Start Up: the Bluetooth DDOS threat, Canada’s pricey phones, iPhone8 and WatchOS review, and more


It’s not an iPhone. But do they share a pricing strategy? Photo by cocoate.com on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

BlueBorne Bluetooth vulnerability ‘exposes almost every connected device’ • Betanews

Mark Wycislik-Wilson:

»

The only requirement for a successful attack is that Bluetooth is enabled — something most people have enabled at least on their phone, and often on their computers and laptops. Armis Labs describes BlueBorne as being “out of the traditional kill chain” as it is incredibly hard to detect.

The company says:

»

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

«

Armis Labs has already communicated with Microsoft, Google, Linux, Apple and Samsung, and patches are being issued in most cases — with the possible exception of Samsung which failed to respond to the notification.

«

Mitigated in Windows 10 as of July 11; fixed in iOS 10; pushed in an Android update on August 7, included in the September security update for Android. Still leaves a lot of Android devices potentially vulnerable.
link to this extract


How Apple’s pricey new iPhone X tests economic theory • WSJ

Josh Zumbrum and Tripp Mickle:

»

Apple and Samsung have found themselves here partly by necessity. Smartphone makers are running out of new customers. Data from IHS Markit estimates there are just under 100 smartphones per 100 people in the U.S. and about 92 smartphones per 100 people in Europe. (Many people own more than one phone.) By 2020, there will be about 84 smartphones per 100 people globally, IHS projects.

To generate more revenue the big smartphone makers increasingly need to push on price.

“They can create a super-premium model and perception of super-premium that pushes those buyer types into the stratosphere,” said Steven Haines, chief executive of Sequent Learning Networks, which advises companies on product management. “This is classic product management.”

Such segmentation is normal in mature industries, said Mr. Haines, comparing smartphones to what happened with the auto industry, where luxury cars with high prices became a status symbol as car ownership became commonplace.

«

Zumbrum and Mickle are trying to argue that the iPhone [X] is a Veblen good – where demand rises as the price goes up. Neil Cybart takes this argument to pieces in his latest newsletter (sign up on aboveavalon.com). He points out that iPhone starting prices now range from $349 (iPhone SE) to $999 (iPhone X):

»

Apple didn’t establish the preceding price range in order to push specific “luxury” models, like iPhone X or iPhone 8 Plus. It’s not that the higher-end models are priced in such a way as to stoke demand and interest simply because of a higher price. Instead, iPhone pricing is based on capability [such as camera, processor speed, screen size].

«

Handbags or Vertu phones (which recently went bust) aren’t priced on their capability. Vertu phones were arguably less capable than far cheaper devices.
link to this extract


Why Canadian cell phone bills are among the most expensive on the planet • National Post

Tristin Hopper:

»

The more likely reason for the high prices is that the people setting these prices don’t have any reason not to.

As Michael Geist put it in 2013, cell phone carriers raise prices “because they can.”

They’re not a cartel, which would be illegal. Rather, Canadian telecoms are in a situation in which there’s no real incentive to undercut each other. The three companies know they are better off when Canadians are paying among the world’s highest rates for cell phone usage.

As industry watchers have noted, these companies have a strange habit of raising their prices in tandem. In January 2016, Bell hiked its monthly plans by $5 per month. Within a week, Telus and Rogers had independently followed suit.

These are not the normal actions of an industry. When Air Canada hikes prices, WestJet and NewLeaf don’t follow suit within a matter of hours. In fact, it’s quite the opposite: By constantly trying to grab market share from each other, the competing airlines force prices to a bare minimum.

But Canadian cell phone providers don’t have to worry about a WestJet or a NewLeaf. The awesome costs and regulatory barriers of starting a competing Canadian wireless company are so prohibitive that telecoms can rest assured that they won’t suddenly be challenged by an ambitious startup.

«

Weird that Canada’s regulators haven’t thought of providing some sort of incentive to encourage another carrier to move in, perhaps simply by forcing the sharing of infrastructure. This is similar to the problem in the UK where there’s no competitor to BT for landlines because of the cost of infrastructure.
link to this extract


All that’s needed to hack Gmail and rob bitcoin: a name and a phone number • Forbes

Thomas Fox-Brewster:

»

Hackers have proven just how urgently a gaping flaw in the global telecoms network, affecting what’s known as Signalling System No. 7 (SS7), needs to be fixed. In a video demonstration, shown to Forbes ahead of publication today, benevolent hackers from Positive Technologies were able to take control of a Coinbase bitcoin wallet and start pilfering funds via the SS7 flaws.

SS7 weaknesses, despite fixes being available for years, remain open. They allow anyone with access to that part of the telecoms backbone to send and receive messages to and from cellphones, with various attacks allowing silent interception of SMS texts, calls and location data. (Typically, the SS7 network is used by telecoms companies to talk with one another, normally for shifting customers between operators when roaming).

In their attack, the Positive researchers first went to Gmail, using Google’s service to find an email account with just a phone number. Once the email account was identified, the hackers initiated a password reset process, asking one-time authorization codes to be sent to the victim’s phone. By exploiting SS7 weaknesses they were able to intercept text messages containing those codes, allowing them to choose a new password and take control of the Gmail account. They could then simply head to the Coinbase website and do another password reset using the email they’d compromised.

«

SS7 has weaknesses, though it’s difficult to access; Positive got access “for research to help mobile operators make their networks more secure”. For hackers, slightly harder – but far from impossible.
link to this extract


The iPhone 8: a worthy refinement before the next generation • The New York Times

Farhad Manjoo:

»

So here’s my conclusion, after nearly a week testing the 8 and 8 Plus: The 8s feel like a swan song — or, to put it another way, they represent Apple’s platonic ideal of that first iPhone, an ultimate refinement before eternal retirement.

«

This is the perfect review. The platonic ideal of iPhone (2007-September 2017) reviews. OK, the actual piece is somewhat longer, but this says it beautifully.
link to this extract


watchOS 4: the BirchTree review • BirchTree

Matt Birchler:

»

I will say up front that this is not the same type of giant update like we got last year. While I have to acknowledge that it’s unreasonable to expect massive changes every year, watchOS is still a young platform and has a lot of room to grow. This contrast sums up much of my feelings towards watchOS 4. This is a satisfying update that improves on the previous version in almost every way, but it doesn’t move the needle as much as some, including myself, would like.

And it’s not just a matter of quantity over quality. watchOS 3 sported a huge list of improvements and I would argue 99% of them were objective improvements over what came before. watchOS 4 has a shorter list of new features, but I don’t think Apple’s success rate is as high as it was last year. They didn’t “blow it” on any specific feature, but there are definitely some questionable choices made this year that made me grumble more than a few times.

Of course you should update your Apple Watch if you own one, it’s free and makes the Apple Watch a better product than it was yesterday. But set your expectations properly because this release will make your Apple Watch better, but it will not change your life.

«

This is a thorough review; might not make a lot of sense if you don’t yet own a Watch. The Workout app rewrite looks like a particular improvement – the targets on the old one were too small for fat fingers. The change to the Dock (which now shows what you’ve previously used, not a set of apps you choose) seems retrograde – though Birchler has his own idea for why they changed it: because people weren’t using it.
link to this extract


Technology companies should publish political advertising files online • Sunlight Foundation

Alex Howard and John Wonderlich:

»

The United States of America has now fallen off the online disclosure cliff that Sunlight has warned of for years: the lack of transparency for political ad spending and related activity online created a significant vulnerability in our public accountability laws. While more transparency was rendered to TV stations, “dark ads” have flourished online. Last week’s reporting confirms that Facebook was used by Russians used to influence the 2016 election. The full extent of that interference is still not understood publicly, even now.

As we told Buzzfeed, highly targeted online ads now present a significant vulnerability for liberal democracies, especially since they are not covered by the comparatively strong legal oversight and public visibility that traditional radio, TV, and print ads are.

The Federal Communications Commission approved rules in 2016 that required TV stations and radio stations to publish their political advertising files online. This has added a digital twist to a decades-old requirement that political ad spending be publicly disclosed, in near real time, while technology companies, newly relevant as political ad vendors, continue to get a pass altogether from analogous public protections.

As the share of political advertising spent by campaigns on digital platforms grows, and more public time is spent on social networks, disclosure’s importance increases.

«

There’s no basis to disagree: people spend more time on social media than reading newspapers or watching TV news.
link to this extract


Toys ‘R’ Us seeks bankruptcy, crushed by debt and online rivals • Bloomberg

Dawn McCarty and Daniela Wei:

»

The bankruptcy filing is the latest blow to a brick-and-mortar retail industry reeling from store closures, sluggish mall traffic and the gravitational pull of Amazon.com Inc., which has revolutionized the way people consume with affordable online offerings and global home delivery service.

A dozen-plus major retailers have filed for creditor protection this year, including Payless Inc., Gymboree Corp. and Perfumania Holdings Inc., all of which are using the Chapter 11 process to close underperforming stores and expand online operations. 

The shakeout is also reverberating across American malls and shopping districts. More than 10% of U.S. retail space, or nearly 1 billion square feet, may need to be closed, converted to other uses or renegotiated for lower rent in coming years, according to data provided to Bloomberg by CoStar Group.

The troubles at Toys “R” Us come as retailers and suppliers ramp up for the all-important holiday shopping season. In an emailed statement, Mattel Inc. said, “As one of our most important retail partners, we are committed to supporting Toys ‘R’ Us and its management team as they work through this process, particularly as we approach the holiday season.”

The bankruptcy filing by the company also may have global implications, especially for Chinese toy manufacturers. Some 38% of the company’s revenue came from overseas markets in the latest fiscal year. “It’s a loss for the long-term benefit of the entire industry,” said Lun Leung, chairman of Hong Kong-based Lung Cheong Group, a toy supplier for Hasbro Inc. He said Toys “R” Us accounted for less than 5% of the group’s sales.

The company listed debt and assets of more than $1 billion each in Chapter 11 documents submitted Monday at the U.S. Bankruptcy Court in Richmond, Virginia. Prior to filing, the chain secured more than $3 billion in financing from lenders including a JPMorgan Chase & Co.-led bank syndicate and certain existing lenders to fund operations while it restructures, according to a company statement. The funding is subject to court approval.

«

Gradually, and then suddenly. The debt mattered – the leveraged buyout was in 2005, when dumping a ton of debt on a retail store looked reasonable. (Or not unreasonable.) Ten years later, it turns out to have been a calamitous decision. Financial analysts will be looking at the gearing (debt ratio) of lots of retailers from here.
link to this extract


Samsung’s Bixby button is structural bloatware • The Verge

Vlad Savov:

»

the most common reason for pressing the Bixby button to date has been an accidental click when people have wanted to turn the phone’s volume down (because the volume rocker is just above). The moment the Galaxy S8 was announced, prospective users were already asking if they could re-purpose the button to activate Google Assistant, but Samsung has resolutely and stringently denied them that possibility. The company’s present climbdown to just disable the button rather than allow us to use it otherwise is embarrassingly user-hostile.

Isn’t Bixby pushy enough even without the button? You can’t set up a Galaxy smartphone without being informed about Bixby and urged to sign up for the requisite Samsung account. Swipe left from the home screen and a sort of champagne-bubble animation kicks in as Bixby starts to wake… I usually swipe frantically back to the right to avoid further prompts. Most onerous of all is Samsung forcing its Bixby camera-assisting features on me every time I open the camera app. I gave in after just half a day trying to shoot photos for our Galaxy S8 review. So well done, Samsung, you forced your horrible piece of self-serving bloat on me, and in the process you extracted some additional personal information. Are you feeling proud of bullying your users into this?

I know that Google works on similar principles to those underpinning Samsung’s Bixby: make a new data-hungry feature a core part of the software and tirelessly nudge people into using it until they do. But the Google difference is that its services are actually superior and useful…

«

As he says, it’s indicative of a company which – despite charging premium prices for the phones with this built in – is at heart not user-centric. It’s product-centric.

Savov’s coda sums it up:

»

there’s not a human on Earth (that I know of, anyway) who is honestly lauding Bixby as a unique advantage. Most are just asking for it to go away, and for the newly vacant button to be customizable to our own preferences. Is that too much to ask when you spend hundreds of dollars on a phone?

«

What chance Bixby goes away in a year or two?
link to this extract


Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s