All posts by Simon LR

Entire CDMA BlackBerry Lineup Leaked

If GSM isn’t your thing and the previously leaked BlackBerry devices don’t interest you, you should be pleased to know that the folks at CrackBerry have turned up what looks to be the entire 2011 CDMA device lineup from RIM.

In what is titled “NARC BlackBerry Roadmap” and stamped as “Strictly Confidential” 7 different devices are indicated along with they respective estimated launch/availability dates. Of course, the PlayBook is shown for the next quarter of 2011 and will be the first tablet   device from RIM to use their new QNX-based platform.

The presentation slides detail upcoming smartphone devices such as the Montana, Monaco and Malibu – a series of new touch screen smartphones that will be sporting BlackBerry 6.1 along with what RIM is calling BlackBerry Evolution 6, a highly integrated and seamless user experience with social networking, universal search as well as HTML5 and NFC capabilities.

It is quite clear that RIM hopes to push further and further into the consumer market by including features and hardware such as full HD 720p recording, augmented reality and OpenGL support for a better gaming experience.

For an entire view of the slides that detail more about each device, be sure to visit CrackBerry for the lineup.

Trojan Horse For Android Listens To And Stores Credit Card Numbers

Once again, Android is in the limelight for malware, this time it’s a trojan horse installed on the device that is triggered by outgoing calls, that has the ability to store credit card numbers that are input either via touch tone (DTMF decoding) or by analysing voice input and then converting it to text. The application, Soundminder, is a relatively small application weighing in at just over 1MB and uses minimal permissions to capture, store and analyse any information that is input via voice or the dial-pad. It takes roughly 15 seconds to convert the voice audio into actual numbers and then the information is stored to be used at a later time. Enter the partner in crime to Soundminder, Deliverer. Deliverer is a tiny application that uses network permissions to transfer the captured information to a hosted server so the attacker can view the credit card numbers.

Together, the applications use a covert method of transferring the data back and forth. Since Android uses sandboxing and separate user accounts for each running process, it is very hard for applications to share information without explicitly requesting permissions. Since Soundminder has write access to certain hardware, it can adjust device settings such as LCD timeout, ringer volume and other seemingly innocuous values. Deliverer can then read the values, obtain the information and send the stored credit card numbers to an attacker.

Soundminder has less invasive permissions than other applications in the Android Market, so it would be extremely easy for a user to assume it to be safe and install it. Hopefully Google can find a way to list permissions on a lower item level, so users can see exactly what API calls an app has access to.

See below for the video.

Motorola Gets Questioned About Their Locked Down Bootloader

If you can remember when the Motorola Milestone launched, which was ages ago in the technology world, it came with chip technology called “e-Fuse”. For all intents and purposes, this was a blatant attempt by Motorola to stop hackers and developers from booting custom firmware on their devices and protecting their own intellectual property, such as MotoBLUR. Some of the reasons that people purchase Android devices, is solely because they have much more open access to the hardware than they would compared to an iPhone, Windows Phone 7 or webOS device. HTC seems to understand this and provides a way for users to unlock their devices albeit forgoing their warranty. Perhaps this is why Google chose HTC as their OEM for the Nexus One and it was a big hit with the community.

Today, a user posted a question to Motorola’s YouTube account asking about dock support for the up and coming Atrix 4G. The poster was met with a response – @tdcrooks if you want to do custom roms, then buy elsewhere, we’ll continue with our strategy that is working thanks. Moments after the AndroidCentral member posted it to their forums, Motorola removed all the comments off their page and started on damage control.

They posted up a Note on their Facebook page apologizing for the comment made by one of their employees. They are also claiming that there will be a work-around for their future devices in order to allow developers to use devices “as a development platform” but still giving them the ability to “protect our users’ interests”. Keeping in mind that because Texas Instruments has eFuse embedded in a lot of their chips, Motorola does have the power to re-program the “fuse” on the fly – this means that Motorola could ship out binaries to requesting developers, which would allow them to bypass the fuse and give them lower level access to the hardware.

There are many choices out there if you’re looking for an Android handset. If you disagree with the practices of Motorola, the best option would be to vote with your wallet.

Apple Pushing Out iOS 4.3 Beta 2 To Developers

Just as you would expect with any modern smartphone sold nowadays, continued support is in very high demand, namely software support and updates. Unlike Android, iOS has very controlled hardware that it runs on and only devices sanctioned (read: designed and built) by Apple get the thumbs up for iOS. This gives Apple the great ability to control the user experience and control what features a user has access to and what they don’t.

With the update of iOS 4.3b2, developers should expect a slew of new features including the ability to create a personal hotspot on the device (for WiFi tethering) and some new API for gesture control. Apple has indicated that end-users may not be getting gesture support once 4.3 goes live and it is mainly for developers to test their applications, implement gesture support or ensure that their code does not conflict with any changes.

You can register as a developer (you’ll need to fork over $99 while doing that) to get access to this beta directly from Apple and you’ll receive access to the firmware images that support the Apple TV, iPad, iPhone 4 and 3GS as well as the 3rd and 4th generation iPod Touch. As always, the XCode and Apple SDK are available to download as well.

Most users will want to stay on the carrier supported release, since this is technically beta firmware and is aimed at developers who want to get a jump on gesture controls and any other API calls that Apple has added in.

It’s rumoured that the 3rd beta will be released within a few weeks and should be the final seed before iOS 4.3 is release sometime in February.

Microsoft Developer Blogger Shows Easy Sniffing Of WP7 Traffic

Do you fancy investigating any traffic being sent in and out of your Windows Phone 7 device? Aside from the more involved method of using a packet sniffer on your phone or capturing the data over a wireless connection and decrypting it, a member of the Microsoft Developer Network (MSDN) has gone ahead and given some extremely straight forward steps on how to set up a man-in-the-middle proxy to capture and store all HTTP and HTTPS traffic. How it works is very simple – Fiddler, a web debugging proxy, is run on a Windows PC and acts as an intermediary gateway to the outside world, once you configure your device to pass information through it, Fiddler will capture, display and allow you to modify the passing traffic.

What legitimate use case could this have? Well it’s useful for developers who are writing apps, however it’s especially useful for enterprising hackers, do-it-yourselfers and anybody else who is concerned about the information that apps are uploading. Microsoft does have very stringent rules for allowing applications into the Marketplace, but as we’ve seen before with the Apple AppStore and the Android Market, sometimes things either slip through the cracks or are obfuscated enough that the QA team is fooled which allows the malicious code to go live. With Fiddler, you can see full HTTP streams and if you do choose to install the SSL certificate – all HTTPS encrypted traffic can be re-signed using the cert and then decrypted at will.

While most developers will be using the emulator to do the majority of their development work, when it comes to real deployment and users who want to get started in monitoring their device traffic, they should visit the post on the MSDN Blog by Eric Lawrence and follow the provided instructions.

RIM Releases Security Advisory For DoS Against BES And Devices

RIM has carved the way with enterprise security and holds a high amount of corporate users in the mobile market, but every now and then they encounter speed bumps that might come in the form of support issues, bugs and security vulnerabilities. While Blackberry doesn’t see near the amount of publicly disclosed weaknesses as other mobile platforms such as Android or webOS, RIM does regularly audit and push updates to BES, BIS and client device software aimed at closing and mitigating possible security risks related to their software. KB24547 is a security advisory that RIM published late in 2010, indicating the existence of a vulnerability pertaining to the PDF rendering and control engine of the attachment service in BES 5.x as well as third party applications that utilise BES core, such as Microsoft Exchange, IBM Lotus Notes Domino and Novell GroupWise.

The advisory details the susceptibility of BES to a possible buffer overflow leading to a Denial-of-Service on a hand-held device. For the vulnerability to be successfully exploited, an attacker would need to have a Blackberry user, with an account tied to a BES, open a modified PDF file. The PDF would be “filtered” through the attachment service and may allow an attacker to execute code on the BES hosting server or hang the machine. RIM has marked it extremely high, with a CVSS (Common Vulnerability Scoring System) score of 9.3 out of 10. It is recommended that all BES administrators obtain the Interim Security Software Update to ensure they are protected.

In addition to the BES vulnerability, RIM has released an advisory for a client-side DoS affecting hand-held Blackberry devices. While the CVSS score is a relatively low 5 out of 10, RIM recommends that all users ensure they are running the most up to date version of their device software. The vulnerability affects many devices running OS 5.0.0.x and causes the browser to hang while processing a specially crafted web page, forcing the user to reboot the device. Advisory KB24841 was issued less than a week ago and affects many devices including the Blackberry Bold 9700, the Tour 9630 and the Curve 9300.

Researchers Put The iPhone Audio Port To Proper Use

Researchers at the University of Michigan have been working away at putting the 3.5mm audio port on the iPhone to many other uses other than playing music, including the ability to display EKG readings on the 3.5″ Retina Display. While this isn’t one of the first products we’ve seen that extends the functionality of an iPhone using the audio port, it certainly is one of the most interesting. The code for interfacing with the “HiJack” is free, open source and available under the BSD licensing scheme. The research team has advised that they will be reviewing project proposal ideas and providing 20 project-taskers with hardware in order to develop and continue research.

This project provides developers, DIY’ers and other researchers access to external hardware without going through the Dock Connector API and without jailbreaking the device, all for the extremely cheap (if done in large volumes) price of $2.34 for the hardware.

Apple App Store To Serve Up 10 Billion Downloads Soon

If you’re one for trumpeting numbers, you ought to know that according to the flip-clock counter that Apple has put up, presumably indicating the number of downloads and not an interval clock, the App Store is soon to hit the 10 billion mark. That’s 10 billion downloads, no word on it being unique downloads, re-purchases or previously downloaded material or if there’s any other number fudging going on, but it is what it is. To commemorate such a glorious event, Apple is giving users the chance to win a $10,000 USD iTunes gift card. Download the ten billionth app for your chance to win. Of course, if you don’t own an Apple device capable of accessing the App Store, you can simply fill out an entry form for your chance to win – no downloads or purchases necessary and you can actually submit it a maximum of 25 times per day.

Good luck to any readers who enter!

Ovi Store Receives Fit And Finish Update

Let’s face it, the Ovi Store might not really stack up to some of the offerings from the competition, fortunately, the folks at Nokia are working away at making it a better experience for users. Today, the Ovi Store got a small update that polishes things up just a bit more by adding the much needed feature of spelling correction. Text input on a mobile device can be a bit finicky, by using intelligent search correction, the Ovi Store can correct your spelling and search for the most relevant item you are looking for.

The update also brings the addition of Hindi and Arabic languages to the S40 client, which also receives an update that packages up a brand new UI that makes it easier for users to locate and download apps, games, themes and music. The updates are live now and are a welcomed addition to the growing Ovi Store. Visit the Nokia Ovi Blog for the official word.

Nokia’s AT&T X7 Gets Pictured

More pictures of the Nokia X7 have surfaced over at Pocketnow. This time around, a full “360” style image shows off the 4 speaker grilles and the 8 megapixel camera along with the dual LED flash. The AT&T logo sits loud and proud on the front upper portion of the X7, which is a clear indication that this music-centric device should be headed to the big blue carrier soon.

Unlike the N8 and E7, the X7 lacks an HDMI-out port but continues along with the same styling and design cues and seems to forgo a user-accessible battery for the sealed, monoblock aluminium body instead. The pictures indicate a volume rocker and dedicated camera key on the right side, both the SIM card slot and microSD card slot are covered by hard doors on the left side of the device, the bottom is bare save for a tiny microphone hole and the top houses the microUSB charge/sync port, a 3.5mm headphone jack and what looks to be an angular power button.

Although the X7 shares extremely similar internals at the E7 and N8, it has a newer and updated version of Symbian^3 as indicative of the 4 home screens available to the user. No word of a price or launch date on this yet, but sporting a carrier logo means it might be in the final stages of testing.