All posts by Simon LR

Nokia E7 Now Available For Pre-Order

After what has seemed to be forever, the Nokia E7 is currently available for pre-order in the Nokia USA store. Of course you’ll have to wait until the beginning of April until devices start shipping, that is if you choose to ignore some of the previous issues Nokia has had with getting devices in the hands of pre-ordering consumers before those who simply purchase on the day of availability. For $679.00 USD you’ll be getting the latest E-series device which packs a 4CBD — the largest screen on a Nokia device, as well as the usual slew of options for connectivity including WLAN (802.11b/g/n), Bluetooth 3.0 and penta-band 3G. Unlike many previous Nokia devices, the E7 has a limited 16GB of storage, that is, there is no microSD slot. Both the N8 and E7 support USB-on-the-Go which allows you to use an adapter to connect regular sizes USB thumb drives to your phone. The standard affair 8MP camera is on board, but again Nokia continues the trend of slightly limiting the device by opting for an Extended Depth of Field lens which does not support macro mode or focusing. Of course, like all recent Nokia devices, the E7 ships with Symbian^3 and has full support for Exchange, Office file editing and free lifetime navigation with Ovi Maps.The E7 is the latest Nokia device to feature a full sized QWERTY keyboard hidden behind a hinge that positions the screen at an optimal viewing angle. Constructed from anodised aluminum and gorilla glass, the E7 features a built-in 1200mAH battery that is not user-replaceable as well as a mini HDMI (Type C) port, a microUSB port and a camera capable of capturing HD video. Nokia says they will be supporting Symbian with firmware updates and the E7 is sure to continue with the trend. If you’re an avid Symbian user and appreciate having a full QWERTY keyboard, perhaps the Nokia E7 is right for you.

Sprint And Samsung Spying On Android (And You)

Carriers depend on their ability to control what goes over their network, from blocking foreign smartphones to forcing consumers onto high-tier data plans in order to subsidize the cost of devices, but some of the recent details on embedding metric tracking software on Android devices, while isn’t completely new, is invasive and provides carriers with a whole slew of what should be considered personal information.

The Android Creative Syndicate have been poking around in recent Android installs that come pre-loaded on Samsung devices from Sprint and have found Carrier IQ — what is being describing as “highly invasive, to the level of being spyware“. Carrier IQ is legitimately billed for tracking metrics and a “provider of Mobile Service Intelligent Solutions to the Wireless Industry”. In short, the software consists of daemons, libraries and small applications that provide detailed information to Sprint about your smartphone usage. The ACS (Android Creative Syndicate) advise that Carrier IQ hooks into the contents of SMS and MMS messages, battery and signal status, XML files that are opened as well as every web page visited. It can read each number that is entered into the phone dialer, details about open applications and is even tied into all data sent and received from the device.

Lead ROM Developer, k0nane, has posted screen shots showing the interface for enabling and disabling select services for the IQ Agent. He notes that all logging is disabled which hides the activities from users. ACS reports after removing the major traces of Carrier IQ they have noticed a significant increase in battery life and HTC Evo 4G users who have disabled similar services report increased speed and overall usability.

With the slew of recent malware found in the Android Market might we soon see more users taking to rooting their devices, installing custom ROM images that remove such bundled spywareand provide increased security by patching known holes? Hopefully Google can implement some strict rules for carrier customization as well as a different model for third party application access control.

Nokia Officially Bringing MeeGo To The N900

Despite the hoopla with Nokia and Microsoft partnering and disregarding the previously rumored talks of Nokia slowing development of MeeGo down, it would appear that Nokia has actually decided to dedicate another team to work at officially bringing MeeGo with a Handset UXto the Nokia N900.

Jukka Eklund, who is the Product Manager for MeeGo at Nokia, sent out an e-mail to the MeeGo development mailing list outlining the changes and plans for the near future;

Hi there,

I am thrilled to announce a little thing we started at Nokia. Basically we want to have MeeGo running in N900 device, so that it’s really usable as your daily development device. Basic Handset UX should work, phone calls, SMS, web browsing. So we are concentrating on a few selected features and polish those to be "perfect". It might mean that we leave out some things in MeeGo 1.2 trunk for this edition, but that is not the default intention.

We are doing this fully on the open, and I hope this is an interesting project where we all in the community work towards the same goal: have a great MeeGo edition in the N900. This work is naturally based on the great work done already by N900 adaptation team lead by Harri and Carsten.

The wiki is up here: http://wiki.meego.com/ARM/N900/DeveloperEdition. It will populated with more information as we go, thanks for the patience.

Br,
Jukka
Developer Edition product manager
twitter.com/jukkaeklund
IRC: jukka
http://www.linkedin.com/in/jukkaeklund

The amount of developers and resources being put into the project are not being disclosed and while the existing N900 adaptation team is an integral partof the project, some are celebrating the rebirth and are taking this as a revitalization of Nokia’s MeeGo work while others, more notably, Intel folk are showing their concern in taking such a task seriously. Intel’s Senior Staff Software Engineer, Adriaan van de Ven rebutted with his thoughts;

I would like to urge you to push on this; we’ve been bitten rather badly
in MeeGo in the past in this respect (promising of features as part of
architecture choices, but then never getting those open sourced),
  and I’m sure that you, as the lead of this new project, can fix a
bunch of these; after all it sounds like you’re serious about MeeGo.

The team hopes to bring MeeGo 1.2 to the unwashed masses in form of a Developer Editionwith the functionality of calls, SMS and web browsing. Whether or not this means Nokia plans on healthy development of MeeGo or simply providing minimal resources to keep the project alive is really and truly unknown. Stephen Elop, CEO of Nokia, previously stated that Symbian is here to staybut also mentioned MeeGo being a disruptive technologyfor future trends and investments. The future of MeeGo is currently blowing in the proverbial wind.

RIM Bringing Blackberry Messenger To iOS And Android

The Boy Genius Report is currently reporting that RIM is poised to port Blackberry Messenger over to iOS and Android devices. RIM has held Blackberry Messenger (BBM) in high regards as a tool to instantly and securely chat with friends and co-workers through Blackberry devices, exclusively. A huge push in marketing BBM to consumers went off in 2010 and it would seem RIM is now taking it to the next level. Many users love Blackberry Messenger due to the fact that it’s carrier-independent, has read/replied/delivered status and is completely free of charge once there is an internet connection, RIM is hoping to build out this BBM user-base by offering the service on Apple’s iOS devices as well as certain Android handsets.

Offering a minimally functioning client may persuade users to jump ship to Blackberry devices in order to get full featured capabilities. Users of third party devices would either be charged a one-time fee for the application or a re-occurring fee to use the service. This would seemingly allow RIM to dominate “mobile IM” market by allowing cross platform communications built atop their industry leading infrastructure. For this to be successful, RIM needs to bring the same experience that many Blackberry Messenger users rave about, but entice users to want more and to purchase a Blackberry device in order to really experience the capabilities of the service.

There is no word on when this will be available nor what terms it will be available with, as this is a rumor — but with the state that RIM is currently in, it’s very plausible.

Android 2.3 Still Vulnerable To Previously “Fixed” Data Theft

Do you remember that old vulnerability in Android 2.2 that allowed an attacker to grab data off an SD card, provided they knew the absolute path of a file and were able to get a user to visit a specially crafted site? Well, Google specifically stated they would fix the issue in 2.3 Gingerbread. It would seem that they did indeed patch something in a hotfix – but the issue cropped up again. Xuxian Jiang, an assistant professor in the Department of Computer Science at North Carolina State University has confirmed with Google’s Security team that a related vulnerability still exists in the “shipping” branch of Gingerbread. This means that the fabled Nexus S is being boxed, bought and used with a very exploitable security hole. Fortunately, the team says they are unaware of any active exploitation of this in the wild.

With manufacturers and carriers only now upgrading devices to the old and relatively antiquated releases of 2.1, how many devices does this leave vulnerable? As far as it’s known, 2.2 devices have not received an update that completely closes this security hole. It also looks as if all the new devices on the horizon that are slated to be released with Android 2.3 may be vulnerable to this as well. Google may deny that fragmentation is a problem for users, but when security is at hand and you can’t patch your mobile device due to the OS being fingered by 3 different companies before you get it (Google, OEM, carrier) then it should be a huge concern for consumers. For those enterprising users who want take all attempts to reduce their risk, it is recommended that you use a third party browser or completely disable javascript in the stock browser until the issue is resolved.

Entire CDMA BlackBerry Lineup Leaked

If GSM isn’t your thing and the previously leaked BlackBerry devices don’t interest you, you should be pleased to know that the folks at CrackBerry have turned up what looks to be the entire 2011 CDMA device lineup from RIM.

In what is titled “NARC BlackBerry Roadmap” and stamped as “Strictly Confidential” 7 different devices are indicated along with they respective estimated launch/availability dates. Of course, the PlayBook is shown for the next quarter of 2011 and will be the first tablet   device from RIM to use their new QNX-based platform.

The presentation slides detail upcoming smartphone devices such as the Montana, Monaco and Malibu – a series of new touch screen smartphones that will be sporting BlackBerry 6.1 along with what RIM is calling BlackBerry Evolution 6, a highly integrated and seamless user experience with social networking, universal search as well as HTML5 and NFC capabilities.

It is quite clear that RIM hopes to push further and further into the consumer market by including features and hardware such as full HD 720p recording, augmented reality and OpenGL support for a better gaming experience.

For an entire view of the slides that detail more about each device, be sure to visit CrackBerry for the lineup.

Trojan Horse For Android Listens To And Stores Credit Card Numbers

Once again, Android is in the limelight for malware, this time it’s a trojan horse installed on the device that is triggered by outgoing calls, that has the ability to store credit card numbers that are input either via touch tone (DTMF decoding) or by analysing voice input and then converting it to text. The application, Soundminder, is a relatively small application weighing in at just over 1MB and uses minimal permissions to capture, store and analyse any information that is input via voice or the dial-pad. It takes roughly 15 seconds to convert the voice audio into actual numbers and then the information is stored to be used at a later time. Enter the partner in crime to Soundminder, Deliverer. Deliverer is a tiny application that uses network permissions to transfer the captured information to a hosted server so the attacker can view the credit card numbers.

Together, the applications use a covert method of transferring the data back and forth. Since Android uses sandboxing and separate user accounts for each running process, it is very hard for applications to share information without explicitly requesting permissions. Since Soundminder has write access to certain hardware, it can adjust device settings such as LCD timeout, ringer volume and other seemingly innocuous values. Deliverer can then read the values, obtain the information and send the stored credit card numbers to an attacker.

Soundminder has less invasive permissions than other applications in the Android Market, so it would be extremely easy for a user to assume it to be safe and install it. Hopefully Google can find a way to list permissions on a lower item level, so users can see exactly what API calls an app has access to.

See below for the video.

Motorola Gets Questioned About Their Locked Down Bootloader

If you can remember when the Motorola Milestone launched, which was ages ago in the technology world, it came with chip technology called “e-Fuse”. For all intents and purposes, this was a blatant attempt by Motorola to stop hackers and developers from booting custom firmware on their devices and protecting their own intellectual property, such as MotoBLUR. Some of the reasons that people purchase Android devices, is solely because they have much more open access to the hardware than they would compared to an iPhone, Windows Phone 7 or webOS device. HTC seems to understand this and provides a way for users to unlock their devices albeit forgoing their warranty. Perhaps this is why Google chose HTC as their OEM for the Nexus One and it was a big hit with the community.

Today, a user posted a question to Motorola’s YouTube account asking about dock support for the up and coming Atrix 4G. The poster was met with a response – @tdcrooks if you want to do custom roms, then buy elsewhere, we’ll continue with our strategy that is working thanks. Moments after the AndroidCentral member posted it to their forums, Motorola removed all the comments off their page and started on damage control.

They posted up a Note on their Facebook page apologizing for the comment made by one of their employees. They are also claiming that there will be a work-around for their future devices in order to allow developers to use devices “as a development platform” but still giving them the ability to “protect our users’ interests”. Keeping in mind that because Texas Instruments has eFuse embedded in a lot of their chips, Motorola does have the power to re-program the “fuse” on the fly – this means that Motorola could ship out binaries to requesting developers, which would allow them to bypass the fuse and give them lower level access to the hardware.

There are many choices out there if you’re looking for an Android handset. If you disagree with the practices of Motorola, the best option would be to vote with your wallet.

Apple Pushing Out iOS 4.3 Beta 2 To Developers

Just as you would expect with any modern smartphone sold nowadays, continued support is in very high demand, namely software support and updates. Unlike Android, iOS has very controlled hardware that it runs on and only devices sanctioned (read: designed and built) by Apple get the thumbs up for iOS. This gives Apple the great ability to control the user experience and control what features a user has access to and what they don’t.

With the update of iOS 4.3b2, developers should expect a slew of new features including the ability to create a personal hotspot on the device (for WiFi tethering) and some new API for gesture control. Apple has indicated that end-users may not be getting gesture support once 4.3 goes live and it is mainly for developers to test their applications, implement gesture support or ensure that their code does not conflict with any changes.

You can register as a developer (you’ll need to fork over $99 while doing that) to get access to this beta directly from Apple and you’ll receive access to the firmware images that support the Apple TV, iPad, iPhone 4 and 3GS as well as the 3rd and 4th generation iPod Touch. As always, the XCode and Apple SDK are available to download as well.

Most users will want to stay on the carrier supported release, since this is technically beta firmware and is aimed at developers who want to get a jump on gesture controls and any other API calls that Apple has added in.

It’s rumoured that the 3rd beta will be released within a few weeks and should be the final seed before iOS 4.3 is release sometime in February.

Microsoft Developer Blogger Shows Easy Sniffing Of WP7 Traffic

Do you fancy investigating any traffic being sent in and out of your Windows Phone 7 device? Aside from the more involved method of using a packet sniffer on your phone or capturing the data over a wireless connection and decrypting it, a member of the Microsoft Developer Network (MSDN) has gone ahead and given some extremely straight forward steps on how to set up a man-in-the-middle proxy to capture and store all HTTP and HTTPS traffic. How it works is very simple – Fiddler, a web debugging proxy, is run on a Windows PC and acts as an intermediary gateway to the outside world, once you configure your device to pass information through it, Fiddler will capture, display and allow you to modify the passing traffic.

What legitimate use case could this have? Well it’s useful for developers who are writing apps, however it’s especially useful for enterprising hackers, do-it-yourselfers and anybody else who is concerned about the information that apps are uploading. Microsoft does have very stringent rules for allowing applications into the Marketplace, but as we’ve seen before with the Apple AppStore and the Android Market, sometimes things either slip through the cracks or are obfuscated enough that the QA team is fooled which allows the malicious code to go live. With Fiddler, you can see full HTTP streams and if you do choose to install the SSL certificate – all HTTPS encrypted traffic can be re-signed using the cert and then decrypted at will.

While most developers will be using the emulator to do the majority of their development work, when it comes to real deployment and users who want to get started in monitoring their device traffic, they should visit the post on the MSDN Blog by Eric Lawrence and follow the provided instructions.

RIM Releases Security Advisory For DoS Against BES And Devices

RIM has carved the way with enterprise security and holds a high amount of corporate users in the mobile market, but every now and then they encounter speed bumps that might come in the form of support issues, bugs and security vulnerabilities. While Blackberry doesn’t see near the amount of publicly disclosed weaknesses as other mobile platforms such as Android or webOS, RIM does regularly audit and push updates to BES, BIS and client device software aimed at closing and mitigating possible security risks related to their software. KB24547 is a security advisory that RIM published late in 2010, indicating the existence of a vulnerability pertaining to the PDF rendering and control engine of the attachment service in BES 5.x as well as third party applications that utilise BES core, such as Microsoft Exchange, IBM Lotus Notes Domino and Novell GroupWise.

The advisory details the susceptibility of BES to a possible buffer overflow leading to a Denial-of-Service on a hand-held device. For the vulnerability to be successfully exploited, an attacker would need to have a Blackberry user, with an account tied to a BES, open a modified PDF file. The PDF would be “filtered” through the attachment service and may allow an attacker to execute code on the BES hosting server or hang the machine. RIM has marked it extremely high, with a CVSS (Common Vulnerability Scoring System) score of 9.3 out of 10. It is recommended that all BES administrators obtain the Interim Security Software Update to ensure they are protected.

In addition to the BES vulnerability, RIM has released an advisory for a client-side DoS affecting hand-held Blackberry devices. While the CVSS score is a relatively low 5 out of 10, RIM recommends that all users ensure they are running the most up to date version of their device software. The vulnerability affects many devices running OS 5.0.0.x and causes the browser to hang while processing a specially crafted web page, forcing the user to reboot the device. Advisory KB24841 was issued less than a week ago and affects many devices including the Blackberry Bold 9700, the Tour 9630 and the Curve 9300.

Researchers Put The iPhone Audio Port To Proper Use

Researchers at the University of Michigan have been working away at putting the 3.5mm audio port on the iPhone to many other uses other than playing music, including the ability to display EKG readings on the 3.5″ Retina Display. While this isn’t one of the first products we’ve seen that extends the functionality of an iPhone using the audio port, it certainly is one of the most interesting. The code for interfacing with the “HiJack” is free, open source and available under the BSD licensing scheme. The research team has advised that they will be reviewing project proposal ideas and providing 20 project-taskers with hardware in order to develop and continue research.

This project provides developers, DIY’ers and other researchers access to external hardware without going through the Dock Connector API and without jailbreaking the device, all for the extremely cheap (if done in large volumes) price of $2.34 for the hardware.

Apple App Store To Serve Up 10 Billion Downloads Soon

If you’re one for trumpeting numbers, you ought to know that according to the flip-clock counter that Apple has put up, presumably indicating the number of downloads and not an interval clock, the App Store is soon to hit the 10 billion mark. That’s 10 billion downloads, no word on it being unique downloads, re-purchases or previously downloaded material or if there’s any other number fudging going on, but it is what it is. To commemorate such a glorious event, Apple is giving users the chance to win a $10,000 USD iTunes gift card. Download the ten billionth app for your chance to win. Of course, if you don’t own an Apple device capable of accessing the App Store, you can simply fill out an entry form for your chance to win – no downloads or purchases necessary and you can actually submit it a maximum of 25 times per day.

Good luck to any readers who enter!

Ovi Store Receives Fit And Finish Update

Let’s face it, the Ovi Store might not really stack up to some of the offerings from the competition, fortunately, the folks at Nokia are working away at making it a better experience for users. Today, the Ovi Store got a small update that polishes things up just a bit more by adding the much needed feature of spelling correction. Text input on a mobile device can be a bit finicky, by using intelligent search correction, the Ovi Store can correct your spelling and search for the most relevant item you are looking for.

The update also brings the addition of Hindi and Arabic languages to the S40 client, which also receives an update that packages up a brand new UI that makes it easier for users to locate and download apps, games, themes and music. The updates are live now and are a welcomed addition to the growing Ovi Store. Visit the Nokia Ovi Blog for the official word.

Nokia’s AT&T X7 Gets Pictured

More pictures of the Nokia X7 have surfaced over at Pocketnow. This time around, a full “360” style image shows off the 4 speaker grilles and the 8 megapixel camera along with the dual LED flash. The AT&T logo sits loud and proud on the front upper portion of the X7, which is a clear indication that this music-centric device should be headed to the big blue carrier soon.

Unlike the N8 and E7, the X7 lacks an HDMI-out port but continues along with the same styling and design cues and seems to forgo a user-accessible battery for the sealed, monoblock aluminium body instead. The pictures indicate a volume rocker and dedicated camera key on the right side, both the SIM card slot and microSD card slot are covered by hard doors on the left side of the device, the bottom is bare save for a tiny microphone hole and the top houses the microUSB charge/sync port, a 3.5mm headphone jack and what looks to be an angular power button.

Although the X7 shares extremely similar internals at the E7 and N8, it has a newer and updated version of Symbian^3 as indicative of the 4 home screens available to the user. No word of a price or launch date on this yet, but sporting a carrier logo means it might be in the final stages of testing.