IT Support and Hardware for Clinics
32.7K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Apple Malware Outbreak: Infected App Count Grows

Apple Malware Outbreak: Infected App Count Grows | IT Support and Hardware for Clinics | Scoop.it

The number of apps infected in the first large-scale Apple App Store malware outbreak is far higher than was first believed, according to the cybersecurity firm FireEye, which reports that at least 4,000 apps were infected with XcodeGhost malware.


In the wake of the discovery of a six-month malware campaign last week, early estimates were that dozens of apps had been infected with the XcodeGhost malware, which could be used by attackers to steal data from devices, including users' Apple passwords, as well as launch phishing attacks.


But FireEye now reports that the number of infected iOS apps is far higher than researchers initially suspected. "Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store," the company says in a Sept. 22 blog post.

Apple did not respond to a request for comment on that report and has so far declined to respond to questions about how many apps may have been infected.


FireEye has not released a full list of all infected apps, but spokeswoman Darshna Kamani tells Information Security Media Group that most of them are aimed at Chinese-language users. Previous reports, meanwhile, had warned that such popular apps as the WeChat messaging app and the Didi ride-hailing app were infected, and that infected apps were used not just by Chinese users, but globally.


The malware attack was perpetrated by attackers offering for download a pirated version of Apple's free Xcode software - which is used to build iOS and Mac OS X applications - that added malware to every app when it was compiled. An anonymous developer has claimed credit for the attack campaign, saying it was a "mistaken experiment," although numerous security experts have dismissed that claim.

Apple Squashes Bad Apps

Apple says that it has seen no evidence that any personal information was compromised. The company says it has been excising all apps that were built using a malicious version of Xcode and working with developers to ensure that they only use the official Xcode tool.

"We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used," Apple says in an XcodeGhost FAQ. "We're not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords. ... Malicious code could only have been able to deliver some general information such as the apps and general system information."


But other security firms have warned that the malware could have been used for malicious purposes. "XcodeGhost is reported to be the first instance of the iOS App Store distributing a large number of trojanized apps," FireEye says. "The malicious apps steal device and user information and send stolen data to a command and control server. These apps also accept remote commands, including the ability to open URLs sent by the [C&C] server. These URLs can be phishing webpages for stealing credentials, or a link to an enterprise-signed malicious app that can be installed on non-jailbroken devices."

Chinese social media and gaming giant - and WeChat developer - TenCent published a report on Sept. 20 warning that the malware could be used to remotely control devices and launch man-in-the-middle attacks against users. It also found that at least 76 of the top 5,000 apps in Apple's China app store were infected with XcodeGhost.

In its XcodeGhost FAQ, Apple has listed the top 25 most popular infected apps - which include WeChat, Didi, Railroad 12306, Baidu Music and NetEase Music - noting that "after the top 25 impacted apps, the number of impacted users drops significantly." It has also promised to make it easier - and quicker - for Chinese developers to download Xcode, because the difficulty of obtaining the official software reportedly drove developers to obtain it from non-official sources.


China is a massive and growing market for Apple, accounting for $13.2 billion in revenue in its last financial quarter, compared to $20.2 billion in the United States and $10.3 billion in Europe. In January 2014, Apple reported that Chinese developers had already launched 130,000 apps via Apple's app store.


Before this malware attack, only five malicious apps had ever successfully made it into the App Store, according to cybersecurity firm Palo Alto Networks.

Timeline: XcodeGhost Discovery

On Sept. 14, China's Computer Emergency Response Team issued a warning about the danger of using unofficial versions of Xcode. Just days later, Chinese researchers began reporting that at least a handful of apps had been infected with XcodeGhost malware, after which the count of infected apps has continued to skyrocket.


On Sept. 20, the XcodeGhost-Author account-holder on China's Weibo social media platform claimed credit for the malware campaign, saying the ability to trojanize the Xcode software had been an "accidental discovery," and that it had been distributed as "a one-time, mistaken experiment" to see if it could be used to push advertisements to infected devices, The Wall Street Journal reports.


The message claimed that the capability had never been exploited and noted that the malware was only ever designed to collect basic user and device data. "And 10 days ago, I actively shut down the server and deleted all the data, so it will not have any effect on anyone," it said.

While it is impossible to verify those claims, many security experts have dismissed them, saying the attacker's intentions were obviously nefarious. "The entire process was plotted and planned," mobile Internet security expert Lin Wei told China Central Television, pointing to a campaign that used multiple Internet accounts to make the software available - via multiple websites - over a six-month period, The Wall Street Journal reports.

Recommendation: Uninstall Apps

Pending updates from every developer that shipped an infected app, information security experts recommend that users uninstall all apps that were known to be infected. "Developers are releasing updated, clean versions of their apps. The best fix, if one of your apps is listed, is to uninstall it," says Lee Neely, a senior IT and security professional at the U.S. Department of Energy's Lawrence Livermore National Laboratory, in a recent SANS Institute newsletter.


Neely says that both iOS developers and Apple are to blame for the XcodeGhost malware outbreak. "This malware made it into the Apple App store due to social engineering of developers and a shortfall of Apple's code review process," he says. "When you own the compiler/IDE [integrated code environment], you own the apps created with it."

more...
No comment yet.
Scoop.it!

Apple Obtains Touch ID-Related Patents From Biometric Security Firm Privaris

Apple Obtains Touch ID-Related Patents From Biometric Security Firm Privaris | IT Support and Hardware for Clinics | Scoop.it

Apple has been working to acquire the intellectual property assets of Charlottesville, Virginia-based biometric security firm Privaris, according to CNN. Privaris recently transferred 26 of its 31 patents to the iPhone maker, including 4 patents in December 2012 and dozens more in October 2014

The patents are primarily related to fingerprint and touchscreen technology that could lead to Touch ID improvements on future devices. Last February, well-informed KGI Securities analyst Ming-Chi Kuo told investors that the next iPhone will have animproved Touch ID with reduced errors.


"For example, one of Privaris' patents covers the ability to use a touchscreen and fingerprint reader at the same time. Another invention of Privaris' could allow you to open a door with your iPhone by scanning your fingerprint and holding your phone up to a reader, similar to how you pay for items with Apple Pay."


While the transferred patents have fueled acquisition rumors, the Privaris website has not been updated since 2010 and seemingly none of the company's senior executives or other employees have updated their LinkedIn profiles with positions at Apple. 

Accordingly, it is more likely that Privaris has scaled down or went out of business and Apple has acquired the company's patent portfolio and other intellectual property. However, the possibility of an acquisition cannot be entirely ruled out. 

Privaris, which reportedly raised $29 million in funding, developed a lineup of PlusID personal biometric devices to access computers, networks, websites, software, VPNs, secured printers and online apps. 

The company has also offered several other products and services related to access control systems, fingerprint authentication, biometric computer security, biometric security software and access cards, all technologies that fall within the realm of Touch ID. 

more...
No comment yet.
Scoop.it!

Microsoft's Cortana Is Coming to Android and iPhone

Microsoft's Cortana Is Coming to Android and iPhone | IT Support and Hardware for Clinics | Scoop.it

Starting in June, you’ll be able to download Cortana as an app on your Galaxy or iPhone even if you’d rather die than use Windows. The rumors are true: Microsoft is giving the non-Windows crowd a taste of its powerful voice assistant, bringing Cortana to Android and iOS.

People love Cortana so much, some developers have already created a ported version for Android called “Portaña.” This switch to multi-platform availability will make Cortana seem more like a standalone product than a Windows feature. And Cortana has been getting increasingly sophisticated, so this could be a real threat to Siri and Google Now.

There is a catch, though: The Android and iOS versions of Cortana will be limited. You won’t be able to say “Hey, Cortana” to activate the voice assistant hands-free, and you won’t be able to open apps or toggle settings, since there won’t be the same level of integration.

more...
No comment yet.
Scoop.it!

Law Banning Default Encryption Unlikely

Law Banning Default Encryption Unlikely | IT Support and Hardware for Clinics | Scoop.it

Laws rarely, if ever, keep up with technology, but even if they could, the consequences could prove more harmful than the benefits.

That was evident at an April 29 hearing of the House Oversight and Government Reform Subcommittee on Information Technology that addressed the encryption - and security - of mobile devices.

 Upholding civil liberties and civil rights are not burdens. They make all of us safer and stronger. 


Here's the problem the panel addressed that faces law enforcement: Encryption is the default setting for new Apple iPhone and Google Android mobile devices, meaning that law enforcement cannot gain access to encrypted data on the devices even if they have a search warrant. To gain access, the manufacturers would have to create a so-called "backdoor," and give law enforcement a special key to decrypt data on mobile devices. Without such a key, law enforcement could gain access only with the permission of the devices' owners, an unlikely scenario if the encrypted data contains incriminating evidence.

"We call it 'going dark,' and it means that those charged with protecting the American people aren't always able to access the information necessary to prosecute criminals and prevent terrorism even though we have lawful authority to do so," FBI Executive Assistant Director Amy Hess told lawmakers.

Backdoor Benefits

Hess furnished the subcommittee with examples on how accessing data enabled forensics experts to solve crimes, including kidnaping, false rape accusation and murder.


"Today's encryption methods are increasingly more sophisticated, and pose an even greater challenge to law enforcement," she said. "We are seeing more and more cases where we believe significant evidence resides on a phone, a tablet or a laptop - evidence that may be the difference between an offender being convicted or acquitted - but we cannot access it."


Advocates of giving law enforcement a backdoor key include President Obama and FBI Director James Comey. At the Congressional hearing, Suffolk County (Mass.) District Attorney Daniel Conley voiced strong support: "The Fourth Amendment allows law enforcement access to the places where criminals hide evidence of their crimes, once the legal threshold has been met," Conley testified. "In decades past, these places were car trunks and safety deposit boxes; today they are computers and smartphones."

Questioning Motives of Apple, Google

Conley dismissed Apple's and Google's contention that the default encryption they offer on their devices safeguards consumers' privacy.

"Their nominal commitment to privacy rights would be far more credible if they were forbidding themselves access to their customers' interests, search terms and consumer habits, but as we all know, that's not a step they're willing to take," Conley said. "Instead, they're taking full advantage of their customers' private data for commercial purposes while building an impenetrable barrier around evidence in legitimate, court-authorized criminal investigations."


Hess and Conley make a somewhat sound argument. After all, police, with the proper court order, can break into filing cabinets to retrieve evidence. But the rules of the physical world don't always translate well into the virtual one. And other witnesses at the hearing made more compelling arguments for why creating an electronic backdoor is a very bad idea.


"Unfortunately, harsh technical realities make such an ideal solution [a backdoor] effectively impossible, and attempts to mandate one would do enormous harm to the security and reliability of our nation's infrastructure, the future of our innovation economy and our national security," said cryptographer Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania. "We just can't do what the FBI is asking without weakening our infrastructure."

Undermining U.S. Cybersecurity

Providing a backdoor would undermine America's cybersecurity. "While the FBI would have us believe that law enforcement alone will be privy to our sensitive data, history demonstrates that bad actors will always be ahead of the curve and find an avenue to manipulate those openings," said Jon Potter, president of Application Developers Alliance, a trade group. "As one well-regarded cryptographer said, 'You can't build a backdoor that only the good guys can walk through.'"

Creating a backdoor could potentially cost the American economy billions of dollars in lost business. Kevin Bankston, policy director of the think tank New America's Open Technology Institute, says a backdoor would give foreign users, including corporations and governments that especially rely on the security of technologies, even more incentive to avoid American wares and turn to foreign competitors. "To put it bluntly," he said, "foreign customers will not want to buy or use online services, hardware products, software products or any other information systems that have been explicitly designed to facilitate backdoor access for the FBI or the NSA."

Encryption Mitigates Risks

But the most compelling argument for retaining default encryption that's beyond the reach of law enforcement is that it makes everyone safer, especially on smartphones. "The vast amount of personal information on those devices makes them especially attractive targets for criminals aiming to commit identity theft or other crimes of fraud, or even to commit violent crimes or further acts of theft against the phone's owner," Bankston said.


"By taking this step for their customers and turning on encryption by default," he said, "mobile operating system vendors have completely eliminated the risk of those crimes occurring, significantly discouraged thieves from bothering to steal smartphones in the first place, and ensured that those phones' contents will remain secure even if they are stolen."


It's an argument that can persuade even the most ardent supporters of law enforcement and intelligence agencies. The subcommittee's chairman - freshman Republican William Hurd of Texas, a former undercover CIA agent and cybersecurity strategist, concluded the hearing by opposing offering law enforcement a backdoor. "I hold everyone in law enforcement and the intelligence community to a higher standard," he said. "Upholding civil liberties and civil rights are not burdens. They make all of us safer and stronger."


more...
Jan Vajda's curator insight, May 2, 2015 1:53 PM

Přidejte svůj pohled ...

Scoop.it!

Apple wants you to be able to unlock your iPhone with a selfie

Apple wants you to be able to unlock your iPhone with a selfie | IT Support and Hardware for Clinics | Scoop.it

iPhone passcodes and fingerprint scans may soon be obsolete: Apple has been granted a patent that lets users unlock and secure their phones with a selfie, Re/code reports.


US Patent No. 8,994,499 is titled "locking and unlocking a mobile device using facial recognition," and would let users unlock their devices by taking a photo of their face to prove who they are. It's a biometric alternative to Touch ID, Apple's fingerprint scanner.

Of course, facial recognition security isn't new — it has been available as an option for Android for years. And more recently, Jack Ma — founder of online retailer Alibaba — debuted selfie-powered mobile payments. The "Smile To Pay" will let users pay for goods using their device using facial recognition to authenticate their identity.


One interesting angle of Apple's patent is that it continues to secure your device even after it has been unlocked, however. A device with the technology enabled would continue to periodically take photos of the user: If the user no longer appears in the images, the iPhone will automatically lock, blocking unauthorised intruders from accessing the device's contents.


There's no guarantee Apple will implement the technology — the Cupertino company obtains numerous patents that it never uses. These can be precautionary, or intended to trip up or block competitors. But as the industry increasingly looks to kill traditional passwords, selfie-secured iPhones sounds surprisingly plausible.


more...
Eduardo Vaz's curator insight, April 2, 2015 12:10 PM

Is unlocking your #iPhone with a selfie better than swiping? What do you think #ygk? 

Scoop.it!

Apple Could Release 3 New iPhones This Year

Apple Could Release 3 New iPhones This Year | IT Support and Hardware for Clinics | Scoop.it

Well it looks as if Apple could release not two, but three new iPhones this year. Apple is expected to launch their new iPhone in the second half of 2015 and these new phones are said to be the iPhone 6S, iPhone 6S Plus, and a smaller iPhone 6C.

The report indicates that the iPhone 6S and iPhone 6S Plus will be powered by Apple’s new A9 chip, whereas the iPhone 6C will have the older A8 chip.

The lower-cost iPhone 6C could also come with a smaller 4-inch screen. As always we will keep you updated on Apple and iPhone news as it comes out.

more...
Scoop.it!

Apple to add Force Touch to next iPhone, report says

Apple to add Force Touch to next iPhone, report says | IT Support and Hardware for Clinics | Scoop.it

Apple may bring its new Force Touch feature from the MacBook to the next iPhone.

Unveiled at the Apple Watch event on Monday, the Force Touch feature incorporated into the new 12-inch MacBook brings pressure sensitivity to the trackpad. That means you can trigger different actions depending on how much pressure you apply to the pad.

That same feature could pop up on the next generation of iPhones, the Wall Street Journal reported Wednesday, citing "people familiar with the matter." Specifically, the sources said that Apple is planning to add the feature this year, though that isn't a guarantee it will show up. Assuming the information is accurate, however, the feature seems to at least be on the table.

Force Touch sounds like a natural for a touch-driven device like the iPhone. Currently, you must use different gestures to navigate the screen. For example, you need to use a two-finger swipe to zoom in or out of the screen. On the MacBook, Force Touch can detect the difference between a light tap and a deep press. Adapting that for the iPhone could eliminate the two-finger swipe, allowing you instead to employ a deep press to zoom into the screen.

Touch sensitivity has been on Apple's drawing board for a while, according to a patent application published in January 2014. The patent filing dubbed "Gesture and Touch Input Detection Through Force Sensing" described a way of adding force sensors to a touchscreen.

Force Touch is just one feature Apple is eyeballing for this year's iPhone lineup, according to the Journal's sources. The company aims to stick with the current 4.7-inch and 5.5-inch screens on the iPhone 6 and iPhone 6 Plus, respectively. But it also may add another case color with the introduction of a pink phone.

Details about Apple's plans for this year's iPhone come from Apple suppliers, the Journal said, adding that the company tests different technologies that may not end up in the actual product. Whichever features wend their way into the next iPhones, mass production for some of its parts is expected to kick off in May, the sources noted.


more...
No comment yet.
Scoop.it!

Apple Exploring iPhone Waterproofing Method

Apple Exploring iPhone Waterproofing Method | IT Support and Hardware for Clinics | Scoop.it

Apple has a patent application in with the USPTO (via AppleInsider) that describes a few different methods for waterproofing electronic devices like the iPhone. The patent describes coating certain internal components like the main circuit board with a hydrophobic coating, presumably not unlike the process used by Liquipel and other similar companies. The process for applying the waterproof layer would only result in a coating ranging between one and ten microns thick, Apple says in the filing, meaning it wouldn’t take up any additional space inside the device shell.

The patent by Apple includes a provision for leaving the EMI shield included in all of its iPhones, iPads, MacBooks able to perform its job while also allowing for the components protected therein to be fully water sealed by the process. Special processes are needed because the coating is applied to the assembled circuit board, meaning the EMI shielding could obscure key internal components from receiving the benefits of the sealing.

To keep the exposed soldered ends of connectors protected against water, the patent also talks about using silicone seals at the point where they connect to boards and the flex cables that often run between the internal circuits of devices.

Apple hasn’t yet shown much interest in waterproofing its smartphones and tablets, though other smartphone makers like Sony have made it a core component of their hardware. Samsung made the Galaxy S5 water-resistant last year, but has gotten rid of that kind of environmental protection with this year’s Galaxy S6, and given the relative performance of both the GS5 and Sony’s devices, it remains unclear how much value consumers actually put in waterproofing in terms of impacting their buying decision.

There’s no doubt that Apple being able to list ‘waterproof’ as one of the marquee features on a future smartphone or tablet would cause a splash, however. This patent was filed in March of last year, so it’s a relatively recent invention, meaning it’s too soon to say that Apple is just locking down the IP without any strong intent to necessarily bring this to future products.


more...
No comment yet.
Scoop.it!

Samsung loses smartphone crown to Apple - CNET

Samsung loses smartphone crown to Apple - CNET | IT Support and Hardware for Clinics | Scoop.it

Apple scored the highest percentage of smartphone sales in the fourth quarter, courtesy of its new iPhones, according to a Gartner report released Tuesday.

For the final quarter of 2014, Apple took home a 20.4 percent share of worldwide smartphone sales, up from 17.8 percent during the same quarter in 2013. Over the same period, Samsung's share of the smartphone market, on sales of 73 million units, plummeted to 19.9 percent from 29.5. percent.

Last quarter, Apple sold 74.8 million iPhones to achieve its best quarter ever, Gartner said. Apple's phone lineup, now led by the iPhone 6 and iPhone 6 Plus, enjoyed heavy demand in the US and China, where sales surged 88 percent and 56 percent, respectively, according to Gartner. The new iPhones spurred many existing owners to upgrade but also convinced buyers looking for big-screened phones to consider Apple as an alternative to Android.

In January, researcher Strategy Analytics had described the fourth-quarter standings as a tie between Samsung and Apple, with both at 20 percent of the global smartphone market. But the momentum was the same -- Apple trending upward and Samsung on the downswing.

Apple's record quarter was a definitive sign that the move to bump up the display size of its smartphone paid off. The company had been losing market share and sales to Samsung, which offered larger-screened phones such as the Galaxy S5 and Galaxy Note. But the iPhone 6 wasn't the only factor that helped Apple score the top spot. Samsung has also been hit on the low end by budget-friendly smartphones from Chinese vendors such as Xiaomi.

"Chinese vendors, such as Huawei and Xiaomi, are continuing to improve their sales in China and other overseas markets, increasing their share in the mid to low-end smartphone market," Roberta Cozza, research director at Gartner, said in a press release. "Chinese vendors are no longer followers. They are producing higher quality devices with appealing new hardware features that can rival the more established players in the mobile phone market."



more...
No comment yet.
Scoop.it!

Ikea is launching a new line of furniture that can charge your phone without wires

Ikea is launching a new line of furniture that can charge your phone without wires | IT Support and Hardware for Clinics | Scoop.it

Ikea announced Sunday at Mobile World Congress it is introducing its first furniture line that offers wireless charging for phones, tablets, and other mobile devices.

Ikea’s furniture, which it calls its “Home Smart” line, will integrate the popular Qi wireless charging technology into special “charging pads” on the furniture. People will then be able to buy and assemble the furniture and leave their Qi-supported devices on those pads for a quick battery charge. 

Smartphones that don’t support Qi will be incompatible with this furniture. The Qi wireless charging technology is controlled by the Wireless Power Consortium, which boasts 200-plus members including Samsung, Microsoft, Motorola, Nokia, HTC, Verizon Wireless, and others.

More than 80 different smartphones offer support for Qi, which is currently the most used wireless charging standard in the world. It works thanks to embedded magnetic coils that generate a small electromagnetic field — smartphones and tablets that support Qi then convert this field into energy to replenish the device’s battery.

Ikea says it will launch this new furniture line, which will include desks, lamps and bedside tables, in North America and Europe in April. 


more...
No comment yet.
Scoop.it!

Your Future iPhone May Double as a Virtual Reality Display

Your Future iPhone May Double as a Virtual Reality Display | IT Support and Hardware for Clinics | Scoop.it

Virtual reality promises to take us to new worlds and places we never thought possible from the comfort of our modestly appointed homes. And if a new patent is any indication, you may one day be able to do all of that from your iPhone.

Yep, according to AppleInsider, Apple has been awarded a patent for a virtual reality headset that uses your iPhone as its main display. To use the headgear, you’d have to physically connect your iPhone with the headset, putting your phone directly in front of your eyes.



So you may eventually be able to crisscross the cosmos in a virtual spaceship or explore virtual reality games with nothing more than your iPhone and an awkward-looking headset strapped to your noggin.

The patent’s concept is basically the exact same idea that Samsung uses for its Gear VR virtual reality headset, which lets you stick a Galaxy Note 4 smartphone into a separate headset. The phone’s screen then blasts your own personal virtual world directly at your retinas.

It’s worth noting that patents like this don’t always become full-fledged products, and are often used by companies to explore new product ideas or to block competitors from developing similar gadgets.


more...
No comment yet.
Scoop.it!

Apple Adds More Security To iMessage And FaceTime With Two-Factor Authentication

Apple Adds More Security To iMessage And FaceTime With Two-Factor Authentication | IT Support and Hardware for Clinics | Scoop.it

Apple has improved the security of FaceTime and iMessage, its voice/video and multimedia chat communication tools. The services got two-factor authentication today as an option for users to enable, meaning that even if someone uses their Apple ID email and password to enable iMessage or FaceTime on a new device, they’ll still need to use a pin code from an existing trusted device to gain access to those services.

You may recognize the system from iCloud’s two-factor authentication, or if you’ve tried to set up Keychain to keep your passwords in sync between Apple devices. If you’ve previously enabled two-factor for iCloud, it’ll also be enabled to FaceTime and iMessage. The additional level of protection applied to these services helps ensure that people will have a harder time grabbing potentially private images from your iMessage history, or pretending to be you via online communication methods.

Two-step comes into play when users log out of an account on their device and try to log back in, as well, meaning you’ll have to get that trusted device out should you temporarily disable your account on the device, or in some cases if you run a system update or switch SIMs. This is a good step for Apple, and hopefully an indication that it intends to roll out two-step security to all of its services in good time.

more...
Gabriela Atuesta's curator insight, February 17, 2015 12:25 AM

Nuevo sistema de seguridad para el uso de IMessage y de FaceTime en los dipositivos Apple. 

Scoop.it!

Malware runs on Apple's iOS7 and iOS8 to steal photos, texts and contacts

Malware runs on Apple's iOS7 and iOS8 to steal photos, texts and contacts | IT Support and Hardware for Clinics | Scoop.it

Hackers are using spyware to steal text messages, contacts, pictures and other personal information from iPhones, according to computer security experts.

Anti-virus company Trend Micro claims it has discovered new software that infects iPhones running iOS 7 and iOS8.

The software is spread via phishing attacks that are sent from the phones of friends and associates to encourage targets to click on a link and install the spyware.


The XAgent malware will run on Apple devices like the new iPhone 6 (above) even if they are not jailbroken

Known as XAgent, the spyware will then collect text messages, contact lists, pictures, location data, lists of apps and any software running on the device.

This information is then sent to a remote server while the malware will also switch on the iPhone's microphone and record everything going on around it.

Trend Micro believe the malware has been created by a group of Russian hackers who have in the past been targetting governments, the military and the media.

WHAT IS XAGENT MALWARE? 

The XAgent malware is not the first to hack into Apple's iOS software for its mobile devices.

iPhone users were left unaware for approximately a year-and-a half that a software bug could have made them the victims of ‘hi-tech eavesdropping’.

Security experts warned that past iterations of iOS software - dating from as long ago as September 2012 - had a vulnerability that hackers could have exploited to see financial transactions, emails and Facebook activity.

The vulnerability was eventually fixed by an update to the iOS7 software last February.

Hackers also claim to have been able to circumvent the fingerprint recognition hardware installed on the iPhone 5S and iPhone 6.

Some iPhone users reported last May that they received messages telling them their phones had been hacked by Oleg Pliss and demanding money for their devices to be unlocked.

However, perhaps the worst breach of Apple security was the hack into the company's iCloud that saw the leak of hundreds of personal and naked photographs belonging to celebrities, Jennifer Lawrence, Kelly Brook and Rihanna. 

It is thought that XAgent was designed by the group to help them obtain information from specific high profile targets.

Trend Micro said it had also identified a second malware programme that is focused on recording audio from so-called 'jailbroken' devices. These devices have had limitations on their iOS software removed, which can compromise the phone's security.

Feike Hacquebord, senior threat researcher at Trend Micro, said: 'While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targetted attack.

'The XAgent app is fully functional malware. After being installed on iOS 7, the app’s icon is hidden and it runs in the background immediately.

'When we try to terminate it by killing the process, it will restart almost immediately.

'Installing the malware into an iOS 8 device yields different results. The icon is not hidden and it also cannot restart automatically.

'This suggests that the malware was designed prior to the release of iOS 8 last September 2014.'

Nearly three quarters of Apple iPhones and tablets are now thought to be using iOS8, although a quarter are still running the older iOS7 software.

This could mean that up to 200 million devices could be the most vulnerable to the spyware.

Trend Micro believe the XAgent malware is related to another type of spyware it has been tracking that works on Microsoft Windows' systems called SEDNIT.

They claim that the malware has been created by a group of hackers that it calls Operation Pawn Storm. 

XAgent can turn on the microphone of any iPhone it runs on and record the sound going on around it

Experts at Micro Trend first identified Operation Pawn Storm as being behind a series of online attacks targeting military officials and defence contractors in a cyber-espionage operation.

Subsequently they have also been linked to attacks against government officials and journalists.

Trend Micro said that it is unclear exactly how the new iOS malware is spread, although the group tends to infect the devices of contacts and friends of its targets.

Writing on its blog, Mr Hacquebord and his colleagues who have been investigating XAgent, said they had seen one instance where the malware was attacked to a simple link with the words 'Tap Here to Install the Application'.

However, they added: 'The exact methods of installing these malware is unknown.

'There may be other methods of infection that are used to install this particular malware.

'One possible scenario is infecting an iPhone after connecting it to a compromised or infected Windows laptop via a USB cable.


Via Paulo Félix
more...
No comment yet.
Scoop.it!

Apple’s next big iPhone update will turn your iPhone 6 into an iPhone 5/5s to save battery life

Apple’s next big iPhone update will turn your iPhone 6 into an iPhone 5/5s to save battery life | IT Support and Hardware for Clinics | Scoop.it

Apple's next big iPhone update comes with a feature that helps you get the most out of your iPhone's battery, especially when it's already running low on juice.


Naturally, this means your iPhone has to cut back on some of its normal functionality to conserve power.


New tests run by blog MacRumors show us just exactly how much this low power mode dials back your iPhone's performance.


MacRumors used GeekBench, a popular tool used to measure how a smartphone's processor performs, to conclude that low power mode reduces performance by about 40%. This means your iPhone 6 would be on par with an iPhone 5s or iPhone 5 in terms of performance, as 9to5Mac points out.


If you turn on the feature, your iPhone will automatically kick into Low Power Mode when it's nearly out of battery. Your iPhone will cut back on background activity, such as fetching email, automatic downloads, and visual effects such as the parallax wallpapers.


It seems like a welcome trade-off though — during its annual developers conference keynote earlier this month, Apple said Low Power Mode in iOS 9 can extend your iPhone's battery life by three hours.  


Adding new features like this is important for both iPhone and Android. In general, battery technology for smartphones hasn't really advanced dramatically in the past several years. So it's up to the companies making software for smartphones to make sure their operating systems are optimized to get the most out of these batteries. 

more...
No comment yet.
Scoop.it!

Smartphone thefts drop as kill switch usage grows

Smartphone thefts drop as kill switch usage grows | IT Support and Hardware for Clinics | Scoop.it

Phone theft used to be a growth industry. The snatch-and-run stealing of iPhones even had its own clever moniker: Apple picking. But such thefts might be in decline. Last year, 2.1 million Americans had phones stolen, according to a nationally representative survey conducted by the Consumer Reports National Research Center. (Another 3.1 million smartphones were lost.) In 2013, about 3.1 million phones were stolen, according to our previous survey.

The two Consumer Reports surveys employed slightly different methodology, which could account for some of the drop, but there is other evidence of a decline—and the trend might accelerate now that Android devices seem poised to embrace kill switches, which allow you to deactivate your stolen or lost phone. 

Smartphones have allowed users to remotely wipe their data for years. But in 2013 prosecutors across the country started calling for technologies that disable, or “brick,” stolen phones to deter thieves from stealing them for resale overseas. Minnesota and California both passed laws requiring manufacturers to make progress on installing anti-theft features by July 1, 2015.

Apple is well ahead of the deadline. After the company added a kill switch to its Find My iPhone app in 2013, police departments around the country reported that iPhone thefts dropped. Then, Activation Lock became a default feature last fall with the launch of the iPhone 6 and 6 Plus. Samsung also added a kill switch—called Reactivation Lock—to a few phone models in 2013. But, in general, Android phones haven’t had the technology. To protect their devices, consumers had to download aftermarket security apps.


Many expected Android Lollipop 5.0 to resolve that problem in late 2014, but manufacturers didn’t implement the kill switch, presumably because of performance issues. Now, all eyes are trained on Lollipop 5.1, due to roll out this summer. Given the helter-skelter, one-off approach phone companies take to their mobile operating systems, however, it will be a long time before a kill switch comes to all Android models.

The technology could eventually save U.S. consumers $3.4 billion,according to calculations by William Duckworth, a statistics and data science professor at Creighton University. (His 2014 study included the costs of replacing handsets and a portion of the money consumers spend on phone insurance.)

Kill switches aside, many phone owners do an abysmal job of protecting their mobile devices, the new Consumer Reports survey found. Among survey respondents, only 46 percent set a screen lock using a four-digit PIN or a stronger method such as a lengthy password or fingerprint. Just 33 percent backed up their data, including photos and contacts, to a computer or online service. Built-in security technology can only get a consumer so far—to reap the benefits, you actually have to use it.

more...
No comment yet.
Scoop.it!

Don't expect much change in the smartphone market

Don't expect much change in the smartphone market | IT Support and Hardware for Clinics | Scoop.it

The worldwide smartphone market in 2019 is expected to look awfully similar to today's smartphone market.


By the end of 2015, total smartphone shipments will hit 1.4 billion, according to new data from research firm IDC.


Google's Android operating system will account for 1.15 billion shipments, nabbing 79.4 percent of the worldwide smartphone market. Apple's iOS will come in second place at 237 million shipments and 16.4 percent market share. Microsoft's Windows Phone will only muster 46.8 million shipments and 3.2 percent market, said IDC .

Although iOS and Windows Phone will see their shipments jump considerably this year -- 23 percent and 34.1 percent, respectively -- not much is going to change in the marketplace over the next four years. By the end of 2019, Android will still own 79 percent of the worldwide smartphone market, followed by 14.2 percent for iOS and 5.4 percent for Windows Phone, said IDC.


The data shows how difficult it can be for any company to compete with Google's Android platform. A slew of vendors around the world, including HTC, Samsung, LG, Huawei, Xiaomi and countless others, all use Android to power their devices. The benefits to Android vendors are myriad, but chief among them is the ability to focus on hardware design and leave Google to worry about software updates, managing an operating system and attracting developers to an application marketplace.


Google will take on that charge at its I/O developer conference later this week. While the company isexpected to use the event to showcase the next version of Android, code named Android M, Google will also hold sessions for its developers to learn more about creating apps for its many platforms, including Android and Chrome OS. For Android handset vendors, there's also an ancillary benefit to the conference: Google shines a light on Android, boosting interest in the operating system and thus, devices running it. There's a possibility that some new Android devices could be shown off at I/O later this week.

For Apple, competing with Android for operating system dominance means little to nothing. While Google tries to woo vendors and get Android on as many devices as possible, Apple keeps its operating system to its line of iPhones and iPads. For Apple, the value is in selling hardware.


Apple's decision to debut larger-screen iPhones last September proved to be a good idea for its hardware business, according to IDC. Apple's 23 percent year-over-year shipment gain will be due in large part to the 4.7-inch and 5.5-inch screens on its iPhone 6 and iPhone 6 Plus, IDC said. What's more, if Apple continues to offer devices with larger screen sizes, the research firm believes Apple's year-over-year sales gains will outpace the entire market.


"IDC believes a sizable portion of the Android installed base were those who migrated over to the platform from iOS with the desire for a larger screen smartphone," IDC program director Ryan Reith said in a statement. "This is an opportunity Apple is no question focusing on."

While Apple's shipments will grow over the next four years, the worldwide smartphone market will start to see shipments slow. IDC reported that total smartphone shipments will be up 11.3 percent in 2015, down from a 27.6 percent growth rate in 2014. By 2019, the market's growth rate will hit just 5.1 percent, and over a five-year period, the average growth rate will be 8.2 percent.


IDC said the slowdown is due in part to China. The market was, over the last few years, a major driver for smartphone growth as consumers were buying their first devices. As smartphones have started to saturate the market, shipments will start to fall. Indeed, IDC predicts that China's smartphone shipments will be up just 2.5 percent this year, adding that "the largest market in the world has reached a level of maturity where rapid growth will be harder to achieve."


Those issues in China are expected to have negative implications on Android, IDC said. Google's platform has relied on China to be a major growth driver for shipments. As China slows down, Android shipments will follow.


"This has implications for Android because China has been a critical market for Android smartphone shipments in recent years, accounting for 36 percent of total volume in 2014," Reith said.


Regardless, better times appear to be ahead for hardware vendors. By 2019, IDC said worldwide smartphone shipments are forecast to reach 1.9 billion. That breaks down to 1.5 billion Android devices, 274.5 million iOS devices, and 103.5 Windows Phone devices, according to IDC.


Neither Apple nor Google immediately responded to a request for comment.


The worldwide smartphone market in 2019 is expected to look awfully similar to today's smartphone market.


By the end of 2015, total smartphone shipments will hit 1.4 billion, according to new data from research firm IDC.


Google's Android operating system will account for 1.15 billion shipments, nabbing 79.4 percent of the worldwide smartphone market. Apple's iOS will come in second place at 237 million shipments and 16.4 percent market share. Microsoft's Windows Phone will only muster 46.8 million shipments and 3.2 percent market, said IDC .

Although iOS and Windows Phone will see their shipments jump considerably this year -- 23 percent and 34.1 percent, respectively -- not much is going to change in the marketplace over the next four years. By the end of 2019, Android will still own 79 percent of the worldwide smartphone market, followed by 14.2 percent for iOS and 5.4 percent for Windows Phone, said IDC.


The data shows how difficult it can be for any company to compete with Google's Android platform. A slew of vendors around the world, including HTC, Samsung, LG, Huawei, Xiaomi and countless others, all use Android to power their devices. The benefits to Android vendors are myriad, but chief among them is the ability to focus on hardware design and leave Google to worry about software updates, managing an operating system and attracting developers to an application marketplace.


Google will take on that charge at its I/O developer conference later this week. While the company isexpected to use the event to showcase the next version of Android, code named Android M, Google will also hold sessions for its developers to learn more about creating apps for its many platforms, including Android and Chrome OS. For Android handset vendors, there's also an ancillary benefit to the conference: Google shines a light on Android, boosting interest in the operating system and thus, devices running it. There's a possibility that some new Android devices could be shown off at I/O later this week.


For Apple, competing with Android for operating system dominance means little to nothing. While Google tries to woo vendors and get Android on as many devices as possible, Apple keeps its operating system to its line of iPhones and iPads. For Apple, the value is in selling hardware.


Apple's decision to debut larger-screen iPhones last September proved to be a good idea for its hardware business, according to IDC. Apple's 23 percent year-over-year shipment gain will be due in large part to the 4.7-inch and 5.5-inch screens on its iPhone 6 and iPhone 6 Plus, IDC said. What's more, if Apple continues to offer devices with larger screen sizes, the research firm believes Apple's year-over-year sales gains will outpace the entire market.


"IDC believes a sizable portion of the Android installed base were those who migrated over to the platform from iOS with the desire for a larger screen smartphone," IDC program director Ryan Reith said in a statement. "This is an opportunity Apple is no question focusing on."

While Apple's shipments will grow over the next four years, the worldwide smartphone market will start to see shipments slow. IDC reported that total smartphone shipments will be up 11.3 percent in 2015, down from a 27.6 percent growth rate in 2014. By 2019, the market's growth rate will hit just 5.1 percent, and over a five-year period, the average growth rate will be 8.2 percent.


IDC said the slowdown is due in part to China. The market was, over the last few years, a major driver for smartphone growth as consumers were buying their first devices. As smartphones have started to saturate the market, shipments will start to fall. Indeed, IDC predicts that China's smartphone shipments will be up just 2.5 percent this year, adding that "the largest market in the world has reached a level of maturity where rapid growth will be harder to achieve."


Those issues in China are expected to have negative implications on Android, IDC said. Google's platform has relied on China to be a major growth driver for shipments. As China slows down, Android shipments will follow.


"This has implications for Android because China has been a critical market for Android smartphone shipments in recent years, accounting for 36 percent of total volume in 2014," Reith said.


Regardless, better times appear to be ahead for hardware vendors. By 2019, IDC said worldwide smartphone shipments are forecast to reach 1.9 billion. That breaks down to 1.5 billion Android devices, 274.5 million iOS devices, and 103.5 Windows Phone devices, according to IDC.

Neither Apple nor Google immediately responded to a request for comment.

more...
No comment yet.
Scoop.it!

Researchers find another terrifying iOS flaw

Researchers find another terrifying iOS flaw | IT Support and Hardware for Clinics | Scoop.it

It can't have escaped your attention that security experts have declared open season on Apple products over the last few weeks. At San Francisco's RSA conference, an even more terrifying exploit has been revealed that has the power to send your iPhone or iPad into a perpetual restart loop. Mobile security firm Skycure has discovered that iOS 8 has an innate vulnerability to SSL certificates that, when combined with another WiFi exploit, gives malicious types the ability to create "no iOS zones" that can render your smartphones and tablets unusable. Before you read on, grab a roll of tinfoil and start making a new case for your iPhone.

Broadly speaking, any app that uses SSL certificates - which is almost all of them - can be fed a dummy certificate that causes it to crash. If, however, you can feed that same dodgy data into the operating system itself, then the hardware will be thrown into a perpetual loop of failed restarts. That can be easily achieved if you can set up a WiFi network to behave like one of the trusted setups that iOS automatically tries to connect to. So, as Gizmodo says, all it takes is for someone to build a nefarious network, name it "attwifi" and they've got a honeytrap.

Skycure has already reported its findings to Apple and won't give away any more details should it give hackers free reign to brick thousands of devices. Until the problem is fixed, users are advised not to trust free WiFi networks, keep iOS updated and, should they wander into a "no iOS zone," get out, quickly.


more...
No comment yet.
Scoop.it!

The Apple Store will give you credit for old Android phones

The Apple Store will give you credit for old Android phones | IT Support and Hardware for Clinics | Scoop.it

If you’re ready to defect to the iPhone from Android or BlackBerry, the Apple Store will welcome you with open arms—and some store credit.

Apple retail stores are expanding their trade-in programs beyond the iPhone and iPad to include “select” smartphones from other manufacturers. Word of the new program first appeared on individual store websites, as spotted by 9to5Mac.

Apple has been offering credit for old iPhones and iPads at its retail stores since 2013. The company also accepts old Apple products and Windows PCs through its Reuse and Recycle website. This is the first time Apple will be offering store credit for Android and BlackBerry phones.

It’s unclear how much you’ll get for these devices compared to other tech buyback services such as Gazelle, NextWorth, and EcoATM. Apple hasn’t posted any trade-in details for its U.S. stores, and Engadget reports that employees some locations aren’t even aware that the program has begun. We’ve reached out to Apple for clarification.

Why this matters: It’s extremely convenient to be able to dump your old phone while getting a discount on a new one, which might explain why all four major U.S. carriers now have their own trade-in programs. Apple is just making sure that its own stores have the same option—especially for users who can’t wait to switch platforms.


more...
No comment yet.
Scoop.it!

How The Apple Watch And iPhone 6 Plus Might Flip Your Mobile Computing Habits

How The Apple Watch And iPhone 6 Plus Might Flip Your Mobile Computing Habits | IT Support and Hardware for Clinics | Scoop.it

Apple’s new wearable hardware could eventually become much more than just an optional accessory – eventually, it could be one half of a Voltron-style combo that makes up the bulk of our computing life, relegating the tablet and smartphone model to the past. Just like a tablet/smartphone combo was a common duo over the past few years, a smartwatch/phablet duo could be the optimal setup for working on-the-go in the future.

The iPad and iPhone previously operated together as a way to both quickly and easily handle small tasks, but also to have a larger device on hand for taking care of more serious business, or for easier reading of longer content. Apple’s ability to create a tablet that people actually wanted to use probably cut the home PC out of the loop for a big chunk of users – and the market trends among the general PC OEM population over the past few years seems to back that up.

Of course, no computing paradigm is permanent. The iPhone was perhaps the first proof for many that a lot of general computing could be handled without having to seek further than your pocket. The Apple Watch will likely offer a similar realization, and the way it changes how we look at our devices could result in a flip of position and popularity between iPhone 6 and 6 Plus models.

While Apple doesn’t reveal specific details on the iPhone 6/6 Plus sales mix when it announces iPhone numbers each quarter (or even split between the current generation and previous ones, for that matter), Apple CEO Tim Cook did say during the company’s most recent earnings call that the iPhone 6 was outselling the 6 Plus during the last quarter. I’d argue that the Apple Watch will be the bump needed to switch that around for the coming generation of new iPhone devices, because so much more can be done on the wrist, which affects the basic mechanics of carrying a large device in a big way.

As it is, I’m torn between the convenience of the smaller iPhone 6 and the big benefits of the larger display on the iPhone 6 Plus. But when the Apple Watch is added into the mix, the choice becomes much more clear. Even if the Watch only decreases the number of times you have to actually retrieve your iPhone from your bag or pocket by around 30 percent (and I’m anticipating more than that based on early impressions and reports from longer-term testers), then that already mitigates some of the downsides of the larger device. Currently, my primary reason for going with the iPhone 6 is basically just that the 6 Plus works better as something carried in a bag or coat than a pants pocket. The pocket, however, is far easier to reach in most settings.

So long as the Watch is sufficient for triaging most of the cases in which reaching into a bag would be awkward (while talking to others, for instance), my iPhone 6 Plus pains would be alleviated. And the combo then eliminates much of the benefit of carrying an iPad.

As a result, I think it’s worth considering the Apple Watch as more of an iPad-like product line than as an iPhone accessory. If Apple can usher in a shift to a wearables/smartphone paradigm, the opportunity might be far greater than if it was just adding and additional device to the existing list of devices anyone uses on a daily basis.

That’s not to say the iPad goes away, either; I’d see it becoming even more of a PC or home computer replacement in this new arrangement, spending more time on the coffee table than in the bag. And that new vision has me excited – I’ve given up on fantasies of going back to a more unplugged world, but Apple Watch could at least avoid those smartphone attention holes when a notification pulls you into a lengthy, distracted aimless browsing session.


more...
Tom Bryon's curator insight, March 25, 2015 2:59 AM

New technology is getting smaller, faster, and easier to use. In our day to day life, when we need to find information, we consult our mobile phones due to the convenience and ease of access. Does this mean in the future we will be utilising a wearable piece of technology? It is early days for the Apple watch but as software and hardware evolves, it may be essential to wear a computer around your wrist. 

SowmyaD's curator insight, March 27, 2015 4:47 AM

In the past decade, technology has changes drastically by allowing us to use technology such as phones, music player, and more in a more compact version. We are currently in the age of using devices of the iPhone and iPad sizes. This article discusses the possibility that the same features we use now will be accessed on an even smaller screen - the iWatch. 

Oktay Dağdeviren's curator insight, March 30, 2015 6:07 AM
http://newworld-tech.com/iphone-6-ekran-degisimi.html
Scoop.it!

Wireless Charging May Not Be Doomed To Irrelevance

Wireless Charging May Not Be Doomed To Irrelevance | IT Support and Hardware for Clinics | Scoop.it

Wireless charging is a decent idea that’s been held back for years by double and sometimes triple or quadruple vision: Instead of picking one standard that works well enough, the industry has fragmented itself among competing, incompatible implementations that may each flop and leave buyers stuck with useless hardware.

Yes, you’ve seen this format-war movie before… on Beta, Laserdisc, and HD-DVD.

But this year’s Mobile World Congress provided a little more room for optimism than before.

First off, Samsung’s debut of the Galaxy S6 and S6 Edge—each of which support both Qi and Powermat wireless charging, the two most widely deployed versions—means devices capable of wireless charging will soon occupy millions of pockets and purses.

Qi, pronounced “chee,” has been around for a while. A handout from the Wireless Power Consortium, the trade group behind the specification, cites 79 phones that are compatible. But none of these 79 phones has been a flagship model you could expect to find sold by all four major U.S. wireless carriers, or bought by millions of shoppers. Note that while the S6 and S6 Edge will be able to draw current from both Qi and Powermat chargers, Samsung told me its own wireless-charging accessory will be a Qi surface.

It’s also getting slightly easier to find Qi charging surfaces. Last October, Marriott began putting Qi hardware in the lobbies of some of its hotels, and at MWC Ikea announced that it would soon sell furniture with Qi chargers built in.

A new smartphone app by the Qi developer Aircharge aims to show off all the places that its wireless charging surfaces are available; in Manhattan, it only found three publicly accessible Qi locations, all Marriott properties. So much for progress in the Big Apple.

And as the S6’s ambidextrous wireless charging capability illustrates, there are two sides to this story. Powermat’s longstanding technology is being folded into a developing rival to Qi called Rezence, a name that alludes to its use of magnetic resonance instead of Qi’s inductive charging.


more...
No comment yet.
Scoop.it!

Apple, Android Prep 'Freak' Fix

Apple, Android Prep 'Freak' Fix | IT Support and Hardware for Clinics | Scoop.it

Numerous Apple and Android devices, as well as websites, are vulnerable to a serious flaw, which an attacker could exploit to subvert secure Web connections. The flaw exists in SSL and TLS and results from the ability to force crypto suites to downgrade from using a "strong" RSA cipher to a weaker, "export-grade" RSA cipher.

The researchers who discovered the vulnerability have dubbed it "Freak," for "Factoring RSA-EXPORT Keys," and warn that it can be used to crack a cipher key and then impersonate legitimate sites - such as the public-facing National Security Agency website - to vulnerable clients. In some cases it could also be used to hijack third-party tools, such as the Facebook "like" button functionality, and inject JavaScript into vulnerable clients and steal passwords.


"In case you're not familiar with SSL and its successor TLS, what you should know is that they're the most important security protocols on the Internet," Johns Hopkins University cryptographer Matthew D. Green says in a blog post. "In a world full of untrusted networks, SSL and TLS are what makes modern communication possible."

Security researchers warn that the flaw exists in versions of OpenSSL prior to 1.0.1k, and affects all Android devices that ship with the standard browser, although they say Google Chrome is immune. The flaw also exists in Apple TLS/SSL clients, which are used by both Mac OS X clients, as well as iOS mobile devices. The vulnerability has been designated as CVE-2015-0204.

Researchers say it's not clear how many users, devices or websites are vulnerable to the Freak flaw, or if it has yet been exploited in the wild. But 6 percent - or 64,192 - of the world's 1 million most popular websites (as ranked by Amazon.com Web traffic monitoring subsidiary Alexa) are currently vulnerable to the flaw, according to the Tracking the Freak Attack site, which is run by researchers at the University of Michigan, and can be used to check if clients are vulnerable to Freak attacks.

Researchers from French computer science lab INRIA, Spanish computer lab IMDEA and Microsoft Research have been credited with discovering the flaw and detailing how it can be exploited. "You are vulnerable if you use a Web browser that uses a buggy TLS library to connect, over an insecure network, to an HTTPS server that offers export ciphersuites," they say. "If you use Chrome or Firefox to connect to a site that only offers strong ciphers, you are probably not affected."

In recent weeks, the researchers - together with Green - have been alerting affected organizations and governments. Websites such as Whitehouse.gov, FBI.gov, and connect.facebook.net - which implements the Facebook "like" functionality - were vulnerable to related attacks, but have now been fixed, Green says. But he notes that numerous sites, including the public-facing NSA.gov website, remain vulnerable.

Apple, Google Prep Patches

Apple tells Information Security Media Group that it is prepping a patch, which it plans to release next week. OpenSSL released a related patch in January, and content delivery networks - such as Akamai - say they've either put fixes in place or will do so soon.

While Google didn't immediately respond to a related request for comment, a spokeswoman tells Reuters that the company has already prepped an Android patch and distributed it via the Android Open Source Project to its business partners. She notes that it's now up to those businesses - which include such equipment manufacturers as Samsung, HTC, Sony, Asus and Acer - to prep and distribute patches to their customers. But while some OEMs have a good track record at prepping and releasing patches in a timely manner, others delay, or never release patches.

Businesses and users should install related patches as quickly as possible, says information security consultant and SANS Institute instructor Mark Hofman in a blog post. "To prevent your site from being used in this attack you'll need to patch OpenSLL - yes, again. This issue will remain until systems have been patched and updated, not just servers, but also client software," he says. "Client software should be updated soon - hopefully - but there will no doubt be devices that will be vulnerable to this attack for years to come - looking at you Android.

Crypto Wars 1.0 Legacy

Experts say that the Freak flaw is a legacy of the days when the U.S. government restricted the export of strong encryption. "The SSL protocol itself was deliberately designed to be broken," Green says, because when SSL was first invented at Netscape, the U.S. government regulated the export of strong crypto. Businesses were required to use the relatively weak maximum key length of 512 bits if they wanted to ship their products outside the country.

While those export restrictions were eventually lifted, and many developers began using strong crypto by default, the export-grade ciphers still linger - for example in previous versions of OpenSSL - and can be used to launch man-in-the-middle attacks that force clients to downgrade to the weak crypto, which attackers can crack. "The researchers have identified a method of forcing the exchange between a client and server to use these weak ciphers, even if the cipher suite is not 'officially' supported," Hofman says.

Hacking NSA.gov

The researchers who discovered the Freak flaw have published a proof-of-concept exploit on the SmackTLS website, demonstrating a tool they developed, together with a "factoring as a service" capability they built and hosted on a cluster of Amazon Elastic Compute Cloud - EC2 - servers. The exploit was first used against the NSA.gov website. "Since the NSA was the organization that demanded export-grade crypto, it's only fitting that they should be the first site affected by this vulnerability," Green says. Cracking the key for the NSA.gov website - which, it should be noted, is hosted by Akamai - took 7.5 hours, and cost $104 in EC2 power, he adds. Were the researchers to refine their tools, both the required time and cost to execute such attacks would likely decrease.

The researchers have reportedly been quietly sounding related alerts about the Freak flaw in recent weeks to vulnerable governments and businesses, hoping to keep it quiet so that patches could be rolled out in a widespread manner before news of the flaw went fully public. But The Washington Post reports that Akamai published a blog post on March 2, written by its principal engineer, Rich Salz, which brought attention to the problem sooner than the researchers had hoped.

Still, the Freak flaw has existed for well over a decade, and follows the 2014 discovery of such new "old" bugs as Heartbleed, POODLE and Shellshock, which existed for years before being found.

Moral: Encryption Backdoors

In the post-Snowden era, many technology giants have moved to use strong encryption wherever possible, in part to assuage customers' concerns that the NSA could easily tap their communications. Apple and Google also began releasing mobile devices that use - or could be set to use - strong crypto by default. And many U.S. and U.K. government officials have reacted with alarm to these moves. Often citing terrorism and child-abuse concerns, many have demanded that the technology firms weaken their crypto by building in backdoors that government agencies could access.

But Green says the Freak flaw demonstrates how any attempt to meddle with strong crypto can put the user of every mobile device, Internet browser or website at risk. "To be blunt about it, the moral is pretty simple: Encryption backdoors will always turn around and bite you ..." he says. "They are never worth it."


more...
No comment yet.
Scoop.it!

Google Reportedly Preparing Android Wear for iPhone and iPad

Google Reportedly Preparing Android Wear for iPhone and iPad | IT Support and Hardware for Clinics | Scoop.it

Google is reportedly preparing to release an Android Wear app on the App Store for iPhone and iPad, according to French technology website.

The report claims Android Wear with extended iOS support could be announced at Google's I/O developer conference in late May, although Google may push the agenda depending on sales of the Apple Watch.

Google may be interested in capitalizing on iPhone and iPad users that are not planning to purchase an Apple Watch when the wrist-worn device is released in April, the report adds. Last month, an unofficial video of an iPhone paired with Android Wear for notifications amassed over 300,000 views on YouTube.

Android Wear smartwatches such as the LG G Watch, Moto 360 and Samsung Gear Live are currently limited to pairing with smartphones running Android 4.3 or later, such as the Samsung Galaxy S5, HTC One M8 and LG G3. Pairing an Android smartphone and smartwatch requires the official Android Wear app on the Google Play Store.

While 01net is one of the largest technology publications in France, its exclusive report has not yet been corroborated by other sources and its veracity cannot be confirmed. But given that Google is generally more open about cross-platform compatibility, and has an existing portfolio of apps on the App Store, there is a possibility that Android Wear for iOS could one day be a reality.


more...
Eduardo Vaz's curator insight, March 25, 2015 11:15 AM

#Google wants #AndroidWear to work with #Apple products even though #AppleWatch only works with #iOS. #ygk

Scoop.it!

How Samsung won the smartphone wars — then blew it

How Samsung won the smartphone wars — then blew it | IT Support and Hardware for Clinics | Scoop.it

In November 2011, Samsung released the first of a series of ads that would define the company for the next three years.

It started with a bunch of hipster-looking people waiting outside a mock Apple Store for the next iPhone. As the hipsters tick down the hours until they have the right to get Apple’s new iThing, they spot others on the street using something better.

The phone, Samsung’s former flagship Galaxy S II, had a big screen and a 4G wireless connection, two major features that were missing from Apple’s new iPhone 4S. And unlike the iPhone, you didn’t have to wait around to buy a Galaxy S II. You could get it now.

The irony was that you didn’t see anyone lining up to buy a Samsung, or anything other than an iPhone, in those days. But that started to change with that first “Next Big Thing” spot. Just like Apple poked fun at Microsoft with its “I’m a Mac” campaign in the 2000s, Samsung’s goal was to tap into the same strategy — a little guy taking swings at the dominant player in the industry.

By the end of 2012, Samsung's profits were up a whopping 76%, fueled by the growth of the mobile division, which suddenly became the most profitable part of Samsung. Samsung was the only company other than Apple making a profit in mobile, and it seemed to be closing in on Apple’s dominance, prompting The Wall Street Journal to publish its famous “Has Apple Lost Its Cool To Samsung?” headline in January 2013.

By the time the Galaxy S4 launched in March 2013, the anticipation surrounding Samsung’s products could only be rivaled by Apple. It was officially a two-horse race.

But it only took another year for things to come crashing down. Profits tumbled in 2014, even during the normally lucrative holiday season. Throughout the year, Samsung blamed increased competition in mobile for the downturn.

Now, Samsung is gearing up for its most important smartphone launch ever on March 1. The question is whether or not the Galaxy S6 will be enough to help Samsung recover from its slump, or if it will share the same fate as former kings of mobile like Nokia, BlackBerry, and Motorola.

How did Samsung get so big so fast, and how did it all go so wrong? Competition from new players like Xiaomi and a renewed Apple are a big part of the equation.

But Business Insider has also learned that corporate politics, and a rift between the company's South Korean headquarters and its suddenly successful US group, also played a role.


more...
No comment yet.
Scoop.it!

Apple is now an existential threat to Android

Apple is now an existential threat to Android | IT Support and Hardware for Clinics | Scoop.it

For the first time ever, sales of Google's Android mobile devices have gone into decline — an astonishing defeat for a product that is given away free to manufacturers. And in the US, iPhone alone now outsells all Android devices, for the first time in three years.

Google ought to be terrified at this news. Apple's iOS operating system for iPhone and iPad is trampling all over the Android world right now. This isn't just an incremental shift in market share.

This is, if left unchecked, an existential turning point for Android and its developers and manufacturers. After all, if you can't win a battle against a product that costs about $700/£550 with a product that's equally good but free, then you're screwed. 

"Defeat" for Android is relative, of course. Apple sold 75 million phones in Q4 worldwide, whereas Android sold 206 million. So Android is still King Kong to Apple's Fay Wray. But Android has never seen a quarter of sales declines. Usually, market share shifts between Apple and Android, but Android always sells more phones. Now Android is selling fewer phones. And iPhone sales continue to spiral upward.

It has never been more depressing to be an Android fan than right now.

It wasn't supposed to be like this.

In the official playbook, the iPhone is the phone of the rich, that handful of Western countries where $700 isn't a month's wages. Android is for everyone else — the poor, the working class, the ordinary people. For years, 80% of phones sold have been Android phones. While it might "feel" like everyone in London, New York and San Francisco has an iPhone, the reality is that outside those wealth bubbles it's an Android planet. In country after country, Apple could only muster market share in the single digits.

Android's noble mission

Android's mission is a noble one, too. Google didn't just launch a new phone product. It launched a free mobile computing platform that would let everyone have access to the internet at almost any price-point. Google introduced the Android One in India and other countries for just $100. Xiaomi launched a bestselling Android phone brand in China that looked and felt as cool as an iPhone but for a fraction of the price. While Apple rejoiced at selling 75 million expensive phones, Google wanted Android to get into the hands of the next 5 billion people. Developing countries are buying phones at a rate of 100 million units a quarter, and not because of Apple. That's Android's doing.

iPhone was for the 1%.

But Android was The People's Phone.

The People, however, appear to have had other ideas.

It's not simply the case that one product is better than the other. Android is arguably superior for users — you can do more with it in more flexible ways. Android had NFC payments years before Apple Pay showed up. And Android has a back button! iOS is great but it's also boring — there is only one way to use it. And Apple is about to ship an update to iOS that is focused on "stability" and "optimisation." In plain English, iOS is currently full of bugs and Apple wants to fix them. Remember when Apple shipped that iOS 8 update that prevented phones from making phone calls? That's how "superior" iOS is to Android. 

All that turned out to be irrelevant, however. In Q4 2014, Apple didn't just sell a lot of iPhone 6 units. That was expected: Apple always sells a lot of its newly launched phones in Q4, right after launch. Rather, Apple went a step further and actually stole market share from Android that — according to the playbook — Google should never have ceded.  

What's going on?

One thing that might be changing are assumptions around the role of price competition. The received wisdom is that when consumers are faced with two relatively equal products, but one is priced much lower than the other, then the cheaper product will solidify healthy market share. That iPhones are the most expensive phones on the market suggests that the poor will plump for Android.

But the ABI numbers (above), if they're accurate, suggest we're seeing a situation where even consumers on modest incomes are saving up and buying iPhones. There are very few products where poor people feel compelled to do that — cars and weddings are two of them. Apple is making inroads much further down the economic ladder than it used to, perhaps.

And then there are the manufacturers. Samsung is essentially imploding. For years it sold big-screen phones and took advantage because Apple only sold small screens. They were great phones, but those days are over. Now, Samsung phones — filled with self-promotional Samsung bloatware — don't look so good by comparison to iPhone 6.

Xiaomi has "forked" Android and is making its own great models — but they're only available in some Asian countries. Competing Android system developers like Cyanogen and Amazon are working to end Google's stewardship of the system.

Android is in disarray

StatistaDon't believe that strategic decisions about mobile platforms are important? Consider that it only took a couple of years for iPhone and Android to wipe BlackBerry off the map.

Android is in disarray, in other words. It has never faced so many threats from without and within. If Google makes the incorrect strategic decision about the direction of Android over the next five years, then it will be in serious trouble.

One hesitates to write Android's obituary, of course. Google really is intent on bringing the next billion people online (and Facebook is helping the company do it). For those people, people who are on a dollar a day or more but who need to be online, the iPhone may well be out of reach. Earth may once again become the Android Planet, and iOS may revert to its default status as the Rolls Royce of computer operating systems, used by people who think that having two cars, two televisions, and two showers a day is completely typical human behaviour.

But Apple has proved one major fact that Google must now accept: The reach of iPhone will be far greater than previously thought, and simply being the cheap/adequate alternative may not be good enough.


more...
No comment yet.
Scoop.it!

Apple is now worth more than Microsoft and Google combined

Apple is now worth more than Microsoft and Google combined | IT Support and Hardware for Clinics | Scoop.it

Ca-ching, ca-ching, ca-ching! Apple’s stock price has been on a tear lately and the company’s shares closed trading on Wednesday at a new high of $124.88. This gives Apple an absolutely massive market cap of $716.7 billion, which once again makes Apple the single most valuable American company ever just one day after it broke through the $700 billion barrier for the first time.

However, Wednesday’s closing number was remarkable for another reason: Apple’s total market cap is now more than the combined market caps of Google and Microsoft. You read that correctly: If you add Google’s market cap of $365.46 billion with Microsoft’s market cap of $349.89 billion, you get $715.35 billion, or $1 billion less than Apple’s market cap at the end of trading Wednesday.

For more perspective, consider that only two other tech-related companies — Verizon and Facebook — have market caps of over $200 billion. And as Benzinga informs us, activist investor Carl Icahn thinks Apple could easily trade at $216 per share right now, which would be more than enough to put it over the $1 trillion market cap threshold.

Whether Apple can maintain this insane value going forward is open to debate, of course, but given its exceptionally high customer loyalty, there’s no reason to think Apple won’t continue posting record profits for a good while to come.


more...
No comment yet.