Qualcomm has told the assorted throngs at CES about a new Snapdragon 820 Automotive family of products. It will come in two flavors – a standard 820A and an 820Am that adds an LTE modem.
The chip is designed for in-car navigation and infotainment systems running QNX, Linux, and Android. It has wireless capabilities and can connected to your phone. The LTE version will link to the Internet.
They can manage multiple displays to run the screen in your dashboard and an infotainment screen in the back seat. It also offers support for high-resolution 4K displays for when some company inevitably decides to cram a high-res, high-density screen into one of its cars.
The 820A chips are close cousins ofthe the Snapdragon 820 SoCs that will start shipping in phones later this year and use Qualcomm’s custom-made 64-bit Kryo CPU cores, an Adreno 530 GPU, a Hexagon 680 DSP all cooked up with a 14nm manufacturing process. They will also use the Snapdragon X12 LTE which can manage 600Mbps down and 150Mbps up when the wind is behind it and it is going downhill. There are all the usual 802.11ac Wi-Fi, Bluetooth, and other features.
Qualcomm said that it used a “modular approach” in designing the chip, which means that the cars infotainment system can be upgraded with hardware and software updates, thereby enabling vehicles to be easily upgraded with the latest technology.
Car makers could theoretically swap out the chip or the entire package without needing to worry about software changes. Qualcomm specifically mentions upgrading LTE connectivity over the lifetime of the car to keep up with the capabilities of cellular networks.
Qualcomm says the 820A family will begin sampling in Q1 of 2016.
The Blog site Fudzilla has confirmed that the Kryo core might be the last custom developed CPU core from Qualcomm, at least for now.
The next generation SoC from Qualcomm, let’s call it Snapdragon 8×0, will use ARM Cortex cores. Our industry sources are confident that company’s leadership has put a great deal of pressure on Qualcomm QTI to reduce the cost of R&D and custom CPU core costs an arm and a leg. Using Cortex Cores is cheaper than developing a custom ARM based CPU such as Kyro.
Creating a custom ARM based CPU core is intensive too and Qualcom still has to build a Modem, GPU, DSP, camera ISP, Video processing unit as well connectivity inside of the SoC to provide the differentiating factor to the competition. It just appears that the Core itself probably does not need looking at.
But the move will hardly help Qualcomm compete in hostile and aggressive mobile SoC manufacturers’ competition.
Apple and Samsung have their own CPU cores. Huawei uses Cortex architecture but has its own SoCs for the 100 million phones it sold this year. These are businesses that are either very hard or impossible for Qualcomm QTI SoCs to get. Every Samsung SoC manufactured and sold in Samsung phones is one less for Qualcomm.
MediaTek might be the winner in this case, as MediaTek makes rather unique processors that are designed to compete well against those who use close-to-reference Cortex ARM solutions. MediaTek is the only deca core in three cluster architecture but we still have to see it in action before we pronounce anyone winner or loser.
Qualcomm will have to focus on its strengths of its late 2016 successor to Snapdragon 810. The strengths of Qualcomm lay in superior modem performance and a great Adreno GPU. However they will lose an advantage of a custom core that might bring a bigger difference from the competition.
This is certainly not something we expected but it is happening.
The service set up by WordPress to better support WordPress has failed users by suffering a security breach and behaving just like the rest of the internet.
WordPress, and its themes, are often shone with the dark light of the security vulnerability, but we do not hear of WP Engine often. Regardless of that, it seems to do good business and is reaching out to those that it does business with to tell them what went wrong and what they need to do about it.
A reasonable amount of threat mitigation is required, and if you are affected by the issue you are going to have to change your password – again, and probably keep a cautious eye on the comings and goings of your email and financial accounts.
“At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance of caution, we are proactively taking security measures across our entire customer base,” says the firm in an urgent missive on its web pages.
“We have begun an investigation, however there is immediate action we are taking. Additionally, there is action that requires your immediate attention.”
That action, is probably to panic in the short term, and then to change your password and cancel out any instances of its re-use across the internet. You know the drill, this is a daily thing right. Judging by the WordPress statement we are in the early days of internal investigation.
“While we have no evidence that the information was used inappropriately, as a precaution, we are invalidating the following five passwords associated with your WP Engine account,” explains WordPress as it reveals the sale of its – actually, your, problem. “This means you will need to reset each of them.”
Have fun with that.
Comments Off on xCodeGhost To Wreak Havoc On IOS Devices
A security firm has released a list of ongoing and incoming threats that cover a range of things from Apple’s iOS to the Internet of Things (IoT).
In its third report this year, Quick Heal warns that Apple users in particular better brace themselves for impact as more and more malware writers who’ve earned their stripes targeting Android users turn their attention to iOS.
“As the number of iPhone owners rises across the world, iOS has become a new potential target for Android malware authors and hackers. It is expected that Android malware will soon be altered to attack iOS users as well, and jailbroken iOS devices will be the first wave of targets for these attacks,” explained the firm (PDF).
“Recently, the ‘XcodeGhost’ malware was found on the Apple App Store and this is just the beginning of such attacks.”
In a section on wearables, Quick Heal predicts hackers will increasingly target fitness trackers, something that other security researchers have already warned about.
A lot of space in the report is reserved for Android-flavoured threats, and users are offered advice on protecting themselves such as if there is an option to use a password over a touch sign-in, then you ought to take it.
“A group of researchers have discovered a serious security flaw in the Android Lollipop version running on devices right now. This flaw allows attackers to bypass the lockscreen of an Android smartphone by using a massive password and thereby exposing the homescreen,” it explains.
“The attack essentially works by opening the in-built camera application and afflicts people using a password to protect their Android device and lock their screen.”
The most significant Android threat is a rascal called Android.Airpush.G, which claims 30 percent of the bug pool and is the kind of adware thing that makes you want to take a hammer to your phone screen. The second most prominent issue is Android.Reaper.A, which can haul in a large data harvest when in place.
Quick Heal is not the only security company in town, and a post on the Symantec website also seems set to put the fear into the Apple user community. That post, read it here – if you dare, says that the Mabouia ransomware is capable of causing a problem for Mac and PC users alike.
Fortunately, Mabouia is a proof-of-concept attack that a researcher shared with both Apple and Symantec. Symantec says that the PoC effort achieves at least one first.
“Mabouia is the first case of file-based crypto ransomware for OS X, albeit a proof-of-concept. Macs have nevertheless already been targeted by ransomware in the form of browser-based threats,” it explained.
Software Giant Microsoft has joined Mozilla and will consider blocking the SHA-1 hashing algorithm on Windows to keep the US spooks from using it to spy on users computers.
Redmond had earlier said that Windows would block SHA-1 signed TLS (Transport Layer Security) certificates from January 1, 2017, but is now mulling moving up the date to June.
There have been concerns about the algorithm’s security as researchers have proven that a forged digital certificate that has the same SHA-1 hash as a legitimate one can be created. Users can then be tricked into interacting with a spoofed site in what is called a hash collision.
In October, a team of cryptoanalysts warned that the SHA-1 standard should be withdrawn as the cost of breaking the encryption had dropped faster than expected to US$75,000 to $120,000 in 2015 using freely available cloud computing.
Programme manager for Microsoft Edge Kyle Pflug wrote in his blog that Redmond will coordinate with other browser vendors to evaluate the impact of this timeline based on telemetry and current projections for feasibility of SHA-1 collisions.
Mozilla said in October that in view of recent attacks it was considering a cut-off of July 1, 2016 to start rejecting all SHA-1 SSL certificates, regardless of when they were issued, ahead of an earlier scheduled date of January 1, 2017.
Comments Off on Oracle’s M7 Processor Has Security On Silicon
Oracle started shipping systems based on its latest Sparc M7 processor, which the firm said will go a long way to solving the world’s online security problems by building protection into the silicon.
The Sparc M7 chip was originally unveiled at last year’s Openworld show in San Francisco, and was touted at the time as a Heartbleed-prevention tool.
A year on, and Oracle announced the Oracle SuperCluster M7, along with Sparc T7 and M7 servers, at the show. The servers are all based on the 32-core, 256-thread M7 microprocessor, which offers Security in Silicon for better intrusion protection and encryption, and SQL in Silicon for improved database efficiency.
Along with built-in security, the SuperCluster M7 packs compute, networking and storage hardware with virtualisation, operating system and management software into one giant cloud infrastructure box.
Oracle CTO Larry Ellison was on hand at Openworld on Tuesday to explain why the notion of building security into the silicon is so important.
“We are not winning a lot of these cyber battles. We haven’t lost the war but we’re losing a lot of the battles. We have to rethink how we deliver technology especially as we deliver vast amounts of data to the cloud,” he told delegates.
Ellison said that Oracle’s approach to this cyber war is to take security as low down in the stack as possible.
“Database security is better than application security. You should always push security as low in the stack as possible. At the bottom of the stack is silicon. If all of your data in the database is encrypted, that’s better than having an application code that encrypts your data. If it’s in the database, every application that uses that database inherits that security,” he explained.
“Silicon security is better than OS security. Then every operating system that runs on that silicon inherits that security. And the last time I checked, even the best hackers have not figured out a way to download changes to your microprocessor. You can’t alter the silicon, that’s really tricky.”
Ellison’s big idea is to take software security features out of operating systems, VMs and even databases in some cases – because software can be changed – and instead push them into the silicon, which can’t be. He is also urging for security to be switched on as default, without an option to turn it back off again.
“The security features should always be on. We provide encryption in our databases but it can be switched off. That is a bad idea. There should be no way to turn off encryption. The idea of being able to turn on and off security features makes no sense,” he said.
Ellison referred back to a debate that took place at Oracle when it first came up with its backup system – should the firm have only encrypted backups. “We did a customer survey and customers said no, we don’t want to pay the performance penalty in some cases,” he recalled. “In that case customer choice is a bad idea. Maybe someone will forget to turn on encryption when it should have been turned on and you lose 10 million credit cards.”
The Sparc M7 is basically Oracle’s answer to this dire security situation. Ellison said that while the M7 has lots of software features built into the silicon, the most “charismatic” of these is Silicon Secured Memory, which is “deceptively simple” in how it works.
“Every time a computer program asks for memory, say you ask for 8MB of memory, we compute a key and assign this large number to that 8MB of memory,” he explained. “We take those bits and we lock that memory. We also assign that same number to the program. Every time the program accesses memory, we check that number to make sure it’s the memory you allocated earlier. That compare is done by the hardware.”
If a program tries to access memory belonging to another program, the hardware detects a mismatch and raises a signal, flagging up a possible breach or bug.
“We put always-on memory intrusion detection into the silicon. We’re always looking for Heartbleed and Venom-like violations. You cannot turn it off,” the CTO warned.
“We’ve also speeded up encryption and decompression, which is kind of related to encryption. It runs at memory speed there’s zero cost in doing that. We turn it on, you can’t turn it off, it’s on all the time. It’s all built into the M7.”
Ellison claimed that running M7-based systems will stop threats like Heartbleed and Venom in their tracks.
“The way Venom worked, the floppy disc driver concealed this code. It’s the worst kind of situation, you’re writing into memory you’re not supposed to. You’re writing computer instructions into the memory and you’ve just taken over the whole computer,” he explained. “You can steal and change data. M7 – the second we tried to write that code into memory that didn’t belong to that program, where the keys didn’t match, that would have been detected real-time and that access would have been foiled.
All well and good, except for the fact that nearly every current computer system doesn’t run off the M7 processor. Ellison claimed that even if only three or four percent of servers in the cloud an organisation is using have this feature, they will be protected as they’ll get the early warning to then deal with the issue across non-M7 systems.
“You don’t have to replace every micro processor, you just have to replace a few so you get the information real-time,” he added.
“You’ll see us making more chips based on security, to secure our cloud and to sell to people who want to secure their clouds or who want to have secure computers in their datacentre. Pushing security down into silicon is a very effective way to do that and get ahead of bad guys.”
SuperCluster M7 and Sparc M7 servers are available now. Pricing has not been disclosed but based on normal Oracle hardware costs, expect to dig deep to afford one.
Verizon has rolled out ThingSpace, a development platform for companies of all sizes to create Internet of Things applications more efficiently and then later manage those apps.
The carrier also announced it is creating a new dedicated network core for IoT connections that can scale far beyond the ability of its existing networks with the intent to reach billions of sensors and devices.
“Continued innovation in smart cities, connected cars and wearables demonstrates that IoT is the future for how we will live and work,” said Mike Lanman, senior vice president of enterprise products at Verizon during an event held at Verizon’s San Francisco Innovation Center. He said Verizon is taking a “holistic approach” to help expand the IoT market from millions of connections to billions. The event was webcast.
Other major wireless carriers, including AT&T, are developing programs to offer a range of services to industries and cities for connecting IoT sensors to wireless networks and then to cloud services for data analysis.
At Verizon, Lanman said the company is working to lower the cost of connecting billions of existing devices that companies have used for years to Verizon’s network. Holding up a new computer chip made by Sequans Communications, an LTE chip maker, he said the chip will provide a “significant reduction in cost…that changes the game.” It will provide 4G LTE connectivity in modules connected to IoT devices to “make the wide-area network more accessible to developers.”
Also, next year Verizon will launch a new IoT core network within its LTE network to provide a “much lower cost” than with Verizon’s existing wired and wireless networks.
“The cost for an IoT module and the cost to connect will both drop dramatically,” Lanman added. “Whether you are connecting your dog or water meters and any other low-payload devices, we’ll handle it through a new IoT core.”
Qualcomm has continued its friendship with Microsoft by extending its latest LTE-Advanced modem, the X12, to Windows 10 notebooks and tablets.
The chipmaker was the only major chip provider to optimize its architecture for Windows Phone, and Microsoft’s Lumia devices, which run on Snapdragon 808 and 810 chips.
The Windows 10 devices which come to market later this year will have the option to integrate cellular connectivity with the X12, X7 or X5 LTE modems, which support the Microsoft operating system’s native Mobile Broadband Interface Model (MBIM).
Qualcomm said this would give business users, in particular, a similar experience on their large-screened devices as on their smartphones, giving the particular examples of location-based services and security driving LTE usage on PCs and tablets.
Integrated cellular connectivity has not been so important for notebook users, outside of a few scenarios such as WiFi-less trains, most wireless access from notebooks, and even tablets, is over a WLAN.
Qualcomm makes WiFi chips for portable devices but it does not have such a big market share. Working with Microsoft means it could have a higher presence and a far better chance of delivering mass sales. The Surface Pro and its new Surface Book, is getting good reviews and might even be popular.
The U.S. has dropped to No. 55 in LTE performance as speeds rise rapidly in countries that have lept ahead some early adopters of the popular cellular system.
The average download speed on U.S. 4G networks inched up to 10Mbps (bits per second) in the June-August quarter, according to research company OpenSignal. That was an improvement from 9Mbps in the previous quarter, but the country’s global ranking fell from 43rd as users in other countries made much larger gains.
The U.S. was one of the first countries with commercial LTE service when Verizon Wireless launched its network in late 2010. But other countries that adopted the system later started with better technology, and some have secured more frequencies or rolled out enhancements that U.S. carriers haven’t embraced as much, OpenSignal said.
New Zealand scored the highest average speed in the quarter with 36Mbps, coming up from nowhere in the rankings. But perennial standouts like South Korea and Singapore kept getting faster, too. The average LTE speed in Korea is now 29Mbps (up by 4Mbps), and in Singapore it’s 33Mbps, up by 5Mbps.
OpenSignal collects data on cellular performance through a free app that mobile subscribers can use to measure the speed they’re getting and find faster networks. The results announced Wednesday are based on readings from more than 300,000 users worldwide, the company said.
Countries like Hungary, the Dominican Republic and Morocco beat the U.S. in average LTE speed, but they aren’t necessarily smartphone paradises. Mobile users in America can use LTE more of the time, for example, because their carrier’s networks are built out. Subscribers in the U.S. are on LTE 78 percent of the time, on average, making the country No. 10 for what OpenSignal calls “time coverage.” Moroccan LTE may be fast, but 49 percent of the time, users there don’t get it, for example.
Apple has officially released iOS 9, but in the first hour users reported that they were unable to grab the 1GB download.
“Software Update Failed,” the message read on iPhones and iPads. “An error occurred downloading iOS 9.”Computerworld confirmed the problem, initially seeing it on multiple iOS 8 devices. But after several subsequent attempts, the download successfully started about an hour after Apple issued the upgrade.
Similar reports of early problems were posted on Apple’s own support forums and elsewhere on the Internet. “Not a very helpful error,” wrote someone identified as “yanic” on the former.
Others countered with snark. “Strangely, this is not a ‘limited time offer,’ said “stedman 1″ on the same thread, likely referring to Microsoft’s Windows 10 free upgrade offer, which is valid for one year. “The software will be available tomorrow, and the next day, and next week.”
Some advice ended up being more helpful. “You are facing an overloaded server which is pretty typical of the first day a software revision comes out,” contended “Ralph Landry1″ on a different discussion thread.
Several iPhone owners who had said that they were unable to download iOS 9 returned to the same forum threads to report they had gotten the upgrade later.
Apple’s track record with iOS releases has been mixed. Last year’s iOS 8 roll-out seemingly started off smoothly — there were few initial complaints about getting the upgrade — but many soon griped that 8′s large size forced them to wipe apps and content from their devices before they could install the new OS.
iOS 9′s size and the free space requirements for installation were both reduced to address that problem of last year. The free space demand for iOS 9 fell to 1.3GB to 1.8GB from last year’s 4.5GB to 5GB.