• Has Apple Peaked?

    posted by Keito
    2012-09-26 21:15:00
    'If Steve Jobs were still alive, would the new map application on the iPhone 5 be such an unmitigated disaster? Interesting question, isn’t it?

    As Apple’s chief executive, Jobs was a perfectionist. He had no tolerance for corner-cutting or mediocre products. The last time Apple released a truly substandard product — MobileMe, in 2008 — Jobs gathered the team into an auditorium, berated them mercilessly and then got rid of the team leader in front of everybody, according to Walter Isaacson’s biography of Jobs. The three devices that made Apple the most valuable company in America — the iPod, the iPhone and the iPad — were all genuine innovations that forced every other technology company to play catch-up.

    No doubt, the iPhone 5, which went on sale on Friday, will be another hit. Apple’s halo remains powerful. But there is nothing about it that is especially innovative. Plus, of course, it has that nasty glitch. In rolling out a new operating system for the iPhone 5, Apple replaced Google’s map application — the mapping gold standard — with its own, vastly inferior, application, which has infuriated its customers. With maps now such a critical feature of smartphones, it seems to be an inexplicable mistake.

    And maybe that’s all it is — a mistake, soon to be fixed. But it is just as likely to turn out to be the canary in the coal mine. Though Apple will remain a highly profitable company for years to come, I would be surprised if it ever gives us another product as transformative as the iPhone or the iPad.

    Part of the reason is obvious: Jobs isn’t there anymore. It is rare that a company is so completely an extension of one man’s brain as Apple was an extension of Jobs. While he was alive, that was a strength; now it’s a weakness. Apple’s current executive team is no doubt trying to maintain the same demanding, innovative culture, but it’s just not the same without the man himself looking over everybody’s shoulder. If the map glitch tells us anything, it is that.

    But there is also a less obvious — yet possibly more important — reason that Apple’s best days may soon be behind it. When Jobs returned to the company in 1997, after 12 years in exile, Apple was in deep trouble. It could afford to take big risks and, indeed, to search for a new business model, because it had nothing to lose.

    Fifteen years later, Apple has a hugely profitable business model to defend — and a lot to lose. Companies change when that happens. “The business model becomes a gilded cage, and management won’t do anything to challenge it, while doing everything they can to protect it,” says Larry Keeley, an innovation strategist at Doblin, a consulting firm.

    It happens in every industry, but it is especially easy to see in technology because things move so quickly. It was less than 15 years ago that Microsoft appeared to be invincible. But once its Windows operating system and Office applications became giant moneymakers, Microsoft’s entire strategy became geared toward protecting its two cash cows. It ruthlessly used its Windows platform to promote its own products at the expense of rivals. (The Microsoft antitrust trial took dead aim at that behavior.) Although Microsoft still makes billions, its new products are mainly “me-too” versions of innovations made by other companies.

    Now it is Apple’s turn to be king of the hill — and, not surprisingly, it has begun to behave in a very similar fashion. You can see it in the patent litigation against Samsung, a costly and counterproductive exercise that has nothing to do with innovation and everything to do with protecting its turf.

    And you can see it in the decision to replace Google’s map application. Once an ally, Google is now a rival, and the thought of allowing Google to promote its maps on Apple’s platform had become anathema. More to the point, Apple wants to force its customers to use its own products, even when they are not as good as those from rivals. Once companies start acting that way, they become vulnerable to newer, nimbler competitors that are trying to create something new, instead of milking the old. Just ask BlackBerry, which once reigned supreme in the smartphone market but is now roadkill for Apple and Samsung.

    Even before Jobs died, Apple was becoming a company whose main goal was to defend its business model. Yes, he would never have allowed his minions to ship such an embarrassing application. But despite his genius, it is unlikely he could have kept Apple from eventually lapsing into the ordinary. It is the nature of capitalism that big companies become defensive, while newer rivals emerge with better, smarter ideas.

    “Oh my god,” read one Twitter message I saw. “Apple maps is the worst ever. It is like using MapQuest on a BlackBerry.”

    MapQuest and BlackBerry.

  • Another Samsung Galaxy S3 vulnerability hits. Malicious Service Loading can hard reset the device with no user interaction.

    posted by Keito
    2012-09-25 21:12:40
  • How to root & install CyanogenMod on a Samsung Galaxy S2

    posted by Keito
    2012-09-25 20:05:13
    Here's a quick breakdown of the process. (For a more in-depth guide, please check out this page.)

    1/ Find correct insecure kernel for our current ROM firmware version
    2/ Use ODIN and insecure kernel to root phone
    3/ Download CyanogenMod (and optional extra google apps) and place on SD Card
    4/ Backup current ROM
    5/ Install CyanogenMod

    Right, so let's get down to it!...

    1/ Find correct insecure kernel for our current ROM firmware version

    Finding the correct insecure kernel version is easy, simply go to Settings -> About phone -> Kernel Version. Note the string present there

    Example (yours will almost certainly be different):

    What matters most (KG1) in this case, is in bold. Then find the matching file under the download section of this thread.

    Example (yours will almost certainly be different):

    The XX and OXA identifiers are not that important. Usually a "KG1" kernel is a "KG1" kernel, and that is that. Sometimes (pretty rare) it happens there will be multiple different kernels with the same name in different firmwares, that are actually different. If this happens, they are usually only very minor changes and you should expect them to still be fully compatible. The "XX" and "OXA" identifiers are there so the very advanced users can deduce which full firmware the insecure kernel file was taken from.

    Don't worry too much, just find the matching download and use it.

    2/ Use ODIN and insecure kernel to root phone

    - Download ODIN then install it.

    - (USB) Disconnect your phone from your computer if it is connected.
    - Start ODIN.
    - Click the PDA button, and select CF-Root-xxx-vX.X.tar
    - Put your phone in download mode by powering down the handset, then press power+volume-down+home buttons all at once. Hold down until download mode screen shows.
    - (USB) Connect the phone to your computer.
    - Make sure repartition is NOT checked.
    - Click the START button.
    - Wait for the phone to reboot.
    - Done (shouldn't take more than ~30 secs).

    3/ Download CyanogenMod (and optional extra google apps) and place on SD Card

    - Download your preferred version of CyanogenMod.
    - Optional: Download the Google Apps for the device. (select the one that matches your CM version!).
    - Place the CyanogenMod file on the root of the SD card.
    - Optional: Place the Google Apps .zip on the root of the SD card also.

    4/ Backup current ROM

    Now you're rooted, it's a good idea to backup the current ROM (with apps, settings, etc) before installing any custom ROM. If you want to retain your apps and settings when installing a new ROM, use Titanium Backup (not covered in this guide).

    - Boot into recovery mode by powering down the handset, then press power+volume-up+home buttons all at once. Hold down until recovery mode screen shows.
    - Once the device boots into recovery mode, use the side volume buttons to move around and the power button to select.
    - Select backup and restore.
    - Select backup (this may take some time).
    - Once the backup has finished, select +++++Go Back+++++

    Now, you can always boot into recovery and restore the current ROM, should anything go awry with our CyanogenMod install.

    5/ Install CyanogenMod

    - Select the option to Wipe data/factory reset.
    - Select the option to Wipe cache partition.
    - Select Install zip from sdcard.
    - Select Choose zip from sdcard.
    - Select the CyanogenMod
    - Optional: Install the Google Apps by performing steps 7 - 9 again and choosing the Google Apps
    - Once the installation has finished, select +++++Go Back+++++ to get back to the main menu, and select the Reboot system now option.

    CONGRATULATIONS!!!! The Samsung Galaxy S II should now boot into CyanogenMod.

    PS: Massive thanks to the Steve Kondik and the CyanogenMod team for a great ROM, and humongous thanks to Chainfire for his guides/downloads/work.
  • Security researchers hack Android remotely over NFC to gain full control and steal all data from a Samsung Galaxy S3

    posted by Keito
    2012-09-20 21:43:37
    'Mobile Pwn2Own at EuSecWest 2012

    Today MWR Labs demonstrated an Android vulnerability at the EuSecWest Conference in Amsterdam. The demonstration of the 0day exploit took place at the Mobile Pwn2Own competition. The exploit was developed in a team effort between our South African and UK offices. The vulnerability was found and the exploit was developed by Tyrone and Jacques in South Africa and Jon and Nils in the UK.

    ### Impact

    MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation.

    The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.

    ### The Vulnerabilities

    The first vulnerability was a memory corruption that allowed us to gain limited control over the phone. We triggered this vulnerability 185 times in our exploit code in order to overcome some of the limitations placed on us by the vulnerability.

    We used the second vulnerability to escalate our privileges on the device and undermine the application sandbox model. We used this to install a customised version of Mercury, our Android assessment framework. We could then use Mercury’s capabilities to exfiltrate user data from the device to a remote listener, including dumping SMS and contact databases, or initiating a call to a premium rate number.

    ### Challenges & Shortcomings

    Android 4.0.4 has many of the exploit mitigation features that are common to desktop Linux distributions, including Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP). Shortcomings in these protections allowed us to leverage the control we had of the device to trigger the second vulnerability. Crucially, the ASLR implementation is incomplete in Android 4.0.4, and does not cover Bionic (Android’s linker) and /system/bin/app_process, which is responsible for starting applications on the device. Other protections which would make exploitation harder were also found to be absent.

    A more in depth technical blog post will be released once the vulnerability has been patched by the vendor, detailing the process of finding and exploiting this bug.'
  • Tokyo court gives win to Samsung after US loss

    posted by Keito
    2012-09-02 16:26:58
    'A court in Tokyo has ruled that Samsung Electronics did not infringe on patents held by Apple, a victory for the South Korean company.

    The patent was related to transferring media content between devices.

    It comes after Samsung lost a key patent case in the US last week and was ordered to pay more than $1bn (£664m) in damages.

    This is one of many cases brought to courts around the world by the two smartphone market leaders.

    "We welcome the court's decision, which confirmed our long-held position that our products do not infringe Apple's intellectual property," said Samsung in a statement to the BBC.

    Tokyo District Judge Tamotsu Shoji dismissed the case filed by Apple in August, finding that Samsung was not in violation of Apple patents related to synchronising music and video data between devices and servers.
    Sales ban

    On 24 August, a US court ruled Samsung had infringed Apple patents for mobile devices, including the iPhone and iPad.

    The company has vowed to continue to fight against Apple saying it will appeal against the US ruling.

    Apple is now seeking a ban on sales of eight Samsung phones in the US market.

    On 6 December, US District Judge Lucy Koh, who presided over the initial trial, will hear Apple's plea for an injunction against the Samsung phones, although it does not include the most recent Samsung phone to hit the market, the Galaxy S3.'