Hackers can remotely steal fingerprints from Android phones

ZDNet reported on how hackers can remotely steal fingerprints from Android phones.

The attack, which was confirmed on the HTC One Max and Samsung’s Galaxy S5, allows a hacker to stealthily acquire a fingerprint image from an affected device because device makers don’t fully lock down the sensor.

Making matters worse, the sensor on some devices is only guarded by the “system” privilege instead of root, making it easier to target. (In other words: rooting or jailbreaking your phone can leave you at a greater risk.) Once the attack is in place, the fingerprint sensor can continue to quietly collect fingerprint data on anyone who uses the sensor.

“In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things,” Zhang said. And that’s a big problem. Fingerprints might be commonplace in mobile payments and unlocking devices, but they have been used more in the past five years also for identity, immigration, and for criminal records.

Fault lies firmly with the device makers. Food for thought for people who like to root their Android devices.

Apple Pay competitor CurrentC may not launch until next year

Re/code reported on Apple Pay competitor CurrentC possibly not launching until next year.

CurrentC, the payments app being created by a consortium of big retailers known as MCX, may not launch widely this year as originally planned, MCX CEO Brian Mooney told Re/code in an interview on Tuesday. The company will begin a public pilot of its app in Columbus, Ohio, in a few weeks and will not rush a wider rollout if the product is not ready, he said.


MCX attracted a bunch of attention last year when two of its member merchants, CVS and Rite Aid, shut down support for Apple Pay after briefly accepting it as a payment option. On Tuesday, though, Rite Aid said it would start accepting Apple Pay later this month, and other MCX merchants such as Best Buy have announced plans to accept Apple Pay later this year. MCX members had signed exclusivity agreements which prevented them from accepting competitive wallets, but those expire this month — so it’s quite possible we will hear about other MCX retailers choosing to accept mobile wallets other than CurrentC.

One more reason not to use CurrentC.

Bubble Cloud Widget + Wear brings a stylish launcher to Android Wear

Android Central reported on Bubble Cloud Widget + Wear.

Convenience is the name of the game when it comes to Smartwatches, but at times getting to the app you need quickly can be a hassle in Android Wear. Bubble Cloud Widgets + Wear is a launcher that brings you gorgeous icons for all of your apps within swiping range. You’ve also got tons of options, and choices to personalize how everything looks and behaves.

If you haven’t seen it yet, check it out below.

I see it every time I raise my wrist.

HTC trading below cash leaves smartphone brand with no value

Bloomberg reported on HTC trading below cash leaves smartphone brand with no value.

A 60 percent plunge in HTC Corp.’s stock this year pushed its market value to below its cash on hand. That means investors were effectively saying the smartphone maker’s brand, factories and buildings were worthless.

HTC’s market price fell Monday to NT$47 billion ($1.5 billion), below the NT$47.2 billion cash it had at the end of June. A drop of as much as 9.8 percent in its stock before a late rally signaled investors put no value on the rest of the company.

“HTC’s cash is the only asset of value to shareholders,” said Calvin Huang, who has a NT$46.50 price target on the stock at Sinopac Financial Holdings Co. in Taipei. “Most of the other assets shouldn’t be considered in their valuation because there’s more write-offs to come and the brand has no value.”

Another victim in the race to the bottom.

Hackers exploit Flash vulnerability in Yahoo ads

The New York Times reported on hackers exploiting Flash vulnerability in Yahoo ads.

For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday.

The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.

“Right now, the bad guys are really enjoying this,” said Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack. “Flash for them was a godsend.”

Firefox users got lucky.

Inside the sad, expensive failure of Google+

Mashable reported on the sad, expensive failure of Google+.

Google’s effort to build a social network to rival Facebook began with a bold, company-wide yell. Now Google appears to be winding down Google+ with barely a whimper.

This week, four years and one month after launching Google+ with the stated mission to “fix” online sharing, Google announced it would eliminate a much-criticized requirement to use a Google+ account when signing on to other Google services like YouTube. The move is the clearest indication yet that Google is ditching its playbook of trying to push everyone in the world use its social network.

I have moved away from Google+ for quite some time, pushing articles to it to share to followers but nothing more than that.

The security flaw Google built into Android

MIT Technology Review reported on the security flaw Google built into Android.

When security problems are discovered in Microsoft’s Windows operating system, or Apple’s mobile or desktop equivalents, those companies can push out an update to affected computers. You get a message telling you to install the update, direct from the company who made the software. In the case of Microsoft’s Windows 10, being released Wednesday, such updates are automatic and mandatory for home users. (This model doesn’t always work perfectly—Apple, for example, has been accused of being too slow to roll out important security patches.)

Google can’t push you an update for Android. It hands out the operating system to device manufacturers for free. They get to tinker with it to add features or apps of their own and are the only ones—along with cellular carriers in some cases—that can push updates to the devices they sell. Google does bind companies that use Android with some restrictions (for example to do with using its app store) but doesn’t require them to push out security updates quickly.

What’s a possible solution?

Google’s desktop operating system, Chrome OS, has a much smarter design when it comes to security updates. They download in the background and install themselves. Many security engineers at Google surely wish they could do the same with Android. But the way Google has established Android’s business model makes that unlikely. Device makers and carriers appear to prioritize their own businesses and independence from Google above keeping their customers’ devices secure. Expect more news of worrying Android security holes that won’t be fixed.

Either you live with it, keep up with the newest Android phones that come with the latest OS software, or walk away.

Samsung glamour days over as it fights to save mobile market share

Reuters reported on Samsung’s fight to save mobile market share.

Behind Samsung’s reality-check is the fact it is stuck with the same Android operating system used by its low-cost competitors, who are producing increasingly-capable phones of their own.

“The writing has long been on the wall for any premium Android maker: as soon as low end hardware became ‘good enough,’ there would be no reason to buy a premium brand,” said Ben Thompson, an analyst at Stratechery.com in Taipei.

It’s a race to the bottom for Android makers. It is not something surprising. We just need to look at the PC market to expect what the trend would be like.

Microsoft posts record loss as it writes down Nokia

Reuters reported on Microsoft’s record loss as it writes down Nokia.

Microsoft Corp reported a $3.2 billion quarterly net loss, its biggest ever, as the company wrote down its Nokia phone business and demand fell for its Windows operating system.

No big deal. It’s just $3.2 billion loss. I mean, look at Apple, they are in trouble with a record $7.7 billion profit.

Apple reports record third quarter results

Jim Dalrymple reported on The Loop reported about Apple’s record third quarter results.

Apple on Tuesday reported a third quarter profit of $10.7 billion on revenue of $49.6 billion. This compares to revenue of $37.4 billion and net profit of $7.7 billion in the year ago quarter.

$10.7 billion but people think Apple is losing it.