Saturday 20 May 2017

Our Next Volvo or Audi May Have an Android infotainment system

Volvo
Till now we had support for multiple Android devices via Bluetooth or direct plug-ins to the dashboard to enjoy the music or to do some navigation tricks from our smartphone. But things are changing at an alarming pace for the Android in the automobile which will help in unleashing a new era of Android support for better. Google has announced that upcoming range of automobiles from the Volvo and Audi will feature the Android in its full glory in the next generation infotainment systems. This is just one of small announcement made by the Goggle and more enthralling bit will appear at the upcoming Google I/O conference.

It is better than the Android Auto 


Google has launched the Android Auto in the past which made it easier for the automobile owners to access some of the vital phone functions from the behind the wheel. This system helped in bringing a simplified interface for the users to connect with their car without the need of physically attaching the phone to the console. The best thing about the Android Auto was that it helped in accessing a number of apps right on the interface which made driving a pleasant experience with the Android device.

Both the automobile manufactures namely Audi and Volvo are taking the Android experience to the next level by basing it into their infotainment system. It is worth noting that Audi has found some success with its MMI infotainment system in the recent past while Volvo’s Sensus Connect system is very much new. The decision of bringing the Android operating system into their infotainment shouldn’t mean that the manufacturers will pull the plug of their own homegrown infotainment systems. Instead they are aiming at making the buyers comfortable by offering an easy to use Android based interface in their vehicles.

Advantages of Android as the foundation


The greatest advantage of having the Android as the foundation of the infotainment in the Volvo and Audi is that it will help in accessing the vast library of Android applications. Google Play Store boasts of millions of apps in varied categories which is expanding at every given minute. Secondly it is tough to get developers to develop apps for any third party platform but having the Android foundation will ensure that developers populate the infotainment system with compatible apps quickly without much trouble. We are expecting to get more details on this foundation in the upcoming Google I/O.

One of the Volvo official has stated that having an Android foundation will mean that the company will be able to integrate the rich ecosystem of Android into their iconic Volvo user interface with ease and simplicity. There will be huge abundance of the popular apps which will help in bringing an integrated experience to the users which has never been seen before in an automobile. At the Google I/O both the automobile manufacturer will be giving demonstrations to give a wider perspective to the prospective consumers of its next generation infotainment.

Creators of the MP3 Declare it Dead

MP3

Rest in Peace MP3 as creators pulls the plug

We have enjoyed the music on our mobile and other portable music players with the help of widely used mp3 format. But the creators of the MP3 has declared its demise as the penultimate music format which means music will no longer be made in the mp3 format. This format was developed about two decades ago by a German research institute and they dropped the ownership of it. The institute named the Fraunhofer Institute of Integrated Circuits has stated that they had put forward a strong licensing program for the mp3 related patents but it has been terminated.

New advanced music format

Currently there are number of highly effective audio codecs boasting advanced features when compared to the old mp3 format. The current generation of the modern devices makes use of the advanced audio coding (AAC) and there is a definite move among the consumer electronics giants to place the MPEG-H as a new audio standard for some-time to come. This new audio format will offer an efficient storage option along with the immersive 3D audio experience to the users. Both of these formats are able to deliver more features along with the much needed higher audio quality at quite lower bitrates when it is compared to the mp3. It would come as surprise that the iTunes and Youtube are making use of the AAC as its main audio format for its service.

A number of tests has shown that AAC music format files does sound better than the old age format even at the same bitrate. Secondly AAC tends to be smaller in size even at the higher bitrate which means users will be able to get better quality music without wasting too much space on their file storage. The compatibility issue might be high for the AAC at the moment as it is only supported on very few mobile phones.

Age-format will still reign supreme

It should be noted that the developers had bid their farewell to the mp3 format but it will still be in wide usage on global scale as a number of people are still using the iPods and Mp3 based music players. It was developed during the 1980’s and gained huge popularity and support during the 90’s by emerging as the standard file type for the audio players, systems as well as the online music downloads. This format was developed accidently when developers were actually trying to find a smarter way of delivering music signal right over the telephone lines.

Later on this format was adopted for the distribution of the music using the compact discs and finally with the arrival of the Apple’s iPods it reached the heights of its popularity. The reason behind the wide popularity of this format was that it used to take just 10 percent of the storage space of the files. This format was also loved by the peer-to-peer sharing sites like Napster and the rise of the illegal downloads as well as digital piracy is also attributed to it.

Thursday 18 May 2017

SS7 Vulnerabilities

SS7 – Network of Telephony Signalling Procedures

Signalling System No. 7 – SS7 network is a set of telephony signalling procedures which had been invented in 1975. It has been utilised to set up and slash down several of the public switched telephone network PSTN telephone calls of the world.

Besides this it also tends to perform number translation, local number portability, prepaid billing, Short Message Service – SMS together with other mass market services. The SS7 networks is said to form one of the supports of the prevailing effective telecommunication industry.

In spite of all its importance of enabling telecommunication services, SS7 tends to integrates only nominal safety features. However since SS7 had been introduced in the past 35 years the telecommunication marketplace had altered radically and SS7 susceptibilities have now become more unprotected.

 Over the past few months, invaders have been utilising a flaw in Signalling System 7 in order to intercept two factor authentication codes which have been sent to online banking customer in an attempt to transfer funds. Suddeutsche Seitung, a German newspaper had reported that the invaders first tend to compromise the bank account of the customer utilising traditional bank fraud Trojans to steal passwords and log into accounts.

Mobile Transaction Authentication Numbers 


They learned that the offenders carried out an attack from a network of foreign mobile network operator in mid-January wherein the attack redirected incoming SMS messages for selected German customers to the attackers Thereafter they utilised the SS7 susceptibility in order to redirect text messages comprising of one-time passwords to the device of the attacker instead of the customers.

Then they utilise mobile transaction authentication numbers - mTANs for the purpose of transferring money from the targeted accounts. The SS7 susceptibility is not new but had been discovered in 2014 by German researchers and reported by The Washington Post. The detection of the abuse of the SS7 vulnerability followed an open letter two U.S. congressmen had written to U.S.

Homeland Security Secretary John Kelly requesting for an update on the progress in dealing with SS7 security errors and why the agency had not been doing more regarding the same. Rep. Ted Lieu – D-Caliphs, one of the authors of the letter had a personal experience with the SS7 susceptibility.

Congressional Action 


The security researchers with the permission of Lieu were capable of stalking the congressman using only his cell phone number and an SS7 network. The researchers were capable of recording his phone calls as well as monitor his precise location in real time. The exploit of the cell phone of Lieu was featured on the television show 60 Minutes.

 In April 2016, following its airing, the FCC had stated an investigation in the SS7 vulnerability and a report from FCC was anticipated in March 2016 which is yet to appear. Lieu had issued a statement calling for congressional action on the matter in reply to the draining of bank accounts utilising the same SS7 weakness.

Lieu had mentioned that everyone’s account protected by text-based two factor authentication like bank accounts, were possibly in danger till the FCC together with the telecom industry tend to fix the SS7 security flaw.

The FCC together with the telecom industry is aware that hackers can acquire our text messages and phone conversations just by knowing our cell phone number. It is improper that the FCC and the telecom industry have not taken immediate action in the protection of our privacy and financial security.

Wednesday 17 May 2017

rpcbomb: remote rpcbind denial-of-service + patches

It is imperative to block the post immediately after being used. Sources have claimed that a payload of 60 bytes which is sent to a UDP socket via a rpcbind service which is capable of leading to a crash to its host by blocking the memory of the target user.

This rpcbind vulnerability is enough to crash your entire system, which will lead to further consequences like blocking your entire system, loss of all the primary data and files. The vulnerability can be avoided only by taking proper measures and being cautious enough in terms of blocking all the ports.

The rpcbomb exploit was manufactured by Guido Vranken, he is the person behind the discovery of vuln. He is a very tactful person and rumors are he wrote the matches for the system himself since he was unable to contact the maintainers to get the required actions for putting up the managing packages. This complaint against him is viral everywhere which has made him famous both positively and negatively by setting an example that if you are determined enough to get something, none can stop you from achieving it.

He with regard to this complaint has written Shodan which is responsible for converting rpcbind’s Port up for almost 1.8 million hosts. This port related to rpcbind vulnerability is also known as Port 111 subjected to the Internet. Some or even many are hosting mass like AWS, where a user generally configures a default Linux distribution and if you really intend to run rpcbind which binds all the RPC calls to their address by putting all the limitations of firewall Port 111 behind the world outside. The experts have suggested that the best way in which you can avoid this situation is by turning off the daemon, they say it is the easiest way of avoiding rpcbind vulnerability to block your port.

The patches present in the GitHub are said to be small enough through which the developers get a way to figure out whether they are nice and accurate or not. This also helps them to ensure that whether they aren’t malicious. Sources have even suggested that a rpcbind vulnerability requires only two lines for getting it fixed, while libtirpc requires 256 lines to get the thing patched and rectified. In this way, we can understand that how serious is the damage that has taken place.

Vranken has suggested that rpcbind vulnerability enables an attacker to attach itself to ample number of bytes i.e. almost up to 4 gigabytes per attack that too for the host of a remote bind and the memory is never released from the attack unless the entire system gets crashed or the administrator waits for a while or restarts the service again.

It is certain that an attacker can possibly go beyond the limits of only hosting the target. Vranken writes as per this situation since some software is always subjected to unpredictable downfalls when the system tends to run out of the memory.

Bionic Hand: Hand That Sees Offers New Hope to Amputees

A revolutionary discovery leading to the betterment of the affected, introducing the bionic hand! With research and studies over years, biomedical engineers in the Newcastle University have invented a prosthesis worth praising.

This newest discovery allows the individual to wear and reach out to objects in the same way a real hand does, without thoughts. Funded by the Engineering and Physical Sciences Research Council, the hand consists of a camera, assesses it by taking pictures and triggers movements, like a reflex action.

TRIALS THAT FOLLOWED:

A few amputees trialed it and the University are to introduce the same to patients in Newcastle’s Freeman Hospital. As explained by a Senior lecturer from the Biomedical engineering department, the new models are hardy, light weight and durable. With studies conducted in the UK, 600 new amputees are reported every year, and around 500,000 in the US.

This bit of information is important because it gives us the idea of the need of the hour and how this discovery can benefit the population. Instead of usage of myoelectrical signals, neural networks are used for these bionic hands. It was done by showing the computer a few pictures, teaching it actions like gripping and clutching of various objects. This is done by viewing the same object in various angles and light to identify it with the hand, as to what kind of grip would be required for picking it up and performing an action.

Grasp types:

The programming was done according to four types of grasps, palm wrist neutral, palm wrist pronated, tripod and pinch. Within a matter of milliseconds using a 99p camera, the hand identifies the correct type of grasp required for an object. This helps in broadening the object identification, rather than manually programming images of objects in the hand.

Baby steps to success:

The research objective was to make the bionic hand sense pressure and temperature too, and send it to the brain. The purpose was to set-up forearm neural networks to allow a two-way communication with the brain. The working would involve the electrodes to be wrapped around the nerve endings in the arm, establishing direct communication of the brain and the prosthesis. The process is cheap and does not involve new prosthesis, old ones can be used for the same. The most success has perhaps been seen with upper limb prosthesis.

A live example! 

According to a live example of Doug Mcintosh, 56 years old from Aberdeen, Scotland, who lost his right arm to cancer, the prosthesis was immensely rewarding.

Battling cancer and feeding a family was not easy. He was one of the amputees who were involved in the myoelectric trials and later the Newcastle team. He has successfully been part of various charity events for amputees and cycled long distances, standing as an inspiration to a lot of people all over the world.

The only complaint he had was that the hand was not doing the real job, it still felt foreign. He would prefer a split over it, any day. This was before he was introduced to the newer, developed version of the bionic hand, serving the esthetic and materialistic purpose.

Source: