Tag: discipline

Using Rowhammer bitflips to root Android phones is now a thing

Enlarge / An LG Nexus 5 at the moment it is rooted using Rowhammer-induced bit flips. (credit: van der Veen et al.) Researchers have devised an attack that gains unfettered “root” access to a large number of Android phones by exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips. The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit dubbed Rowhammer can have malicious and far-reaching effects on a much wider base of devices than was previously known, including those running ARM chips. Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren’t reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. Now, an international team of academic researchers is challenging those assumptions by demonstrating a Rowhammer exploit that alters crucial bits of data in a way that completely roots name brand Android devices from LG, Motorola, Samsung, OnePlus, and possibly other manufacturers. An app containing the researchers’ rooting exploit requires no user permissions and doesn’t rely on any vulnerability in Android to work. Read 17 remaining paragraphs | Comments

See original article:
Using Rowhammer bitflips to root Android phones is now a thing

AT&T has $80 billion deal to purchase Time Warner Inc. (and with it, HBO)

Enlarge (credit: Getty Images | Tim Boyle) Following up on news reported yesterday, AT&T has reached a deal to buy Time Warner Inc. for more than $80 billion,  The Wall Street Journal wrote today . The boards of the companies are meeting today to approve the merger, “with a deal likely to be announced as soon as Saturday evening.” Original story from yesterday follows: AT&T and Time Warner Inc. have recently met “to discuss various business strategies including a possible merger,”  Bloomberg reported Thursday . Discussions are still in early stages, according to Bloomberg’s anonymous sources. “The talks, which at this stage are informal, have focused on building relations between the companies rather than establishing the terms of a specific transaction, the people said, asking not to be identified as the deliberations are private,” Bloomberg wrote. “Neither side has yet hired a financial adviser, the people said.” Read 7 remaining paragraphs | Comments

See the article here:
AT&T has $80 billion deal to purchase Time Warner Inc. (and with it, HBO)

“Most serious” Linux privilege-escalation bug ever is under active exploit (updated)

(credit: michael ) A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade. What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild. “It’s probably the most serious Linux local privilege escalation ever,” Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. “The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” Read 6 remaining paragraphs | Comments

See more here:
“Most serious” Linux privilege-escalation bug ever is under active exploit (updated)

To beat crypto, feds have tried to force fingerprint unlocking in 2 cases

Enlarge (credit: Justin Sullivan / Getty Images News) Federal prosecutors in Los Angeles have been successful in getting judicial approval for two highly unusual searches. The warrants allowed the authorities to force suspects, who were inside their California homes, to press their fingerprints on a seized smartphone to see if it would unlock, Ars has learned. On Sunday, Forbes published the first-known redacted court filing associated with the search of a home in Lancaster, California, about 70 miles north of downtown Los Angeles. The 12-page memo  filed in federal court outlines the government’s argument as to why it believes it can conduct such a search under the Fourth and Fifth Amendments, which protect against unreasonable search and seizure, and against compelled self-incrimination, respectively. The Lancaster document is dated May 9, and Forbes managed to contact an unnamed resident at the home, who confirmed that the search had taken place. That person said that “neither they nor any relatives living at the address had ever been accused of being part of any crime, but declined to offer more information,” according to Forbes . Read 25 remaining paragraphs | Comments

See the original post:
To beat crypto, feds have tried to force fingerprint unlocking in 2 cases

Tesla bans customers from using autonomous cars to earn money ride-sharing

Enlarge On Thursday night, Tesla announced the new Model X and Model S electric vehicles will now come with the necessary hardware to allow them to drive completely autonomously at a future point in time. But buried in the notes about this new functionality there was also a warning to future Tesla owners: don’t expect to be able to use your EV driving for Uber, Lyft, or any other ride-sharing service that isn’t owned by Tesla. On Tesla’s website , the section that describes the new “Full Self-Driving Capability” (A $3,000 option at the time of purchase, $4,000 after the fact) states “Please note also that using a self-driving Tesla for car sharing and ride hailing for friends and family is fine, but doing so for revenue purposes will only be permissible on the Tesla Network, details of which will be released next year.” In Elon Musk’s ” Master Plan part 2 ,” the company’s CEO included plans for a Tesla ride-sharing network, which we know know will be called the Tesla Network. However, no other information about this program has escaped into the wild as yet. Read 2 remaining paragraphs | Comments

See the original article here:
Tesla bans customers from using autonomous cars to earn money ride-sharing

Teslas will now be sold with enhanced hardware suite for full autonomy

Enlarge (credit: Tesla) Late Wednesday, Tesla’s CEO Elon Musk announced that the company would be adding its own hardware to new all new Tesla cars to allow up to Level 5 autonomy. In the automotive industry, Level 5 denotes a fully self-driving vehicle. Musk said that it would be some time before Tesla’s software would advance to meet capabilities of the new hardware available, which the company is calling “Hardware II.” Still, the CEO stressed that all new cars would come with the new hardware suite, even if the software isn’t activated. The hardware includes eight cameras for a 360-degree view, twelve ultrasonic sensors, “forward-facing radar with advanced processing,” and an Nvidia Titan GPU that’s capable of 12 trillion operations per second. Read 9 remaining paragraphs | Comments

Visit link:
Teslas will now be sold with enhanced hardware suite for full autonomy

Millimeter-wave 5G modem coming mid-2018 with 5Gbps peak download

(credit: Qualcomm) Qualcomm is promising to launch its first 5G modem in 2018, even though basic standards for 5G have yet to be established , nor even which part of the radio spectrum it will use. Dubbed the Snapdragon X50, the San Diego chipmaker says its new modem will be able to deliver blindingly fast peak download speeds of around 5Gbps. The X50 5G will at first operate with a bandwidth of about 800MHz on the 28GHz millimetre wave (mmWave in Qualcomm jargon) spectrum, a frequency that’s also being investigated by Samsung, Nokia, and Verizon. However, the powers that be have far from settled on this area of the spectrum, with 73GHz also being mooted. In the UK, Ofcom is investigating several bands in a range between 6GHz and 100GHz. As the industry as a whole is a long way from consensus, this could be Qualcomm’s bid to get the final frequency locked down well before 2020—the year that 5G is expected to reach any kind of consumer penetration. Read 6 remaining paragraphs | Comments

Read the article:
Millimeter-wave 5G modem coming mid-2018 with 5Gbps peak download

iOS 10.0.3 fixes iPhone 7 cellular connectivity problems

Enlarge / The iPhone 7 and 7 Plus. (credit: Andrew Cunningham) Apple has just released iOS 10.0.3, a minor update to iOS 10 intended to fix cellular connectivity problems with the iPhone 7 and 7 Plus . Unlike most iOS updates, this one is available exclusively for the newest iPhones, since older iPhones and iPads running iOS 10.0.2  don’t seem to be affected. The problem seems to affect US users on Verizon the most consistently, and most users’ complaints say that the phones drop their LTE connections and either fall back to 3G speeds or lose connectivity altogether. Reports of similar connectivity problems have also come from AT&T users, and late last week, Bloomberg also reported on complaints from Chinese users who were losing their signals . Apple’s release notes don’t mention any particular countries or carriers, but iOS 10.0.3 will hopefully resolve the problems for everyone. Apple is also working on a major update to iOS 10, version 10.1, which adds the “portrait mode” feature to the iPhone 7 Plus’ dual-camera system and makes other tweaks. That update is currently in its third developer beta and will be released later this fall. Read on Ars Technica | Comments

Original post:
iOS 10.0.3 fixes iPhone 7 cellular connectivity problems

More than 400 malicious apps infiltrate Google Play

Enlarge (credit: Curious Expeditions ) Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday. One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post . Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server. The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network. Trend Micro has found 3,000 such apps in all, 400 of which were available through Play. “This malware allows threat actors to infiltrate a user’s network environment,” Thursday’s report stated. “If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard.” Read 4 remaining paragraphs | Comments

Link:
More than 400 malicious apps infiltrate Google Play

Leaker fined $1.2 million for uploading screener of The Revenant

Enlarge / Leonardo DiCaprio signs autographs for fans during the Tokyo premiere for “The Revenant” in March. (credit: Yuriko Nakao via Getty Images) The pirate who in December leaked The Revenant and The Peanuts Movie  days ahead of their US releases has been ordered to pay $1.2 million in restitution to 20th Century Fox and was also handed eight months of home confinement, federal prosecutors said . The defendant, William Morarity of the Los Angeles suburb of Lancaster, was working for an undisclosed studio lot when he unlawfully accessed watermarked, screener versions of the films and uploaded them to a private BitTorrent site ” Pass the Popcorn ,” according to his guilty plea  (PDF).  The Revenant was downloaded more than 1 million times and The Peanuts Movie more than 220,000 times, according to court documents . (PDF) Deirdre Fike, the assistant director in charge of the FBI’s Los Angeles field office, said the defendant’s behavior is a killer of creativity and jobs. “Mr. Morarity used his position of trust to gain access to sensitive intellectual property, then shared that content online and incurred large-scale losses to the owner of that property,” Fike said. “The theft of intellectual property—in this case, major motion pictures—discourages creative incentive and affects the average American making ends meet in the entertainment industry.” Read 3 remaining paragraphs | Comments

Read the original post:
Leaker fined $1.2 million for uploading screener of The Revenant