Feature Image Credit: XDA Member Pepousek67
The latest January 2017 security update is now rolling out to owners of the Huawei Watch. Pictures of the update and a downloadable OTA link to sideload have been shared in the forum thread. Get it now!
The Google App has recently been updated to no longer require modifying your device's product model when enabling Google Assistant, instead you now only need to add 'ro.opa.eligible_device=true' to build.prop. XDA Member Fknt00 has posted a flashable zip to easily make this change.
The OnePlus 3 and the OnePlus 3T are among the best phones you could purchase right now. The flagships of 2017 are yet to be revealed to the market and consumers, and in their absence, the OnePlus 3/3T dominate real world performance at an affordable price segment.
But, if we are to be fair in assessing the device, we need to acknowledge that despite OnePlus's best efforts, the OnePlus 3/3T are not without faults. Even on the software end, we've reported on security issues like OnePlus leaking IMEI details when you check for updates on your phone. And now, we have another serious addition to the list, one with vastly more dangerous ramifications.
A vulnerability in the bootloader of the OnePlus 3/3T opens up doors to malicious attacks. As found by Roee Hay of the IBM X-Force Application Security Research Team and revealed on the IBM X-Force Exchange platform, this vulnerability allows an attacker to manipulate the SELinux state on the devices, toggling it to permissive mode. All that the attacker needs is either physical access to the device, or remote access to an ADB connection to the device.
SELinux, or Security-Enhanced Linux is a linux kernel security module, allows for access and management of security policies on systems. SELinux was introduced in Android 4.3, and was set into Enforcing mode as default since Android 4.4. This mandatory access control system helps enforce the existing access control rights, and attempts to prevent privilege escalation attacks. This acts as a hurdle for unauthorized control over your device, such as an app or vulnerability aiming to get root access maliciously on your device without your knowledge. Setting it to Enforcing by default across Android as an OS serves as the first step to protect normal users from such attacks.
The vulnerability is rather straightforward to exploit — in fact, it looks to be a huge oversight rather than exploit. First, an attacker reboots the OnePlus 3/3T into 'fastboot' mode — if you have physical access, simply press Volume-Up button during device boot, and if you don't, you can issue the ADB command adb reboot bootloader to the device. The fastboot mode on the device exposes a USB interface, which should not allow any security sensitive operation to complete on locked devices. But on the OnePlus 3/3T, simply issuing the fastboot oem selinux permissive command through the fastboot interface toggles the SELinux mode from Enforcing to Permissive.
fastboot oem selinux permissive ... OKAY [ 0.045s] finished. total time: 0.047s .... OnePlus3:/ $ getenforce Permissive OnePlus3:/ $ To further complicate the problem, the OnePlus 3 and 3T do not possess any entry in the 'About Screen' to mention the current SELinux state of the device. A victim will continue to remain oblivious to the compromised state of his device if he had no knowledge of such compromise ever occurring. The lack of SELinux state entry in the 'About Screen' is missing from both the Android 6.0 based Open Beta releases, as well as Android 7.0 official ROMs.
Several apps exist to toggle SELinux state to Permissive, like the SELinux Mode Change app. This change exists only across soft reboots. You can utilize scripts to maintain the Permissive state across hard reboots. Both of these methods require root access, which implies that the user has knowledge of the risks he is exposed to. But the change to Permissive using the above vulnerability not only persists across hard reboots, it does so without needing root access.
No remedies exist against the vulnerability as of January 2017.
We hope OnePlus publicly acknowledges the serious issue and is transparent in their plans towards fixing it.
LG's mobile division did not have a good year in 2016. In fact, LG has not had a good year in the mobile market in a long time. At one point it felt like LG could do no wrong, though, especially with the success of the LG G2, and them being hired by Google for the manufacturing of the Nexus 4 and Nexus 5.
Since then the South Korean giant has seen its prospects go downhill. LG recently appointed a new CEO and they hope to get their mobile division back on track this year.
Many would argue that the LG V20 is the best smartphone the company has ever produced, but even that one failed to pull the division out of the red. With issues being reported about inconsistent customer service support, and the dreaded bootloop that keeps casting its shadow over LG products, some are just avoiding the company's smartphones until they get their act together. With the new CEO at the helm, 2017 could be LG's chance to turn the company around.
They recently announced a number of low-end to mid-range smartphone at CES, and these will be released in various markets around the world. The company's first try at a global smartphone launch for the year will be the LG G6. We've been seeing reports that LG will try to get a jump on Samsung and launch the LG G6 a month before the Galaxy S8 is available to the public.
The report claims the LG G6 will be shown off at MWC (which starts on February 26th), and that LG is hoping to launch the phone just a couple of weeks later. If true, we could see the LG G6 officially launched on March 11th. The Galaxy S7 is rumored to be launched sometime in the middle of April, so getting in stores a full month before Samsung could allow LG sell a number of devices that they would miss out on if they launched at the same time.
Do you think LG can turn things around with the LG G6, or will 2017 be as bad for their mobile division as 2016 was?
Tech giants LG and Samsung are racing each other to be the first to release folding displays to the market, although the two companies have very different approaches. Samsung is going to keep a hold on the technology which is said to be technically complete in house, and release it through their own products only whereas LG looks like they could let their technology be used first by other companies such as Apple and Huawei.
According to a Korea Herald report, LG looks to be able to release as many as 100,000 foldable displays in the fourth quarter of 2017, and Samsung was rumored to match that but also beat LG to the punch by releasing foldable display smartphones in the third quarter of 2017,. However, Samsung has put the brakes on the production while they are tangled up in a political scandal with the South Korean President Park Geun-hye, and this is preventing their executive-level reshuffle from taking place. The report says that a decision on whether Samsung will release the foldable displays will likely be made in February, but it could also be decided as late as March. This bodes very well for LG and gives them a good shot at being first to the market.
LG started development of their foldable displays around 3 years ago, and has a more advanced product than its rival, although both have reached technical completion. Samsung was previously working on what they call "Fold-In" phones, where the screen tucks inside the phone but the company's market research said that people found it too inconvenient so they switched to a "Fold-out" technology around August of 2016. "Fold-out" technology, as the name implies, is where the screen folds out when the user wants to use the device.
Market analysts at Strategy Analytics have predicted that the foldable display market could be as big as 163 million units by 2020. This shows lots of potential, and it will be interesting to watch how both companies approach it. Let us know who you think will be the winner between LG and Samsung in the comments below!
Machine learning is huge and we're seeing a lot of big tech companies getting involved in this sector. This can range from personal AI assistants, to games and everything in between including under-the-hood optimizations. Most of the time the computation for AI is done in the cloud, but Qualcomm wants to change that in the future.
Previously, these types of computations would take up a lot of time, resources and power (or battery on phones), but things will be changing soon.
With the introduction of the Hexagon 682 DSP, Qualcomm wants software developers to be able to offload some of that machine learning code directly onto the hardware. This would make the process faster (since it doesn't have to send data to a server and then wait for its response), and it also enables the machine learning to do be done without a connection to the internet. And now it's been announced that the Hexagon 682 DSP inside the Snapdragon 835 is optimized for Google's TensorFlow machine learning technology.
The Hexagon DSP (Digital Signal Processor) is described as a world-class processor with both CPU and DSP functionality to support deeply-embedded processing needs of the mobile platform, for both multimedia and modem functions. Most of the time DSPs are used for things like audio and speech signal processing, digital image processing, and signal processing for telecommunications, but we're seeing Qualcomm allow the Hexagon DSP to be used for specialized workloads too.
So machine learning computation is generally better on the DPS rather than the CPU since it exploits the power & performance benefits of offloading the ARM cores for performance, reduced power dissipation, or concurrency requirements. These cores are optimized for both high performance and energy efficiency, but most of the time it's used for its energy efficiency since it's designed to strive for high levels of work per cycle (instead of increasing the MHz).