Security

Research Finds Shoddy Security On Connected Home Gateways 88

chicksdaddy writes Connected home products are the new rage. But how do you connect your Nest thermostat, your DropCam surveillance device and your Chamberlin MyQ 'smart' garage door opener? An IoT hub, of course. But not so fast: a report from the firm Veracode may make you think twice about deploying one of these IoT gateways in your home. As The Security Ledger reports, Veracode researchers found significant security vulnerabilities in each of six IoT gateways they tested, suggesting that manufacturers are giving short shrift to security considerations during design and testing. The flaws discovered ranged from weak authentication schemes (pretty common) to improper validation of TLS and SSL certificates, to gateways that shipped with exposed debugging interfaces that would allow an attacker on the same wireless network as the device to upload and run malicious code. Many of the worst lapses seem to be evidence of insecure design and lax testing of devices before they were released to the public, Brandon Creighton, Veracode's research architect, told The Security Ledger. This isn't the first report to raise alarms about IoT hubs. In October, the firm Xipiter published a blog post describing research into a similar hub by the firm VeraLite. Xipiter discovered that, among other things, the VeraLite device shipped with embedded SSH private keys stored in immutable areas of the firmware used on all devices.
Cellphones

Tiny LIDAR Chip Could Add Cheap 3D Sensing to Cellphones and Tablets 62

There are expensive dedicated devices that do 3D scanning (like the high-end tablet in Google's Project Tango), and versatile but bulky add-ons, like the Sense from 3D Systems, but it's not a capability built into the typical cellphone or tablet. That could change, thanks to a microsensor being prototyped now (at low resolution) at CalTech. From The Verge's coverage: The tiny chip, called a nanophotonic coherent imager, uses a form of LIDAR (Light Detection And Ranging) technology to capture height, width, and depth information from each pixel. LIDAR, which shines a laser on the target and then analyzes the light waves that are reflected back to the sensor, are best known for their use in precision-guided missile systems and self-driving cars.

While LIDAR itself isn't new, [project lead Ali] Hajimiri explains that "by having an array of tiny LIDARs on our coherent imager, we can simultaneously image different parts of an object or a scene without the need for any mechanical movements within the imager." Each "pixel" on the new sensor can individually analyze the phase, frequency, and intensity of the reflected waves, producing a single piece of 3D data. The data from all of the pixels combined can produce a full 3D scan. In addition, the researchers' implementation allows for an incredibly tiny and low-cost scanner, all while maintaining accuracy. According to the researchers, the chip can produce scans that are within microns of the original.
Apple

Apple Posts Guided Tours of the Features and Functions of the Apple Watch 94

MojoKid writes Wondering if Apple Watch is going to be worth the money? Well, that depends on several factors, including price, features, and how eager you are to jump into the smartwatch category at this point. To help tackle the latter two, Apple has posted a handful of videos that demonstrate what an Apple Watch can do. They play out like tutorial videos and are labeled "Guided Tour," followed by what specifically the video is showcasing. Currently, there are four Guided Tour videos available, one of which is a general introduction to Apple Watch labeled "Guided Tour: Welcome." It's the longest video of the bunch at 4 minutes and 45 seconds.
Android

Google: Less Than One Percent of Android Devices Are Affected By Harmful Apps 91

jfruh writes: One of the selling points of iOS is that its more restrictive nature makes it more secure. But even though it's easier for users to accidentally install malicious apps on Android, data collected by Google (PDF) indicates that less than one percent of Android users have actually done so. Quoting: "During October 2014, the lowest level of device hygiene was 99.5% and the highest level was 99.65%, so less than 0.5% of devices had a Potentially Harmful Application (PHA) installed (excluding non-malicious Rooting apps). During that same time period, approximately 0.25% of devices had a non-malicious Rooting application installed. ... Worldwide, excluding non-malicious Rooting applications, PHAs are installed on less than 0.1% of devices that install applications only from Google Play. Non-rooting PHAs are installed on approximately 0.7% of devices that are configured to permit installation from outside of Google Play. Additionally, the second graph shows devices with any PHA (including Rooting applications). Rooting applications are installed on about 0.5% of devices that allow sideloading of applications from outside of Google Play."
Google

Google Unveils the Chromebit: an HDMI Chromebook Dongle 50

An anonymous reader writes: Today Google unveiled a new device: the Chromebit. It's a small compute stick that contains the Rockchip 3288 processor, 2GB RAM, and 16GB of storage — much like a low-end Chromebook. It connects to a TV or monitor through an HDMI port. (It also has a USB port for power and plugging in peripherals.) Google says the Chromebit is their solution for turning any display into a computer, and it will cost under $100. Google also announced a couple of new Chromebooks as well. Haier and Hisense models will cost $150, and an ASUS model with a rotating display will cost $250.
Microsoft

Microsoft Announces Surface 3 Tablet 128

An anonymous reader writes: Today Microsoft announced the latest device in their line of Windows tablets: the Surface 3. The tablet runs a full version of Windows (the troublesome "RT" line has been deprecated), and aims to compete with Apple's iPad. The Surface 3 has a 10.8" screen running at 1920x1280 (note the 3:2 ratio). It's 8.7mm thick and weighs 622 grams (1.27 lbs). They're somewhat vague about the battery life, but they say it will last up to 10 hours "based on video playback." They've also made it possible to charge the device with a standard micro-USB charger. The base device with 64GB storage, 2GB RAM, and Wi-Fi will cost $500, and it'll scale up with more storage, more ram, and 4G LTE connectivity. (It maxes out at 4GB RAM, so any heavy-duty gaming is probably out of the question.) The keyboard is still a separate $130 accessory as well.
Input Devices

Control Anything With Gestures: Myo Bluetooth Protocol Released 15

First time accepted submitter Legendary Teeth writes The makers of the Myo Gesture Control Armband (Thalmic Labs) have just released the specs for the Bluetooth protocol it uses. While there are already official SDKs for Windows, Mac, iOS and Android, this means that now anyone can roll their own support for other platforms like Linux or Arduino without needing to use one of the official platforms as a bridge. Anything you can write code for that that can act as a Bluetooth GATT client would now be possible, really. If you aren't familiar with the Myo armband, it's a Bluetooth Low Energy device with 8 EMG pods and an IMU that you wear on your arm. It can read your muscle activity to detect gestures you make with you hands, which you can then use to do things like fly drones, play games, or control music.
Open Source

How Device Drivers Are Reverse Engineered 27

An anonymous reader writes: Linux Voice magazine has published a long article about how people go about reverse engineering drivers for hardware peripherals. They use Python and a USB radio-controlled car to demonstrate, walking us through the entire process. It's a cool, easy-to-follow insight into what often seems to be a rather opaque process.
Communications

Internet of Things Endangered By Inaccurate Network Time, Says NIST 166

An anonymous reader writes: Current standards of network timekeeping are inadequate to some of the critical systems that are being envisaged for the Internet of Things, according to a report (PDF) by the National Institute of Standards and Technology (NIST). The report says, "A new economy built on the massive growth of endpoints on the internet will require precise and verifiable timing in ways that current systems do not support. Applications, computers, and communications systems have been developed with modules and layers that optimize data processing but degrade accurate timing." NIST's Chad Boutin likens current network accuracy to an attempt to synchronize watches via the postal system, and suggests that remote medicine and self-driving cars will need far higher standards in order not to put lives at risk. He says, "modern computer programs only have probabilities on execution times, rather than the strong certainties that safety-critical systems require."
Cellphones

Fujitsu Could Help Smartphone Chips Run Cooler 51

angry tapir writes: If parts of your phone are sometimes too hot to handle, Fujitsu may have the answer: a thin heat pipe that can spread heat around mobile devices, reducing extremes of temperature. Fujitsu Laboratories created a heat pipe in the form of a loop that's less than 1mm thick. The device can transfer about 20W, about five times more heat than current thin heat pipes or thermal materials, the company said.
Displays

Valve's SteamVR: Solves Big Problems, Raises Bigger Questions 124

An anonymous reader writes: When Valve debuted its SteamVR headset recently, it came as somewhat of a surprise — it certainly hasn't gotten the same level of hype as the Oculus Rift. But people who got to try out the new headset almost universally impressed with the quality of the hardware and software. Eurogamer has an article about the device expressing both astonishment at how far the technology has come in three short years, as well as skepticism that we'll find anything revolutionary to do with it. Quoting: "R demands a paradigm shift in the thinking of game designers and artists about how they build virtual space and how players should interact with it. We're only at the very beginning of this journey now. ... but this process will likely take years, and at the end of it the games won't resemble those we're currently used to. In short, they won't be Half-Life 3."

The author thinks simulation games — driving, piloting, and space combat — will be the core of the first wave, and other genres will probably have to wait for the lessons learned making sims good. He adds, "...the practical challenges are great, too — not least in persuading players to clear enough space in their homes to use this device properly, and the potential for social stigma to attach to the goofy-looking headsets and the players' withdrawal into entirely private experiences. I still think that these present major obstacles to the widespread adoption of VR, which even more practical and commercially realistic offerings like Morpheus will struggle against."
Blackberry

BlackBerry's Latest Experiment: a $2,300 'Secure' Tablet 95

An anonymous reader writes: After missing the boat on smartphones, BlackBerry has been throwing everything they can at the wall to see what sticks. From making square phones to insisting users want physical keyboards, their only standard is how non-standard they've become. Now they're expanding this strategy to the tablet market with a security-centric tablet that costs $2,300. And they're not doing it alone — the base device is actually a Samsung Galaxy Tab S 10.5. The tablet runs Samsung Knox boot tech, as well as software from IBM and encryption specialist Secusmart (which BlackBerry recently purchased). The device will be targeted at businesses and organizations who have particular need for secure devices.

"Organizations deploying the SecuTablet will be able to set policies controlling what apps can run on the devices, and whether those apps must be wrapped, said IBM Germany spokesman Stefan Hefter. The wrapping process—in which an app is downloaded from a public app store, bundled with additional libraries that encrypt its network traffic and intercept Android 'intents' for actions such as cutting or pasting data, then uploaded to a private app store—ensures that corporate data can be protected at rest, in motion and in use, he said. For instance, it can prevent data from a secure email being copied and pasted into the Facebook app running on the same device—yet allow it to be pasted into a secure collaboration environment, or any other app forming part of the same 'federation,' he said."
Technology

The Internet of Things Just Found Your Lost Wallet 108

Nerval's Lobster writes Ever forgotten your wallet in a coffee shop or restaurant? Now there's a way to ensure it'll never happen again: Woolet, which its creators bill as a "smart wallet." It features a rechargeable battery, Bluetooth support, and the ability to synchronize with a smartphone app; if you walk 20-85 feet away from your wallet, the app will make a sound and guide you back to it. The platform's being financed on Kickstarter, and attracted attention from TechCrunch and some other places, but it begs the question: is this yet another example of connected devices run amok—shiny and interesting as a concept but not nearly useful enough for the population at large? What would it take for a connected device, whether a wallet or a smoke detector, to gain mass appeal?
Businesses

Reactions to the New MacBook and Apple Watch 450

As the dust settles from Apple's press conference yesterday, there have been a broad variety of reactions around the web. Robinson Meyer at The Atlantic says Apple's $10,000 watch demonstrates the company has lost its soul. "The prices grate. And they grate not because they’re so expensive, but because they’re gratuitously expensive. ... To many commentators, this is unsurprising. It’s good business sense, really. Apple has made its world-devouring profits by ratcheting up profit margins on iPhones. There is no better target for these massive margins than the super-rich. But high margins do not a luxury brand make." Others suspect the high-end watches are targeted more at rich people in China.

As for the less expensive watches, perhaps they're around not so much to become a new major sales category for Apple, but rather to drive more iPhone sales. Meanwhile, the redesigned MacBook may signify a bigger change for the laptop industry than people realize: "We don’t need all those other ports, Apple says. We are living in a wireless world now, where we can connect most of our peripherals without cords." The new MacBook has also fueled speculation that Apple could be working on a more powerful tablet, something that could compete with Microsoft's Surface Pro line.
Businesses

Apple's "Spring Forward" Event Debuts Apple Watch and More 529

samzenpus (5) writes There was a lot of news at Apple's Spring Forward keynote today. Here's a list of some of the most eye-catching announcements.
  • HBO Now standalone streaming service coming to Apple TV and iOS apps in early April for $14.99 a month.
  • Lowered price of Apple TV to $69.
  • Apple Pay accepted at up to 100,000 Coca-Cola machines by the end of the year.
  • ResearchKit Announced: Is open source and allows medical researchers to create apps, and use the iPhone as a diagnostic tool.
  • New MacBook: Lightest ever at 2 pounds, 13.1mm at its thickest point. 2304x1440 display, consumes 30% less energy. Fanless, powered with Intel's Core M processor. 802.11ac, Bluetooth 4.0. and 9 hours of web browsing battery life. Supports many protocols through one connector USB-C. Ships April 10, starting at $1,299.
  • iOS 8.2 is available today
  • Apple Watch: Accurate within 50ms of UTC. Read and delete email, built-in speaker and mic so you can receive calls. It tracks your movement and exercise. Use Apple Pay, play your music, use Siri and get any notification you get on iPhone today. 18 hour battery life in a typical day. Sport model starting at $349, stainless steel price: $549-$1049 for 38mm, 42mm is $599-$1099, and gold edition starting at $10k. Pre-orders begin April 10th, available April 24th.
AMD

AMD Enters Virtual Reality Fray With LiquidVR SDK At GDC 23

MojoKid writes: AMD jumped into the virtual reality arena today by announcing that its new LiquidVR SDK will help developers customize VR content for AMD hardware. "The upcoming LiquidVR SDK makes a number of technologies available which help address obstacles in content, comfort and compatibility that together take the industry a major step closer to true, life-like presence across all VR games, applications, and experiences," AMD representatives said in a statement. Oculus is one of the VR companies that will be working with AMD's LiquidVR SDK, and likes what it's seen so far. "Achieving presence in a virtual world continues to be one of the most important elements to delivering amazing VR," said Brendan Iribe, CEO of Oculus. "We're excited to have AMD working with us on their part of the latency equation, introducing support for new features like asynchronous timewarp and late latching, and compatibility improvements that ensure that Oculus' users have a great experience on AMD hardware."
Android

Google Backs Off Default Encryption on New Android Lollilop Devices 124

An anonymous reader writes: Although Google announced in September 2014 that Android 5.0 Lollipop would require full-disk encryption by default in new cell phones, Ars Technica has found otherwise in recently-released 2nd-gen Moto E and Galaxy S6. It turns out, according to the latest version of the Android Compatibility Definition document (PDF), full-disk encryption is currently only "very strongly recommended" in anticipation of mandatory encryption requirements in the future. The moral of the story is: don't be lazy — check that your full-disk encryption is actually enabled.
Security

Pharming Attack Targets Home Router DNS Settings 39

msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.
Security

Fighting Scams Targeting the Elderly With Old-School Tech 98

itwbennett writes Sharp is launching a pair of landline phones designed to counter a growing form of fraud in Japan that preys upon the elderly. The 'ore ore' ('it's me, it's me') fraudsters pretend to be grandchildren in an emergency and convince their victims to send money, generally via ATM. Sharp's new phones are designed to alert seniors to the dangers of unknown callers. When potential victims receive that are not registered in the internal memory of Sharp's new phones, their LED bars glow red and the phones go into anti-scam mode. An automated message then tells the caller that the call is being recorded and asks for the caller to state his or her name before the call is answered.
Android

Who's Afraid of Android Fragmentation? 136

Nerval's Lobster writes: The dreaded term "fragmentation" has been applied to Android more times than anyone can count over the past half-decade. That's part of the reason why game developers often build for iOS before Android, even though Android offers a bigger potential customer base worldwide, and more types of gaming experiences. Fortunately, new sets of tools allow game developers to build for one platform and port their work (fairly) easily to another. "We've done simultaneously because it is such a simple case of swapping out the textures and also hooking up different APIs for scores and achievements," London-based indie developer Tom Vian told Dice. "I've heard that iOS is a better platform to launch on first, but there's no sense for us in waiting when we can spend half a day and get it up and running." So is fragmentation an overhyped roadblock, or is it a genuine problem for developers who work in mobile?

Slashdot Top Deals