LightBlog

jeudi 19 janvier 2017

Huawei’s Security Advisory Announces Fixes for Multiple Vulnerabilities

Similar to the Android security bulletins that Google, LG and Samsung have, Huawei is another company that keeps track of vulnerabilities that are reported to them. The company published three of these this week and they are possible on a combination of three smartphones that Huawei is currently selling. Fixes for these vulnerabilities will be included in an OTA update that Huawei (or carriers) send to the consumer, but they don't give us an ETA as to when that update will go out.

The first vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2017-2711, and it targets the Huawei P9 Plus with a firmware version before VIE-AL10C00B352. This vulnerability will allow the attacker to crash the system software of the phone. The only way for this to happen is to trick the P9 Plus owner into downloading a malicious application, which then allows the attacker to crash the phone. To fix this vulnerability, the owner will just have to accept the OTA update for the new VIE-AL10C00B352 firmware.

The second vulnerability Huawei announced this week has been given the Common Vulnerabilities and Exposures (CVE) ID of CVE-2017-2703. This one is currently eligible on both the Huawei P9 as well as the Huawei Mate 9. Exploiting this vulnerability will allow the attacker to bypass the Phone Finder so they can enter the System Setting. All the person has to do is have physical access to the P9 or Mate 9 phone. Huawei has patched this vulnerability as well, so Mate 9 customers will want to look out for the MHA-DL00BC00B156 update, while P9 owners will need to look for the EVA-AL10C00B373 update.

Lastly, we have the vulnerability that has been issued the Common Vulnerabilities and Exposures (CVE) ID of CVE-2017-2698. This is currently affecting the Huawei P9 and Huawei Mate 8, and it allows the attacker to crash the system or even escalate user privilege. The only way this vulnerability can be exploited is by tricking someone who has root access to their phone into installing a malicious application. The fix for this attack has been patched in the NXT-AL10C00B386 update for the Mate 8 and the EVA-AL10C00B373 update for the P9.

Source 1: Huawei Source 2: Huawei Source 3: Huawei



from xda-developers http://ift.tt/2iNFekz
via IFTTT

Publié par à Aucun commentaire:

mercredi 18 janvier 2017

Google Photos Prepares to Allow for Editing the Date and Time of a Photo

Google Photos has always been one of Google's more useful services. The photo backup service has garnered widespread praise for its unlimited, free backup features as well as its robust sharing capabilities. But one area that Google Photos has always lagged in is the ability to edit your photos. Luckily over time, Google has been introducing more and more features to allow you to customize your pictures to your liking (though the editing features are not as robust as those found in some of its competitors).

Editing your photo to produce a better image is one thing, but what about editing your image to make it easier to organize? Unfortunately, the ability ot Google Photos to modify EXIF data has been rather limited. Even today, the ability to edit something as basic as the date and timestamp of a photo is limited to the desktop version. But with Google Photos version 2.7 now rolling out, that may change. A teardown of the APK reveals that Google may soon allow you to edit the EXIF timestamp of your photos.

Although a teardown can provide valuable information regarding upcoming features, it is entirely possible that these features may not make their way into the final product. Do not take these teardowns as proof that a feature will be added, but rather as a hint of what could be coming.

Google Photos Teardown

Within the latest version of Google Photos, there is an interesting string located within the APK that hints at the ability to edit the timestamp of a photo:

  <string name="photos_mediadetails_details_edit_datetime_icon_content_description">Edit icon to allow the user to edit the date/time of the media.</string>

As you can see, there apparently will be an icon within the picture detail screen that will allow you to simply edit the date/time of the media. Evidence for this feature can also be found with a new layout file that has been added to the APK:

Google Photos Teardown

exif_datetime_item.xml

  <?xml version="1.0" encoding="utf-8"?>  <LinearLayout android:orientation="horizontal" android:id="@id/exif_datetime_item_layout" android:padding="@dimen/photos_mediadetails_item_padding" android:layout_width="fill_parent" android:layout_height="wrap_content" android:minHeight="@dimen/photos_mediadetails_item_min_height"  xmlns:android="http://ift.tt/nIICcg">  <ImageView android:layout_gravity="center" android:id="@id/icon" android:padding="@dimen/photos_mediadetails_item_padding" android:layout_width="66.0dip" android:layout_height="36.0dip" />  <LinearLayout android:orientation="vertical" android:padding="@dimen/photos_mediadetails_item_padding" android:layout_width="0.0dip" android:layout_height="wrap_content" android:minHeight="@dimen/photos_mediadetails_item_min_height" android:layout_weight="1.0">  <TextView android:layout_gravity="start|center" android:id="@id/label" android:paddingLeft="2.0dip" android:paddingTop="8.0dip" android:paddingRight="2.0dip" android:layout_width="fill_parent" android:layout_height="wrap_content" style="@style/quantum_text_subhead_black" />  <TextView android:textColor="@color/quantum_black_secondary_text" android:layout_gravity="start|center" android:id="@id/value" android:paddingLeft="2.0dip" android:paddingRight="2.0dip" android:paddingBottom="8.0dip" android:layout_width="fill_parent" android:layout_height="wrap_content" style="@style/quantum_text_subhead_black" />  </LinearLayout>  <ImageView android:layout_gravity="center" android:id="@id/edit_icon" android:padding="@dimen/photos_mediadetails_item_padding" android:visibility="gone" android:layout_width="66.0dip" android:layout_height="36.0dip" android:src="@drawable/quantum_ic_mode_edit_black_18" android:contentDescription="@string/photos_mediadetails_details_edit_datetime_icon_content_description" android:alpha="0.38" />  </LinearLayout>

 

The name of the layout file and the description of the string are quite clear: editing the EXIF timestamp of a photo may soon be available on the Android version of the application. Desktop users (and even iOS users) have had this ability for quite some time now, so hopefully it finally makes its way to Android as well.



from xda-developers http://ift.tt/2iT51en
via IFTTT

Publié par à Aucun commentaire:

The Future of the Pixel is Bright

According to trend analyses and reports produced by Wave7, a U.S. mobile market analyst, the Google's Pixel series have been selling consistently well over the three or so months it has been available. Given a selection of reporting around the time of launch that failed to clearly differentiate between Verizon being the exclusive Pixel carrier and Verizon being the only Pixel carrier, as well as displaying some reasonable hesitation about certain aspects of the relationship, there was no consensus among those covering the topic about the likelihood of Pixel succeeding as a product.

However, Verizon has made it clear that they were taking their exclusivity deal seriously and embarked on a multi-million dollar advertising campaign for the Google Pixel devices, as well as offering aggressive discounts and deals just after release that continued throughout the holiday season. Wave7 has found that Pixels have sold extremely well despite limited availability, reporting that Verizon representatives claimed that Pixels accounted for between 12.3% and 9.5% of all devices sold by Verizon in December and January, respectively. Given this fact, the limited availability of Pixel devices, a fact which has remained rather constant since launch, may well be a result of Google responding to greater demand than they had originally anticipated.

Regardless, with multiple financial analysts expecting around $2-4 billion in revenue from Pixel sales in fiscal year 2017, industry confidence in the Pixel is firm, albeit with plenty of room for growth. Gross margin estimates for Q4 2016 sales place Google's Pixel and Pixel XL at a bit more than half of the iPhone's industry-leading 41%, with overall profit estimates fluctuating around $400 to 500 million.

IHS Markit, Company Data, Morgan Stanley Research

Morgan Stanley estimates Pixels will bring in around $375 million of profit in Q4 of 2016. (IHS Markit, Company Data, Morgan Stanley Research)

This places the Pixel devices magnitudes below Apple's iPhone in terms of sales throughput and profitability, but the fact that it is profitable at all is of great importance. Given that Morgan Stanley's analysts term the Pixel as a program of "Android user monetization", the Pixel devices likely have a broader financial impact and utility for Google than can be seen simply by estimating device sales — past a certain point.

The Future of the Pixel Brand

Alphabet has been relentless in its willingness to shed internal groups and pursuits that fail to be profitable for too long. Fios, the Titan drone platform of Project Loon, and Alphabet's self-driving car program have all been either put on hold, cancelled, or spun off into non-Alphabet related entities in the last 12 months alone. With a central goal of profitability clearly for the most part taking precedent over any form of vision or other non-financial goals, any program that fails to show growth and profitability is likely at risk of being excised from Alphabet. Thankfully, Pixel appears to be safe for the foreseeable future, as long as it continues to perform well.

With the stability of the Pixel brand more or less assured for 2017, it is worth briefly considering what the future may hold for Google's nascent smartphone. XDA's own Mario Serrafero published an extensive review of the Pixel XL and concluded that "the Pixel XL is a great consumer smartphone, but not the Google flagship I expected. Nevertheless, it sets the foundations for something bigger, and as Google's ecosystem matures, the Pixel and its Assistant will get wiser with it." This sentiment aligns closely with the response most technical reviewers have had. The Pixel shows immense promise but has also demonstrated some rough edges and areas that could use improvement, something that we recently explored.

One of the reasons that I maintain a significant amount of hope for the Pixel's future, in spite of those rough edges, lies in the story of the development for the Pixel and Pixel XL. As discussed over at Ars Technica, there are a couple hints which suggest that the Pixel was pushed through a rushed development schedule of as little as 9 months from conception to production. As the article clearly illustrates, the Pixel features a large number of similarities with HTC's A9, ranging from the appearance of the device to its motherboard layout — this isn't odd considering who the actual assembler of the Pixel is. XDA also covered suspicious software-level tidbits that pointed to some HTC influence. Given unofficial reports that Huawei was initially pegged to manufacture the Pixel but backed out over concerns about Google's insistence on maintaining its own brand on the device as well as David Pierce of Wired stating that employees of Google blamed "running out of time" for the lack of waterproofing, a strong case can be made that the Pixels were rushed to market.

For how strong of a device it is, the Pixel's brief but mostly successful development is a notable accomplishment for Google (and possibly HTC). Dave Burke, Android's VP of Engineering, also told interviewers in early November 2016 that he had already been shown photos taken by a device that was to be released in fall of 2017. This suggests that Google's second foray into (semi) in-house smartphone development will have at least 12 months, and probably closer to 16 months, if a functional prototype existed only a month after the Pixel was released. With a more typical production cycle for the Pixel's successor, the few rough edges of the Pixel have a good chance of being alleviated. By potentially tripling the amount of time Google engineers will have worked from start to finish to bring an Android device to market, there is plenty of time for Google to mature its hardware development team and more effectively step into the role of being its own smartphone designer.

A Pixel successor that seriously addressed the original's flaws would be quite the sight to behold, and I am immensely excited to see what Google may yet accomplish before the end of 2017.

What do think about the Pixel and the approach Google has taken for its development? Let us know in the comments below if you have any thoughts or predictions for the future Google's in-house smartphone development. 

Source: FierceWireless (1)
Source: FierceWireless (2)



from xda-developers http://ift.tt/2k1sdFf
via IFTTT

Publié par à Aucun commentaire:

Qualcomm Maintains its Dedication to Security with Secure Boot

Along the lines of Android Nougat's strictly enforced verified boot and Windows' Secure Boot features, Qualcomm is also pursuing a set of security standards based on cryptographic image authentication to ensure a secure boot chain.

A typical secure boot chain. (Qualcomm, Ryan Nakamoto)

As Qualcomm Engineer Ryan Nakamoto muses, all devices with boot chains are potentially vulnerable to malicious image injection. If an attacker gains access to images earlier in the boot chain, particularly the primary or secondary bootloaders, they gain the ability to control much or all of what follows. In order to better prevent attacks like these, Qualcomm's implementation of secure boot secures every aspect of the boot chain, beginning with the first ROM bootloader. As a step of the chain finishes, the segment will verify that it is unmodified and then provide a signature that the next segment in the boot chain must cryptographically verify. If the signature produced is different than what the following segment expects, then the boot process will be immediately ended.

While secure boot implementations like dm-verity and Windows Secure Boot are the bane of many a custom ROM developers, the improved security they offer the lay-consumer is paramount.

As Microsoft and Qualcomm recently announced that upcoming devices would be able to run Windows 10 on Snapdragon hardware this year, it is far from surprising that Qualcomm chose to bring up its secure boot implementation in late 2016. Given the spate of Android security scares that arose throughout 2016, security has become a serious concern for many consumers, so Qualcomm's continued dedicated to secure software is more than welcome.

Source: Qualcomm



from xda-developers http://ift.tt/2k18iWL
via IFTTT

Publié par à Aucun commentaire:

Sony Starts Rolling Out Android Nougat Update to Xperia Z5 and Xperia Z5 Premium

After updating their Xperia X devices to Android 7.0 Nougat, Sony has now started rolling out the Nougat update for its Xperia Z5 series as well.

Several users of the Xperia Z5 and Xperia Z5 Premium are now reporting that they have received an official update notification. The OTA is 1288 MBs in size and is labeled with a build number of 32.3.A.0.372 with the December security patches on board.

As expected from prior Sony builds of Android Nougat, all of the usual Nougat related features such as the Multi-Window mode, improved Doze mode, Vulkan API support and more can be found in this update. Furthermore, Sony's own additions have made it in this update, including the revamped Xperia Home launcher with built-in Google Now support, a messaging update, and a self-timer button for the front-facing camera for a better selfie experience. As of now, the update is only rolling out for the Xperia Z5 and Xperia Z5 Premium, but it's expected that the Xperia Z5 Compact, Xperia Z3+, and Xperia Z4 Tablet will receive the update in the near future.

If you're carrying either an Xperia Z5 or Xperia Z5 Premium, keep an eye out for the OTA update. As is always the case with staged software roll-outs, the update might take some time before it reaches your device.

Source: Xperia Blog



from xda-developers http://ift.tt/2ja0WAr
via IFTTT

Publié par à Aucun commentaire:

Google Enhances Searches for Spotty Data Connections

Making Google searches while on poor data connections can be a frustrating experience. Sometimes you really, really want to find an answer to some question or you are looking up, but because you're barely out of network range, your search never goes through.

Thankfully, Google is looking to alleviate some of those headaches. In an official blog post, they reveal that they are releasing an update to searching from on your Android device. When you enter a search term while you are offline or about to lose your connection, the results will be queued and returned to your device when you re-establish an Internet connection.

This is a neat feature enabling you to queue up a bunch of searches while offline. Google states that this feature could be useful for farmers or those traveling by car or train where the connection is spotty. Google stresses that this feature will not stress your battery life and that it will only use minimal amounts of data as the results are returned as "streamlined search results".

Furthermore, these "streamlined results" are designed to still contain all of the information you require. It appears that advertisements will still make it into your results, though that's to be expected given the nature of Google's business model. This feature should be available to those users running the latest version of the Google App.

Source: Google



from xda-developers http://ift.tt/2jxO8qY
via IFTTT

Publié par à Aucun commentaire:

Report: Samsung Completes Note 7 Investigation, Blames Faulty Batteries

The Galaxy Note 7 was one of the most anticipated smartphones when it was first launched, thanks to its symmetrical design and superior camera performance. But a few weeks after the device went on sale, reports started coming in about the device's explosive performance. This led Samsung to immediately recall and replace Note 7 devices with what they believed to safe batteries, but when the replacement devices started to catch fire it forced the South Korean electronics giant to completely halt sales of the device.

After the Galaxy Note 7 debacle, Samsung has been busy investigating the cause behind the explosions and overheating issues in its flagship device. Reuters reports that Samsung has now finished its investigations of the Note 7 and has reached a conclusion that faulty batteries were mainly responsible. Earlier a tear down by a manufacturing technology company called Instrumental showed that the Note 7's "aggressive design" was the reason for battery explosions and overheating, but Samsung's reports are indicating that this wasn't the case. According to a source who spoke to Reuters, Samsung didn't find any design or software-related issue which could cause the battery to explode. The source also noted that the company was able to replicate the battery fires during its internal investigation.

The source says Samsung will likely officially announce the investigation reports on January 23rd, which is the day before the company is slated to announce its fourth-quarter earnings. The source also adds that along with the investigation reports the company will also announce new safety measures they have been taking to ensure the safety of their future devices.

Finding the root cause of the Note 7's fire safety issue is crucial for Samsung as it prepares for its next flagship smartphone, the Galaxy S8. As the launch of the Galaxy S8 nears, Samsung would definitely like to leave behind the bitter memories of the Note 7 fiasco.

Source: Reuters



from xda-developers http://ift.tt/2iS22D5
via IFTTT

Publié par à Aucun commentaire:
Inscription à : Articles (Atom)