A Little Fan That Fixes the Turbocharger’s Biggest Problem

from Wired Top Stories http://ift.tt/2oPD32U

Game of Floods Is Like Settlers of Catan, Only It’s About Surviving Climate Change

from Wired Top Stories http://ift.tt/2pbzLdY

An Obscure App Flaw Creates Backdoors In Millions of Smartphones

For hackers, scanning for an open “port”—a responsive, potentially vulnerable internet connection on a would-be victim’s machine—has long been one of the most basic ways to gain a foothold in a target company or agency. As it turns out, thanks to a few popular but rarely studied apps, plenty of smartphones have open ports, too. And those little-considered connections can just as easily give hackers access to tens of millions of Android devices.

A group of researchers from the University of Michigan identified hundreds of applications in Google Play that perform an unexpected trick: By essentially turning a phone into a server, they allow the owner to connect to that phone directly from their PC, just as they would to a web site or another internet service. But dozens of these apps leave open insecure ports on those smartphones. That could allow attackers to steal data, including contacts or photos, or even to install malware.

“Android has inherited this open port functionality from traditional computers, and many applications use open ports in a way that poses vulnerabilities,” says Yunhan Jia, one of the Michigan researchers who reported their findings at the IEEE European Symposium on Security and Privacy. “If one of these vulnerable open port apps is installed, your phone can be fully taken control of by attackers.”

Port of Call

To determine the full scope of the port problem, the Michigan researchers built a software tool they call OPAnalyzer (for Open Port Analyzer) that they used to scan the code of around 100,000 popular apps in the Google Play app store.

They found that 1,632 applications created open ports on smartphones, mostly intended to allow users to connect to them from PCs to send text messages, transfer files, or use the phone as a proxy to connect to the rest of the internet. Of those, they identified 410 as potentially having no protection or only weak protection—such as a hardcoded password that can be derived from the code and used by any hacker—meant to control who can access those open ports. And of that subset, they manually analyzed 57 that they confirmed left ports open and exploitable by any hacker on the same local Wi-Fi network, another app on the same device (even one with restricted privileges), or more disturbing, a script that runs in the victim’s browser when they merely visit a website.

And that may just be a partial list of exploits, says Zhiyun Qian, a computer scientist at the University of California at Riverside who has followed the Michigan researchers’ work. When a phone’s IP address is publicly visible on the internet—a situation that depends on whether the phone is connected to Wi-Fi and the user’s carrier—the attacker can simply scan for open ports from anywhere, and start attacking that vulnerable phone. In those cases, “this is completely, remotely exploitable,” says Qian. “It’s definitely serious.”

Of the 57 apps they identified as the most vulnerable to the open port attacks, two struck the researchers as particularly dangerous. One app with more than 10 million downloads called Wifi File Transfer allows users to connect to an open port on their phone via Wi-Fi, and access files like photos, application data, and anything stored on the phone’s SD card. But Jia says that due to the app’s lack of any authentication like a password, an intruder who connects to that open port can also get full access to the same sensitive files. “That’s intended functionality for the user, but because of that poor authentication it allows anyone to do it,” Jia says.

The researchers also point to AirDroid, a similarly popular app with an eight-digit number of downloads, designed to allow users full control of their Android phone from their PC. Researchers found that AirDroid had an authentication flaw that also lets malicious intruders access ports. But in AirDroid’s case, that flaw only allowed for the hijacking of existing connections. To perform the attack, malware on the phone would likely have had to intercept the user’s attempt to establish that legitimate connection. And when the Michigan researchers say that AirDroid’s developers patched the problem quickly after being notified.

The developers behind Wifi File Transfer, by contrast, haven’t fixed their app’s security problem even after the researchers contacted them, Michigan’s Jia says. WIRED reached out several times to Smarter Droid, the company that makes the app, but didn’t get a response.

‘The User Can Do Nothing’

In the videos below, the researchers demonstrate attacks on two other apps, PhonePal and Virtual USB, both of which Jia says remain vulnerable. Neither has nearly as many downloads as Wifi File Transfer, however—Virtual USB has less than 50,000, and PhonePal has only a few hundred. Neither company responded to WIRED’s request for comment.

Aside from those four apps, the researchers’ full paper details analyses of half a dozen others—several of which are mostly popular in the Chinese market—that are also vulnerable to varying degrees to open port attacks. More than half the 1,632 apps that create open ports on phones have more than 500,000 downloads, the researchers found.

To test just how widespread the most vulnerable apps might be, they at one point even scanned their local university network and immediately found devices with open, potentially hackable ports. “That so many developers have made this mistake is already an alarming sign,” says UC Riverside’s Qian. “There will be other apps they haven’t looked at, or that other people build in the future that will have the same problem.”

The notion that smartphone apps can open ports and leave them vulnerable has come to light before: In late 2015, the Chinese company Baidu revealed that a software development kit it had developed left open ports on devices where it was installed. Other major Chinese businesses, including Tencent and Qihoo, had already adopted the code, affecting more than 100 million users in total. After Baidu’s admission of the vulnerability the vulnerable apps all released security fixes.

Clearly, though, the problem of open ports in mobile devices persists. And the Michigan researchers suggest that fixing it will require developers to think twice before they open a gaping entry point in your device for remote hackers. “The user can do nothing. Google can do nothing,” says Jia. “The developer has to learn to use open ports correctly.”

Of course, there actually is one thing you can do: Uninstall the vulnerable apps like Wifi File Transfer that the researchers name. You may lose the convenience of moving files to and from your mobile device at will. But you’ll lock out the unwelcome guests who’d use that convenient backdoor, too.

Go Back to Top. Skip To: Start of Article.

from Wired Top Stories http://ift.tt/2oE2t8E

This Sick Video Drone Is the Future of Inescapable Advertising 

Advertisers have found ways to bombard us with promotions no matter what we’re doing: watching TV, checking social media, and even when streaming music. But the future of advertising could be even more invasive when the next public event you attend is full of flying video drones projecting inescapable video everywhere you look.

NTT Docomo, one of Japan’s largest wireless carriers, created this unique flying sphere that’s surrounded by eight curved LED strips that can spin at high speed while it’s flying. (As light and thin as LCD displays have become, they’re still relatively heavy for a battery-powered drone to hoist into the air.) This approach can create what is essentially a flying video screen with minimal weight to improve battery life and flight times. The design also allows the drone’s propellers to be hidden inside, so as not to obstruct images or videos being displayed.

The image resolution on this 35-inch-wide prototype is limited to just 144 x 136 pixels—lower resolution than even the Apple Watch’s tiny screen. So if you were hoping one of these drones could follow you around letting you binge on Netflix all day, you won’t have the best experience. But as the technology improves, eventually this flying video drone could reach HD resolutions, and maybe even 4K.

NTT Docomo developed the drone for the upcoming Niconico Chokaigi festival, which celebrates a popular Japanese video sharing site (imagine YouTube having its own version of Coachella) and the telco sees its creation being used at other events like concerts or sporting events as temporary signage, or as part of a larger audio-visual show.

Using overhead floating signs to help direct large crowds of people seems like a generally useful technology, but it’s not hard to imagine NTT Docomo’s cool tech might eventually just turn into flying billboards, reminding you of how much a ‘Share Everything’ plan could be saving you and your family. Go right this way to see your favorite artist… and also ENJOY COCA-COLA!

We’ve seen it happen before, as in the case of New York’s fancy new touchscreen subway maps, or the city’s countless payphones that have been turned into wi-fi hotspots. They both provide useful services but also serve as billboards for advertising. It just gets a lot harder to ignore the ads when they’re playing on a flying drone that’s swooping around your head like a pigeon.

[NTT Docomo via The Asahi Shimbun via Prosthetic Knowledge]

from Gizmodo http://ift.tt/2pmL5Et

Cassini Craft Beams Closest Images Ever Taken Of Saturn

Images from NASA’s Cassini spacecraft shows the closest-ever views of Saturn’s swirled atmosphere and its massive hurricane.

NASA/JPL-Caltech/Space Science Institute

hide caption

toggle caption

NASA/JPL-Caltech/Space Science Institute

Images from NASA’s Cassini spacecraft shows the closest-ever views of Saturn’s swirled atmosphere and its massive hurricane.

NASA/JPL-Caltech/Space Science Institute

NASA’s Cassini spacecraft is giving Earthlings their closest-ever views of Saturn’s swirled atmosphere and its massive hurricane, beaming a trove of images and data back to Earth after the craft made its first dive between Saturn and its rings Wednesday.

Cassini is “showing us new wonders and demonstrating where our curiosity can take us if we dare,” said Jim Green, director of NASA’s Planetary Science Division.

The raw images are being fed into a photo stream on NASA’s website, and while they lack detailed captions and annotations, they provide entrancing views of the planet’s complex atmosphere.

In the maneuver that sent Cassini between Saturn and its rings, the craft went over the planet’s north pole — where it captured the first high-resolution image of the mammoth storm back in 2013. The eye of the storm was measured at more than 1,000 miles wide.

The vortex is swirling inside “a large, mysterious, six-sided weather pattern known as the hexagon,” NASA has said.

As of Thursday morning, more than 100 images had arrived from Saturn. Some show what look to be ethereal blips and blotches against the planet’s swirling clouds. Other images tantalize with patterns of striated clouds and whorls of disturbance.

Cassini captured the images over the past 24 hours — but it couldn’t send them back to Earth until early Thursday, because the craft was using its 13-feet-wide antenna as a deflector shield to protect it from ice and rock particles. Right on schedule, the craft made contact with NASA’s Deep Space Network at the Goldstone Complex in California’s Mojave Desert just before 3 a.m. ET Thursday.

“No spacecraft has ever been this close to Saturn before. We could only rely on predictions, based on our experience with Saturn’s other rings, of what we thought this gap between the rings and Saturn would be like,” said Cassini Project Manager Earl Maize of NASA’s Jet Propulsion Laboratory in Pasadena, California.

All went according to the plan, Maize said, adding that after its dive, the craft that’s now been in space for nearly 20 years “has come out the other side in excellent shape.”

As we reported yesterday, Cassini has now begun what NASA calls its Grand Finale, as it weaves its way between Saturn and its rings in a series of 22 dives that will culminate in what the agency describes as “a science-rich plunge into Saturn’s atmosphere on Sept. 15.”

from NPR Topics: News http://ift.tt/2qa2ez6

Google Bluetooth Headphones With Noise Canceling Stopped at the FCC Today

google anc headphones

A pair of Google-branded Bluetooth headphones with Active Noice Canceling (ANC) stopped off at the FCC today. We didn’t know that Google had such an audio device in the works, but the filing doesn’t really hold anything back. In fact, we have full photos, a user manual, etc. 

The device is listed under FCC ID A4R-S0012B30GGU0H and with a model number of GID5B. A4R is Google’s FCC code, by the way, so these are indeed a Google product.

Those IDs don’t tells us a ton, but we do know that these headphones have a 500mAh battery inside, ANC Button, track and volume buttons, and 3.5mm port. They also feature a microUSB port for charging, which is something. Umm, microUSB, really?

In my opinion, these headphones are also one of the ugliest pairs I’ve seen in some time. Each can is a different shade of black or grey, plus we have unnecessary Google circle logos surrounding power icons on both.

Tough to say if these are coming soon or if Google is just messing around and creating hardware to keep the FCC on their toes. Maybe we’ll know at I/O in a couple of weeks?

google anc headphones

google anc headphones google anc headphones

Via: FCC | reddit

Google Bluetooth Headphones With Noise Canceling Stopped at the FCC Today is a post from: Droid Life

from Droid Life: A Droid Community Blog http://ift.tt/2pzRrRJ

Bose accused of secretly sharing your listening habits

The podcasts and music you listen to can reveal a lot about your personal and political leanings. That’s the basis of a class-action lawsuit filed against Bose, whose wireless headphone and speaker companion app tracks the listening habits of its users. The complaint claims that Bose not only collects, but transmits and discloses its customers’ private music and audio history to third parties and a data-mining company.

The suit notes that while this sort of data can be valuable to Bose, selling it to third-parties represents a "wholesale disregard for consumer privacy rights," as well as violating several federal and state laws.

"Indeed, one’s personal audio selections — including music, radio broadcast, podcast, and lecture choices — provide an incredible amount of insight into his or her personality, behavior, political views and personal identity," the complaint explains.

Bose Connect acts as a companion app to several models of the company’s wireless products, including the well-reviewed QuietComfort 35 headphones. The app provides users with the ability to setup and control parts of their audio experience from a smartphone. During the download and install process, the complaint notes "Bose fails to notify or warn customers that Bose Connect monitors and collects — in real time — the music and audio tracks played through their Bose wireless products. Nor does Bose disclose that it transmits the collected listening data to third parties."

This isn’t the first time a tech company has come under fire around privacy issues. TV maker Vizio settled with the FTC for $2.2 million in February over claims that it analyzed the viewing habits of its users without consent. Personal vibrator maker We-Vibe also settled a lawsuit over privacy concerns and promised to stop collecting user data.

The current lawsuit seeks an injunction to stop Bose from continuing to track personal data and disclose it, as well as actual and statutory damages. We reached out to Bose for a comment on the matter and we will update this post when we hear back.

Via: Fortune

Source: Bose Privacy Complaint (Scribd)

from Engadget http://ift.tt/2o4Wb1t

Notice: Undefined property: wpdb::$is_admin in /homepages/23/d91462540/htdocs/wp-includes/wp-db.php on line 625