Security

The Internet of Compromised Things 62

An anonymous reader writes: Jeff Atwood has a post about a security threat that's becoming more prevalent every day: spreading malware through a compromised router. "Router malware is the ultimate man-in-the-middle attack. For all meaningful traffic sent through a compromised router that isn't HTTPS encrypted, it is 100% game over." He links to a thorough technical analysis of how even HTTPS encrypted traffic can be subverted. Atwood provides a list of suggestions for keeping your router safe that probably won't be any surprise to people reading this site, and he further recommends only browsing on an unknown router if encryption is available. What I'm curious about are the long-term implications — is there a way forward to re-establish trust in our router infrastructure? What can the open source community do to speed this along?
Crime

At Black Hat: Square Reader To Credit Card Skimmer In 10 Minutes 62

New submitter arit writes with word that three recent Boston University grads have demonstrated at Black Hat software and hardware attacks on the Square Reader used by many mobile vendors to process credit card transactions. One of the attacks converts a standard reader into an efficient credit card skimmer (conference slides) with very little effort. Always keep Scott Adams' object lesson in mind.
Portables

NVIDIA Recalls Shield Tablets Over Heat Risk 27

An anonymous reader writes: NVIDIA has issued a recall for 88,000 units of its 8-inch Shield tablet sold in the past year. Predictably, it's because of the battery. There have been reports of overheating, including two reports that the tablet got so hot it damaged the floor it was resting on. Oddly, the company is requiring anyone returning the tablet to update its OS to the latest release.
Google

The New Google Glass Is All Business 45

An anonymous reader writes: Google scrapped an early version of its smart glasses in January, but has developed another model just for businesses. The company hopes to get this newest version of Glass in the hands of healthcare, manufacturing and energy industry professionals by this fall. Recode reports: "The new model can fold up like a traditional pair of glasses and is more rugged for outdoor use. However, unlike most other smart glasses, it still sports a small screen to the upper right of the user's vision, rather than displaying an image in the center of one's view like the ODG R7 or Microsoft HoloLens."
Bug

Honeywell Home Controllers Open To Any Hacker Who Can Find Them Online 85

Trailrunner7 writes: Security issues continue to crop up within the so-called "smart home." A pair of vulnerabilities have been reported for the Tuxedo Touch controller made by Honeywell, a device that's designed to allow users to control home systems such as security, climate control, lighting, and others. The controller, of course, is accessible from the Internet. Researcher Maxim Rupp discovered that the vulnerabilities could allow an attacker to take arbitrary actions, including unlocking doors or modifying the climate controls in the house.
Software

Apple Watch Still Waiting On App Developers 213

An anonymous reader writes: It's been almost three months since the Apple Watch launched, and the tiny device hasn't taken people's wrists by storm. That's not to say it's a failure — experts estimate Apple has sold between three and five million of them, and we may get more detailed sales information during their earnings call, tomorrow. But many major app developers are still missing from the Watch's catalog, and Apple doesn't have a good way of roping them into the new section of its ecosystem. "I don't know if we could get it all in there in a way that feels good and works well," said a Facebook executive. "Why would you look at a small picture when you can look at a large one on your phone?" said Snapchat's CEO. The app rush that hit phones and tablets is dampened for the Watch. For now, all Apple can do is improve their development toolkit and hope coders can figure out useful new wrist-based interactions.
Open Source

Virtual Reality Tech and Openness 25

An anonymous reader writes: An article written by Kyle Orland looks at how the nascent virtual reality industry will handle openness — in terms of standards, platforms, source code, and development. "Whether any single VR platform is 'open' or not, though, may be moot if developers have to juggle countless slightly different development standards for countless slightly different VR platforms. In a way, making a PC game that only works on the Oculus Rift is as ridiculous as making a PC game that only works on Dell monitors." Right now, the major players in VR tech are using different approaches. Oculus is distributing a closed-license SDK. Valve is setting up a more open platform that lets multiple manufacturers build devices for it. The downside is that it doesn't seem to work as well, particular with Oculus hardware. Oculus founder Palmer Luckey says standards are going to take time and cooperation. Of course, that tune may change when devices start hitting the market.
Cellphones

Nokia Wants To Make Phones Again 111

An anonymous reader writes: Nokia has indicated that it's interested in returning to the phone-making business. In a post on the company's website, spokesman Robert Morlino explains that although they sold their devices business to Microsoft last year, they're still interested in the phone industry. They're not capable of building their own devices, and it looks unlikely that they'll be able to build a new hardware section in a reasonable time frame. Instead, they're looking for a partner to build the actual phones (and support them). Nokia would contribute design and branding. All that said, their deal with Microsoft prevents them from getting back into the phone business until Q4 2016, so we won't be seeing Nokia phones soon either way.
Security

Stanford Starts the 'Secure Internet of Things Project' 77

An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, and other internet-connect gadgets installed in their houses. The security of those devices has been an obvious and predictable problem since day one. Manufacturers can't be bothered to provide updates to $500 smartphones more than a couple years after they're released; how long do you think they'll be worried about security updates for a $50 thermostat? Security researchers have been vocal about this, and they've found lots of vulnerabilities and exploits before hackers have had a chance to. But the manufacturers have responded in the wrong way.

Instead of developing a more robust approach to device security, they've simply thrown encryption at everything. This makes it temporarily harder for malicious hackers to have their way with the devices, but also shuts out consumers and white-hat researchers from knowing what the devices are doing. Stanford, Berkeley, and the University of Michigan have now started the Secure Internet of Things Project, which aims to promote security and transparency for IoT devices. They hope to unite regulators, researchers, and manufacturers to ensure nascent internet-connected tech is developed in a way that respects customer privacy and choice.
Cellphones

iPhone 6S New Feature: Force Touch 191

New submitter WarJolt writes: Apple is adding Force Touch to their iPhone 6S and iPhone 6S Plus. I'm not sure if Force Touch enough to convince an Android user like myself to switch, but there are definitely some interesting possibilities for app developers. A challenge for App developers will be to make apps compatible with both Force Touch iPhones and non-force touch iPhones. (Here's the Bloomberg report Forbes draws from.)
Apple

AppleCare+ Now Covers Batteries That Drop To 80% 152

Mark Wilson writes with news that Apple's AppleCare+ plan has been updated to address one of the biggest worries that people have about products with non-removeable batteries, and that become very expensive paperweights when the juice runs out. From BetaNews: "Previously, the extended warranty only covered batteries that would hold 50 percent charge or less. Now this has been updated so that you can request a free replacement within the coverage period if your device's battery is only able to hold 80 percent of full charge. The new terms to no apply to everyone — it all depends on when you bought your Apple device. If you bought your iPhone, iPad, iPod or Apple Watch before April 10, 2015, you're stuck with the old terms. I wish this change applied to my MacBook Air, with which I'm lucky to get 90 minutes of battery power.
Earth

Big-Data Animal Tracking As an Eye On Life and Planet 28

New submitter Thoe writes: As published in Science Magazine and covered by The Washington Post, the continued evolution of animal tracking through various technologies combined with Big Data analytical techniques is driving a push into the "Golden Age" of remote tracking of animals and the environment.

From the abstract: "The unique perspective offered by big-data animal tracking enables a new view of animals as naturally evolved sensors of environment, which we think has the potential to help us monitor the planet in completely new ways. A massive multi-individual monitoring program would allow a quorum sensing of our planet, using a variety of species to tap into the diversity of senses that have evolved across animal groups, providing new insight on our world through the sixth sense of the global animal collective." (Full disclosure, yes, my brother is one of the publishers.)
Cloud

Aura: Harnessing the Power of IoT Devices For Distributed Computing 56

An anonymous reader points out that a computer science research team from the University of Alabama has put together a new architecture called "Aura," which lets people make use of excess computing power from various smart devices scattered throughout their homes. Ragib Hasan, the team's leader, says this scheme could be integrated with smartphones, letting you offload CPU-intensive tasks to your home devices. He also anticipates the ability to sell off excess capacity — like how people with solar panels can sometimes sell the excess energy they harvest. Alternately, they could be allocated to a distributed computing project of the homeowner's choice, like Seti@home. Of course, several obstacles need to be solved before a system like Aura can be used — smart devices run on a variety of operating systems and often communicate only through a narrow set of protocols. Any unifying effort would also need careful thought about security and privacy matters.
Businesses

Santander To Track Customer Location Via Mobiles and Tablets 130

New submitter raburton writes: Santander (one of the biggest banks in Europe) slipped a little note on the corner of my latest statement saying they intend to start collecting "location or other data" from mobiles and tablets that their customers own, from 1st July 2015. There is no link to further information about the policy, or any suggestion you can opt out of it. The stated aim is of course to "prevent and detect fraud", but once they have the data (and they'll probably keep it for a long time) they, or anyone who can gain access to it, can do whatever they like with it. In this day and age I find it hard to take any assurances to the contrary very seriously. Is this kind of policy common practice with banks elsewhere?
Handhelds

UW Researchers Prototype Sonar-Based Contactless Sleep Monitoring 40

n01 writes: Researchers of the University of Washington are testing the prototype of their ApneaApp to diagnose sleep apnea, a health problem that can become life-threatening. To monitor a person's sleep, the app transforms the user's smartphone into an active sonar system that tracks tiny changes in a person's movements. The phone's speaker sends out inaudible sound waves, which bounce off a sleeping person's body and are picked back up by the phone's microphone. "It's similar to the way bats navigate," said Rajalakshmi Nandakumar, lead author and a doctoral candidate in the UW's department of computer science and engineering. "They send out sound signals that hit a target, and when those signals bounce back they know something is there." In technical terms, the app continuously analyzes changes in the acoustic room-transfer-function (sampled at ultrasonic frequencies) to detect motion. This is very similar to what the iPhone app Sleep Cycle Sonalarm Clock does, except that the UW researchers have improved the sensitivity of the method so it can precisely track the person's breathing movements which allows it to not only detect different sleep phases but also sleep apnea events. The advantage in both use cases is that the sleep monitoring is contact-less (there's nothing in the user's bed that could disturb their sleep) and doesn't require any additional hardware besides the user's smart phone.
Displays

210 Degree VR Headset With 5K Display Revealed By 'Payday' Developer Starbreeze 79

An anonymous reader writes: Starbreeze Studios has taken wraps off of StarVR, a new VR headset with dual displays comprising a 210 degree horizontal field of view with a total resolution of 5120x1440. The headset's origins come from InfinitEye, a company working on a super-wide dual-display headset back in 2013, which went into stealth mode for quite some time before being reborn as StarVR in partnership with Starbreeze Studios. The studio is the developer behind the Payday franchise, Brothers: A Tale of Two Sons, and now Overkill's The Walking Dead, which will have a VR component utilizing the new headset.
Portables

Surface Pro 3 Handily Outperforms iPad Air 2 and Nexus 9 204

An anonymous reader points to an interesting comparison of current tablets' peformance, as measured with the Geekbench benchmarking tool, which boils down various aspects of performance to produce a single number. The clear winner from the models fielded wasn't from Apple of Samsung (Samsung's entrants came much lower down, in fact), but from Microsoft: the i5-equipped Surface Pro 3, with a Geekbench score of 5069.; second place goes to the Apple iPad Air 2, with 4046. The Nexus 9 rated third, with 3537. One model on the list that U.S. buyers may not be familiar with is the Tesco Hudl 2, a bargain tablet which Trusted Reviews seems quite taken by.
Security

Samsung, LG Smartwatches Give Up Personal Data To Researchers 46

An anonymous reader sends word that security researchers have been able to extract personal information from a pair of smartwatches: the LG G Watch and the Samsung Gear 2 Neo. The G Watch gave up calendar information, pedometer data, and the user's email address, while the Gear 2 Neo gave up health data, emails, messages, and contact information. The researchers said it wasn't very difficult to get the data, in part because it wasn't encrypted. "The Gear 2 Neo uses Samsung's Tizen operating system, while the LG G Watch is one of several models that uses Google's Android Wear operating system. The researchers obtained the data both by poking through the watches' files and finding traces of watch activity on the Samsung Android smartphone to which they were linked. The researchers also have begun testing the Apple Watch."
Hardware Hacking

Pi Stays Sky High In 2015 Hacker SBC Survey 32

DeviceGuru writes: The results from the 2015 Hacker SBC Survey cohosted by LinuxGizmos.com and the Linux Foundation's Linux.com community site have just been announced and, not surprisingly, RPi won two of the top three slots. With 1721 voting in the survey, the ten most popular single board computers turned out to be the Raspberry Pi 2 Model B, Beaglebone Black, Raspberry Pi Model B+, Odroid-C1, DragonBoard 410c, Odroid-XU3, Parallella, Arduino TRE, Edison Kit for Arduino, and Odroid-U3. The report includes scores for all 53 SBCs that were listed in the susrvey, along with data on feature preferences, targeted applications, and the nature of participants' use of [SBCs], and more.
Linux Business

Linux Kernel 4.1 Will Be an LTS Release 46

New submitter prisoninmate writes: The Linux Foundation's LinuxLTSI (Long-Term Support Initiative) group has confirmed on Twitter that the next LTS version of the Linux kernel will be 4.1. The information has also been confirmed by Greg Kroah-Hartman, a renowned kernel developer who is currently maintaining several kernel branches, including a few LTS ones. When Linux kernel 4.1 is released, it will become the LTS version of 2015 and the most advanced long-term support release. This is significant because the LTSI releases are (or will be) everywhere, in a "Linux is everywhere" sense. As the initiative's page puts it, "The LTSI tree is expected to be a usable base for the majority of embedded systems, as well as the base for ecosystem players (e.g., semiconductor vendors, set-vendors, software component vendors, distributors, and system/application framework providers). ... The goal is to reduce the number of private trees currently in use in the CE industry and encourage more collaboration and sharing of development resources."

Slashdot Top Deals