Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com) 45

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Facebook

Facebook Open Sources Its Network Routing Platform Open/R (techcrunch.com) 28

Facebook will open source its modular network routing software Open/R, currently used in its backbone and data center networks, which "provides a platform to disseminate state across the network and allows new applications to be built on top of it." An anonymous reader quotes TechCrunch: Facebook obviously has unique scale needs when it comes to running a network. It has billions of users doing real-time messaging and streaming content at a constant clip. As with so many things, Facebook found that running the network traffic using traditional protocols had its limits and it needed a new way to route traffic that didn't rely on the protocols of the past, Omar Baldonado, Engineering Director at Facebook explained... While it was originally developed for Facebook's Terragraph wireless backhaul network, the company soon recognized it could work on other networks too including the Facebook network backbone, and even in the middle of Facebook network, he said. Given the company's extreme traffic requirements where the conditions were changing so rapidly and was at such scale, they needed a new way to route traffic on the network. "We wanted to find per application, the best path, taking into account dynamic traffic conditions throughout the network," Baldonado said.

But Facebook also recognized that it could only take this so far internally, and if they could work with partners and other network operators and hardware manufacturers, they could extend the capabilities of this tool. They are in fact working with other companies in this endeavor including Juniper and Arista networks, but by open sourcing the software, it allows developers to do things with it that Facebook might not have considered, and their engineering team finds that prospect both exciting and valuable.

"Most protocols were initially designed based on constrained hardware and software environment assumptions from decades ago," Facebook said in its announcement. "To continue delivering rich, real-time, and highly engaging user experiences over networks, it's important to accelerate innovation in the routing domain."
Verizon

Verizon: No 4G-Level Data Caps For 5G Home Service (pcmag.com) 56

Verizon recently announced that its upcoming 5G home internet service will not have the kinds of data limits you expect from current wireless services. It will reportedly be able to handle the average data load of a FiOS customer, and it won't be throttled down to 4G gigabyte caps. PC Magazine reports: Verizon has been trying out its new 5G home internet service for months. In a tour of its New Jersey lab, we got a closer look at the 5G antenna setup we saw at Mobile World Congress in February. It's a silver device the size of a paperback book, which connects to a Wi-Fi router with a display. You're supposed to put in a window facing Verizon's 5G service tower. In the test lab, engineer David Binczewski (below) showed us how the company is still working through the challenges of high-frequency, short-distance, millimeter-wave 5G -- most notably, how to penetrate various materials. In a chamber designed to test new 5G devices, he held up a piece of wood between a 5G emitter and a receiver, and we watched the signal fuzz out a bit on a nearby equipment screen. During a roundtable, VP of network support Mike Haberman, some other Verizon folks, and the assembled journalists agreed that an average data cap in the vicinity of 180GB/month would satisfy the average consumer. That's far more than Verizon's current 4G traffic management limit, where folks who use more than 22GB get sent to the back of the line if a tower is congested.
Music

Apple's HomePod Gets Delayed Until 2018 (theverge.com) 48

Apple has reportedly delayed the release of its HomePod smart speaker until 2018. In a statement to The Verge, Apple says that it needs more time to work on the device. "We can't wait for people to experience HomePod, Apple's breakthrough wireless speaker for the home, but we need a little more time before it's ready for our customers," an Apple spokesperson said. "We'll start shipping in the U.S., UK and Australia in early 2018." From the report: The speaker was originally set to be released in December. Priced at $349, the HomePod is slated to take on higher-end sound systems like Sonos, as well as smart assistants like the Amazon Echo and Google Home. The cylindrical speaker features a seven-speaker array of tweeters, a four-inch subwoofer, and a six-microphone array, which puts it right on par spec-wise with the best speakers in its price range, but where it may fall short is Siri, which isn't really in the same class as Alexa or Google Assistant. That challenge is likely why Apple's focus at the launch of the HomePod back at WWDC in June was music first and smart features second.
Android

OnePlus 5T Featuring 6-inch AMOLED Display, 3.5mm Headphone Jack Launched (wired.com) 54

Chinese smartphone maker OnePlus, which has been lauded by consumers for offering phones with top-of-the-line specs at a reasonably affordable price range, on Thursday at an event in New York announced its newest flagship smartphone. Called the OnePlus 5T, the handset sports a 6.01-inch AMOLED screen (screen resolution 1080 x 2160) manufactured by Samsung in a body that is roughly of the same size as the 5.5-inch display-clad predecessor OnePlus 5. The secret sauce is, much like Samsung, LG and Apple, OnePlus has moved to a near bezel-less design. The company is not getting rid of the fingerprint scanner though, which it has pushed to the back side. The front-facing camera, additionally, OnePlus says, can be used to unlock the device. Other features include a 3,300mAh battery with the company's proprietary Dash Charge fast-charging tech (no wireless charging support -- the company says at present wireless charging doesn't really add much value to the device), top-of-the-line Qualcomm Snapdragon 835 processor with Adreno 540, 6GB of RAM with 64GB of storage (there is another variant of the phone which offers 8GB of RAM with 128GB of space). As for camera, we are looking at a dual 16-megapixel and 20-megapixel setup in the back. One more thing: the phone has a headphone jack and it runs Android 7.1 out of the box. The OnePlus 5T will go on sale in Europe, India, and the United States starting November 21st, with the base model priced at Euro 499, INR 32,999, and $499, respectively. The high-end variant is priced at Euro 559, INR 37,999, and $559. Wired has more details.
AT&T

Verizon, AT&T Announce Plans To Build and Share Hundreds of New Cell Towers (fiercewireless.com) 34

An anonymous reader shares a report: Verizon and AT&T announced a joint venture with Tillman Infrastructure to build and share hundreds of cell towers in more in a move that is sure to be seen as a threat to more established tower companies. The companies said the new structures "will add to the overall communications infrastructure in the United States," filling gaps in current tower footprints, but will also enable the nation's two largest network operators to relocate equipment from towers they're currently using. Construction plans on the first towers will begin early next year and will come online "quickly" as they are completed.
AT&T

Justice Department Tells Time Warner It Must Sell CNN Or DirecTV To Approve Its AT&T Merger (nytimes.com) 118

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): The Justice Department has called on AT&T and Time Warner to sell Turner Broadcasting, the group of cable channels that includes CNN, as a potential requirement for approving the companies' pending $85.4 billion deal, people briefed on the matter said on Wednesday. The other potential way the merger could win approval would be for AT&T to sell its DirecTV division, two of these people added. As originally envisioned, combining AT&T and Time Warner would yield a giant company offering wireless and broadband internet service, DirecTV, the Warner Brothers movie studio and cable channels like HBO and CNN. If the Justice Department formally makes either demand a requisite for approval, AT&T and Time Warner would almost certainly take the matter to court to challenge the government's legal basis for blocking their deal.
Businesses

Failure of Sprint/T-Mobile Merger Means a Missed Chance To Save $30B (kansascity.com) 127

UPDATE (11/5/17): Sprint and T-Mobile confirmed Saturday that they've ended their merger talks, saying they were "unable to find mutually agreeable terms." The Kansas City Star reports that the failure "means shareholders of the two companies gave up $30 billion or more in cost savings that their managements had expected a merger to generate.

"One combined wireless company would have needed to invest less in its network than the two competing companies spend separately... Absent a merger, Sprint now faces a highly competitive marketplace as the smallest national player and with a more aggressive rival in T-Mobile."

Several news outlets had already reported on Monday that Japan's conglomerate SoftBank, which owns Sprint, has pulled the plug on a proposed merger between the two carriers. From a report: SoftBank will reportedly propose ending merger talks with T-Mobile parent company Deutsche Telekom as soon as Tuesday, October 31st. That's according to Nikkei, which says that SoftBank wants to end merger talks due to "a failure to agree on ownership of the combined entity." It's said that Deutsche Telekom insisted on a controlling stake of the combined T-Mobile-Sprint, and that some people at SoftBank were okay with that as long as SoftBank had some sort of influence. However, SoftBank's board recently decided that it wouldn't give up control, and today it decided that it wants to call off the merger talks.
Last Monday Sprint and T-Mobile shares both fell immediately following the media reports.
Upgrades

Xbox One X is the Perfect Representation of the Tech Industry's Existential Crisis (mashable.com) 190

A reader shares commentary on the newly launched Xbox One X gaming console: Fundamentally, Xbox One X is the same machine that Microsoft released in 2013. It plays the same games, runs the same apps, depends on the same operating system. You can still plug your cable box into it and watch OneGuide magically sync with your local TV listings. Most of the things you can do look a little better and run a little faster/more efficiently, sure. The actual casing is smaller than the previous iterations, too. It's a gorgeous $500 machine. That's why I keep eyeballing it. My brain screams, "Why do you exist?" The Xbox One X does not answer. This is a familiar problem in 2017. Look around at all the tech in your life and do a quick, informal poll: How many of those items become outdated every year or every few years when a newer, shinier version of the same thing comes along? I'm talking about your iPhone and iPad. Your Amazon Echo and Kindle. Your Pixel and Daydream VR headset. Your Apple Watch. Your Roku, your Apple TV, your Chromecast. Incremental upgrades that push features like 4K! HDR! Wireless charging! Slimmer design! No headphone jack! (Wait, no, that last one is awful.) Breathless bullet point after breathless bullet point. Some of these additions have genuine utility and add value to the product. Many don't, or depend on you also possessing some other piece of incrementally upgraded tech (like the kinds of fancy-shmancy TVs that play the nicest with Xbox One X).
AT&T

Department of Justice Considers Blocking AT&T Deal For Time Warner (reuters.com) 32

An anonymous reader quotes a report from Reuters: AT&T and the U.S. Department of Justice are discussing conditions the No. 2 wireless carrier needs to meet in order for its acquisition of Time Warner Inc to win government approval. The $85.4 billion deal, hatched last October, is opposed by some consumer groups and TV companies on the grounds that it would give the wireless company too much power over the media it would carry on its own network. Donald Trump, who has accused media companies like Time Warner's CNN of being unfair to him, criticized the deal on the campaign trail last year and vowed that as president his Justice Department would block it. The proposed deal represents an early challenge for the Justice Department's new antitrust chief, Makan Delrahim, a Trump appointee who was confirmed by Congress in late September. Delrahim may be looking to ramp up pressure on AT&T. The Wall Street Journal reported that the Justice Department was laying the groundwork for a potential lawsuit aimed at stopping the deal if settlement talks did not work out.
Cellphones

Razer Unveils Gaming Smartphone With 120Hz UltraMotion Display, 8GB RAM and No Headphone Jack (cnet.com) 168

Computer hardware company Razer has unveiled its first smartphone. While the design doesn't appear to be up to par with the competition, it does pack some impressive specifications under the hood. The Razer Phone features a 5.7-inch, 2,560x1,440-resolution display, Snapdragon 835 chipset with 8GB of RAM, 12-megapixel dual camera with a wide-angle lens and 2x optical zoom, 4,000mAh battery, dual front-facing stereo speakers, and Android 7.1.1 Nougat running out of the box. While there is a microSD card slot for expandable storage, there is no headphone jack, no waterproofing, and no wireless charging. The device also won't support CDMA carriers like Verizon or Sprint. CNET reports: [W]here most new flagship phones are shiny rounded rectangles with curved screens, the Razer Phone is unabashedly a big black brick. It flaunts sharp 90-degree corners instead of curved edges. You can even stand the phone on end. The 5.7-inch, 2,560x1,440-resolution screen is flat as a pancake, and you'll find giant bezels above and below that screen, too -- just when we thought bezels were going out of style. When the Razer Phone ships Nov. 17 for $699 or £699 -- no plans for Australia at launch -- the company says it'll be the first phone with a display that refreshes 120 times per second, like a high-end PC gaming monitor or Apple's iPad Pro. And combined with a dynamic refresh technique Razer's calling Ultramotion (think Nvidia G-Sync), it can mean beautiful, butter-smooth scrolling down websites and apps, and glossy mobile gameplay.
Music

Ambitious Augmented Reality Startup Doppler Labs Shuts Down (theverge.com) 24

Wired reports that Doppler Labs, the company behind Here One smart earbuds, has announced that it's shutting down all operations today. The Verge reports: Founded in 2013, Doppler Labs debuted the prototype of its Here Active Listening System two years later in 2015. The battery-powered earbuds, according to Doppler Labs founder and CEO Noah Kraft, were built to enhance sound in the world around you. By using the accompanying app, users could, in theory, apply any manner of EQ settings that did everything from reduce overwhelming bass frequencies at a concert to dim the midrange chatter of co-workers while in an office. Kraft's vision for Doppler's future was an compelling idea -- "we want to put a computer, speaker, and mic in everyone's ear" -- but the Here Active Listening System was met with mixed reviews. In 2016, the company announced a new version of the earbuds, now called Here One. Dubbed "augmented reality earbuds," these earbuds allowed for streaming audio via Bluetooth, combined with the sound-enhancement tools seen in the Here Active Listening System. It seemed to offer the best of both worlds: a way to not only blend music or content playing in-ear with ambient noise, but the ability to adjust that ambient noise as well. Unfortunately, in bringing Here One to market the company was met with a raft of problems. According to Wired, a manufacturer change pushed production delivery from the fall 2016 to February 2017. There was also bad news on the battery front. The company hoped to offer 4.5 hours of battery life using augmented hearing and three hours of music streaming, but the unit's Bluetooth chip wound up diminishing those expectations.
Businesses

Apple Is Designing iPhones, iPads That Would Drop Qualcomm Components (wsj.com) 131

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): Apple, locked in an intensifying legal fight with Qualcomm, is designing iPhones and iPads for next year that would jettison the chipmaker's components, according to people familiar with the matter. Apple is considering building the devices only with modem chips from Intel and possibly MediaTek because San Diego, Calif.-based Qualcomm has withheld software critical to testing its chips in iPhone and iPad prototypes, according to one of the people. Apple's planned move for next year involve the modem chips that handle communications between wireless devices and cellular networks. Qualcomm is by far the biggest supplier of such chips for the current wireless standard. The Apple plans indicate the battle with Qualcomm could spill beyond the courtroom feud over patents into another important Qualcomm business where it has the potential to send ripples through the smartphone supply chain.
Android

A Surge of Sites and Apps Are Exhausting Your CPU To Mine Cryptocurrency (arstechnica.com) 128

Dan Goodin, writing for ArsTechnica: The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites. The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App. Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms -- including Magento, Joomla, and Drupal -- are also being hacked in large numbers to run the Coinhive programming interface.
AT&T

DirecTV to Launch Android TV-Based OTT Set-Top Box (variety.com) 28

Janko Roettgers, reporting for Variety: AT&T's DirecTV is getting ready to embrace internet-based content delivery beyond its DirecTV Now service: The company is about to introduce a new TV set-top box that's based on Google's Android TV platform and ditches satellite connectivity for over-the-top streaming, according to a new FCC filing. The new device, which goes by the model number C71KW-400, is being described by these documents as "the new AT&T/DirecTV Wireless 4K OTT Client." A user manual published as part of the filings specifies that the device won't be able to interact with any of DirecTV's existing Genie hardware, and hints at a future hardware product called HS27. Helpfully, the manual also supplies a definition of OTT as "the delivery of video via the internet directly into user-connected devices, allowing access to services anywhere, anytime, on any device." The manual also reveals that the set-top will shop with a voice remote with integrated touch pad, and photos show that it has Ethernet, digital audio, HDMI and USB ports, but no antenna connectivity -- meaning that any and all programming will indeed come over the internet.
Android

Essential Is Getting Sued For Allegedly Stealing Wireless Connector Technology (gizmodo.com) 43

"Keyssa, a wireless technology company backed by iPod creator and Nest founder Tony Fadell, filed a lawsuit against Essential on Monday, alleging that the company stole trade secrets and breached their nondisclosure agreement," reports Gizmodo. Keyssa has proprietary technology that reportedly lets users transfer large files in a matter of seconds by holding two devices side by side. From the report: According to the lawsuit, Keyssa and Essential engaged in conversations in which the wireless tech company "divulged to Essential proprietary technology enabling every facet of Keyssa's wireless connectivity," all of which was protected under a non-disclosure agreement. More specifically, the lawsuit alleges that Keyssa "deployed a team 20 of its top engineers and scientists" to educate Essential on its proprietary tech, sending them "many thousands of confidential emails, hundreds of confidential technical documents, and dozens of confidential presentations." Essential ended this relationship after over 10 months and later told Keyssa that its engineers would use a competing chip in the Essential Phone. But Keyssa is accusing Essential of including techniques in its phone that were gleaned from their relationship, despite their confidentiality agreement. Central to this lawsuit is one of the Essential Phone's key selling points: the option to swap in modular add-ons, made possible thanks to the phone's unique cordless connector. In short, if Keyssa's claims hold water, then one of the phone's defining factors is a product of theft.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 140

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Microsoft

Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks (theverge.com) 136

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: "We have released a security update to address this issue," says a Microsoft spokesperson in a statement to The Verge. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices "in the coming weeks." Google's own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.
Security

WPA2 Security Flaw Puts Almost Every Wi-Fi Device at Risk of Hijack, Eavesdropping (zdnet.com) 262

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. From a report: The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: hackers can eavesdrop on your network traffic. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk. "If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website. News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.
Operating Systems

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users (bleepingcomputer.com) 164

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Slashdot Top Deals