 |
|
Happy New Year 2014
Monday 30 December 2013
Are Android phones facing a remote-wipe hacking pandemic?
Tuesday 16 October 2012
Is the sky falling?
Are Android phones about
to be wiped off the face of the earth?
Will hackers be
triggering a factory reset on your phone whenever they feel like it?
Are you going to wish
you'd got one of those iPhone jobs after all? (No pun intended. Rhetorical
question.)
That's the worry going
around since self-confessed Kiwi geek Dylan Reeve put a "test your mobile
phone for imminent disaster" page on his website.
For the record, Dylan
won't actually remote-wipe your device without permission. Indeed, he won't
wipe your device at all. He just shows you if it might be possible for a web
page to do so. The Kiwis probably already thrashed your country at rugby, even
after two of their players got sent off. They don't need to rub it in by wiping
the floor with your phone, too.
The details of the
disaster are absurdly simple, so allow me to explain at some length.
It all starts with RFC
3966, which defines a special sort of URI for telephone numbers. You use these
URIs, which start with tel:, like this:
As the text of RFC 3966
points out, unromantically but importantly:
The "tel" URI
is a globally unique identifier ("name") only; it does not describe
the steps necessary to reach a particular number and does not imply dialling
semantics. Furthermore, it does not refer to a specific physical device, only
to a telephone number.
So telephone URIs don't
instruct your browser, or your tablet, or your phone, to dial. They just
suggest that it could, if it wanted.
What's got Dylan Reeve
hot under the collar is that in some browsers, on some builds of Android, on
some phones, the dialling semantics of telephone URIs are: load the default
dialler or "phone" application, insert the number as if you'd typed
it, and wait for you to press the magic green button to initiate the call.
Waiting for the green
button is a security measure. It prevents a website calling out without some
sort of user interaction. That would be insecure and could be expensive.
In short, some browsers
treat tel: URIs almost as a special, and tolerated, form of cross-site
scripting (XSS). Visit one site at an innocent-looking URI, and end up
redirected to a different URI in a different application for a different
purpose.
So far, so good. But
what's got Dylan's smoking collar on the verge of bursting into flames is this:
automatic in-band signalling.
In-band signalling is
when some special character combinations, appearing in your regular data
stream, are treated as control sequences.
As you can imagine, this
is the sort of compromise implemented to bring convenience at the cost of
security.
The inherent risk of
in-band signals is one of the reasons that FTP was designed to use two TCP
connections, one outbound and one inbound - so that the data and control
channels were kept separate. It was also one of the reasons why FTP withered
for data transfer in favour of HTTP, which uses a single channel and thus works
more easily.
Mobile phone numbers
support a raft of in-band codes with the grandiose collective name of
Unstructured Supplementary Service Data (USSD). As Wikipedia notes, in its
uniquely uneven yet informative style:
The user composes a
message — usually rather cryptic — on the phone keyboard. The phone sends it to
the phone company network, where it is received by a computer dedicated to
USSD. The answer from this computer is sent back to the phone. The answer could
be seen on the phone screen, but it is usually with a very basic presentation.
The messages sent over USSD are not defined by any standardisation body, so
each network operator can implement whatever it finds suitable for its
customers.
Sounds like a recipe for
confusion, if not actually disaster, doesn't it?
So, what does a USSD look
like? Perhaps the best-known, and the one used by Dylan on his demo page, is to
enter *#06# to pop up your phone's official identification number, better known
at the IMEI.
If you type *#06# into
the dialler on your own phone, you may very well see that the IMEI pops up as
soon as you press the final # key.
Although some diallers
warn you that you're on the verge of triggering a USSD code - and give you an
out-of-band warning so you can prevent it, which is handy - others do not. They
recognise USSD codes as you type them in, on the grounds that you're not making
a call, so there's no need to wait for you to press the green button.
This means, if you browse
to Dylan's test page and your IMEI pops up without any further interaction,
that you are at risk of a potentially lethal combination - lethal to your data,
anyway.
This is because many
phones offer a USSD command for "factory reset". It's meant to be
hard to type by mistake - impossible, more or less. But it's not impossible for
a miscreant to type into a tel: URI on a malevolent web page, and there's the
rub. Or, in fact, the wipe.
What to do?
If your phone is
vulnerable - and if Dylan's page says it is, it probably is - then Mr Reeve
suggests installing a third-party dialler application which is known to provide
safety against the auto-activation of USSDs. That's good advice.
Your current browser or
dialler might be safe already. On my Google Nexus phone, for example, running Android
4.1 with the Firefox browser, visiting Dylan's page does pop up the phone
dialler. But the *#06# USSD code is not auto-triggered - it just appears as a
number you haven't dialled yet. As far as I can see, the dialler only processes
the in-band USSD codes if they are typed in by hand. That's good.
(Before you install a
brand new dialler app - and you knew I wouldn't resist a little advertising
somewhere in the article, didn't you? - you might also consider a trip to the
Play Store to install Sophos Mobile Security. Completely free, you get
anti-virus, anti-malware, anti-spyware, anti-adware, loss and theft protection,
plus a pair of really easy-to-use security and privacy advisor tools.)
The bottom line here is
this: get into the habit of backing up your phone. Whether you choose to trust
the cloud, or synchronise to your laptop, or just copy important files to
removable storage, don't take the long-term data integrity of your phone for
granted.
You might suffer a
hysterically-funny-to-some-childish-haxxor remote factory reset. It could
happen.
But you might also leave
your phone in the pub, have it nicked from your bag, or drop it
catastrophically onto the only concrete surface for hundreds of metres in every
direction (like I did a couple of weeks ago, on a balmy Sunday spring afternoon
that was going gorgeously up to that point).
If your digital life is
at risk from an unexpected factory reset, then you need to re-arrange your
digital lifestyle.
Assume that all your
electronic devices might break at any time, and that at least some of them
will.
Are Android operating system cellular phones experiencing a remote-wipe coughing pandemic?
Wednesday 26 September 2012
Is the sky falling?
Are Android operating system cellular phones about to be cleaned off the experience of the earth?
Will online cyber criminals be leading to a manufacturer totally reset on your cellular phone whenever they feel like it?
Are you going to wish you'd got one of those iPhone tasks after all? (No pun developed. Rhetorical query.)
That's the fear going around since self-confessed Kiwi fruit dork Dylan Reeve put a "test your cell cellular phone for certain disaster" web page on his web page.
For the history, Dylan won't actually remote-wipe your system without authorization. Indeed, he won't clean your system at all. He just reveals you if it might be possible for a web page to do so. The Kiwis probably already bashed your nation at football, even after two of their gamers got sent off. They don't need to rub it in by clearing off the ground with your cellular phone, too.
The information of the catastrophe are extremely simple, so allow me to describe at some duration.
It all begins with RFC 3966, which describes a exclusive kind of URI for figures. You use these URIs, which start with tel:, like this:
As the writing of RFC 3966 factors out, unromantically but importantly:
The "tel" URI is a worldwide exclusive identifier ("name") only; it does not describe the actions necessary to arrive at a particular variety and does not recommend dialling semantics. Furthermore, it does not consult a particular actual system, only to an unknown variety.
So phone URIs don't advise your web browser, or your product, or your cellular phone, to switch. They just recommend that it could, if it desired.
What's got Dylan Reeve hot under the receiver is that in some internet explorer, on some creates of Android operating system, on some cellular phones, the dialling semantics of phone URIs are: fill the standard dialler or "phone" program, place the variety as if you'd entered it, and delay for you to media the miracle natural option to start the contact.
Waiting for the natural option is a security evaluate. It stops a web page contacting out without some kind of individual relationships. That would be insecure and could be costly.
In brief, some internet explorer cure tel: URIs almost as a exclusive, and accepted, way of cross-site scripting (XSS). Check out one website at an innocent-looking URI, and end up rerouted to a different URI in a different program for a different objective.
So far, so excellent. But what's got Dylan's cigarette smoking receiver near exploding into fire is this: automated in-band signalling.
In-band signalling is when some exclusive personality blends, showing in your frequent information flow, are handled as management series.
As you can think about, this is the kind of bargain applied to carry comfort at the cost of security.
The natural chance of in-band alerts is one of the factors that FTP was developed to use two TCP relationships, one confident and one incoming - so that the information and management programs were kept individual. It was also one of the factors why FTP withered for information in give preference to of HTTP, which uses just one route and thus performs more quickly.
Mobile figures assistance a number of in-band requirements with the special combined name of Unstructured Additional Service Data (USSD). As Wikipedia notices, in its exclusively irregular yet useful style:
The individual consists a concept — usually rather mysterious — on the cellular phone key pad. The cellular phone delivers it to the cellular phone company system, where it is obtained by a laptop computer or computer devoted to USSD. The response from this laptop computer or computer is sent back to the cellular phone. The response could be seen on the cellular phone display, but it is usually with a very primary demonstration. The information sent over USSD are not described by any standardisation body, so each system owner can apply whatever it discovers appropriate for its clients.
Sounds like a formula for misunderstandings, if not actually catastrophe, doesn't it?
So, what does a USSD look like? Perhaps the best-known, and the one used by Dylan on his trial web page, is to get into *#06# to pop up your cell phone's formal recognition variety, better known at the IMEI.
If you kind *#06# into the dialler on your own cellular phone, you may very well see that the IMEI bursts up as soon as you media the ultimate # key.
Although some diallers notify you that you're near leading to a USSD value - and give you an out-of-band caution so you can avoid it, which is useful - others do not. They acknowledge USSD requirements as you kind them in, on the reasons that you're not making a contact, so there's no need to delay for you to media the natural option.
This indicates, if you look through to Dylan's check web page and your IMEI bursts up without any further relationships, that you are at chance of a possibly deadly mixture - deadly to your information, anyway.
This is because many cellular phones offer a USSD control for "factory reset". It's developed to be hard to kind by error - difficult, more or less. But it's not difficult for a miscreant to kind into a tel: URI on a malicious web page, and there's the rub. Or, actually, the clean.
What to do?
If your cellular phone is insecure - and if Dylan's web page says it is, it probably is - then Mr Reeve indicates setting up a third-party dialler program which is known to offer protection against the auto-activation of USSDs. That's guidance.
Your present web browser or dialler might be secure already. On my Search engines Nexus cellular phone, for example, operating Android operating system 4.1 with the Chrome web browser, viewing Dylan's web page does pop up the cellular phone dialler. But the *#06# USSD value is not auto-triggered - it just seems to be as a variety you haven't dialled yet. As far as I can see, the dialler only procedures the in-band USSD requirements if they are entered in by hand. That's excellent.
(Before you set up a product new dialler app - and you realized I wouldn't avoid a little promotion somewhere in the content, didn't you? - you might also consider a journey to the Perform Shop to set up Sophos Mobile Security. Free, you get anti-virus, anti-malware, anti-spyware, anti-adware, loss and security from robbery, plus a number of really easy-to-use security and comfort consultant resources.)
The main point here here is this: get into the addiction of assistance up your cellular phone. Whether you select to believe in the reasoning, or synchronise to your laptop computer, or just duplicate important data files to detachable storage space, don't take the long-term information reliability of your cellular phone for provided.
You might experience a hysterically-funny-to-some-childish-haxxor distant manufacturer totally reset. It could occur.
But you might also keep your cellular phone in the pub, have it nicked from your bag, or fall it catastrophically onto the only tangible area for thousands of meters in every route (like I did a number of several weeks ago, on a warm Weekend springtime mid-day that was going beautifully up to that point).
If your digital life is at danger from an surprising manufacturer totally reset, then you need to re-arrange your digital way of life.
Assume that all your technology might crack at any time, and that at least some of them will.
Android Operating System
Sunday 9 September 2012
Android is a Linux-based operating system for mobile devices such as smart phones and tablet
computers, developed by Google in conjunction with the Open Handset Alliance. Android was
initially developed by Android Inc, whom Google financially backed and later
purchased in 2005. The unveiling
of the Android distribution in 2007 was announced with the founding of the Open
Handset Alliance, a consortium of 86 hardware, software, and telecommunication companies devoted to advancing open
standards for mobile
devices. Google releases the
Android codeas open-source,
under the Apache
License. The Android Open Source Project (AOSP) is tasked with the maintenance
and further development of Android.
Android has a large community of developers writing applications ("apps")
that extend the functionality of the devices. Developers write primarily in a
customized version of Java, and
apps can be downloaded from online stores such as Google Play (formerly Android Market), the app store
run by Google, or third-party sites. In June 2012, there were more than 600,000
apps available for Android, and the estimated number of applications downloaded
from Google Play was 20 billion.
Android became the world’s leading smart phone platform at the end of
2010. For the first quarter of
2012, Android had a 59% smart phone market share worldwide. As of third quarter
2012, there were 480 million devices activated and 1.3 million activations per
day.
World of HTC
Wednesday 22 August 2012
Latest HTC Mobile Prices in pakistan HTCMobiles Prices are updated daily after checking from local Mobile Markets. Also check HTC Mobile Specifications, HTC MobilePictures, HTC MobileVideos and HTC Mobile Reviews.
Popular searches includes: HTC in pakistanMobile Prices, Mobile Prices in pakistan, HTC Mobile Prices, HTC Mobile Prices pakistan, HTC Mobile Phones, HTC
Mobiles Price List, HTC Mobiles Rates in pakistan, New HTC Mobile Phones, Up
Comming HTC Mobiles, HTCMobile Phones pakistan
Coming Soon...
HTC Introduction
Friday 17 August 2012
HTC Company Origins and Point of View
Founded in 1997, HTC built its reputation as the behind-the-scenes designer and manufacturer of many of the most popular OEM-branded mobile devices on the market.
Since 2006, it have regularly introduced many critically acclaimed mobile devices under its own brand, and their portfolio includes smartphones and tablets powered by the Android or Windows Phone operating systems.
They are dedicated to enabling a customized user experience based on the belief that each mobile device needs to fit its owner, and not the other way around. What they make is not merely the product of focus group tests, but of observing and honoring how individuals choose to interact with technology.
Their customers guide everything they do at HTC, and it’s this commitment that defines the company.
Founded in 1997, HTC built its reputation as the behind-the-scenes designer and manufacturer of many of the most popular OEM-branded mobile devices on the market.
Since 2006, it have regularly introduced many critically acclaimed mobile devices under its own brand, and their portfolio includes smartphones and tablets powered by the Android or Windows Phone operating systems.
They are dedicated to enabling a customized user experience based on the belief that each mobile device needs to fit its owner, and not the other way around. What they make is not merely the product of focus group tests, but of observing and honoring how individuals choose to interact with technology.
Their customers guide everything they do at HTC, and it’s this commitment that defines the company.
Success Starts Where It Ends: With the Customer
Strong recommendations from retailers, press reviews, consumer opinions, and friends and family, contribute to a high rate of product referrals, brand recognition and ongoing momentum. Combined, these recommendation channels nourish the connection between HTC and its discerning community as market share increases. And because we invest wholeheartedly in refining the personalized communications experience, we champion the customer as the hero through every stage of innovation.
Dedication to Experiential, Interactive Design
A focus on product design with performance, endurance, craftsmanship, and intuitive tools and interfaces ensures an elegant experience in a beautiful, minimalist package. HTC contributes a variety of innovations that include an amazing camera — cameras that rival leading point-and-shoot models and HD video that turns mobile screens into intimate, state-of-the-art theaters. And we make authentic sound a priority — we integrate Beats technology because it’s not just the music you play that matters, but also the quality of the sound. We recognize that, for our customers, a mobile device isn’t just a smartphone but an A/V entertainment system, communications control center and important instrument of individual expression, all in one.
A focus on product design with performance, endurance, craftsmanship, and intuitive tools and interfaces ensures an elegant experience in a beautiful, minimalist package. HTC contributes a variety of innovations that include an amazing camera — cameras that rival leading point-and-shoot models and HD video that turns mobile screens into intimate, state-of-the-art theaters. And we make authentic sound a priority — we integrate Beats technology because it’s not just the music you play that matters, but also the quality of the sound. We recognize that, for our customers, a mobile device isn’t just a smartphone but an A/V entertainment system, communications control center and important instrument of individual expression, all in one.
Innovation Through Collaboration
Its longstanding working relationships with fellow technology leaders such as Google, Microsoft and Qualcomm are more than strategic partnerships: They serve as active labs of research and development and product evolution. At HTC, collaboration is a means to a very important end: creating a holistic experience for the customer. Our partnerships ensure that hardware, software, and content management and delivery systems are united in seamless and intuitive ways that give consumers control.
Its longstanding working relationships with fellow technology leaders such as Google, Microsoft and Qualcomm are more than strategic partnerships: They serve as active labs of research and development and product evolution. At HTC, collaboration is a means to a very important end: creating a holistic experience for the customer. Our partnerships ensure that hardware, software, and content management and delivery systems are united in seamless and intuitive ways that give consumers control.
Empowering the Most Personal Experience
Discovering the best ways to integrate state-of-the-art technologies with effortless user experiences has always been, and will always be, in passion. New products simply enable and enhance these experiences. And when HTC customers share their personal experiences with its products, they speak with passion and conviction. That’s why it encourage, embrace and celebrate users sharing their perspectives. The strength of the HTC community lies in its authenticity; it’s the most accurate and honest voice of real-world understanding available. It insist on seeing through the eyes of this community, because doing so teaches, challenges and prods to get better at what they do — empowering HTC customers through personal experience.
Discovering the best ways to integrate state-of-the-art technologies with effortless user experiences has always been, and will always be, in passion. New products simply enable and enhance these experiences. And when HTC customers share their personal experiences with its products, they speak with passion and conviction. That’s why it encourage, embrace and celebrate users sharing their perspectives. The strength of the HTC community lies in its authenticity; it’s the most accurate and honest voice of real-world understanding available. It insist on seeing through the eyes of this community, because doing so teaches, challenges and prods to get better at what they do — empowering HTC customers through personal experience.
HTC Product Innovation “FIRSTS”
- Smartphone with Beats Audio – HTC Rezound (2011)
- 4G LTE smartphone on Verizon and AT&T – HTC ThunderBolt and the HTC Vivid (2011)
- 4G smartphone launched in the U.S. – the HTC EVO 4G on Sprint (2010)
- HTC Sense smartphone – HTC Hero (2009)
- Integrated GSM/WiMAX 4G phone launched in the world (Russia) – HTC Max 4G (2008)
- Android device – T-Mobile G1 (2008)
- Microsoft Windows Mobile 6 Pocket PC with intuitive TouchFLO touch screen technology – HTC Touch (2007)
- Tri-band UMTS 3G device on the Microsoft Windows Mobile platform – Cingular 8525 (2006)
- Tri-band UMTS PDA (2005)
- 3G Microsoft Windows Mobile 5.0 device – HTC Universal (2005)
- 3G CDMA Windows Mobile 5 phone – PPC-6700 (Sprint) and XV6700 (Verizon) (2005)
- Microsoft Smart Music Phone – SDA/SDA Music (2004)
- Large 2.8" TFT touch-screen LCD display – O2 XDA/T-Mobile Germany MDA/T-Mobile PPC Phone (2002)
- Microsoft-powered smartphone (“Stinger”) – the SPV (2002)
- Microsoft wireless Pocket PC – XDA, MDA and PPC (2002)
- Microsoft Pocket PC – Compaq iPAQ (2000)
- Color palm-size PC (1999)
Subscribe to:
Posts (Atom)
