UPDATE: Rebelfone contacted me and said they are waiting to find out from the overseas SIM card companies whether or not I used the SIM cards. If they determine that I did not use them, they will presumably refund my money. I will keep you updated.
UPDATE 8/26/2013: Chris from Rebelfone's support team emailed me the following message:
"As per your telephonic conversation, I am gratified to confirm that the management has approved refund for the 3 Mifi units which malfunctioned. I request you to remove the blog. The credit will be applied upon our agreement that no further dispute or disparagement shall be made against Rebelfone regarding this matter.
I replied: "Thank you for offering the refund. I will make a note on the blog post that the refund was issued. However, I will not remove the blog post."
UPDATE 10/8/2013: As of 10/8/2013 I have not received a refund.
UPDATE 10/9/2013: Chris from Rebelfone's support team emailed me the following message:
Thank you for your patience. We have credited $119.06 to your credit card, against three malfunctioned devices.
I went to Tokyo in June. Before I left, I made plans to get wireless Internet so I could make Skype calls, use an online map, take Instagram photos, and do email while I was away from the hotel. My iPhone is under contract with AT&T, and they have an international cellular data plan that costs $120 for 800MB. I considered it, but I wanted to see if I could find a better deal.
After some searching, I found a highly-praised company called b-mobile, which offers a "Visitor SIM" -- it's a pre-activated 1GB card advertised as being "perfect for Skype." B-mobile offered Narita airport pickup or delivery to a hotel. The price was ¥3,980 (US$40). Earlier, I'd purchased an unlocked Samsung Galaxy Pocket Android phone for $100, which I planned on using with the SIM card in Japan. (My iPhone is under contact and locked from using 3rd party SIMs.)
When I arrived at my hotel in Shinjuku, my b-mobile SIM card was waiting for me in a little envelope with clear English instructions. I popped it into the Android phone, followed the instructions, and within a minute or two I was online. I set the phone up as a Wi-Fi hotspot and my iPhone had no problem connecting to it. For the rest of my stay in Tokyo, I had access to high-speed Internet everywhere I went. It was great.
Now for my second experience, the awful one.
Read the rest
Billy Lau and Yeongjin Jang from Georgia Institute of Technology have presented a demo at Black Hat of a way of stealthily compromising Iphones and other Ios devices with gimmicked chargers. The devices need to be unlocked -- either having no unlock code to begin with, or unlocked by the user after connection -- but apart from that, the device can compromise any Ios device.
Read the rest
The Free Software Foundation is fundraising for Replicant, its fully free and open version of the Android operating system, in which all the restrictively licensed elements have been replaced with functionally equivalent components made from free software. I've just donated -- I love the idea of fully free OSes; they are frequently the best of breed, and even when they lag, they represent huge competitive pressure on proprietary and semi-proprietary vendors to be more free and open.
Read the rest
Justin Engler and Paul Vines will demo a robot called the Robotic Reconfigurable Button Basher (R2B2) at Defcon; it can work its way through every numeric screen-lock Android password in 19 hours. They built for for less than $200, including the 3D printed parts. It doesn't work on screen-patterns (they're working on that) nor on Ios devices (which exponentially increase the lockout times between unsuccessful password attempts). They're also whomping up new versions that can simulate screen-taps with electrodes, which will run much faster. They're also working on versions that can work against hotel-room safes, ATMs, and other PIN-pad devices. It's a good argument for a longer PIN (six-digit PINs take 80 days to crack), and for using robust and random PINs (26% of users use one of 20 PINs).
Read the rest
Canonical, the company that leads and maintains Ubuntu (the free operating system I use for everything), is looking to raise $32M on Ind-yGoGo in order to build a phone called the Ubuntu Edge, which will be "a phone that’s designed from the ground up to be a PC as well." It's a beautiful looking device, and I've got confidence that Ubuntu can do unique and important things with mobile phone operating systems (it will dual-boot Ubuntu and Android). The phone is meant to be powerful enough to serve as your desktop PC -- just plug it into a monitor, keyboard and mouse.
Crafted from cool, textured amorphous metal, the Edge has a distinctive, precise look but its rakishly chamfered edges are shaped to fit naturally in the palm -- our design prototype already has a wonderfully solid feel. It’s the right size, too. Edge gestures are the next big thing in mobile, and our testing has found that a 4.5in screen is ideal for comfortable control of all four edges with one hand.
We also believe the race for ever higher resolution has become a distraction. Beyond 300ppi you’re adding overhead rather than improving display clarity. We think colour, brightness and dynamic range are now the edge of invention so we’ll choose a display for its balance of resolution, dynamic range and colour accuracy.
We’ll protect that gorgeous display with something vastly tougher than glass: pure sapphire crystal, a material so hard only diamond could scratch it. For a phone to run a full desktop OS, it must have the raw power of a PC. We’ll choose the fastest available multi-core processor, at least 4GB of RAM and a massive 128GB of storage. The battery will use silicon-anode technology, so we can squeeze more energy into the same dimensions.
The rewards are pretty steeply pitched: $20 gets you a good feeling and $600 gets you a phone, with nothing inbetween. But $600 sounds like a deal for a phone that doubles as a laptop. As with all crowdfunded projects, you need to be aware that they may raise a lot of money and produce no hardware, though Canonical has a good reputation for shipping on time.
Security researcher Karsten Nohl has shown that if you send some mobile phones an SMS that appears to originate with the phone company, the phone will SMS back an error message containing sensitive info about its SIM. With this info, you can send another SMS that terminally compromises the phone, giving the attacker the ability to listen in on calls, read texts, and impersonate the phone's owner. He disclosed the vulnerability to the GSM association early, and on August 1 he'll present his work at Black Hat in Las Vegas. At the root of the problem is a reliance on an older, compromised form of crypto, DES:
For each message, the network and the phone verify their identities by comparing digital signatures. The message sent by Mr. Nohl deliberately used a false signature for the network. In three-quarters of messages sent to mobile phones using D.E.S. encryption, the handset recognized the false signature and ended communication.
But in a quarter of cases, the phone broke off the communication and sent an error message back to Mr. Nohl that included its own encrypted digital signature. The communication provided Mr. Nohl with enough information to derive the SIM card’s digital key.
Mr. Nohl said he had advised the GSM Association and chip makers to use better filtering technology to block the kind of messages he had sent. He also advised operators to phase out SIM cards using D.E.S. encryption in favor of newer standards. He added that consumers using SIM cards more than three years old should get new cards from their carriers.
Encryption Flaw Makes Phones Possible Accomplices in Theft
(Image: MTN SIM card, a Creative Commons Attribution Share-Alike (2.0) image from warrenski's photostream)
Dave sez, "Yarrly is an anonymous, remixable two-panel meme generator for Android. Users can make a Yarrly, and then it becomes as public as they make it by where they chose to share it. It's entirely anonymous - there are no profiles or login. Where it gets interesting is any Yarrly can be remixed by anyone who sees it - they can open the existing Yarrly on their phone, change up the images and text and send that on. It means you end up with remixes upon remixes as a meme morphs and changes as it builds. It's predictably dominated by cats during launch but it's a lovely little experiment in no-social and builds on the creators love of memes and remix culture. It was built in London over the last few months by Dave Ganly & Holly Clarke in their spare time."
Peter Biddle, who helped invent trusted computing when he was at Microsoft, discusses the serious Android security bug
that was just reported. It's a good, short read, and most alarming is the news that Google's had information on this critical bug since February: "The entire value of a chain of trust is that you are limiting the surface area of vulnerability to the code-signing and hashing itself. This bug, if it’s as described, destroys the chain."
The USB Hub Plus Smartphone Stand is a phone-stand that connects to Android or iPhones and then (somehow) allows them to access files stored on other USB drives connected to the hub. No idea if this is any good, but at $11, it may be worth a flutter. I'd be interested in knowing whether this would also allow a mouse and/or keyboard to talk to the phone.
USB Hub Plus Smartphone Stand
(via Red Ferret)
Ben Lincoln discovered that his Motorola Droid X2 was silently sending an enormous amount of private, sensitive information to Motorola
, without permission -- much of it without any encryption. He carefully documented the scope of the leaks, and gave the steps necessary to repeat his work. It's a terrible, and potentially criminal, design decision by Motorola, and demands full disclosure from the company and full investigation by independent researchers. (via /.
Stay Mayor is a free Android game based on the horrifying, hilarious misadventures of Toronto Mayor Rob "Laughable Bumblefuck" Ford. In order to win, you play the mayor "as he flees from reporters, avoids crack pipes, and tries to pick up as much cash as possible in order to buy the alleged video before Gawker gets it. The player can pick up footballs along the way and lob them at nasty cameramen who try to get in the mayor's way."
And what happens if the mayor run into too many cameras or crack pipes?
“He slows down, then eventually the media scrum overtakes him. The metaphor is that he has to deal with the media now, which is probably his worst nightmare,” Mr. McEvoy said.
The player then sees a sad screen that says "bunch of maggots," he added.
Cheeky video game takes on troubles of Toronto Mayor Rob Ford [Ann Hui/Globe and Mail]
Back in May, Mark wrote about a Kickstarter project to fund a mobile app that will help you locate the hidden entrances to Malibu's public beaches, which the local rich and famous people have done everything they can to obscure (including putting up illegal fake signs that falsely declare passage to be trespassing).
The Kickstarter was fully funded and the app is out, and the public is finding its way to Malibu's public beaches, which is great news -- unless you're one of those people who's spent decades treating a public beach as your own private patch. Local residents are pissed:
“I don’t think it’s a snobby thing. It’s like letting someone into your backyard. You’re paying for the beach house and the property you own is technically the beach in front of your house,” said Emma Ravdin.
Battle Over Access To Malibu Beaches Goes High-Tech With New App [CBS]
Over at our sponsor Intel's LifeScoop site, I wrote about playing classic, free text adventure games on your smartphone. From "Adventures in Text Adventures
When I was a youngster, I devoured a series of books called Choose Your Own Adventure. Launched in the late 1970s, these books, geared toward middle-schoolers, literally put “you” at the center of the story, as a spy, detective, scientist, or the like. Every few pages, you, as the protagonist, would make choices leading you to specific pages and ultimately one of dozens of endings to the tale. Even though the choices were necessarily limited by the pre-written pages, the books were compelling and surprisingly immersive. Once I got my hands on my first personal computer, a Texas Instruments 99-4, it was a natural progression to the realm of text adventure games. I started with Pirate Adventure… Yoho!
"Adventures in Text Adventures
Apple apparently has the power to decrypt iPhone storage in response to law-enforcement requests, though they won't say how. Google can remotely "reset the password" for a phone for cops, too:
Last year, leaked training materials prepared by the Sacramento sheriff's office included a form that would require Apple to "assist law enforcement agents" with "bypassing the cell phone user's passcode so that the agents may search the iPhone." Google takes a more privacy-protective approach: it "resets the password and further provides the reset password to law enforcement," the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised.
Ginger Colbrun, ATF's public affairs chief, told CNET that "ATF cannot discuss specifics of ongoing investigations or litigation. ATF follows federal law and DOJ/department-wide policy on access to all communication devices."
...The ATF's Maynard said in an affidavit for the Kentucky case that Apple "has the capabilities to bypass the security software" and "download the contents of the phone to an external memory device." Chang, the Apple legal specialist, told him that "once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive" and delivered to the ATF.
It's not clear whether that means Apple has created a backdoor for police -- which has been the topic of speculation in the past -- whether the company has custom hardware that's faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET.
It's not clear to me from the above whether Google "resetting the password" for Android devices merely bypasses the lock-screen or actually decrypts the mass storage on the phone if it has been encrypted.
I also wonder if the "decryption" Apple undertakes relies on people habitually using short passwords for their phones -- the alternative being a lot of screen-typing in order to place a call.
Apple deluged by police demands to decrypt iPhones [Declan McCullagh/CNet]
Brian Coleman, a former Conservative mayor and concillor has admitted to assaulting a constituent who was video-recording him while he parked illegally to use an ATM. Coleman had been unpopular for passing strict parking rules, and the woman whom he assaulted was a local parking campaigner.
Coleman, of Essex Road in Finchley, was ordered to pay £1,385, including a £270 fine, prosecution costs of £850 and £250 to the victim as compensation.
Ms Michael, 50, a mother-of-two, who suffered injuries including scratches to her wrist and soreness to her shoulder and chest, called on Coleman to resign.
She said: "[I was] looking at my phone and all of a sudden he's upon me, it was pure shock.
"I think he's bullied and intimidated people for a long long time and I think he has now got what has been long overdue."
Barnet Councillor Brian Coleman admits parking row attack [BBC]