The NSA’s plan to ‘hijack’ Android app stores

The NSA hatched a plan that would allow the agency to infect smartphones with malware by hijacking the Google Play and Samsung and the Samsung App Store, according to documents obtained by Edward Snowden.

The documents, dated 2011 and 2012 and published by The Intercept Thursday, outline a plan codenamed “irritant horn”. The plan’s goal: find ways to exploit the connection between smartphones and app stores to allow the NSA — along with its counterparts in Canada, the U.K, New Zealand and Australia — to inject data-collecting malware into users’ phones.

It’s not clear whether the plan was ever carried out; the documents are apparently from internal workshops. But they highlight the security agencies’ interest in finding new ways to hack into individual smartphones.

imageedit_2_3992627251

imageedit_1_8315328538

The documents also suggest that the agencies uncovered security vulnerabilities within UC Browser, an Android browser extremely popular in Asia.

UC Browser apparently makes large amounts of user data accessible, which the documents describe as creating “opportunity where potentially none may have existed before.”

Citizen Lab, a research group out of the University of Toronto, analyzed UC Browser. In its report published Thursday, the lab said it found “a series of major security and privacy issues in the English language and Chinese language editions of the Android version of UC Browser … both versions of the application leak a significant amount of personal and personally-identifiable data.”

The report continued: “Any network operator or in-path actor on the network can acquire a user’s personally identifiable information (including cellular subscriber information, mobile device identifiers, geolocation data, and search queries).”

Advertisements

Next version of Android will let you log into apps with a fingerprint

Say goodbye to remembering long passwords.

The next version of Android — tentatively called Android M — will reportedly include “native fingerprint authentication,” according to a report from BuzzFeed.

With fingerprint authentication baked right into the mobile operating system, users will be to “log in to all of the supported applications on their Android devices without entering a password,” the report states.

Google is expected to announce the feature at its annual Google I/O developer conference that will be held from May 28 to 29 in San Francisco.

iOS users with TouchID-equipped devices know all about the convenience of using a fingerprint instead of entering a password. Not only is it faster, but it’s also more secure.

paypal-finger-scanner-setup-note-4 s6-fingerprint

Fingerprint authentication will require a device with a fingerprint sensor, though. There aren’t many Android devices that have fingerprint sensors right now — the Samsung Galaxy Note 4,S6/S6 Edge and HTC One Max are a few that come to mind — but that will likely change soon.

A fingerprint sensor was originally planned for the Nexus 6, but Google scrapped the feature at the last minute when it couldn’t get a first-class supplier. Apple reportedly gobbled up all of the sensors Google wanted.

In addition to replacing annoying passwords, fingerprints can be used for mobile payments.Apple Pay has already proven to be a hit and Samsung Pay hopes to replicate the same success.

Apple could include a smart home app in iOS 9

Apple may be planning to release a new app designed to manage its partners’ smart home products, which will begin shipping next monthAccording to 9to5Mac, Apple employees are testing versions of iOS 9 that include an app called Home, which allows a user to set up new smart home products, group them into different rooms, connect them to an Apple TV, and find new products to buy. That means the app is largely for setup — seemingly not for actually controlling your home — which ties into how Apple has been positioning its smart home back end, called HomeKit, all along.

Ios9-Features- widget_ios9

It’s entirely possible that Home is an internal testing app that will not see a public release. However, the inclusion of what 9to5Macdescribes as a “series of screens” that allows people to find new smart home apps and products suggests that this could be an app that’s meant to end up in the public’s hands. Apple did not immediately respond to a request for comment.

Apple’s intention is for HomeKit to be a backbone for smart home products, allowing for multiple devices within the same home to connect with each other through iOS. Those devices can all be controlled through Siri and third-party apps, with any given app able to control products from different companies thanks HomeKit. There doesn’t appear to be an Apple app — aside from Siri, if you consider that an app — that can actually be used to control HomeKit products. Even so, people who buy those products are going to need some way to set them up, and a dedicated Home app seems like a logical way to do that. If the app is coming, there’s a good chance we’ll hear about it at Apple’s developers conference, on June 8th.

Nintendo’s mobile gaming move proves the company’s still got it

maxresdefaultIwata began by acknowledging that Nintendo had a difficult time shifting from the wildly popular DS and Wii to their successors, the 3DS and Wii U, which coincided with the rise of smartphones. But although this caused some observers to believe that dedicated gaming consoles would inevitably get cannibalized by mobile devices, Iwata identified a crucial difference between Nintendo and its competitors: that Nintendo produces, by far,the most important content for its various systems.

No one ever calls for Sony to bring Uncharted to the iPhone, or for Microsoft to release Gears of War on Android. But Nintendo has several beloved, long-running franchises that it keeps exclusive to its hardware in the same way, which only heightens the demands for, say,Super Mario Bros. on the iPhone. “We recognize that our business model of producing both video game hardware and software is effective even today,” Iwata said, “and we do not share this pessimistic view of the future for dedicated video game systems.” In other words, while smartphones and tablets may have captured certain casual users that might have bought a Wii or DS were it still 2007, the base of people willing to buy Nintendo hardware to play Nintendo games remains large enough for a sustainable business.

To that end, Iwata confirmed that Nintendo is working on a next-generation dedicated video game platform with a “brand-new concept,” codenamed NX. The release is likely years away — Nintendo says it won’t announce further details until 2016 — but the mention is significant in the context of the DeNA deal. It demonstrates that the company isn’t going to leave its current fans behind, nor is it going to stop focusing on games consoles.

new3dsxl-02

But that doesn’t mean Nintendo can or should ignore mobile devices entirely. “It is structurally the same as when Nintendo, which was founded 125 years ago when there were no TVs, started to aggressively take advantage of TV as a communication channel,” Iwata said today, referencing the company’s earlier decades as a maker of toys and playing cards. “Now that smart devices have grown to become the window for so many people to personally connect with society, it would be a waste not to use these devices.” Mobile gaming has simply become too big to ignore, despite Nintendo’s previous misgivings, and the obvious read is that this represents a major backtrack.

Iwata’s pledge not to port Nintendo games directly to smartphones is hugely significant, though. Much as you may think you want a touchscreen version of Mario Kart 64, such a move would inevitably fail to meet Nintendo’s standards. From the NES D-pad to the Wii remote, Nintendo has consistently tied its control methods to its software design, and crudely cramming legacy software onto a pane of glass was never going to work. “If we cannot provide our consumers with the best possible play experiences, it would just ruin the value of Nintendo’s IP,” Iwata said today.

Instead, Nintendo and DeNA will develop new software from the ground up for mobile devices, which will limit the cannibalization leaves the two companies free to try new business models as well — it’s difficult to sell paid software on iOS and Android these days, even if you are Nintendo. But Iwata downplayed the prospect of using the traditional free-to-play mechanics seen in DeNA games like Rage of Bahamut, Magic & Cannon orFinal Fantasy Record Keeper, even though Nintendo itself has experimented with the style in certain 3DS games.

AP73562600569

Whatever the two companies decide, the partnership is one that makes sense; like Apple’s arrangement with IBM, it benefits two parties that have little overlap but a lot to gain from each other. Nintendo is perhaps the most acclaimed video game developer in the world and has a second-to-none portfolio of IP, but is famously terrible at the internet and has almost no experience working on platforms other than its own. The recent shutdown of Club Nintendo is evidence of this; DeNA and Nintendo are set to launch a new cross-platform membership service this year that will “create a connection between Nintendo and each individual consumer regardless of the device the consumer uses,” in Iwata’s words. The service will also be a “core element” of the upcoming NX platform; if this helps shift Nintendo’s draconian policies toward digital software ownership, it alone will be a massive win for customers.

DeNA, meanwhile, brings an understanding of the mobile market and social gaming that Nintendo has lacked. “DeNA’s expertise lies in, for example, the infrastructure technology that can handle a massive amount of traffic,” CEO Isao Moriyasu (pictured top left) said today. “We are also able to manage live operation by analyzing user activities and quickly reflecting the insight to improve our service.” The company is in need of a hit, though — Japanese games like Mixi’s Monster Strike, GungHo’sPuzzle & Dragons, and Line’s Disney Tsum Tsum have been more popular than anything on DeNA’s Mobage service of late. But what better differentiator than Nintendo property?

Ultimately, the success of this deal will depend on whether Nintendo is able to adapt its peerless development ability to mobile platforms with DeNA’s technical support, and it’s hard to ascertain that without seeing the software first-hand. But I walked away from the press conference today impressed with Iwata’s vision: one which acknowledged Nintendo’s weaknesses, identified its strengths, and detailed a way to alleviate the former without compromising the latter. We won’t get Super Mario Bros. on smartphones — we might get something a lot better.

Windows 10 to launch this summer in 190 countries

win10_windows_startscreen1_print-2-2000x1125Microsoft is planning to release its Windows 10 operating system in the summer. While the software maker isn’t naming an exact date, Windows chief Terry Myerson is committing the company to a summertime launch today. “We continue to make great development progress and shared today that Windows 10 will be available this summer in 190 countries and 111 languages,” says Myerson. Microsoft is making Windows 10 available as a free upgrade for existing Windows 7 and Windows 8 users for a year, and that offer will start this summer.

As part of Microsoft’s upgrade plans, the software maker is partnering with Lenovo and Tencent to offer Windows 10 in China. Lenovo will have Windows 10 upgrade services at 2,500 service centers and some retail stores in China. Tencent is also offering an upgrade pack with a variety of popular apps including QQ. Both partnerships are clear moves by Microsoft to make Windows available in China, and a way to combat issues of software piracy in the region. Microsoft is even offering its Windows 10 upgrade to customers who have non-genuine copies of Windows. That’s a big change to Microsoft’s previous attempts to tackle software piracy in China.

12-inch Retina MacBook Air to ship in Q2, says WSJ

Retina-MacBook-Air-Delayed-Won-t-Be-Shown-at-October-16-Event-Report-462023-2Manufacturers are gearing up to ship Apple’s new 12-inch MacBook Air with Retina display in Q2, according to a new report in The Wall Street Journal. Mass production has already started but it won’t be available to ship in “large quantities” until sometime between April and June. The question is, will it be unveiled during Monday’s Apple Watch event as many hope.

INPUTS ARE SAID TO BE LIMITED

Mark Gurman of 9to5Mac first reported on the 12-inch Macbook Air with a “radically new design” in January. Notably, the “MacBook Stealth” (as it’s called internally) eschews the full-sized USB ports, MagSafe connector, and SD Card slot we’ve grown accustomed to seeing on Apple’s MacBook Air range. Instead, inputs are said to be limited to a reversible USB Type-C port, headphone jack, and dual-microphones. The changes allow for a thinner and lighter body, according to Gurman.

Apple launched the MacBook Air in 2008 and currently sells it in 11.6- or 13.3-inch configurations.

Create a Website That Self-Destructs When Google Indexes It

198969-paranoidni-teorie-spolecenstvi-nemu-7699412718481904316 deep-web the-dark-web-3-638You know we’re dealing with something unusual when we write about a site that we can’t actually link to anymore. Unindexed was an experiment byMatthew Rothberg that created a website which continuously searched Google for itself.

When the site finally discovered itself in the search results, it was permanently deleted. That happened on February 24.

Screen Shot 2015 03 09 at 09.26.30 e1425893254802 Heres how you create a website that self destructs when Google indexes itRotherberg describes Unindexed as “an experiment in the nature of ephemerality and persistence on the Web.” The link to the Uninvited site was shared by word of mouth and postal mail initially.

Visitors were encouraged to contribute posts to the site and share the link with others but warned that how they spread it would effect how quickly Google’s search bots discovered it.

Unindexed survived for 22 days before being indexed and deleted. However, if you want to build you own self-destructing site, Rothberg has shared the code on GitHub.