Researchers Nikita Tarakanov and Oleg Kupreev analyzed the security of 3G/4G USB modems obtained from Russian operators for the past several months. Their findings were presented Thursday at the Black Hat Europe 2013 security conference in Amsterdam.
Most 3G/4G modems used in Russia, Europe, and probably elsewhere in the world, are made by Chinese hardware manufacturers Huawei and ZTE, and are branded with the mobile operators’ logos and trademarks, Tarakanov said. Because of this, even if the research was done primarily on Huawei modems from Russian operators, the results should be relevant in other parts of the world as well, he said.
Tarakanov said that they weren’t able to test baseband attacks against the Qualcomm chips found inside the modems because it’s illegal in Russia to operate your own GSM base station if you’re not an intelligence agency or a telecom operator. “We’ll probably have to move to another country for a few months to do it,” he said.
There’s still a lot to investigate in terms of the hardware’s security. For example, the SoC (system on a chip) used in many modems has Bluetooth capability that is disabled from the firmware, but it might be possible to enable it, the researcher said.
For now, the researchers tested the software preloaded on the modems and found multiple ways to attack it or to use it in attacks.
For one, it’s easy to make an image of the USB modem’s file system, modify it and write it on the modem again. There’s a tool available from Huawei to do modem backup and restore, but there are also free tools that support modems from other manufacturers, Tarakanov said.
Malware running on the computer could detect the model and version of the active 3G modem and could write an image with malicious customizations to it using such tools. That modem would then compromise any computer it’s used on.
The researchers also found a possible mass attack vector. Once installed on a computer, the modem application — at least the one from Huawei — checks periodically for updates from a single server, Tarakanov said. Software branded for a specific operator searchers for updates in a server directory specific to that operator.
An attacker who manages to compromise this update server, can launch mass attacks against users from many operators, Tarakanov said. Huawei 3G modems from several different Russian operators used the same server, but there might be other update servers for other countries, he said.
Research in this area is just at the beginning and there’s more to investigate, Tarakanov said. Someone has to do it because many new laptops come with 3G/4G modems directly built in and people should know if they’re a security threat.
A multi-year agreement between AT&T and GM subsidiary OnStar calls for vehicles to continue getting OnStar’s safety and security services while adding information and entertainment services for backseat drivers, AT&T said.
Millions of vehicles will be affected, as AT&T rolls out LTE to reach 300 million people in the U.S. by the end of 2014.
The AT&T-GM announcement is part of an explosion in the number of devices connected to the Internet, many of them wirelessly, in what some have termed the “Internet of Things.”
“The is a big announcement for connected devices,” Glenn Lurie, president of emerging enterprises and partnerships at AT&T, said in an interview at Mobile World Congress here.
The transfer includes 753 U.S. patents related to 2G, 3G and LTE technologies, Unwired Planet said Thursday. Four months ago, the company owned just 200 U.S. and foreign patents, and around 75 pending patent applications.
“Our patent portfolio now extends to all layers of the telecom handset and infrastructure stack,” said Unwired Planet’s CEO Mike Mulica during a conference call. The patents cover application stores, location-based services, mobile search and mobile advertising as well as network protocols, antennas and many more topics, Mulica said.
The portfolio will continue to grow, as Ericsson has also committed to transfer a further 100 patents each year from 2014 through 2018.
Mulica said the company wants everyone who uses the patented technologies to pay a license fee. “We will use litigation when necessary,” he said.
It was only a matter of time before someone got the cunning idea to build an eight-core ARM chip and Samsung seems to have taken up the challenge.
The Korean giant will detail its first eight-core SoC at the International Solid State Circuits Conference in February. The 28nm part features two stitched quad-core clusters, based on A7 and A15 cores, hence the name – big.little.
The A7 cluster runs at up to 1.2GHz, while the A15 cluster can hit 1.8GHz, and it packs 2MB of L2 cache. It sounds like an intriguing concept, a bit like Nvidia’s companion core taken to the next level. The “little” cluster is tuned for energy efficiency, while the beefy A15 cluster should deliver unparalleled performance.
But what about real life applications? Eight cores sound like overkill for smartphones and even high end tablets, so it is unclear whether the big.little chip will find its way into actual products anytime soon.
Greenpeace’s “Guide to Greener Electronics” is a 16 company ranking that sets out to discover what leading electronics firms are doing to reduce their impacts on the environment.
This year’s study found that Indian firm Wipro, which has a consumer electronics division, was making important progress toward becoming greener.
“There is not a single reason why companies like HP, Nokia and Apple can’t do what Wipro is doing,” Greenpeace’s IT analyst Casey Harrell said.
Wipro was ranked number one in Greenpeace’s survey because of its efforts to increase its use of renewable energy, bring energy efficient products to market, nail down an effective product take back strategy and advocate for better governmental energy standards.
Harrell said that advocacy is an important step companies should take to becoming more environmentally aware. However, he believes that many companies are not doing enough to get the government involved in green initiatives.
“These companies invest a lot of money in advocacy, just not for energy,” continued Harrell.
“They invest in advocacy for things like IP reform and tax reform, just not for energy policy reform.”
Greenpeace’s study criticized Apple for its lack of advocacy efforts. The environmental agency gave the Iphone maker a ranking of zero when it came to environmental protection advocacy.
Apple has previously been slammed by Greenpeace for its decision to use glued-in batteries in its latest Macbook devices.
While many US companies rated poorly on environmental advocacy, Harrell still held out hope that some firms will try to do more going forward. As an example for his optimism, Greenpeace’s IT analyst said that in 2010 HP came out against the controversial California Proposition 23.
Another key area that Greenpeace thinks electronic firms need to improve upon is the lack of proper warranties on devices. Harrell said that companies can make the most energy efficient products in the world but if consumers have to buy a new product each year it won’t matter.
“It is a huge problem,” said Harrell.
Microsoft’s roll-out of Windows 8 is not expected to generate a significant increase in DRAM shipments, according to market research firm IHS iSuppli.
Other operating system roll outs have pushed up the demand for DRAM, and some had hoped that it would save the battered industry. However while iSuppli thinks that Global DRAM bit shipments are expected to increase by eight percent in the fourth quarter compared to the third quarter, this is much lower than previous Windows roll outs.
In the good old days Windows rollouts have always generated double-digit increases in quarterly DRAM shipments. Part of the problem is that Windows 8 is pretty good software and has a leaner hardware requirement. But the biggest part is that Windows 8 is not likely to deliver a significant increase in PC shipments in the fourth quarter compared to the fourth quarter of 2011, IHS said.
Clifford Leimbach, analyst for memory demand forecasting at IHS said that starting with Windows 7 and continuing with Windows 8, Microsoft has taken a leaner approach with its operating systems, maintaining the same DRAM requirements as before.
Could 4G Networks give way for more high-risk mobile security implications; Symantec is warning of such a wave of threats.
“We could see a move to the sort of threats that we already see on the wireless and fixed connected network,” John said. “Malware that you usually have on fixed networks, like botnets.
“There aren’t many botnets on mobile devices because the bandwidth’s not there to support it, once you go on to 4G [hackers] could start infecting systems.”
To ensure that enterprises avoid these these security threats, John advised that businesses need to be on their toes more than ever, look closely at everything that’s coming into the network, and not trust anything.
“Companies need to make sure that where traditionally it’s been a firewall with a perimeter with everything in a timeline environment,” John said. “What they need to look at is ‘what are my employees doing’, ‘what information is being shared’ and ‘how do we ensure our information is being protected no matter where it may be’, whether its mobile device, across networks or sitting in a cloud service.”
“This is a change we are going through, but 4G is going to push the need for that change even more so,” she added.
According to John, 4G will also be detrimental to businesses in the way it will add a greater burden for them to ensure that cloud services and mobility – what she calls “two of the biggest security challenges for enterprises and their employees” – are up to scratch.
Intel on Monday spent US$375 million to purchase nearly 1,700 wireless networking patents from subsidiaries of digital communications company Interdigital.
Intel will get patents that cover a range of 3G, LTE and Wi-Fi technologies from Interdigital. The patents should boost Intel’s product mobile product portfolio as the company establishes a presence in the smartphone and tablet markets, which is currently ruled by ARM.
Intel has said it will integrate 3G and 4G LTE capabilities along with its Atom microprocessor in devices like smartphones and tablets. Intel made its first entry into the smartphone market earlier this year with its Atom chip code-named Medfield, which is being used in handsets from Lenovo, Orange and Lava International.
Intel later this year will release a dual-core Atom Z2580 processor with 3G, 4G and LTE capabilities. Intel’s upcoming Atom chip for tablets, code-named Clover Trail, will also come with mobile broadband options.
Intel started building its wireless business following the acquisition of Infineon Wireless for $1.4 billion, which was completed last year.
Wireless is a fast-changing market, and the company is making this investment to support the business, according to Chuck Mulloy, an Intel spokesman.
“This was an opportunity to add some value to our patent portfolio. That’s over and above what we have,” Mulloy said.
Samsung Electronics has started mass producing a microSD card that uses an Ultra High Speed-1 (UHS-1) interface to greatly improve data transfer speeds, the company said in an announcement on Wednesday.
The microSD HC card stores up to 16GB and has a maximum sequential read speed of 80MBps (megabytes per second), according to internal tests conducted by Samsung. That is more than four times the read speed of today’s advanced microSD cards, which have speeds up to 21MBps, Samsung said.
What real-world speeds that will translate into remains to be seen. The card will be a good fit for LTE smartphones and tablets, according to Samsung.
Sprint Nextel will end its planned 15-year 4G network relationship with would-be hybrid network operator LightSquared, the Wall Street Journal reported on Thursday.
The end of the Sprint partnership, which was due to expire on Thursday, would be nearly as big a blow to the foundering LightSquared as the U.S. Federal Communications Commission’s proposal last month to revoke the carrier’s authorization to build a land-based network.
Since the deal was announced last July, Sprint had been planning to host LightSquared’s radio spectrum on its Network Vision infrastructure. LightSquared was to pay Sprint US$9 billion in cash for that hosting and said the plan would save it $13 billion over eight years.
For its part, Sprint had looked to the partnership for extra spectrum on which to run its own planned LTE network. It would get $4.5 billion worth of credits to use some of LightSquared’s spectrum in addition to its own and that of longtime partner Clearwire. Sprint extended the deal twice to give LightSquared more time to win FCC approval for its network.
Sprint will terminate the LightSquared deal on Friday and return $65 million in prepayments by LightSquared, according to the Journal.