Mark Wilson writes: Today, Apple launched a new program called Trade Up With Installments, which makes it possible to upgrade to the latest iPhone in a more affordable way. As the name suggests, this is more than a straight trade-in program - upgraders can use the trade-in value of their old handset to reduce on-going monthly costs. This is something that will appeal not only to people with older iPhones who are looking to get their hands on a newer model, but also ex-Android fans. Apple is opening up the program, so Android handsets can be traded in and their value offset against the cost of a new iPhone. Windows Phone handsets are also eligible. Trade Up With Installments is slightly different to the existing iPhone Upgrade Program and trade-in option. After handing over your old handset (be it iOS, Windows Phone or Android powered) for part exchange for a new iPhone, you'll then (assuming you qualify) be extended credit and allowed to pay off the remaining balance over 24 months.

An anonymous reader writes: In response to an FCC rule that requires manufacturers to lock down computing devices (routers, PCs, phones) to prevent modification if they have a "modular wireless radio," TP-Link has begun locking down its routers to prevent firmware not signed by TP-Link from being installed. This essentially prevents open source OSs (OpenWRT, for example) from being used on routers. TP-Link may not be a prestige brand, exactly, but the company makes a lot of routers suitable for installing third-party firmware, precisely the sort of thing being locked down makes difficult if not impossible.

An anonymous reader writes: After Tim Cook's eloquent letter explaining why Apple wouldn't help the FBI get encrypted data from the San Bernardino shooter's iPhone, the internet looked to Google to take a similar stand. Now Google CEO Sundar Pichai has posted five tweets that seem to show he agrees with Cook.
Edward Snowden had previously suggested that Google's silence meant Google had "picked a side, but it's not the public's."

itwbennett writes: Security researchers from vulnerability intelligence firm Risk Based Security (RBS) have found that DVRs from RaySharp and six other vendors have a basic vulnerability: They accept a hard-coded, unchangeable password for the root account. "RaySharp DVR devices provide a Web-based interface through which users can view camera feeds, manage recording and system settings and use the pan-tilt-zoom (PTZ) controls of connected surveillance cameras. Gaining access to this management interface would provide an attacker with full control over the surveillance system," writes Lucian Constantin. RaySharp claims on its website that it ships over 60,000 DVRs globally every month, but the Chinese company also creates digital video recorders and firmware for other companies. The RBS researchers confirmed that at least some of the DVR products from König, Swann Communications, COP-USA, KGUARD Security, Defender (a brand of Circus World Displays) and LOREX Technology, a division of FLIR Systems, contain the same hard-coded root password.

Trailrunner7 writes: Google's position in the Internet world is a unique one. In one or another, the company controls or sees much of the traffic on the network and owns one of the larger computing arsenals on the planet. It's also in control of a decent chunk of the mobile world, thanks to Android's popularity, and securing that ecosystem is a tremendous challenge in both complexity and scope. Google scans more than 2 million apps every week for its 1.4 billion Android users. And it collects a lot of data from its users, of course. Some new data from the company shows that using only the Play store is much safer than using third-party app stores. The data Google has collected shows that users who install apps only from the Play store have far fewer potentially harmful apps installed on their devices than users who also sideload apps.

MojoKid writes: Intel and Micron have been tag-teaming various storage and memory technologies and word on the web is that the fruits of that partnership is a 10-terebyte SSD that's right around the corner. The largest SSD in Intel's stable at the moment is 4TB, which itself is pretty large. However, both Micron and Intel are of the opinion that typical planar NAND flash memory has gone about as far as it can go, and that 3D stacked Flash memory is the future. They've also developed a "floating gate cell" design - a first for 3D stacked memory - resulting in 256Gb multi-level cell (MLC) and 384Gb triple-level cell (TLC) die that fit inside of a standard package. The two companies are targeting gumstick-sized SSDs reaching 3.5TB and regular 2.5-inch SSDs hitting (and even surpassing) 10TB. Apparently that's about to become a reality.

RhubarbPye writes: As reported on NPR, "Engineers in Texas are building a camera that can make a sharp image with no lens at all." By incorporating millions of individual pinholes with photoreceptors and postprocessing software, this camera system has been reduced to minimal thickness. Cameras in the wallpaper? A new phase of wearable cameras? What other applications for this technology could be developed?

An anonymous reader writes: After a couple shot 14 people in San Bernardino, CA before being killed themselves on December 2nd, the authorities recovered a locked iPhone. Since then, the FBI has complained it is unable to break the device's encryption, in a case that it has implied supports its desire for tech companies to make sure it can always have a way in. Today the Associated Press reports that a US magistrate judge has directed Apple to help the FBI find a way in. According to NBC News, the model in question is an iPhone 5c, but Apple has said that at least as of iOS 8 it does not have a way to bypass the passcode on a locked phone.

AmiMoJo writes: Eagerly awaited national energy efficiency standards for the little black boxes on the cords that connect many of our electronics--such as smartphones, computer laptops and electric toothbrushes--to wall outlets take effect this week. Known as external power supplies, or the less elegant term 'wall warts,' these power adapters may be small, but they consume a lot of energy. With 5 to 10 external power supplies in the average U.S. household, the new efficiency standards are projected to save consumers $300 million a year in electricity costs and reduce the carbon pollution that fuels dangerous climate change. The U.S. Department of Energy (DOE) projects that the new standards for external power supplies alone will cut nearly 47 million metric tons of carbon dioxide over 30 years, equivalent to the annual electricity use of 6.5 million homes.

Qualcomm may have been losing steam (and jobs and sales), but it looks like the major telecommunications corporation is back in the lead when it comes to pushing out new LTE technologies. Qualcomm announced today the new Snapdragon X16 modem, which together with the WTR5975 transceiver, boasts Category 16 LTE download speeds of up to 1Gbps. Qualcomm also announced new chips that will power the next generation of wearables. Although you shouldn't hold your breath just yet, the implications could be huge!

An anonymous reader writes: It took 22 months for Trane to patch three security bugs in its ComfortLink II XL950 smart Wi-Fi thermostat product, the ComfortLink II XL950, a modern IoT device along the lines of Google Nest, which offers a simple way to manage your apartment's or building's internal temperature. Researchers contacted Trane about their three issues in April 2014, the company fixed the RCE flaws in April 2015 and recently released a firmware update at the end of January to fix the last issue. During all this time, the company barely answered emails and continued to sell an exposed product.

szczys writes: The Internet of Things is all the hype these days. On one side we have companies clamoring to sell you Internet-Connected-everything to replace all of the stuff you already have that is now considered "dumb." On the other side are security researchers screaming that we're installing remote access with little thought about securing it properly. The truth is a little of both is happening, and that this isn't a new thing. It's been around for years in industry, the new part is that it's much wider spread and much closer to your life. Al Williams walks through some real examples of the unintended consequences of IoT, including his experiences building and deploying devices, and some recent IoT gaffs like the NEST firmware upgrade that had some users waking up to an icy-cold home.

gthuang88 writes: Environmental factors like temperature, humidity, or lighting often derail life science experiments. Now Elemental Machines, a startup from the founders of Misfit Wearables, is trying to help scientists debug experiments using distributed sensors and machine-learning software to detect anomalies. The product is in beta testing with academic labs and biotech companies. The goal is to help speed up things like biology research and drug development. Wiring up experiments is part of a broader effort to create "smart labs" that automate some of the scientific process.

New submitter tetraverse writes: For our most recent IoT adventure, we've examined an outdoor cloud security camera [the Motorola Focus 73] which like many devices of its generation a) has an associated mobile app b) is quick to setup and c) presents new security threats to your network. From the article: This blog describes in detail how we were able to exploit the camera without access to the local network, steal secrets including the home networkâ(TM)s Wi-Fi password, obtain full control of the PTZ (Pan-Tilt-Zoom) controls and redirect the video feed and movement alerts to our own server; effectively watching the watchers.

An anonymous reader writes: Cisco has announced its intention to spend $1.4 billion purchasing startup Jasper Technologies, Inc. which specialises in IoT connectivity. It's the most significant acquisition the tech multinational has made since its purchase of Wi-Fi manufacturer Meraki in 2012. In 2015 Cisco also acquired OpenDNS for $635 million, and with the Jasper acquisition seems committed to securing a major foothold in IoT infrastructure over the next five years.

Trailrunner7 writes: The FBI and other law enforcement and intelligence agencies have warned for years that the increased use of encryption by consumers is making surveillance and lawful interception much more difficult, impeding investigations. But a new study by a group of experts at Harvard's Berkman Center says those claims are largely overblown and that the IoT revolution will give agencies plenty of new chances for clear-channel surveillance.

"We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow. Market forces and commercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves, and the trajectory of technological development points to a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will 'go dark' and beyond reach," the Berkman Center report says.

phlawed writes: USB ports are everywhere. It is very convenient for powering low-power devices, and by using a run-of-the-mill phone charger you can easily get 10+ watts or so. In other words: everyone already has the generic power supply and power cable. No issue with voltage or polarity. Perfect for the hobbyist market.

Another ubiquitous power source (in the enterprise environment) is Power over Ethernet. Active PoE splitters for 12V output are available for ~6-7 USD and up on eBay. With PoE you get networking and power over the same wires, and booting your (possibly borked) PoE device is a matter of instructing the PoE source to cycle the power on that port. (Also, USB chargers with 12V input are available for less than 1 USD on eBay. They are likely all crap, though.)

I am looking for the combination of these two concepts in a compact, affordable, quality product. I found one product offering USB power from PoE. That product appears to have left out Ethernet and has a MSRP of 30 USD. Otherwise, I find PoE wall sockets for a MSRP of USD 100 or more. It appears excessive, given the cost figures of the pieces listed above.

So, if it does not already exist... anyone feel like running with this on your favorite crowdsourcing platform? Any experienced electronics people who can do a back-of-the-envelope calculation for cost of parts and assembly?

An anonymous reader writes: A network administrator in Denmark is requiring users to perform a finger press on a banana to receive their Wi-Fi passwords. "The banana is mounted and in production," he posted Thursday, sharing two pictures. The banana uses a special new circuit board from Makey Makey to form a connection between the banana and a cheap Raspberry Pi computer with a screen attached, according to one technology site. They note that it could also detect finger presses on a doughnut, an apple, or even Jell-o, and offer this quote from the sys-admin about his motivations. "It's fun... It'll make people smile. It beats a static WPA password in funnyness." And most importantly, "When people leave our office, they can't access our WI-Fi because there's no banana to touch." This guy deserves some kind of award, come July 29th.

An anonymous reader writes: Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams. The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores. While IoT manufacturers are to blame, this also highlights the creepy stuff you can do with Shodan these days. At the start of January, Check Point recommended companies to block Shodan's crawlers. The infosec community came to defend Shodan, and even its founder said that Shodan is uselessly branded as a tool of evil, saying that attackers have their own scanning tools.

An anonymous reader writes: Jim Salter has posted an article explaining why it can be a good idea to build your own router, and how he put his together. Quoting: "In the consumer world, routers mostly have itty-bitty little MIPS CPUs under the hood without a whole lot of RAM (to put it mildly). These routers largely differentiate themselves from one another based on the interface: How shiny is it? ... I wanted to go a different route. A lot of interesting and reasonably inexpensive little x86-64 fanless machines have started showing up on the market lately. The trick for building a router is finding one with multiple NICs." Once assembled, the homebrew router blows away even high-end SOHO routers for throughput and performance. "Given that nobody's offering any Internet connections over 200mbps in my area yet, that makes my inner crypto nerd dance with glee. I could literally encrypt every single byte of my Internet traffic, in either direction, without a performance penalty." Of course, it won't do wireless, but you can get separate wireless access points to handle that.