MirrorLink Car Smartphone Network Has Vulnerabilities, Claim Researchers

A system of rules that allow vehicles to communicate with smartphones may be vulnerable to hacking, a new study suggests. Many of today’s automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers, researchers said.

In what is believed to be the first comprehensive security analysis of its kind, researchers at New York University Tandon School of Engineering and George Mason University in the US found vulnerabilities in MirrorLink, a system of rules that allow vehicles to communicate with smartphones.

MirrorLink when unlocked can allow hackers to use a linked smartphone as a stepping stone to control safety-critical components such as the vehicle’s anti-lock braking system.

MirrorLink Car Smartphone Network Has Vulnerabilities, Claim Researchers

Damon McCoy, from the NYU Tandon School of Engineering, explained that “tuners” – people or companies which customise automobiles – might unwittingly enable hackers by unlocking insecure features.

“Tuners will root around for these kinds of prototypes, and if these systems are easy to unlock they will do it,” he said. “And there are publically available instructions describing how to unlock MirrorLink. Just one of several instructional videos on YouTube has gotten over 60,000 views,” McCoy added.

“The researchers used such publically available instructions to unlock MirrorLink on the in-vehicle infotainment system in a 2015 vehicle they purchased from eBay for their experiments,” said McCoy.

The automaker and supplier declined to release a security patch – reflecting the fact that they never enabled MirrorLink. McCoy pointed out that this could leave drivers who enable MirrorLink out on a limb.

MirrorLink is the connection protocol and allows the driver or passenger to control phone apps via the car’s dash and steering wheel controls. Created by the Connected Car Consortium, MirrorLink represents 80 per cent of the world’s automakers, is the first and leading industry standard for connecting smartphones to in-vehicle infotainment (IVI) systems.

However, some automakers disable it because they chose a different smartphone-to-IVI standard, or because the version of MirrorLink in their vehicles is a prototype that can be activated later.

Microsoft Makes It Easier for Mac Users to Switch From Evernote to OneNote

After unveiling the OneNote Importer tool for Windows in March, Microsoft has now announced that it is also releasing the same tool for OS X users in an attempt to make the transition smooth and hassle-free.

Microsoft announced its battle with Evernote, perhaps the biggest name in the note-taking services market, by launching the OneNote Importer Tool five months ago. Back then, it was announced just for Windows users, but Microsoft had promised a release for Mac in a few months.

Microsoft Makes It Easier for Mac Users to Switch From Evernote to OneNote

Now that Evernote increased the price of its Premium service to $69.99 per year, similar to Office 365 Personal’s yearly plan, Microsoft likely thinks this is the best time to give more users the option to shift if they so preferred. Microsoft notes that Office 365 subscription offers OneNote, Word, Excel, and all the other Office apps, with an additional 1TB of cloud storage.

The OneNote app offers most of the services of Evernote, including the famous Web clipper for all major browsers. The company is also trying to attract Evernote users with a range of premium note-taking features. OneNote, for instance, offers unlimited monthly uploads. In comparison, Evernote only offers 60MB per month to free users. OneNote users can also save emails in their notes and digitise business cards without spending a dime.

Microsoft reveals that about 71 million Evernote pages have been moved to OneNote since the launch of the OneNote Importer Tool in March. Prior to this importing tool, if you wanted to move from Evernote to OneNote, there weren’t many ways to move your content seamlessly. The OneNote Importer tool also takes care of preserving the tags and right format when moving your notes from Evernote.

Microsoft notes that the tool is supported on Mac computers running on OS X 10.11 and above only. The imported files will sync across devices, software platforms (PC, iOS, and Android), and Web browsers for free. Microsoft warns that before importing, users should ensure that the Evernote app is installed on the Mac and all the files are synced for smooth transition. Users can download the OneNote Importer tool from the company site, and follow the step-by-step instructions listed there for the transition.

NOW Music+ Streaming Service Launched by Sony, Universal

NOW Music+ Streaming Service Launched by Sony, Universal

Two major record labels are rolling out a low-priced music streaming service in the United Kingdom, a rare foray by record companies directly into the field and another sign the industry is finally moving towards more flexible pricing.

Now That’s What I Call Music, a joint venture between Universal Music Group and Sony Music Entertainment that releases a popular series of compilation albums, is finalising a streaming app called NOW Music+ that will offer playlists of hit songs for 4.99 pounds ($6.62 or roughly Rs. 440) a month, or 5.99 pounds if purchased in Apple’s App Store, people familiar with the matter said.

“NOW Music+” was quietly activated this summer amid preparations for a broader rollout, according to two people with knowledge of the matter. Although the app is limited to the UK for now, “this may change in the near future,” the company writes on its website.

The move comes at a pivotal moment for the music industry: streaming is rapidly emerging as the labels’ leading source of revenue, but they continue to engage in tough negotiations with tech companies over licensing terms, which heavily influence final pricing for consumers.

With streaming companies struggling to turn a profit and overall music revenues remaining well below the CD era, labels are under pressure to bridge the divide between the free, ad-sponsored tiers popularized by Spotify and YouTube and $9.99 all-you-can-listen-to subscriptions without ads.

Amazon is working on a service that will let users stream music on their voice-powered Echo speakers for less than a normal subscription, according to a person with knowledge of the matter. Meanwhile Pandora is putting the finishing touches on a premium radio tier that will cost users about $5 a month, according to a person with knowledge of the matter.

“We are moving away from one-size-fits-all subscriptions,” said Ted Cohen, Managing Partner of TAG Strategic, a digital entertainment consultancy. “There is a certain spoken and unspoken imperative by all the rights holders to make the pie a little bit bigger.”

Sony and Universal declined to comment. Amazon, Spotify and Pandora also declined to comment.

Although the NOW app features a limited catalogue and does not allow users to listen to songs on demand, it will put the labels in a somewhat competitive position with the streaming companies, which are increasingly important partners, said analyst Mark Mulligan of MIDiA Research.

As they launch the NOW app, the labels must “tread carefully because you can only go so far competing with your retail partners,” Mulligan said.

Still, Mulligan said, the industry is taking an overdue step in creating more options than a $9.99 monthly subscription or a free, ad-supported stream.

“They’re making people choose between a Lexus and getting the bus with nothing in between,” Mulligan said. “There’s no other market that behaves like that.”

Introductory discounts and special plans for families and students have already begun to lower the price that many consumers pay.

“The services are exhausting the number of people who will pay $10 a month, and the way to continue to grow the industry is to offer discounts in some way,” said David Pakman, a partner at Venrock who headed early Apple Music efforts.

Nevertheless, it can be challenging to persuade consumers to pay for a limited subscription service with so much free content at their fingertips.

Rdio, the streaming service whose assets were acquired by Pandora last year, rolled out a plan that let consumers download 25 songs per day for $3.99 per month, but the company had to accept worse financial terms to get the labels on board, according to a person with knowledge of the matter.

Cur Media, a high-profile music startup touting budget subscriptions, disclosed to the Securities and Exchange Commission last month that it had laid off all its employees.

Still, many in the tech camp say they are eager to experiment with price.

“I happen to believe in my heart of hearts that there is an entire host of transactions between $0 and $10,” said Ethan Rudin, chief financial officer of online music store Napster.

Intel to Spin Out McAfee Unit, Sell Stake in Business to TPG

Intel Corp said it would spin out its cyber security division, formerly known as McAfee, and sell a majority stake in it to investment firm TPG for $3.1 billion in cash.

TPG will own 51 percent of the new entity, valuing the entire company at $4.2 billion including debt.

Intel, which bought McAfee for $7.7 billion in 2011, will retain a 49 percent stake in the business.

The deal ends a failed effort by Intel to stake out a major position in the computer security business. At the time of the acquisition, Intel spoke of integrating McAfee security technology into its chips, but little came of those plans.

Intel to Spin Out McAfee Unit, Sell Stake in Business to TPG

Intel executives at the time also said they hoped the acquisition would give it a piece of the emerging business of protecting corporations from sophisticated espionage, but newer players such as Mandiant, now a unit of FireEye, came to dominate that business.

At the same time, PC growth slowed, eroding the traditional McAfee customer base’s potential.

The unit, rebranded as Intel Security Group in 2014, will revert to the McAfee brand name following the closing of the deal, expected in the second quarter of 2017.

McAfee’s founder, John McAfee, was for a time on the run from a murder investigation in Belize and is a pariah in the industry. He recently sued Intel to get back the right to use his name.

Chris Young, Intel Security’s general manager, will be named chief executive of the new company.

Intel Security’s revenue rose 11 percent to $1.1 billion through the first half of this year, the company said in a statement.

TPG, which is making a $1.1 billion equity investment in the company, first approached Intel’s board about a potential transaction for McAfee around a year ago, sources familiar with the matter said.

TPG also led a $120 million investment round for security startup Tanium last year and was the lead investor in a $100 million funding round in internet security firm Zscaler.

Millions of Windows PCs Vulnerable to 20-Year-Old Bug

A 20-year-old vulnerability that exists in the Windows Print Spooler process can potentially affect millions of Windows PCs, all the way back to Windows 95. While Microsoft has issued a patch for Windows Vista and later operating systems, earlier versions are still vulnerable.

Millions of Windows PCs Vulnerable to 20-Year-Old Bug

The critical vulnerability is based on the way Windows machines interact with network printers, and could allow an attacker to gain elevated privileges to execute malicious code at the system level over either a local network or even the Internet.

The Windows Print Spooler manages the process of connecting the laptop/ PC to available network-hosted printers. It automatically downloads necessary drivers immediately, to avoid manual hassle, and this failure to authenticate made it possible for attackers to trickle malicious drivers into the mix.

Researchers from Vectra Networks discovered the critical vulnerability (CVE-2016-3238 and CVE-2016-3239), and claims that this failure to authenticate installation of drivers can allow illegitimate and malicious drivers to be downloaded. Once this happens, the entire network could be compromised. “Not only will that unit be able to infect multiple machines in your network, but it would also be able to re-infect [them] over and over. Finding the root cause might be harder since the printer itself might not be your usual suspect. This situation comes to life because we end up delegating the responsibility of holding the driver safely to the printer, and those devices might not be as secure or impregnable as one would hope,” Vectra researcher Nick Beauchesne wrote in a blog post.

Equipped with system-level controls, the malware can spread laterally from one machine across an entire network as well. Vectra added that printers, printer servers, or any network-connected printer into an “internal drive-by exploit kit.” Apart from watering hole attacks, the team detailed privilege escalation exploits, a man-in-the-middle attack, and even the ability to infect other devices over the Internet.

Vectra claims that this vulnerability dates back to as far as Windows 95, and Microsoft’s new patch, detailed in its Security Bulletin MS16-087, rated the vulnerability as critical for all supported Windows versions, and issued a Security Update for Windows Print Spooler Components for Windows Vista and later versions. If you don’t have Windows Update turned on, now is a good time to do so.

Notably, security expert HD Moore informed Ars Technica that the Microsoft security update in fact ‘”doesn’t really close the code-execution hole, but rather it merely adds a warning as part of the update.”

The update doesn’t work for PCs running on Windows XP and earlier, as Microsoft ended support for these versions years ago. This means that millions of PCs are still vulnerable. As such, the malware threat is more susceptible to public printers, or loosely-protected office networks.

Moore adds, “This is mostly a risk for BYOD laptops within a company, folks using personal laptops on public networks, and corporate networks where the group policy explicitly enables this feature. Convincing someone to add a printer might be tricky, but there may be other ways to drive that behaviour through other network attacks, such as by hijacking HTTP requests and telling the user to do so.”

How a Computer Helped a Paralysed Chimp Walk Again

In a first, Japanese researchers have rehabilitated a paralysed chimpanzee through interaction with computers and touch screens.

The case of Reo, a male chimpanzee that learned to walk again after being paralysed due to illness, shows how much can be done to rehabilitate animals injured in captivity, said lead author Yoko Sakuraba of Kyoto University.

How a Computer Helped a Paralysed Chimp Walk Again

Reo’s example suggests that euthanasia does not have to be the only option for injured animals

The case was described in an article in Primates, the official journal of the Japan Monkey Centre published by Springer.

In their normal work, researchers of the Primate Research Institute at Kyoto University use chimpanzees’ interaction with computers and touch screens to study the cognition and perception of these primates.

When Reo was paralysed from the neck down, dedicated staff put this technology to further use by encouraging the animal to walk again.

When Reo was 24 years old in 2006, he suddenly became paralysed when a portion of his spinal cord became inflamed.

For the first ten months thereafter, the chimpanzee was severely disabled, lying on his back. He gradually recovered enough to sit up, and could later pull himself upright by using suspended ropes.

Intensive physiotherapy over a period of 41 months followed, after which he was able to climb about again using only his arms.

To aid Reo’s ultimate integration back among the other twelve animals held at the institute, his carers decided to try to get him walking again.

They incorporated a computerised task in this process. This was considered an option because in his youth Reo had learnt how to perform cognitive tasks on a touch panel, and in so doing had become used to receiving food rewards whenever he succeeded at tasks presented to him.

A computer-controlled monitor was, therefore, placed on one wall, and cognitive tasks were again put to him.

The rehabilitation sessions encouraged him to increase his movements considerably, and he started walking up to five hundred metres in a two-hour session.

“Cognitive tasks may be a useful way to rehabilitate physically disabled chimpanzees, and thus improve their welfare in captivity,” Sakuraba said.

NBC Universal Patents a Way to Detect BitTorrent Pirates in Real-Time

NBC Universal, an American media conglomerate, has been granted a new patent that can help track files being shared by groups via peer-to-peer networks in real-time. The patent titled “Early detection of high volume peer-to-peer swarms”, seems to be way forward for NBC Universal in its ongoing attempts to restrict piracy of its copyrighted content.

NBC Universal Patents a Way to Detect BitTorrent Pirates in Real-Time

The new patent will essentially help the company identify the swarm’s popularity and take anti-piracy measures before is “too late to do much good.”

“Early detection of high volume swarms in a peer-to-peer network, including a data feed of peer-to-peer swarm activity, and an analytics engine processing the data feed and identifying the high volume swarms that have parameters that exceed a threshold. The system can include a pre-processing section for conditioning the swarm data for the analytics section. There can also be a verification section that confirms that the peer download file matches the target file,” notes the patent documentissued by USPTO (United States Patent and Trademark Office).

“The early detection provides for enhanced anti-piracy efforts, improved allocation of network resources, and better business decision-making,” it adds. NBC Universal says that the “P2P infrastructure has many advantages” but it also has led to abuses.

Of course, piracy of digital assets on peer-to-peer networks is considered to be one of the biggest losses incurred by content owners, estimated to be in billions of dollars annually.

“These costs are typically passed along to the consuming public in terms of increased costs for legitimate purchased works and higher charges for increased deterrents to the piracy,” NBC Universal added.

Torrentfreak points out that Comcast, the parent company of NBC Universal, back in 2007 received criticism when it wanted to “actively throttle BitTorrent traffic.” It is not clear when the company intends to implement the new patent to restrict content piracy of copyrighted content. Notably, the patent was applied for back in 2009 but only granted last week. The methods needed to detect and target particular torrent files presumably need to be updated.

Samsung Galaxy On5 Pro, Galaxy On7 Pro Launched in India

Samsung on Tuesday launched its new Galaxy On5 Pro and Galaxy On7 Pro smartphones in India. Both smartphones are successors to the last year’s Samsung Galaxy On5 and Galaxy On7.

The Samsung Galaxy On5 Pro has been priced at Rs. 9,190, and the Galaxy On7 Pro has been priced at Rs. 11,190. Both the new Galaxy On series smartphones are exclusiveto Amazon India.

Samsung Galaxy On5 Pro, Galaxy On7 Pro Launched in India

The online marketplace has some launch offers on both the smartphones including a Holiday offer from Thomas Cook worth Rs. 6,000 for bookings done before August 31 and an Idea exclusive offer where consumers will get 2GB of data (2G/3G/4G), 200 Mins, 200 SMS at Rs. 343 per month.

There are few similarities between the Galaxy On5 Pro and Galaxy On7 Pro smartphones – both sport 5-megapixel front cameras and support dual 4G SIMs. Both handsets also come with 2GB of RAM and pack 16GB of built-in storage while supporting expandable storage via microSD card (up to 128GB). Apart from specifications, the Android 6.0 Marshmallow-based Galaxy On5 Pro and Galaxy On7 Pro smartphones feature faux leather back panels and come preloaded with Ultra Data Saving mode. Samsung has also confirmed that both the smartphone will pack the S bike mode feature, which was first seen in the Galaxy J-series. In the camera department, both Galaxy On5 Pro and Galaxy On7 Pro smartphones feature palm gesture selfie mode, and 120 degree selfie mode.

The Samsung Galaxy On5 Pro features a 5-inch (720×1280 pixels) HD TFT display and is powered by a 1.3GHz quad-core Exynos processor. It sports an 8-megapixel rear camera with LED flash and packs a 2600mAh battery. It measures 142.3×72.1×8.5mm and weighs 149 grams.

The Samsung Galaxy On7 Pro, on the other hand, features a 5.5-inch (720×1280 pixels) HD TFT display and is powered by a 1.2GHz quad-core Qualcomm Snapdragon processor. It sports a 13-megapixel rear camera with LED flash and packs a 3000mAh battery. The smartphone measures 151.8×77.5×8.2mm and weighs 172 grams.

Xiaomi Mi Max Launched in India

Xiaomi on Thursday launched the Mi Max in India, its “largest smartphone yet”, priced at Rs. 14,999. It will be available from Mi.com in its first flash sale on July 6, with registrations opening on Thursday. The company at the event also unveiled the global ROM of MIUI 8. Open sale on all partner platforms will begin on July 13.

To recall, the Xiaomi Mi Max had been launched first in China in May. The all-metal body smartphone is available in Dark Grey, Gold, and Silver colours. It sports a fingerprint scanner on the rear panel. While the company had unveiled three variants in China, only one variant has arrived in India – 3GB RAM/ 32GB inbuilt storage/ Snapdragon 650 SoC.

The Chinese conglomerate added that the Snapdragon 652 variant 4GB of RAM and 128GB of inbuilt storage will also be available soon in India – Xiaomi says it will be priced at Rs. 19,999. All variants of the smartphone come with a hybrid dual SIM configuration, allowing users to place up to a 128GB microSD card in the secondary SIM card slot.

Xiaomi also announced 3 months of free movies and 1 year of unlimited music on Hungama Play for the first 1 million Mi Max, Mi 5, and Redmi Note 3 users. Free Batman vs. Superman movie streaming for first 10,000 Mi Max users.

The Xiaomi Mi Max sports a 6.44-inch full-HD (1080×1920) 342ppi display. It bears a  16-megapixel rear camera that offers phase detection autofocus (PDAF) and LED flash. The phablet also bears a 5-megapixel front camera also on board with 85-degree wide-angle view. Both cameras have an f/2.0 aperture.

The dual-SIM handset supports 4G LTE with VoLTE, Bluetooth 4.1, GPS/ A-GPS with Glonass, and Wi-Fi 802.11ac with Mimo. There’s no NFC on board. It is backed by a massive 4850mAh battery, measures 173.1×88.3×7.5mm, and weighs in at 203 grams.

The Mi Max sports an infrared emitter to act as a universal remote control, apart from an ambient light sensor, gyroscope, accelerometer, and proximity sensor.

As for MIUI 8, the company said the public beta will be available in the form of an OTA update starting July 11, and users can get instructions on how to download and install the update via the new Mi Community in India, and the MIUI Forum. The stable version of the Global MIUI 8 ROM will begin rolling out on August 16.

Wi-Fi Specification Update Promises Improved Wireless Performance

Wi-Fi Alliance, an association that approves Wi-Fi products and maintains industry standards, on Wednesday announced new features of the ‘Wi-Fi Certified ac’ programme with an aim to improve the performance of the mobility experience.

Wi-Fi Specification Update Promises Improved Wireless Performance

The body has announced the new “802.11ac wave 2” standard, claimed to enable Wi-Fi to “more efficiently handle high-bandwidth applications” from an increasing number of smartphones, tablets, TVs, and other products simultaneously connected to Wi-Fi networks. The doubling of bandwidth per channel should in ideal conditions should double performance, including speed.

Another new feature added in the new 802.11ac wave 2 standard is Multi-user Multiple Input Multiple Output or MU-MIMO which is touted as one of the most anticipated new features. It allows more devices to operate simultaneously on the same network without “sacrificing speed or performance.”

“Networks with MU-MIMO are capable of multitasking by sending data to multiple devices at once rather than one-at-a-time, improving overall network efficiency and throughput,” points out Wi-Fi Alliance.

With the new spec update, Wi-Fi Certified ac increases the maximum channel bandwidth from 80MHz channels to 160MHz channels and also extends 5GHz channel support. The organisation expects that 96 percent of devices will offer dual-band connectivity by 2020, says the access points supporting new features will dominate the market within the next five years.

Some of the Wi-Fi Certified ac products to support the new features include Broadcom BCM94709R4366AC, Marvell Avastar 88W8964, MediaTek MT7615 AP (Reference Design), and MT6632 STA (Reference Design), Qualcomm IPQ8065 802.11ac (4-stream Dual-band, Dual-concurrent Router), and Quantenna QSR1000 (4×4 802.11ac Wave 2 Chipset Family).

Announcing the new standard, Edgar Figueroa, President and CEO of Wi-Fi Alliance said, “In today’s world, people have more Wi-Fi devices per person and per household, and those devices require significantly more bandwidth. Wi-Fi Alliance updated the Wi-Fi Certified ac program to meet increasing user demands and to stay ahead of emerging applications, while preserving interoperability.”