorrect IP options that are able to pass through. Kaspersky has not released any data on such attacks being noticed in the wild. According to Apple's website, this vulnerability existed because of a "state inconsistency" in the processing of TCP headers in OS X and iOS, which has be addressed in its latest updates.


Recommendations


When this vulnerability is exploited, it apparently impacts the device more than the enterprise network, says a senior CISO from the Indian information security community, who asked not to be named. He believes there are no references as yet that exploited devices could act as a launch pading for attacks into the enterprise network.

Those who have mobile device management enabled should quickly enforce users to update to iOS 8.3, he says. Those who are unable to do so should campaign for an upgrade to iOS 8.3 and prepare a business case for MDM, he advises.


K. K. Mookhey, director at Mumbai-based security consultancy Network Intelligence, says that given that the vulnerability requires a number of conditions be met for it to execute successfully, and is a denial of serivce vulnerability, it does not result in a compromise of the endpoint. As a result, he says the implications for enterprise security are highly limited. "I wouldn't have sleepless nights over it, but yes updating the iOS version is mandatory whenever there is a security release."

Sridhar Govardhan, head of cyber defense at Indian IT giant Wipro, believes that with Apple products increasing in popularity, they will continue receiving more attention from attackers. Most security products are focused on the Windows platform currently, he says, and very few vendors have solutions for anti-malware protection and patch management for Apple's platforms.


Experts, including Kaspersky Lab, recommend upgrading all Apple devices to the latest versions of the respective operating systems - v10.10.3 and Security Update 2015-004 for OS X Yosemite, Apple TV 7.2 and iOS v8.3 - to remediate this flaw.

more...
No comment yet.
Scoop.it!

The Apple Store will give you credit for old Android phones

The Apple Store will give you credit for old Android phones | IT Support and Hardware for Clinics | Scoop.it

If you’re ready to defect to the iPhone from Android or BlackBerry, the Apple Store will welcome you with open arms—and some store credit.

Apple retail stores are expanding their trade-in programs beyond the iPhone and iPad to include “select” smartphones from other manufacturers. Word of the new program first appeared on individual store websites, as spotted by 9to5Mac.

Apple has been offering credit for old iPhones and iPads at its retail stores since 2013. The company also accepts old Apple products and Windows PCs through its Reuse and Recycle website. This is the first time Apple will be offering store credit for Android and BlackBerry phones.

It’s unclear how much you’ll get for these devices compared to other tech buyback services such as Gazelle, NextWorth, and EcoATM. Apple hasn’t posted any trade-in details for its U.S. stores, and Engadget reports that employees some locations aren’t even aware that the program has begun. We’ve reached out to Apple for clarification.

Why this matters: It’s extremely convenient to be able to dump your old phone while getting a discount on a new one, which might explain why all four major U.S. carriers now have their own trade-in programs. Apple is just making sure that its own stores have the same option—especially for users who can’t wait to switch platforms.


more...
No comment yet.
Scoop.it!

We just learned more about Samsung's big competitor to Apple Pay

We just learned more about Samsung's big competitor to Apple Pay | IT Support and Hardware for Clinics | Scoop.it

Samsung announced its new mobile payments system months ago, but we just got our first look at how it actually works.

Samsung Pay will be available in the United States starting in September after first launching in South Korea this month.


Samsung's payment system is different than Apple's in one crucial way — it works at standard mobile payment terminals with magnetic stripe readers and NFC terminals. This means you can use Samsung Pay anywhere you can use a credit card, while you can only use Apple Pay and other payment solutions such as Google Wallet at retailers that have NFC terminals.


We've known about this for a while, but Samsung has just told us more about how you'll actually use the service when it launches. If you have Samsung Pay all set up, you can swipe up on the lock screen to select which card you want to pay with, as shown to the right.


This works even if your phone is asleep, so you don't have to turn on the display to start a payment transaction. From there, you can choose to authenticate your purchase by typing in a PIN or by pressing your fingerprint on the home button. Samsung also says its Knox software is integrated into Samsung Pay, which adds real-time hacking surveillance and encryption to the service.


Since Samsung Pay is compatible with both NFC and magnetic stripe terminals, your phone automatically decides to choose one or the other when you're making a purchase. 

more...
No comment yet.
Scoop.it!

Apple’s next big iPhone update will turn your iPhone 6 into an iPhone 5/5s to save battery life

Apple’s next big iPhone update will turn your iPhone 6 into an iPhone 5/5s to save battery life | IT Support and Hardware for Clinics | Scoop.it

Apple's next big iPhone update comes with a feature that helps you get the most out of your iPhone's battery, especially when it's already running low on juice.


Naturally, this means your iPhone has to cut back on some of its normal functionality to conserve power.


New tests run by blog MacRumors show us just exactly how much this low power mode dials back your iPhone's performance.


MacRumors used GeekBench, a popular tool used to measure how a smartphone's processor performs, to conclude that low power mode reduces performance by about 40%. This means your iPhone 6 would be on par with an iPhone 5s or iPhone 5 in terms of performance, as 9to5Mac points out.


If you turn on the feature, your iPhone will automatically kick into Low Power Mode when it's nearly out of battery. Your iPhone will cut back on background activity, such as fetching email, automatic downloads, and visual effects such as the parallax wallpapers.


It seems like a welcome trade-off though — during its annual developers conference keynote earlier this month, Apple said Low Power Mode in iOS 9 can extend your iPhone's battery life by three hours.  


Adding new features like this is important for both iPhone and Android. In general, battery technology for smartphones hasn't really advanced dramatically in the past several years. So it's up to the companies making software for smartphones to make sure their operating systems are optimized to get the most out of these batteries. 

more...
No comment yet.
Scoop.it!

Apple, Samsung Devices: Bug Warnings

Apple, Samsung Devices: Bug Warnings | IT Support and Hardware for Clinics | Scoop.it

Security researchers are sounding warnings about separate flaws that put millions of Android, iOS and Apple OS X devices at risk.


A keyboard-related flaw affects more than 600 million Samsung devices, and could be used to remotely run malicious code.


Separately, researchers say they have identified a series of vulnerabilities - dubbed "Xara" - in Apple iOS and OS X devices that allow them to sidestep the OS X sandbox. The flaws could be exploited by malware to steal data and passwords, for example, by cracking the built-in Keychain password manager in OS X.

Apple's Xara Flaws

The Xara flaws - for "cross-app remote access" - were discovered by researchers from Indiana University, Georgia Institute of Technology, as well as Peking University and Tsinghua University in Beijing.


The flaws stem from both iOS and OS X failing to authenticate many types of app-to-app and app-to-OS interactions, the researchers write in a related research paper. "We found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by [custom-developed] malware to steal such confidential information as the passwords for iCloud, email and [banks], and the secret token of Evernote."


The researchers have posted online demonstrations of how Xara could be exploited to steal iCloud tokens, passwords from the Google Chrome browser and private notes from Evernote users. They also demonstrated an attack using the WebSocket protocol - used to display Web content in apps - that allowed them to intercept all passwords from1Password that get used in the Chrome browser. And while they have not given Xara its own logo - as so many firms now seem to do - other researchers quickly obliged.


Apple did not immediately respond to a request for comment about the Xara flaws. But the researchers say that hundreds of apps that they studied have these flaws, although they could be corrected if developers rewrite their apps. Still, it's unlikely such moves would happen quickly. "Since the issues may not be easily fixed, we built a simple program that detects exploit attempts on OS X, helping protect vulnerable apps." The researchers have promised to release that program soon.

Samsung Keyboard Flaw

Researcher Ryan Welton from mobile security firm NowSecure - formerly known asviaForensics - has published proof-of-concept exploit code for a vulnerability in third-party keyboard app SwiftKey, which he says is installed by default on numerous Samsung mobile devices, including the Galaxy S4, S5 and S6.


"The Swift keyboard comes pre-installed on Samsung devices and cannot be disabled or uninstalled," he says. "Even when it is not used as the default keyboard, it can still be exploited."


The flaw does not exist in regular SwiftKey installations, but only on Samsung devices, thanks to how the OEM has configured the keyboard app, he says. That's because Samsung has programmed its variant of SwiftKey - called SamsungIME - to include "an auto-update 'feature' ... that doesn't do authentication or integrity," says security researcher Paul Ducklin at Sophos in a blog post. As a result, an attacker could abuse this feature, which is HTTP-based, to "update" devices with arbitrary code, essentially reprogramming them.


Details of the "highly reliable, completely silent" attack were first released publicly this week byWelton at the Black Hat Summit in London. Welton says he informed Samsung of the flaw in December, as well as CERT, which alerted Google's Android team, and which has classified the bug as CVE-2015-2865.


To date, it's unclear how many users remain at risk from the flaw. "While Samsung began providing a patch to mobile network operators in early 2015, it is unknown if the carriers have provided the patch to the devices on their network," NowSecure says in a related research report. "In addition, it is difficult to determine how many mobile device users remain vulnerable, given the [device] models and number of network operators globally."


Pending a patch, Welton says it will be difficult for Samsung device users to safeguard themselves against related attacks. "Unfortunately, the flawed keyboard app can't be uninstalled or disabled," he says. "Also, it isn't easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update. To reduce your risk, avoid insecure Wi-Fi networks, use a different mobile device and contact your carrier for patch information and timing."


Ducklin also recommends Samsung users avoid using untrusted networks, and potentially use a virtual private network, so that "all your network traffic is encrypted before it leaves your device, 'tunneled' back to a server at head office or at home, and only sent out onto the open Internet from there."

more...
No comment yet.
Scoop.it!

Wearables are making gains, but they still face major barriers to adoption

Wearables are making gains, but they still face major barriers to adoption | IT Support and Hardware for Clinics | Scoop.it

With the launch of the Apple Watch, and a slew of smartwatches and fitness bands on the market from competing companies, the devices seem to be taking off among consumers. 

But there are still several barriers that could inhibit this new device category from becoming a ubiquitous, mainstream computing platform.


In a recent report on the wearable computing market from BI Intelligence, we look at how the wearables market will perform in the long run. We forecast out shipments numbers and analyze proprietary results from our BI Intelligence consumer survey on smartwatch purchase intent. But we also discuss some of the barriers to adoption that persist. Here are some of the main inhibitors: 


  • The lack of a persuasive use caseSome consumers still don't see the point of these devices. In our proprietary survey data, 51% of those who don't want a smartwatch claimed it was because they did not see the point. Until consumers see a clear reason why smartwatches will improve their lives, the smartwatch category will remain sluggish.
  • The lack of a killer app. There aren't enough apps out there that are really compelling on the wrist-worn devices. Fragmentation is one of the biggest reasons for lack of a robust wearable app ecosystem. Several wearable devices launched in the past year, and almost all of them used different platforms, making it difficult for developers to pinpoint a platform to build on. Apple's WatchKit, which was released in November, should propel more wearable-focused app development. 
  • Limited functionalityBasic fitness bands are limited to primarily tracking health- and fitness-related data and spitting this aggregated data back out onto a smartphone or tablet, and the most obvious limitation to the smartwatch is the small screen size. These devices are clearly not made to handle content like games, video, photos, and even some social media — which are some of the most popular app categories on smartphones and tablets. 
  • StyleThus far, most smartwatches have looked somewhat clunky and unsophisticated, while smart eyewear like Google Glass is simply too conspicuous and obtrusive on the face.  Apple Watch will cater to the high-end fashion crowd by offering premium versions of the device equipped with fashionable bands and even gold-plated watch faces.
more...
No comment yet.
Scoop.it!

Apple is making it harder to steal the Apple Watch

t didn't make it into today's WWDC keynote address, but Apple is adding an important security feature to watchOS 2. The new version of the wearable OS will bring Activation Lock — a feature that has been on iPhones since 2013 — to the Apple Watch.


Activation Lock is an anti-theft measure that makes stolen devices less attractive to potential thieves. If someone were to steal your device and wipe it (something that can be done on a Watch in just a few taps), Activation Lock won't let the device be reactivated without first inputting the Apple ID and password that was originally used to set it up. It may not stop someone from stealing and selling your Watch for parts, and there's still no comparable feature to "Find my iPhone," but Activation Lock is a start.


IT'S NO FIND MY IPHONE, BUT IT'S A START

Just last month, users grew worried after9to5Mac pointed out how easy it is to wipe the settings, data, and passcode from an Apple Watch. From there, someone could pair a Watch to any new iPhone. In the user guide, Apple frames this as a way to restore your Watch's functionality should you forget your passcode, which is convenient. But for many people the function made it far too easy for someone else to wind up using your Watch as their own.


Users will have the choice to enable Activation Lock on their Watch or not, so it's ultimately up to them. The watchOS 2 developer beta is available today, and the final version will be released this fall.

more...
No comment yet.
Scoop.it!

One Chinese brand makes a quarter of the world's wearable devices

One Chinese brand makes a quarter of the world's wearable devices | IT Support and Hardware for Clinics | Scoop.it

Which company do you think is the fast-rising upstart in the wearable world? Fitbit?Jawbone? None of the above, if you ask IDC. It estimates that China's Xiaomi claimed 24.6 percent of the wearable device market in the first quarter of 2015, which is no mean feat when the company didn't even start shipping its first wrist-worn gadget, the Mi Band, until the second half of last year. That still amounts to just 2.8 million devices, but it was enough to shrink the market share for virtually everyone else, including industry leader Fitbit as well as Garmin, Samsung and Jawbone. And Samsung is the only smartwatch maker on the list, we'd add. LG, Motorola, Pebble and other early entrants are lumped into the "others" group.


As to why Xiaomi did so well? Analysts don't go into detail, but the Mi Band's thrifty $15 price no doubt helped, as did Xiaomi's big presence in the Chinese smartphone space. The real question is whether or not it can keep that spot. While there aren't official Apple Watch sales figures, IDC believes that it's likely to become the benchmark for wearables, "fairly or not." The Cupertino crew won't necessarily knock Fitbit or Xiaomi out of their top spots, but its sheer clout could easily make it a major contender.

more...
No comment yet.
Scoop.it!

Don't expect much change in the smartphone market

Don't expect much change in the smartphone market | IT Support and Hardware for Clinics | Scoop.it

The worldwide smartphone market in 2019 is expected to look awfully similar to today's smartphone market.


By the end of 2015, total smartphone shipments will hit 1.4 billion, according to new data from research firm IDC.


Google's Android operating system will account for 1.15 billion shipments, nabbing 79.4 percent of the worldwide smartphone market. Apple's iOS will come in second place at 237 million shipments and 16.4 percent market share. Microsoft's Windows Phone will only muster 46.8 million shipments and 3.2 percent market, said IDC .

Although iOS and Windows Phone will see their shipments jump considerably this year -- 23 percent and 34.1 percent, respectively -- not much is going to change in the marketplace over the next four years. By the end of 2019, Android will still own 79 percent of the worldwide smartphone market, followed by 14.2 percent for iOS and 5.4 percent for Windows Phone, said IDC.


The data shows how difficult it can be for any company to compete with Google's Android platform. A slew of vendors around the world, including HTC, Samsung, LG, Huawei, Xiaomi and countless others, all use Android to power their devices. The benefits to Android vendors are myriad, but chief among them is the ability to focus on hardware design and leave Google to worry about software updates, managing an operating system and attracting developers to an application marketplace.


Google will take on that charge at its I/O developer conference later this week. While the company isexpected to use the event to showcase the next version of Android, code named Android M, Google will also hold sessions for its developers to learn more about creating apps for its many platforms, including Android and Chrome OS. For Android handset vendors, there's also an ancillary benefit to the conference: Google shines a light on Android, boosting interest in the operating system and thus, devices running it. There's a possibility that some new Android devices could be shown off at I/O later this week.

For Apple, competing with Android for operating system dominance means little to nothing. While Google tries to woo vendors and get Android on as many devices as possible, Apple keeps its operating system to its line of iPhones and iPads. For Apple, the value is in selling hardware.


Apple's decision to debut larger-screen iPhones last September proved to be a good idea for its hardware business, according to IDC. Apple's 23 percent year-over-year shipment gain will be due in large part to the 4.7-inch and 5.5-inch screens on its iPhone 6 and iPhone 6 Plus, IDC said. What's more, if Apple continues to offer devices with larger screen sizes, the research firm believes Apple's year-over-year sales gains will outpace the entire market.


"IDC believes a sizable portion of the Android installed base were those who migrated over to the platform from iOS with the desire for a larger screen smartphone," IDC program director Ryan Reith said in a statement. "This is an opportunity Apple is no question focusing on."

While Apple's shipments will grow over the next four years, the worldwide smartphone market will start to see shipments slow. IDC reported that total smartphone shipments will be up 11.3 percent in 2015, down from a 27.6 percent growth rate in 2014. By 2019, the market's growth rate will hit just 5.1 percent, and over a five-year period, the average growth rate will be 8.2 percent.


IDC said the slowdown is due in part to China. The market was, over the last few years, a major driver for smartphone growth as consumers were buying their first devices. As smartphones have started to saturate the market, shipments will start to fall. Indeed, IDC predicts that China's smartphone shipments will be up just 2.5 percent this year, adding that "the largest market in the world has reached a level of maturity where rapid growth will be harder to achieve."


Those issues in China are expected to have negative implications on Android, IDC said. Google's platform has relied on China to be a major growth driver for shipments. As China slows down, Android shipments will follow.


"This has implications for Android because China has been a critical market for Android smartphone shipments in recent years, accounting for 36 percent of total volume in 2014," Reith said.


Regardless, better times appear to be ahead for hardware vendors. By 2019, IDC said worldwide smartphone shipments are forecast to reach 1.9 billion. That breaks down to 1.5 billion Android devices, 274.5 million iOS devices, and 103.5 Windows Phone devices, according to IDC.


Neither Apple nor Google immediately responded to a request for comment.


The worldwide smartphone market in 2019 is expected to look awfully similar to today's smartphone market.


By the end of 2015, total smartphone shipments will hit 1.4 billion, according to new data from research firm IDC.


Google's Android operating system will account for 1.15 billion shipments, nabbing 79.4 percent of the worldwide smartphone market. Apple's iOS will come in second place at 237 million shipments and 16.4 percent market share. Microsoft's Windows Phone will only muster 46.8 million shipments and 3.2 percent market, said IDC .

Although iOS and Windows Phone will see their shipments jump considerably this year -- 23 percent and 34.1 percent, respectively -- not much is going to change in the marketplace over the next four years. By the end of 2019, Android will still own 79 percent of the worldwide smartphone market, followed by 14.2 percent for iOS and 5.4 percent for Windows Phone, said IDC.


The data shows how difficult it can be for any company to compete with Google's Android platform. A slew of vendors around the world, including HTC, Samsung, LG, Huawei, Xiaomi and countless others, all use Android to power their devices. The benefits to Android vendors are myriad, but chief among them is the ability to focus on hardware design and leave Google to worry about software updates, managing an operating system and attracting developers to an application marketplace.


Google will take on that charge at its I/O developer conference later this week. While the company isexpected to use the event to showcase the next version of Android, code named Android M, Google will also hold sessions for its developers to learn more about creating apps for its many platforms, including Android and Chrome OS. For Android handset vendors, there's also an ancillary benefit to the conference: Google shines a light on Android, boosting interest in the operating system and thus, devices running it. There's a possibility that some new Android devices could be shown off at I/O later this week.


For Apple, competing with Android for operating system dominance means little to nothing. While Google tries to woo vendors and get Android on as many devices as possible, Apple keeps its operating system to its line of iPhones and iPads. For Apple, the value is in selling hardware.


Apple's decision to debut larger-screen iPhones last September proved to be a good idea for its hardware business, according to IDC. Apple's 23 percent year-over-year shipment gain will be due in large part to the 4.7-inch and 5.5-inch screens on its iPhone 6 and iPhone 6 Plus, IDC said. What's more, if Apple continues to offer devices with larger screen sizes, the research firm believes Apple's year-over-year sales gains will outpace the entire market.


"IDC believes a sizable portion of the Android installed base were those who migrated over to the platform from iOS with the desire for a larger screen smartphone," IDC program director Ryan Reith said in a statement. "This is an opportunity Apple is no question focusing on."

While Apple's shipments will grow over the next four years, the worldwide smartphone market will start to see shipments slow. IDC reported that total smartphone shipments will be up 11.3 percent in 2015, down from a 27.6 percent growth rate in 2014. By 2019, the market's growth rate will hit just 5.1 percent, and over a five-year period, the average growth rate will be 8.2 percent.


IDC said the slowdown is due in part to China. The market was, over the last few years, a major driver for smartphone growth as consumers were buying their first devices. As smartphones have started to saturate the market, shipments will start to fall. Indeed, IDC predicts that China's smartphone shipments will be up just 2.5 percent this year, adding that "the largest market in the world has reached a level of maturity where rapid growth will be harder to achieve."


Those issues in China are expected to have negative implications on Android, IDC said. Google's platform has relied on China to be a major growth driver for shipments. As China slows down, Android shipments will follow.


"This has implications for Android because China has been a critical market for Android smartphone shipments in recent years, accounting for 36 percent of total volume in 2014," Reith said.


Regardless, better times appear to be ahead for hardware vendors. By 2019, IDC said worldwide smartphone shipments are forecast to reach 1.9 billion. That breaks down to 1.5 billion Android devices, 274.5 million iOS devices, and 103.5 Windows Phone devices, according to IDC.

Neither Apple nor Google immediately responded to a request for comment.

more...
No comment yet.
Scoop.it!

Apple Rolls Out Force Touch 15" MacBook Pro and Cheaper iMac Retina

Apple Rolls Out Force Touch 15" MacBook Pro and Cheaper iMac Retina | IT Support and Hardware for Clinics | Scoop.it

You don’t always have to wait for a keynote for new Apple products, as is the case today with a sneaky rollout of some new Macbook Pro and iMac with Retina 5K configs.

The coolest new update is a 15” MacBook Pro that features Force Touch trackpad, previously only found in the 13” version and the New Macbook. It also has a new AMD Radeon R9 M370X graphics card, along with slightly improved battery life. That should be a boon to designers, gamers, and video editors who need as much horsepower as they can get. The new 15” MacBook Pros come in two models, priced at $2000 and $2500.

Also updated are the prices of Apple’s line of iMacs with Retina 5K displays. The cheapest model is now $2000, and the top-end model is $2300. By going for the cheaper model you are sacrificing the 1 TB hybrid Fusion drive for a traditional hard disk, as well as a slightly slower processor.


more...
No comment yet.
Scoop.it!

The Apple Watch is basically hacker proof

The Apple Watch is basically hacker proof | IT Support and Hardware for Clinics | Scoop.it

New flashy Apple device, new potential for trouble. Or is it?

Honest, upstanding citizens like you probably see the Apple Watch as a beautiful hybrid of jewelry and technology. But like anything that’s shiny, expensive, and contains sensitive information like your credit card details, the Apple Watch is prone to being targeted by miscreants.

But a few obstacles stop thieves and hackers from getting to your sensitive data pretty effectively. And as it turns out, the Apple Watch is essentially hacker proof.


Senior security researcher Patrick Nielsen from Kaspersky Labs spoke with Business Insider, saying that “the Apple Watch’s biggest security benefit is that it’s so minimal. A lot of the processing that goes on on the Watch is actually happening on the iPhone,” meaning the that your iPhone holds and handles most of the sensitive information that a data thief would want. The Watch essentially functions as a secondary wrist-worn display for your iPhone rather than acting as a standalone device.


Right off the bat, a data thief should theoretically have much more interest in your iPhone than your Apple Watch.


However, Nielsen noted that there are some exceptions like your Apple Pay credentials that are locally stored on the Watch that let you make mobile payments without your iPhone.


“It’s theoretically possible for someone to steal an Apple Watch and steal your Apple Pay credentials,” he says.

Business InsiderThe Apple Watch's lock screen demands your passcode whenever you take it off.


Realistically, however, a data thief would need to guess your passcode just to unlock your Watch after it’s been taken off your wrist before using your Apple Pay. That’s because the Watch’s sensors detect whether or not it’s in contact with skin. It’ll remain unlocked as long as it’s on your wrist, but it’ll lock itself the moment you take it off and it’ll request a passcode to unlock it again.


The Apple Watch can't do anything but tell you the time until you enter the passcode after strapping it on. After you enter your passcode, it remains authenticated so you don't have to worry about punching the code in every time you want to do something. It's actually an easier way to use Apple Pay because you don't have to go through the extra step of authenticating the payment with your fingerprint. It also enables you to use Apple Pay on the iPhone 5 and 5C, which don't have fingerprint sensors.


While the Watch’s passcode is secure and extremely difficult to break through, Nielsen says “the biggest security weakness of the Watch is the user’s choice of passcode. It’s not exactly rare for people to use pin codes like 1234, an astonishing amount of people still use those common permutations.”


Thieves have up to 10 attempts to get the passcode right. It might not seem like a lot, but that’s 10 chances for a thief to try the 10 most common passcodes, which anyone can find with a quick internet search.


The New Yorker / YouTube Trickster Apollo Robins shows how a watch can easily be stolen without you even noticing.

But if a someone guesses wrong all 10 times, the Watch erases any stored data and locks itself into a pricey paperweight that’s of no use to a data thief.


Even if a thief guesses your passcode, or if he/she obtained it from you by force or sleight of hand, you can wipe your Apple Pay data from the Apple Watch remotely using your iPhone or computer and logging into your iCloud account.


There’s also a slightly less delicate way of getting to your sensitive data by using brute force. A hacker could use a brute-force attack with a hacking computer to decipher the encrypted passcode. But Nielsen says such a process is time consuming, extremely difficult, results in the Watch becoming “compromised” (a nice way of saying destroyed), and only few people have the ability to do so.


Apart from poor passcodes or gutting your Apple Watch medieval-style, there’s a way for hackers to exploit your data without your knowing.

According to Nielsen, it’s possible for eavesdroppers to intercept the Bluetooth or WiFi communications between an Apple Watch and your iPhone, and potentially access and manipulate any and all information that travels between the two devices.


iFixitHere's an Apple Watch being "compromised" by iFixit.

However, he reassures that “major problems with the communications method used by the Watch and iPhone” are not known at this time, “but given the complexity of the protocols and software, it is likely that problems will be discovered in the future, and will be remedied through operating system updates."


Just to be safe, Nielsen suggests:

  • Never do the initial setup/pairing of your devices in public. In general, for new smart devices, the most security-sensitive phase is the setup/pairing phase.
  • Don’t connect to public or other untrusted Wi-Fi networks unless absolutely necessary. Public Wi-Fi networks are convenient, but their security is a mess.
  • Make sure you install operating system updates as soon as they come out. Most of the time, these contain critical security fixes that prevent newly discovered attacks against the device.

And for the love of technology, please set up a strong passcode.

more...
No comment yet.
Scoop.it!

Software developers try on Apple watch, see more apps coming

Software developers try on Apple watch, see more apps coming | IT Support and Hardware for Clinics | Scoop.it

Software developers who tried on an Apple Watch for the first time on Friday predicted a rush of new apps over the next few months, particularly in areas including health and messaging.

Developers, who had been limited to using software simulators of the watch, discovered new possibilities.


Ross Cohen, chief operating officer of BeenVerified.com, which makes a caller ID app for the watch, said he only realized on Friday that the watch goes on and off automatically as you raise or lower your wrist.

The simulator did not have a microphone, leaving some developers to guess how well it could hear. Having the watch on hand will speed development, said Danielle Keita-Taguchi, marketing analyst at Y Media Labs, which has designed apps for companies like American Express, EMC and eBay.


"A lot of Fortune 500 companies really want to leverage this new technology quickly," she said. "Health, transportation and social media will be the three main industries that will utilize the Apple Watch."


Tracking firm App Annie counted 3,061 total apps supporting Apple Watch on Friday. Some 10 percent were games. Productivity apps were 8 percent and lifestyle and health/fitness each accounted for 7 percent.


Ride-hailing service Uber had an app, as did sports network ESPN, microblogging platform Twitter, photo sharing service Instagram, tune-identifier Shazam and the Outlook email app from Microsoft Corp.


Notable absences included social network Facebook, message service Snapchat and any apps from Google Inc. A Google spokesperson said "only time will tell" if it would make any apps for Apple's device. Snapchat could not be reached for comment. Earlier this week Facebook CEO Mark Zuckerberg told analysts who asked about the watch, "We're going to watch closely and build what our community wants us to."


So far developers see the watch's main benefits as saving time or the labor of frequently taking out a phone.


"I've got my phone with me already, why do I also need the watch?" asked Matt McIlwain, managing director of Madrona Venture Group, which backs a host of software companies. "What is the extension benefit to having it on my wrist versus in my pocket?"


McIlwain's firm has invested in Redfin, the online real estate service, which has one answer. Its Apple Watch app that let users find nearby homes for sale and dictate notes on homes visited.


more...
Scopidea's curator insight, June 22, 2015 3:00 AM

Scopidea provides unique time tracker software. Time tracker software helps to record time, capture screen shot and download complete works sheet

Scoop.it!

The Innovative OS That'll Bring PCs to the Developing World

The Innovative OS That'll Bring PCs to the Developing World | IT Support and Hardware for Clinics | Scoop.it

Much has been made about the mobile “revolution” in the developing world, the way that smartphones have enabled the citizens of so many poorer countries to leapfrog into the 21st century without having to bother with all the awkward technological steps in between.

It’s that mentality that’s driving the development of Facebook’s internet-connected drones and Google’s internet-connected balloons. The thinking goes that because so many people in the developing world are buying smartphones (and they are), all they need is access to the internet, and they’ll be well on their way to becoming full, equal participants in the global economy.


We’re now used to always being connected, and that's dangerous. Rich Fletcher, MIT


In some ways, the mobile-plus-internet combo has the potential to deliver on its promise. There’s a lot—and increasingly more—that you can do on a smartphone. But then again, think of all the things you can’t, or, at the very least, that you just wouldn’t want to—like draft a presentation, populate an Excel spreadsheet, or write this story. When you think of it that way, all this talk of what people in the developing world can accomplish if only they had a mobile phone and an internet connection can seem a bit, well, patronizing.


As it turns out, people with less might actually want more.

“They want the same things you and I have, and not just because we have it,” says tech entrepreneur Matt Dalio. “They want the same things you and I have for the same reason you and I have it.”

Which is precisely why Dalio founded Endless, a startup that has developed a PC and operating system for the developing world. Endless launched a Kickstarter project for the device this week, but the campaign is mostly for marketing, since the team has spent the last three years developing the technology and testing it with users throughout the developing world. Now, Endless wants to expand that reach even further.

Not Waiting for A Connection

The hardware itself is a small, egg-like device that can plug into any television and turn it into a computer screen, giving people instant access to a desktop computer for just $169. This price point means, initially, Endless is not targeting the bottom of the pyramid, but the emerging middle class within these countries that may be able to afford a device like this.


But the real innovation is not the device itself. It’s the operating system, which Endless built from scratch, specifically for people who have limited experience with computers and who don’t always have a reliable connection to the internet. Designing it required spending a huge amount of time on the ground, in countries like India, Guatemala, and Bangladesh, testing out the technology with users. It was that process that not only convinced Dalio that mobile technology was an incomplete solution for the developing world, but also helped him understand that the Endless team would have to completely rethink the way a computer should operate in order to succeed.




For starters, Endless had to address the lack of connectivity in these countries, an issue which companies like Facebook and Google are actively seeking to address, but which will take years, if not decades, to complete. So, the Endless team took a cue from the early days of PCs by loading the devices up with more than 100 apps, including things like Khan Academy, encyclopedias, health apps, and more, which work both online and off. “We thought, we can’t give them better connectivity, but what we can do is solve it in the way we used to solve it before we had internet, and that was to have something like Encarta,” he says, referring to Microsoft’s digital encyclopedia, which was popular in the 90s.

Off the Grid

According to Rich Fletcher, a research scientist at MIT’s D-Lab, it’s this offline capability that distinguishes the Endless PC from other similar technologies that have failed to make this type of technology work in the past. “We’re now used to always being connected, and that’s dangerous,” Fletcher says. “Having a local cache or server that lets you use apps that don’t require full-time connectivity is really important.”


Still, Fletcher says Dalio and his team may be underestimating the extent to which people in the developing world want “the same things we have,” and not an adaptation of them. “If the people in New York and Boston aren’t using this Endless computer, people in the developing world are going to be very cautious,” Fletcher says. “They’re going to say, ‘What is this? Why doesn’t my cousin in New York have one, and if he doesn’t want it, why should I?'”


Then, there is the question of electricity. Though Endless is targeting a market segment that generally has electricity and modern appliances, Fletcher warns that in many parts of the world, the grid is less than reliable. “Just like always-on connectivity, you cannot assume always-on electricity.”


For that matter, you can’t assume that Endless will succeed at all, or Facebook’s drones or Google’s balloons. But one assumption that is safe to make is that users, no matter where they live, won’t be content with a second-class experience. Mobile might be good enough for lots of things. But it isn’t everything.


more...
No comment yet.
Scoop.it!

Apple wants you to be able to unlock your iPhone with a selfie

Apple wants you to be able to unlock your iPhone with a selfie | IT Support and Hardware for Clinics | Scoop.it

iPhone passcodes and fingerprint scans may soon be obsolete: Apple has been granted a patent that lets users unlock and secure their phones with a selfie, Re/code reports.


US Patent No. 8,994,499 is titled "locking and unlocking a mobile device using facial recognition," and would let users unlock their devices by taking a photo of their face to prove who they are. It's a biometric alternative to Touch ID, Apple's fingerprint scanner.

Of course, facial recognition security isn't new — it has been available as an option for Android for years. And more recently, Jack Ma — founder of online retailer Alibaba — debuted selfie-powered mobile payments. The "Smile To Pay" will let users pay for goods using their device using facial recognition to authenticate their identity.


One interesting angle of Apple's patent is that it continues to secure your device even after it has been unlocked, however. A device with the technology enabled would continue to periodically take photos of the user: If the user no longer appears in the images, the iPhone will automatically lock, blocking unauthorised intruders from accessing the device's contents.


There's no guarantee Apple will implement the technology — the Cupertino company obtains numerous patents that it never uses. These can be precautionary, or intended to trip up or block competitors. But as the industry increasingly looks to kill traditional passwords, selfie-secured iPhones sounds surprisingly plausible.


more...
Eduardo Vaz's curator insight, April 2, 2015 12:10 PM

Is unlocking your #iPhone with a selfie better than swiping? What do you think #ygk?