iOS 10 Backups Can Be Cracked 2,500 Times Faster Than iOS 9, Claims Security Researcher

iOS 10 Backups Can Be Cracked 2,500 Times Faster Than iOS 9, Claims Security Researcher

  • Researcher claims security check in iOS 10 is 2,500 times weak than iOS 9
  • Elcomsoft says brute force attack can be carried on iOS 10 backups
  • New attack specific to password-protected local backups in iOS 10 devices

A security research company based in Moscow claims to have discovered a flaw in Apple’s local password protected iTunes backups in iOS 10, a flaw that is said to weaken password security. According to ElcomSoft’s Oleg Afonin, the security flaw lets attackers develop a new attack that can bypass certain security checks when tallying passwords protecting local backups in iOS 10 devices.

“The impact of this security weakness is severe. An early CPU-only implementation of this attack (available in Elcomsoft Phone Breaker 6.10) gives a 40-times performance boost compared to a fully optimised GPU-assisted attack on iOS 9 backups,” writes Afonin.

Further detailing implementation of the attack, Elcomsoft claims that the new security check in iOS 10 is roughly “2,500 times weaker” compared to the one used in iOS 9 backups.

“Specifically they have changed from pbkdf2(sha1) with 10,000 iterations into using a plain sha256 hash with a single iteration only. This not only allows for a massive speed increase in password cracking, the change is so devastating that an early CPU-only cracking implementation is almost 40 times faster than a fully optimised GPU implementation for the old pbkdf2 version,” writes Per Thorsheim, Security Adviser at God Praksis AS.

It’s worth mentioning that the flaw discovered cannot be exploited remotely and needs the attacker to have access of the local backups in iOS 10.

Elcomsoft claims that brute force attack, which is a trial and error method used to decode encrypted data such as passwords, can only be carried on iOS 10 backups.

“This new vector of attack is specific to password-protected local backups produced by iOS 10 devices. The attack itself is only available for iOS 10 backups,” notes Elcomsoft. The research firm however points that the “new” password verification method exists in parallel system as well with the “old” method though it doesn’t affect the earlier versions.


Android leading with 64% for online gamblers

Android leading with 64% for online gamblers, which shouldn’t surprise anyone. Android smartphones are among the most popular of all smartphones, and this has been the case for a long time. While sixty-four percent is not a huge majority, it does still represent enough of a majority for people to take notice, especially Android’s competitors. Android leading with 64% for online gamblers, and there have to be reasons why this is the case. Gaming companies and tech companies should ask the right questions.

For one thing, the creation and distribution of apps for Android smartphones has been comparatively easy for a long time. People can design and post Android apps to the Google Play store themselves relatively easily. This is not the case with other types of smartphones, especially iPhones. Many other smartphone manufacturers manage to make it much harder for people to be able to create their own apps and to download a wide range of new apps. Professional app developers often have similar problems with other smartphones. Android creates a user-friendly experience in more ways than one, which makes a difference in the world of mobile casino gaming for the people who develop and use the games.


Android leading with 64% for online gamblers due to the inherent popularity of Android phones and the fact that Android reduces many of the barriers to creativity that exist in lots of other smartphone companies. Many of the people who have ideals regarding the freedom of information tend to love Android phones for that reason. These people are often going to like online gambling more than the individuals who believe in more restrictions in terms of technological products and information on the Internet. Android is going to attract people who have the beliefs and personalities that tend to make a person more favorable to online gambling, so it isn’t surprising to see Android leading with 64% for online gamblers.

The majority of online casinos will give people plenty of flexibility when it comes to which mobile devices they can use to access the games. The All Slots online casino makes it easy for people to use all of their favorite mobile devices if that is what they want. As such, people aren’t going to have to make any compromises when it comes to their favorite mobile devices. They really can choose the devices that they want, and if they like those devices for reasons that have nothing to do with online gaming, it won’t make a difference. Online casino gaming websites have given people enough flexibility that the other market forces are going to decide with mobile devices become particularly popular among online gamblers.

Mobile devices in general are popular among online gamblers, who enjoy the freedom that comes with playing outside of their homes in any location throughout the world. Fans of Android phones often claim that Android phones are the best mobile devices for gaming in general, which is going to cross over into online casino gaming. Android leading with 64% for online gamblers, and this trend should only continue.

New Android Malware Disguising Itself as Nintendo Emulator Games

A new Android malware has been discovered that disguises itself as Nintendo Entertainment System (NES) emulator games. Reported by researchers at Palo Alto Networks, the malware family named “Gunpoder” was observed in 49 unique samples across three different variants.The new malware is said to target Android users in at least 13 different countries including India, Iraq, Thailand, Indonesia, South Africa, Russia, France, Mexico, Brazil, Saudi Arabia, Italy, the United States, and Spain. The researchers pointed out one interesting observation of “Gunpoder” that this malware only propagated among users outside of China.

Further, the researchers stressed that the findings highlighted the fine line between adware, which is usually skipped by antivirus software, and malware, which is hostile software with malicious tendency.

(Also see: Android Apps Connect to a Shocking Number of Advertisement Sites: Study)

android_malware_screenshot_paloaltonetworks.jpgThe report notes that the samples of “Gunpoder” were uploaded to VirusTotal in November last year, and was marked as either benign or adware by all antivirus engines.

“While researching the sample, we observed that while it contained many characteristics of adware, and indeed embeds a popular adware library within it, a number of overtly malicious activities were also discovered, which we believe characterizes this family as being malware,” notes Palo Alto Networksreport.

According to researchers, the “Gunpoder” malware family can collect sensitive information from users; propagate itself through SMS message; potentially push fraudulent advertisements, and has ability to execute additional payloads.

Highlighting how the malware packaged itself into an emulator, the report adds, “Gunpoder samples embed malicious code within popular Nintendo Entertainment System (NES) emulator games, which are based on an open source game framework. Palo Alto Networks has witnessed a trend of malware authors re-packaging open source Android applications with malicious code. Gunpoder makes use of this technique, which makes it difficult to distinguish malicious code when performing static analysis.”

Detailing how the malware worked, the report added that soon after installation, the malware presented a declaring statement (when opened for the first time) explicitly notifying users that the app has ad-support and can allow the advertising library to collect information from the device. Once the app is launched, it will ask users to pay for a lifelong license of the game via a pop up dialog.

“If the user clicks the ‘Great! Certainly!’ button, a payment dialog will pop up, including PayPal, Skrill, Xsolla (the transaction link is no longer active) and CYPay. Users need to register a new PayPal or Skrill account or log in in to their existing account to pay $0.29 or $0.49. The CYPay supports offline gift voucher redeeming. Additionally, this payment dialog will pop up when users click the “Cheats” option within this app. In fact, the malware author added this malicious payment function into this ‘Cheats’ option, which is free in the original app,” explains the report.

Even if users skip the payment dialog, the malware can propagate messages that will be sent out – if users pause the main activity of the malware, and second, if payment is declined then it will share a “fun game” link which will be a variant of this malware family.

“Interestingly enough, the Gunpoder sample will detect the country of the user. If the user is not located in China, this app will automatically send an SMS message, which contains a variant downloading link, to random selected friends in the background,” adds report.

Huawei delays its Android Wear watch to Q3, hints at design tweaks

huawei watch android wear 03

The Huawei Watch may be the front-runner for best-looking Android Wear timepiece , but it could look a bit different when it finally goes on sale.

Yang Yong, Huawei’s manager for wearables, told The Wall Street Journal that the watch will hit the United States and Europe in the third quarter, later than the summer timeframe that Huawei announced at Mobile World Congress in March . Huawei is also apparently tweaking the watch’s design, with the Journal saying it will be “less bulky, more akin in appearance to a classical wrist watch with a round case.”

Last week, Chinese media reported that Huawei would delay the watch’s launch until September or October, due to issues with using Google services in China. Still, it was unclear if this affected Huawei’s launch plans elsewhere, and the company didn’t respond to our request for clarification at the time. The Journal’s report confirms a delay for Western markets, and also says the China launch could be pushed as far back as 2016 as Huawei works around its Android Wear woes.

There’s no word on whether Huawei is making any changes to the Watch’s tech specs, which currently include a 1.4-inch AMOLED display with 400-by-400 resolution, a 1.2 GHz Qualcomm processor, 512 MB of RAM, 4 GB of storage, a 300 mAh battery and a thickness of 11.3 mm. Yang told the Journal that Huawei won’t be releasing a new smartwatch every year, so the company may simply be making some minor design refinements in hopes of getting it right the first time.

Why this matters: As Greenbot’s Jason Cross wrote in March , the Huawei Watch was the most attractive Android Wear smartwatch he’d seen, with a round, stainless steel body that’s not as chunky asMotorola’s Moto 360 or LG’s Watch Urbane. While those watches have a diameter of 46 mm, the Huawei Watch’s 42 mm body should be a much better fit for small- to mid-sized wrists. It’s a promising improvement for Android Wear on the design front, provided Huawei doesn’t make any drastic changes.

Android Lollipop 5.1.1 updates: manually update your Nexus device with these tutorials

The Android scene is making very fast-paced progress. Nowadays, many smartphone developers and carriers are making their best efforts to roll out all the latest available updates to their users, as Google is almost ready to publicly release their latest offering of an operating system, the Android M (confectionary branding may follow). In fact, Android M is already available as a developer preview for the Nexus 5, Nexus 6, Nexus 9, and the Nexus Player.

While the entire Nexus line has already been issued with updates for Android Lollipop—with version 5.1.1 being the latest firmware available—there have been users who haven’t had their fix on the latest OS yet. For many, the delay in receiving updates could mean a big slump in user experience. However, whatever the delay may be—be it because of regional location, or because of respective mobile carrier—there is a workaround if users really want to get their hand on the latest Android 5.1.1 Lollipop.

First of all, be patient. Updates are not distributed to everyone all at once. To check if updates are already available, got to Settings > About device > System update > Check for update. Or, if connected to the Internet, the device will automatically notify users of the update availability.—all the user have to do is just tap “Download now”.

However, the worst case scenario could be that an update is still not available right now. This is when one can manually update the device by downloading the OTA Zip file and manually flashing the device. Here is a list of all Nexus devices and the respective tutorials on how to manually update them, all courtesy of Android Geeks.

  • Nexus 4: (download and tutorial)
  • Nexus 5: (download and tutorial)
  • Nexus 6: (download and tutorial)
  • Nexus 6 T-Mobile: (download and tutorial)
  • Nexus 7 2012 WiFi: (download and tutorial)
  • Nexus 7 2012 3G: (download and tutorial)
  • Nexus 7 2013 WiFi: (download and tutorial)
  • Nexus 7 2013 LTE: (download and tutorial)
  • Nexus 9 WiFi: (download and tutorial)
  • Nexus 9 LTE: (download and tutorial)
  • Nexus 10: (download and tutorial)

Pushbullet launches Portal, an app to transfer files between Android and your PC

pushbullet portal


Pushbullet wants to make it a snap to send a file from the desktop to your phone.

Portal is the company’s newest app, designed just for this purpose. Once you’ve installed it you just need to head to the Portal site to start a transfer.

Pushbullet also touts that Portal serves as an easy repository for finding any of your transferred files. No need to dig through Android’s file manager—just open up the Portal app and you’ll find everything you’ve sent over.

While Pushbullet has a similar capability for sharing files to your phone, it’s much faster to go the Portal route, which sends them directly over your local network.

Additionally, if your device has an SD card and Android Lollipop, you can specify the transfer go directly to your external storage.

The impact on you: Pushbullet is a hugely popular Android app because of how tightly it integrates your phone and computer. Portal is a nice add-on to have if you want a simple way to send a picture, video, or document directly to your device. No need to use the old-school method of emailing it to yourself or waiting for it to sync through a cloud service.

Why Google continues to bet on Android One phones in India

Why Google continues to bet on Android One phones in India
A file photo of Sundar Pichai, senior vice-president of Android, Chrome and Apps at Google. Photo: Bloomberg
When Sundar Pichai, senior vice-president of Google Inc., announced the launch of Android One phones in India last September, analysts were expecting fierce competition in the low-cost, or below Rs.10,000, smartphone market.
However, despite the fact that Google’s Android operating system (OS) runs on about 80% of the world’s phones, including those in India, the company’s handset partners have together managed to sell less than a million Android One devices in India till date.
Around 8.5 million Android phones were shipped to India from September 2014 till last month, according to the May 2015 Counterpoint Research Market Monitor. Research firm Convergence Catalyst pegged the total number of Android One handsets sold in India since its launch nine months ago at less than a million.
“And they form 2% to 2.5% of the total smartphones sold in that timeline, and 8% to 10% of the about $100 smartphone segment sales,” saidJayanth Kolla, research firm Convergence Catalyst’s founder and partner. Shipment numbers are typically 20-25% higher than actual sales numbers.
Caesar Sengupta, vice-president of product management and product strategy for Android One, Android for Work and Google Chromebooks, insists that the sales of Android One phones “are not disappointing”, since his company has a “broader goal of bringing the next billion people online”.
“We are happy with progress of Android One in India because we tend to think of the program from a platform perspective rather than as an OEM (original equipment manufacturer), which is all about the number of devices,” said Sengupta in a phone interview from Singapore on Friday.
“Last year alone, India saw the launch of 1,200 mobile phones at different price points. What we have achieved, from the Android perspective, is that we have managed to move the industry towards promising and delivering the latest OS updates to the end-user. Android One from that perspective has played the role of a catalyst in the market and we are very happy about that,” he said.
One reason for the slow pickup in sales, say analysts, was the initial decision to restrict the sale of Android One phones to just three handset makers: Micromax Informatics Ltd, Karbonn Mobiles, a joint venture between New Delhi-based Jaina Group and Bengaluru- based UTL Group, and Spice Mobility Ltd.
Of these handset makers, only one figures in the list of top three smartphone handset vendors in the Indian market. According to Counterpoint Research figures for the December quarter of 2014, total smartphone shipments to India stood close to 22 million with Samsung Electronics Co. Ltd leading the overall smartphone market with a 27.4% share, followed by Micromax at 19.5% and Intex Technologies (India) Ltdwith 6.5%.
Even in the overall Indian feature phone market, Samsung led the pack with a 16.1% share, followed by Micromax’s 14.4% and Microsoft’s (Lumia) 11% in the December quarter.
Sengupta, on his part, insisted that Android One makes it easier for handset makers to build a phone and get seamless security upgrades and software updates.
“We successfully delivered on our promise of ‘Always the latest’, and rolled out Lollipop 5.1 (the latest version of Android) at high quality and are now rolling out the next version, Lollipop 5.1.1,” said Sengupta, claiming that Android One devices have “seen the lowest rate of return in the market”.
In the next two years, he added, Google expects to see around 1.2 billion smartphone sales in just six countries— India, Nepal, Bangladesh, Sri Lanka, Indonesia and the Philippines—where Android One has been launched.
Android One phones have now been launched in Turkey, too, and “we are now available in seven countries and have around 20 OEM (original equipment manufacturer) partners”. India, too, “will have new phones from new OEMs and new countries coming up soon. We’ll announce when we’re ready. Lava is the new partner in India”, said Sengputa.
Lava, according to Counterpoint Research, had a 7.4% share of the overall phone market, and 5.1% of the smartphone market, in the December quarter.
According to Kolla, Android One “was and is a great product strategy, but where it faltered (so far) was in formulating and executing a robust go-to-market strategy. Although Google dictated the hardware, software features and specifications of the device, the onus of sales was on its Indian OEM partners…”
Kolla explained that all of these handset makers had their own devices in a similar price range (less than Rs.7,000). Besides, he said, most handset makers were only experimenting with online sales of smartphones at the time of Android One device launch, hence the exclusively online launch for a certain period of time did not go down well with traditional offline distribution channel partners of the handset makers.
Google, meanwhile, is “thinking carefully about how we evolve our products and our platforms to address the particular needs of these next billion users”, said Sengupta. He cited the launches of Search Lite, YouTube Offline and Maps Offline as cases in point “to make it easy for users to use the Internet with slower data speeds and high costs”.
Google also has Chromebooks as part of its strategy to connect the next billion. These are low-powered laptops meant primarily for web browsing, and equipped with the Chrome browser and Chrome OS.
It is a rapidly-growing but nascent category in the personal computer market. According to an 11 August 2014, report by research firm Gartner Inc., sales of chromebooks are set to nearly triple to reach 14.4 million units by 2017 from 5.2 million units in 2014—itself a 79% increase from 2013 figures.
“Schools have started embracing Chromebooks heavily in the US and in countries such as Malaysia. We have started seeing that trend in India, too. It’s still early days for this category, but we are happy with the progress,” said Sengupta.
But why does Google need two operating systems—Android OS and Chrome OS—that serve similar interests? Why not merge them?
“We now have Android apps running on Chromebooks. But we never talk about stuff before we have done it (referring to the likely merging of the two operating systems),” said Sengupta. “We tend to look at it more from the point of end-user experiences. For instance, you will notice that the look and feel of Chromebooks and Android devices are more and more similar, making it easier for people to use them. We are also working on data and apps to make that experience smooth, since that is what users care about.”

Motorola Droid Turbo users can experience Android 5.1 OS update on Verizon’s website


Wireless carrier Verizon is letting Motorola Droid Turbo users in the US get a feel of how the Android 5.1 (Lollipop) OS update will look and feel on their smartphones.

Verizon-driven Motorola Droid Turbo users can now use an in-browser simulator, to experience the Android 5.1’s features on the device. The simulator can be accessed on Verizon’s website.

This simulator provides a virtual feel of the various features and enhancements that Android 5.1 will offer to Droid Turbo handsets, once it is released by the network provider.

Enhancements users can look forward to after Android 5.1 is installed on Droid Turbo:

Motorola Droid Turbo users will receive Android 5.1 directly, hence, they can expect all features of Android 5.0 once it is installed.

Motorola Droid Turbo users will notice a brand new Material Design UI and improved lockscreen notifications, after updating to the Android 5.0 OS.

Besides a new Recent Apps menu, the update brings along the Android ART runtime, which launches applications much faster.

Users will also notice a new Quick Settings menu and a new battery saver mode, which has been implemented as a result of Google’s project Volta.

The new improved battery saver claims to automatically adjust the brightness of display and limits updates occurring in the background, leading to the overall battery life being enhanced by several notches.

Apart from the above newer aspects, Android 5.1 also incorporates fixes to multiple known issues inherent in Android 5.0. Click here to know a list of issues that Android 5.1 addresses.

Adobe Brings Photoshop Mix, Brush CC, Shape CC And Color CC To Android

Adobe launched four new Android apps today (slightly ahead of schedule). While the company has long offered iOS tools for popular apps like Photoshop, Lightroom and others, it has generally not made these services available for Android. Starting today, however, Creative Cloud subscribers can also use Photoshop Mix, Brush CC, Shape CC and Color CC on Google’s platform.

KkL2emq8NCDtAe9cnGuMu22eb891bzHxHJXzCvnhVBkIoLt4ir19hAYFmtZStgl4rhw=h900According to Scott Morris, Adobe’s senior marketing director for Creative Cloud, the company saw a lot of demand for Android and decided it was time to bring its tools to Google’s platform. To make this possible, the team had to first port Adobe’s Creative SDK to Android, so it took a while before the company was ready to launch these new apps. Morris also noted that it’s simply harder to develop for Android given the wide variety of Android devices on the market.

Overall, Adobe’s strategy around mobile apps has long been to release relatively single-purpose apps instead of mobile versions of its main Creative Cloud apps.

Brush CC, for example, lets you create brushes for Photoshop, Illustrator and Photoshop Sketch from photos you capture on your mobile phone or tablet.

Similarly, Shape CC lets you create vector drawings based on photos from your phones, and Color CC (aka Kuler) lets you pick colors from any image you capture on mobile and save them as color palettes for later use in the Creative Cloud apps.

Photoshop Mix is a bit different in that it gives you access to some basic image-editing tools from Photoshop (including content-aware fill) on mobile.

Overall, Morris tells me, the Android apps have the same feature set as their iOS counterparts

Adobe brings its handy mobile design apps to Android

Back in October, Adobe delivered a new suite of mobile apps to iOS devices. Keeping its promise to include the Android faithful as well, the company’s Photoshop Mix, Color CC,Brush CC and Shape CC are now available for download over at Google Play. Creative types running Google’s mobile OS on their devices can expect to easily transform a photo taken with a phone into vector art with Shape CC, make images edits with Photoshop Mix and build a collection of hues with Color CC. If you fancy iOS, there’s a new color capture app called Hue CC. With this bit of software, capture colors from photos to create custom Looks that can then be applied to videos in Premiere and After Effects on the desktop or Premiere Clip on a phone or tablet. All of the mobile apps are free to use, but Creative Cloud subscribers can take advantage of desktop compatibility and cloud storage for all of the stuff created while on the go.