vineri, 2 septembrie 2016

Samsung recalls Galaxy Note 7.

Samsung has officially announced a recall of its Galaxy Note 7 device, due to launch in the UK today, following reports of a battery fault resulting in numerous fires.

Samsung has formally begun the recall process for its Galaxy Note 7 smartphone-cum-tablet, following reports that the battery can swell, rupture, and catch fire under normal use.

Originally due for release in the UK today following earlier international availability, Samsung has announced that it is delaying the launch and preparing to recall those handsets that have already been sold due to a serious flaw in the battery design. 'In response to recently reported cases of the new Galaxy Note 7, we conducted a thorough investigation and found a battery cell issue,' Samsung's statement explains. 'To date (as of September 1) there have been 35 cases that have been reported globally and we are currently conducting a thorough inspection with our suppliers to identify possible affected batteries in the market. However, because our customers’ safety is an absolute priority at Samsung, we have stopped sales of the Galaxy Note 7.'
The cases to which Samsung refers include incidences of the device catching fire, seemingly as a result of a flaw in the design of the battery. 'For customers who already have Galaxy Note 7 devices, we will voluntarily replace their current device with a new one over the coming weeks,' the company's statement continues. 'We acknowledge the inconvenience this may cause in the market but this is to ensure that Samsung continues to deliver the highest quality products to our customers. We are working closely with our partners to ensure the replacement experience is as convenient and efficient as possible.'
The recall is expected to add at least a two-week delay to the UK launch of the Galaxy Note 7.

Logitech G launches Prodigy.

Logitech G has announced the launch of the Prodigy range of gaming peripherals, comprised of a keyboard, two mice, and a headset.
Logitech's gaming arm, imaginatively named Logitech G, has announced the impending launch of a headset, keyboard, and a pair of mice under the Prodigy Series branding.

Logitech G's Prodigy family of products begins with a pair of gaming mice: the G403 and G403 Wireless, differing only in the obvious manner. Based on the PMW3366 sensor, Logitech claims that the Prodigy G403 mice are perfect for pro-gaming and casual use, and can be used immediately out-of-the-box or customised via the bundled software. Both models include built-in RGB LED below the logo, a 10g removable weight in the underside, and on-board memory for storage of settings for the six programmable buttons and sensor sensitivity.
The G213 Prodigy RGB keyboard continues the family's launch, offering a spill-proof full-size layout with five-zone RGB LED lighting. Although based on a rubber dome system rather than mechanical switches, Logitech claims the G213 has been designed to 'enhance the tactile experience' with feedback said to be four times faster than a standard keyboard as well as an anti-ghosting matrix. An integrated palm rest and dedicated media controls complete the keyboard's specifications.
Finally, the Prodigy family is complete with the G231 Prodigy Gaming Headset. Based around 40mm neodymium drivers, the stereo headset with unidirectional boom-microphone is claimed to offer a high level of comfort during long periods of wear thanks to 'carefully selected sports performance cloth' which can be removed from the ear cups for washing. The headset's cable additionally includes in-line controls for volume and microphone mute.
Logitech has confirmed all four devices are available now, with recommended retail pricing set at £59.99 for the G403 Prodigy Gaming Mouse, £99.99 for the G403 Prodigy Wireless Gaming Mouse, £59.99 for the G213 Prodigy RGB Gaming Keyboard, and £49.99 for the G231 Prodigy Gaming Headset.

AMD,announces GlobalFoundries deal.

AMD has agreed a new deal with former subsidiary GlobalFoundries, but while it gains flexibility it will be hit with a $335 million charge and has to pay GlobalFoundries for every wafer it purchases from rival fabs.

AMD has announced it is making another payment to GlobalFoundries, the company formed by spinning off former AMD fabrication facilities when the chip designer chose to go fabless, in order to allow it to farm out manufacturing to third parties - but in doing so is taking a whopping $335 million charge and paying GlobalFoundries for every wafer it purchases from rivals.

In the years since AMD spun off its fabrication facilities as The Foundry Company, later GlobalFoundries, the company has made a number of major payments to its once and former subsidiary - largely relating to exclusive manfuacturing deals between the two companies. In 2012 AMD sold its final stake in GlobalFoundries and amended its wafer supply agreement in order to allow APU products to be built at rival facilities. However, that same year AMD would renegotiate again following weaker-than-expected demand for APUs, paying $320 million for wafers it had agreed to purchase but now no longer needed.
Now, the company is once again amending its deal with GlobalFoundries in an agreement which covers the next half-decade. 'The five-year amendment further strengthens our strategic manufacturing relationship with GlobalFoundies while providing AMD with increased flexibility to build our high-performance product roadmap with additional foundries in the 14nm and 7nm technology nodes,' claimed Lisa Su, AMD president and chief executive, of the renegotiated agreement. 'Our goal is for AMD to have continued access to leading-edge foundry process technologies enabling us to build multiple generations of great products for years to come.'
Under the new terms, which run through to 2020, AMD has established a framework for technology collaboration between the two companies as a means to reach a 7nm process node, set minimum wafer purchase targets - the issue which cost it $320 million back in 2012 - and has agreed terms that will allow it to spread manufacturing across additional fabrication companies. However, these terms come at a cost: AMD has agreed to pay $100 million in cash to GlobalFoundries, spread across 2016 and 2017, and will make unspecified quarterly payments to GlobalFoundries for every wafer it purchases from the company's rivals. AMD is also to issue a warrant for 75 million shares at $5.98 per share, costing it around $235 million.
In total, the new deal will see AMD hit with a $335 million one-off charge in the third quarter of this year, with ongoing costs from the third-party wafer supply agreements to continue into the future. For a company which has long been struggling financially, it's hard to see the terms of the deal in a particularly positive light.

Intel launches Seventh-Gen Kaby Lake.

Intel has officially launched its Kaby Lake parts, beginning with low-power chips for laptops and convertibles with higher-power enthusiast models promised for January.
Intel has officially launched its next-generation Kaby Lake microarchitecture, beginning with low-power parts for laptops, tablets, and two-in-ones, and with desktop parts to follow in January 2017.

Part of Intel's revamped three-stage development cycle, which replaces its classic tick-tock cycle, Kaby Lake comes with a tweaked 14nm manufacturing node the company refers to as 14nm+. In 14nm+, Intel claims, it has been able to boost the final processors' performance by 12 per cent over its previous 14nm node thanks to improved fin profiles on its tri-gate transistors, improved transistor channel strain, and heavy integration between its design and manufacturing divisions - the latter a none-too-subtle dig at companies like AMD who farm production out to third-party companies.
As you might expect from a process node tweak and microarchitecture improvements, performance gains are modest but measurable: Intel claims the 15W Core i7-7500U Kaby Lake chip is some 12 per cent faster in the SYSmark 2014 benchmark than the i7-6500U it replaces, thanks largely to a 3.5GHz peak clock over 3.1GHz, and 19 per cent faster in the WebXPRT 2015 benchmark.
In addition to improvements in the CPU portion of Kaby Lake, the integrated graphics processor has also received some love. Compared to the previous generation, Intel claims that the integration of new VP9 and High-Efficiency Video Codec (HEVC) 10-bit decode engines allow for Ultra HD video streaming in either codec without impacting battery life - indeed, for selected laptops, Intel claims 'All Day 4K' streaming for nine and a half hours will be possible.
Intel's launch includes ultra-low-power Core m3 and low-power Core i3, Core i5, and Core i7 processors, with original equipment manufacturers (OEMs) scheduled to begin shipping Kaby Lake equipped systems in early September. Higher-powered desktop parts, including enthusiast-grade models, have been promised for January 2017.

AMD confirms early 2017 launch.

AMD has confirmed that its Vega graphics processors won't be hitting the market until early 2017, despite rumours pointing to an October launch.

AMD has officially confirmed that its next-generation graphics processor microarchitecture, Vega, won't be coming to market until early next year.

Designed to offer roughly the same performance-per-watt improvement over Polaris than Polaris did over its predecessor, Vega is set to be built on the same 14nm three-dimensional FinFET process by AMD spin-off GlobalFoundries. Vega also promises to bring High Bandwidth Memory 2 (HBM2) to the table, offering an increase in the speed at which the GPU can communicate with the video memory. As with its predecessor HBM, HBM2 works by stacking memory dies vertically on an interposer board with a direct connection to the GPU to form a single-package GPU-and-memory combo with reduced latency and boosted bandwidth.
Originally, AMD had hinted at an October 2016 launch date for Vega, but it has now formally announced a different release schedule that sees Vega hitting retail in the first quarter of 2017. No reason for the apparent delay - which isn't, it must be noted, an official delay, as the October date was never officially announced - has been given.
Vega is scheduled to be replaced at the top end by Navi in 2018, which will include similar performance gains again along with increased scalability and what AMD teasingly refers to as 'Nexgen memory,' details of which have not yet been released. As with its previous launches, AMD is expected to release high-end enthusiast cards early followed by lower-cost mainstream parts later in the year. The company is also expected to be making much of the combination of Vega graphics cards with its upcoming Zen processor, and will likely launch upgrade bundle packages into the market in collaboration with its various hardware partners.

EC ruling puts Apple on the hook.

The European Commission has told Ireland to recover €13 billion in illegal state aid - plus interest - from Apple's Dublin-based subsidiaries.

Apple has been found to have illegally benefited from €13 billion (around £11.1 billion) in tax benefits from the Irish government, with the European Commission demanding that Ireland recovers the cash back from the company.

Like most multinationals, Apple's corporate structure is deliberately opaque. Part of this involves setting up national subsidiaries in countries where corporate and income tax rates are lower, then funnelling profits through these subsidiaries in order to reduce the amount of tax owed. Apple's Dublin-based Irish subsidiary exists for exactly this reason, but the European Commission has found that Apple Sales International and Apple Operations Europe have benefited from hefty tax breaks that the Irish government had no legal right to offer.
In the conclusion to an investigation begun in June 2014, the European Commission has found that two tax rulings made in Ireland - one in 1991 and one in 2007 - existed purely to offer the company a selective tax treatment which runs counter to European Union state aid rules. According to the Commission's findings, the tax rulings gave Apple tax breaks equivalent to paying just 1 per cent corporation tax in 2003 dropping to 0.005 per cent in 2014. That gaffe is on the Irish government, but Apple is hardly innocent: the Commission has also found that its practice of attributing profit to its Irish head offices is misleading in the extreme: 'the Commission's assessment showed that these "head offices" existed only on paper and could not have generated such profits,' the EC statement explained.
The result: Apple managed to dodge taxation on what the Commission claims was 'almost all profits generated by sales of Apple products in the EU Single Market.' Admitting that 'this structure is however outside the remit of EU state aid control,' the Commission is nevertheless to order recovery of illegal state aid for the ten-year period preceding its first request for information filed in 2013. The result: Ireland is being made to recover the unpaid taxes for Apple's business through 2003 to 2014 inclusive, a sum of €13 billion plus interest.
Full details of the Commission's findings can be read in the official press release.

vineri, 26 august 2016

Apple Issues Emergency Fix.

Apple has released an emergency security update for iOS devices to resolve three zero-day vulnerabilities leveraged in targeted attacks against human rights activists, journalists, and other persons of interest. 
Named Trident, the vulnerabilities were exploited by a piece of high-end surveillance software dubbed Pegasus, which researchers classify as “the most sophisticated attack seen on any endpoint.” The spyware is modular, highly customizable, and uses strong encryption to avoid being detected. The software is sold by NSO Group Technologies Ltd, a Herzelia, Israel-based company that has been founded in 2010. 
More importantly, it takes advantage of how integrated mobile devices are in people’s lives, while also being capable of leveraging “the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists,” mobile security firm Lookout explains
The Trident Vulnerabilities
The vulnerabilities leveraged by this piece of malware were patched in iOS 9.3.5, which was released on Thursday, Aug. 25, 2016. The three security issues include CVE-2016-4655 and CVE-2016-4656, both affecting the Kernel, and CVE-2016-4657, which affects WebKit. According to Apple’s advisory, iPhone 4s and later, iPad 2 and later, and iPod touch (5th generation) and later are affected by these security bugs. 
CVE-2016-4655 is an information leak in the Kernel that could result in information being leaked to the attacker, thus allowing them to calculate the kernel’s location in memory. To address the issue, Apple has improved input sanitization to ensure that the kernel cannot be mapped out. 
CVE-2016-4656, on the other hand, is a memory corruption bug that could lead to jailbreak. The 32 and 64-bit iOS kernel-level vulnerability can be triggered silently, thus allowing an attacker to jailbreak the device and install surveillance software without user knowledge. Apple addressed this bug through improved memory handling.
Vulnerability CVE-2016-4657 is a memory corruption bug in the Safari WebKit, which allows an attacker to compromise the device when a user clicks on a link. By crafting a special website and tricking the user into visiting it, an attacker could execute arbitrary code on the device. This security issue was also addressed through improved memory handling.
The attack sequence and the NSO Group
To leverage these vulnerabilities, an attacker uses a classic phishing scheme: a text message with a URL is sent to the victim. When the browser is launched to access the link, the malicious webpage exploits the vulnerabilities and installs a persistent application to exfiltrate information. All without user’s consent or knowledge, of course. 
The exact same scheme was attempted on Aug 10 and 11 against Ahmed Mansoor, an internationally recognized human rights defender, Citizen Lab reveals. Mansoor received a text message promising information about detainees tortured in United Arab Emirates (UAE) jails. To access the purported details, he was supposed to click on an included link. 
Instead, Mansoor sent the messages to Citizen Lab researchers who, in collaboration with Lookout, discovered that the link “led to a chain of zero-day exploits that would have jailbroken Mansoor’s iPhone and installed sophisticated malware.” Mansoor has been targeted with similar “lawful malware” before, in 2011 with the FinFisher spyware, and in 2012 with Hacking Team spyware, researchers reveal. 
Citizen Lab explains that the link Mansoor received earlier this month is believed to be part of an exploit infrastructure provided by the NSO Group and notes that the same infrastructure has been also leveraged by the UAE-based Stealth Falcon APT group. 
“NSO Group appears to be owned by a private equity firm with headquarters in San Francisco: Francisco Partners Management LLC, which reportedly acquired it in 2014 after approval from the Israeli Defense Ministry,” Citizen Lab notes. Unlike other similar organizations, NSO Group tried to avoid media attention, doesn’t have a website, and there appears to be no prior technical analysis of its products. 
The Pegasus software
The Pegasus spyware used by the NSO Group has been mysterious, with few technical details on it available online until now, although it was previously linked to a few attacks. “Much of the publicly available information about Pegasus seems to be rumor, conjecture, or unverifiable claims made to media about capabilities,” Citizen Lab says. 
However, documentation found in the Hacking Team materials that leaked online last year suggests that the software might have been created in 2013 by Guy Molho, the Director of Product Management at NSO Group. Apparently, the group was offering two remote installation vectors for the spyware: zero-click and one-click. The latter was used against Mansoor.
The former, however, requires sending the malicious link via a special type of SMS message, like a WAP Push Service Loading (SL) message, which causes the phone to automatically open the link in a browser, without user interaction. However, newer phone models have started to ignore this type of messages and network operators might soon block them altogether, researchers say. 
The software’s documentation also explains that the malicious website used for the spyware’s installation communicates with a Pegasus Installation Server located on the operator’s premises. When the victim visits the website, a request is forwarded to the server, which determines whether the device can be exploited and sends the appropriate exploit chain, such as Trident, to attempt infection. If the infection fails, the victim is redirected to a legitimate website, to avoid raising suspicion. 
Once a device has been compromised, the Pegasus spyware can survive on it even after the operating system has been updated. The Trident exploit chain is re-run locally on the phone at each boot and the spyware also disables Apple’s automatic updates, while searching for and removing other jailbreaks from the device, to ensure persistence. Moreover, the program can update itself to replace obsolete exploits.
Data collection and exfiltration
The spyware was built to actively record or passively gather a broad range of data on the infected device. The operator has full access to the phone’s files, messages, microphone and video camera, thus being able to turn it into a silent spying device. 
While observing the variant used to target Mansoor, researchers were able to confirm this functionality and to determine what kind of data the attackers were after: phone calls (including those made via WhatsApp and Viber); SMS and messages sent via popular apps like Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, KakaoTalk, Telegram, and others; and personal data such as calendar data, contact lists, and passwords, including Wi-Fi passwords.
Collected data is sent to a Pegasus Data Server using the PATN (Pegasus Anonymizing Transmission Network), which appears to be a proxy chain system intended to obfuscate the identity of the government client associated with a particular operation. In the observed attack, two PATN nodes were used, and
Exploit infrastructure and other victims
The NSO Group has established an exploit infrastructure that has been already used against other targets, researchers reveal. The group has been using fake domains impersonating websites such as the International Committee for the Red Cross, the U.K. government’s visa application processing website, and multiple news organizations and major technology companies to conduct its nefarious operations. 
The researchers also identified a series of common themes indicating the type of bait content the group was using against victims, most of which pointed toward the use of fake news articles to distribute the spyware. Other themes included online accounts, document sharing, shipment tracking, corporate account portals, and ISPs, similar to other spear-phishing attacks.
According to researchers, while the UAE and Mexico were the most targeted countries, other geographies were also prevalent, including Turkey, Israel, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain.
Among the other identified targets, Citizen Lab researchers name journalist Rafael Cabrera, who recently reported on the Casa Blanca controversy. Last year, Cabrera received messages supposedly coming from UNO TV, and which also included malicious links that match domains linked to the apparent NSO Group infrastructure. 
Citizen Lab also found a past tweet discussing the opposition in Kenya, which contained a link to the NSO Group exploit infrastructure. The message was sent by a “Senior Research Officer” in the Office of the Senate Minority Leader and references Moses Wetangula who is the current Minority Leader of Kenya’s Senate.
Zero-days and surveillance software
The attack on Mansoor, researchers say, is clearly connected to the NSO Group’s Pegasus spyware suite, which is sold exclusively to government agencies. The investigation into the group’s activities, however, wasn’t triggered by this attack, as Citizen Lab had already mapped out a set of 237 servers linked to NSO Group before that. 
What the attack did, however, was to allow researchers to visit the malicious links and to observe the exploits in action and to find the zero-day vulnerabilities and report them to Apple. Two weeks after the incident, a patch for these security bugs is already available for download. 
“Apple has been highly responsive, and has worked very quickly to develop and issue a patch in the form of iOS 9.3.5, approximately 10 days after our initial report to them.  Once an iPhone is updated to this most recent version, it will be immediately protected against the Trident exploit chain used in this attack.  While we assume that NSO Group and others will continue to develop replacements for the Trident, we hope that our experience encourages other researchers to promptly and responsibly disclose such vulnerabilities to Apple and to other vendors,” Citizen Lab researchers note. 
Zero-day exploits remain an important tool in any threat actor’s arsenal, mainly because they are rare and tend to be highly expensive, “especially one-click remote jailbreak exploits for iPhones, like the Trident,” researchers say. Last year, exploit acquisition company Zerodium was willing to pay up to $3 million on iPhone exploits and ended up paying $1 million for a “remote browser-based untethered jailbreak” affecting iOS 9.1 and 9.2 beta. Earlier this month, Exodus Intelligence said it would pay up to $500,000 for iOS 0-day vulnerabilities.
When it comes to surveillance software, zero-days appear critical for continuous operations, and last year’s breach at the Hacking Team proved that. Among the hundreds of gigabytes of data stolen from the organization’s servers, researchers identified several exploits, including a zero-day for Adobe Flash Player.
As soon as the next month, the European Union is expected to propose tighter rules on the export of dual-use technologies, such as those from companies like Germany's FinFisher GmbH and Italy's Hacking Team, which have been used by repressive regimes to target activists and journalists.