Android Malware Trend Continues, GingerMaster Targeting Gingerbread

The first piece of malware for Android 2.3 ‘Gingerbread’ has been spotted. Working alongside  NetQin  –  a mobile security firm, security researcher  Xuxian Jiang  has located and detailed the inner workings of GingerMaster, the first piece of malware that attacks Android Gingerbread.

Using Gingerbreak, which is the  the latest exploit for gaining root access to Gingerbread, the malware gathers information about the infected device and sends it to a remote server. In addition to exfiltrating the IMEI, phone number and SIM serial, GingerMaster creates a backdoor root shell, stored in the system partition in an attempt to survive after software upgrades, to allow for an attacker to access the device at will.

The malware also acts as a trojan horse. Registering on a remote server, the application will sit and wait for instructions on a ‘command and control’ channel. This allows for an attacker to remotely trigger events, such as downloading and installing more malware without the user knowing or reading personal information saved on the phone.

With more and more malware for Android popping up, looking to mobile security software  as a means to protect your device is a good choice, but using more common sense with downloading applications from official stores and understanding the risks of giving permissions to apps, is a better way to protect yourself from these threats. While both Google and Apple are looking for ways to implement a “kill switch” for unauthorized devices or applications, this is a reactive measure to an inherent problem with all security implementations – they rely on the user.

HTC And ‘Beats by Dr. Dre’ Partnering To Serenade Smartphone Users

Although you might have heard about “Beats Audio” thanks to the HP Touchpad, feel free to unlearn that correlation. It looks as if Hewlett-Packard has missed their chance to really let their devices stand out in the mobile space, as news that HTC and Beats Electronics have officially announced a partnership in efforts to ‘redefine the smart phone category and redefine the way sound is heard‘.

If you’re questioning this and are concerned that it sounds too good to be true, you might be on to something. Beats by Dr. Dre  is manufactured and distributed exclusively under license to Monster Cables. Yes, Monster Cables, the same company that produces audio and video cables that sell for a exorbitant mark-up price because they can.

As posted on the “Beats by Dr. Dre” blog and reported by AllThingsD, the partnership is an attempt to redefine the sound on smartphones and mobile devices. HTC will be able to use the brand as a huge key differentiator in the battle for victory in the smartphone race, as it’s one of the major issues that OEMs are having when deploying new devices and marketing to users — answering the question of “what makes our phone different?”. HTC can market a premium sound experience by leveraging the current success of Beats by Dr. Dre in popular culture.

The obligatory article pun? The partnership is to the tune of 300 million dollars.

Look Out RIM, US Govt Testing iPad & iPhone For Security Standards

Given Apple’s recent Q2 numbers  indicating a 113% growth in iPhone sales, it’s no real surprise that people love their iOS devices. Many businesses and organizations have been slowly loosening their grip on forcing employees to use ‘sanctioned’ devices (read: BlackBerrys) in order for provisioning and providing support on their corporate network. Employees are now being allowed to put their consumer devices to business use, provided they meet certain requirements. The US government is no different.

The US Department of Commerce recently signed off on a $44,000  purchase of ‘Apple Equipment’, which consists of 55 iPad 2 tablets and 5 16GB iPhone 4s. The acquisition request was put through by the National Institute of Standards and Technology  (NIST) and was approved just a few days ago. One of the most relevant things to keep in mind, is that NIST provides mandates and standard procedures for FISMA (Federal Information Security Management Act of 2002). Among other things, FISMA governs the development, documentation and implementation of information security and information systems within government agencies. Federal Information Processing Standards (FIPS) are used to define standards developed by the US federal government for implementation in computer systems. This is where FIPS-140-1 and FIPS-140-2 come into play, which define a standard for cryptography modules.

As seen above, NIST has recently updated their Cryptographic Module Validation Program Process List  (PDF) to include both the iPad and iPhone FIPS cryptographic module tests. Both are in IUT (Implementation Under Testing) phase as of August 1st, 2011. This comes just after RIM announced the PlayBook to be the first FIPS-140-2 compliant tablet  for deployment within federal agencies.

Could this be an indicator that the US government is aggressively looking to bring iOS devices to their federal workforce instead of simply renewing contracts with Research in Motion for legacy BlackBerry devices? RIM has had the government supply market locked up for decades, it’s a very strict niche, but if anybody can force their way through, it’s Apple.

Nokia X7 Review

The Nokia X7 is not a ground breaking phone, but it is the first device to ship with Symbian Anna / PR2 (officially) on it. Unfortunately it’s also the only device that has actually begun shipping, except for the exclusive pink N8. Symbian Anna brings many welcomed changes that legacy users have been clamoring for. The interface has changed slightly, thanks to a new icon format and inclusion of the Nokia Pure font. The photo gallery and camera interface took a serious overhaul while the browser received a performance bump but still remains ugly and borderline unusable.

Read on for a mini-review on the X7.

Continue reading Nokia X7 Review

PlayBook App Player For Android Apps Appears

What was promised by Research in Motion, back before the launch of the PlayBook, was apps…Android apps at that. The PlayBook launched and immediately took a vertical nosedive due to missing important features such as a native e-mail, calendar and even contact support. The spotlight was quickly taken away while RIM fended off anonymous employee letters describing their downfall.  It’s hard to imagine things are about to change with leaked software, especially when  employees are  moving to competitors.

The well talked about, but never seen, ‘Android app player’ for the PlayBook has been leaked by N4BB, a BlackBerry enthusiast site. In what can only be described as a “boneheaded move” by RIM, pertinent package information containing links to the unreleased player were stored within an easily accessed file for an update to their desktop managing software.

The app player provides a secure chrooted environment containing Dalvik runtimes to allow the PlayBook to seamlessly run supported Android applications atop their QNX platform. The technology works extremely similar to Myriad’s Alien Dalvik  which was demoed on a Nokia N900 in February at Mobile World Congress in Barcelona.

Although it is a poor substitute for actual native applications, leveraging the ecosystem of a competitor is a move that has many analysts curious as to what is going on inside RIM. A good experience with Android apps on the PlayBook may drive users to purchase one of the many Android tablets available, tossing away their mediocre BlackBerry paperweight. On the other had, a poor experience with Android apps on the PlayBook will leave users shaking their hands on the way to purchase a real Android tablet, again, tossing away their mediocre BlackBerry paperweight. RIM has some serious decisions to make as to their future.

If you’re one of the (un) lucky few with a PlayBook, the leaked file is hosted on servers managed by RIM, so if you’re planning on getting the “real deal” make sure you act fast before it’s pulled. Hosting mirrors will allow you to get it no matter what, while keeping RIM busy, but to be sure you’re getting a vetted installer, you might want to wait until it’s publicly available.

Via N4BB

RIM Senior Product Manager Defecting To Samsung As Marketing Director

In a bizarre yet carefully calculated move, Ryan Bidan, Senior Product Manager at Research in Motion, has announced he will be leaving RIM for a position with Samsung Telecommunications America as the Director of Product Marketing. Bidan is well known for his role in the launch of the PlayBook, which is RIM’s first play into the tablet market.  While the PlayBook itself wasn’t very well received by early adopters, it’s arguable that the launch and hype behind the device was a success. With rumors of RIM selling 250,000 units in the first month, it’s definitely a positive note Ryan is leaving on.

Bidan follows what is almost a steady stream of senior suits who have recently left the company, presumably jumping ship before it’s too late. The industry knows all too well the moves that RIM is making; splitting efforts between multiple operating systems, stagnating with their hardware and design efforts, and to top it off they have internal red tape and bureaucracy that stifles creativity. These are some of the telltale signs that Nokia had before their big shakeup and partnership with Microsoft. While nobody knows where RIM is heading, we do know that RIM has previously advised they were expecting a drop in profits as well as a reduction in workforce in order to compensate for losses.

While neither Samsung nor RIM have confirmed the news, Ryan’s LinkedIn page speaks for itself, showing his past position at RIM with his current one in big bold letters. A recent tweet by @ryanbidan corroborates his LinkedIn profile position in Dallas and eludes to his relocation in the near future.

Nokia’s Windows Phone 7 ‘Sea Ray’ Taken Out Of Testing Shell

It would seem that Nokia is having a hard time keeping things under wraps when it comes to their recently leaked Windows Phone 7 device, the ‘Sea Ray’. First unveiled by CEO, Stephen Elop in a “super confidential” showing, the Sea Ray carries the same design cues at the Nokia N9, save for a few external changes such as camera component arrangement as well as the addition of camera key.

In what appears to be an assembly factory, the ‘Sea Ray’ is removed from a bulky disguise case, taken for a quick hardware tour and is turned on. A new “7” boot animation as well as many other subtle UI changes indicate the device is running the ‘Mango’ build of Windows Phone 7. The usual front facing capacitive buttons, Back, Home and  Search are present along with a covered microUSB port on the top, a domed power button and 3.5mm headphone jack. Presumably the third side button below the volume keys is for locking and unlocking the device.

Although this won’t be the first device to have Mango on it, the Sea Ray is rumored to be Nokia’s first Windows Phone 7 device to launch and is said to be available in the coming 2012 year. A step off of the proverbial ‘burning platform‘ and into cold waters. A ray  of light in a cold and dark sea. Hopefully it can keep the company afloat.

Via WPCentral

HTC’s Unlocked Bootloader Promise Coming To Fruition In Canada First

Back in the beginning of June, HTC declared some of their high-end devices would be receiving updates to unlock the bootloaders, the first round to include the T-Mobile Sensation and the Sprint Evo 3D. Well, it would seem that Canada is getting the first device to ship with an unlocked bootloader. Rogers Wireless, a national carrier in Canada, will have an exclusive launch of the Evo 3D in the coming months alongside the LG Optimus 3D.

A Rogers spokesperson has commented on their support site, Rogers RedBoard, indicating that the Evo 3D will be available “this summer” and will have an unlocked bootloader.

The Evo 3D was announced by HTC back in June, recently became available through carriers and was billed as the first “glasses-free 3D smartphone”.

HTC indicated that August would be the initial transition date for devices to receive updates in order to allow for users to flash their own firmware images (ROMs) that aren’t cryptographically signed. While Google explicitly allows (and partially encourages) their “Nexus” line of devices to be easily unlocked, generally, this voids the warranty of a device and should be left as an option to experienced developers and power users. Custom ROMs are the bread and butter of Android when it comes to customization and developing; they allow for much more control as to what software comes pre-installed, supported languages, as well as many performance and security updates that are rolled into a single package. Having more devices that can receive timely updates means more users will be purchasing hardware and putting money directly in HTC’s pocket.

Whether the software update will be available to existing Evo 3D users before Rogers customers have it in their hands is unknown, but a small victory for Android developers is imminent.

Via MobileSyrup

CyanogenMod 7 Has Half A Million Served

Rejoice Android ROM community, CyanogenMod has recently topped over 500,000 unique installs of the latest major version release, CyanogenMod 7. Supported by a team of developers, maintainers, and community staff, CyanogenMod has become one of the most popular customized aftermarket ROMs for Android devices. In fact, it’s officially available for 28 different devices (including tablets and ebook readers) but runs perfectly fine on a total of 44 unmentionables.

What started out as a small project to update and customize the first Android handset, the HTC Dream, has now turned into a huge effort to provide devices with not only the latest and greatest version of Android, but to provide users with phones that are highly optimized, free of carrier branding and have features that may have been previously disabled.

According to CyanogenMod installation statistics, the HTC Desire (codenamed Bravo) has over 70,000 of the aforementioned half a million installations, followed by the HTC Evo 4G (Supersonic) at just over half with roughly 39,000 installs. While this is a great milestone for the ROM community as a whole, when contrasted with the fact that  500,000 Android devices are being activated daily, it becomes glaringly obvious that many regular consumers are running out-of-date versions of Android that have been hampered by carriers and OEMs who want to brand their devices.

The efforts of a single soul have come a long way, so congratulations to cyanogen  and the entire CM Community  on their milestone mark. The more users taking control of their own devices, means the less carriers can control.

Nissan LEAF In-Car Computer Leaks Location Information

The Nissan LEAF (Leading, Environmentally friendly, Affordable, Family) car is currently being put through the paces in the hands of Casey Halverson, a network engineer at InfoSpace. At the heart of the LEAF is CARWINGS, a “telematics system” used for plotting and displaying various internal functions such as energy consumption, charge status as well as the ability to display content pulled from the internet.  Nissan has taken the technology of the car and is attempting to empower users with it by providing information about the car instantly through iPhone apps and an always-connected web app. Unfortunate for many LEAF owners, it would seem that Nissan may have overlooked customer privacy when developing the system.

In addition to requesting data through an RSS feed, CARWINGS takes it upon itself to pass along your current location in the form of  GPS co-ordinates, speed, direction and more. What’s worse, is that any configured feed is given the information and it can be harvested by third parties.

While there are many legitimate uses for providing these details, such as location-aware feeds for weather, driving directions or even traffic details – it would seem that at no time is this told to users and no option is available for opting out.

A video documentation shows off CARWINGS in use, set up with a simple feed that takes the information the LEAF has stored and provides it back to the user. Whether or not LEAF owners will consider this a gross invasion of privacy due to how such information can be leverage or if they find it a nice luxury that they don’t have to enter in their current location to see it’s raining will largely depend on how Nissan explains to the general customer why they share this information.

Via SeattleWireless