Submit a link Features Reviews Podcasts Video Forums More ▾

Mobile phone orchestra TV advertisement

I've seen several artists create "mobile phone orchestras" but I appreciate the multigenerational representation in this example made for SK Telecom, the South Korean wireless operator.

Samsung Galaxy back-door allows for over-the-air filesystem access


Developers from the Replicant project (a free Android offshoot) have documented a serious software back-door in Samsung's Android phones, which "provides remote access to the data stored on the device." They believe it is "likely" that the backdoor could provide "over-the-air remote control" to "access the phone's file system."

At issue is Samsung's proprietary IPC protocol, used in its modems. This protocol implements a set of commands called "RFS commands." The Replicant team says that it can't find "any particular legitimacy nor relevant use-case" for adding these commands, but adds that "it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back-door. Nevertheless, the result is the same and it allows the modem to access the phone's storage."

The Replicant site includes proof-of-concept sourcecode for a program that will access the file-system over the modem. Replicant has created a replacement for the relevant Samsung software that does not allow for back-door access.

Read the rest

Firefox OS and the unserved billions of the developing world

Last month, I wrote about the announcement of the $25 Firefox OS smartphone, aimed at developing world users who have never owned a smartphone and can't afford a high-end mobile device. An editorial by Pascal-Emmanuel Gobry describes how such a device could find an audience of billions, and spur a new ecosystem of developing world developers who make software that's geared not just to the Firefox OS platform, but also to the unique needs of people in the developing world.

The vision of Firefox OS is a contrast to the Zuckerberg plan to supply "Internet" to poor people in the form of an ad-subsidized, all-surveilling walled garden. As Susan Crawford says, "That's not the Internet -- that’s being fodder for someone else's ad-targeting business. That's entrenching and amplifying existing inequalities and contributing to poverty of imagination -- a crucial limitation on human life."

Asking whether the Internet is good or bad for freedom misses the point. It's clear that network technologies have the power to track and control their users, and the power to free and enrich them. The right question to ask is: "How do we get an Internet that does more for freedom?"

Firefox OS sounds like part of the answer.

Read the rest

King no longer claims to own "candy," still claims it owns "saga"

King Games, makers of Candy Crush, have backed down from their insane campaign to trademark the use of "Candy" in connection with games, a gambit that brought them ridicule and opprobrium (for example, a game jam where all the games made use of "candy"), not least because the company bullied competitors who had created candy-themed games years before Candy Crush came to market. However, the company still asserts a trademark over the use of the word "saga" in connection with games, and is trying to shut down The Banner Saga. Cory 21

Boeing's self-destructing, tamper-resistant spookphone: the Black


Boeing has sought regulatory approval from the FCC for a tamper-resistant phone intended to self-destruct if its case is opened. The phone, called "Black," runs Android, and is intended for use under the DoD Mobile Classified Capabilities guidelines. It will be sold with a nondisclosure agreement prohibiting tampering or service, and opening the case will trigger a system intended to wipe the phone's data.

Interestingly, it has a removable battery (something that's become increasingly scarce in smartphones). Best operational security practice holds that you should remove your phone's battery when you want to be sure that it's off, because any malware that turned your phone into a bug could also cause it to simulate being switched off while it remained running.

It's an intriguing technical problem. I'm intuitively skeptical of the security model. I can believe that this phone will be tamper-evident, but I don't know if it will be all that tamper-resistant. That is, it may be capable of preventing an attacker from surreptitiously opening the case to access the components, but how about an adversary willing to simply smash the screen to get at the components beneath?

The manufacturer could make a phone whose accelerometer tried to detect these events and wipe the device as a precaution, but I suspect there'd be a lot of spooks who'd end up cursing their self-destructing phones every time they butterfingered them while getting them out of a pocket while walking down the street. I'm pretty sure that I can use tools to remove my phone's screen in a way that generates less detectable stress than it receives during everyday knockabout and drops.

Read the rest

Mozilla's $25 Firefox smartphone: a free/open device for billions of new netizens


Mozilla's sub-$50 Firefox OS smartphones are aimed at countries like India and Indonesia, where devices costing hundreds of dollars are out of reach of hundreds of millions of people. The idea is to bring a smartphone running a free/open operating system that is optimized for Internet access to people who have no net connection at all today.

The phones are slow and only have a few apps, but they're infinitely more useful than a candybar-shaped "feature phone," and with their low pricetag, many people will be able to buy them outright, rather than being beholden to phone companies who subsidize handset purchases through long-term, abusive contracts; and they'll get online using devices that don't lock them into a single company's ecosystem for email, messaging, and apps.

Read the rest

Two Ubuntu phones with top apps in 2014

Canonical, the company that publishers Ubuntu (a free/open operating system based on GNU/Linux) has announced that it will ship two Ubuntu OS phones this year, in partnership with two manufacturers, one in Europe and one in China. The OS runs HTML5 apps, and the company is seeking to have the top 50 apps for Android and Ios ported to its phones before they go live. A 2013 crowdfunding drive raised over $12M in pledged pre-orders, but the company fell short of its $32M goal and refunded everyone's money. However, the $12M was apparently a sufficient demonstration of interest for at least some manufacturers. Cory 12

Ukraine government sends text to protesters: "Dear subscriber, you are registered as a participant in a mass disturbance"


Ukraine's dictatorship is revelling in its new, self-appointed dictatorial powers. The million-plus participants in the latest round of protests received a text-message from the government reading Dear subscriber, you are registered as a participant in a mass disturbance.

Read the rest

Teach your rooted Android phones to lie to apps about whether it's rooted

There's a funny paradox in rooting your Android phone. Once you take total control over your phone, some apps refuse to run, because they're trying to do something that treats you as untrusted. Now there's a utility called Rootcloak that lets you tell your rooted phone to lie to apps about whether it is rooted. It's both long overdue and a neat demonstration of what it means to be root on a computer. Cory 10

Supreme Court to rule on warrantless smartphone searches

The Supreme Court will hear a pair of cases that will set precedents on the expectation of privacy in your mobile devices. American police forces have treated smartphones are equivalent to a notebook -- something that can be thumbed through during a search without a special warrant. But your smartphone potentially holds thousands of photos, access to a lifetime of email, intimate conversations with family, friends (and attorneys!), passwords for dozens of services, and more. Warrantless smartphone searches might give police access to all the most intimate parts of your life -- if that isn't the sort of thing that courts should be overseeing, then what is?

Incidentally, this is a good argument for encrypted mobile device storage and strong mobile passwords.

Read the rest

Blackphone: a privacy-oriented, high-end, unlocked phone

Blackphone is a secure, privacy-oriented mobile phone company co-founded by PGP inventor Phil Zimmerman. It integrates a lot of the privacy functionality of Zimmerman's Silent Circle, which makes Android-based privacy tools (secure calls, messaging, storage and proxies). Blackphone also runs Android, with a skin that switches on all the security stuff by default. The company is based in Switzerland, whose government privacy rules are better than most. The phone itself is a high-end, unlocked GSM handset. No info on pricing yet, but pre-orders open in late February. I'm interested in whether the sourcecode for the Blackphone stack will be free, open, auditable and transparent. If it is, I will certainly order one of these for myself and report here on its performance.

Read the rest

When the FBI asks you to weaken your security so it can spy on your users


Nico Sell is the CEO of Wickr, a privacy-oriented mobile messaging system that's been deliberately designed so that the company can't spy on its users, even if they're ordered to do so. As we know from the Snowden leaks, spooks hate this kind of thing, and spend $250M/year sabotaging security so that they can spy on everyone, all the time.

After a recent presentation, she was approached by an FBI agent who asked her if she'd put a back-door into Wickr.

Read the rest

Facial recognition mobile app


A new mobile app called "Nametag" adds facial recognition to phone photos; take a pic of someone and feed it to the app and the app will search Facebook, Twitter, sex offender registries and (if you'd like) dating sites to try and put a name to the face. Kevin Alan Tussy, speaking for Facialnetwork (who make Nametag) promises that this won't be a privacy problem, because "it's about connecting people that want to be connected."

Read the rest

HOWTO delete your smartphone's fine-grained log of everywhere you've been

If you have an Android or Ios smartphone, it defaults to storing the history of all the places you go, at a very fine resolution, for a very long time, and mirrors that data on remote servers from which it might be leaked or subpoenaed. Lifehacker has a great tutorial on deleting your Location History and turning off future logging of your location. They cover both Ios and Android. I just did my devices, and it was very easy.

Read the rest

Google yanks vital Android privacy feature

Well, that didn't take long: shortly after Google added a new Android feature that let you deny apps access to your sensitive personal data, they have revoked it. This is frankly terrible, and the Electronic Frontier Foundation's Peter Eckersley has some very pointed commentary, recommendations for Android customers, and advice for Google:

Read the rest