Archive for May 25, 2018

Buy A Low Cost Android Phone, And Get Pwned For Free

Posted in Commentary with tags , on May 25, 2018 by itnerd

More than 100 different low-cost Android models from manufacturers such as ZTE, Archos, and myPhone ship with malware pre-installed, researchers at Avast Threat Labs reported on Thursday. Users in more than 90 countries, including the U.S., are affected by this, the researchers said:

The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. “The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under ‘settings.’ We have seen the dropper with two different names, ‘CrashService’ and ‘ImeMess,'” wrote Avast.

The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. “The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we’ve never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK.”

Well. That’s not cool. These companies need to explain why their phones ship with this stuff. Or better yet, I say that governments should say that if this stuff is on phones when they ship, then they can’t be sold. But I suspect that neither is going to happen and consumers will have to fend for themselves by sticking to iOS or the Samsungs or LGs of the world and avoiding this low end market entirely.

Leave a comment »

Amazon Echo Recorded A Woman’s Voice And Sent It To Another Alexa

Posted in Commentary with tags on May 25, 2018 by itnerd

This is a total #Fail.

According to KIRO 7, a family from Portland suddenly received a phone call from a person on their contact list telling them to “Unplug your Alexa devices right now, You’re being hacked.” This person, who was an employee of the husband, stated that he had received audio recordings of conversations that took place in the family’s home. He was able to prove this by telling the family what they had just been talking about. Here’s the scary part. When the family reached out to Amazon, they were able to confirm that this happened.

Scary.

Now the article lacks details about how this happened. But if I were to make a guess, I would say that since this thing is always listening to you, it likely heard and misinterpreted something that made it send the conversation to the third party. But that’s just a guess. Amazon would really do the world a favor by describing what happened and how it will stop this from happening again in the future.

Well, they sort of did that:

Echo woke up due to a word in background conversation sounding like “Alexa.” Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right.” As unlikely as this string of events is, we are evaluating options to make this case even less likely.

The problem is that the device would have said something if that were true to confirm the intent of the people who were speaking. Thus unless these people were clueless, there’s is no way they would have not noticed this. Amazon needs to come up with a better answer than this.

As an aside, could this happen with other smart home speakers? Inquiring minds want to know.

Leave a comment »

Review: Apple Watch Series 3 GPS + Cellular

Posted in Products with tags on May 25, 2018 by itnerd

As many of you know, I’ve become a huge fan of the Apple Watch. Partially for the fitness functionality that’s present which has helped me to be far more disciplined when it come to staying active, and partially for the fact that I can discreetly see and respond to notifications, texts, and emails. Recently, I became the new owner of an Apple Watch Series 3 GPS + Cellular which promises all of that while leaving my phone behind. There was just one problem. My cell phone carrier at the time was Rogers, and I’ve documented extensively that Rogers does not support the Apple Watch because they don’t for whatever bizarre reason support the eSIM standard. Nor do they have a timetable that they are willing to share in terms of when they will support the eSIM standard. Thus after hoping that they would get on board with that in short order, I gave up on Rogers and went to Telus who does support the Apple Watch and the eSIM standard and I haven’t looked back. More on that experience in a bit.

Now the Apple Watch Series 3 GPS + Cellular looks and feels exactly like the Apple Watch Series 3 with GPS. And if you want to see what the Apple Watch Series 3 with GPS is capable of, I reviewed it a few months ago here. But there are two major differences between the GPS version and the GPS + Cellular version. The first difference is that the GPS + Cellular version has a red dot on the digital crown. I guess that’s there so your friends or potential thieves know that you have the GPS + Cellular version of the Apple Watch. I for one would have prefered if they made both versions look the same so that it flies under the radar a bit more. The second difference is that there is 16GB of storage in the GPS + Cellular version rather than the 8GB in the GPS version. That I suspect is there to either load music onto the Apple Watch so that you can say go for a run with just the watch and a pair of Bluetooth headphones, or it’s there for use with Apple Music so you can stream music if you have a data plan with enough data to support that.

Now over to the one question I am sure that you have. Is this device truly independent of the iPhone? In short, no. The long answer goes something like this. The Apple Watch has always required you to pair it to an iPhone for it to fully work. And you could always leave the phone behind and still get notifications and the like on your Apple Watch as long as the Apple Watch could connect to WiFi and the iPhone was connected to WiFi or cellular. Now the WiFi in question has to be 2.4 Ghz WiFi, and it can’t use anything fancy like certificate based authentication, and it has to be a WiFi that your iPhone knows about. But assuming you get past all that, this use case works. For example, I have left my iPhone in the car downstairs in front of my condo to run upstairs to get something and I’ve been able to get notifications, send messages, use Siri, etc. The inclusion of LTE support in the Apple Watch takes this to the next level as the Apple Watch no longer has to rely on WiFi to do any of this. Though it will flip to WiFi if it can connect to it to save you a few bucks on your cell phone bill. But it means that you’re always connected without having to carry your iPhone with you.

But there is a catch.

If your iPhone is off or not connected to cellular or WiFi, only iMessage and phone calls can be received or sent via your Apple Watch Series 3 GPS + Cellular. Text messages won’t work. Also, voice mail won’t work, and e-mail won’t work. So it’s not completely an independent device. But even with that caveat, there is a lot a value in this. My wife for example hates carrying her phone on a run. So in her use case, she could use an Apple Watch Series 3 GPS + Cellular along with the Strava Apple Watch app to record her run without having to take her iPhone. But if she runs into trouble or decides to bail on the run, she can still make a phone call.

Speaking of phone calls, taking a phone call on the Apple Watch works really, really well from an audio quality perspective. Both ends of the conversation are really clear. Though I am going to point out that doing what I call the “Dick Tracy” thing is going to earn you either some strange looks, or a lot of questions, or in some cases both. Also, taking phone calls on a regular basis on the Apple Watch Series 3 GPS + Cellular hammers battery life. And so does using the watch exclusively on cellular. Now Apple does promise “all-day battery life”, and you will get that. But to give you some perspective, when I didn’t use the Apple Watch to take phone calls and my iPhone was with me at all times, I was left with 70% to 75% battery life at the end of the day. If I did take a couple of phone calls, or I did use the watch extensively on cellular, the battery life I was left with was closer to 30% to 35% at the end of the day.

Now setting up the Apple Watch Series 3 GPS + Cellular on the Telus network was a breeze. Telus provides step by step instructions here. But the prerequisites are that you have to have a postpaid consumer Your Choice Plan or SharePlus Plan (Business plans aren’t supported at this time. Thus when I made the switch to Telus, I had to sign up as a consumer to get support for the Apple Watch). A Telus My Account log-in is also required. The setup on the Telus network took me five minutes and required no human intervention which is always a good thing. You’ll pay an extra $10 a month on top of whatever you pay Telus for your cell phone service to give your Apple Watch Series 3 GPS + Cellular LTE access. That may raise some eyebrows as Bell offers the same thing for $5 a month extra. But you do get 1GB data on top of whatever your data bucket happens to be as part of the deal which is something that Bell doesn’t offer you. I should also note that the Telus site that I linked to above has all sorts of handy tutorials that new Apple Watch users will find to be valuable. Kudos to Telus for doing that. Now I have yet to roam with it, but I have heard that it is either a non-issue or highly problematic depending on where you’re going. Thus I will update you on what my experiences with roaming are like when the time comes.

The Apple Watch Series 3 GPS + Cellular starts at $519 CDN. That’s $90 CDN more than the GPS version which makes it only a marginal price increase to get the ability to leave your phone behind when you go for a run and still be connected. If that’s your use case, then it’s money well spent.

 

4 Comments »

Review: 2018 Mazda6 Signature – Part 5

Posted in Products with tags on May 25, 2018 by itnerd

So I’ve come to the end of my week long review of the 2018 Mazda6 Signature and I walk away from this review very, very impressed. By that I mean that every aspect of this vehicle impressed me. The interior, exterior, driving experience, everything is above and beyond what one should expect from a mid sized car. The folks over at Toyota and Honda might want to take note because to be frank, they now have a competitor that they should really be concerned about. Besides the Toyota Camry and Honda Accord, you can cross shop it against the Nissan Altima, Hyundai Sonata, and Kia Optima to name a few competitors. None of which in my opinion match what this Mazda6 has to offer.

My final fuel economy was 9.1 L per 100KM’s which was outstanding since I didn’t make any attempt to drive in a fuel economy. Though I will note that my average fuel economy went up to 10 L per 100KM’s because I took a trip into downtown Toronto rush hour traffic. But a trip to the Oro African Methodist Episcopal Church which is a National Historic Site of Canada brought it back down:

This slideshow requires JavaScript.

Given that there’s a really fun to drive 2.5L turbo engine under the hood, the fuel economy that I got this week is pretty impressive. Mazda has a winner in the mid sized class and anyone who drives it will likely be impressed enough to buy it rather than one of the usual market leaders. Especially in the Signature trim level which is class above. You can expect to pay $40,895 including freight for the Signature trim that I had this week. But the Mazda6 starts at $28,930 which is well in line with its competition.

For all those reasons do not be surprised if you start to see many more Mazda6’s on the roads than you are used to seeing in the not so distant future. Also, don’t be surprised if this vehicle ends up being an IT Nerd Award winner at the end of the year as it is a strong contender for that award. Again.

Leave a comment »