Links: iOS Masque attack, Shingy?!, Lenovo struggles, explaining #RTBF, Apple’s second comeback, and more

Don’t jailbreak your device. No, not that sort of jailbreak, sir.

A selection of 9 links for you. Do not use near rotating machinery.

Masque attack: all your iOS apps belong to us >> FireEye Blog

We have notified Apple about this vulnerability on July 26. Recently Claud Xiao discovered the “WireLurker” malware. After looking into WireLurker, we found that it started to utilize a limited form of Masque Attacks to attack iOS devices through USB. Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps,such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.

Serious problem. The advice for now seems to be “don’t install stuff from a website or third-party app store onto your iOS device.” Perhaps the walls around the walled garden are there for a reason. So, don’t jailbreak your device either.

Google fitness app climbs to top of China rankings >> Bloomberg

Google Fit, which tracks activity and connects to health-monitoring devices, debuted late last month at No. 24 on the Android charts in China. On Nov. 1, the app reached the top ranking in the country and has stayed there since, according to App Annie’s Distimo analytics service. The app peaked at 69 in the U.S., 38 in the U.K. and 272 in Japan.

Google in June unveiled its “Google Fit Platform,” a software suite that connects compatible apps and Android Wear devices, allowing a user to track activity and fitness data. While Google’s search service is unavailable in China, its Android operating system dominates the market ahead of Apple’s iOS.

Google doesn’t operate its own application download store in China, with Android apps distributed by third parties, said Robin Moroney, a Singapore-based spokesman for the Mountain View, California-based Internet company. He declined to comment on why the Google Fit app is at the top of the charts.

No actual numbers, and the Android devices inside China are almost all AOSP. Perhaps the Chinese love fitness. Perhaps it’s for air quality monitoring in some roundabout way. Perhaps the numbers are vanishingly small. Anyone know?

How Bitcoin helps Afghan girls achieve financial freedom >> Coindesk

At least 2,000 WAF [Women’s Annex Forum] users in Afghanistan are paid in bitcoin. Their average income falls between $250 and $400 monthly.

The country’s average annual income is US$680, according to 2012 data.

Payouts to the girls in Afghanistan were problematic before bitcoin was integrated this February. It compensated users in US dollars via bank wires that required hefty fees or PayPal, which isn’t supported there. They would send the money to Mahboob in one lump sum, Forough recounted, who would then cash it and find a place to pay all her users in a given locaton.

“Imagine … it’s dangerous if a girl has a lot of cash in her pocket walking around the city,” she Forough. “And sometimes the family takes the money and there’s nothing for the girls.”

This is currency as internet protocol: it routes around blocking.

Lenovo Shares Dive To Four-Month Low As Xiaomi Accelerates In China

Shares in Lenovo, the world’s No. 1 PC brand, dived for a second day in Hong Kong on Friday after the company said smart-phone sales fell in the three months to September amid intense global competition that is also pressuring better-known Apple and Samsung.

Lenovo’s shares fell 4.8% on Friday to HK$10.26, their lowest close since June 24. That follows a drop of 5.1% on Thursday.

Lenovo’s sales of smartphones declined by 6% in the latest quarter from a year earlier to $1.4 billion, according to media reports. The company is facing rough competition on from Beijing hometown rival Xiaomi, which ranked No. 3 globally for the quarter ending in September, according to market research firm Strategy Analytics.

This is from last Friday, and Lenovo now includes Motorola (the sale concluded after its fiscal quarter ended, making the retrofitted “Lenovo is No.3 in world smartphones!” headlines a bit odd. Even so, if its own handset business is struggling, and it means to make Motorola profitable – which it isn’t – this could be something to watch.

Notable too how Lenovo is becoming the maw into which Western brands – IBM PC, IBM Server, Germany’s Medion, Motorola – disappear.

Beyond the hype: The big issues in the European Court’s ‘right to be forgotten’ ruling >> Privacy International

Anna Fielder and Carly Nyst:

European journalists and media outlets have played into Google’s hands, as some are claiming that the decision has resulted in Google casting journalists “into oblivion” with articles being “scrubbed” and sent “down the memory hole”.

And then of course there is Google itself, which is doing its best to stir up fear around the decision by claiming that the CJEU ruling “will be used by governments that aren’t as forward and progressive as Europe to do bad things” and has been accused of sabotaging the decision by being overly responsive to requests received since the decision. As privacy scholar Paul Bernal noted, such a response has created “an atmosphere in which people feel more censored.”.

This fear-mongering has obscured the true nature of what is a rather straightforward legal judgement which has incredibly complex implications. We have already explained the reasoning behind the decision and here, we look beyond the hype to tease out the big issues and challenges underpinning the ruling.

This is a great writeup of a topic that is almost wilfully misunderstood by many.

Deregister and turn off iMessage >> Apple Support


You may need to turn off iMessage if you are now using a non-Apple phone and can’t get SMS or text messages someone sends you from an iPhone.

This can actually have uses for people who have temporarily got other phone numbers (eg PAYG Sims) which they’ve used for iMessage and now don’t want to be associated with it.

I suspect the arrival of this tool is linked to the class-action suit ongoing against Apple over precisely the fact that this was so hard to do. (The support document hasn’t been updated with a pointer to the new tool.)

January 1991: The second comeback of Apple >> Businessweek

I found this while looking for a completely different article on Businessweek:

Apple also is forgoing fat profits to win back business lost to IBM and Tandy Corp. in schools. It recently was the low bidder by $2m in a $12.5 million contract with the Broward County (Fla.) School District. The school system bought 3,520 Macintosh LCs–low-cost color Macs introduced with the Classic. Apple’s pricing, predicts Hambrecht & Quist Inc., should boost sales by an industry-beating 18%, to $6.5bn in fiscal 1991. But earnings will grow just 5%, it figures. And that’s possible only if Apple pares its overhead. Concedes Apple President Michael H. Spindler: “The low-end strategy only works if we can manage expenses as gross margins move down.”

…To make the comeback last, Apple must hit on all cylinders – promoting affordable Macs to build market share while developing leading-edge machines that big-business customers demand. Sculley sees no problem with that: “In 1991, we’re going to catch up. In 1993, Apple will be in a position to be shaping the industry, much as we were in the `80s.”

That Spindler quote is so apt today for many smartphone makers.

Meet Shingy, AOL’s “Digital Prophet” >> New Yorker

His business card has a microchip embedded in it, and it reads “Digital Prophet, AOL.” It also says “David Shing,” but, unless you knew him when he was a kid in Australia, you should just call him Shingy, which is also his Twitter handle and his URL. AOL pays him a six-figure salary for — for doing what, exactly? “Watching the future take shape across the vast online landscape,” Shingy says. “I fly all around the world and go to conferences.” Last month, he was in Singapore, Brazil, and Germany. “I listen to where media is headed and figure out how our brands can win in that environment.” In 2002, AOL had more than 25m subscribers; it now has fewer than 2.5m. Shingy calls it “a company in transition.”

Just in case you’re thinking “no, really, he might be doing something essential”:

…Shingy stopped by the office of Erika Nardini, the chief marketing officer of AOL Advertising, and handed her an iPad Mini. “Wanted to show you a little brain fart I had on the plane,” he said. It was a cartoon he had drawn of a bear wearing zebra-print pants and a shirt covered in ones and zeros.

“Love it, love it, love it,” Nardini said. “I’m thinking of the bears more as a metaphor.”

“A thousand per cent,” Shingy said.

Half the people reading this are thinking “KILL HIM” and the other half are thinking “How could I get that gig?”

Unethical uses for public Twitter data >> Adrian Short

After outlining how there are many analysis methods which can reveal more than you think (and they’re worth reading for themselves), Short points out:

This is the tip of the iceberg. Even if you’re a professional data analyst, you’ve got no way to know how any one of these techniques could be used, either in good faith, recklessly or maliciously, to invade the privacy and damage the lives of people who have done nothing more than post to Twitter.

I hope it’s clear that your tweets can reveal your legal identity, relationships, group memberships, interests, location, attitudes and health even where you haven’t explicitly or obviously volunteered that information. This can, and of course is, being used to change people’s lives, very often for the worst. It can affect people’s job prospects, relationships, health, finances, it could cost people their liberty or even their lives.

There is no meaningful way to consent to this, no way that any one person could comprehend the genuine risk from their social media exposure, either in the light of current known techniques or of data analysis methods yet to be devised. Increasingly, opting out isn’t an option either. At best you lose the benefits of being part of social networks online. At worst, your absence flags you as an outsider or someone with something to hide.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.