IT Support and Hardware for Clinics
32.7K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Apple Watch Gets Another Competitor in the Android-Based LG Watch Urbane

Apple Watch Gets Another Competitor in the Android-Based LG Watch Urbane | IT Support and Hardware for Clinics | Scoop.it

LG Electronics today announced a new device in the line of Android Wear smartwatch products, called the LG Watch Urbane. Planned for a full unveiling at Mobile World Congress next month, the watch is said to combine the traditional aspects of a luxury timepiece with the "high-tech flare" of a modern smartwatch.

The LG Watch Urbane follows in the footsteps of LG's previous foray into the world of smartwatches with the LG G Watch R, launched last October. LG says while the G Watch R was designed with a more active lifestyle in mind, the Watch Urbane has taken a more formal, classic route that will suit both men and women. Despite the formal look, the Watch Urbane is powered by a smartwatch-style touch-based interface that is compatible with any smartphone running Android 4.3 or above.

“The LG Watch Urbane’s classic design and smart features make it the perfect smartwatch to complement our G Watch and G Watch R, which were designed as more casual and active devices,” said Juno Cho, president and CEO of LG Electronics Mobile Communications Company. “LG Watch Urbane is an important part of our strategy to develop wearable devices that are worn and viewed as everyday accessories, not electronic gadgets.”

The LG Watch Urbane includes the same 1.3-inch full circle P-OLED display as the LG G Watch R - which was the first smarwatch to include such a display - but features a narrower bezel this time around, offering it that more formal, sleeker look touted by LG. The watch comes in gold and silver options with a natural leather strap that can be replaced by any 22mm wide band, according to the company.

Not many specific details were given on the device's smartwatch capabilities, but LG confirmed the LG Watch Urbane will be able to measure a user's heart rate for fitness purposes thanks to a photoplethysmography (PPG) sensor built into the device. Other key factors, like pricing and whether the new Android-based smartwatch will hit around the Spring launch of the Apple Watch, was not yet disclosed by LG.

Key Specifications:

- Chipset: 1.2GHz Qualcomm® Snapdragon™ 400
- Operating System: Android Wear™
- Display: 1.3-inch P-OLED Display (320 x 320, 245ppi)
- Size: 45.5 x 52.2 x 10.9mm
- Memory: 4GB eMMC/ 512MB LPDDR2
- Battery: 410mAh
- Sensors: 9-Axis (Gyro / Accelerometer / Compass) / Barometer / PPG (Heart Rate Sensor)
- Colors: Gold / Silver
- Other: Dust and Water Resistant (IP67)

LG's newest foray into the increasingly crowded world of smartwatches is the latest in a long line of companies announcing new iterations of older products, or new products altogether, preparing to do battle with Apple's April launch of the Apple Watch.


more...
No comment yet.
Scoop.it!

930 Million Android Devices at Risk?

930 Million Android Devices at Risk? | IT Support and Hardware for Clinics | Scoop.it

Information security experts are calling on Google to rethink its patch priorities after it confirmed that it will no longer update a critical component that runs on Android 4.3 "Jelly Bean" and older devices. As a result, 61 percent of all Android smart phones and tablets - or about 930 million devices - will be running a version of Android that contains known vulnerabilities that an attacker could remotely exploit to seize control of the device or steal the data it stores, according to data security firm Rapid7.


At issue are the versions of WebView, which is used by Android to render Web pages, that are present in pre-Android 4.4 devices. Rapid7 researchers say that after finding and reporting a newly discovered vulnerability in older versions of WebView to Google's security@android.com team, Google responded that it was not going to issue a related patch.

Google says that if it receives a patch for older versions of WebView from a third party, it will distribute it to anyone who develops Android distributions. But Google says it no longer plans to create and distribute its own patches for such flaws. "If the affected version [of WebView] is before 4.4 [KitKat], we generally do not develop the patches ourselves but do notify partners of the issue," Google's e-mail to Rapid7 says. "If patches are provided with the report [from a third party] or put into AOSP [Android Open Source Project] we are happy to provide them to partners as well."

But Rapid7, citing data published by market researchers Gartner and Strategy Analytics, says Google's policy will leave the estimated 930 million mobile devices that run pre-KitKat versions of Google's open source Android operating system at risk, because they will be stuck running outdated - and vulnerable - versions of WebView. Device manufacturers could, theoretically, issue related patches themselves, but to date they have not done so.

A Google spokeswoman declined to comment on Rapid7's report.

Numerous hardware and software developers stop issuing updates for their products after they have been on the market for a specified period of time. But today, only 37 percent of in-use Android devices run version 4.4 of the operating system - introduced in November 2013 - and just 1.5 percent run the most recent version 5 - code-named Lollipop - according to market research firm Net Market Share.

In other words, 61 percent of still-in-use Android devices won't be receiving WebView updates from Google, and thus could be at risk from "mass-market exploits" designed to seize control of millions of devices at once, says Tod Beardsley, who's the technical lead for the Metasploit open source penetration testing framework, which is maintained by Rapid7.

"This is great news for penetration testers, of course; picking company data off of Android phones is going to be drop-dead easy," Beardsley says in a blog post. "Unfortunately, this is great news for criminals," because it gives them potential new ways to penetrate devices, implant malware, steal data or intercept communications.

Beardsley says that in the past year, two researchers have discovered nearly a dozen exploits in WebView - most of which affect versions of the component that run on Android 4.3 "Jelly Bean" and earlier devices - and that Metasploit currently ships with 11 exploits for known WebView flaws.

Newer WebView Auto-Updates

WebView is a widely used Android component. Indeed, Google's developer guide encourages Android developers to use WebView "to deliver a Web application - or just a Web page - as a part of a client application." Google's developer documentation further outlines a number of scenarios in which it might be employed, ranging from retrieving an end-user agreement or user guide from inside an app, to accessing any type of information that requires an Internet connection, such as retrieving e-mails.

When Google introduced Android 4.4 KitKat, it debuted a new, stand-alone WebView component, based on its Chromium open source project, that was decoupled from the Android operating system. "The new WebView includes an updated version of the V8 JavaScript engine and support for modern Web standards that were missing in the old WebView," Google's developer documentation states.

From a security standpoint, the big-impact change was the ability - now found in all modern browsers - for WebView to be automatically updated by Google. In other words, thanks to Google uncoupling WebView from the innards of the Android operating system, WebView updates can be piped directly to all users of Android 4.4 and newer, just as Google does with any other app that's available via the Play Store and Google Play services, news site Android Police reports.

Here is why that change is good: Many Android devices run a version of the operating system that's customized by whichever OEM produces the device. As a result, every time Google releases an Android operating system update, the OEM has to test the update, then create a customized version for its devices. Thanks to the newer version of WebView, however, Google can now directly update that component on all Android 4.4 and newer devices, without the OEM having to build the patch into their version of Android and then distribute it to their users.

Android Is Open Source

But the question of whether it's right for Google to cease updating older versions of WebView, an important component that still runs on nearly 1 billion Android devices, remains. Rapid7's Beardsey notes that Android is technically an open source project, and that OEMs could, in theory, obtain patches for newly discovered flaws in older versions of WebView from third parties. But he says that to date, the OEMs that do patch Android have relied on updates issued directly from Google. "The update chain for Android already requires the handset manufacturers and service carriers to sign off on updates that are originated from Google, and I cannot imagine this process will be improved once Google itself has opted out of the patching business," he says. "After all, is AT&T or Motorola really more likely to incorporate a patch that comes from some guy on the Internet?"

Some OEMs have a relatively good track record at keeping customers' Android devices updated with the latest security fixes. But others rarely - if ever - release security patches for devices.

With Google ceasing to update a core component of Android that runs on pre-4.4 versions, the risks to users will only increase, Beardsley warns. "Please reconsider, Google," he says. "As a software developer, I know that supporting old versions of my software is a huge hassle. I empathize with their decision to cut legacy software loose. However, a billion people don't rely on old versions of my software to manage and safeguard the most personal details of their lives."


more...
No comment yet.