Samsung creates world’s first monitor with inbuilt wireless charging

Samsung has introduced the SE370, the first monitor with an inbuilt wireless charging pad

Samsung has created a computer monitor with an inbuilt wireless charging pad in what it claims is a world first.

The SE370 monitor is available in 23.6-inch and 27-inch versions, with the charging pad positioned at the base of its stand. All Qi-enabled devices, including Samsung, HTC and Sony smartphones, can be charged using the monitor. Apple is the only major smartphone manufacturer not to offer wireless charging capabilities within its devices.

Placing an enabled device on the pad triggers it to start charging automatically, removing the need to plug in a cable.

The new Samsung SE370

Samsung has released several wireless charging pads previously, but the SE370 is the first time the technology has been integrated into an existing product.

Wireless charging pads use transmitter and receiver coils to generate a magnetic field which induces a voltage in the receiver coil. The voltage can then power a smartphone or recharge its battery simply by resting a phone on the pad. Once placed on the pad, a notification pops up to alert the user the device is charging.

The monitor is fully compatible with the forthcoming Windows 10, has a 178 degree viewing angle and a resolution of 1920 x 1080.

The company has yet to announced UK pricing and availability.

The charging pad is positioned at the base of the stand

Samsung’s monitor follows in the footsteps of Ikea’s range of wireless charging furniture, announced at this year’s Mobile World Congress in February. The range integrates subtle white charging pads into lamps for the floor and table, two desks and two bedside tables.

Many branches of Starbucks and McDonald’s across the UK also carry wireless charging spots built into their surfaces.

Tagged , , , , , , , , , , ,

OnePlus 2: everything you need to know

All the rumoured features, specs, pricing and availability news for the forthcoming OnePlus 2 smartphone

The OnePlus 2 smartphone is due for release this week, and with it, what the company claims is the world’s first virtual reality product launch. But what is the OnePlus 2, and should you consider buying one?

The OnePlus 2

The new model is the new flagship from Chinese manufacturer OnePlus, who launched its predecessor the OnePlus One last year.

The 5.5-inch OnePlus One was sold at £229 for 16GB of storage and £269 for 64GB respectively, and ran open source CyanogenMod software based on Google’s Android. It featured a Qualcomm Snapdragon 801 processor with 2.5GHz quad-core CPUs and 1080 HD display, 5MP front-facing and 13MP rear-facing cameras.

The OnePlus One was released last year

Under the hood

Potential buyers were required to obtain an invitation through OnePlus’ website before they were able to buy it, with the first 100 handsets offered as part of a “Smash” promotion where people were invited to destroy their existing phone for a chance to buy a One for just $1. Even now, the site is the only point of purchase for the handset.

The OnePlus 2 was announced in January this year, and will also require an invitation to purchase.

What are its specs like?

In an act of uncharacteristic transparency for the smartphone market, OnePlus has confirmed numerous hardware specifications for the new handset. The OnePlus 2 will sport dual SIM capacity, a fingerprint sensor inbuilt into the home button, a USB Type-C charging port (the first flagship device to do so), and an octa-core 64-bit Qualcomm Snapdragon 810 v2.1 processor. It will also have 4GB of RAM. No pricing details have been announced yet, but it’s a safe bet they’ll be similar to the OnePlus One.

Revealing specs ahead of the launch?

Yeah. OnePlus says this is part of their ‘interactive and direct’ marketing strategy, as their marketing budget is extremely small and that releasing information is “more appreciated by our fans than making one big announcement”.

How can I watch the launch event?

The launch event will be broadcast at 2am GMT on Tuesday July 28. OnePlus distributed a select number of custom Cardboard virtual reality headsets to fans to watch the event in real-time 3D VR. If you’re among the lucky few to receive a headset, you can download the VR app on Google Play here, or if you’re sans headset you can watch the event in the launch app anyway.

How can I get an invitation?

Like its predecessor, the OnePlus 2 will initially be available only through invitation. You can acquire an invitation through participation in the company’s various competitions advertised through its social media channels, or by receiving an invitation from an existing OnePlus 2 owner.

You can reserve an invitation by signing up to the reservation list here. At the time of writing, more than 270,000 people have already joined, and the company says it may take up to three weeks until the handset is ready to ship, meaning most will receive theirs around mid-August.

Tagged , , , , , ,

Musk, Hawking, Wozniak: Ban AI warfare, autonomous weapons

More than a thousand researchers, AI experts, and high-profile business leaders say war is getting out of hand and we should ban “offensive autonomous weapons,” lest the world powers wind up in a “military artificial intelligence arms race.”  They would ban AI development for warfare and autonomous weapons that decide who, what, where, and when to fire. They’d draw the line so as to allow remotely operated devices under human control, however, such as drones are now.

The signatories include Tesla CEO Elon Musk, Apple co-founder Steve Wozniak, professor Stephen Hawking, Google DeepMind CEO Demis Hassabis, and about 1,000 others. The letter will be presented at the International Joint Conference on Artificial Intelligence Wednesday in Buenos Aires, according to the Guardian, which first reported the story.

AI as the third deadly revolution in warfare

According to the letter, “AI technology has reached a point where the deployment of [autonomous weapons] is – practically if not legally – feasible within years, not decades, and the stakes are high: autonomous weapons have been described as the third revolution in warfare, after gunpowder and nuclear arms.”

On the one hand, they say, artificial intelligence makes the battlefield safer. On the other, it lowers the risk of going to war, especially for the side that strikes first or has more and better AI weaponry.

Beyond gunpowder and nukes, there have been other big leaps in technology that gave one side an advantage: the machine gun (Gatling Gun) of 1862, poison gas and tanks in World War I, massive aerial bombardment of cities in the 1930s (taking war beyond the front line and to the civilian population), and potentially biological agents. Ironically, Richard Gatling, inventor of the eponymous weapon, was quoted as believing its efficiency would reduce the size of armies and thus the total amount of deaths and suffering. The only way it reduced the size of armies was after a battalion charged the guns.

Some new weapons have been banned or sidelined. Since 1995, blinding lasers have been outlawed.

Differences among the signers

sony-aiboThere is general agreement that an AI/robotic arms race is bad, especially since they make their own decisions, which could lead to the escalation of fighting since both sides can toss more materiel at each other. There are also differences: Hawking and Musk have said, “[AI] biggest existential threat …. [full AI might] spell the end of the human race.” Wozniak on the other hand makes an orthogonal point: Robots can be good for people. They might become akin to the “family pet … taken care of all the time.” If so, Sony needs to bring back Aibo quick.

Generally, the 1,000-plus signatories appear to see a difference between hands-off autonomous weaponry using AI decision-making, and devices such as drones that operate without humans aboard, but controlled from afar (sometimes back in heartland America) by human operators who decide when to push the button.

Already considered by the UN

In April, a United Nations conference meeting in Geneva discussed futuristic weapons, including killer robots. Some world powerhouses were opposed to limits or bans. The UK, for instance, was in opposition because it wasn’t necessary. According to The Guardian, the UK Foreign Office said, “[We] we do not see the need for a prohibition on the use of laws, as international humanitarian law already provides sufficient regulation for this area.”

Right now, advantage accrues to the major powers with big budgets. Over time, smaller countries or rogues-without-states could buy or adapt robots and AI to their own purposes. Unlike work on nukes or chemical weapons, it might be easier to mask their work into AI warfare.

Tagged , , , , , , , , ,

How to stop Windows 10 from sharing your WiFi password

With Windows 10 finally launching this week, we’re going to see a slate of articles discussing the OS’s new features and capabilities. Some of these are significant upgrades compared with what came before, while others could be potentially controversial. One new option, brought over from Windows Phone 8.1, is called WiFi Sense, but its debut on the desktop could be controversial given what the feature does.

WiFi Sense will automatically connect you to detected crowdsourced WiFi networks, acquire network information and provide “additional info” to networks that require it (it’s not clear exactly what constitutes additional info), and can be used to automatically share your WiFi password with your contacts on Facebook, Skype, and Outlook.

That last feature is the potentially controversial one. WiFi Sense is enabled by default inBuild 10240 of Windows 10; if you choose “Express Settings,” Microsoft enables the option and allows your device to acquire WiFi passwords from friends and shares your password with the same group of people. If you choose to leave the function enabled (or turn it on manually, as shown below), it will request permission to connect to Outlook, Skype, and Facebook on your behalf. Other users on your friends list who also run Windows 10 will have their contact information shared with you as well, assuming they also enable the feature.


Microsoft claims that this feature improves security and reduces frustration. Now, instead of painstakingly spelling or writing down passwords for guests or friends, they can automatically acquire them as soon as they come in-range of your home network. The company’s FAQ states:

“When you share Wi-Fi network access with Facebook friends, contacts, or Skype contacts, they’ll be connected to the password-protected Wi-Fi networks that you choose to share and get Internet access when they’re in range of the networks (if they use Wi-Fi Sense). Likewise, you’ll be connected to Wi-Fi networks that they share for Internet access too. Remember, you don’t get to see Wi-Fi network passwords, and you both get Internet access only. They won’t have access to other computers, devices, or files stored on your home network, and you won’t have access to these things on their network.”


In theory, Microsoft could be right, but the company is also creating a de facto database of WiFi information. Elsewhere in the FAQ, Microsoft notes that if you choose to share this information, it’s sent via an encrypted link to Microsoft, who stores the data on their own servers (again in encrypted format). This isn’t as foolproof as it might have once seemed; we’ve covered multiple bugs related to Internet encryption standards in the past nine months.

The other concern we have with WiFi Sense is that the feature has no granularity beyond the service level. I can choose to share or not-share information with Facebook, Outlook, or Skype, but that’s it. If you share your network information with anyone on your Facebook friends list, you’re sharing it with everyone on your Facebook friends list. That’s something Microsoft really ought to have addressed when it brought the feature over from Windows Phone; just because I want to share this kind of data with some people doesn’t mean I want to share it with everyone.

The continued degradation of privacy

The risk of exposing your network connection to ne’er-do-wells on Facebook or is small, but it’s not zero. The bigger issue I want to highlight, though, is how features like this indirectly erode the concept of user privacy and the perceived need for good security practices. This is something we’ve talked about before in relation to Apple, but it’s not just an Apple or a Microsoft problem.

On the one hand, we tell people that they need to secure their data with strong passwords while research shows how passwords are trivial to hack — even many strong passwords can be cracked fairly easily. Services like LastPass promise to offer protection, only to fall prey to hacks in turn. When companies get hacked, whether its Target or LastPass, the consequences of these failures are often trivial. Even Lenovo, which installed one of the most appalling breaches of user-security to ever ship on modern PCs, appears to have come through its Superfish debacle largely unscathed.

This tension is at the heart of all security systems, not merely the online ones. If designing secure systems is difficult, designing secure systems that are both fast and easy-to-use is borderline impossible. Nonetheless, online companies often encourage users to share information that proper security practices say ought not be shared, while the consequences of security breaches for the companies that breach them are so small, it sends the message that hey — privacy and security aren’t really things you need to care about. And it just so happens that this relatively lax attitude towards privacy underwrites the business model of multi-billion dollar corporations, many of whom seek ever-more lenient rules on what they can and cannot do with your personal information.

On a practical level, the risks from WiFi Sense are small. But from a best-practices security standpoint, it’s far from a great idea.

Tagged , , , , , , , , , ,

Altera’s Stratix 10 is a marvel of high-performance FPGA design

Together with Xilinx, Altera has been the other half of the two-party system driving the FPGA arms race forward for many years. Big headlines were made when it was recently announced that Intel would would buy Altera in a $6.7 billion cash deal. Among other things, Intel will be acquiring Altera’s new Stratix 10 chip, a device some are calling “the most significant step forward in high-end FPGAs.”

The chip features the revolutionary HyperFlex core fabric architecture built on the Intel 14 nm Tri-Gate process. This equates to a 2X core performance gain over other high-performance FPGAs at up to 70% lower power. The Hyperflex design addresses some of the issues that come in to play at high GHz frequencies. The primary concern is minimizing the so-called propagation delay — the time it takes a signal to travel from one register to the next. There are two components to propagation delay, the logic or gate delay, and the routing or wiring delay.

Normally, one might try to speed things up by widening the buses to move more things in parallel. The downside is that a much larger die is generally needed, and it also consumes more power. Instead, Altera focussed on the routing delay by simply adding more registers. The key is that their ‘hyper-registers’ can be associated not only with each routing segment on the chip, but also with the other amenities like DSP and embedded memory. Unlike general registers, hyper-registers also include the option to be bypassed.

On the design end — not the chip design itself, but rather the design that the user burns into the chip — this bypassing feature allows optimal register location to be automatically programmed in after the ‘place-and-route’ step. The place-and-route is typically what the designer does after creating the circuit (the set of logic elements together with the netlist connecting them), by popping the logic and connections into their desired places and pins on the chip.

Some other features that caught our eye include the integrated quad-core 64 bit 1.5 GHz ARM Cortex-A53 hard processor system, and 10 TFLOPS of IEEE 754 compliant single precision floating point DSP. The heterogeneous 3D System-in-Package (SiP) integration also sounds cool, although I am not really sure what all that entails. It must be good, because with up to 5.5 million logic elements the chip claims itself to be the highest density highest density FPGA fabric available.

Clearly not business analysts, we have nonetheless noted that only a few companies have so far availed themselves of Intel’s 14nm process, with Altera being one of the majors. Apparently, Intel has indicated they will be integrating FPGAs into future Xeon products to add some processor customization capability. Gaining access to Altera’s technology at a deeper level should definitely complement the FPGA packaging services that Intel already provides for customers.

Tagged , , , , , ,

A security flaw in Steam let anyone change your password

Did you experience any unexpected activity on your Steam account last week? Well, it seems that there was a majorsecurity flaw in Valve’s password reset feature that allowed anyone to reset your password — even without access to your email. The accounts of numerous popular streamers were compromised for a short period, and Valve is left looking incredibly foolish.

If you forget your Steam password, Valve normally sends you a one-time-use code over email that you can use to reset your password. However, it was discovered last week that Steam wasn’t actually checking to verify that your code was valid. If you simply refrained from entering anything during the authentication step, the client would still allow you to reset the password.

Sounds bad, right? It certainly was a massive mistake, but thankfully, there were a fewsecurity measures in place that kept this from escalating even further. First, if you use Valve’s multi-factor authentication (dubbed “Steam Guard”), unauthorized parties still couldn’t log into your Steam account without access to your email account. Second, Valve imposes a five-day freeze on item trading after a password reset. So even if the Russian mob changed your password, they couldn’t transfer your valuable Team Fortress 2 hats to a different account.

Valve has since fixed this flaw, and reset the passwords on any accounts with suspicious activity from July 21st through July 25th. It’s good to see Valve respond quickly to the problem, but how was this allowed to happen in the first place?

Mistakes are bound to happen with any complex system, but shouldn’t a company of this scale have automated testing in place — especially when account security is involved? This wasn’t just a small typo or an improperly implemented style sheet — this was a major vulnerability that just about anyone with an internet connection could exploit. And if a company as security savvy as Valve could let this happen, who knows how many banks and online retailers have similarly glaring flaws just waiting to be found? Just thinking about it makes me nauseated.

The security team at Valve has a lot to think about right now, but end-users should focus on just one thing: multi-factor authentication. It’s certainly not the be-all, end-all of account security, but it’s an incredibly effective tool for repelling attacks based on compromised passwords. Whenever possible, you should turn on multi-factor authentication. The peace of mind is absolutely worth the extra 30 seconds of delay.

Sadly, some massive consumer-facing companies like Amazon and Sony still don’t offer multi-factor authentication, and that’s a real shame. Maybe now is a good opportunity to contact support, and request that multi-factor authentication be implemented ASAP. With enough feedback, maybe they’ll finally straighten up, and fly right.

Tagged , , , , ,

[Remake] 950M phones at risk for ‘Stagefright’ text exploit thanks to Android fragmentation

Well, this isn’t exactly what we expected to wake up to: Joshua Drake of Zimperium zLabs says a simple text message hack could put 950 million Android phones at risk, he said to Forbes, in what could be one of the most serious exploits ever to hit the mobile OS — with only devices running Android 2.2 or older not affected by it.

The bug is part of Stagefright, a piece of code in Android that plays back media in MMS (multimedia message). All a hacker needs to do is send an MMS containing the exploit to the phone number of an Android device, which would let him or her write code to it and access any part of the phone that Stagefright has permissions for.

Drake says he originally told Google about the exploit back in April and sent patches to fix the bugs. “Basically, within 48 hours I had an email telling me that they had accepted all of the patches I sent them, which was great,” he said to NPR. “You know, that’s a very good feeling.” The problem is, Android OS is notoriously difficult to update unless your carrier and phone vendor both play ball and coordinate a patch rollout.

Adrian Ludwig, Android Security’s lead engineer at Google, told NPR, “The flaw ranks as high in their hierarchy of severity; and they’ve notified partners and already sent a fix to the smartphone makers who use Android, [but] whether it gets put into people’s phones is not in Google’s hands.”

This is what happens when you put OS updates in the hands of companies that would rather sell you a new device than spend the effort patching the one you have, especially when there are hundreds and hundreds of different models out there, each with their own custom code on top of Android and woven into it in various fashions. Patching it will be a nightmare, and will depend entirely on how each manufacturer and carrier approach and resolve the problem individually.

Android market share

Here’s why: According to, as of June 1, Android 4.4 (KitKat) remains the most popular version of Android, even though it’s two iterations back, at 39% of the market. Coming in second is Android 4.2 Jelly Bean with 17.5%, followed by Android 4.1 Jelly Bean with 14.7%. Android 5.0 and 5.1 Lollipop, the two newest versions, are only on 11.6 and 0.8% of devices in the wild, respectively. And that’s just the OS itself; trying to patch individual forks of each version of that OS from Samsung, Sony, LG, Motorola, ZTE, Huawei, HTC, and other vendors are a different story entirely, not to mention whatever bloatware and other customizations each carrier adds to the OS on top of that.

Collin Mulliner, senior research scientist at Northeastern University, said in the interview, “In this case Google is not the actual one to blame. It’s ultimately the manufacturer of your phone, in combination possibly with your carrier…If you can save money by not producing updates, you’re not going to do that. Since the market is moving that fast, it sometimes doesn’t make sense for the manufacturer to provide an update.”

Google has yet to respond publicly to the news of the exploit.

Tagged , , , , , ,

Facebook to scale up free mobile Internet service to boost usage

Facebook Inc plans to scale up its service to offer free basic Internet on mobile phones, an executive said, after introducing the application in 17 developing countries over the past year.

In a blog post released to mark the first year of the initiative, Facebook said it will open a portal allowing any mobile operator to offer the service under its platform. Facebook currently partners with specific operators to launch the service in different countries. has brought over 9 million people online over the past year, Chris Daniels, vice president of product for, told Reuters on Monday. Facebook developed the platform with six technology partners to bring an estimated 4.5 billion unconnected people online, mainly in Latin America, Asia and Africa.

It offers pared-down web services for free to users, along with access to Facebook’s own social network and messaging services.

Facebook’s blog post said that over the past year, the service had bought new users onto mobile networks on average over 50 percent faster and that more than half the people using are paying for data to access the wider Internet within 30 days.

“This is really a customer acquisition tool for mobile operators where the benefit to them of offering a very light amount of free data is to bring on more paying subscribers to their networks,” Daniels said, speaking over phone from Nairobi, where he is attending a summit.

Facebook was not paying for any of the data being used to access the service, he said.

The application, launched in India in February in partnership with Reliance Communications, faced backlash with a number of leading technology and Internet firms pulling out of the service after activists claimed it violated the principles of a neutral Internet.

“I would say India is unique in that respect and very much an outlier. In other markets, has been embraced as a pro-connectivity initiative that has garnered a lot of support,” Daniels said.

A committee of the telecoms ministry set up to examine the issue of net neutrality earlier this month recommended that collaborations between mobile operators and content providers that enable “gatekeeping” roles should be discouraged.

Tagged , , , , , , ,

Where can Microsoft’s Windows Phone go from here?

With its biggest hardware gamble a failure and Windows 10 about to arrive, the software maker is pressed to prove what it can achieve in the phone business.

Taking a look at Microsoft’s mobile device strategy, it’s a wonder the company hasn’t just given up.

The Redmond, Washington-based tech giant was a pioneer of the smartphone industry, creating software that powered phones years before Apple’s iOS or Google’s Android. Microsoft has recast its plans numerous times, including with the release of Windows Phone in 2010, a highly regarded software that powered phones few people actually bought.

Then, in early 2014, the company bought the handset business of Nokia, its largest partner and at one time the largest phone maker in the world. If Microsoft couldn’t get users to flock to Windows Phone on their own, the company hoped buying its biggest device partner might do the trick and help establish its place in the pantheon of phone makers. But in the end, it seems Microsoft has plowed billions of dollars into a business that just hasn’t succeeded.

The list of failures is long: Microsoft’s software is used by less than 3 percent of smartphone owners. The world’s largest app developers continue to focus their efforts on iPhones and Android devices. Microsoft’s Nokia assets have been written off to the tune of $8.4 billion, driving Microsoft’s largest quarterly loss in its history last Tuesday. The company has also laid off a majority of the 25,000 employees that came from Nokia.

So why isn’t Microsoft throwing in the towel? Even industry experts don’t know.

“They’ve fallen flat on their faces with this thing,” said Roger Kay, an analyst at Endpoint Technologies Associates. “If they make more mistakes and do it badly, there’s no reason to believe they could recover from here.”

A Microsoft spokesperson was not available for comment over the weekend.

Plugging away

Microsoft CEO Satya Nadella says the company has not given up on the phone business.

“I am committed to our first-party devices, including phones,” Nadella said in a statement earlier this month. The company has plans to continue making low-cost handsets, phones for business users and so-called flagship devices — gadgets that can go head to head with Apple’s iPhone or Samsung’s Galaxy phones — under its Lumia line, the well-known brand name that Microsoft picked up from Nokia.

What Nadella really meant, though, is that the phone business is a critical part of Windows 10, its upcoming software for PCs, tablets, video game consoles and, yes, smartphones. Microsoft will release Windows 10 on July 29 and later this year will roll out mobile overhaul of Windows Phone, officially called Windows 10 Mobile.

“We are moving from a strategy to grow a standalone phone business to a strategy to grow and create a vibrant Windows ecosystem that includes our first-party device family,” he said. In that sense, phones for Microsoft are less a tool for competing against phone makers and more a necessary appendage, even if it keeps costing the company money.

That’s because Windows 10 — scheduled for launch on Wednesday — will be the star across all Microsoft businesses from PCs to Xbox One to, yes, mobile devices. The company has put a lot of effort into making Windows 10 attractive for users and software developers. One of its key features is that it looks similar, no matter what device you use. For software developers, it’s easy to write an app once, and it will work on anything that runs Windows with just a few tweaks.

This approach is practical, said Gartner analyst Steve Kleynhans, and allows Microsoft to focus on the “areas where it is successful, and where it does have a footprint.”

Apps won’t simply look the same. Microsoft wants customers to feel like apps are capable of running on any device. That means if you plug your smartphone into a PC monitor, for example, it could be used as a desktop computer — with apps that recognize the larger screen. The feature, called Continuum, is one of the few key areas that sets Windows 10 Mobile apart from competitors’ offerings.

“If I really could have a phone that talks and becomes a full-blown PC with all the capabilities, that has an appeal to a certain class of users,” Kleynhans said. This scenario offers a glimpse into how Microsoft could position its phone platform: as the powerhouse piece of software for handling tasks that competitors’ products just cannot.

“Maybe there’s something they can do with a phone to appeal to a certain type of user, rather than heading out into the broad market and getting crushed,” Kleynhans said. “If they’re going to see any success, they have to come up with similar unique capabilities.”

Rethinking the approach

If phones are a sinking ship, Microsoft does have a few lifeboats.

Under Nadella, Microsoft has begun relying on alternative strategies to gain a foothold in mobile. Since introducing Office for iPad in February 2014, Microsoft has moved away from selling software with a price tag, to a point — and is now initially giving its products away for free.

Microsoft offers Word, PowerPoint and Excel free for devices running Apple’s iOS and Google’s Android software. There’s a method to Microsoft’s madness.

If you’re already using Word on your iPhone, the thinking goes, you’re more likely to pay for Office 365, the company’s subscription service that offers access to the desktop versions of the full Office suite. In effect, the approach is an extension of the “freemium” model, where software makers offer users a taste of what their products can do, in the hope that consumers will pay for more features later.

“Windows and Windows devices are an on-ramp to those Microsoft services,” said Kleynhans. “But it’s not the only way to get there. They’ll make it available on the other platforms as well — a Web browser, iOS, Android, even a Mac.”

Microsoft last week said consumers last quarter signed up for 3 million new Office 365 subscriptions — for a total of 15.2 million.

Should I stay or should I go?

But the question remains: Why would Microsoft stay in the phone business after such a costly blunder?

“What was the definition of insanity?” Kay asked. As the saying goes: It’s doing the same thing over and over and expecting different results. Yet Kay said this is what Microsoft’s phone group is doing: “Why keep beating a dead horse?”

One reason might be the fact that the hardware business isn’t dead yet. Microsoft sold 8.4 million Lumia phones in its last quarter, and tens of millions of non-Lumia phones in the low-end device market. That means there are a not insignificant number of Windows Phone users out there who expect some kind of support from Microsoft.

The company has tried to keep up appearances by continuing to shine the spotlight on its mobile efforts at high-profile tech conferences like its Build developers confab. At the most recent Build in April, Microsoft promised developers the opportunity to move iOS and Android apps over to Windows Phone with easy-to-use software.

The hope is that the next wave of must-have apps that follow in the footsteps of messaging service Snapchat, which is still not available on Windows Phone, and ride-hailing software maker Uber don’t skip over Microsoft’s platform when they hit the scene.

That kind of inertia is exactly what has kept Microsoft in the phone market, despite a long string of failures. If there’s just one or two valid reasons to stay at it, said Kay, then that’s enough for Microsoft executives.

“If you don’t have a phone, you’re behind the times,” he said. “All the growth is in the phone.”

Tagged , , , , , , , , , ,

Most Android phones at risk from simple text hack, researcher says

Last year, more than 1 billion Android devices shipped around the globe. Security firm Zimperium says this vulnerability could affect 95 percent of them.

A security research company claims to have found a vulnerability baked into Android that could endanger nearly all devices running the popular mobile software.

The flaw, says researcher Zimperium, exists in the media playback tool built into Android, called Stagefright. Malicious hackers could take advantage of it by sending to an Android device a simple text message that, once received by the smartphone, would give them complete control over the handset and allow them to steal anything on it, such as credit card numbers or personal information.

So far, Zimperium told National Public Radio, the flaw has not been exploited, but in a blog post on its own website, it said that 95 percent of Android devices worldwide are vulnerable.

And that is potentially a lot of phones. In 2014, over 1 billion Android devices shipped worldwide, according to researcher Strategy Analytics, which expects the number to rise in 2015 and beyond. Zimperium called Stagefright the “mother of all Android vulnerabilities.”

Google’s Android software has been highly susceptible to security flaws for years, in part because of the open design that makes it popular as an alternative to Apple’s iOS, the software that underlies the iPhone and iPad. In the first quarter, 99 percent of mobile malware targeted Android devices, according to security firm F-Secure.

And fixes to Android can take time to get to people’s smartphones as those updates ripple through various phone makers and wireless service providers.

Zimperium said it discovered the issue in April and promptly informed Google.

A Google spokeswoman said that those intermediaries are armed with the patches they need to safeguard devices, though she did not offer specifics on which were ready to push those changes through, or when that might happen.

“The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device,” the Google spokeswoman said. “Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.”

How the vulnerability gets exploited

The malware that would exploit the Android vulnerability hides inside a short video sent to a person’s phone number, according to NPR, which reported on the bug Monday. As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control.

Exactly when the device might be exploited depends on the messaging platform a person employs. Those using the standard Messenger app built into Android would need to open the text message (but not necessarily watch the video) to fall victim to the trap. Those who are running Google’s Hangouts app to handle text messaging, however, need not even open the application, according to Zimperium. As soon as Hangouts receives the text, it processes the video and the hacker is in. (The Google’s Play app marketplace says Hangouts has been downloaded between 1 billion and 5 billion times.)

To compound the threat to Android devices, Google is largely powerless when it comes to actually getting patches to users. Phone makers including Samsung, LG and Huawei, as well as wireless carriers, all have control over how updates are sent to products.

Once Android is bundled into a product, it’s typically been modified by those third parties. When security updates are required, Google can only send out a patch and after that, it’s up to the phone maker or carrier to push those updates to phones.

Acknowledging that Android has become a destination for malware, Google in June announced a rewards program that pays researchers cash for finding bugs and holes that may be exploited in the operating system. Google has offered similar rewards programs to researchers for years with great effect. The company has doled out rewards to researchers who find flaws or security vulnerabilities in its Chrome browser and other software. In 2013, one security expert going by the name Pinkie Pie earned $50,000 for finding a particularly nasty bug in Chrome. Last year alone, Google paid out over $1.5 million to security researchers finding flaws in Chrome and other Google products. In total, the company has paid out $4 million since its bug bounties started in 2010.

Zimperium, which sent a patch to Google that the Android maker has accepted, told NPR that he estimates only 20 percent to 50 percent of Android devices currently in the wild will actually get the updates due to vendors being slow to react — if they react at all.

While Zimperium says the risks are high for Stagefright to be exploited, and it’s possible that malicious hackers will soon take advantage of the flaw, Android device owners have been dodging at least some malware. In April, Google issued a report claiming that malware installs on Android devices fell by 50 percent in 2014. By the end of the year, Google said that fewer than 1 percent of all Android devices had “potentially harmful applications” installed on them.

According to Zimperium’s blog, it will show exactly how Stagefright works and can be exploited at the Black Hat hacker conference in Las Vegas, which starts August 1.

Zimperium did not immediately respond to a request for comment.

Tagged , , , , , , ,

Get every new post delivered to your Inbox.

Join 39 other followers