Tuesday, July 28, 2015

What good is your mobile device if you don't use it?


For many years, Apple has claimed (quoting third party research such as this recent one) that, while they have a much smaller market share in devices in peoples' hands, the vast majority of usage comes from their devices.  As Clammr now reports, that usage gap extends to podcasts as well.  I find it interesting (and telling) that the other mobile operating systems don't even appear on the report - Windows, Ubuntu, Simbian, Blackberry.

So, if it is true that internet browsing, on-device purchases, and now podcast consumption are completely dominated by the smaller market (relative to Android) of Apple i-device owners, that begs the question, what are all those non-Apple device owners doing with their devices?  From my extensive user survey (conducted completely in my head of over 2,000 imaginary people), I have gathered the top 10 uses for non-Apple devices:

10.  To finally fill that last HDMI port on your TV (non-Apple TV).
 9.  Taking photos.
 8.  Accessing the Google Play or Windows App stores.  Just for browsing.
 7.  As a burner phone for a spy or criminal.
 6.  A flashlight, to light your way when times are dark.
 5.  A toothpick.  What?  You can't do that?  Innovation, time to invent!
 4.  To replace the GPS navigator that doesn't update its maps.
 3.  It looks so sporty (and non-Apple) on my hip / cheek / purse / car holder.
 2.  There's something else you can do with it?  How much does it cost?  $1?  Forget it.

And number 1?  Phone calls and text messages.

Monday, July 27, 2015

Major Android Security Flaw Allows Hackers to Take Control Without You Even Knowing

As reported today by National Public Radio, all a hacker needs is your phone number, and they have complete control of your device.  What the article doesn't make clear, is whether this only applies to phones, or tablets as well (assuming tablets can get text messages).

The way the exploit works takes advantage of the ability to secure videos using what is called a Coder/Decoder (CODEC) routine.  This is a bit of computer software that provides a way to encrypt and decrypt the video, so that video producers can secure their own content.  However, a CODEC is simply a bit of software that frankly can do anything.  Because the video the thief texts you specifies the CODEC it needs, as the video is received by the device, the CODEC is downloaded and installed as well - this all without any security checks, and without asking the user. The fact that Android allows any CODEC, gives it full access to the entire device environment, and does this in the background without your authorization or even your interaction, I find to be absolutely unacceptable.
I've said it before, and again, and again, and again, and again...Android is an inherently insecure mobile OS, because security is an afterthought, and wasn't built into it by design, at its core, like it was in iOS.  If that isn't bad enough, to make matters much worse, the Android ecosphere is a mishmash of hardware manufacturers who have their own fork of Android that deviates from the main Google trunk.  This means it isn't up to Google to get the update out for each device, it is up to the manufacturer.  You can probably trust companies like Samsung, HTC, and LG.  Probably.  But how much, and how well will they do?  And, if you have some other manufacturer, I can't even begin to say.

If that isn't bad enough, it has been proven that Android users typically go around with 2 year old OS (or older), and never download updates.  That's right, you can have a brand new Android device, but the manufacturer forked Android 2 years ago (at the beginning of developing that hardware), and so the security you have is already 2 years old, out of the box.  Another NPR article in the past week entitled "Trying To Keep Your Data Safe? You're Probably Doing It Wrong" states that tech experts have completely different priorities on what it takes to keep you safe from hackers, than the average non-expert.  I completely agree with this article on every level - from the fact that the priorities are different, to the fact that tech experts put number one priority on system updates (from the OS manufacturer) as the primary bastion against hacking.  Nothing is even remotely as important as downloading the latest OS updates - whether for phone, computer, tablet, or car.  (If you followed that last link, you found that Chrysler vehicles from 2012 onward with UConnect have an Internet IP address, that hackers can use to gain control of the vehicle - and do anything they want, including shut the engine off.)
In this day and age, I find it ABSOLUTELY INEXCUSABLE for any product company, especially Google, to release a product that is so wide open to hacking, it fails to incorporate the most basic and accepted computing precautions like firewalls, code signing security certificates, forcing communications over SSL, and the like.  All of which, and more, both iOS and OS X (Apple's mobile and desktop operating systems) take into account, and have since the beginning, as they were designed into their core from the beginning.  So if you want to know why I support Apple so much, for security alone, that is why.  I find it also a case of criminal negligence for a company like Chrysler to produce a motor vehicle (the single most deadly type of machine in mass operation today), and make it vulnerable to such attacks.  This when the computer industry has plenty of security experts, and Science Fiction films have provided plenty of scenarios in which a more connected life can become more vulnerable to hackers.
So, now we know about the UConnect vulnerability - what about all the other vulnerabilities that we don't yet know about?  Here's a scenario that is not farfetched at all.  Imagine that you are driving to the Tigers' game.  On the way home, you stop to get gas, go out to dinner, or some other activity in Detroit.  Unbeknownst to you, some guys with a specialized Internet scanner detect your car, push a button - and malware is uploaded to your vehicle, and boom - the engine quits as you pull out onto the street.  You are mobbed by people who mug you, strip your vehicle, maybe even kill you because you hesitated to give them your wallet.  Science Fiction?  Maybe, but I think it's not at all farfetched, and I wouldn't put it past the people designing the computer systems in your vehicle to neglect basic security like I say above.

Further, recent news stories indicate Apple has hired several thousand employees with Automotive experience, on a top secret project.  Rumors abound, but most likely is they are either working on aftermarket automotive systems, or a new electric vehicle to enter into the automotive market.  I cannot think of a better company to make cars incorporating computer technology than Apple.  Who best to take into account computer security, than one of the companies who helped create computers in the first place?  And who best to lock that security to your digital world of smart phones, tablets, and notebooks?  And who best to make it work seamlessly?

If this scares you, it should - you have a pulse.  Do your research, and take action consistent with your findings.  If it doesn't scare you, then go head and tempt fate.  But when it comes crashing down on your head, and you have to jump through hoops because your credit is shot, your bank accounts raped, passwords stolen, and your entire real life ruined by the digital access to it - you only have yourself to blame for your choices.
Now, here's what scares me about the whole thing.  People go around, buying devices and services, without researching or understanding this whole world they are getting into.  But believe me, thieves sure do understand this world, and how to exploit its vulnerabilities.  And legislators are so far behind, they still think they can pass a law that will fix security issues.  The only way to fix the issues, is at the OS and software developer level.  The OS manufacturer should have security built in as a central tenet of the architecture, and their development kits should make it easier for app developers to make secure apps, than to make insecure apps.  The fact that Android is the most prevalent mobile OS, and Windows the most prevalent desktop OS, means that people just don't get it.  But the growth of Apple, means they can learn.  Realize that you (even I) know very little about security in the online world, and that it can impact your real world in many more ways than just money or inconvenience.  You can actually be killed by a security hack.

(As an aside, if you are an Apple developer, iOS has done simple things like provide access to advanced technology through Kits - or libraries that give developers functions to call that makes it easy to write apps to do advanced things.  But the Kits are secure, and allow the device user to control which apps have access to which functions - the camera, microphone, photos, Internet, etc.  And, by default, apps cannot connect to insecure Internet connections, they must use encrypted SSL connections.  If the app needs to do an insecure connection, the developer has to "jump through hoops" by adding exceptions to the app for specific web addresses, so that only those addresses are allowed to be communicated with over insecure, non-SSL sockets.)

What can Congress do about this?  Nothing.  As you are well aware, Congress is a set of selfish, greedy lawmakers who have lost all touch with their constituency, and are at the behest, beck and call of lobbyists.  If they do eventually get around to doing anything, all they can do is pass a bill - and nothing they could do would have an impact, as it would be too little, too late.  This technology is out now (has been for years), and the vulnerabilities exist now.  It's up to you to safeguard you and your family.

Tuesday, July 21, 2015

The Massive Misnomer of the Smart "Phone"


Back in the good old (pre-iPhone) days, we used to call these pocket computers that organized your life a PDA (or Personal Digital Assistant).  With the Palm and Blackberry devices, the convergence of PDAs with cellular phone technology began.  I began with what was called the Palm Pilot, later the Pilot, then just simply "Palm" - had that for many years, and when Samsung came out with the I-300 Palm phone, I was all over it.

And, as is now cliche, along came the iPhone and everything changed.  In fact, I was constantly searching for apps for my Palm and downloading them, but the availability of apps was severely limited (especially as compared to today's App Store and Play Store).  And, I noticed that the plethora of people who had Blackberries and Palm phones, called them a pretty evenly split combination of Phone and PDA (a few called them Organizers).  With iPhone, and I suspect related to the product name, it seems we have abandoned the somewhat wonky and clunky "PDA" for the simpler, but less descriptive, "Phone."  When I want to take a photo, and have to look for my device, I say "Have you seen my phone?"  When I need to check bank balances, travel itinerary, play a game, or the myriad of non-phone things I use my "phone" for the vast majority of its usage time, I call it my "phone."  Kind of interesting.

Although these devices are computers, calling it one is also clunky, because it doesn't take into account the communications and mobility aspects, as well as confusing it with all the non-"phone" computers (desktops, laptops, notebooks, and tablets).  Interestingly enough, the kids constantly say "I want a TV in my room," to which I reply, "You have TV's that you can put anywhere, including in your room."  With Netflix, Watch ABC, PBS Kids, the UVerse app, and more - you have these computing devices that are, by all definition, televisions.  Tablet, by the way, is a great name.  But phone is terrible.  We could go with a Trekky "communicator" - but when you unlock it, you will be forced to change your unlock sound to that of a communicator when Kirk whips it out and says "Kirk to Enterprise, come in Enterprise."

At some point in the not-too-distant future, we will see people who have only ever known a "phone" to be a fully-capable, desktop-class computer with a small footprint and touchscreen interface (i.e. a "smart phone"), and when you say to them "pick up the phone please, it's ringing" - they will stare uncomprehendingly at your cordless handset, wondering what it is, what it does, and why you have it at all.  I mean, all it can do is make and receive phone calls - how useless is that?

Sitting right now in my recycle bin, in fact, is a thick book with the letters "YP" on the front cover.  I have no idea what it is for (other than as a platform for advertising - like there aren't other more useful ones built into my iPhone???).  I mean, it is filled with business names and phone numbers.  Really?  Where are their web sites?  If I want to look up a business, I am going to ask Siri, or type it into a web or map search.  The section on private individuals is totally gone, and rightly so - how could a publication hope to stay on top of peoples' contact numbers?  Maybe this book would be good to use as kindling to start my charcoal chimney, except that I have tons of newspaper for that.  Maybe it could be a paperweight - like I need that.  I have a million other things that have other uses that can also weigh paper down on the patio table when we chill outside.  Obviously there is a segment of people who use these books, but I can't imagine who that is besides senior citizens who don't have a smart phone (a very small segment indeed).  Maybe it is simply a bunch of people working in an office, where over the past 10 years most of the employees have been laid off, and they are desperately trying to hang onto their jobs.