Starting in October of this year, pedestrians in Honolulu, Hawaii can be fined up to $100 if they are caught crossing a street with eyes on their cell phone instead of traffic. Coincidentally (and somewhat ironically), I read this bit of news on my phone, in Hawaii, while I was on vacation last week. However, I wasn’t walking so I can’t claim a trifecta. My first, flippant thought was, “How could anyone have their eyes on their phones while walking around one of the most beautiful places on earth?” In my defense, I was catching up with the news on my phone after a long day of specifically not looking at electronic screens, but it got me to thinking about how invaluable my phone was throughout the trip.
Could you take a vacation without your smartphone?
For those of us whose number one work tool is our phone, the answer is reflexively “Yes!”, but only because we aren’t remembering just how thoroughly indispensable the internet has become to destination vacations. Throughout the nine days we spent traversing the island, GPS, online reviews, local weather forecasts and instant access to just about any fact known to man allowed us to really get the most out of our vacation. And several of us had plenty of quality time with phone screens while standing in line, driving from scenic view to scenic view and staying in touch with friends and family who couldn’t be there with us. Could we have done the same things without the aid of such a device? Sure, but it would require a lot more planning, paper and reliance on human memory. On your next trip, make sure you leverage your technology to maximize your vacation, but don’t forget to observe local laws (and customs!) as it might just cost you more than you planned on spending!
Image courtesy of blackzheep at FreeDigitalPhotos.net
Security analysts recently demonstrated a significant weakness in Samsung smartphones that could potentially impact up to 600 million people. The vulnerability lies in their modified version of the Swiftkey app, which is Samsung’s onscreen keyboard. This vulnerability impacts the the Samsung Galaxy S6 on Verizon and Sprint networks, the Galaxy S5 on T-Mobile, and the Galaxy S4 Mini on AT&T. The developers of SwiftKey were quick to confirm that the version available for download on Google Play was not affected by this vulnerability, and supposedly Samsung has provided a fix to carriers, but there is no confirmation from any of the carriers as to whether they’ve distributed this fix, or have any plans to do so.
What this means for you:
This vulnerability could potentially allow an attacker to completely “own” your device – from the camera to microphone, incoming and outgoing texts and emails, as well as installing further malicious applications. There is no way to uninstall this app unless you root your phone (only recommended for the technically savvy, and you might void your warranty), and even if you switch to a different keyboard app, the vulnerability still exists. Until the carriers can confirm that they’ve patched this vulnerability you should avoid using public wi-fi networks, and if you are feeling sufficiently outraged, you can contact your carrier and demand they issue this patch immediately.
Though it may sound enticing to some, “Mobilegeddon” is not the sudden annihilation of all mobile devices. Rather, Google is releasing a new search algorithm that will impact how mobile users find websites. For those of you who aren’t up on your search engine technology, Google uses a complex, closely-guarded formula to calculate its search result rankings for all the websites it indexes. The last major update to the algorithm, entitled “Panda“, was released in 2011, and was designed to reduce the impact of gaming search engine ranking through content manipulation, a specialty of many less-than-honest SEO companies that sprang into existence in the last decade. Panda impacted about 12% of existing websites, most of them content farms designed to leverage popular content and other nefarious SEO methods to get to the top of search results.
What this means for you:
This time around, Google is focusing on providing better results for smartphone users by favoring mobile-friendly websites over those that display poorly on small screens. If you don’t drive business through your website, this may not be a high priority for you, but it may surprise you to know that over half of all internet traffic is from mobile devices, and nearly 40% of search is done on smartphones. Having a website is essentially a must-have for any ongoing business or organization, and if your website makes a poor showing to over half of your visitors, it will have an impact on your brand. How do you know if your website is ready for Mobilegeddon? You can punch in your URL to a website developed by Google to determine whether your website is mobile-friendly. Unlike Google’s last algorithm change, this one should start impacting rankings as soon as 72 hours from launch. Lest you think you are the only one caught out in the cold with this change, there are several internationally recognized brands whose sites do not pass Google’s mobile “sniff test.” One advantage you may have over corporate behemoths: less red tape and meetings will be necessary to make the required changes to your website, also you happen to know someone who can provide strategic advice in this area as well as assist in the website redesign. Give us a call if you need to “mobilize” your website!
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Despite industry opposition and a failed first attempt, California’s governor signed into law a bill that requires smartphone manufacturers to install and enable kill switch functionality on all smartphones sold after July 1, 2015. Though California isn’t the first state to enact a killswitch law – Minnesota enacted a similar law back in May – it’s the first to require that the kill switch be enabled by factory default. Opponents of the law were quick to point out that any state’s effort to enforce this capability are redundant, as many smartphones already have this functionality, and it is quickly becoming a standard for all manufacturers. Both Apple and Samsung feature some variation of activation locking that prevents stolen phones from being used, but as the authors of the California bill were quick to point out, having it available and actually enabling it are two different things.
What this means for you:
Even if you aren’t a California or Minnesota resident, it’s possible you already own a phone that has some form of kill switch capability, especially if the device was made in the past two years. Even if you are one of the careful 9 out of 10 people who hasn’t had a smartphone stolen, you should enable any kill switch and anti-theft capabilities your phone has to offer, including putting a passcode of some form on your phone. Misplacing a phone could be just as devestating without it, and even though it wasn’t technically “stolen”, no kill switch means that a less scrupulous individual just got a brand new smartphone for free. You should also enable recovery and theft prevention features on any tablet you own – both iOS and Android offer location and security as standard features of the OS – and keep in mind that California’s law only applies to smartphones, not tablets.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Did you know that if you jailbroke your iPhone (or any locked smartphone) without your mobile carrier’s permission anytime between early 2013 and now, you were actually breaking a federal law? That’s right, due to an expired clause in the Digital Millenium Copyright Act, it’s actually illegal to unlock a smartphone you own. This bit of nonsense was courtesy of a Congress that was deadlocked on just about every issue big or small, so it’s no surprise that only just now they are getting around to fixing an issue that both the FCC, Whitehouse and even mobile carriers recognized was just plain wrong.
What this means for you:
The “Unlocking Consumer Choice and Wireless Competition Act” was passed by Congress on July 25 and is now awaiting the President’s signature, but the impending law seems like a token gesture in response to what is now more of a symbolic stance from a vocal minority of smartphone users. In the intervening 18 months, the mobile marketplace has seen a fierce rise in competition, including some carriers offering to pay off early termination fees to woo customers away from the competition. Most carriers now also offer plans that incorporate no-penalty upgrades to new hardware, another incentive to not bother unlocking phones or switching carriers. And to top it all off, the CDMA/GSM network divide continues to limit your unlocked phone to a single alternative (if you want nation-wide coverage).
The carriers, even though they “allow” you to unlock your phones once your contract has expired, still do not always make the process easy, nor is it always a simple technical process, especially on the Android platform. In the end, if you aren’t already a veteran jailbreaker, you are better off interrogating the salesperson at your local carrier store about upgrade options and no-contract plans rather than worrying about whether you can take your phone over to the other guys.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Lest you think Facebook is the only security punching bag getting a beating lately, two significant flaws in the Android application platform have been revealed by overseas security teams. Without going into the gory details, each team has found a different way to create a trojanized APK (the file format in which Android apps are delivered) that is indistinguishable from the original. This would allow an app to appear and function normally, but also execute functions like transmitting your passwords, texts, emails on the sly. Google has already put together a fix and distributed a patch to OEM manufacturers, and supposedly they are able to detect this sort of exploit on the Google Play Store.
You need to worry if you “sideload” apps on your Android phone, which is to say you get apps from sources other than Google Play. Keep in mind, even Amazon’s App store counts as a sideloading source, and as of the moment, they aren’t scanning for this vulnerability.
What this means for you:
Even though Google has issued a fix for this particular vulnerability, they can’t force the update upon the millions of Android phones out there affected by this weakness, as that task lies with the phone manufacturers and the carriers. With the exception of avid power-users, most Android users are unaware that their Android OS may be months or years out of date, primarily because cellular carriers insist on selling phones that use a modified version of the OS that does not automatically get updated when Google updates the core version of Android. On top of this, the carriers are notoriously slow in issuing updates. If you are wondering what folks are talking about when they are discussing “Gingerbread”, “Honeycomb”, “Ice Cream Sandwich” and “Jelly Bean”, they are referring to the various versions of Android OS, where Jelly Bean is the latest. Supposedly this exploit exists as far back as “Donut” (ver 1.6).
Even worse, certain older models of Android phones may never get updated, as the carrier has essentially abandoned firmware updates for phones that are “retired” from active support. Users of these phones have essentially two options: root, unlock and update the phone with a custom version of the Android OS developed by the open source community, or buy a new phone. The former option is definitely not for technically-disinclined. Given the gravity of the vulnerability, the carriers may issue patches for the majority of its phones, but I wouldn’t hold your breath.
Until you are able to verify your Android smartphone is running a version of the OS that fixes this vulnerability, don’t sideload applications. If you want to be extra safe, avoid using smartphone apps that transmit sensitive information like banking passwords, pins and other sensitive personal information. As I’ve reiterated before, exercise caution before convenience, especially when it comes to protecting yourself.
Depending on where you live or work, you’ve probably experienced problems with cellphone coverage for one or more carriers, usually due to your geographical (lack of) proximity to a cell tower, or courtesy of construction materials like concrete, lead and steel in between you and your signal. Thanks to the advent of widely available broadband, cellular providers have been able to build small devices called femtocells that can be connected to your internet connection and will significantly improve cellular signal for a specific carrier in a limited range.
While seen as a godsend for the cell-strength deficient, we also now have to regard them as a security risk, thanks to research performed by analysts at iSEC Partners who have allegedly hacked a Verizon network extender to allow them to eavesdrop on any phone call, text message or other information transmitted from the phone through the compromised femtocell. The researchers plan to publicize their findings at the upcoming Black Hat Conference in August, but have declined to share details for obvious security reasons.
What this means for you:
Unfortunately, you can’t tell your cellphone what radio signal source to use. It’s designed to look for the strongest signal and use it. The iSEC researchers claim it would be trivial to build a portable and unobtrusive hacked network extender and place it in a strategic location to capture confidential calls. If you are in the business of confidential information, you probably already know not to take sensitive calls where ever you might be overheard, and if you are a well-informed adult, you probably already know that the NSA could eavesdrop on your conversation regardless of what cell tower was handling your call. But now we are talking about a commercially available device that is cheap, portable, and apparently, hackable. As before, consider carefully the medium you choose for the delivery of your sensitive information, and when in doubt, err on the side of caution rather than convenience.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
The upcomign Black Hat security conference features a topic that may give traveling iPhone users second thoughts about using a public charging station to juice up their phones. Three security researchers from Georgia Institute of Technology have built a prototype device that can hack an iPhone through the dock connector merely by being plugged in. Supposedly this hack can be accomplished on the latest iOS update, and does not require any interaction from the user, nor does it rely on the device being jailbroken.
What this means for you:
I’ve always viewed public charging stations as being rather sketchy to begin with, especially the ones that charge you for the service and offer “highspeed charging” which could easily fry your phone’s battery if not the device itself. I’d rather spend a few extra minutes locating a regular wall outlet and using my own equipment. Supposedly the prototype that will be demonstrated at the upcoming conference is too big to fit into a standard Apple-branded iPhone charger, but the designers of the device inferred that stealthier versions wouldn’t be hard to produce at all.
Most modern smartphones combine data and power in the same port (Android phones and most tablets also feature this same convenience) so it may not be just iPhones that will be vulnerable to this method of attack. For now, make sure you use chargers you know are safe regardless of what type of mobile device you use, and avoid public charging stations. This particular cow is well on its way out of that barn.
If you were someone who worried that Facebook was taking over the world, one market segment at a time, it would seem that the smartphone front is safe, for now. As part of the launch of its new pseudo smartphone OS “Facebook Home” back in April, the social media giant had also announced a partnership with HTC to sell the “HTC First” with the application suite pre-installed, essentially creating the official Facebook Phone. Unfortunately, Facebook’s foray into pseudo-OS development received a mostly tepid to slightly-negative response from the public, and HTC’s First faired little better. According to some analysts, as few as 15,000 units have been sold since it’s launch.
AT&T, betting big on the First and Facebook, appears to have a serious overstock problem due to the lackluster market response and has slashed the phone’s price to $.99 (with contract, of course) from the original launch price of $99. Unfortunately for the carrier, they signed a display contract that requires them to continue providing valuable shelf space for the First, despite the phone’s lack of popularity, so the price slash is an obvious desparate move to clear space for better selling phones.
What this means for you:
It’s too early to make any sort of prediction, but Facebook seems to be entering the awkward stage of life as it struggles to find relevance with an increasingly cynical/sophisticated user base while pursuing profit for shareholders disappointed by flops like the Facebook Home app. One of the interesting dynamics that is still very poorly understood is the changing demographic of Facebook’s core audience. The same population segment that helped Facebook rocket to world dominance is now entering into a distinctly different phase of life (college students are now parents and employees), and the next generation of users are young enough to view Facebook as the place where their moms and dads (and grandparents!) “do the ‘net.” The next generation of internet users are very fragmented and intent on experimenting with new platforms that rise and fall with rapidity, and many view Facebook as yesterday’s news. Still, with billions of users worldwide, Facebook has a long way to fall before any other platform, no matter how new or exciting can ever fill its shoes.
According to BlackBerry’s CEO, Thorsten Heins, tablets will lose their market dominance in 5 years, to be replaced by, presumably, smartphones like the BlackBerry, and larger monitors. Assuming he is referring to the business space, it’s hard to decide whether his prediction is some parts sour grapes – BlackBerry’s own tablet, the Playbook, was a market failure and nearly bankrupted the company – and some parts wishful, magical thinking to self-fulfill their own business goals, which is to supplant tablets (dominated by the iPad and to a lesser extent Android) with their devices. As is usually the case with controversial predictions, Heins’ prognostications have roots in fact. Apple’s profits have been declining, as has its margins on the iPad, giving analysts cause to speculate on the longevity of the platform.
What this means for you:
Unless you are about to make a substantial investment in bringing tablets into your business processes (and even if you are), Heins’ predictions are likely to have little impact on you. BlackBerry wants to be considered a competitor in the mobile device space, and as they can’t compete on the tablet level, the traditional business tactic one can take in this situation is to attempt to invalidate the competition’s strategy by influencing the market. “Tablet’s will be dead in five years. Everyone will be using BlackBerries,” makes for good headlines, but any student of technology history will tell you that smarter technology leaders and innovators got more wrong than right when attempting to predict the future.
- 1
- 2