Group items tagged

"We are fast entering a world where mass-market mobile devices consume thousands of megabytes each month," FCC Chairman Julius Genachowski warned at CTIA Wireless yesterday. "So we must ask: what happens when every mobile user has an iPhone, a Palm Pre, a BlackBerry Tour, or whatever the next device is? What happens when we quadruple the number of subscribers with mobile broadband on their laptops or netbooks?"The short answer: We will need a lot more spectrum."

The NSA and Britain's GCHQ hacked the world's biggest SIM card maker to harvest the encryption keys needed to silently and effortlessly eavesdrop on potentially millions of people. That's according to documents obtained by surveillance whistleblower Edward Snowden and leaked to the web on Thursday. "Wow. This is huge – it's one of the most significant findings of the Snowden files so far," computer security guru Bruce Schneier told The Register this afternoon. "We always knew that they would occasionally steal SIM keys. But all of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can." The damning slides, published by Snowden's chums at The Intercept, detail the activities of the as-yet unheard-of Mobile Handset Exploitation Team (MHET), run by the US and UK. The group targeted Gemalto, which churns out about two billion SIM cards each year for use around the world, and targeted it in an operation dubbed DAPINO GAMMA.

Gemalto's hacking may also bring into question some of its other security products as well. The company supplies chips for electronic passports issued by the US, Singapore, India, and many European states, and is also involved in the NFC and mobile banking sector. It's important to note that this is useful for tracking the phone activity of a target, but the mobile user can still use encryption on the handset itself to ensure that some communications remain private. "Ironically one of your best defenses against a hijacked SIM is to use software encryption," Jon Callas, CTO of encrypted chat biz Silent Circle told The Register. "In our case there's a TCP/IP cloud between Alice and Bob and that can deal with compromised routers along the path as well as SIM issues, and the same applies to similar mobile software."

On Wednesday the UK government admitted that its intelligence agencies had in fact broken the ECHR when spying on communications between lawyers and those suing the British state, so GCHQ might want to reconsider that statement.

Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.Verizon apparently created this mechanism to expand their advertising programs, but it has privacy implications far beyond those programs. Indeed, while we're concerned about Verizon's own use of the header, we're even more worried about what it allows others to find out about Verizon users. The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy. Worse still, Verizon doesn't let users turn off this "feature." In fact, it functions even if you use a private browsing mode or clear your cookies. You can test whether the header is injected in your traffic by visiting lessonslearned.org/sniff or amibeingtracked.com over a cell data connection.How X-UIDH Works, and Why It's a Problem

To compound the problem, the header also affects more than just web browsers. Mobile apps that send HTTP requests will also have the header inserted. This means that users' behavior in apps can be correlated with their behavior on the web, which would be difficult or impossible without the header. Verizon describes this as a key benefit of using their system. But Verizon bypasses the 'Limit Ad Tracking' settings in iOS and Android that are specifically intended to limit abuse of unique identifiers by mobile apps.

Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers.

Under the Fourth Amendment, Americans are protected from unreasonable searches and seizures, but according to one group of federal prosecutors, just being in the wrong house at the wrong time is cause enough to make every single person inside provide their fingerprints and unlock their phones.Back in 2014, a Virginia Circuit Court ruled that while suspects cannot be forced to provide phone passcodes, biometric data like fingerprints doesn’t have the same constitutional protection. Since then, multiple law enforcement agencies have tried to force individual suspects to unlock their phones with their fingers, but none have claimed the sweeping authority found in a Justice Department memorandum recently uncovered by Forbes.

In the court document filed earlier this year, federal prosecutors in California argued that a warrant for a mass finger-unlocking was constitutionally sound even though “the government does not know ahead of time the identity of every digital device or every fingerprint (or indeed, every other piece of evidence) that it will find in the search” because “it has demonstrated probable cause that evidence may exist at the search location.” Criminal defense lawyer Marina Medvin, however, disagreed. Advertisement Advertisement “They want the ability to get a warrant on the assumption that they will learn more after they have a warrant,” Medvin told Forbes. “This would be an unbelievably audacious abuse of power if it were permitted.”Unfortunately, other documents related to the case were not publicly available, so its unclear if the search was actually executed. Even so, Medvin believes the memorandum sets a deeply troubling precedent, using older case law regarding the collection of fingerprint evidence to request complete access to the “amazing amount of information” found on a cellphone.

With his shaggy, sandy blond hair and a 5-o'clock shadow, Mark Rolston, the creative director for Frog Design, has studied technology for the better part of two decades. As he sees it, smartphones are just about out of evolutionary advances. Sure, form factors and materials might alter as manufacturers grasp for differentiating design, but in terms of innovative leaps, Rolston says, "we're at the end of gross innovation for smartphones." That isn't to say smartphones are dead or obsolete. Just the contrary. As Rolston and other future thinkers who study the mobile space conclude, smartphones will become increasingly impactful in interacting with our surrounding world, but more as one smaller piece of a much large, interconnected puzzle abuzz with data transfer and information. We'll certainly see more crazy camera software and NFC features everywhere, but there's much, much more to look forward to besides.

You may have never given two thoughts to the sensors that come on you smartphone. They don't mind. They're still there anyway, computing data on your phone's movement and speed, rotation, and lighting conditions. These under-appreciated components -- the gyroscope, accelerometer, magnetometer, and so forth -- are starting to get more friends in the neighborhood. Samsung, for instance, slipped pressure, temperature, and humidity sniffers into the Galaxy S4. They may not be the sexiest feature in your phone, but in the future, sensors like accelerometers will be able to collect and report much more detailed information.

If you've made it here, you'll start seeing a general theme: in the forward-looking smartphone environment of our future, our devices are anything but isolated. Instead, smartphones will come with more components and communications tools to interact more than ever before with people and other devices. We already see some communication with Wi-Fi Direct, Bluetooth, and NFC communications protocols, plus newcomers like the Miracast standard. In short, the kind of innovation we see in the mobile space may have more to do with getting your smartphone to communicate with other computing devices in the ecosystem than it will have with how many megapixels or ultrapixels your camera lens possesses or what kind of leather was used to finish the chassis.

In the trove of documents provided by former National Security Agency contractor Edward Snowden is a treasure. It begins with a riddle: “What do the President of Pakistan, a cigar smuggler, an arms dealer, a counterterrorism target, and a combatting proliferation target have in common? They all used their everyday GSM phone during a flight.” This riddle appeared in 2010 in SIDtoday, the internal newsletter of the NSA’s Signals Intelligence Directorate, or SID, and it was classified “top secret.” It announced the emergence of a new field of espionage that had not yet been explored: the interception of data from phone calls made on board civil aircraft. In a separate internal document from a year earlier, the NSA reported that 50,000 people had already used their mobile phones in flight as of December 2008, a figure that rose to 100,000 by February 2009. The NSA attributed the increase to “more planes equipped with in-flight GSM capability, less fear that a plane will crash due to making/receiving a call, not as expensive as people thought.” The sky seemed to belong to the agency.

Lucky residents of Wilmington, N.C., will be the first in the nation to have access to a "Super Wi-Fi" network. Officials from New Hanover County, N.C., announced today that they had become the first in the United States to deploy a mobile data network on so-called "white spaces" spectrum that the Federal Communications Commission first authorized for unlicensed use in 2008. The county was able to make a quick transition in using the spectrum for a mobile data network because it was the first to successfully transition from analog to digital television.

"Super Wi-Fi" is essentially a buzzword created by the FCC to describe mobile data networks that run over the white spaces spectrum. The spectrum band's low frequency allows for signals to travel farther and penetrate more walls than traditional Wi-Fi networks.

Static blocks of text like the one you’re looking at now are an antiquated and inefficient way to get words into your head. That’s the contention of Boston-based startup Spritz, which has developed a speed-reading text box that shows no more than 13 characters at a time. The Spritz box flashes words at you in quick succession so you don’t have to move your eyes around a page, and in my very quick testing it allowed me to read at more than double my usual reading pace. Spritz has teamed up with Samsung to integrate its speed reading functionality with the upcoming Galaxy S5 smartphone. The written word, after 8,000 or so years, is still an extremely effective way to get a message from one mind into the minds of others. But even with the advent of the digital age and decades of usability work, font and layout development, we’re still nowhere near optimal efficiency with it yet.

One security start-up that had an encounter with the FBI was Wickr, a privacy-forward text messaging app for the iPhone with an Android version in private beta. Wickr's co-founder Nico Sell told CNET at Defcon, "Wickr has been approached by the FBI and asked for a backdoor. We said, 'No.'" The mistrust runs deep. "Even if [the NSA] stood up tomorrow and said that [they] have eliminated these programs," said Marlinspike, "How could we believe them? How can we believe that anything they say is true?" Where does security innovation go next? The immediate future of information security innovation most likely lies in software that provides an existing service but with heightened privacy protections, such as webmail that doesn't mine you for personal data.

Wickr's Sell thinks that her company has hit upon a privacy innovation that a few others are also doing, but many will soon follow: the company itself doesn't store user data. "[The FBI] would have to force us to build a new app. With the current app there's no way," she said, that they could incorporate backdoor access to Wickr users' texts or metadata. "Even if you trust the NSA 100 percent that they're going to use [your data] correctly," Sell said, "Do you trust that they're going to be able to keep it safe from hackers? What if somebody gets that database and posts it online?" To that end, she said, people will start seeing privacy innovation for services that don't currently provide it. Calling it "social networks 2.0," she said that social network competitors will arise that do a better job of protecting their customer's privacy and predicted that some that succeed will do so because of their emphasis on privacy. Abine's recent MaskMe browser add-on and mobile app for creating disposable e-mail addresses, phone numbers, and credit cards is another example of a service that doesn't have access to its own users' data.

Stamos predicted changes in services that companies with cloud storage offer, including offering customers the ability to store their data outside of the U.S. "If they want to stay competitive, they're going to have to," he said. But, he cautioned, "It's impossible to do a cloud-based ad supported service." Soghoian added, "The only way to keep a service running is to pay them money." This, he said, is going to give rise to a new wave of ad-free, privacy protective subscription services.

Germany's biggest telecoms company is to follow Vodafone in disclosing for the first time the number of surveillance requests it receives from governments around the world.Deutsche Telekom, which owns half of Britain's EE mobile network and operates in 14 countries including the US, Spain and Poland, has already published surveillance data for its home nation – one of the countries that have reacted most angrily to the Edward Snowden revelations. In the wake of Vodafone's disclosures, first published in the Guardian on Friday, it announced that it would extend its disclosures to every other market where it operates and where it is legal.A spokeswoman for Deutsche Telekom, which has 140 million customers worldwide, said: "Deutsche Telekom has initially focused on Germany when it comes to disclosure of government requests. We are currently checking if and to what extent our national companies can disclose information. We intend to publish something similar to Vodafone."

Bosses of the world's biggest mobile networks, many of which have headquarters in Europe, are gathering for an industry conference in Shanghai this weekend, and the debate is expected to centre on whether they should join Deutsche and Vodafone in using transparency to push back against the use of their technology for government surveillance.Mobile companies, unlike social networks, cannot operate without a government-issued licence, and have previously been reluctant to discuss the extent of their cooperation with national security and law enforcement agencies.But Vodafone broke cover on Friday by confirming that in around half a dozen of the markets in which it operates, governments in Europe and outside have installed their own secret listening equipment on its network and those of other operators.

As soon as my article about how NSA computers can now turn phone conversations into searchable text came out on Tuesday, people started asking me: What should I do if I don’t want them doing that to mine? The solution, as it is to so many other outrageously invasive U.S. government tactics exposed by NSA whistleblower Edward Snowden, is, of course, Congressional legislation. I kid, I kid. No, the real solution is end-to-end encryption, preferably of the unbreakable kind. And as luck would have it, you can have exactly that on your mobile phone, for the price of zero dollars and zero cents.

The Intercept’s Micah Lee wrote about this in March, in an article titled: “You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone.” (Signal is for iPhone and iPads, and encrypts both voice and texts; RedPhone is the Android version of the voice product; TextSecure is the Android version of the text product.) As Lee explains, the open source software group known as Open Whisper Systems, which makes all three, is gaining a reputation for combining trustworthy encryption with ease of use and mobile convenience. Nobody – not your mobile provider, your ISP or the phone manufacturer — can promise you that your phone conversations won’t be intercepted in transit. That leaves end-to-end encryption – using a trustworthy app whose makers themselves literally cannot break the encryption — your best play.