HTC Scrambles to Fix Android Smartphone Flaws

 

In an effort to mollify widespread concerns over security vulnerabilities in its Android smartphones, HTC has stated that it's working hard on a security update to resolve the problem.

The vulnerability was due to logging tools HTC introduced when updating its smartphones, the Android Police blog stated.
These tools apparently collect information such as a list of user accounts, phone numbers from the phone log, SMS data and system logs.
Further, network information, CPU information, and detailed information on processes running and on installed apps is exposed.
The software does no harm to customers' data, according to HTC's public relations agency, Waggener Edstrom, but there is a vulnerability that could potentially be exploited by a malicious third-party application.
HTC is working on a security patch that will first be sent to carrier partners for testing and then sent over the air to customers to download and install.
"It would appear that a few HTC phones contain a logging mechanism that exposes sensitive user data to an app that requests only permission to access the Internet," Tim Wyatt, principal security engineer for Lookout Mobile Security, told TechNewsWorld.
"HTC is aware of the issue but has not announced how or when they intend to address it," Wyatt continued.

It's All In The Timing

Speed is of the essence in resolving this issue, as the vulnerabilities appear to be extremely dangerous.
In a previous discussion with TechNewsWorld on mobile security, Trusteer CEO Mickey Boodaei said that Google (Nasdaq: GOOG) and Apple (Nasdaq: AAPL) should be able to react very quickly to new vulnerabilities and attacks in the field.
That speaks to the situation with the HTC smartphones as well.
An app requesting a single "android.permission.Internet" gains access to a multiplicity of data, according to Trevor Eckhart, who discovered the vulnerabilities. Theoretically, it may be possible to clone a device using only some of the data an app gathers in response to a single "android.permission.Internet" request.
Android offers security through a permission mechanism that restricts what operations a particular process can perform.
The "android.permission.Internet" request is normal for any app that connects to the Web or shows ads, the Android Police blog said.
"This is another reminder that our mobile phones are computers too," Lookout's Wyatt said. "As we build apps, create custom firmware or make changes to the OS, everyone in the mobile ecosystem needs to take the proper precautions to confirm information accessed on these devices is used and stored securely."

Don't Worry, Be Happy

HTC's attempt to gather information on what owners of its devices are doing is not unusual. Carriers use such information to better monetize their services. However, the problem may lie in the tools it created and loaded onto its smartphones.
The company's advice to owners of its smartphones is to use caution when downloading, using, installing and updating applications from untrusted sources.
It also points out that third party malware apps exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws, though that may not be much of a deterent to hackers.
HTC said that it has not learned of any owners of its smartphones having had their devices hacked so far.
What can smartphone device owners do to protect themselves?
Like other mobile security vendors, Lookout suggests users set a password, download a security app, use discretion when downloading apps and make sure they only download apps from sites they trust.
content: technewsworld

Dell launches Alienware Aurora gaming rig

Alienware, Dell's subsidiary responsible for designing gamer-centric PCs, has updated its lineup of desktop PCs with the Alienware Aurora R4. Like all Alienware offerings, the specs are customizable with the Aurora R4 offering a choice of Intel Core i7 3000-series six-core CPUs, dual high-end GPUs from AMD or NVIDIA and up to four HDDs or SSDs. It's also equipped with liquid CPU cooling, active venting and an easily openable micro ATX chassis with external and internal lighting, while the famous alien head logo serves as a power button.

Poetically touted as "a serenade to raw gaming power," the new arrival is the successor of a couple of units unveiled back in 2009. At the heart of the new offering are Intel's factory overclocked high-end i7 CPUs running at 3.9 - 4.2 GHz, up to 16 GB of Quad Channel DDR3 memory, as well as a choice of powerful GPUs which can be configured with AMD Radeon HD 6870, HD 6950, NVIDIA GeForce GTX 560 Ti, GTX 580, or GTX 590. Up to four hard drives are placed in specifically designed bays allowing quick and easy access. You can choose SSDs, or RAID technology.
Single or dual DVD/Blu-ray burners are located on the front and covered by a drop-down lid. The internal cooling is enhanced via active venting that utilizes fins on the top of the chassis that open and close automatically depending on thermal conditions inside. The rig is powered by a 875-Watt power supply designed to accommodate future upgrades.

According to Alienware, the upgrading of the Aurora R4 and its maintenance is user-friendly and hassle-free with toolless entry to the case thanks to the use of clips instead of screws. The Alienware designers have assumed that Aurora's owners may wish to open the case often not only to upgrade its components, but simply to show off the rig's insides to their fellow geeks. Thus, there's some automatic lighting powered by a separate rechargeable battery that turns on when you take off the side of the chassis even when the PC isn't connected to mains power. This is also designed to allow users to upgrade or service the unit without having to wedge a torch in between their teeth.
The outer lighting is composed of eight different "alien effect" zones around the chassis and it's user-customizable via special software. What's more, the company says the lighting works with over 20 different games to offer synchronization with in-game events.
The new Alienware Aurora R4 is currently listed on Dell's website, starting at US$2199 for the base model.
content : gizmag

Haptic code-entry makes PINs a touch harder to steal

 

 SHOULDER surfers could be thwarted and ATMs made more secure byallowing customers to enter a tactile PIN via their smartphone instead of using the normal keypad.

The basic problem with traditional PINs and passwords is that when used in a public space they can easily be observed, says Andrea Bianchi at the Korea Advanced Institute of Science and Technology in Daejeon.

So he and his colleagues have developed a range of touch-based code-entry systems which aim to prevent prying eyes from getting a look in. They hinge on allowing phones to communicate securely with ATMs, such as by using near-field communication readers, so smartphones could be used instead of the highly visible keypads.

The team has explored two main approaches, says Bianchi's colleague Ian Oakley at the Madeira Interactive Technologies Institute at the University of Madeira in Funchal, Portugal. "In one approach you try to recognise what you feel and with the other you count what you feel." In a system called PhoneLock, for example, alphanumeric icons on a smartphone touchscreen are replaced with a set of up to 10 different tactile cues known as tactons. "They're the touch equivalent of icons," Oakley explains.

The tactons, which are easy to distinguish from each other, are placed in a circular grid that is divided into several radial segments so that when the user moves their finger over a segment the vibrate motor in the device will vibrate in a specific pattern depending on which tacton is there. All the user has to do is feel the different segments until they find the right one in a sequence they have remembered and then press an icon at the centre of the circle to enter it.

In another approach, called SpinLock, the user is presented with a circular wheel, much like the click-wheel on old iPods. This works like the dial of a old-fashioned combination safe, but with the user running their finger around it in one direction until they have felt the appropriate number of clicks in a sequence, before running it in the other direction.

Although it takes longer to enter a PIN like this, any observer would be unable to reproduce it because the tacton positions are randomised, says Oakley. This could make it more secure to make online purchases on mobile devices or punch in an access code to gain entry to a secure area.

"It's a very novel approach," says Paul Dunphy, a researcher at Newcastle University, UK, who has looked at ways of making PINs more secure. One potential weak spot is the possibility that a would-be hacker could use microphones to pick up the faint buzzing sounds produced when a tacton is activated, he said. The team's alternative approach - using audio feedback through headphones instead of tactile cues - could avoid such attacks. The work was presented last week at the OzCHI conference in Canberra, Australia.

The Text Message/SMS Turns 19 Years Old

According to Wikipedia, the first SMS text message was sent over the Vodafone GSM network in the United Kingdom on 3 December 1992, from a man named Neil Papworth using a personal computer to Richard Jarvis of Vodafone using an Orbitel 901 handset.

The text of the message was “Merry Christmas”.

The technology behind the SMS text is 27-years old, having first been developed in the Franco-German GSM cooperation in 1984 by Friedhelm Hillebrand and Bernard Ghillebaert. It was then, eight years later, that the “Merry Christmas” text was sent.
The Text Message turns 19 years old todaySince then, SMS technology has come a long way to dominant the current mobile messaging scene. In 2010, SMS texts generated $114.6 billion in revenues worldwide, but many believe it’s just the beginning. Experts estimate that mobile networks will earn $726 billion from SMS text messaging over the next five years. So while smartphone applications like GroupMe and services like Apple’s iMessage start to make up larger slices of the text messaging field, SMS is not giving up its mobile messaging throne anytime soon.
Now, it’s time to send a happy birthday text!

content - techspark

Mobile Phone Brain Cancer Link Rejected

Further research has been published suggesting there is no link between mobile phones and brain cancer.
The risk mobiles present has been much debated over the past 20 years as use of the phones has soared.
The latest study led by the Institute of Cancer Epidemiology in Denmark looked at more than 350,000 people with mobile phones over an 18-year period.
Researchers concluded users were at no greater risk than anyone else of developing brain cancer.
The findings, published on the British Medical Journal website, come after a series of studies have come to similar conclusions.

credits : techpark.net