Start Up: Android warning for Trump, Uber’s strike, more IoT hacking, enormotabs are here!, and more


Sunglasses! Guaranteed Ray-Buns! Yours cheap! Stop spam! Photo by cdrake2 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Donald Trump’s personal phone could be a major security risk, experts warn • Daily Telegraph

Cara McGoogan:

»

The US president-elect Donald Trump’s mobile phone poses a major security threat to the United States and its allies, according to experts. 

Analysis of Trump’s social media activity and comments him and his aides have made about his phone suggest that he his still using a regular Android device. The Google-made software is widely regarded as vulnerable to hackers, who could use known techniques to access all of Trump’s communications, as well as live camera, microphone and location feeds.

Sophisticated attackers could manage this with a simple trick, such as coercing Trump into clicking on an infected link in a message or on Twitter on his Android phone. To prevent a breach like this, the National Security Agency issued current President Barack Obama a highly secure phone that it designed.

«

Don’t say things about it being even more dangerous when used.
link to this extract


Android security in 2016 is a mess • cpbotha.net

Charl Botha:

»

I bought my LG G3 in 2014 here in South Africa. It was LG’s flagship in that year, and sold extremely well. LG is a well-known smartphone OEM.

However, only because I took steps to flash the official KDZ image (V30a-ZAF-XX), which consumers would normally not do, am I now running Android 6. However, my security patch level is 2016-03, meaning there are 6 months of security updates I don’t have. (You can check your Android security patch level by going to Settings | General | About Phone | Software info.)

Before you think six months lag is not too bad, here’s a nice example vulnerability from the November 1 Android security bulletin:

»

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

«

In short, your phone could be hacked wide open from afar through a single innocent-looking email, MMS or web-page.

«

It’s unlikely.. until it happens. Then the unlikelihood turns into 100% certainty. If this puzzles you, just think back to September, when it was unlikely that Donald Trump would win the US election.
link to this extract


Fighting iOS Calendar Spam • The New York Times

»

Q. I have been getting spam invitations to my iOS calendar recently. They come from Chinese accounts and their subjects are for super-discounted Ray-Bans and the like. Is there any solution to this?

«

Yes, there are a few, and the NYT has them.
link to this extract


Uber drivers join nationwide strike to demand $15 minimum wage • VentureBeat

Ken Yeung:

»

Uber riders may find available rides in short supply on Monday as “hundreds” of drivers in two dozen U.S. cities go on strike. The action is intended to raise awareness of a desire by not only Uber drivers, but fast-food cooks, airport baggage handlers, home care workers, child care teachers, and graduate assistants wanting to receive a fair day’s pay — they’re fighting for the $15 per hour minimum wage.

Protests are supposed to be taking places in cities such as Denver, Boston, Miami, Chicago, Los Angeles, New York City, and San Francisco. As part of the Fight for $15 event, Uber drivers will march in solidarity with others and aim to disrupt service, thereby highlighting to riders the important roles these service people play in daily life.

«

link to this extract


Newly discovered router flaw being hammered by in-the-wild attacks • Ars Technica

Dan Goodin:

»

Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.

SANS Dean of Research Johannes Ullrich said in Monday’s post that exploits are almost certainly the cause behind an outage that hit Deutsche Telekom customers over the weekend. In a Facebook update, officials with the German ISP said 900,000 customers are vulnerable to the attacks until they are rebooted and receive an emergency patch. Earlier this month, researchers at security firm BadCyber reported that the same one-two port 7547/TR-064 exploit hit the home router of a reader in Poland. They went on to identify D1000 routers supplied by Eircom as also being susceptible and cited this post as support. The Shodan search engine shows that 41 million devices leave port 7547 open, while about five million expose TR-064 services to the outside world.

«

link to this extract


Background notes and full credits for the One Moment video • OK Go

Damian Kulash, director and singer in the band:

»

The whole point of the video is to explore a time scale that we can’t normally experience, but because it’s so inaccessible to us, our tools for dealing with it are indirect. The only way we can really communicate with that realm is through math. The choreography for this video was a big web of numbers — I made a motherfucker of a spreadsheet. It had dozens of connected worksheets feeding off of a master sheet 25 columns wide and nearly 400 rows long. It calculated the exact timing of each event from a variety of data that related the events to one another and to the time scale in which they were being shot. Here’s a screen shot of just the first few lines, to give you a sense.

«

Having listened to a few OK Go albums, I understand why they’re famous for their videos. Maybe someone could hire them to make a video.
link to this extract


Recovery from watch market slump within sight • FT

Ralph Atkins, in September:

»

Much of the gloom has surrounded Hong Kong, previously the biggest export market for Swiss watches. Luxury consumer goods sales in Hong Kong have been hit over the past few years by shifts in tourism flows as Chinese customers shopped elsewhere; Swiss watch exports to Hong Kong were down 33% year-on-year to July, causing sales there to fall behind the US.

Excessive stock levels mean improvements will take time to feed through in Hong Kong, despite steps by some companies, such as Richemont, to help reduce inventory in storerooms, including recycling parts from unsold watches.

But luxury goods manufacturers report signs of sales recovering in mainland China. Chinese consumers largely powered the sector’s revival after the global financial crisis of 2008. Spending on luxury watches was subsequently hit by Beijing’s clampdown on corruption, which resulted in less “gifting” of high-quality timepieces.

The effect of such factors on Chinese sales has started to fade, says Adrian Hofer, consumer goods industry specialist at Boston Consulting Group in Zurich. “I’m pretty convinced that we’re down at the levels that make growth possible again.”

«

This, from reader Philip Cunningham, could well be the explanation for the collapsing levels of Swiss watch sales noted here yesterday.
link to this extract


Long a novelty, gigantic tablets are sneaking into the workplace • WSJ

Christopher Mims:

»

Most of the devices can run Tactivos Inc.’s collaboration software Mural, which lets a roomful of people write, add sticky notes, bring in graphics from the web and perform a dozen other tricks on a giant, scrollable whiteboard.

Mural is designed to let remote teams share a workspace. Using it on a ginormablet has the pleasantly disorienting effect of mixing the ease and conventions of writing on a regular whiteboard with the familiar interface of a smartphone. It’s the closest I’ve ever come to the scene in “Minority Report” where Tom Cruise manipulates the interface of the future with expansive gestures.

I had a similarly science-fiction experience in the belly of Carnival Cruise Line’s newest ship, a $780 million, 1,062-foot-long floating city called the Carnival Vista.

In the ship’s engineering room, boisterous chief engineer Cesare Boldrini showed off a command center that looks like the bridge of the Battlestar Galactica. In the center, seemingly where Cmdr. Adama left it, is a 55-inch touch-screen table that Carnival calls the “Tactical Table.” Here, Mr. Boldrini can display 300 screens of readouts and toggles used to control every part of the ship, from its gigantic Azipod thrusters to the pH and temperature of the ship’s swimming pools. Through the table, he also can display any of these readouts on a giant video screen that stretches across the front wall of the control room.

When Carnival designed the engineering room of the Vista, they wanted to give the chief engineer the ability to monitor and control any part of the ship without interfering with the work of his team members, Mr. Boldrini said.

Landlubbers can experience megatablets at more than 500 McDonald’s restaurants in California, New York and Florida where the restaurant chain is testing gigantic touch-screen kiosks for ordering meals.

«

link to this extract


Apple to add 10.5-inch models to iPad series in 2017, say Taiwan makers • Digitimes

Siu Han and Adam Hwang:

»

Apple is launching the 10.5in iPad mainly because 10in and larger tablets have been popular among enterprises and the education sector in the US, the sources said. Its existing 9.7in iPad may be too small and the 12.9in iPad Pro too expensive for such procurement, the sources indicated.

The 10.5in iPad will be equipped with Apple-developed CPU A10X which is also used in 12.9in iPad Pro, the sources noted.

Shipments of 10.5in iPad will reach two million units in first-quarter 2017 and may reach 5-6 million units in the year, the sources said.

Apple will also launch lower-price versions of the 9.7in iPad to compete with Android models, the sources noted.

«

So 10.5in is a Goldilocks size – not too big, not too small? You’d think others would have already figured that. So this feels a bit strange. As does the part about “cheaper 9.7in iPad”: Apple doesn’t need to compete with Android tablets, which are already killing themselves.
link to this extract


How the 2016 election blew up in Facebook’s face • BuzzFeed News

Alex Kantrowitz:

»

It’s no coincidence that Jestin Coler started National Report, his wildly successful fake news site, only a few months after Facebook added the mobile share button [in November 2012, just after the previous election]. The California-based satirist watched in a bit of amazement as articles from fringe conservative news sites began booming across Facebook, and decided he wanted in on the action. “I was seeing those sorts of sites all over the place with large followings and they were getting good traffic and I just thought to myself, Well I could do that,” Coler told BuzzFeed News. And so he debuted National Report in February 2013.
Coler could have reported the news, or simply blogged. But he noticed that fringe political pages would pick up just about anything that helped them make their point, including fabricated news. So National Report began publishing fake news about gun control, abortion, and President Obama, which Coler suspected would set off the right. It sure did. The sites quickly began aggregating his stories. “We really went for the confirmation bias thing,” Coler said. “What we assumed people wanted to hear, that was really what we were selling.”

«

link to this extract


Hackers are holding San Francisco’s light-rail system to ransom • The Verge

Andrew Liptak:

»

Computer screens at MUNI stations displayed a message: “You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 ,Enter.” MUNI Spokesman Paul Rose spoke to the Examiner and noted that his agency was “working to resolve the situation,” but refused to provide additional details.

Reached by email, the hacker confirmed he was seeking a deal with MUNI to undo the damage:

»we don’t attention to interview and propagate news ! our software working completely automatically and we don’t have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they don’t want deal ! so we close this email tomorrow!«

In September, Morphus Labs linked a hacker by the same name to a ransomware strain called Mamba, which employs tactics similar to those demonstrated against MUNI.

«

Yandex is a Russian domain, if that helps. (Corrected the headline, which said the hacker/s were holding the Muni “for ransom”. No: you hold things *to* ransom.)
link to this extract


Google’s Pixel captures 10% premium smartphone market share in India • Economic Times

Gulveen Aulakh:

»

Google has captured a 10% share of the premium smartphone segment in India after what analysts said was a strong initial showing with its Pixel, which took advantage of the absence of Samsung’s Galaxy Note 7 in the market.

Google shipped 33,000 units of Pixel to India as of October end, becoming the No 3 player for the month in the segment where the smartphone costs Rs 30,000 or more. Apple has trumped Samsung to capture the No 1 position in this segment.

«

Apple has 66% share (so 220,000 units). The Note 7’s absence is hurting Samsung.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s