Wired visits Dillon Marsh's photos of cellphone masts (badly) disguised as trees, and asks why they even bother.
“There were already a wide variety of designs by the time I started photographing,” says Marsh, who completed the project over six months in 2009. “The designs loosely mimic trees that are found in the local environment.”
Meanwhile, in the American Southwest, fledgling company Larson Camouflage was responding to similar style-sensitive network companies. Larson makes scores of different “trees” but it kicked everything off in 1992 with a naturalistic pine that concealed a disagreeable cell tower in Denver, Colorado. To dress up a cell tower in plastic foliage can cost up to $150,000, four times the cost of a naked mast. Marsh is skeptical about the need for high-tech camouflage.
“Even though the gesture is well-meaning, in many cases the result seems clumsy and unconvincing,” he says of the South African technoflora. “Most people don’t feel strongly positive or negative about them, but simply view them as a curiosity.”
This is alarming, if true: according to a group of German security researchers at the University of Erlangen, if you put a locked, encrypted Android phone in the freezer for an hour and then quickly reboot it and plug it into a laptop, the memory will retain enough charge to stay decrypted, and can boot up into a custom OS that can recover the keys and boot the phone up with all the files available in the clear. The attack is called FROST: "Forensic Recovery Of Scrambled Telephones," and it requires a phone with an unlocked bootloader to work.
At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance other than bruteforce is lost to recover data.
We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung. To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking. However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.
Wikimedia's Wikipedia Zero project will let people look up Wikipedia articles using text-messages. This will bring Wikipedia to billions of people who lack smartphones:
We want to enable access to free knowledge for every last human being. For many readers in developing countries, their primary (and often only) access to the internet is via mobile. However, barriers exist that can prevent users from reading Wikipedia and accessing free knowledge on their mobile devices.
Cost - While handset prices have reduced sharply around the world, data costs are still prohibitively expensive for many users. From the 2010 mobile readers' survey, for example, we saw that 21% of users listed "too much data usage" as a critical barrier to access. That number rises dramatically when we consider people who have capable devices, but are not even yet mobile readers. We need to remove the cost of data as a deterrent to reading Wikipedia.
Speed - The mobile survey also pointed out that speed of connection is the top barrier (44% of users) for using Wikipedia on a mobile phone. Therefore, we need to offset this barrier by offering an experience that loads faster.
There are two outcomes to this. First, new readers will be encouraged to access free knowledge for the first time, knowing that the barriers are low. Second, existing readers will not be obstructed from accessing knowledge when they need and want it.
Derek Khanna (the GOP staffer who got fired after penning an eminently sensible paper on copyright policy) sez, "The White House Petition to reverse the decision to ban unlocking cellphones is at 72,000 signatures, but it needs to get to 100,000 signatures by February 24, 2013. On Friday Representative DeFazio tweeted in favor of reform - read the article about new prohibition on unlocking your own cellphone here."
Here's a video of Ang Cui and Michael Costello's Hacking Cisco Phones talk at the 29th Chaos Communications Congress in BerlinHamburg. Cui gave a show-stealing talk last year on hacking HP printers, showing that he could turn your printer into a inside-the-firewall spy that systematically breaks vulnerable machines on your network, just by getting you to print out a document.
Cui's HP talk showed how HP had relied upon the idea that no one would ever want to hack a printer as its primary security. With Cisco, he's looking at a device that was designed with security in mind. The means by which he broke the phone's security is much more clever, and makes a fascinating case-study into the cat-and-mouse of system security.
Even more interesting is the discussion of what happened when Cui disclosed to Cisco, and how Cisco flubbed the patch they released to keep his exploit from working, and the social issues around convincing people that phones matter.
We discuss a set of 0-day kernel vulnerabilities in CNU (Cisco Native Unix), the operating system that powers all Cisco TNP IP phones. We demonstrate the reliable exploitation of all Cisco TNP phones via multiple vulnerabilities found in the CNU kernel. We demonstrate practical covert surveillance using constant, stealthy exfiltration of microphone data via a number of covert channels. We also demonstrate the worm-like propagation of our CNU malware, which can quickly compromise all vulnerable Cisco phones on the network. We discuss the feasibility of our attacks given physical access, internal network access and remote access across the internet. Lastly, we built on last year's presentation by discussing the feasibility of exploiting Cisco phones from compromised HP printers and vice versa.
We present the hardware and software reverse-engineering process which led to the discovery of the vulnerabilities described below. We also present methods of exploiting the following vulnerabilities remotely.
A high-end Chinese electronics company called Oppo has announced a super-deluxe, $500 5-inch Android phone called the Find 5, with some amazing specs:
As the name suggests, the Find 5 has a 5-inch display with a 1080p display, something we saw on the impressive HTC Droid DNA. Inside of the Find 5′s sharply designed chassis, you’ll find Qualcomm’s speedy quad-core Snapdragon S4 Pro processor, 2GB of RAM, 16 gigs of storage and an NFC chip. Yes, the Droid DNA has the same internals. But Oppo one-ups that handset by giving the Find 5 a 13-megapixel rear shooter. There’s a 1.9-megapixel camera up front.
The phone uses Google’s Android 4.1 Jelly Bean operating system and, like Google’s Nexus 4, will run on HSPA+ and GSM networks but not LTE.
Brazilian organized crime investigators intercepted several interminable conference calls made by crime gangs, some of whose members were in prison, but were able to participate thanks to smuggled cellular phones. You'd think that being a crook would mean freedom from crushing bureaucracy, but you'd be wrong.
A Federal Police recording recently heard by Folha de Sao Paulo involves a 10-hour discussion between five members of the First Capital Command (PCC) gang. The conversation involved two inmates and three gang members based outside of the prison. According to the newspaper, the talk was all business: topics included trafficking drugs to Paraguay and Bolivia, and the distribution of marijuana and cocaine inside Brazil.
The call, recorded on February 10, 2011, was one of many recorded between October 2010 and May 2012 as part of an ongoing investigation known as Operation Leviatã, targeting organized crime in Sao Paulo. The Ministry of Justice, which is currently processing the recordings, said that on average such conference calls involve four gang members, although recordings illustrate that as many nine gang members have taken part in a single call.
Olga sez, "On Thanksgiving, I got chosen by the Listserve (the email lottery!) to send an email to 21,632 people. I decided to ask them to call a Google Voicemail number, and answer the secret question I left on the answering message.
The result is hundreds of strangers leaving me poignant, funny, and often heart-breaking audio recordings of their memories.
It's like peeking into someone's closet, full of an infinite number of secret stories.
(The phone number is still working. You can call it to leave your memories here: 1.415.857.0589.)"
On the Vintage Ads LJ group, Uptown Girl has assembled a collection of AT&T ads spanning 80 years, including this wonderful, boasting 2-page spread from 1971 that's all about how bad-ass the new payphone designs are.
The "PX1020 Easy Hang Up" is a device for people who a) still have landlines and b) hate phone solicitors. Simply press the button and hang up, and the person on the other end is played a pre-recorded message (for example, you, telling them to remove you from their list). There's something attractive about the sheer bloodymindedness of this device. It reminds me of my autoresponder for crazy people who send in hatemail ("Dear upset person, my apologies that something I wrote upset you so much. Please feel free to read someone else, and/or discuss this in depth with your therapist. Please don't email me again. Thanks, Cory.")