Jump to content

Search the Community

Showing results for tags 'mobile'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 15 results

  1. Coronavirus case confirmed at Samsung's mobile device factory in South Korea Samsung has confirmed that one of its employees working at its mobile device factory in Gumi City, South Korea has been infected with coronavirus. The company says it has already closed that facility and the shutdown will last until Monday. In a press statement, the tech giant announced that other workers who came in contact with the infected employee have been put under self-quarantine. They will also be tested for possible infection. The floor where the infected employee worked has also been shut down until February 25, Tuesday. The Gumi factory is responsible for producing smartphones meant mostly for the domestic market of Samsung. That said, the company will continue operations at its chip and display factories in other parts of South Korea. Coronavirus has disrupted the tech community over the past couple of months, most notably when tech companies such as LG, Nvidia, ZTE, and Ericsson have started withdrawing from the Mobile World Congress that was set to take place in Barcelona later this month. Samsung was also reported to be cutting back on its MWC presence due to safety concerns related to the virus. Eventually, the GSM Association decided to cancel the event entirely following an escalation of "global concern regarding the coronavirus outbreak". Source: Coronavirus case confirmed at Samsung's mobile device factory in South Korea (Neowin)
  2. Punit Verma

    Samsung launches Galaxy S20

    Samsung released the whole new Galaxy S20. What do you think about the new members of the Galaxy series?
  3. Google Store stops selling Cardboard VR headsets The drawn-out death of VR on Android is now more or less complete as the Google Store has ceased selling its Google Cardboard DIY VR goggles. Mobile VR solutions are not truly dead, but after Android 11 officially dropped support for the Daydream platform in late 2020, it looked like time had finally run out. However, the Google Store still listed official Google Cardboard VR goggles for sale. Google has now though finally stopped selling the cardboard headsets some five years after first going on sale and seven years after being announced. Android Police spotted that the store listing shows “Out of stock” with a banner reading: “We are no longer selling Google Cardboard on the Google Store. We will continue to help the community build new experience through our Cardboard open source project.” The aforementioned Cardboard open-source project was launched in 2019 as Google wound down development on the VR SDK. This allows developers to continue producing apps and experiences for the platform moving forward. Interestingly, in this original announcement, Google claims to have shipped some 15 million Google Cardboard units globally. A low entry-price actually made them an ideal learning companion with your smartphone taking the place of normally expensive VR headsets. VR has since been left behind in favor of AR, with Google Maps showcasing the enhanced capabilities of the mixed reality platform over the virtual option. Apps can still be grabbed from the Daydream app on the Google Play Store, with 360-video being another example of the VR platform that Google Cardboard helped promote. It’s unclear just how long the dedicated portal for VR apps will remain live, as recent outages left longtime fans perplexed and frustrated. One major upside is that you can still grab third-party alternatives to fill the void left by official Google Cardboard hardware if you are pining for some affordable and accessible VR. Source: Google Store stops selling Cardboard VR headsets
  4. Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the State of Palestine, and another threat actor known as Arid Viper (aka Desert Falcon and APT-C-23), the latter of which is alleged to be connected to the cyber arm of Hamas. The two digital espionage campaigns, active in 2019 and 2020, exploited a range of devices and platforms, such as Android, iOS, and Windows, with the PSS cluster primarily targeting domestic audiences in Palestine. The other set of attacks went after users in the Palestinian territories and Syria and, to a lesser extent Turkey, Iraq, Lebanon, and Libya. Both the groups appear to have leveraged the platform as a springboard to launch a variety of social engineering attacks in an attempt to lure people into clicking on malicious links and installing malware on their devices. To disrupt the adversary operations, Facebook said it took down their accounts, blocked domains associated with their activity, and alerted users it suspects were singled out by these groups to help them secure their accounts. Android Spyware in Benign-Looking Chat Apps PSS is said to have used custom-built Android malware that was disguised as secure chat applications to stealthily capture device metadata, capture keystrokes, and upload the data to Firebase. In addition, the group deployed another Android malware called SpyNote that came with the ability to monitor calls and remotely access the compromised phones. This group used fake and compromised accounts to create fictitious personas, often posing as young women, and also as supporters of Hamas, Fatah, various military groups, journalists, and activists with an aim to build relationships with the targets and guide them toward phishing pages and other malicious websites. "This persistent threat actor focused on a wide range of targets, including journalists, people opposing the Fatah-led government, human rights activists and military groups including the Syrian opposition and Iraqi military," Facebook researchers leading the cyber espionage investigations said. A Sophisticated Espionage Campaign Arid Viper, on the other hand, was observed incorporating a new custom iOS surveillanceware dubbed "Phenakite" in their targeted campaigns, which Facebook noted was capable of stealing sensitive user data from iPhones without jailbreaking the devices prior to the compromise. Phenakite was delivered to users in the form of a fully functional but trojanized chat application named MagicSmile hosted on a third-party Chinese app development site that would surreptitiously run in the background and grab data stored on the phone without the user's knowledge. The group also maintained a huge infrastructure comprising 179 domains that were used to host malware or acted as command-and-control (C2) servers. "Lure content and known victims suggest the target demographic is individuals associated with pro-Fatah groups, Palestinian government organizations, military and security personnel, and student groups within Palestine," the researchers added. Facebook suspects Arid Viper used the iOS malware only in a handful of cases, suggesting a highly-targeted operation, with the Hamas-linked hackers simultaneously focusing on an evolving set of Android-based spyware apps that claimed to facilitate dating, networking, and regional banking in the Middle East, with the adversary masking the malware as fake app updates for legitimate apps like WhatsApp. Once installed, the malware urged victims to disable Google Play Protect and give the app device admin permissions, using the entrenched access to record calls, capture photos, audio, video, or screenshots, intercept messages, track device location, retrieve contacts, call logs, and calendar details, and even notification information from messaging apps such as WhatsApp, Instagram, Imo, Viber, and Skype. In an attempt to add an extra layer of obfuscation, the malware was then found to contact a number of attacker-controlled sites, which in turn provided the implant with the C2 server for data exfiltration. "Arid Viper recently expanded their offensive toolkit to include iOS malware that we believe is being deployed in targeted attacks against pro-Fatah groups and individuals," Facebook researchers said. "As the technological sophistication of Arid Viper can be considered to be low to medium, this expansion in capability should signal to defenders that other low-tier adversaries may already possess, or can quickly develop, similar tooling." Source: Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware
  5. Samsung and Microsoft today expanded their partnership by announcing new Microsoft Office, Teams and Outlook experiences for the newly announced Samsung foldable devices including Galaxy Z Fold3 and Galaxy Z Flip3. Find the details below. Microsoft Teams: When you unfold a Galaxy mobile device, you can see a presentation in full-screen detail and the faces of your co-workers on the Teams call underneath. Also on that Teams call, pull up the Whiteboard and draw what you’re explaining on the board with an S Pen. Microsoft Outlook: With Microsoft Outlook’s dual-pane mode for Galaxy devices, you can read a full email while previewing others on the side, just like on a desktop. Microsoft Office: You can now run two instances of the same Office app. “With the Multi-Active window, you can run multiple apps at the same time,” says Patrick Chomet, executive vice president, head of Mobile Products & Experiences at Samsung. “For example, you can open Microsoft Excel and PowerPoint and easily drag and drop a table right into your presentation. Now, you can even run two instances of the same app.” Source: Microsoft Microsoft’s Office mobile apps are now optimized for Samsung foldable smartphones
  6. Every other year, Facebook announces that it has changed the settings of its web version and/or applications. This month's change is rolling out to all users of Facebook's mobile application, and its main purpose is to streamline the layout, make things easier to find, but without removing any of the previous settings. Facebook's privacy settings were changed in 2018 the last time. Back then, the company claimed that the new design would make "things easier to find", because settings were now found in a single place. Today's update changes Facebook's setting page significantly. The company reduced the number off categories and decided to rename these to "more closely match people's mental models". Facebook notes its new system takes into account user expectations, so that specific settings are easier to find in the application. The six categories that Facebook's settings page is divided into are Account, Preferences, Audience and Visibility, Permissions, Your Information, and Community Standards and Legal Policies. And Privacy? The privacy settings have been moved to the relevant categories, to meet user expectation, according to Facebook. Facebook's research suggest that "privacy settings can be easier to find when they're presented in short, well-organized menus, and that "grouping settings based on users' mental modes about which privacy topic(s) the settings address can be even more helpful". Our research shows that using more specific and descriptive names makes settings easier to find. That’s why we’ve unbundled the Privacy Settings category and moved the settings previously contained within it into other categories. Finally, to more easily guide you through important privacy and security settings on Facebook, we’ve added another shortcut to Privacy Checkup, right at the top of the Settings landing page. As a user of Facebook's mobile application, you will find location privacy settings under permission, post visibility settings under audience and visibility, and the activity log under your information. Users may also use the search tool to find specific settings, and there is the privacy checkup tool to make some privacy-related changes using the tool. Closing Words Many existing users will have difficulties finding specific settings that they accessed in previous versions of Facebook's mobile apps. Critics might argue that the redesigned settings make it more difficult for users to find and change privacy settings; tighter privacy settings may provide Facebook and third-parties with less data, and that may affect the company's bottom line. Ultimate, users need to go through all the settings one-by-one to make sure that they don't miss an important setting. Facebook scatters privacy settings all over the place on mobile
  7. If there were any major sites that took a web traffic pummeling in 2019 it was Yahoo and Tumblr. That’s according to a new report from SimilarWeb. The report looks back on key web trends in 2019. Among those trends were some pretty bad news for some sites. Particularly, SimilarWeb’s report says Tumblr saw its web traffic plummet 33% since 2018, when the site banned adult content. Yahoo saw a similar drop from its 2017 numbers, falling 33.6% during the period. Other key findings from the report: Total web traffic is on the rise, growing 8% in 2019 to 223 billion visits per month to the top 100 websites worldwide. Mobile is fueling much of that growth. While desktop web traffic decreased 3.3% since 2017, mobile web traffic shot up 30.6% over the same period. But with the mobile web comes shrinking attention spans. The report says that visitors are spending 49 seconds less on websites per visit than they did three years ago. The top 10 sites took 167.5 billion visits per month in 2019–a 10.7% increase. Mobile visits claim the majority of visits made to “vice” sites–those that involve porn and gambling. The U.S. leads the world when it comes to visiting the websites. In 2019, over 300 billion visits per month to sites were made from America. The takeaway? Mobile is quickly becoming the new norm, but websites are going to have to work harder to keep visitor attention as our attention spans continue to shrink. Source
  8. The Firefox Browser is not as private as you may think – especially on iOS and Android. Mozilla recently announced that they would be allowing any Firefox user a means to request Mozilla to delete stored telemetry data that is tied to said user. Mozilla maintains “strict limits” on how long they store this logged telemetry data, but any duration is too long if the telemetry data can be associated with an individual Firefox browser instance on a particular IP address through a government request. Sure, the collection of this telemetry data can be turned off, but the vast majority of Firefox users are not using Firefox with telemetry turned off, and are therefore incredibly vulnerable. The change by Mozilla comes as a result of the California Consumer Privacy Act (CCPA), a state law which came into effect at the turn of the new year. 2020 is a year of clear vision, and we get to start it off with the revelation that Firefox stores telemetry data in a way that can be traced back to an individual user. After all, how else would Mozilla be able to delete just your telemetry data upon request? To answer this question, Privacy Online News reached out to Mozilla and a Mozilla spokesperson explained how the telemetry data is associated with your browser instance: “By default, Mozilla collects limited data from Firefox to help us understand how people are using the browser, such as information about the number of open tabs and windows or number of webpages visited. This does not include data that can reveal sensitive information about users’ activity online, such as search queries or the websites users visit. The data collected is associated with a randomly generated identifier that is unique to each Firefox client. We refer to this as a clientID. That clientID is not linked to you personally or any sensitive data (for example to your name or phone number) but to your local Firefox software installation. It is never shared with third-parties. Full public documentation about this data collection, including the identifier, can be found here. When users choose to delete their telemetry, the Firefox browser will submit this identifier to Mozilla and we will then delete data on our servers associated with this ID.” Specifically, when you request your telemetry data be deleted from Mozilla’s servers, you do so by sending a “deletion-request” ping which by virtue of how internet pings work, includes a timestamp, your IP address and your unique client ID – as confirmed by Mozilla. That is all the information that’s needed to tie your telemetry data back to your specific browser instance. Mozilla confirmed to Privacy Online News that all this data is stored, but they don’t seem to consider it a privacy issue because they are stored separately. A Mozilla spokesperson explained how the IP address of all telemetry pings, not just the deletion-request ping, is stored: “Mozilla does initially receive the IP as part of telemetry technical data. The IP is then stripped from the telemetry data set and moved to an environment with restricted access for security and error review purposes only. By moving the IP address into this restricted environment this de-identifies the collected telemetry data.” Firefox stores your telemetry data in a way that can be tied back to you While the fact that Firefox collects telemetry data may be well known to some security minded researchers, and even viewed as acceptable because of reasons such as “debugging,” it is quite the revelation that Mozilla actually maintains this data in a way that is matchable to an individual user’s IP address that is requesting said data be deleted. Mozilla even tried to downplay the impact of their privacy decision, saying in their announcement: “To date, the industry has not typically considered telemetry data “personal data” because it isn’t identifiable to a specific person, but we feel strongly that taking this step is the right one for people and the ecosystem.” While it is arguable that telemetry data isn’t technically “personal data” when it is viewed on its own without other information; however, if there’s a way to link a given set of telemetry data to a particular Firefox browser instance and IP address – and Mozilla just revealed that there is – then that telemetry data all of a sudden becomes the most personal of data. What does Firefox telemetry data include? According to the Mozilla wiki, telemetry data includes all the information needed to answer the following questions: How long does it take Firefox to start? How long does it take Firefox to load a web page? How much memory is Firefox consuming? How frequently do the Firefox cycle collector and garbage collector run? Was your session successfully restored when you last launched Firefox? Reading into the questions, the technical pieces of data that Firefox needs to store to be able to answer these questions become apparent. Stay tuned to future posts from Privacy Online News that will dive into the Firefox codebase to showcase what constitutes telemetry data stored by Mozilla in association with your Firefox browser instance. For a preview, simply type about:telemetry into your Firefox browser. For Android and iOS versions of Firefox, parts of this telemetry data – and more – are also shared with a third party company called Leanplum. What is Leanplum and why is it on Firefox for iOS and Android? Firefox on the popular mobile operating systems iOS and Android has even larger privacy concerns beyond the telemetry data that is stored by Mozilla. Leanplum is a mobile advertising company that also receives your personal information, courtesy of Mozilla. According to Mozilla Firefox’s support website: Firefox by default sends data about what features you use in Firefox to Leanplum, our mobile marketing vendor, which has its own privacy policy. This data allows us to test different features and experiences, as well as provide customized messages and recommendations for improving your experience with Firefox.” Mozilla sends information to Leanplum under the guise of testing different features. More information, also from Mozilla’s support team, gets into the specifics: Leanplum tracks events such as when a user loads bookmarks, opens new tab, opens a pocket trending story, clears data, saves a password and login, takes a screenshot, downloads media, interacts with search URL or signs into a Firefox Account.” The horror story continues: “Leanplum receives data such as country, timezone, language/locale, operating system and app version.” More specific information on what Leanplum collects from your mobile Firefox browser can be found from the Leanplum privacy policy, which Mozilla defers to in their own support text possibly because it’s so heinous: “[…] we automatically collect certain information, which may include your browser’s Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the Web site that you visited immediately prior to accessing any Web-based Service, the actions you take on our Service, and the content, features, and activities that you access and participate in on our Service. We also may collect information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message.” The opening up of a privacy option to allow all users (not just Californian users) to delete telemetry data reveals a deeper, darker truth: that the popular browser actually keeps track of telemetry data in a way that can be connected back to your specific browser instance and IP address. Revelations like these are exactly what should be occurring after proper privacy laws are written, passed, and enacted. Just with this revelation, arguably, the CCPA has already done so much more than the GDPR for internet privacy. Firefox is not the privacy conscious browser that it has been masquerading as. Not on the desktop, and certainly not on mobile. About the Author Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master's in Digital Currency from the University of Nicosia as well as a Bachelor's from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin. Interesting discussion about this article at Hacker News here Side Note : make sure to disable their telemetry if you dont want to be spied on if you use Firefox Source
  9. Hello Nsaners, hope someone can assist me with the following. I have a Galaxy S9 with the latest update installed (G960FXXU7CSJ1/G960F0CM7CSJ1/G960FXXU7CSI6). I have been trying to connect it to my laptop but I keep failing every single time. The below are checked more than once • Android Driver correctly installed • USB debugging is enabled • Wiped cache partition • Tried different cable • Tried the USB C converter that came with the phone. No USB detected
  10. A probe by Citizen Lab at the University of Toronto and computer security firm Kaspersky Lab has uncovered a massive network of mobile malware for all phone types that is sold by an Italian firm to police forces around the world. The malware, dubbed Remote Control System (RCS), was produced by a company called Hacking Team. It can subvert Android, iOS, Windows Mobile, Symbian and BlackBerry devices. The study found 320 command-and-control (C&C) servers for RCS running in over 40 countries, presumably by law enforcement agencies. Kaspersky has developed a fingerprinting system to spot the IP addresses of RCS C&C servers and found the biggest host is here in the Land of the Free, with 64 discovered. Next on the list was Kazakhstan with 49, Ecuador has 35, just beating the UK which hosts 32 control systems. "The presence of these servers in a given country doesn't mean to say they are used by that particular country's law enforcement agencies," said Sergey Golovanov, principal security researcher at Kaspersky Lab. "However, it makes sense for the users of RCS to deploy C&Cs in locations they control – where there are minimal risks of cross-border legal issues or server seizures." The Milan-based firm that developed RCS boasts on its website that its malware can crack any mobile operating system and remain undetected while doing so. Based on documents leaked to Citizen Watch, the firm may be correct in its claims. The documents detail how the RCS system works. Once a target is identified by cops or g-men the malware is sent out and installed, either by tricking the user with a spearphishing attack or by exploiting vulnerabilities in the target's operating system. The Hacking Team has devoted a lot of time to hacking Android systems with great success. But the documents suggest that it has also found a way to crack Apple's iOS, albeit with a rather tricky attack vector. It appears that RCS won't work against iOS phones unless they have been jailbroken. But, if an unjailbroken iPhone is hooked up to an infected computer, then a remote-operated jailbreak can be carried out without the owner's knowledge using a tool like Evasi0n – then the malware can be installed easily. Once on a target's mobile, the RCS software can intercept and record all phone calls, SMS messages, chat conversations from apps such as Viber, WhatsApp and Skype, grab any files or pictures on the handset, spy on the calendar, look up the user's location, and take screenshots whenever the operator specifies, as well as harvesting data from third-party applications like Facebook. The malware's operator runs the code from behind an anonymizing firewall and the code can be tailored to provide little or no evidence that surveillance is taking place. The code is optimized to avoid running down the handset's battery, and can even get around the mobile data usage statistics displayed by the operating system. While Hacking Team says that its software should only be used to track down criminal targets, Citizen Watch says it has found samples of the code aimed at political targets in Saudi Arabia, Malaysia, Morocco and Ethiopia. "This type of exceptionally invasive toolkit, once a costly boutique capability deployed by intelligence communities and militaries, is now available to all but a handful of governments," said Citizen Watch. "An unstated assumption is that customers that can pay for these tools will use them correctly, and primarily for strictly overseen, legal purposes. As our research has shown, however, by dramatically lowering the entry cost on invasive and hard-to-trace monitoring, the equipment lowers the cost of targeting political threats." Source
  11. 50 Phone Wallpapers (all 1440x2560, no watermarks) DOWNLOAD : https://imgur.com/gallery/C3pQs
  12. Google search on mobile is getting a redesign The changes are intended to simplify how search results look Illustration: Alex Castro / The Verge Google is redesigning how search results look on mobile, the company announced in a blog on Friday. “We wanted to take a step back to simplify a bit so people could find what they’re looking for faster and more easily,” Aileen Cheng, who led the redesign, said in the blog. The redesign will have larger and bolder text that’s intended to be easier to scan quickly, and you’ll see more of Google’s font in results. Search results will also take up more of the width of your screen, thanks in part to reduced shadows. Google also says the redesign will use color “more intentionally” to help highlight important information without being distracting. To get an idea of how the redesign differs from the current experience, compare this render of the redesign with a screenshot of the current search experience I took from my iPhone 12 mini. Image: Google Screenshot by Jay Peters / The Verge It looks like the new design puts more information higher up the page and reduces some visual clutter, which will hopefully make results easier to parse without forcing you to scroll down too far to find what you’re looking for. Google says the redesign will roll out in the coming days. Google search on mobile is getting a redesign
  13. Special report Voicemail inboxes on two UK mobile networks are wide open to being hacked. An investigation by The Register has found that even after Lord Leveson's press ethics inquiry, which delved into the practice of phone hacking, some telcos are not implementing even the most basic level of security. Your humble correspondent has just listened to the private voicemail of a fellow Regjournalist's phone, accessed the voicemail inbox of a new SIM bought for testing purposes, and the inbox of someone with a SIM issued to police doing anti-terrorist work. I didn’t need to use nor guess the login PIN for any of them; I faced no challenge to authenticate myself. There was a lot of brouhaha over some newspapers accessing people's voicemail without permission, but one of the strange things about it all is that at no stage have any fingers been pointed at the mobile phone networks for letting snoops in. And some doors are still open. It's believed the infiltrated inboxes merely had default PINs, or passcodes that were far too easy to guess, allowing eavesdroppers to easily drop by. People were urged to change their number codes for their voicemail, but, as we shall see, that advice is useless – you simply don't need to know a PIN to listen to someone's messages. Going down the rabbit holeThe login flaw was discovered during development work I was doing on a virtual mobile phone network that's aimed at folks who struggle with modern technology: it allows, for example, an elderly subscriber to ring up a call centre and ask to be put through to a friend or relative, rather than flick through a fiddly on-screen contacts book. In this case, the operator makes the connection between the subscriber and the intended receiver, but the "calling line identification" (CLI) shown at the receiving end is that of the subscriber and not of the call centre. CLI is the basis of caller ID in the UK, but it's a bit of a misnomer because it can be changed as required. I’d long suspected that miscreants were hacking voicemail by spoofing their CLIs to fool the phone system into thinking it was the handset collecting the messages – but surely that's too easy? It is trivial to set an arbitrary CLI when making a call. I had to find out if voicemail systems were vulnerable to spoofing. I was emboldened by an email from Register reader Sebastian Arcus, who had set up some software for making voice calls over the internet (VoIP in other words) using his mobile phone number, and was surprised that he was able to collect his voicemail from his VoIP client without having to hand over an access PIN. I was further goaded in a chat in the pub with Reg man Andrew Orlowski, who bet me I couldn’t hack his voicemail. I should’ve asked for money to back that one up. How it should work and how it falls apartIf you call your voicemail service from a handset linked to the account, you go through to your message inbox without the need to enter a PIN, presumably as a convenience. Use any other phone and you are asked for a PIN access code. If there is no PIN set, you don’t get to the voicemail. So far, so good. The special sauce here is how does the mobile phone network know which phone you are calling from? The easy way is to look at the CLI sent when establishing a call. Unfortunately, as our reader found out, this caller identification isn’t at all secure and can be spoofed, so we looked at Three, EE (and Orange), O2 and Vodafone. How well do the big four networks protect your private voicemail?We set up a VoIP handset to inject the necessary code to tell the network that our handset had the mobile number of the voicemail account we wanted to hack. We then dialled the voicemail service number to see if it would let us in. All networks have two voicemail numbers: a shortcode that you use from the mobile, and a long number when you call in from another phone or sometimes when you are abroad and the shortcode doesn’t work on the network you’ve roamed to. We could only use the long number because we were not on the mobile network under test. The issue is: what does the voicemail system do when you dial the long number from a handset which identifies itself as being a subscriber? We’ll get the secure ones out of the way first. We couldn’t hack either Vodafone or O2, so their systems must rely on more than simply checking the CLI sequence in a call. Vodafone handles the issue best. All calls to the long number ask you both for the number of the phone you are collecting the voicemail for and for a PIN. It ignores the caller display completely.O2 got confused. The call wasn't placed, and we got instead a message generated by our VoIP system saying the number we were calling wasn’t available. O2 uses a system where you call your own mobile number and press star when you get the intro message to get to the voicemail menu. We suspect that calling from the mobile number on the VoIP network just confused everything, the voicemail system went round and round in circles until our VoIP timed it out. But the results with Three and EE were shocking. I’d just bought a new pay-as-you-go SIM on Three, put credit on it, and set up the voicemail, which asks for a PIN right up front. I then switched off the mobile and called it using another phone to leave a voice message. We programmed the VoIP system to present the Three mobile number to the network and dialled the long number for collecting voicemail. We got straight through as though we were using handset with the Three SIM. It's enough to make your scr-EE-m It was similar with EE. Our man Orlowski has a phone on the EE network, so we programmed his mobe number into the VoIP phone and called the voicemail long number. We got straight in. Unfortunately he didn’t have any voicemail, so we called from another phone, left a message and then called back on the VoIP phone and listened to it. Testing with an Orange number (Orange and T-Mobile UK are part of EE) was more interesting. For this, we turned to a contact who works closely with the kinds of people who legally carry concealed guns – anti-terrorist, organised crime, under-cover, witness protection and the like. They use a mix of SIMs from Vodafone and Orange. So we called him, explained what we were going to do first, and then spoofed his Orange number. We got in, but didn’t want to listen to his voicemail. So we changed the greeting message. Anyone calling him would learn that he had changed his name to “Mabel”. It makesfraping look tame. We did however find that with Orange it would sometimes ask for a PIN and sometimes not. We put this down to routing. We suspect – and such things are the day-job for one of the people helping me – that when the call went through some routes its illegitimacy was spotted, and when it went through others the call went straight through as though it was kosher. The urgent issue is for EE and Three to make their systems secure. We’ve deliberately not given blow by blow details of how to spoof the CLI, but we can’t be the only people to have figured this out. It's not like the networks have not been warned. The majority of the information presented to the Leveson inquiry on how to hack voicemail was redacted, but in a brief public document [PDF] the danger of CLI spoofing is mentioned. And the mobile networks' own industry body, the GSMA, also warned of the danger in its voicemail security guidelines published in February 2012. In this document the GSMA talks about fraud as well as security. It points to the danger that a crook could register a premium-rate number and then use that number to leave a message on the mark's voicemail. By spoofing the CLI, the miscreants can then pick up the message and return the call, raking in the profits from the premium-rate call. What Three and EE must do next There is a lot that the two networks could do. Using CLI, or at least CLI alone, is shoddy. As a telco, they get all the necessary signalling information to know if the call is coming from their network or another one. This is true even if the handset is roaming, not least so that they can charge you for the call. Networks are never shy of charging for calls. They can also look at the Home Location Register (HLR) and see if the phone calling them is actually in a call. By using these techniques they don’t have to resort to the Vodafone system of always asking you for your number and a PIN when you call the long voicemail collection number, but they could be sure that you are who you say you are. The network also gets the cell tower ID and IMEI of the incoming call. Now these are different systems, but linking the two together would be belt and braces. We approached Three about this, and a spokesman said: "The advice we've always given customers about security is to mandate their PIN. This is particularly so for people who worry that if a phone is stolen, it might be used to access their voicemail. This advice is given under the voicemail security pages of the Three website."Meanwhile, EE wanted to reassure its customers that it is investigating and systems are being updated to mitigate this technical issue. EE also gave us this statement" First and foremost it’s illegal to access a voicemail account without the owner’s permission. If any customer has concerns about voicemail security we would advise them to follow a few simple steps on their device and set up PIN entry. Comment The mobile phone networks are more than missing a trick. While they complain about how the over-the-top players, such as WhatsApp and Skype, are stealing their lunch money, they do have one thing no one else can offer: complete control over the signalling and voice path. They could offer security at a level that would command a significant premium and yet they leave the door keys under the flower pot. Source
  14. Source: http://malwaretips.com/threads/limited-time-betanews-offer-get-6-free-months-of-bitdefender-mobile-security.24507/ Giveaway page link: http://www.bitdefender.com/media/html/betanews-bms/ p.s. you have to activate your license within 7 days of getting the mail.
  15. Does the world really need to know that every email you write was "Sent from my HTC One™ X, an AT&T 4G LTE smartphone"? Probably not. Aside from turning you into a free marketing tool, it will give your friends fodder to tease you over your your choice of handset or carrier. Plus, it makes you look like a noob that doesn't have control over their email. These annoying signatures are easy to change, though, if you know where to look. Changing the signature in iOS's Mail app On iOS, go to the Settings app, tap Mail, Contacts Calendars, scroll down, then tap Signature. Once there, you can change your email signature, and choose whether you want a different signature for every email account you have (tap Per Account) or One Signature to Rule Them All (All Accounts). In my case, I modified the stock iPhone email signature to serve as a warning about the inevitable typos. Once you're done, tap the back button or close out of the Settings app. On Android Android typically comes with two mail apps: a general email app that will work with lots of different mail services (aptly named "Email") and one for Google's own Gmail service. The two apps are very similar to one another, and the process of changing your email signature is the same for both apps. To start, open either the Email app or Gmail app, depending on which one you want to change. Next, tap the More button in the toolbar. It's represented by three dots: in Gmail, it's in the upper right; in Email, it's in the lower right. Next, select Settings from the menu that appears. On the Settings screen, tap the email address whose signature you want to change, and on the following screen, scroll down and tap Signature. Enter the signature you want to use with that account, then tap OK. If you have multple email accounts you want to append signatures to, go back to the main Settings screen by tapping the Back button in the upper left corner of the screen. Select another email address from the list, and repeat the process. Original Article: http://www.techhive.com/article/2052156/how-to-change-your-email-signature-on-your-smartphone.html
×
×
  • Create New...