Smartwatch Hacked, how to access data exchanged with Smartphone

Security experts at BitDefender demonstrated how is possible to access data exchanged between a smartwatch and a smartphone via Bluetooth.

The paradigm of Internet of Things is influencing modern society and the way it approaches the technology in everyday life.
An impressive amount of Intelligent devices surround us, but often we ignore the repercussion in term of security and privacy. The IoT devices are designed to improve our experience with technology, but we must consider thta they enlarge our surface of attack.

Today we will discuss the risk related to the use of a Smartwatch that is able to dialog with an Android smartphone.

A group of security researchers at BitDefender have demonstrated that the data sent between the Smartwatch and the Android mobile phone could be intercepted by an attacker that could be able to decode users’ data, including text messages to Google Hangout chats and Facebook conversations.

The attack is possible because the security of a Bluetooth communication between most Smartwatches and Android devices relies on a PIN code composed by six digits. But a secret code composed of six-digit has a “key space” composed of one million of possible key combinations, the bad news is that is can be quite easy to brute-force the code to access data exchanged on the secure communication.

The flaw is serious if we consider the rapid diffusion of smartwatch, and more in general of smart devices that use similar communication channels and mechanism to protect them.

The experts at Bitdefender made a proof-of-concept hack against a Samsung Gear Live smartwatch and a paired Google Nexus 4 handset running the super secure Android L Preview. The researcher demonstrated how to hack the communication by using sniffing tools available, the team was able to discover the PIN used to protect the Bluetooth connection between the smartwatch and the smartphone device.

Basically, the attacker tried all possible combinations of PIN value until finding the correct one that allowed them to monitor the data stream between the devices.

To mitigate the attack, the experts suggest adoption of NFC pairing procedure in pin code exchange or the use of passphrases. The first suggestion required the adoption of NFC devices that add a supplementary layer of encryption at the application level, but this has an impact battery life due to extra encryption computations.

“Part of the mitigation process involves using NFC pairing when sending the pin code or the use of pass-phrases. Of course, there’s always the option of adding a secondary layer of encryption at the application level, but this might shorten battery life due to extra encryption computations.” states the blog post published by BitDefender.

The experts also highlighted that Over-the-air Bluetooth encryption is handled by the baseband co-processor, that is present in the majority of Android devices, but this baseband co-processor can be tampered with via over-the-air updates.

“Our research involved analyzing the raw traffic before being sent over the air via the baseband co-processor. This means that relying only on baseband co-processors to handle the encryption is not a fool-proof security mechanism. It also raises the question of how easy it is for someone to update the firmware on the baseband co-processor once a vulnerability is disclosed.”

Mac OS X is no longer immune, reveals Kaspersky’s 2014 Malware countdown

Apple’s Mac OS X is no longer immune to malware and bugs says Kaspersky Security Lab.A survey of 2014 reveals that more malware attacks targeted Mac.

For years, Mac OS X has been flaunted as the most immune OS to malwares and bugs. Well, the reign of Mac might end in 2014, with users’ on the receiving end of over 1,499 new malicious programs, which is just a fraction of the 3,693,936 malwares targeted on Mac users, according to a 2014 security bulletin by a Russian anti-virus and internet security firm Kaspersky Labs.

“Over the past few years, we’ve discovered more and more malicious samples targeting Mac devices. Yet, there still remains a common misconception that Mac OS X is safe from malware and viruses,” said David Emm, principal security researcher at Kaspersky Lab.

Adware top the list of 20 most malicious programs targeted on Mac OS users. Adware are spread through legitimate programs downloaded from App stores rather than buying from official websites of the developers. Once installed on the computer, the adware can add advertising extensions to browsers, change the default search engine among a host of other malicious activities says Kaspersky.

The 2014 malware countdown won’t be complete without WireLurker malware which freaked out millions of Mac users earlier this year. The malware which originated from Chinese App store, Trojanized over 467 App and infected over 300,000 Apple users.

“WireLurker malware not only threatened OS X itself, but also used Macs as a carrier to get to iOS devices connected to the infected Mac,” notes Kaspersky

Other notable malware threats to Mac users as reported by Kaspersky include;

• OSX.Callme- a malicious program distributed through MS word, which gave online fraudsters remote back door access to a system while at the same time propagating itself to all listed contacts on the compromised machine.
• OSX.Laoshu- malicious program which makes screenshots every minute. The malware is signed by the trusted certificate of the developer therefore eluding many anti-malware programs in the victim’s system.
• Trojan spyware with a remote control function that enabled hackers to intercept key strokes
• Trojan-Spy.OSX.CoinStealer – a one of its kind malicious programs designed to steal bitcoins for OS X. It imitates different bitcoin utilities built from open source code while it installs a malicious browser extension and/or a patched version of bitcoin-qt.

Geographically, Mac users in US suffered the most malware infections in 2014, leading the pack at 39.14%, followed by Germany 12.56%, Japan 5.51% UK 5.49% Russia 4.87% and France 3.69% of all reported infections.

Its terms of vulnerabilities, ShellShock is probably the bug of the year for Mac OS X users. The bug is coding mistake Bash, a software originally authored by Brian fox in the 70’s. Shellshock affected all Unix based operating systems including Apple Mac OS X, Linux and GNU. It allowed a malicious hacker to gain full control of a compromised system without a password or encryption key.

In such a precarious environment, Mac OS X users can no longer afford to be complacent in terms of keeping up with security updates and fortifying the defense mechanism.

“The myth of Mac OS X being invulnerable no longer stands true, and as cyber criminals continue to evolve their attack methods, users should also evolve by taking the necessary steps to bolster security on their Mac devices,” said Emm.

Kaspersky 2014 bulletin listed Oracle Java as the most vulnerable application used by fraudsters to spread malwares to users. Oracle Java accounted for 45% of malware sent to users, a significant drop from 90% last year. Other vectors include Browsers, Adobe Reader, Adobe flash player and Microsoft office.

Kaspersky is also cautioned users against a growing threat on mobile users. In 2014 alone, the antivirus firm blocked at least 1,363,549 unique attacks on mobile user compared to 335,000 attacks recorded last year. This trend is expected to continue in 2015 with more mobile banking Trojan expected in the coming year.

“In 2014 mobile malware focused on financial issues: the number of mobile banking Trojans was nine times greater than in the previous year and development in this area is continuing at an alarming rate,” said Roman Unuchek, senior mobile malware analyst at Kaspersky Lab.

Take care of Recovery Key for Apple Two-step verification system to avoid permanently lock Apple account

If you lose your recovery key with two-step verification Apple can’t help you.By forgetting Recovery Key could completely lock a person out of their account
More that one year ago Apple has introduced the two-step verification system to implement a two-factor authentication process and improve security for Apple IDs. Since March 2013 Apple has progressively extended the two-step verification system to other countries and has introduced the feature to protect other services offered by the company, including the Apple iCloud for which the feature was added in September after the Fappening case. In September, the CEO Tim Cook announced the imminent implementation of a two-factor authentication mechanism to protect the access to the iCloud service from a mobile device that was effective with the iOS 8.0.

The login to iCloud service from iPhones and iPads will be allowed to users is possession of the couple Apple ID and password, plus the an authentication code sent to the device through SMS or generated at the time of sign-up. Tim Cook highlighted the great importance reserved by Apple to the user’s privacy, confirming that the company will do even more to protect user’s data.

The two-step verification system requires a user to provide the number of a second “trusted” device that is used to verify the user’s identity in addition to an extra security code called the “Recovery Key”. The reporter at The Next Web’s Owen Williams explained that the Recovery Key mechanism could cause completely lock a person out of their Apple account if they’re being hacked.

Williams discovered that someone had tried to hack his Apple iCloud account despite the Apple’s two-step verification system. The mechanism correctly avoided the unauthorized access to the system and blocked the account, unfortunately, denying both the would-be hacker and Williams access it.

“Earlier this week, a strange message popped up on my Mac that I thought nothing of. “You can’t sign in because your account was disabled for security reasons.” I dismissed it in my tired haze, thinking it would solve itself and went to sleep.” states the post on TheNextWeb.

two-step verification system user lock-out

The reporter then tried to recover the password with the Apple iForgot procedure. To unlock the account, it is requested to provide Recovery Key or the number of a trusted device as he was led to believe by an Apple Support document, but he was wrong.

“The Apple support page relating to lockouts assured me it would be easy to recover my account with a combination of any two of either my password, a trusted device or the two-factor recovery key. When I headed to the account recovery service, dubbed iForgot, I discovered that there was no way back in without my recovery key. That’s when it hit me; I had no idea where my recovery key was or if I’d ever even put the piece of paper in a safe place. I’ve moved since I set up two-factor on iCloud.” states the post.

two-step verification system user lock-out 2



Unfortunately, Williams was not able to retrieve a screenshot or a print copy of the Recovery Key he had taken for extra safekeeping, then he contacted the Apple customer support and was told that there was no way Apple could help him despite he offered a scan of his government ID, his trusted devices and other proof that it was him.

In a second call, he made to the support he received the following reply:

“We take your security very seriously at Apple” she told me “but at this time we cannot grant you access back into your Apple account. We recommend you create a new Apple ID.”

After a couple more days of talking to Apple customer support, the reporter discovered that it was impossible to unlock the account without a Recovery Key even though Apple’s support document explains that it is possible with a trusted device.

Williams shared with the web his experience, warning the reader on possible consequences in managing Apple Recovery Key for the two-step verification system. Williams explained that losing the recovery key could permanently lock a user out of their Apple ID with Apple unable to do anything to help.

“I know it was stupid that I’d lost the recovery key but I’d set it up so long ago I couldn’t remember where it would conceivably be. There’s only so many things I can keep track of. Besides, I figured I’d be able to use trusted device to get out of a mess like this.” he said.

Manage your two-step verification system now, before an attack will force you to do it in difficult conditions.

92% Indian youths share personal info online: McAfee

NEW DELHI: As many as 92% of Indian youths were found to have shared private information online despite being aware that this is risky, according to a report. 

Sharing email IDs, phone numbers and home addresses on social networks and other websites poses a risk to the identity, but that does not seem to deter a majority of Indian youths as 70% of them share such details freely. 

These shocking numbers are part of the annual study — named Tweens, Teens and Technology 2014 — conducted by Intel's security arm 
McAfee, which examines online behaviour and social networking habits of Indian tweens (8-12 years) and teens (13-17 years). 

The number of youngsters that trust the virtual world and interact with strangers registered a whopping increase of 36% this year, to 53% from 17% last year, according to the study. 

In fact, as many as 51% of those polled do not care about their online privacy at all, according to the report. In the same manner, they also do not care about their location being shared as 63% of youth do not turn off their location or GPS services across apps. 

McAfee polled a total of 1,422 youngsters across seven cities, including Delhi, Mumbai, Bangaluru, Chennai, Hyderabad, Ahmedabad and Pune for this study. 

Another shocking revelation from the study is that 52% of the Indian youths access their social media accounts at schools, with tweens (57%) being more active than the teens (47%). Shockingly, even though the minimum age to register on social networking sites such as Facebook, Snapchat, Pinterest, Tinder, Tumblr, and Vine is 13, children aged 10-12 years access them more regularly than teenagers. 

Another big concern is that more than 60% of youngsters create fake profiles to be accepted virtually. Citing an example, Dr Sunil Mittal, a psychiatrist, shared how a 14-year-old girl set up a fake profile, projecting herself as someone totally different just to be accepted socially. She eventually tried to commit suicide when her second profile too was not 'socially accepted'. Mittal said a big reason for such behaviour was identity crisis which happens when children start idolizing through movies and advertisements. 

Lack of online safety leads to consequences such as cyberbullying, which has surfaced with alarming figures. According to the McAfee report, two out of three polled youngsters had some experience with cyberbullying and an overwhelming number said they would not know what to do if they were harassed online. 

Whatever goes on in the lives of teens virtually has a spillover effect in their real lives too. About 46% of youths have gotten into trouble at home or school as a result of being on a social networking website, said the report. 

According to McAfee researchers, parents need to play a bigger, more proactive role in protecting their children from the perils of virtual world. While 46% of the polled parents said they have had a conversation with their kids about online safety, as many as 52% said they simply didn't care, as per the report. Lack of tech savviness is the biggest reason behind this ignorance. 

One way to protect children from cyberrisks is to be involved in their lives and make sure that the communication lines with them always remain open, feel the experts. Parents also need to know about the various devices and latest social networks their kids are using. 

According to experts, the parents must have access to children's social media accounts and passcodes to devices at all times."Parents must not be very strict and try to be friends with their children so that they are comfortable enough to share their problems with them," says Anindita Mishra, McAfee Cybermum (a title given by the company). 

"Teens love it when you treat them like an adult or ask for their opinion and eventually they start trusting you too," she adds. 

She also says that it is highly important to make children aware about the threats the virtual world poses and it has become very important for schools to conduct sessions on this issue.

Fraudsters using New Tactics, Warn Cyber Experts

PUNE: Cyber criminals are employing new tactics to manipulate victims' data and steal money from their bank accounts, cyber security experts said on Saturday.

Customers need to watch out for skimmers fitted in ATM machines. Besides, they should never hand over their debit cards to unknown persons or share details like PIN with strangers, experts say.

The Kaspersky Lab recently performed a forensic investigation into cyber-criminal attacks targeting multiple ATMs around the world. During the course of this investigation, the Lab's researchers discovered a piece of malware infecting ATMs that allowed attackers to empty the cash machines via direct manipulation. Interpol alerted the affected member countries, including India, and is assisting ongoing investigations.

"They work at night - only on Sundays and Mondays. Without inserting a credit card into the ATM slot, they enter a combination of digits on the ATM's keyboard, make a call to receive further instructions from an operator, enter another set of numbers and the ATM starts giving out cash," said Kaspersky Lab experts.

Cyber experts said that fraudsters fit skimmers in ATM machine slots. Besides, fraudsters mount cameras above ATM keypads to know the user PIN. "At times, insiders collude with employees of the company that issues the cards," experts from Symantec said.

Experts have also warned about how victims of ATM frauds at times fail to get a cash withdrawal alert on their mobile phones. A cybercrime scrutiny expert said that in several internet banking frauds, the cybercriminals usually have insiders in the mobile company as well as the bank. The insider within a bank may provide the fraudster with information such as the 'fattest' account in the bank, the account number, user ID, the registered mobile number and even the prospective victim's know your customer documents.

The fraudster now knows the mobile company whose services the victim is using and arranges for an insider in that company to get the victim's KYC details.

The fraudster then uses these bogus documents to have another SIM card issued to him. Once the second SIM card is issued to the fraudster and is activated, the first one in the victim's phone automatically gets deactivated.

'I'm Proud to Be Gay,' says Apple CEO Tim Cook

Apple CEO Tim Cook says he's proud to be gay.

The public declaration, in an essay written for Bloomberg Businessweek, makes Cook the highest-profile business CEO to come out as gay.

Cook said that while he never denied his sexuality, he never publicly acknowledged it, either. The executive said that for years he's been open with many people about his sexual orientation and that plenty of his Apple colleagues know he is gay.

Cook wrote in the column published on Thursday that it wasn't an easy choice to publicly disclose that he is gay, but that he felt the acknowledgement could help others.

"I've come to realize that my desire for personal privacy has been holding me back from doing something more important," he wrote.

Microsoft enters smartwatch market with $200 Microsoft Band

Band isn't Microsoft exclusive: apps will allow it to work with Apple iPhones, Android, and Windows Phones

Microsoft confirmed what we all expected -- that it too, has a smartwatch that it wants you to wear 24/7, for work and for play, called the Microsoft Band. Looking as much like a hospital bracelet as anything else, the $200 Microsoft Band features a rectangular, 320 x106 TFT display that hovers over your wrist. Sensors -- a continuous optical heart monitor, GPS, UV sensor, and more -- track your activity while on the move and at rest, and send the data to what Microsoft calls the Intelligence Engine, aka Cortana's little brother. The Band is then designed to work with third-party apps developers, including MyFitnessPal, RunKeeper, and Starbucks -- which has developed a "payment" app of sorts. 

In all, Microsoft is calling the Band its flagship device of Microsoft Health, a reboot of sorts for a health initiative it tried to establish with products like HealthVault. If you choose, you can store the data the Band collects in HealthVault and share it with your medical provider. Otherwise, Microsoft sees the Band, and Health, as a new way to collect data about you that it can use to improve your day. 

How? Initially, Microsoft sees the Intelligence Engine as supplying suggestions on how long to recover from a workout, for example. Over time, the Engine will apparently be able to comment on whether eating breakfast will make you run faster and more effectively. It's unclear how the Engine will feed data into Cortana, but she's there: you'll be able to ask Microsoft's digital assistant to add calendar entries, for example, or dictate a text. And, of course, the Band will notify you about upcoming appointments, as your Windows Phone already does. 

"Imagine you've set the goal that you want to get fit and lose weight as part of your exercise routine," Zulfi Alam, general manager  of Personal Devices at Microsoft, said in a statement. "Based on your burn rate and exercise over one week, we will soon be able to auto-suggest a customized workout plan for you. As you follow that plan – or if you don't follow the plan – our technology will continue to adjust to give you the best outward-looking plan, like a real coach would do." 

Why this matters: A number of fitness bands already track your activity, even sleep. Fewer still, though, deliver messages calendar invites. And, barely any smartwatches beyond the Big Three -- Apple, Google, and now Microsoft -- provide any intelligence that helps you anticipate and plan your day. Microsoft's Intelligence Engine and Cortana appear to be the pair of intelligent technologies that Microsoft hopes will inspire you to plunk down $200, rather than opt for the aesthetics of the Apple Watch or Google's ecosystem. 

Open to all

But Band isn't Microsoft exclusive: apps will allow it to work with Apple iPhones (the iPhone 4S, 5, 5C, 5S, 6, 6 Plus running iOS 7.1 or later), Android (4.3 or 4.4) and Windows Phones (with the Windows Phone 8.1 Update). Those apps leaked out earlier on Wednesday.

Microsoft promises that the Band will last about 48 hours on a single charge, with functions like GPS lowering that somewhat. It will charge in about an hour and a half. Unfortunately, it's not waterproof, so swimmers will have to look elsewhere. But it will repel "splashes" and will work from 14 degrees up through 104 degrees. 

Specifically, the Band will include an optical heart rate sensor, a 3-axis gyrometer, GPS, ambient light sensor, skin temperature sensor, an ultraviolet light sensor, a galvanic skin sensor, and a capacitive sensor. The watch will monitor your heart rate 24/7, and assess whether you've been sleeping well. 

The band will record data without a data connection, then beam it your phone via Bluetooth. It won't make calls, but it will flash messages, emails, and even Facebook posts and Twitter tweets. And, of course, there's a microphone, to trigger Cortana. There's no speaker, however, so Cortana's information will be passed along via the screen. 

All in all, you'll find a lot of crossover between the features the Band offers and what other fitness bands and smartwatches offer. But the $200 Band is also available now, in three different sizes to fit different wrists. Microsoft also seems to be taking a page from Google in that it's promising that the Band will improve over time, specifically as it learns more about you. With the Microsoft Band, Microsoft appears to want to play seriously in the health market, while also providing a tool for your workday. It remains to be seen, however, whether Microsoft will leverage its other technologies -- its Xbox game console comes to mind -- to enhance its capabilities further. On paper, however, the Band certainly appears to be in the lead pack of smartwatches.

Nexus 6: Indepth Review

Nexus 6 release date, OS and design
Google has officially announced the Nexus 6 , an enormous
smartphone that could easily be mistaken for a tablet that acts as a
phone. It's basically a giant Moto X (2014) with some nifty new
features and beefed-up specs.
As expected, it's running Android 5.0 (aka Android Lollipop) and this
thing is huge. With a 5.9-inch display and at 10mm thick, the new
Nexus 6 is going to be quite a beast of a smartphone, and we're
liking the sound of that.
Why? First, the large QHD display is going to be great for watching
videos, reading stuff and looking at pictures. Second, the larger,
slightly thicker phone means bigger 3220mAh battery. Let's dig into
this thing, shall we?
Cut to the chase
What is it? Google's sixth iteration of its Nexus line
When is it out? Pre-orders start October 23 with it arriving in
November
What will it cost? Starts at $649 unlocked (around £400, AU
$700)
Nexus 6 release date and price
When is it coming? Soon! You'll be able to pre-order the Nexus 6
from the Google Play Store from October 23 for $649 in the US (that
means we're probably looking around £400, AU$700).
Yes, you read that price correctly. Why the sudden jump from what
used to be an affordable line of smartphones from Google? Well,
premium specs come with premium price tags.
Let's go back two years when the $350 Nexus 4 came as a shock to
everyone. How on earth could a phone be so cheap off contract?
The Nexus 5 didn't disappoint, either, with a bigger display, better
battery and arguably prettier design. Still affordable.
Now we've got this whopping $649 phone, but along with it comes a
massive 2560 x 1440 display. The only other phone to boast that
resolution is the 5.5-inch LG G3 .
Moreover, we've got an f/2.0 13MP camera on the back and a 3,220
mAh battery. Couple this with an Adreno 420, 2.7GHz processor and
3GB RAM in 32GB and 64GB packages and it's easy to see where
that price comes in.
Moreover, the battery technology is awesome. If its capacity weren't
beastly enough, it has a quick charge feature that allows you to get
about six hours of life on a 15-minute charge. This alone should be
enough to convince heavy Android power users to hop on the
bandwagon.
Android 5.0 Lollipop
The Nexus 6 is the first device running what's now known as
Android Lollipop (formerly Android L). There are still a host of
features that we're looking forward to digging into when Android 5.0
Lollipop drops, as we've only been able to preview the developer
version.
If you're wondering when other manufacturers, like HTC, Samsung
and LG, will update their flagship devices with Android 5.0, you can
probably start seeing it roll out anywhere between 1-3 months from
now.
Android 5.0 Lollipop release date, news and features
Hello, Moto
While the Nexus range of smartphones may generally carry the
search giant's name, the reality is Google doesn't actually build the
devices. Instead it leaves it to the professionals, with HTC, Samsung
and LG all producing Nexus devices in the past.
Motorola builds the Nexus 6, and like we said before, it looks like a
very large Moto X. If it weren't for the dramatic size, it could easily
be confused for a Moto X, except the back of the device has the
massive Nexus logo emblazoned on it.
So far, it looks like the Nexus 6 is going to come in black and white,
just like the Nexus 5 and Nexus 4 before it.
Moreover, if you're hoping for the same customization options as
the Moto X, you'll be out of luck. No Moto Maker for this Google
phone.
Nexus 6 design
While we've appreciated the simplicity and clean design of the Nexus
5, we're happy to see the Nexus 6 spiced up a little with the Moto X-
esque (say that out loud) design.
The display is quite large at 5.9 inches, but the height of the phone
is 159.3mm, which is just a touch taller than the 5.5-inch displayed
iPhone 6 Plus (158.1mm). It's impressive what you can do without a
big honking home button eating up so much phone real estate.
It is wider though, at 82.98mm and we've already mentioned the
chunky 10.06mm depth as well - there's no question about it, the
Nexus 6 will dominate your palm. At 184g it's also on the heavier
side, so you might want to strengthen your wrists before splashing
the cash here.
The front will likely have Corning Gorilla Glass, undoubtedly strong
and scratch-resistant as any other Android device. Don't confuse
that with being shatter-proof, however, as resilience to scratching
doesn't mean it won't crack.
The back has the same gentle slope of the Moto X (2014), and
appears to have a plastic, soft-touch finish. You'll find the 13MP
camera on the back there with a ring flash just like the Moto X,
power button on the right side along with the volume rocker.
Nexus 6 display, power, camera and more
Nexus 6 display
The display is big. At 5.9 inches, we're tempted to call this thing a
tablet more than a phone since chances of this thing fitting in your
pockets are slim. However, the Nexus 6's big display doesn't skimp
on resolution.
Its QHD, 2560 x 1440 AMOLED display with a 493ppi pixel density
will not disappoint, and you can start watching all your favorite
YouTube videos at those higher resolutions for the videos that
support it.
The smartphone that launched this QHD madness is the LG G3 , of
course, and it is beautiful. We'd imagine the Nexus 6 looking just as
good despite being slightly larger.
Nexus 6 power
Under the hood of the Nexus 6 you'll find a 2.7GHz Snapdragon 805
processor and Adreno 420 GPU, although the amount of RAM
stuffed inside the device still remains a mystery, although rumors
suggest it could be 3GB.
In short though, there's plenty of power here to keep Android
Lollipop ticking along nicely, and movies and games should look
great and run smoothly on the Nexus 6.
Nexus 6 camera
There's a slight concern with the 13MP camera on the Nexus 6 as
both the Nexus line and Motorola devices of yesteryear were mostly
disappointing when it came to camera performance and image
quality.
Although with an inflated price tag, we're expecting better than
average. Don't let us down, Motorola!
The Nexus 6's 13MP shooter with an f/2.0 aperture, which means it
should do well in low-light situations and it also sports a dual LED
ring flash which hugs the camera lens for a cleaner finish on the
rear.
It is capable of shooting 4K video and has optical image
stabilization, and while this all sounds great we're going to have to
wait and see just how well it works out.
Nexus 6: what we want to see
We're going to leave this last section in here because it's fun to look
back and see which of our wishes came true, and which ones were
denied.
Fans of the cutting edge vanilla Android experience were quick to
fall in love with the Nexus 5 . It ushered in Android 4.4 KitKat with a
sexy Google Experience Launcher on top, but it wasn't perfect.
Here's what our friendly neighbourhood search giant could do to get
us excited about the Nexus 6.
A bigger battery
Battery life has bossed the chart of complaints in the smartphone
market for years now and last year's Nexus was a major offender,
with a constantly high amount of power drainage.
Scraping through a day simply isn't good enough. If you're going to
pack more and more irresistible features into a device with a
gorgeous display, then please give it enough juice to fulfil our
obsessive usage.
A better camera
Google made some swift adjustments to roll out an update that fixed
up the Nexus 5 camera, but it's still an obvious candidate for
improvement. A new version of Android should handle the software
side, but the Nexus 6 is going to need to pack some decent
hardware.
Nokia is the current gold standard with the 41MP-toting Lumia 1020 ,
but the Android pack is pushing 13MP and upwards now. Of course
there's more to a camera than the megapixel count, but there's a lot
more than can be done here.
We want great quality shots, but also fast performance to help us
capture those precious, spontaneous moments as they happen.
A slightly bigger screen
With some clever engineering and some ruthless bezel slicing we're
getting bigger displays without smartphones growing to ridiculous
proportions, although phablets are now a thing. Perhaps the 6 will
refer to the screen size.
Realistically 6 inches might be pushing things too far, but we could
always use more screen real estate.
We'd like to see the Nexus 6 creep up a touch past 5 inches without
becoming unwieldy. A slight increase in screen size without
additional bulk would hit the spot nicely. An edge-to-edge display
has long been a dream for smartphone fans.
A 64-bit processor
Since Apple made the jump to a 64-bit processor in the iPhone 5S
it's inevitable that other manufacturers will want to follow suit. It
doesn't matter if there isn't much obvious short term advantage.
App developers and manufacturers will be able to realize the
potential of this in years to come, but perception is important and
that's reason enough for the Nexus 6 to need a 64-bit processor.
Dual speakers
The front-facing dual-speaker setup on the HTC One M8 is
undeniably nice and the more we consume media on our
smartphones the more important it becomes to get decent sound.
The Nexus 5 had one speaker at the bottom and it was less than
stellar. It's another obvious target for a spot of improvement on the
Nexus 6 and it would be nice if headphones weren't a requirement
for enjoying music on your phone.
A new form
The LG G Flex and the Samsung Galaxy Round have begun the
transition to flexible displays which will enable new form factors.
A gentle curve is not much to get excited about, and it's still
probably too early for the full potential of flexible displays to be
realized, but anything that takes smartphones away from the black
rectangle convention could be good.
A Nexus 6 with a really interesting design and some software
innovation from Google could point the way for the evolution of the
smartphone.
At the very least a kind of secondary display portion on the edge for
at-a-glance functionality and controls. Maybe even a dual-screen
set-up with a low energy secondary display for notifications.
Always listening
The big USP for the Moto X was the voice recognition, allowing you
to issue commands to Google Now without using your hands. The
idea of hands-free operation has always been hampered by the need
to press something first.
If the Nexus 6 was always listening for its master's voice, we might
be tempted to make better use of Google's fortune-telling digital
butler.
Wi-Fi calling
A feature we wouldn't be surprised to see make its way onto the
Nexus 6 is Wi-Fi calling. Apple introduced the feature with the
iPhone 6 and iPhone 6 Plus and its unlikely that Google will be far
behind.
A spokesperson for T-Mobile seemed to let slip that this feature
would be included when talking to 9to5Google - confirming that the
network was currently working on it with Google. The process
involves using Wi-Fi coverage to boost mobile signal and in the case
of T-Mobile is represented by a blue "Talk Bubble" icon.
A 2K display
Full HD with a 1920 x 1080 pixel resolution is still the standard for
top-end Android smartphones, but QHD 2560 x 1440 displays are
just around the corner.
By the time the Nexus 6 is due to arrive the 5.5-inch QHD LG G3 will
be on sale, and maybe even the Samsung Galaxy S5 Prime and HTC
One M8 Prime as well.
It wouldn't be a shock if the Nexus 6 brought us a new level of pixel
density. It's probably too soon for 4K displays, but we're heading in
that direction, and this would at least give a Nexus the headline
grabbing features we love.
Of course, only if it can be done cheaply. We don't want to lose the
low prices we've become accustomed to.
Biometric security
Face Unlock was a gimmicky feature that arrived in Android Ice
Cream Sandwich . It didn't always work and it was easy to spoof
with a photo but finding new ways to effortlessly, but securely,
unlock your smartphone is still on the agenda.
Apple's Touch ID uses your fingerprints and there's a digit scanner
in the Galaxy S5 too. If this kind of security is set to become a new
standard, then the Nexus 6 needs to jump on board.
Indestructibility
We've seen Kevlar coating from Motorola and waterproofing from
Sony and Samsung, and there's no doubt the Nexus line could stand
to toughen up.
You only need to glance at any Nexus 4 or Nexus 5 forum to find
tales of woe from hapless owners with shattered screens.
Flexible display technology could put an end to cracked and broken
screens. Waterproofing has left the rugged category behind and
broken into the mainstream. A Nexus 6 that can survive a dunk and
doesn't need a polycarbonate overcoat is surely on the cards.

Microsoft’s Windows 10 has eye on enterprise

At an event for Windows today, Microsoft is announcing a
new Windows iteration for the world. though Windows 9
would have been the natural name iteration, it’s not. Called
Windows 10, it’s the OS Microsoft says will run “on the
broadest types of devices ever”.

The goal is similar to the way Microsoft has been positioning
Windows for some time. One platform, multiple devices, easy for
all. Developers have one Windows, and users get a similar
experience (and apps) across devices.
Though Windows 10 can be a bit of a “duh” moment in discussing
the aim of a modern Windows platform, Microsoft is getting back
to their roots a bit. They want to get enterprise up to speed on
Windows 10 right away, setting those important customers up for
long-term success.
Windows 10 isn’t for enterprise, but those customers are
important. While you and I as consumers can switch devices or
platforms on a whim, enterprise customers rarely budge off a
platform for extended periods of time. Microsoft enjoyed that
success for a long time, but the insurgent Chrome OS and Apple’s
deal with IBM loom large and threaten their legacy spot as the go-
to platform for enterprise.
Office hedges that bet a bit, offering up a suite of familiar,
enterprise-friendly software apps for any platform. Still, Windows
wants to keep business customers home. At the event, Microsoft
said “Windows 10 is going to be our greatest enterprise platform
ever”.
Microsoft knows many of those enterprise customers are likely on
a dated version of Windows, and is making the transition easier.
the Start Menu is coming back to us, and pinned apps are there
as well. Those tiles can be resized easily, too.
Microsoft is straddling an important line here, and look to be
doing it fairly well. They want Windows 10 to look and feel a lot
like an updated Windows 7, making the transition from that dated
platform much easier for the enterprise customer.
Microsoft is also trying to tie mobile and desktop in with things
like app tiles and universal search from the start menu.
The update looks like the one Microsoft should have had all along,
rather than going strong-arm with Windows 8. We’ll be keeping
our eye on all the goings on, and keeping you updated should
anything important happen!

Hackers charged for swiping military and Xbox data

The Department of Justice has announced that four hackers,
part of what is being referred to as an "international
computer hacking ring" -- have been charged for stealing
data and software related to the Xbox and belonging to the
military. Two of the four hackers have plead guilty to the
charges. The group is said to have stolen proprietary software used by the
military to train Apache helicopter pilots, and to have swiped
trade secret data related to the Xbox One and Xbox Live, as well
as the games Modern Warfare 3 and Gears of War 3. The charges
took place back in April, but have only now been unsealed.
Says the Justice Department, the four entered into conspiracy to
infringe on copyrights, commit computer/wire/mail fraud, trade
secret theft, and identity theft, among other things. One of the
hackers in particular, David Pokora of Ontario, is the first foreign
person convicted of US trade secret theft via hacking.
The aforementioned data was acquired by hacking into networks
belonging to the US Army, Microsoft, Epic Games, Valve, and
Zombie Studios. Login credentials were swiped and used to
acquired the data, which included source code for Xbox Live,
simulators for Apache helicopters, and pre-release versions of
MW3 and Gears of War 3.

iCloud hacking: Now, 'nude photos' of Kim Kardashian West, Vanessa Hudgens leaked

Photos showing an apparently nude Kim Kardashian West are
among a group of images that have appeared online in what
appears to be a second leak of hacked personal pictures of
celebrities, weeks after stars including Jennifer Lawrence and
Kate Upton were targeted.
The actresses Vanessa Hudges and Aubrey Plaza, designer and
former child star Mary-Kate Olsen, and US soccer player Hope
Solo are reportedly also among those apparently hacked.
In the self-shot pictures being shared on online message board
4chan, Reddit and Twitter, the woman pertaining to be Kim
Kardashian West is not wearing a wedding ring and it is unclear
when the photos were taken.
Photographs of Hayden Panettiere and Eyes Wide Shut actress
Leelee Sobieski also feature in the latest cache, according to
Buzzfeed.
Further pictures of Lawrence are also reportedly circulating.
Earlier this month over 100 household names were the target of
online thieves, who stole scores of naked photographs and
intimate videos and posted them on the website 4Chan.
Several of the images - in particular, two of Hunger Games star
Lawrence - quickly circulated on Twitter.
The original list had also included Kim Kardashian West, Olsen
and Hudgens, as well as Ariana Grande, Jessica Brown Findlay,
Mary E Winstead, Rihanna, Mary E Winstead, Cara Delevingne,
Kate Bosworth, Selena Gomez, Kate Upton, Kirsten Dunst and
Kaley Cuoco.
The FBI and Apple are both conducting investigations into the
apparent widespread invasion of personal accounts thought to be
connected to the iCloud service.
A spokesperson for Lawrence said at the time: "This is a flagrant
violation of privacy. The authorities have been contacted and will
prosecute anyone who posts the stolen photos of Jennifer
Lawrence."
Justice and Grande both said that the pictures were fake,
although Lawrence's spokesperson verified their authenticity.
Representatives for Upton said they were "looking into" the
authenticity of the intimate images.
Ricky Gervais went on a back tracking spree on the social media
site after he was criticized for 'victim blaming', while Emma
Watson also took to Twitter to voice her condemnation of the
breach.

Five million Gmail addresses and passwords dumped online

An archive containing nearly 5 million Gmail addresses and plain text passwords was posted Tuesday on an online forum, but the data is old and likely sourced from multiple data breaches according to one security firm.

A user with the online alias “tvskit” posted the archive file on a Bitcoin security forum called btcsec.com and claimed that over 60 percent of credentials found inside are valid.

“We can’t confirm that it is indeed as much as 60 percent, but a great amount of the leaked data is legitimate,” said Peter Kruse, the chief technology officer of CSIS Security Group, a Danish security company that provides cybercrime intelligence to financial institutions and law enforcement.

CSIS researchers analyzed the data and concluded that it is up to 3 years old based on correlations with past leaks.

“We believe the data doesn’t originate from Google directly,” Kruse said via email. “Instead it’s likely it comes from various sources that have been compromised.”

This means that many of the leaked passwords do not correspond to Gmail or Google accounts, but to accounts on other sites where users have used their Gmail addresses as the user name.

CSIS has confirmation that at least five of the leaked user name and password pairs were never used as log-in credentials for Gmail or Google accounts. This enforces the idea that the data comes from compromises outside Google, though it’s possible that they were all perpetrated by a single individual or group, Kruse said.

“The security of our users is of paramount importance to us,” a Google representative said Wednesday via email. “We have no evidence that our systems have been compromised, but whenever we become aware that an account has been compromised, we take steps to help our users secure their accounts.”

Even if many of the leaked credentials turn out not to be from Google, affected users might still want to change their passwords on websites where they used their Gmail address as the user name. A website called isleaked.com allows users to check if their email address is among those leaked.

NVIDIA sues Samsung, Qualcomm for patent infringement

Samsung might find itself in court again, but this time not
against Apple and this time not alone. NVIDIA has filed a
lawsuit against both Samsung and Qualcomm, accusing
them of infringing on 7 of its patents related to computer
graphics and is asking the International Trade Commission
and in the U.S. District Court in Delaware to confirm that,
ban devices, and award them damages. No one will perhaps question that NVIDIA owns patents related to
computer graphics technology. No one will also perhaps deny the
contributions the company has made to the field. Perhaps there
are even some actual patent infringement to be found in its
competitors products, too. But there are many parts of this
lawsuit that are just quite difficult to fathom, much less stomach.
For example, NVIDIA's blog post lists seven infringed patents, a
detail that seems to be missing from its official PR statement.
Among those, four are given as follows:
#our foundational invention, the GPU, which puts onto a
single chip all the functions necessary to process
#graphics and light up screens
our invention of programmable shading, which allows
non-experts to program sophisticated graphics
#our invention of unified shaders, which allow every
processing unit in the GPU to be used for different
purposes
#our invention of multithreaded parallel processing in
GPUs, which enables processing to occur concurrently
on separate threads while accessing the same memory
and other resources
Like many software patents these days, those sound very
commonplace and those are the very same foundational
processes or algorithms used in graphics architecture everywhere.
Surely, others in that market, like once bitter rival ATI (now AMD/
ATI) would have a word or two to say about that.
The targets of the lawsuit are equally perplexing. It specifically
names Samsung and Qualcomm as the culprits. But in the same
breadth, it actually mentions a lot more. Qualcomm is being
targeted for its Adreno GPU used in its Snapdragon SoCs. But the
list of Samsung's devices also include those that run on its own
Exynos chips and so ARM's Mali and Imagination Technologies'
PowerVR graphics architectures are also dragged into the lawsuit.
In short, NVIDIA is basically targeting almost every mobile GPU
maker or designer in the market.
Here's the list of Samsung devices that NVIDIA says infringe on
its patents:
Galaxy Note Edge
Galaxy Note 4
Galaxy S5
Galaxy Note 3
Galaxy S4
Galaxy Tab S
Galaxy Note Pro
Galaxy Tab 2
NVIDIA claims that this is the first time ever that they have filed a
patent lawsuit against anyone in its 21 years of existence. It does
make us question why it took them long to target these chips that
have been in the market for so long. It is also strange that it is
going after Samsung alone, considering the Adreno, Mali, and
PowerVR chips have other customers as well. NVIDIA also says
that it has repeatedly approached Samsung for licensing
negotations but has been repeatedly told that it is the problem of
Samsung's suppliers, which might actually be true as well.
Whatever NVIDIA really has in mind when it filed its complaint, it
might turn out to become a PR problem for them. While it doesn't
fit the definition of a patent troll, there will be many who will
question NVIDIA's motives and sanity, not to mention its financial
situation.

600 Apple iPhones stolen by Apple Employees

Sometimes it is those on the inside that you need to be worried about the most. In Fort Lauderdale, six Apple Store employees were snagged by the cops, as law enforcement smashed an iPhone theft ring that worked out of an Apple Store at the tony Galleria Mall. The six worked together to rip off the store out of 600 iPhones, valued at half a million dollars.

The scheme involved a number of thieves who wandered into the Apple Store, pretending to be customers. In the store, these "customers" would be helped by one of the six employees in on the scam, who would exchange a stolen iPhone for a brand new unit. The Apple Store employees who helped the transactions go through, were paid between $45 and $75 per unit for facilitating the exchange.

The cops arrested former Apple Store employees Devon Persad, Daniel Michael Scotti, Adam Alvarez, Anthony Joseph Tranchida, Sadia A. Dandia, and Otis Jerrell Ferguson. A seventh person arrested was Best Buy Mobile employee Sean Flynn. Flynn provided a list of serial numbers from smartphones on the shelves at Best Buy Mobile, to the other criminals. These numbers were used on the new iPhone models stolen from the Apple Store. 

The cops are looking to identify those who brought the stolen phones into the Apple Store. They are also still looking to find the buyers of the new units that the stolen phones were exchanged for. A Broward Country prosecutor says that the phones were probably sold overseas.

The scheme was discovered when the stolen phones sent in to Apple from the Apple Store, sent off alarms in Cupertino. At the same time, some customers of the Best Buy Mobile store were complaining that they could not get their newly purchased iPhones to work. That was because their serial numbers had been stolen by Flynn and used on the new handsets smuggled out of the Apple Store.

Alienware Alpha console hits preorder

Alienware's Alpha console has gone up for preorder, no longer waiting for the delayed SteamOS and instead running Windows 8.1 with deep ties into the Steam game library thanks to a homegrown couch-friendly interface. Priced from $549, the Alpha runs a choice of Intel Haswell dual- and quadcore Core i chip, paired with a custom NVIDIA Maxwell GTX GPU with 2GB of its own memory, and up to 16GB of DDR3 system memory. That's all squeezed into a box that's compact enough to fit discretely under your TV.

The matte and gloss finish black box contains a single 2.5-inch hard-drive bay, as well as a choice of wireless cards up to 2x2 802.11ac dual-band and Bluetooth 4.0.

It's not short on ports, either: as well as two USB 2.0 on the front there are two USB 3.0 on the back, along with gigabit ethernet, HDMI out and HDMI in, and an optical audio output. A further USB 2.0 is inside, accessed by a hatch on the bottom.
Alienware's familiar "AlienFX" multicolor lighting is present, though given the size of the console it's limited to just the company logo and the glowing triangle on the notched edge. Each can be independently controlled, as well as set to adjust automatically according to game events.

The original plan, of course, was to launch the Alpha with Valve's SteamOS. However, that platform is now delayed, and so Alienware has developed its own Alpha UI that can be controlled entirely with a gamepad and seen all the way across the living room from your couch.

AlphaUI 8
That includes an on-screen keyboard and cursor control, so that you never need to plug in a keyboard or mouse, and support for Steam Big Picture mode. There are more than 500 controller-compatible games in the Steam library, but you can also go into the regular Windows 8.1 desktop and do anything you would with a regular PC.

Alienware also supports what it's calling "Open Console", a platform which will allow the Alpha to be modified and then those custom versions shared with other owners.

It's compatible with the Xbox One controller and the Xbox 360 controller, and there'll be four versions at launch with varying CPUs, storage, and memory; a single Xbox 360 pad will be in the box too. Preorders begin today, from $549.

The Top 5 Most Brutal Cyber Attacks Of 2014 So Far

In 2014, cyber attacks and data breaches don’t look like they’re going to slow down. We’ve seen high-end data breaches of large companies, with data, personal records and financial information stolen and sold on the black market in a matter of days.

Analysts, Hold Security, startlingly announced in February that it had managed to obtain a list of 360 million account credentials for web services from the black market. That’s just after three weeks of research.

Criminals are stepping up their game and data breaches are becoming both common and devastating. According to research from Arbor Networks, the number of DDoS events topping 20Gbps in the first half of 2014, are double that of 2013. With more than 100 attacks at over 100Gbps or higher recorded in the first half of the year.

Akamai Technologies AKAM +2.05%’ State of the Internet report also showed that hacker attacks on websites went up 75% in the final quarter of 2013, with hackers in China responsible for 43% of all attacks.

This incredible interactive map from Antivirus software firm Kaspersky, which depicts all the current cyber attacks occurring around the world in real time, shows the growing intensity of hacks as the year progresses.

We’re only half way through the year, but there has already been a few high-profile hacks that have stopped presses. Here I’ll explore – in no particular order – the most brutal hacks that have taken place in 2014 so far.

Ebay

eBay went down in a blaze of embarrassment as it suffered this year’s biggest hack so far. In May, eBay revealed that hackers had managed to steal personal records of 233 million users. The hack took place between February and March, with usernames, passwords, phone numbers and physical addresses compromised.

eBay

Hackers successfully stole eBay credentials and managed to gain access to sensitive data. eBay encouraged users to change their passwords and reassured them that financial information was not stolen, as it’s stored separately and encrypted. Although there were further concerns that the stolen personal information could leave eBay users vulnerable to identity theft.

Despite eBay not confirming who was behind the attack, the notorious Syrian Electronic Army claimed responsibility. Despite the huge data breach and the sensitivity of the data, the SEA said that it was a “hacktivist operation” and that they “didn’t do it to hack people’s accounts”.

Montana Health Department

The State of Montana’s health department revealed that a data breach may have affected more than 1 million people. The hack actually happened in July last year, but it wasn’t discovered until May this year, with the identity of the intruders, and the extent of the damage done, still unclear.

The state government said that it is notifying 1.3 million people including current and former residents, families of the dead and anyone else whose personal information may have been accessed in the attack.

It’s not clear if the attackers made-off with sensitive information, or if it had been used or sold on the black market. Richard Opper, director of the state’s Department of Public Health and Human Services, said that there’s “no indication” the hackers accessed the information or used it inappropriately.

If they did, hackers would’ve gained access to highly personal information such as Social Security numbers, medical records, medical insurance records, names, addresses and birth certificates. Not to mention the bank details of all health department employees.

P.F. Chang’s

The chain restaurant suffered a huge data breach last month that compromised customer payment information. Chang’s didn’t specifically mention how many customers had been affected, but thousands of newly stolen credit and debit cards went up for sale online on June 9th.

Several banks had gotten in touch with Brian Krebs, a security journalist, to say that “they acquired from this new batch, multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014.”

Criminals managed to hack P.F Chang’s point of sale machines and record credit and debit card data, which then found its way on to the black market. Stolen records were being sold for between $18 and $140, with the price depending on how fresh the stolen data is. Chang’s responded by going low-tech and using age old manual credit card imprinting machines to take payment in its stores, which it then upgraded to new “encryption-enabled terminals”.

Chang’s is still working with the US Secret Service to discover the identity of the hackers.

Evernote and Feedly

It’s not clear if the attacks on both Feedly and Evernote were connected, but they happened within a day of each other and the two companies work largely in tandem. Whilst Evernote was taken down with a Distributed Denial of Service (DDoS) on Tuesday June 10th and was quickly restored within a few hours, Feedly, which went down the next day, suffered much more.

Evernote

The news aggregation service was attacked in the early hours of Tuesday morning. CEO of Feedly, Edwin Khodabakchian, announced on Feedly’s official blog that the attack had been “neutralized” and that normal service had restored. However, two more DDoS waves were launched at Feedly which bought it down for another two days, with service being properly restored on June 14th.

Not much about the attacker is known, other than that they attempted to extort money out of Feedly in exchange for ending the attacks.  Khodabakchian said that he refused to comply with the attacker’s ransom demands and the threat, eventually, was neutralized.

Domino’s Pizza

Hacking group Rex Mundi held Domino’s Pizza to ransom over 600,000 Belgian and French customer records. In exchange for the personal data, which included names, addresses, emails, phone numbers and even favourite pizza toppings, Mundi demanded $40,000 from the fast-food chain.

If the ransom wasn’t met, the hackers threatened to publish the information online. The group then taunted Domino’s by saying: “Earlier this week, we hacked our way into the servers of Domino’s Pizza France and Belgium, who happen to share the same vulnerable database. boy, did we find some juicy stuff in there.”

Domino’s refused to comply with the ransom and reassured customers that financial and banking information was not stolen. The hacking group had its Twitter account suspended and the data was never released, although it’s not clear if Domino’s ever complied with the ransom demands.