Google’s own researchers challenge key Google PR on Android

Ars Technica reported on Google’s own researchers challenging key Android security talking point.

Throughout the resulting media storm, Google PR people have repeatedly held up the assurance that the raft of stagefright vulnerabilities is difficult to exploit in practice on phones running recent Android versions. The reason, they said: address space layout randomization, which came to maturity in Android 4.1, neutralizes such attacks. Generally speaking, ASLR does nothing to fix a buffer overflow or similar software bug that causes the vulnerability in the first place. Instead, the defense vastly decreases the chances that a remote-code-execution attack exploiting such bugs will succeed. ASLR does this by loading downloaded scripts in a different memory location each time the operating system is rebooted. If the attacker can’t locate the malicious code, the exploit results in a simple crash, rather than a game-over hack.

On Wednesday, Project Zero researchers tested a home-grown stagefright exploit on a Nexus 5 device running an Android 5.x version. The results showed that at best, ASLR will lower the chances their exploit will succeed. Meanwhile, Joshua Drake, the security researcher who first disclosed the critical vulnerabilities in the code library, said Android ASLR does even less to prevent a new custom exploit he has developed from working.

CNET blocks content from people who block ads

Dave Mark wrote on The Loop about CNET blocking content from readers using ad-blockers.

One more reason not to visit CNET.

Secondly, that they would make such a move speaks a lot about the amount of traffic that iOS brings to their site.

How to hack an Android phone

Business Insider reported on hacking an Android phone by typing in a really long password.

The vulnerability, discovered by John Gordon, is easy to exploit: simply open the phone’s “Emergency Call” feature, type a few characters and the repeatedly copy-and-paste them. The pasted text becomes longer and longer — Gordon’s reaches over 160,000 characters — and, as such, harder for the phone to handle.

Next, open the camera app which causes the phone to ask for a password into which the 160,000 character string is pasted. After a few minutes the phone restarts, booting straight to the unlocked home screen.

Apple’s iPhone keeps going its own way

Farhan Manjoo wrote on the New York Times about how Apple’s iPhone keeps going its own way.

You can expect Apple’s proportion to grow. As analysts at Credit Suisse explained in a note last week, only about 30 percent of the world’s 400 million iPhone users have upgraded to the large-screen models Apple introduced last year. Apple is bound to reap more money as the majority of its users inevitably jump to big phones over the next few years. In other words, for the foreseeable future, Apple stands virtually alone: It may be the only company making any money selling phones.

What’s driving the iPhone’s escape from the trap of commodity hardware is that it is more than a hardware device. Instead, an iPhone is a tightly integrated mix of hardware, great software, and several pretty good services rolled into a single gadget.

Something for the Apple naysayers to ponder upon.

How Apple built 3D Touch

Bloomberg reported on how Apple built 3D Touch.

But in lieu of the usual polite deflection, Federighi picked up an iPhone 6S and explained one of 3D Touch’s simpler challenges: “It starts with the idea that, on a device this thin, you want to detect force. I mean, you think you want to detect force, but really what you’re trying to do is sense intent. You’re trying to read minds. And yet you have a user who might be using his thumb, his finger, might be emotional at the moment, might be walking, might be laying on the couch. These things don’t affect intent, but they do affect what a sensor [inside the phone] sees. So there are a huge number of technical hurdles. We have to do sensor fusion with accelerometers to cancel out gravity—but when you turn [the device] a different way, we have to subtract out gravity. … Your thumb can read differently to the touch sensor than your finger would. That difference is important to understanding how to interpret the force. And so we’re fusing both what the force sensor is giving us with what the touch sensor is giving us about the nature of your interaction. So down at even just the lowest level of hardware and algorithms—I mean, this is just one basic thing. And if you don’t get it right, none of it works.”

Long but good read.

Microsoft is downloading Windows 10 to PCs, even if you don’t “reserve” a copy

Ars Technica reported on Microsoft downloading Windows 10 to PCs, even if you don’t “reserve” a copy.

According to The Inquirer, the situation was first reported by an anonymous reader who claimed to have discovered a hidden directory called $Windows.~BT on his computer, despite not opting in for a free upgrade to Windows 10. The directory weighed in at “3.5GB to 6GB,” according to the reader.

“I thought Microsoft [said] this ‘upgrade’ was optional. If so, why is it being pushed out to so many computers where it wasn’t reserved, and why does it try to install over and over again?” he told the outlet.

Aggressive.

New Android ransomware locks out victims by changing lock screen PIN

Ars Technica reported on a new Android ransomware that locks out victims by changing lock screen PIN.

Dubbed Android/Lockerpin.A, the app first tricks inexperienced users into granting it device administrator privileges. To achieve this, it overlays a bogus patch installation window on top of an activation notice. When targets click on the continue button, they really grant the malicious app elevated rights that allow it to make changes to the Android settings. From there, Lockerpin sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.

“After clicking on the button, the user’s device is doomed,” Lukas Stefanko, a researcher with antivirus provider Eset, wrote in a blog post published Thursday. “The trojan app has obtained administrator rights silently and now can lock [the] device—and even worse, it set[s] a new PIN for the lock screen. Not long after, the user will be prompted to pay a $US500 ransom for allegedly viewing and harboring forbidden pornographic material.”

Why would a developer be able overlay a notice?

Premium Android hits the wall

Charles Arthur wrote about Premium Android hitting the wall.

“Premium” Android is getting torn apart, piranha-style. Cheaper phones from Chinese companies such as Xiaomi, Huawei, OnePlus, and Oppo are taking away their high-end Chinese business. Slowdowns in developing countries (notably south America) are killing sales there.

And in the west, there isn’t the same appetite for continued upgrades that there was; people are upgraded out. Does the Galaxy S6 really offer anything special over the S4 or S5? If anything, Samsung has pared back on both the software and hardware features – it doesn’t have some of the weird things where you waved hands to scroll screens, nor the microSD card and removable battery that a number of previous Samsung buyers liked. As I said before, Samsung must know how many people actually use the removable battery. But maybe that’s like buying a car with airbags: you don’t expect to need them, you just want to know they’re there in an emergency.

[…]

I don’t think the crash in premium Android sales is a one-off. The competition from low- and mid-priced devices is fierce now, and yet these companies don’t seem to be putting any clear blue water between them; they’re not offering anything better than they did a year ago.

Case in point: Samsung’s Galaxy Note 5 has a smaller battery, also non-removable, than last year’s Note 4; and no SD card – which has pissed off some former Note buyers. How does that compete against the Xiaomis and Oppos and OnePlus phones of this world, which are much the same spec for less? Or even the iPhone 6 Plus, which has a better-adapted app store, and costs less?

Samsung is getting squeezed on both ends. Trying to be the premium Android brand isn’t and won’t work unless Samsung tries to be innovative instead of attempting to be an Apple clone.

A backwards S-Pen can permanently damage the Galaxy Note 5

Ars Technica reported on how a backwards S-Pen can permanently damage the Galaxy Note 5.

The right way to dock the S-Pen into the device is to slide the pointy end in first, but if you slide the blunt end in first, the S-Pen will get jammed in the device. The spring mechanism that holds the pen in will clamp down on the wrong end of the S-Pen and won’t let go. It is possible to wiggle the pen free from the spring’s hold, but when we tried it, the S-Pen detection features stopped working.

Normally on the Note 5, removing the S-Pen when the screen is off will launch a quick note taking app, and removing it when the screen is on will launch the radial S-Pen menu. After putting the S-Pen in backwards and wiggling it out, all of these features stopped working.

We can see that they put in a lot of thought into the design of the device.

Two weeks with the Apple Watch

I wrote on my blog about my thoughts on Apple Watch after two weeks with it. The most common comment I come across is how people worry about the watch’s battery.

Battery life: Battery life information can be relegated to a glance instead of occupying a space on the watch face. It’s not turned on for any watch face by default. I put it in to help me gauge the average battery life. When I remove the watch to charge it just before I sleep, the battery is usually around 40-45%. On days of heavier usage, I ended up with 35-40% battery. I believe that concerns about the watch’s battery life are unfounded. You’ll only run out of battery if you forget to charge it, or if you are fiddling with the watch all day.

The watch charges very quickly. It took less than an hour to go from 35% to 100%. So even if you really forgot to charge the watch before you sleep, you can still get it fully charged in the morning.