Start up: Coolpad’s built-in malware backdoor, LG v Samsung, Rockstar’s patent fizzle, Google’s PR spin game, and more


A Coolpad smartphone. Back door not shown.

++++++++++++++++++++++
This is the last collection of Overspill links until next week (at least). Have a great Christmas – and thanks to the hundreds of people who are coming to read every day. You’re always welcome.
++++++++++++++++++++++

A selection of 11 links for you. I’m charlesarthur on Twitter. Observations and links welcome.

SuperBeam Pro: easy & fast WiFi direct file sharing >> iTunes App Store

Works by Wi-Fi Direct (aka p2p sharing). Seems to be superfast, but one also wonders if Apple is going to be entirely happy about this. (Found via Producthunt.)


Rockstar consortium to sell 4,000 patents to RPX Corp. for $900m >> WSJ

Starting late last year, Rockstar sued several companies for allegedly infringing their patents, including Google and Cisco. Last month, Rockstar settled its suits against Google and Cisco. Financial details weren’t disclosed, but Cisco told investors in early November that it had recorded a pretax charge of $188 million to settle the Rockstar litigation.

As part of the deal with RPX, Rockstar will drop the remainder of its suits, which include claims against Samsung Electronics, LG, HTC and Huawei.

The settlements follow others in the long-running smartphone patent wars.

For instance, in May, Apple and Google agreed to drop all lawsuits between the two companies, and in August, Apple and Samsung agreed to end all litigation between the two companies outside the U.S. Apple and Samsung are still battling in federal court in California, where Apple has won two jury verdicts finding that Samsung infringed its designs for the iPhone.

Whether the Rockstar companies recouped its $4.5bn investment is an open question. In the minds of some experts, the $4.5bn figure reflected the high point of a frothy market that developed for patents in the earlier days of the smartphone industry.

The Rockstar companies squeezed more than three years of use out of the 4,000 patents, and will keep licenses going forward. The 2,000 patents they held back from Rockstar—and aren’t part of the sale to RPX—were among some of the most valuable in the Nortel portfolio.

Turns out that smartphone patents were just a sideline which led both Google and its rivals to drop huge amounts. (Google rather more than the others, through Motorola’s continued losses until it could sell it off. But nobody won.)


CoolReaper revealed: a backdoor in Coolpad Android devices >> Palo Alto Networks Blog

Claud Xiao and Ryan Olson:

Coolpad is the sixth largest manufacturer of smartphones in the world, and the third largest in China. We recently discovered that the software installed on many of Coolpad’s high-end Android phones includes a backdoor which was installed and operated by Coolpad itself. Today we released a new report detailing the backdoor, which we’ve named “CoolReaper.”
After reviewing Coolpad complaints on message boards about suspicious activities on Coolpad devices, we downloaded multiple copies of the stock ROMs used by Coolpad phones sold in China. We found the majority of the ROMs contained the CoolReaper backdoor.

CoolReaper can perform the following tasks:
• Download, install, or activate any Android application without user consent or notification
• Clear user data, uninstall existing applications, or disable system applications
• Notify users of a fake over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications
• Send or insert arbitrary SMS or MMS messages into the phone.
• Dial arbitrary phone numbers
• Upload information about device, its location, application usage, calling and SMS history to a Coolpad server.

Fabulous! All that extra software for no charge! (Coolpad is on sale in the west, by the way.)

They say it’s specifically tailored to hide what it does, and that Coolpad has ignored customer complaints about unwanted app installs. Their conclusion:

CoolReaper is the first malware we have seen that was built and operated by an Android manufacturer. The changes Coolpad made to the Android OS to hide the backdoor from users and antivirus programs are unique and should make people think twice about the integrity of their mobile devices.


Google adds song lyrics to search results but it feels like a cheap cash grab >> PCWorld

Ian Paul:

Google has figured out a way to deliver more instant answers in search results and boost music sales on Google Play simultaneously: song lyrics. Following Bing’s lead from October, Google is now surfacing lyrics for a limited number of songs when you search for “[song title] lyrics.”

Unlike Bing, however, you won’t see the full list of song lyrics in your search results. To see the complete lyrics you have to click a link to Google Play. There you’ll also have options to buy the track or subscribe to Google Play’s All Access subscription service.

If Bing’s song lyrics roll out convinced you to switch to Microsoft’s search engine, however, don’t bother switching back. Google’s song lyric catalog is extremely limited compared to its competitor. In fact, the new feature seems like more of a ploy to push people to Google Play than a truly helpful search function.

I hadn’t noted that Bing was already doing song lyrics. Google says it has licensed the lyrics it displays. But – as this article notes, and Techcrunch points out – it’s another annexation by Google of a content business.


LG boss may miss CES due to washing machine fiasco >> CNET

Cho Mu-Hyun:

South Korean prosecutors have imposed a travel ban on Jo Seong-jin, head of LG’s Home Appliance and Air Solution Company, who had been slated to represent LG at the upcoming Consumer Electronics Show 2015 in Las Vegas.

Samsung earlier this year filed a lawsuit for property damages and defamation against Jo and four other LG Electronics executives after the IFA tradeshow in Berlin, Germany, claiming that the LG execs intentionally sabotaged the door hinges of one of its washing machines at an electronics store there. Samsung provided as evidence the damaged washing machine and CCTV footage allegedly showing Jo “willfully” damaging the appliance.

Who knew bathos could be so hilarious.


Xiaomi may adopt sapphire for covers of 5.7in smartphone >> Digitimes

China-based smartphone vendor Xiaomi Technology is likely to adopt sapphire for protective covers of Xiaomi 5, its 5.7-inch flagship model that will be showcased at the 2015 Consumer Electronics Show, Taiwan-based supply chain makers cited industry sources in China as indicating.

Japan-based Kyocera in early 2014 launched smartphones with protective covers made from internally-produced sapphire in the US market through cooperation with Verizon Wireless, while China-based Vivo and Huawei Device also launched smartphones with sapphire covers, the sources said.

If Xiaomi decides to adopt sapphire, existing sapphire production capacity is not sufficient to meet the demand, according to sources with Taiwan-based sapphire wafer makers.

Even with Xiaomi’s smartphone volumes, this probably isn’t possible. Maybe a high-end model?


Why Sony’s breach matters >> Learning by Shipping

Steve Sinofsky, who (of course) used to be at Microsoft:

in late 1996, seemingly all at once everyone started opening Word documents to a mysterious alert like the one below.

This annoying but benign development was actually a virus. The Word Concept virus (technically a worm, which at the time was a big debate) was spreading wildly. It attached itself to an incredibly useful feature of Word called the AutoOpen macro. Basically Word had a snazzy macro language that could do anything automatically that you could do in Word just sitting in front typing (more on this later). AutoOpen allowed these macros to run as soon as you opened a document. You’d receive a document with Concept code in AutoOpen and upon opening the document it would infect the default (and incredibly useful) template Normal.dot and then from then on every document you opened or created was subsequently infected. When you mailed a document or placed it on a file server, everyone opening that document would become infected the same way. This mechanism would become very useful for future viruses.

Looking at this on the team we were rather consternated. Here was a core business use case. For example, AutoOpen would trigger all sorts of business processes such as creating a standard document with the right formats and metadata or checking for certain conditions in a document management system. These capabilities were key to Word winning in the marketplace. Yet clearly something had to be done.

And that was just the start of a long run of malware. But he thinks we’re better off now.


Google just had to spin the Sony hack >> The Illusion of More

David Newhoff on Google’s PR spin around the “Goliath” emails uncovered by the Sony hack, which he calls a Pavlovian bell-ringing for its meme of “internet freedom”:

It’s no secret that motion picture producers and Google have an ongoing dispute with regard to piracy of filmed entertainment, and I think it’s a safe bet both parties regularly consult with counsel regarding their own interests. As such, I personally think one of the more serious results of this leak is the rather dramatic breach of attorney/client privilege. I don’t think we want a society in which hackers can arbitrarily violate this fundamental right in our legal system. Apparently, though, Google’s Sr VP and General Counsel, Kent Walker, was unfazed by this implication — perhaps Google is hacker proof — when he was quoted in Variety saying, “We are deeply concerned about recent reports that the Motion Picture Association of America (MPAA) led a secret, coordinated campaign to revive the failed SOPA legislation through other means.”  And as of this week, Google has launched a campaign it calls Zombie SOPA. Ding-a-ling!

Walker is not speaking as an attorney, but rather as a PR guy, when he plays the word secret like that in order to imply a conspiracy, knowing full well that communications between clients and attorneys are almost always secret. But near the end of the article, he is also quoted plaintively wondering why champions of the First Amendment like the MPAA would “want to censor the Internet.”  Hear them ring! Of course any discussion about legal remedies to mitigate piracy are tantamount to censorship, right?


Why Samsung is losing out to low cost rivals >> Jana Mobile

Samsung’s flagship Galaxy series is extremely popular among the emerging market smartphone users that make up mCent’s user base (eight of the top ten devices used to access the mCent app in November 2014 came from the Samsung Galaxy series). However, the Galaxy is likely to become less popular as lower-priced competitors enter the market. This is partly due to the total price of components and assembly for Galaxy devices, which have steadily risen in the face of prevailing market trends. If the current trend is sustained, manufacturing and component costs for a Samsung Galaxy [from 2010] will be higher than the global average selling price for a smartphone in 2015…

…In November 2014, Samsung accounted for 40% of sessions on the mCent app for Android. It has been the most popular smartphone brand among users in our markets since the launch of the mCent app in June 2014, yet its popularity has been waning. In the key markets of Brazil, Indonesia, and India, Motorola, Smartfren, and Micromax have become noticeably more popular. We expect this trend to continue into 2015.

With the caveat, however, that they’re talking about the flagship Galaxy phones, not the cheapo phones that it sells at rock-bottom prices.

Though this is becoming a story that everyone is telling: Samsung losing out to the low-cost rivals. Its earnings guidance for the fourth quarter will come out in early January.


Mathematicians have finally figured out how to tell correlation from causation >> Quartz

Zach Wener-Fligner:

determining causal relationships is really hard. But techniques outlined in a new paper promise to do just that. The basic intuition behind the method demonstrated by Prof. Joris Mooij of the University of Amsterdam and his co-authors is surprisingly simple: if one event influences another, then the random noise in the causing event will be reflected in the affected event.

For example, suppose we are trying to determine the relationship between the the amount of highway traffic, and the time it takes John to drive to work. Both John’s commute time and traffic on the highway will fluctuate somewhat randomly: sometimes John will hit the red light just around the corner, and lose five extra minutes; sometimes icy weather will slow down the roads.

But the key insight is that random fluctuation in traffic will affect John’s commute time, whereas random fluctuation in John’s commute time won’t affect the traffic.

Smart – watch for this to filter through into all sorts of everyday algorithms in the next few years.


Did North Korea really attack Sony? >> The Atlantic

Bruce Schneier:

Allan Friedman, a research scientist at George Washington University’s Cyber Security Policy Research Institute, told me that from a diplomatic perspective, it’s a smart strategy for the U.S. to be overconfident in assigning blame for the cyberattacks. Beyond the politics of this particular attack, the long-term U.S. interest is to discourage other nations from engaging in similar behavior. If the North Korean government continues denying its involvement no matter what the truth is, and the real attackers have gone underground, then the U.S. decision to claim omnipotent powers of attribution serves as a warning to others that they will get caught if they try something like this.

Sony also has a vested interest in the hack being the work of North Korea. The company is going to be on the receiving end of a dozen or more lawsuits—from employees, ex-employees, investors, partners, and so on. Harvard Law professor Jonathan Zittrain opined that having this attack characterized as an act of terrorism or war, or the work of a foreign power, might earn the company some degree of immunity from these lawsuits.

I worry that this case echoes the “we have evidence — trust us” story that the Bush administration told in the run-up to the Iraq invasion.

Schneier is very sceptical of the US explanation. It’s noticeable how few security experts are on board with the US’s claims over this.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s