6 C
London
Wednesday, November 22, 2017
Home Tags Shanghai

Tag: Shanghai

Electric car maker would likely still pay the nationrsquo;s 25 percent tariff.
By stimulating one region of the brain, scientists create mouse supersoldiers.
Low attention and a flood of data are serious problems for social networks.
Says security in danger of being left behind in technology accelerationShanghai, China, June 29: At the Mobile World Congress in Shanghai, network signalling security experts Evolved Intelligence warned that operators racing to deploy 5G services in time for the Winter Olympic games in 2018 were in danger of forgetting the security lessons of the past.Co-Founder and Commercial Director Peter Blackie said that not enough progress had yet been made on securing 5G network signalling. “It... Source: RealWire
As home buttons disappear, fingerprint reader technology searches for a new home.
No Surface Pro 5; it's just called Surface Pro. Unveiled in Shanghai next week.
The powertrain looks great, but we're not sure about the styling.
It has 1 megawatt of power, all-wheel drive, and active suspension and aerodynamics.
A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices.

This is not the case.
Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.
Asian country has began investing in quantum technology and is at a similar starting point with other economic powers in this field, says Shanghai-born Turing Award winner Andrew Yao.
Enlargereader comments 37 Share this story Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday. Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks. Since BitSight and its subsidiary company Anubis Networks took possession of the two preconfigured domains, more than 2.8 million devices have attempted to connect in search of software that can be executed with unfettered "root" privileges, the researchers said. Had malicious parties obtained the addresses before BitSight did, the actors could have installed keyloggers, bugging software, and other malware that completely bypassed security protections built into the Android operating system. The almost three million devices remain vulnerable to so-called man-in-the-middle attacks because the firmware—which was developed by a Chinese company called Ragentek Group—doesn't encrypt the communications sent and received to phones and doesn't rely on code-signing to authenticate legitimate apps. Based on the IP addresses of the connecting devices, vulnerable phones hail from locations all over the world, with the US being the No. 1 affected country. "The thing that scares us is a lot of these users will be unaware of the vulnerability, and they will never get an update," BitSight CTO Stephen Boyer told Ars. "This is full system compromise. This is at the root level. [Attackers with a MitM position] can do anything." Kind of BLU In a blog post published Thursday, BitSight researchers said they went to a Best Buy store and purchased a BLU Studio G phone and were able to perform an attack that exploited the backdoor. As a result, they were able to install a file they named system_rw_test in /data/system/, a file location that's reserved for apps with all-powerful system privileges. The researchers provided the following screenshot: Enlarge BitSight Technologies By observing the data phones sent when connecting to the two previously unregistered domains, BitSight researchers have cataloged 55 known device models that are affected. The most affected manufacturer is US-based BLU Products, which accounted for about 26 percent, followed by multinational Infinix with 11 percent, Doogee with almost 8 percent, and Leagoo and Xolo with about 4 percent each. Slightly more than 47 percent of the phones that connected to the BitSight sinkhole gave no indication who their manufacturer was. A list of specific models can be found in this advisory from the Department of Homeland Security-sponsored CERT. Enlarge BitSight Technologies The IP addresses of the connecting devices were based in countries all over the world, with the US being the top one, BitSight researchers told Ars. Given the large number of connecting devices with unknown manufacturers, the list of affected devices is sure to grow in the coming weeks. People who are technically inclined can check if a phone is vulnerable by monitoring its network traffic and looking for outgoing connections to the following domains, which are hardwired into the Ragentek firmware: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com People who are concerned their phone may run the firmware may also contact the manufacturer. So far, according to both BitSight and the CERT advisory, only BLU Products has released an update that addresses the vulnerability. It's not clear if it will be installed automatically or if users must manually apply it, and BitSight researchers have not yet tested the patch to evaluate its effectiveness. BLU Products representatives didn't respond to a message seeking comment for this post. Affected or potentially affected users who don't have an update can also protect themselves by connecting only to networks they trust or by using VPN software when connecting to hotspots and other unsecured Wi-Fi networks. Rootkit functionality Little is known about the Ragentek firmware. BitSight researchers said code in the firmware goes out of its way to conceal the presence of the underlying binary file. For example, it deliberately attempts to remain excluded from the list of running processes returned by the Linux PS command. "In this case, the developer added an exception when iterating over the system processes to explicitly skip over the affected binary (“debugs”), and thus not display it in the returned results," BitSight researcher Dan Dahlberg told Ars. "In other words, the programs were modified to pretend this binary did not exist." Dahlberg said the Ragentek firmware takes similar steps to evade the top command. Despite the suspicious behavior, BitSight researchers suspect the firmware is designed to deliver legitimate over-the-air updates to phones, and they believe the backdoor capabilities were unintentional. Attempts to reach Ragentek and other manufacturers weren't successful. The disclosure from BitSight is the second time this week researchers have warned of Android phones coming preinstalled with what amounts to a backdoor. On Tuesday, researchers from security firm Kryptowire reported that hundreds of thousands of handsets sent massive amounts of personal data about the phones and their users’ activities to servers operated by China-based Shanghai AdUps Technologies, the maker of another piece of malware. Taken together, the disclosures underscore a troubling lack of testing by the affected manufacturers and the blind trust consumers place in devices that are becoming increasingly central to their lives.

Shanghai Adups Technology Co. claims the software "inadvertently" included a secret backdoor.

A number of budget Android smartphones are suspected of sending text messages to China every 72 hours.

Security firm Kryptowire, which first reported the secret backdoor on Tuesday, blamed a firmware developed by Shanghai Adups Technology Company.

The majority of monitoring activities used Adups' Firmware Over The Air (FOTA) update system, developed in response to user demand to screen out junk texts and calls from advertisers.

"Since its founding, Adups FOTA has taken customer and user privacy very seriously," the organization said in a statement published Wednesday.

But the software, according to Kryptowire, transmits sensitive personal data without disclosure or user consent.

Tech Radar released a list of affected models from Miami-based mobile manufacturer Blu. Owners of the R1 HD, Energy X Plus 2, Studio Touch, Advance 4.0 L2, Neo XL, or Energy Diamond are encouraged to check their phone by navigating to Settings > Apps > Menu > Show System > Wireless Update. If it is running 5.4.0.3.004, you're in the clear, Tech Radar said. If it reads 5.0.x to 5.3.x, however, you should contact Blu immediately.

It remains unclear how many of the handsets were sold in the US.

These devices relay information like text messages, contact lists, call history (with full telephone numbers), and unique device identifiers, Kryptowire explained. The firmware also collected details about the use of installed applications, and is able to remotely program the gadget.

Shanghai Adups, however, claims this is all a misunderstanding; a simple mistake that has since been rectified.

"In June 2016, some Blu Product, Inc. devices applied a version of the Adups FOTA application that inadvertently included the functionality of flagging junk texts and calls," the company statement said. "When Blu raised objections, Adups took immediate measures to disable that functionality on Blu phones."

It also confirmed that no information—text messages, contacts, phone logs—was disclosed, and any data received from a Blu phone during that period was deleted.

"Also, Adups has been working to further improve the privacy protections in its products. Adups sincerely apologizes to its partners and users," it continued. "We will enhance process management and work to improve transparency, and deliver high-quality products and best service to provide the best possible data security for all our customers."

Neither Google nor Blu immediately responded to PCMag's request for comment.

ZTE, meanwhile, maintains that none of its US devices "have ever had the Adups software installed on them, and will not," the mobile manufacturer told Android Headlines.