Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever


The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest

The FCC helped create the Stingray problem, now it needs to fix it


An outstanding post on the EFF's Deeplinks blog by my colleague Ernesto Falcon explains the negligent chain of events that led us into the Stingray disaster, where whole cities are being blanketed in continuous location surveillance, without warrants, public consultation, or due process, thanks to the prevalence of "IMSI catchers" ("Stingrays," "Dirtboxes," "cell-site simulators," etc) that spy indiscriminately on anyone carrying a cellular phone -- something the FCC had a duty to prevent. Read the rest

I have found a secret tunnel that runs underneath the phone companies and emerges in paradise


Calyx is a famous, heroic, radical ISP that has been involved in groundbreaking litigation -- they were the first company to ever get a secret Patriot Act warrant unsealed, fighting for 11 years to overturn the gag order. Read the rest

Wishlist for the ultimate music phone


DJ Jesse Jarnow polled a bunch of "hardcore music nerds" to get their feature wish-list for a music-centric phone for Wired; here's what I suggested: Read the rest

Xiaomi phones are pre-backdoored; your apps can be silently overwritten


Thijs Broenink audited the AnalyticsCore.apk app that ships pre-installed on all Xiaomi phones (Xiaomi has their own Android fork with a different set of preinstalled apps) and discovered that the app, which seemingly serves no useful purpose, allows the manufacturer to silently install other code on your phone, with unlimited privileges and access. Read the rest

Leaked Stingray manual shows how easy warrantless mass surveillance can be!


The Intercept has got hold of a set of Harris's super-secretive manuals for their even-more-secret Stingray devices: fake cellular towers used to spy indiscriminately on whole populations by hacking their cellphones into giving up identifying information and more. Read the rest

The “Emergency Mode” Every Smartphone Should Have

An emergency phone sign is seen next to the euro sculpture outside headquarters of the European Central Bank  in Frankfurt
Most phones already come equipped with an Airplane Mode for flights, a Do Not Disturb mode for watching movies or ignoring people, and a Low Power mode for when your battery is about to die. But what happens when you’re in an emergency? Read the rest

Thai telcoms regulator wants tourists to use location-tracking SIMs


Thailand’s National Broadcasting and Telecommunications Commission has proposed issuing tracking-chips to all visitors to the country, which would allow the government to monitor the movements of all foreign nationals while in-country, in order to "locate them which will help if there are some tourists who overstay or run away (from police)." Read the rest

Web companies can track you -- and price-gouge you -- based on your battery life


In Online tracking: A 1-million-site measurement and analysis, eminent Princeton security researchers Steven Englehardt and Arvind Narayanan document the use of device battery levels -- accessible both through mobile platform APIs and HTML5 calls -- to track and identify users who are blocking cookies and other methods of tracking. Read the rest

Ed Snowden and Andrew "bunnie" Huang announce a malware-detecting smartphone case


Exiled NSA whistleblower Edward Snowden and legendary hardware hacker Andrew bunnie" Huang have published a paper detailing their new "introspection engine" for the Iphone, an external hardware case that clips over the phone and probes its internal components with a miniature oscilloscope that reads all the radio traffic in and out of the device to see whether malicious software is secretly keeping the radio on after you put it in airplane mode. Read the rest

Baseband vulnerability could mean undetectable, unblockable attacks on mobile phones


The baseband firmware in your phone is the outermost layer of software, the "bare metal" code that has to be implicitly trusted by the phone's operating system and apps to work; a flaw in that firmware means that attackers can do scary things to your hone that the phone itself can't detect or defend against. Read the rest

Motorola's snap-fit magnetic puzzle-phone looks promising


The Moto Z phone uses a system of magnetically aligned components that snap on and off to add functionality, from high-quality speakers to extra batteries to a projector. Read the rest

Simulation of live mobile internet stats

This simulation of live mobile internet stats offers a sense of scale: there are millions of concurrent Google searches, and, every minute, about half a million photos posted on WhatsApp, 3,000 smartphones sold (roughly half from Samsung and Apple), 35m messages sent on Facebook, and 40m emails opened. It is a marketing infographic, take heed, but it does conclude "Heck some people think smartphones are the gateway to transhumanism, where one day we will fully merge with machines!", which is nice. Read the rest

To see the future, visit the most remote areas of the GBAO


Jan Chipchase travelled 7,100km through the Gorno-Badakhshan Autonomous Region (GBAO) ("a remote, sparsely populated, mostly Pamiri, Kyrgyz-speaking region of Tajikistan") with only a small piece of hand luggage, and in those rugged, beautiful mountains, discovered 61 glimpses of the future. Read the rest

Pokemon Go privacy rules are terrible (just like all your other apps)


Pokemon Go wants access to your Google account (and thus your email and Google Docs) and its privacy policy is a Kafka-esque nightmare document that lets them collect every single imaginable piece of private information about your life and share it with pretty much anyone they want to, forever. Read the rest

The week in Pokemon: home invasions, armed robbery, police militarization


Pokemon Go is the game of the summer: the first really successful alternate reality game that mashes up crowdsourced maps, in-phone cameras, seriously addictive game mechanics, and (of course) a free-to-play/cash-to-accelerate slot machine mechanic that children wouldn't be allowed to stand near if it were in a casino -- in less than a week, it's lifted Nintendo's stock price by 10% and been implicated in any number of bizarre news stories: Read the rest

Universal, CC-licensed mobile phone charging dock


Eirik writes, "I like those old charging docks for mobile phones. But the problem is that you need to buy a new one every time your phone change. And it won't fit if you use a cover on your phone. So I just designed a dock that can be adapted to almost any phone." Read the rest

More posts