Not just for the NSA: Almost all Android phones open to super-malware that takes control of everything, including Google Wallet

One X 

New Android ‘Fake ID’ flaw empowers stealthy new class of super-malware
[Via AppleInsider]

A new Android design error discovered by Bluebox Security allows malicious apps to grab extensive control over a user’s device without asking for any special permissions at installation. The problem affects virtually all Android phones sold since 2010.

[More]

Because Google does not verify the security certificate when an app is loaded, malware can claim to be any app, even trusted ones. 

There’s also another complication. “The problem is further compounded by the fact that multiple signers can sign an Android application (as long as each signer signs all the same application pieces),” Bluebox noted.

“This allows a hacker to create a single malicious application that carries multiple fake identities at once, taking advantage of multiple signature verification privilege opportunities to escape the sandbox, access NFC hardware used in secure payments, and take device administrative control without any prompt or notification provide to the user of the device.”

Only 18% of Android phones have upgraded to prevent the Adobe Flash flaw that can be exploited. And many Android phones can never be upgraded.

And the flaw also extends to a wide range of trusted apps. The malware can get all your financial information stored in Goggle Wallet.

The hack also extends to phones from Amazon. Not good when launching a new phone.

Google has known about this for over 3 months. So a major security flaw, that allows a downloaded app to grab access to your most sensitive data, has not been dealt with even as millions of people worldwide buy new phones.

Phones that may never be able to be fixed. 

On the other hand, Fake ID requires no user involvement, and can be used by malware posing as an innocent app or game that requests no special permissions. Once installed, the app can take over without the user having any knowledge of being infected. 

This is one reason the ‘walled garden’ of the iOS App store is safer. There may be flaws but they are easier to prevent, to fix and to send out solutions for.

Surfers, not plodders

 Academia Surf&Rock 2013

When she finished her pitch, the investor said he didn’t invest in women
[Via Boing Boing]

“I don’t like the way women think. They haven’t mastered linear thinking.

[More]

Idiots. Cutting off half of society simply reduces the possible solutions to a wide variety of solutions.

But the quote about linear thinking is right on. These guys simply do not understand the genius of real innovators and simply follow a linear approach themselves.

We need more non-linear thinkers, those that can adapt to things even as the conditions are changing.

These male investors know how to plod to the top of a mountain. They do not know how to surf a wave of change. But a  mountain does not change as you are hiking to the top. Today’s economies do.

A wave cannot be predicted. It is constantly changing. So we need surfers. But these investors will continue to fund plodders.

Using an iPhone to check in and get a key at Hilton

Family at the hotel check in 

Hilton hotels to let you use your iPhone as your hotel key from next year
[Via 9to5Mac]

Queuing up at a hotel check-in desk is often the last thing you want to do after a long flight. Starting next year, you’ll be able to bypass the front desk altogether in Hilton hotels, your iPhone serving as as your hotel room key.

We’ve seen the same thing in smaller hotel groups, but Hilton’s adoption of the technology moves it very much into the mainstream. The group told the WSJ that it will begin introducing the new door locks next year, and expects to complete the global roll-out by the end of 2016.

The Hilton app already allows you to check-in electronically, but currently you still need to collect your room key from the front desk – which kind of defeats the object. With the new system, iPhone check-in will send a key code to your phone which can then be used to unlock your door.

[More]

 So hotels will need fewer people at the front desk now. Throw in iBeacons and the bell hops will know when you arrive and will be ready to gather your luggage as you simply go to your room.

Would be nice.

More cool biology hidden in our guts

 bacteriophage

Globe-Trotting Virus Hides Inside People’s Gut Bacteria
[Via NPR Science/Health]

New viruses are a dime a dozen.

Every few months, we hear about a newly discovered flu virus that’s jumped from birds to people somewhere in the world. And the number of viruses identified in bats is “extraordinary and appears to increase almost daily,” scientists wrote last year in the journal PLOS Pathogens.

But a virus that has been quietly hiding inside millions of people on three continents — and never been noticed before? That doesn’t come along often.

[More]

The drop in cost of sequencing technology (and other tools) now allows us to answer questions we could not even asl 5 years ago. That is how rapidly things are moving.

Many people are just now getting an idea that the microbes that live in our guts have huge impacts on us and our health.

Now we are seeing more and more that viruses inside these gut flora are also important on our diets. This one looks particularly interesting. The strange story of Acanthamoeba polyphaga may be more common than we thought.

I did my postdoc working on genes from bacteriophage, the viruses that infect bacteria. To do that, I have to hand-make oligonucleotides representing the genes, 14 bases at a time. It would take a day to do seven of them at a time.

Putting them together and getting the region sequenced in order to make sure the oligonucleotides had been made correctly would take a couple of months.

It is simply amazing to me how far we have come.

Coning this Fall – the end of credit cards?

 Leather Wallet

 

Apple’s e-wallet could debut as soon as this fall, possibly with ‘iPhone 6′
[Via AppleInsider]

A report on Wednesday claims Apple is accelerating work on a mobile payments system, or digital wallet, that could be ready by this fall, allowing customers to pay for physical goods with their iPhone instead of a credit card or cash.

[More]

I’ve written before about how Apple will change the whole idea of a credit card transaction, through the use of an iPhone and iBeacons. And how Apple made some basic changes in its networking protocols to sent encrypted data.

Now it looks like it might come here this Fall. Never have to remove your credit card. Use your iPhone to transit all the necessary data and encrpted for protection. Now you don’t have to worry about a waiter running your card twice, or copying the number or using their own software to copy the card.

In fact, with an iWatch, you might not even need to remove your iPhone from your pocket.

So now think if Apple receives a small percentage of every Visa transaction? Thiunk that might enhance their bottom line?

If I had spare money, I;d be buying Apple stock.

Could iBeacons be coming for hoime use?

Recone-Electro-Voice-Speakers-_22890-480x360

Apple could make a killing with this little-known device
[Via MacDailyNews]

// <![CDATA[

google_ad_client = "ca-pub-9654279268749293";
/* Article Body, 336x280, Above the fold */
google_ad_slot = "0670981169";
google_ad_width = 336;
google_ad_height = 280;
//-->

// ]]>

“Unless consumers start carrying around two iPhones, investors are still waiting for Apple to come up with the next profit-driving monster,” Dan Newman writes for The Motley Fool.

“Many think this might be a role for the rumored iWatch. However, at an estimated selling price at half of an iPhone, around $300, and a consumer interest yet to be confirmed,” Newman writes. “But, one device that links up with iThings anywhere just might give Apple an iPhone-sized financial boost: an iBeacon transmitter for every home and business.”

“Imagine walking past the grocery store and receiving a notification of a sale on your favorite brand of cereal. Or, after sitting at a bar for an hour, receiving a coupon for your next round of drinks. Or, leaving a clothing store and automatically being charged for the items that you ordered to fit. iBeacon can do these things with low-energy Bluetooth technology, or BLE,” Newman writes. “Apple introduced iBeacon in 2013, and recently came out with standards needed to earn consent for use of the trademark. There are many variations of iBeacons that third-party manufacturers have designed, like Estimote’s rock-shaped transmitter, or the more utilitarian AIRcable USB dongle. However, a more Apple-esque design might come from the company. According to FCC filings, Apple has tested an iBeacon transmitter that it would manufacture itself.”

[More]

We keep hearing about all these business uses for iBeacons -“Have coupons sent to your iPhone as you walk around.”

People will only use this if it is useful FOR THEM, not if it makes life easier for businesses. I’ve already written about how this technology could be useful for people – like making paying for meals at restaurants so much easier.

What happens at home when you have iBeacons from Apple available? First, combine them with Apple’s HomeKit. So your computer/iOS device knows where you are.

HomeKit will be designed to connect apps and home devices. Add some iBeacons and these devices will turn on or off depending on where you are.

So, as you walk around the house, it can do things, like turn on the light or open the garage door when you need it.

Or a home speaker system that not only plays music you want to hear as you move through the house but plays different music on different speakers depending on where people are in the house.

I’ll bet there are more.

Uselss app finds usefulness in warning Israelis of rocket attacks

 Bomb Shelter in the Golan Heights, Israel

Pointless Yo app now alerts Israelis to rocket attacks
[Via Ars Technica]

An app that became infamous for its astounding lack of utility has found a purpose: warning Israeli citizens about rocket strikes. As reported by the Times of Israel (via Valleywag), Israelis have been using the app Yo to subscribe to alerts from Red Alert: Israel about incoming attacks during the Hamas-Israel conflict.

Yo was roundly mocked when it secured $1.2 million in funding and again when it was shown to have gaping security holes. It does almost nothing; tapping a contact’s name within the app sends a push notification to that person’s phone and makes it say “yo.” That’s… it.

Now Yo has partnered with Red Alert: Israel, an app that shows users “where the rockets fired at Israel by Gaza terrorists are aimed,” according to the Times of Israel. Red Alert: Israel’s app sounds an alarm during attacks, and it’s meant to work as a backup for the sirens that sound to alert residents. Users who so choose can now receive a “yo” when rockets have been launched.

[More]

I love this.  The developers of Yo are nothing if not adaptable. Eight hours of work to create an app that could save lives. From a totally useless app to a reasonably valuable one. Who is laughing now?

Distributed approaches again succeed over hierarchical.

Unbelievable, Google Wear bug prevents paid apps to be used. QA fail?

 Fossil's concept watches (next to a Nexus S phone)

Google DRM bug blocks paid Android Wear apps
[Via Ars Technica]

With smartwatches running Android Wear slowly starting to trickle out into the world, developers are coming to grips with Google’s new wearable platform. In doing so, they have found one of its first big bugs: paid apps don’t work.

Currently, there’s no such thing as a “standalone Wear app.” Watch apps must be downloaded by a phone using the Play Store and include an Android Wear component. After installing the phone app locally, the phone sends the Wear component to the watch over a Bluetooth connection.

Paid Android apps are encrypted, with the encryption key obtained from the Play Store and passed to the phone. But according to a report from Android Police, the key does not currently get passed to the watch. With no way to decrypt the packages, the watch fails to install encrypted wearable apps. The only current workaround is not to charge for the app, which removes the Play Store’s encryption.

[More]

So, you pay for an app. install it as expected and it refuses to work.

How was this missed in any sort of quality control? Google encourages developers to make paid apps but then only allows free apps on their wearable stuff.

How in the world did this get out?

The company has to destroy itself, in order to save itself

Mac Keyboard 

Apple: Lessons in Self-Destruction. Richard Gutjahr’s blog
[Via asymco]

My thanks to Richard Gutjahr for taking time to talk about self-disruption. I met Richard as the Master of Ceremonies at the Censhare FutureDays event in Munich. He interviewed me for his blog and posted the results as a video and sound file. Richard is a journalist (Berliner Tagesspiegel, Frankfurter Allgemeine Zeitung) and TV personality (news presenter for Rundschau night).

Horace and I have met at a conference in Germany a few weeks ago. During a break, we were talking about the future of Apple. Horace made a statement, which I found quite intriguing: In order to remain innovative, it is not enough to reinvent yourself again and again. Apple must be the one to destroy its own business.

Hour-long conversation including audio and video: Apple: Lessons in Self-Destruction.

[More]

“In order to remain innovative, it is not enough to reinvent yourself again and again. Apple must be the one to destroy its own business.”

That is what a 21st century company has to do. Google keeps re-inventing itself. Apple tries to destroy itself. The Mac destroyed the Apple II. The iPod destroyed the Mac. The iPhone destroyed the iPod.

What will destroy the iPhone?

(And by destroy, I don’t mean make vanish. Just toppled as the company’s lead money maker.)

Your iPhone will make a better, more secure wallet than your wallet

 iPhone 5S

Mobile money services on the rise worldwide as Apple eyes Touch ID payment system
[Via AppleInsider]

If Apple is able to drive adoption of its rumored iTunes-backed mobile payment system among wealthy consumers at the same pace as similar systems in the developing world, it could be one of the company’s most important — and profitable — strategic moves.

[More]

I’ve written about the effect the iPhone will have on credit cards before. I think this will be a key aspect of the new iPhone coming out (Apple will have had over a year to work out all the needed aspects of TouchId).

You iPhone will be more secure than the wallet you have. Only Apple will have the secure enclave that protects your data. Even losing your iPhone will not allow anyone access to the credit card numbers, like losing your wallet.

Combine this with iBeacons and Apple will control it all. I would not be surprised to see Google and the DOJ  go after Apple in a few years for their emerging monopoly in this area ;-)

Even a two year old can use an iPhone to save a life

Emergency

Siri may have helped this 2-year-old girl save her mother’s life
[Via Cult of Mac]

Siri. For many of us, Siri is a novelty at best, and an inconvenience at worst: the annoying voice who starts asking you what you want from your back pocket when you accidentally sit on your iPhone. But for those who love Siri, she can be a lifesaver … literally. Because Siri may have just helped a 2-year-old save her mother’s life.

Liz Neaton of Montrose, Minnesota, has a nervous disorder that causes her to have fainting spells on occasion when she stands up. She’s also the mother of Eve, a smart 2-year-old girl who Liz trained to use Siri to call 911 in case of emergency.

[More]

How technology changes things. Using Siri and simple voice commands allows a two year old to get emergency help.

Amazon using Walmart tactics

Books 

Amazon said to be ‘increasingly ruthless’ in negotiations with UK publishers
[Via AppleInsider]

Hachette is not the only imprint to find itself under Amazon’s thumb as the online retailing giant has begun turning the heat up on smaller publishers in the U.K., demanding terms that one publishing executive likened to a “form of assisted suicide for the industry.”

[More]

WalMart has been famous for squeezing its suppliers to the bone. Abusing a monopsony (where there is only 1 buyer) is not illegal because it keeps prices lower for the customer.

Abuse of a monopoly (where there is only 1 seller) is illegal but both WalMart and Amazon do not run afoul of this. 

The reason Apple lost against the DOJ was because of this – it is not illegal to abuse a monopsony but it is illegal to collude to keep prices high.

I think this can only end with the destruction of the current business models of book publishers, which will have a large impact on authors.

But this is just a continuing change in many creative industries. Before, the filtering to identify commercial works took place BEFORE publication, resulting in book  and music publishers providing editorial oversight.

Now, this editorial oversight will happen AFTER publication. It may not be pretty.

How to get money in the app economy

IMGP3962 

[Via Dave Winer's linkblog feed]

The Inside Story Of Yo: There Isn’t Actually $1 Million In The Bank.

[More]

An example of the app economy.Two guys, less than 4 hours of work, over $1 million in investment.

And perhaps a future.

Would an iPhone have prevented PF Chang’s problem?

 Wallet and some money on a wooden table

 

P.F. Chang’s Security Update
[Via PF Changs]

STATEMENT FROM RICK FEDERICO CEO OF P.F. CHANG’S JUNE 12, 2014

Scottsdale, Ariz. (June 12, 2014) — On Tuesday, June 10, P.F. Chang’s learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised.

At P.F. Chang’s, the safety and security of our guests’ payment information is a top priority. Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang’s China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues.

[More]

Maybe something I wrote about  last year will provide a path to a solution that we can use on our own. It involves an iPhone, Touch ID, and iBeacons.

The attack on PF Chang’s looks very similar to what happened at Michael’s and Target – a store employee at some point put specific malware on a store’s computerized computer terminal, hidden from view.

This software collected unencrypted card information and sent it to the hackers. It is a simple variety of a sort of man-in-the-middle hack. They sit in the middle of all the communications between the store’s computer terminal and the credit card companies.

It can be hard to prevent this with thousands of people having access to the terminals. It is really little different from our viewpoint than the old days when a dishonest clerk would run the card twice in order to get  a copy of the relevant information.

Just safer today for the dishonest employee. Let the computer do all the work.

One easy around this is to use encrypted smart cards. The credit card companies have been slow to do this in the US on their own. 

But here is what I said Apple may be able to do, using the security of the newest iPhones to create a digital wallet:

Imagine you are at a restaurant and read to leave. You take your iPhone and hit the home button. The restaurant uses an iBeacon to send the bill to your iPhone. You hit pay and the credit card transaction is completed – assuming proper security can be created here.

No need to wait for the waiter.

All the pieces are in place for this. Apple has spent a year making sure of this, especially the security issues.

In particular, I would bet there will be an additional need to provide a fingerprint to pay the bill. Much better than any other sort of validation currently used for credit card transactions.

All transactions will be encrypted end-to-end and totally in our control. Much, much harder for hackers to get anything.

Can you imagine the selling point for any restaurant on this? Secure transactions. They never see the actual transactions, just confirmation it happened. 

And Apple’s digital wallet will be much safer than carrying credit cards in our pockets, where they can easily be stolen. We only find out someone has the cards when mysterious transactions appear.

We all now pretty fast when an iPhone is gone. With TouchID, there is little chance anyone will be able to even get into the iPhone at all, much less the credit card numbers, which are encrypted in a secure enclave on the iPhone.

Even if somehow in the future they figure out a way, it will take time. We can easily inactivate the phone in the meantime,

It is coming. Just not soon enough for PF Chang’s

Apple doing their own ads and they are great

Videos: Apple’s new in-house ad team struts its stuff
[Via Brainstorm Tech: Technology blogs, news and analysis from Fortune Magazine » Apple 2.0]

Apple’s long-time ad agency, TBWA\Chiat\Day, is now competing for Apple’s business with a new in-house team made up in part by talent poached from Chiat\Day.

Peter Burrows had the story Wednesday afternoon in Bloomberg Businessweek. A few hours later, as if to strut its stuff, team Apple fielded a new TV ad and four YouTube videos.

What’s interesting about the TV spot is that it highlighted Apple’s foray into health monitoring several months before its newly announced HealthKit app is scheduled to appear. It featured eight third-party products that take advantage of the motion detector built into the iPhone 5S and said nothing about the Apple wrist band that’s rumored to be in the works.

“iWatch?” wrote Shawn King on The Loop. “Who needs an iWatch?”

[More]

Go take a look. These are pretty nice.

Follow

Get every new post delivered to your Inbox.

Join 431 other followers

%d bloggers like this: