February 09, 2007, 12:55 PM PST
Mobphishing
Posted by: Robert Vamosi

Mobile phishing, aka "mobphishing," doesn't involve e-mail and bogus Web pages as standard phishing attacks do; instead, mobphishing refers to fraudulent Wi-Fi access points coming from a smart mobile device as opposed to a laptop. In a presentation at the 2007 RSA Conference, Carl Banzhof, VP and chief technology evangelist at McAfee, said that he noticed newer mobile devices were including 802.11 support and wondered if one could hijack a user's hot spot connection (a so-called evil twin attack) using his own code. Banzhof purchased a T-Mobile MDA and, after a bit of trying, succeeded. The advantages of this new attack include being stealth (no one would suspect a smart phone would be capable of this), the ability to be mobile (he could carry it in his pocket, anywhere), the ability to get close to his victims (sitting literally next to them), and the ability to get into places that ordinarily would not allow laptops.

In an evil twin attack, the criminal overpowers a victim's connection to a public hot spot, convincing laptop users to connect to their much stronger device and thereby acting as a man-in-the-middle conduit to the Internet. Once someone is connected to the evil-twin access point, a criminal could then sniff data packets passing through their machine on the way to the Internet or simply steal login credentials and other personal data. Banzhof said in the future the mobile-access-point attacker might also be able to export his or her collection of stolen personal data via a legitimate access point connection or via EDGE technology. He also hinted that it might be even easier to accomplish this attack with Apple's new iPhone, which will be running a BSD Unix-based Mac operating system. There are many BSD tools that would be easy to port over. While Apple insists its phone will be a closed system (meaning one can't add software), Banzhof doubted that the iPhone operating system would really be closed.

Permalink | 1 comment

• Read also: security, cell phones, laptops, RSA Conference
• Email to a friend | Print this post

November 03, 2006, 4:19 PM PST
Staking out common spaces
Posted by: Elsa Wenzel

Most weekday lunch hours, the lobby at 101 Second Street is one of the calmer spots to eat a bag lunch and watch people in downtown San Francisco. But a secret surveillance operation there two weeks ago upset the usual stillness. Armed with digital cameras, several dozen artists circulated through the atrium for a few hours snapping pictures of each other, of strangers, and of the building's hidden cameras and bewildered security guards. This covert action aimed to test the boundaries of public surveillance.

"The camera breeds an atmosphere of fear and intolerance, and reinforces the idea that there's something to be afraid of," said John Bela, cofounder of the Rebar Group art collective that planned the action. Cameras are planted at nearly every corporate lobby, checkout corner, and subway stop, but is Big Brother less menacing when anyone with a cell phone camera can watch the watchers? Bela and fellow Rebar founder Matt Passmore are presenting their results today at a privacy symposium at the University of California at Berkeley.

The effects of last month's action seemed subtle to this undercover observer. It wasn't as if masses of Weegee wannabes suddenly descended upon the unwitting public like paparazzi on Pitt. Strangers posed for the Rebar infiltrators' cameras without question. Building security eventually discouraged the Rebar posse, whose members later said that the lack of immediate opposition nevertheless made them feel empowered.

Rebar chose the Second Street address because it's one of San Francisco's 14 privately owned public spaces, formed when city officials and real estate developers open part of a building to the public in exchange for perks, such as bonus square footage. "Part of our goal is to broaden the sense of behaviors that people find in these places," Passmore said.

The people behind Rebar aren't just merry privacy pranksters; they've also brought guerrilla yoga classes, rooftop kite flying, and other playful activities to various privately owned public spaces (including the lobby of CNETs headquarters). And on their PARK(ing) day, Rebar players roll out sod and benches at metered parking spots to chill out as long as the quarters last.

So what does this have to do with CNET? Rebar's whimsical infiltrations can make you think twice about a life gone digital. We might pass dozens of hidden cameras in a day without blinking. And we easily get immersed in binary worlds of social networking, Webcam-enabled instant messaging, and online role-playing, where we invite strangers into inner realms and suffer if security threats invade our hard drives. But unlike the all-seeing eye of Orwell's Big Brother, our society's surveilled, shared spaces--virtual and real-world ones--might be more like the Panopticon, a prison whose captives are watched without even knowing it. Still, we can reclaim these spaces, bit by bit, with a little wit--and "little brother" digital recording devices are one way to start.

Permalink | 3 comments

• Read also: security, cameras, cell phones
• Email to a friend | Print this post

November 02, 2006, 5:24 AM PST
Google Mail goes mobile, RSS too
Posted by: Rafe Needleman

Google is very smart about mobile devices. On a PDA or a cell phone, the Google search experience has been, for quite a while, very different than it is on a full-size screen. Google even parses Web pages it links to and tries to repackage them in a mobile-friendly way. (To force the Google mobile version, go to www.google.com/m.)

Gmail, though, has not been a great experience on mobile devices. But today Google is releasing a mobile Java Gmail application for cell phones that makes using your Gmail account much easier [news story]. The new app, which will be preloaded onto some new Sprint phones or available for download for anyone else who has a Java-capable phone here, is a very good mobile version of the Gmail Web app. The app gives Gmail its own custom menu system, which is much easier to navigate than a Web-based app would be on a cell phone. Gmail's message threading also shows up clearly, and the site displays attachments (such as photos, Word documents) in the app. One snag: In my tests on the phone Google sent me to try the product, links to documents on Google Docs and Spreadsheets did not work. Oops. (A new WAP version of the reader is available, too, which I have not tried.)

In related news, Google's new RSS reader also now has a mobile interface. It's a subtly different application from the full-size Web version of Google Reader. In the mobile app, you're presented first with your "reading list," the nine most recent stories to come into your feeds. You can select one by pressing its number (1 to 9; or 0 for the next nine), and, as with Google.com on a mobile, you'll get a special lightweight display of the story instead of the fully loaded page. You can also select a feed to read or search through your tags, but the cell phone interface is better suited to the task of skimming feeds.

Google clearly recognizes that when you're using its services on a mobile device, you probably want not just a different user interface, but different content as well. These are good mobile apps.

Permalink | 5 comments

• Read also: Web 2.0, cell phones
• Email to a friend | Print this post

October 18, 2006, 5:17 PM PDT
Jangl gives phone numbers to relationships, not individuals
Posted by: Rafe Needleman

Like most people my age, I guard my cell phone number closely--so closely that I cut myself off from people with whom I might otherwise want to talk. Some new services, like GrandCentral, give me control that the phone carriers don't by putting a second phone number between callers and me. GrandCentral will let me screen calls and determine who can reach me and when. That's great. But as soon as I call somebody from my cell phone, Caller ID gives me away--and my privacy and control evaporates.

Jangl is a very weird and potentially very useful service that assigns unique phone numbers to relationships. To get the Jangl number to reach me, for example, you would first go to Jangl.com and enter my Jangl ID, which I could have given you at a bar or on a Web site, etc. Then the site would give you a phone number. (In the future, Jangl will also deliver numbers via SMS). When you call that number the first time, you must leave a greeting for me, and if I then accept the call, we're connected. The same number you called is the one I use to call you, too. It's the phone number of our relationship.

The nice thing about this service is that neither you nor I can see each other's actual cell phone numbers. Also, either of us can terminate the relationship and expire the number. Since our actual phone numbers are never exposed to each other, that's it. Game over. Head back to the bar. This is even better than The Rejection Hotline.

The service does change the social dynamic a bit, though: Instead of giving people your number, you give them your Jangl ID. This makes sense on a public Web site, but if you meet somebody, give them an ID code, and say, "Look me up on Jangl, baby," they are either going to be confused, or else get the message: I'm keeping you at a distance.

We've blogged this before, but the service is nearing the open beta stage(the launch party is tonight), and because it's so unusual, I wanted to remind people of it.

Permalink | 2 comments

• Read also: Web 2.0, Cell phones
• Email to a friend | Print this post

October 18, 2006, 1:40 PM PDT
Sprint's Samsung MM-A960
Posted by: Kent German

After months of languishing in Best Buy stores, the Samsung MM-A960 (SPH-A960) is now for sale on Sprint's Web site for a fair $79 with service. Though its silver flip-phone design has little pizzazz overall, especially for an EV-DO handset, it does offer a unique circular external display.

Features are a bit more impressive. Inside you'll find Bluetooth, a 1.3-megapixel camera with PictBridge photo printing, a digital media player, a Micro SD card slot, a speakerphone, and speech-to-text dictation. So far our experience with the last feature has been mixed, but we're eager to test it out. Stay tuned.

Permalink | 1 comment

• Read also: cell phones
• Email to a friend | Print this post

October 17, 2006, 12:40 PM PDT
Another CNET blog to crave
Posted by: Lindsey Turrentine

Rev up your RSS reader--CNET has a brand-new blog. Its name says it all: Crave (http://crave.cnet.com) will cover the hottest and coolest digital gadgetry that you must have. Check it out (over and over and over again) for the latest in freaky, funny, or just plain awesome consumer electronics.

Permalink | 1 comment

• Read also: Emerging tech, MP3, Smart phones, Notebooks, Car tech, Cell phones
• Email to a friend | Print this post

October 13, 2006, 3:08 PM PDT
Red Razr for AIDS charity
Posted by: Nicole Lee

Along with the red iPod Nano announced yesterday, Motorola has jumped on the AIDS charity bandwagon with the very luscious red Razr, available from Sprint. As with the red iPod, this is part of Bono and Bobby Shriver's recent Red initiative to help combat HIV and AIDS in Africa. This new red Razr will be available in November from Sprint, and you can get it for $304.99 retail or $64.99 with a two-year service agreement.

If you're more of a Slvr fan, however, you might have to move to the U.K. to get the red version of the slim candy bar. That's right; while the red Razr is exclusive to the States, the red Slvr is exclusive to the U.K. And to up the ante of the Product Red experience, Motorola has also launched Studio Red, a site where you can download wallpaper, ring tones, and exclusive video content and learn more about the Red initiative.

Permalink | 4 comments

• Read also: Cell phones
• Email to a friend | Print this post

October 12, 2006, 10:08 AM PDT
Palm announces low-cost Treo 680
Posted by: Bonnie Cha

Hey, here's a shocker (well, not really, since we know Palm can't keep a secret): today, the company announced the new Palm Treo 680, a low-cost version of its famed smart phone. Unfortunately, we don't know exactly what "low-cost" means as Palm, in its ever-teasing fashion, didn't reveal specifics on pricing, carrier (although we have our guesses, Cingular, cough, cough), or availability today. Palm CEO Ed Colligan did say, however, that it will be priced competitively with similarly featured smart phones out there, and its aim is to reach a broader and more geographically diverse audience. So here are the juicy details:

Design: The Treo 680 will be available in four different colors: graphite, copper, arctic, and crimson. Now, while I certainly appreciate the variety, what's with the fire-engine red and bright orange? If part of the purpose is to attract more women, I'm not sure the "I can see you from a mile away" colors are going to do it. Of course, beauty is in the eye of the beholder. The device measures 4.4 by 2.2 by 0.8 inches and weighs 5.5 ounces; the antenna is also integrated into the device, so no stubby antenna. The screen displays 65,000 colors at a 320x320-pixel resoution.

Phone: It's a quad-band (GSM 850/900/1800/1900; GPRS/EDGE) phone. New phone app with a revamped user interface (five-tab view), active call thumbnails, integrated contacts, and simplified favorites. Also supports the ignore with text feature (one of my favorites) of the Treo 700 series, conference calling, and a speakerphone.

E-mail: Preloaded with VersaMail 3.5; now called Email on launcher page. Exchange ActiveSync now includes contact synchronization. Improved smart addressing, so it will remember recently used e-mail addresses. AutoSync for scheduling synchronization with e-mail, calendar, and contacts. Also comes with Documents To Go 8 for viewing and editing Word and Excel, and a PowerPoint and PDF viewer.

Multimedia: VGA camera with video-recording capabilities (yeah, you read right--lowly VGA; see my rant below). You can now add music to slide shows and save pictures as contacts. Includes Pocket Tunes for MP3 playback and streaming media (audio and video) without the need for third-party apps.

Wireless options: Bluetooth 1.2 and infrared. And no surprise here: no integrated Wi-Fi and it won't even support Palm's Wi-Fi card.

Other nuggets: Runs Palm OS 5.4.9 and has 64MB of SDRAM and 64MB of user-accessible memory. SD expansion slot accepts up to 2GB cards. Rated battery life: 4 hours of talk time, up to 300 hours of standby time.

Our take: OK, so those are the cold, hard facts; now, here's what we think. It's really hard to say how much of a value the Treo 680 is without knowing the exact price point of the device. As we mentioned earlier, Colligan said it will be competitively priced with other smart phones in its class, and most estimates have it going for around $199, much like the RIM BlackBerry Pearl and the Motorola Q. That said, the VGA camera is a complete disappointment. Both the Q and the Pearl have 1.3-megapixel cameras; hell, even most camera phones have that now, so why such a lowly camera for the 680? And please don't even get me started on the lack of Wi-Fi, let alone 3G support. That said, the tweaks to the phone and e-mail apps seem promising, and we always appreciate the intuitive nature of the Palm OS. It's also good to see the Treo is catching on to the skinny-phone craze.

So, while we think the Treo 680 is definitely a step in the right direction for the company, Palm is really going to have to step up to the plate to compete with latest crop of Nokia, Windows Mobile, and BlackBerry devices. We'll hold off final judgment until we get our hands on the actual product, but in the meantime, we'd love to hear your thoughts on the device and the future of Palm. TalkBack below.

Also, check our for our First Look video of the Treo 680 and photo gallery.

Permalink | 16 comments

• See product information for Palm Treo 680
• Read also: smart phones, cell phones, PDAs
• Email to a friend | Print this post

October 09, 2006, 1:08 PM PDT
T-Mobile begins to roll out 3G network
Posted by: Nicole Lee

Long left in the dust by Cingular, T-Mobile has only just announced that it plans to implement its new UMTS-based 3G service soon, with most of the work done in 2007 or 2008. As it's the fourth nationwide carrier to get on the 3G bandwagon, we're sure T-Mobile is feeling the heat to get the 3G ball rolling, especially since Cingular has already implemented HSDPA-level speeds, and there's already talk of a potential 4G network in the works. Here's hoping that the carrier also begins to bring more 3G-enabled devices into its lineup.

Permalink | 10 comments

• Read also: Cell phones
• Email to a friend | Print this post

October 09, 2006, 9:08 AM PDT
CNET UK reviews Palm Treo 750v; U.S. announcement on October 12?
Posted by: Bonnie Cha

If you're patiently waiting for the U.S. release of the Palm Treo 750v, here's a little something to read to pass the time. Our own CNET UK has a full review of the new Treo, and it looks like the Windows Mobile smart phone is a winner, earning an 8 out of 10 rating. Despite the lack of Wi-Fi and a small screen, they praise it for its usability. So when do we expect it to hit U.S. shores? Well, it could as early as this week. If you recall, we told you Palm is set to hold a press conference on Thursday, October 12, and the latest invite we got says there will a new product announcement. Of course, we'll be there to cover the event, so check back on Thursday at 10 a.m. PT for full blow-by-blow coverage.

Permalink | 3 comments

• See product information for Palm Treo 750v
• Read also: smart phones, cell phones, PDAs
• Email to a friend | Print this post