Tag Archives: Embedded Linux

Phantom Mobile Threats

How secure is your mobile phone?

This is an old bugaboo that folks who sell antivirus software have tried to get us scared about. But the truth is that for the past decade there’s really not much to lose sleep over.

That hasn’t stopped people getting freaked out about it.

A security conference heard that some downloadable applications to phones running the Android operating system would “collect a user’s browsing history, their text messages, the phone’s SIM card number and subscriber identification” and send all this data to a website owned by someone in Shenzhen, China. Some outlets reported that it also transmitted the user’s passwords to their voicemail.

About 700 outlets covered the story, including mainstream publications like the Telegraph and Fortune magazine: “Is your smart phone spying on you?” asked one TV station’s website.

Scary stuff.

Only it isn’t true. It’s not clear who misreported all this—the journalists and others covering the event, or the company releasing the fruits of their research, but it gradually emerged that the applications—downloadable wallpapers—only transmitted a portion of this data. (See a corrected version of a story here.)

Indeed, the whole thing got less suspicious the more you dig.

This is what the developer told me in a text interview earlier today: “The app [recorded’] the phone number [because] Some people complained that when they change the[ir] phone, they will lose the[ir] favorite [settings]. So I [store] the phone number and subscriber ID to try to make sure that when [they] changed the phone, they have the same favorites.”

Needless to say the developer, based in Shenzhen, is somewhat miffed that no one tried to contact him before making the report public; nor had any of the 700 or so outlets that wrote about his applications tried to contact him before writing their stories.

“I am just an Android developer,” he said. “I love wallpapers and I use different wallpaper every day. All I want is to make the greatest Android apps.”

Now of course he could be lying through his teeth, but I see no evidence in the Lookout report or anything that has appeared subsequently that seems to suggest the developer has done anything underhand. (The developer shared with me some screenshots of his app’s download page which show that they do not request permission to access text message content, nor of browsing history.)

In fact, he seemed to be doing a pretty good job: His apps had been downloaded several million times. He declined to give his name, but acknowledged that he was behind both apps provided under the name Jackeey, and under the name iceskysl@1sters!

Not much longer. One website quoted Lookout as saying “We’ve been working with Google to investigate these apps and they’re on top of it.” They have: Google has now removed the apps from their site. So I guess Jackeey, as he asked me to call him, is going to have to look for other ways to spend his time. (He told me that Lookout had contacted him by email but not, apparently, before going public.) 

Seems a shame. Obviously, there is a mobile threat out there, but I’m not sure this is the way to go about addressing it. And I don’t think a guy in Shenzhen doing wallpaper apps is, frankly, worth so much hysterical column ink.

Let’s keep some perspective guys, and not embark on a witch-hunt without some forethought.

Lookout has since been backtracking a bit from its original dramatic findings. “While this sort of data collection from a wallpaper application is certainly suspicious,” it says on its blog, “there’s no evidence of malicious behavior.”

Suspicious? We seem very quick to attribute suspicious behavior to someone we don’t know much about, in some scary far-off place, but less to those we do closer to home: Lookout’s main business, after all, is prominently displayed on their homepage: an application to, in its words, “protect yourself from mobile viruses and malware. Stop hackers in their tracks.”

Conflict of interest, anyone?

Opera Gets Widgetized

The Opera browser continues to impress, even as it becomes less and less relevant in the face of the mighty Firefox. This week Opera’s preview puts widgets on stage according to CNET :

Opera Software on Tuesday plans to release a second preview version of Opera 9, the next version of its namesake Web browser. For the first time, the new version will include support for so-called widgets, Opera representative Thomas Ford said. Widgets are essentially small browser windows that display information taken from the Internet on a user’s desktop. The notion is similar in concept to the widget idea that Apple Computer uses in the Dashboard feature of Mac OS X.

“It is really a big jump for us into Web applications,” Ford said. “They give people the information they want right on the desktop. Even if it is a Web page, people don’t have to go to the browser to see it.”

Actually Windows users have had access to widgets for a while, via Klips and Konfabulator, now bought and rebranded by the folks at Yahoo! as straight Widgets. I’m a big fan of widgets but I find I don’t use them as much as I should. It’ll be interesting to see how Opera handles it. The preview version also includes support for BitTorrent, the file distribution protocol.

Is The Tablet Coming Back Down The Mountain?

This space is getting interesting: The sort-of-tablet-handheld. Nokia unveils Linux based 770 Internet Tablet:

The main attraction of the device is its widescreen, 65K colour TFT touch screen with a diagonal size of 4″ and resolution of 800 x 480 pixels. This, along with a navigational array flanking the screen on its left side, provides an interface to the Nokia Internet Tablet 2005 software which powers the device, developed atop Linux by the handset maker to power this new category of devices.

Offering up 64 MB of RAM and approximately 64 MB of non-volatile storage for users, the 770 Internet Tablet also harbours an RS-MMS card expansion slot for the purpose of memory expansion. Whether this will be necessary, however, is another question entirely as the functionality of the 770 appears to revolve mainly around the streaming capabilities as provided by its Wi-Fi 802.11b/g connectivity.

Not content with Wi-Fi, Nokia also integrated Bluetooth 1.2 into the unit, allowing for among other things the ability to connect to the Internet via a compatible handset. Several profiles are supported, including Dial-Up Networking, File Transfer, SIM Access and Serial Port, with the 770 also offering USB as a wired alternative for PC connectivity.

Does this compete with the revived Tablet PC? Or the LifeDrive? What I would love to see is these devices coupled with the wonderful Stowaway XT Portable Keyboard for USB from ThinkOutside, which I’ve never seen in the shops, but which has the same great action and design as its Palm and PocketPC forebears. Maybe they just didn’t sell, which would be a shame. The keyboard coupled with one of these devices would be all you’d need.

Opera’s Eighth Is Out

Opera’s browser, version 8.0, is officially out today. According to the blurb

Opera 8 is a substantial upgrade from previous versions, and includes new features such as a unique security information field that indicates the trustworthiness of banking and shopping Web sites and voice interaction capabilities. The new version of Opera also introduces an advanced page-resizing function that adapts Web pages to fit the width of any screen or window. Today’s release for Windows is available in English, German, Dutch and Polish, with more languages to follow. The Linux version is available in English, also with more languages to come. A beta version of Opera 8 for Mac (English) is also available today.

Opera 8 is available free of charge with an unobtrusive banner at the top of the user interface. To remove the banner users must register the browser for $40, though various discounts are offered

Column: the future of the PDA

Loose Wire: The Future’s in Your Handheld
 
By Jeremy Wagstaff , 6 December 2001 edition of the Far Eastern Economic Review, (c) 2001, Dow Jones & Company, Inc.

Okay, so my track record as tech visionary isn’t flawless, but bear with me. After all, I’m the guy who thought fold-out keyboards for personal digital assistants, or PDAs, wouldn’t catch on. (In its first year of shipping, United States-based Think Outside Inc. sold more than one million of its Stowaway keyboards, offering 24 different versions and making it the most successful new product for handheld computing ever.)

I’m also the guy who last February described the credit-cardsized Rex personal organizer as “the future.” Its latest owner, Intel Corp., stopped producing them in August. Oh, and I thought installing Windows XP, the latest version of Microsoft’s ubiquitous operating system, was a good idea; I removed it earlier this month when it slowed my programs to a crawl, was fickle in connecting to the Internet and — although I have no concrete proof of this, I’m convinced — invited aliens to take over my PC.

But I’m sure I’ll be proved right on this next prediction: that the PDA represents the future of computing as we know it. These gadgets represent our best chance to make computing an activity that isn’t wed to the environment — from hunting for a power outlet or phone socket to being stuck in the office next to the guy who coughs up fur balls all day. PDAs offer us the chance of being always on, always connected, always updated and, at least in theory, always on time for meetings.

PDAs, however, aren’t quite ready for us yet. Wireless connectivity is still only available to the lucky few. Only a handful of manufacturers have combined the PDA with the handphone and most of those are still operating at the laughably slow speeds provided by the popular Global System for Mobile, or GSM. But this will change — more slowly than we’d like, but it will. New handphones hitting the streets in coming months will make use of 2.5G and GPRS — a halfway house between what you’re used to — GSM — and what you were promised — 3G, or Third Generation wireless telecommunications — which will speed things up.

This will help make the PDA much more than just a toy. If you are able get a decent connection to the company network or the Internet, you won’t just be able to check e-mail and surf. You can synchronize company spreadsheets, contact databases, and update inventories, price lists and orders.

Right now there’s a mismatch between what people want from these things and what they can actually do — and this undermines our faith in them. I packed up my Hewlett-Packard Jornada and its keyboard and headed outside last week to write a column, only to find I couldn’t read the colour screen in bright sunlight. And, unless you’re vaguely techie-ish, chances are you don’t back up all that often, either to your PC or to a flash-memory card, raising the likelihood that you lose all your data on the road to a crash, or you drop it in a nearby swamp.

Still, what really matters is getting software that’s tailored to your needs, however specific. One very useful tool, for example, is a program developed by U.S.-based Firepad Inc. (www.firepad.com) which converts most PC or Mac formats of image and video files to something that can easily be downloaded or viewed on a Palm. This is great for professionals, from engineers to estate agents, who don’t want to lug diagrams, technical manuals, catalogues or blue prints around with them.

There are other reasons PDAs might be about to take off. Screens are getting better — the Palm m505 has an excellent colour screen — while peripherals are getting more useful, from plug-in cameras to GPS tracking devices. Battery life is improving, too: the Compaq iPAQ 3870 is supposed to run for 12 hours or more. Handwriting recognition is also getting better: Microsoft’s Transcribe software comes preloaded on the latest Pocket PCs, allowing users to write longhand on the screen and their scribblings to be interpreted into digital text on the fly.

This isn’t going to happen tomorrow. And because it’s me predicting it, it may well not happen at all. But if we can get our heads around it, we may find that the humble PDA may end up being more productive than our desktop PC by doing what we want it to do, when we want it to. Especially if you have to abandon your desktop PC to aliens.