U.S. Pumps $400 million to fund next-gen wireless research

The U.S. National Science Foundation will spend more than US$400 million over the next seven years to fund next-generation wireless research in an effort to bring super-fast mobile service to the country.

U.S. officials hope the investments, announced Friday, will speed up the county’s move to next-generation 5G mobile service, potentially offering speeds of 10Gbps, and allow for a rapid expansion of the internet of things. 

The next-generation mobile services will enable self-driving cars, an “always on” IoT, smart cities, new virtual reality offerings, and video to aid police, firefighters, and emergency medical responders, said John Holdren assistant to President Barack Obama for science and technology.

MORE ON NETWORK WORLD: 7 reasons to deploy Wi-Fi security in Enterprise mode

“Time and again, history has shown us that when we make sustained federal investments in fundamental academic research and in public-private partnerships … we as a nation reap the benefits,” Holdren said at an NSF event in Washinton, D.C., Friday.

The NSF funding, part of a new White House Advanced Wireless Research Initiative, includes $50 million as part of a partnership with more than 20 mobile companies and trade groups to roll out advanced wireless testing sites in four U.S. cities. The testing will include deployment of small cells to boost signals of high-band, millimeter wave spectrum.

Friday’s announcement piggybacks on a Federal Communications Commission vote Thursday to open up nearly 11 gigahertz of high-band spectrum to 5G and IoT services.

The NSF expects to spend $350 million over the next seven years on fundamental research and testing of next-generation wireless technologies, the agency said.

The FCC and other agencies want to focus on making spectrum available so that wireless companies can experiment with the best ways to deliver new services, said FCC Chairman Tom Wheeler. Some countries have pushed to set 5G standards before moving forward, but not the U.S., he said.

To read more and the original story follow this link to Network World. 

Windows BITS Service Used to Reinfect Computers with Malware

Crooks found a way to reinfect computers with malware via the Windows BITS service, months after their initial malware was detected and deleted from the infected system.

BITS (Background Intelligent Transfer Service) is a Windows utility for transferring files between a client and a server. The utility works based on a series of cron jobs and is the service in charge of downloading and launching your Windows update packages, along with other periodic software updates.

According to US-based Dell subsidiary SecureWorks, crooks are using BITS to set up recurring malware download tasks, and then leveraging its autorun capabilities to install the malware.

Abusing BITS is nothing new since criminals used the service in the past, as early as 2006, when Russian crooks were peddling malicious code capable of using BITS to download and installing malware on infected systems.Initial malware infection took place back in March 2016In the particular case, SecureWorks staff were called to investigate a system that had no malware infections but was still issuing weird security alerts regarding suspicious network activities.

The SecureWorks team discovered that the initial malware infection took place on a Windows 7 PC on March 4, 2016, and that the original malware, a version of the DNSChanger malware calledZlob.Q, had added malicious entries to the BITS service.

These rogue BITS tasks would download malicious code on the system and then run it, eventually cleaning up after itself.

Since the user’s antivirus removed the initial malware, the BITS tasks remained, re-downloading malware at regular intervals. Because BITS is a trusted service, the antivirus didn’t flag these activities as malicious but still issued alerts for irregular activities.BITS tasks could be used in much more dangerous waysIn this case, SecureWorks reports that the BITS jobs downloaded and launched a DLL file that executed as a “notification program.”

BITS jobs have a maximum lifetime of 90 days, and if the malware coder had used them properly, they could have had a permanent foothold on the infected system.

SecureWorks staff presents a method of searching for malicious BITS tasks in their technical write-up, along with a list of domains from where this particular infection kept downloading malicious code.

To read more and the original story follow this link to Softpedia. 

Samsung Warns Customers To Think Twice About What They Say Near Smart TVs

(ANTIMEDIA) — In a troubling new development in the domestic consumer surveillance debate, an investigation into Samsung Smart TVs has revealed that user voice commands are recorded, stored, and transmitted to a third party. The company evenwarns customers not to discusspersonal or sensitive information within earshot of the device.

This is in stark contrast to previous claims by tech manufacturers, like Playstation, who vehemently deny their devices record personal information, despite evidence to the contrary, including news that hackers can gain access to unencrypted streams of credit card information.

The new Samsung controversy stems from the discovery of a single haunting statement in the company’s “privacy policy,” which states:

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

This sparked a back and forth between the Daily Beast and Samsung regarding not only consumer privacy but also security concerns. If our conversations are “captured and transmitted,” eavesdropping hackers may be able to use our “personal or other sensitive information” for identity theft or any number of nefarious purposes.

There is also the concern that such information could be turned over to law enforcement or government agencies. With the revelation of the PRISMprogram — by which the NSA collected data from Microsoft, Google, and Facebook — and other such NSA spying programs, neither the government nor the private sector has the benefit of the doubt in claiming tech companies are not conscripted into divulging sensitive consumer info under the auspices of national security.

Michael Price, counsel in the Liberty and National Security Program at the Brennan Center for Justice at the NYU School of Law, stated:

“I do not doubt that this data is important to providing customized content and convenience, but it is also incredibly personal, constitutionally protected information that should not be for sale to advertisers and should require a warrant for law enforcement to access.”

Responding to the controversy, Samsung updated its privacy policy, named its third party partner, and issued the following statement:

“Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. The TV owner can also disconnect the TV from the Wi-Fi network.”

Under still more pressure,Samsung named its third party affiliate, Nuance Communications. In a statement to Anti-Media, Nuance said:

“Samsung is a Nuance customer. The data that Nuance collects is speech data. Nuance respects the privacy of its users in its use of speech data. Our use of such data is for the development and improvement of our voice recognition and natural language understanding technologies. As outlined in our privacy policy, third parties work under contract with Nuance, pursuant to confidentiality agreements, to help Nuance tailor and deliver the speech recognition and natural language service, and to help Nuance develop, tune, enhance, and improve its products and services.

“We do not sell that speech data for marketing or advertising. Nuance does not have a relationship with government agencies to turn over consumer data…..There is no intention to trace these samples to specific people or users.”

Nuance’s Wikipedia pagementions that the company maintains a small division for government and military system development, but that is not confirmed at this time.

Despite protestations from these companies that our voice command data is not being traced to specific users or, worse, stored for use by government or law enforcement agencies, it seems that when it comes to constitutional civil liberties, the end zone keeps getting pushed further and further down the field.

For years, technologists and smart device enthusiasts claimed webcam and voice recording devices did not store our information. While Samsung may be telling the truth about the use of that data, there are countless companies integrating smart technology who may not be using proper encryption methods and may have varying contractual obligations to government or law enforcement.

Is it really safe for us to assume that the now exceedingly evident symbiotic relationship between multinational corporations and government agencies does not still include a revolving door for the sharing of sensitive consumer data?

This article (Samsung Warns Customers To Think Twice About What They Say Near Smart TVs) is free and open source. You have permission to republish this article under a Creative Commonslicense with attribution to Jake Anderson and theAntiMedia.org.Anti-Media Radio airs weeknights at 11pm Eastern/8pm Pacific. If you spot a typo, emailedits@theantimedia.org.

The Best Cloud Storage

Access your files anytime, anywhere, and from any device.

I’m a huge fan of using cloud storage and heavily depend on these services to store my files while keeping them secure and easily accessible at any time. I have used just about every different cloud provider that allows users a free account with free storage, which is basically all the major players in the cloud storage field.

I am sharing this information that was gained through research conducted on the best storage providers by Reviews.com. Find the article here.

According to the research, 45 different options (including 26 different apps) for cloud storage services were tested to find the pros and cons and to determine the best all around services.

The best cloud storage providers:

– Dropbox

Dropbox

Best For:       Lightweight Users

Free Storage Space:     2GB

Cheapest Premium Option:     $9.99 for 1TB

File-Size Limit:     Varies

Server Location:    United States

iOS App User Rating:      3.5

Android App User Rating:     4.4

Windows App User Rating:     3.5

– Google Drive

Google Drive

Best For:       Teams and Collaboration

Free Storage Space:      15GB

Cheapest Premium Option:       $1.99 for 100GB

File-Size Limit:         5TB

Server Location:       Worldwide

iOS App User Rating:       4.5

Android App User Rating:        4.3

Windows App User Rating:      3.9

– OneDrive

OneDrive

Best For:       Devoted Windows Users

Free Storage Space:       15GB

Cheapest Premium Option:       $1.99 for 100GB

File-Size Limit:         10GB

Server Location:         Worldwide

iOS App User Rating:         4

Android App User Rating:        4.4

Windows App User Rating:     4.2

– Box

Box

Best For:         Enterprise Solutions

Free Storage Space:        10GB

Cheapest Premium Option:       $10 for 100GB

File-Size Limit:       Varies

Server Location:         Worldwide

iOS App User Rating:        4

Android App User Rating:        4.2

Windows App User Rating:      4.4

The following is from the research done by Reviews.com

How We Found the Best Cloud Storage

We started by compiling a list of 45 different cloud-based software solutions and then we hit the books (well, the internet, that is). We read reviews from the top technology blogs, dissected user guides, toyed with a bunch of settings, and narrowed our list down to our top four recommendations using these five criteria:

1. We removed services that are focused primarily on media- and OS-level backups.

17 disqualified

Of the active users we surveyed, 53 percent primarily use cloud storage for media and file sharing, so our best picks had to be well-rounded, and not focused on automated, system-level backups.

2. We removed services that are just for business and have no personal option.

21 disqualified

Enterprise cloud solutions are technical, and include a plethora of features that most people either don’t need, or would find confusing, such as task management and user comments.

3. We cut all services without extensive support for OS X, Windows, Android, and iOS.

24 disqualified

A huge benefit of cloud storage is that it bridges the gap between operating systems. We only passed services that support all of the most common desktop and mobile operating systems.

4. We cut any cloud storage services that did not offer a freemium version.

33 disqualified

Offering a freemium version is obviously a great way for companies to win new users, but it’s also part of being the best cloud storage service. Not everyone is a power user, after all. And why pay when you don’t have to?

5. We cut any contenders that didn’t have an average of 3.5 stars or higher from the App Store, Google Play Store, and Windows Store.

41 disqualified

If there’s one thing that should be indicative of cloud storage, it’s mobility. Filtering out low-rated mobile apps was a great way to find out which companies really catered to their users. Of course, app scores change with every update and release, but as of our latest update all of our top contenders had high marks.

For more information and the full breakdown of the research conducted by Reviews.com please follow the link below.

Research provided by Reviews.com

90 Percent of All SSL VPN Use Insecure or Outdated Encryption

Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don’t provide the security they should be offering, mainly because they are using insecure or outdated encryption.

An SSL VPN is different from a classic IPSec VPN because it can be used inside a standard Web browser without needing to install specific software on the client-side.

SSL VPNs are installed on servers, and clients connect to the VPN via their browsers alone. This connection between the user’s browser and the VPN server is encrypted with the SSL or TLS protocol.

Three-quarters of all SSL VPNs use untrusted certificates

Researchers from High-Tech Bridge say they analyzed 10,436 randomly selected SSL VPN servers and they found that most of them are extremely insecure.

They claim that 77% of all SSL VPNs use SSLv3 or SSLv2 to encrypt traffic. Both of these two versions of the SSL protocol are considered insecure today. These protocols are so insecure that international and national security standards, such as the PCI DSS and NIST SP 800-52 guidelines, have even gone as far as to prohibit their usage.

Regardless of their SSL version, 76% of all SSL VPN servers also used untrusted SSL certificates. These are SSL certificates that the server has not confirmed, and that attackers can mimic and thus launch MitM (Man-in-the-Middle) attacks on unsuspecting users.

High-Tech Bridge experts say that most of these untrusted certificates are because many SSL VPNs come with default pre-installed certificates that are rarely updated.

Some VPNs still use MD5 to sign certificates

Additionally, researchers also note that 74% of certificates are signed with SHA-1 signatures, and 5% with MD5 hashes, both considered outdated.

41% of all SSL VPNs also used insecure 1024 key lengths for their RSA certificates, even if, for the past years, any RSA key length below 2048 was considered to be highly insecure.

Even worse, one in ten SSL VPNs is still vulnerable to the two-year-old Heartbleed vulnerability, despite patches being available.

Out of all the tested SSL VPNs, researchers say that only 3% followed PCI DSS requirements. None managed to comply with NIST (National Institute of Standards and Technology) guidelines.

High-Tech Bridge is also providing a free tool that can tell users if their SSL VPN or HTTPS website is actually doing a good job of protecting them.

For the original story follow this link to Softpedia for more information.

This Hack Lets You Run Any Android App on Your Chromebook

Using a small JavaScript script, the hack, which is detailed in full on GitHub, allows any regular Android APK to be packaged up and, for want of a better term, side-loaded onto a Chromebook. It can then be run under the Android App Runtime in the same way as the ‘official’ Vine, Dulingo and Evernote. 

Restrictions mean that only one Android app can be run at a time.

To watch a Youtube video demonstration and the full original story follow this link to OMG Chrome.

Try It Out

If the thought of waiting for Google to partner up with the maker of your favourite app, game or utility is too much to bear, you could don your hard hat and try it out for yourself.

But be warned: it’s not a guide for the fainthearted or the technically averse. The developer behind the hack,
Vladikoff, cautions that his tool is for ‘proof of concept’ and is provided without any kind of warrant or assurance. The hack is also not endorsed by Google, Chromium or Android.

To follow along you’ll need a Chromebook with the Android Runtime plugin installed, the Android Vine app (which will be replaced during the course of the guide) and an OS X or Linux desktop from which to ‘package’ your app.

Applications tested and said to be working include Twitter, both tablet and mobile modes, and Flipboard (which was demoed running on a Chromebook at Google I/O).

Other apps tested but that crash include Google Chrome for Android (!), Spotify, SoundCloud and Swing Copters.

You can find more details and a download for the script on the project’s GitHub page, linked below.

‘Run Android APKs on Chromebooks’ Guide

More Americans using smartphones for getting directions, streaming TV

Just as the internet has changed the way people communicate, work and learn, mobile technology has changed when, where and how consumers access information and entertainment. And smartphone use that goes beyond routine calls and text messages does not appear to be slowing, according to a Pew Research Center survey of U.S. adults conducted in July 2015.

The percentage of smartphone owners who say they have ever used their phone to watch movies or TV through a paid subscription service like Netflix or Hulu Plus has doubled in recent years – increasing from 15% in 2012 to 33% in 2015.

Among the smartphone activities measured, getting location-based information is the most universal task. Nine-in-ten smartphone owners use their phone to get directions, recommendations or other information related to their location, up from 74% in 2013.

The share of smartphone users who report using their device to listen to online radio or a music service, such as Pandora or Spotify, or participate in video calls or chats has also increased by double digits in recent years. (2015 was the first year in which we surveyed about using a mobile device to buy a product online or get sports scores and analysis.)

Younger adults are especially likely to reach for their phone for something other than calling and texting. Getting location-based information is the one activity measured that is common across all age groups, however.

Listening to music and shopping on the go are especially popular among smartphone owners ages 18 to 29: 87% have listened to an online radio or music service on their phone, compared with 41% of those 50 and over, and 73% have shopped online through their mobile device, versus 44% of older users.

Activities that are less prevalent but not uncommon among smartphone owners include video calling or chatting; getting sports scores or analysis; and watching movies or TV through a paid subscription service. Again, younger adults are especially likely to use their mobile device for all of these activities. For example, 52% of 18- to 29-year-old smartphone owners have ever used their phone to watch movies or TV shows through a paid subscription service, compared with 36% of 30- to 49-year-olds and only 13% of those 50 and older.

These differences speak to a broader pattern of younger Americans’ adoption of and engagement with technology. Younger adults are more likely than older adults to own a smartphone, to be constantly online and to rely on their smartphone for internet access.

To see more and the original story follow this link to Pew Research.

Android adware can install itself even when users explicitly reject it

A while back, Ars reported on newly discovered Android adware that is virtually impossible to uninstall. Now, researchers have uncovered malicious apps that can get installed even when a user has expressly tapped a button rejecting the app.

The hijacking happens after a user has installed a trojanized app that masquerades as an official app available in Google Play and then is made available in third-party markets. During the installation, apps from an adware family known as Shedun try to trick people into granting the app control over the Android Accessibility Service, which is designed to provide vision-impaired users alternative ways to interact with their mobile devices. Ironically enough, Shedun apps try to gain such control by displaying dialogs such as this one, which promises to help weed out intrusive advertisements.

From that point on, the app has the ability to display popup ads that install highly intrusive adware. Even in cases where a user rejects the invitation to install the adware or takes no action at all, the Shedun-spawned app uses its control over the accessibility service to install the adware anyway.

“Shedun does not exploit a vulnerability in the service,” researchers from mobile security provider Lookout wrote in a blog post published Thursday morning. “Instead it takes advantage of the service’s legitimate features. By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user.”

For a video demonstration and the original story follow this link to Ars Technica.

As previously reported, Shedun is one of several families of adware that can’t easily be uninstalled. That’s because the apps root the device and then embed themselves into the system partition to ensure they persist even after factory reset. Lookout refers to them as “trojanized adware” because the end goal of this malware is to install secondary applications and serve aggressive advertising.

The ability to use social engineering to hijack the Android Accessibility Service is yet another sign of the creativity and ingenuity put into this new breed of apps. As always, readers are reminded to carefully weigh the risks and benefits of using third-party app markets. They should also remain highly suspicious of any app that asks for control of the Android Accessibility Service.

Yes, Google can remotely reset Android passcodes, but there’s a catch

Newer Android phone and tablet owners aren’t affected, but it does say something about Android’s fragmentation of device security.

The one-sided encryption debate continues. Now, it’s being used as a tool to spread what’s commonly known as “fear, uncertainty, and doubt.”

If you ventured to Reddit, you might have read a startling claim by the Manhattan district attorney’s office, who last week released a report into smartphone encryption and public safety.

It reads [PDF]:

“Google can reset the passcodes when served with a search warrant and an order instructing them to assist law enforcement to extract data from the device. This process can be done by Google remotely and allows forensic examiners to view the contents of a device.”

But there’s a problem: that’s only half of the story. And while it’s true, it requires a great deal more context.

The next few lines read:

“For Android devices running operating systems Lollipop 5.0 and above, however, Google plans to use default [device] encryption, like that being used by Apple, that will make it impossible for Google to comply with search warrants and orders instructing them to assist with device data extraction.”

If you thought you heard that before, that’s because you have.

Google, which develops Android, said in its “Lollipop” 5.0 upgrade two years ago it would enable device encryption by default, which forces law enforcement, federal agents, and intelligence agencies to go to the device owner themselves rather than Google.

This so-called “zero knowledge” encryption — because the phone makers have zero knowledge of your encryption keys — also led Apple to do a similar thing with iOS 8 and later. Apple now has 91 percent of its devices using device encryption.

However, there was some flip-flopping on Google’s part because there were reports of poor device performance. Eventually, the company said it would bring device encryption by default to its own brand of Nexus devices. Then, it said that its newest “Marshmallow” 6.0 upgrade will enable device encryption by default.

It took a year, but Google got there in the end. 

The US government, and its law enforcement and prosecutors were concerned. They have argued that they need access to device data, but now they have to go to the very people they are investigating or prosecuting.

Only a fraction of Android devices, however, are protected.

According to latest figures, only 0.3 percent of all Android devices are running “Marshmallow” 6.0, which comes with device encryption by default. And while “Lollipop” 5.0 is used on more than one-quarter of all Android devices, the vast majority of those who have device encryption enabled by default are Nexus owners.

To read more and the original story follow this link to ZD Net.

Americans are wary about IoT privacy

Americans are in an “it depends” state when it comes to disclosing personal information over internet-connected devices, according to a new Pew Research Center study. The study proposed different scenarios to which 461 Americans expressed whether they believed being monitored by a device was acceptable, not acceptable, or depended on the situation. Pew Research Center found that some scenarios were acceptable to the majority of Americans, but the answers often came with caveats. For example, most consumers find a security camera in the office acceptable, but with restrictions; one person said, “It depends on whether I would be watched and filmed every minute of the day during everything I do.”

Here are the responses to the IoT-related scenarios the study presented:

• Office surveillance cameras: More than half (54%) of Americans believe that it’s acceptable for a surveillance camera in the workplace, making it the most acceptable of the six proposed scenarios. Another 21% answered “it depends,” while 24% said it would not be acceptable.

• Sharing health information with your doctor: 52% of Americans believe it’s acceptable for their doctor to utilize a website to manage patient records and schedule appointments, 20% answered “it depends,” and 26% thought it was not acceptable. This correlates with iTriage survey, which indicated that 76% of consumers feel comfortable transferring wearable health data to their practitioner. 

• Usage-based auto insurance: 37% of respondents answered it was acceptable for auto insurance companies to collect information via a UBI dongle, such as Progressive’s Snapshot, and offer discounts for safe driving. 45% said it was not acceptable, while 16% said “it depends.”

• Smart thermostat: 27% of respondents said it was acceptable for a smart thermostat in the house to track where the occupant is and share that data. More than half of respondents (55%) said it was not acceptable, and 17% answered “it depends.”

Through focus groups and open-ended answers, Pew narrowed down the top reasons consumers believe sharing information is unacceptable: Through focus groups and open-ended answers, Pew narrowed down the top reasons consumers believe sharing information is unacceptable:

1) The threat of scammers and hackers;
2) Being repeatedly marketed from companies collecting data;
3) They do not want to share their location;
4) They think it’s “creepy”;
5) The companies collecting the data have ulterior motives to use it.

Data privacy will continue to be a big trend as the Internet of Things market matures. Device makers should be transparent about the data being collected and what it’s used for. Further, they should ensure the devices and their associated data storage bases are secure.

To read more of this article and the original story follow this link to Business Insider.