For at least the past six months, a popular remote management app available in the official Google Play Store has opened tens of millions of Android users to code-execution and data-theft attacks when they use unsecured networks, researchers said Thursday.
AirDroid, which has been downloaded 10 million to 50 million times from the official Google Play Store, uses a static and easily detectable encryption key when transmitting update files and sensitive user data, according to a blog post published by security firm Zimperium. Attackers who are on the same network can exploit the weakness to push fraudulent updates or view potentially sensitive user information, including the international mobile equipment identity and international mobile subscriber identity designations that are unique to each phone.
"A malicious party on the same network as the victim can leverage this vulnerability to remotely gain full control of their device," Simone Margaritelli, principal security researcher at Zimperium's zLabs, told . "Moreover, the attacker will be able to see the user's sensitive information such as the IMEI, IMSI, and so forth. As soon as the update, or fake update, is installed the software automatically launches the updated [Android app file] without ever verifying who built it."
For cable and satellite TV customers who want to cancel and switch to online streaming, the shortage of local sports has long been a major drawback. But regional sports networks that air your local baseball, basketball, and ice hockey teams are starting to come to online streaming services, and AT&T's DirecTV Now has rights to most of the US-based MLB, NBA, and NHL teams in local markets.
The coverage isn't perfect. DirecTV Now has rights to all three leagues in some cities, and none in others. For example, Chicago-area subscribers to DirecTV Now can watch the Cubs, White Sox, Bulls, and Blackhawks, but Philadelphia-area customers would have no access to the regional sports channel covering the Phillies, 76ers, and Flyers. It's a mix in cities where DirecTV Now has rights to some regional sports networks but not others. DirecTV Now in New York thus has the Yankees but not the Mets, the Nets but not the Knicks, and neither of the NY-based hockey teams. Boston-area subscribers to DirecTV Now can watch the Celtics on Comcast SportsNet New England, but there's no Red Sox or Bruins coverage because DirecTV Now lacks rights to New England Sports Network.
Limitations are due to what programming contracts AT&T was able to strike. More teams and networks could be added in the future if AT&T agrees on prices with other programmers.
The Apple Maps experience today is dramatically better than it was when the product first launched with iOS 6 in 2012, but Apple is still looking for ways to improve its data collection and compete with Google Maps. According to a report from Bloomberg, the next stage in this effort is to use a fleet of drones from DJI, Aibotix, and others to look at street signs, track road construction, and examine other changes. It's not clear if these drones will replace or merely augment the data already being collected by Apple Maps minivans.
Apple was granted an exemption by the Federal Aviation Administration in March of 2016, allowing the company to commercially fly drones to gather data. Current rules for unmanned aircraft systems (PDF) restrict drone flights to daylight hours and insist that pilots maintain line-of-sight with the drones at all times, among many other rules. The company is said to have hired someone from Amazon's "Prime Air" drone delivery project to head up its drone team, which is currently being assembled in Seattle rather than at Apple's Cupertino, California, headquarters.
The initial versions of Apple Maps hadn't been vetted thoroughly enough, and the initial backlash to the product led to changes across the company. CEO Tim Cook publicly apologized for Apple Maps in 2012, and longtime iOS software lead Scott Forstall's refusal to sign that apology was one of the reasons he left the company. In an interview earlier this year, Cook, Software Engineering SVP Craig Federighi, and Internet Software and Services SVP Eddy Cue said that the Maps problems had led directly to Apple's public beta programs for macOS and iOS.
A report from The Information states that the fitness tech giant Fitbit is finalizing a deal to buy Pebble. The report suggests the price would be for "a small amount," and an independent source confirmed to Engadget that Fitbit will buy Pebble for $34 to $40 million.
The news isn't entirely a surprise. Pebble, which first came on the scene through its popular Kickstarter campaigns for its smartwatches, recently announced it would lay off 25 percent of its workforce. At the time, Pebble CEO Eric Migicovsky didn't give an exact reason for the layoffs, only stating that money was "pretty tight."
Pebble has been looking to sell for a while, likely due to these financial woes, but it has turned down offers in the past. Citizen offered Pebble $740 million for the company back in 2015. Intel also wanted to buy Pebble for $70 million earlier this year, but it would have required a delay in the launch of the Pebble 2 and the Pebble Time 2.
With Thanksgiving behind us, the holiday season in the US is officially underway. If you're reading , that can only mean one thing: you'll be answering technical questions that your relatives have been saving since the last time you visited home.
This year in addition to doing the regular hardware upgrades, virus scans, and printer troubleshooting, consider trying to advise the people in your life about better safeguarding their security and privacy. Keeping your data safe from attackers is one of the most important things you can do, and keeping your communications and browsing habits private can keep that data from being used to track your activities.
This is not a comprehensive guide to security, nor should it be considered good enough for professional activists or people who suspect they may be under targeted surveillance. This is for people who use their phones and computers for work and in their personal lives every single day and who want to reduce the chances that those devices and the accounts used by those devices will be compromised. And while security often comes at some cost to usability, we've also done our best not to impact the fundamental utility and convenience of your devices.
"Netflix members worldwide can now download in addition to stream great series and films at no extra cost," the company's announcement said. "While many members enjoy watching Netflix at home, we’ve often heard they also want to continue their Stranger Things binge while on airplanes and other places where Internet is expensive or limited." Downloads are available for all pricing plans.
The feature is available in the new versions of Netflix's apps for iOS and Android devices. Not every show or movie is available for download, likely due to restrictions in programming contracts. Netflix says the download feature is available for "select TV shows and movies." Besides Stranger Things, the Netflix announcement said that Orange Is the New Black, Narcos, and The Crown are available for download now. These four have something in common: they are all produced by Netflix.
Titles that can be viewed offline have a download icon, and customers can also browse downloadable shows and movies in a new "Available for Download" section. Once downloaded, customers can watch the videos with or without an Internet connection from the "My Downloads" section.
GoPro may have touted strong Black Friday sales, but the company is still experiencing turmoil. GoPro announced it would cut 15 percent of its workforce, totaling about 200 full-time positions, and close its entertainment unit to reduce 2017 operational costs.
This news comes at the end of a frustrating year for the action cam company. Back in January, GoPro cut seven percent of its workforce in an effort to "better align resources to key growth initiatives." Earlier this month, the company recalled its $799 Karma drone because some of them lost power during operation. Only about 2,500 Karma drones were sold, but GoPro decided to recall all of them for safety reasons and because the number of drones affected by the problem was unknown.
One of the employees departing the company before year's end will be President Tony Bates, who previously worked at Skype and Microsoft. "My time at GoPro has been an incredible experience," Bates wrote in the statement. "In the past three years, GoPro has seen enormous progress in camera technology, software and international growth. Today GoPro has a solid leadership team deeply focused on its core business and profitability."
Researchers say they've uncovered a family of Android-based malware that has compromised more than 1 million Google accounts, hundreds of them associated with enterprise users.
Gooligan, as researchers from security firm Check Point Software Technologies have dubbed the malware, has been found in at least 86 apps available in third-party marketplaces. Once installed, it uses a process known as rooting to gain highly privileged system access to devices running version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop) of Google's Android operating system. Together, the vulnerable versions account for about 74 percent of users.
The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner's Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite. In a blog post published Wednesday morning, Check Point researchers wrote:
Google Earth Timelapse is a really awesome project that lets you turn back the clock on Planet Earth. In 2013, Google worked with the US Geological Survey (USGS), NASA, and TIME to compile a history of satellite imagery from 1984 to 2012. Today, Google updated the project with "four additional years of imagery, petabytes of new data, and a sharper view of the Earth from 1984 to 2016."
The new data isn't just "new" data—Google also managed to compile better older images of Earth thanks to the Landsat Global Archive Consolidation Program. Google says it sifted through 5 million satellite images from five different satellites, taking the best of the "three quadrillion pixels" to create 33 images of Earth (one for each year). Thanks to the plethora of data and Google's cloud-computing algorithms, you get all of this without any clouds blocking the view.
The images are up on Google Earth Engine, where the interactive "Timelapse" page basically looks like Google Earth, but with a draggable timeline and a "play" button. Google has even highlighted a few spots where viewers can watch a glacier melt away into nothingness or check out pretty much anywhere in China, which looks like a game of SimCity.
SD cards have historically been associated with digital cameras, media players, game consoles, and other relatively simple and appliance-like devices. In these roles, the cards primarily needed to offer fast sequential read and write speeds, since they were typically just being asked to save and access one file at a time. But SD cards are becoming increasingly important as primary storage devices, use cases that demand better random read and write performance to account for multiple apps making small reads and writes to the cards in rapid succession.
In recognition of these more complex use cases, the SD Association has introduced version 5.1 of the SD Specification (PDF), which adds a new "App Performance" class that guarantees buyers a minimum number of input/output operations per second (IOPS) just as the current speed classes guarantee minimum sequential writing speeds. The new "A1" speed class promises that cards support sustained write speeds of at least 10MBps, at least 1,500 read IOPS, and at least 500 write IOPS. Additional speed classes "will be introduced to meet market needs."
IT NewsEnlarge/ Unfortunately, it's easier to stick a lock on the Brooklyn Bridge than it is to secure your data. We can at least try to help, though. (credit: Andrew Cunningham)With Thanksgiving behind us, the holiday season in the US is officially underway. If you're reading , that can only mean one thing: you'll be answering technical questions that yoAndroid for Work—Google's enterprise-focused dual-persona mode for Android—is a great solution for BYODers that need to keep work and personal data separate. Enable it and Android leverages the multi-user framework to you give your work and personal sides separate apps and separate data, while giving admins control over the "w
SmartPhonesEnlarge/ The iPhone 7 and 7 Plus. (credit: Andrew Cunningham)Apple has just released its earnings report for the fourth quarter of fiscal 2016, which runs from the beginning of July to the end of September. As has been the case for the last two quarters, iPhone sales were down year-over-year, and that decline combined with sliding sales fEarly Tuesday, Chinese smartphone OEM Xiaomi unveiled its most ambitious smartphone ever, the Xiaomi Mi Mix. If you think smartphone design has stagnated, one look at this will tell you there is so much more that could be done with the familiar form factor. Xiaomi has created a phone with bezels so small it has a 91.3 percent screen-to-b
TabletsEnlarge (credit: Sam Machkovech)For over a decade, I have split my computer use into two discrete categories: highly mobile and highly powered. It's traditionally been a two-device equation, at least with budgetary considerations in mind.That use case hasn't really changed, but my path to it has. Case in point: I can write and edit articles onEnlarge/ These are just Nokia/HMD's feature phones, but smartphones are coming in 2017. (credit: Nokia)Nokia is back! Today the brand's new owners, HMD Global Oy and Nokia, announced the finalization of a 10-year licensing deal that was announced six months ago. HMD Global has also launched a new website introducing itself to the world, and&md
Latest IT News
Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1
Enlarge/ The iPad Air 2 and Mini 4. (credit: Andrew Cunningham)Apple's Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won't work without…
USB Killer, yours for $50, lets you easily fry almost every device
Last year we wrote about the "USB Killer"—a DIY USB stick that fried almost everything (laptops, smartphones, consoles, cars) that it was plugged into. Now the USB Killer has been mass produced—you can buy it online for about £50/$50. Now everyone can destroy just about every computer that has a USB port. Hooray.The commercialised USB Killer…
At least 10 million Android users imperiled by popular AirDroid app
Enlarge/ AirDroid's example imagery. For at least the past six months, a popular remote management app available in the official Google Play Store has opened tens of millions of Android users to code-execution and data-theft attacks when they use unsecured networks, researchers said Thursday.AirDroid, which has been downloaded 10 million to 50 million times from the…
DirecTV online-only plan has many of your local sports teams covered
Enlarge (credit: Getty Images | Alexander Rhind)For cable and satellite TV customers who want to cancel and switch to online streaming, the shortage of local sports has long been a major drawback. But regional sports networks that air your local baseball, basketball, and ice hockey teams are starting to come to online streaming services, and AT&T's DirecTV…
Microsoft shareholders express fear that the company is abandoning mobile
Microsoft CEO Satya Nadella. (credit: Microsoft)At its annual shareholder meeting yesterday, some Microsoft shareholders were more than a little concerned about the company's mobile strategy, or if it even had one, reports GeekWire.The meeting, which started with a request to "silence all Windows Phones and devices," gives the company's owners a rare opportunity to grill…