Millions of Mobile Phones Come Pre-Infected With Malware, Say Researchers

Trend Micro researchers at Black Hat Asia are warning that millions of Android devices worldwide come pre-infected with malicious firmware before the devices leave their factories. “This hardware is mainly cheapo Android mobile devices, though smartwatches, TVs, and other things are caught up in it,” reports The Register. From the report: This insertion of malware began as the price of mobile phone firmware dropped, we’re told. Competition between firmware distributors became so furious that eventually the providers could not charge money for their product. “But of course there’s no free stuff,” said [Trend Micro researcher Fyodor Yarochkin], who explained that, as a result of this cut-throat situation, firmware started to come with an undesirable feature — silent plugins. The team analyzed dozens of firmware images looking for malicious software. They found over 80 different plugins, although many of those were not widely distributed. The plugins that were the most impactful were those that had a business model built around them, were sold on the underground, and marketed in the open on places like Facebook, blogs, and YouTube.

The objective of the malware is to steal info or make money from information collected or delivered. The malware turns the devices into proxies which are used to steal and sell SMS messages, take over social media and online messaging accounts, and used as monetization opportunities via adverts and click fraud. One type of plugin, proxy plugins, allow the criminal to rent out devices for up to around five minutes at a time. For example, those renting the control of the device could acquire data on keystrokes, geographical location, IP address and more. “The user of the proxy will be able to use someone else’s phone for a period of 1200 seconds as an exit node,” said Yarochkin. He also said the team found a Facebook cookie plugin that was used to harvest activity from the Facebook app.

Through telemetry data, the researchers estimated that at least millions of infected devices exist globally, but are centralized in Southeast Asia and Eastern Europe. A statistic self-reported by the criminals themselves, said the researchers, was around 8.9 million. As for where the threats are coming from, the duo wouldn’t say specifically, although the word “China” showed up multiple times in the presentation, including in an origin story related to the development of the dodgy firmware. Yarochkin said the audience should consider where most of the world’s OEMs are located and make their own deductions.

The team confirmed the malware was found in the phones of at least 10 vendors, but that there was possibly around 40 more affected. For those seeking to avoid infected mobile phones, they could go some way of protecting themselves by going high end. That is to say, you’ll find this sort of bad firmware in the cheaper end of the Android ecosystem, and sticking to bigger brands is a good idea though not necessarily a guarantee of safety. “Big brands like Samsung, like Google took care of their supply chain security relatively well, but for threat actors, this is still a very lucrative market,” said Yarochkin.

Read more of this story at Slashdot.

Pure Storage: No More Hard Drives Will Be Sold After 2028

An anonymous reader shares a report: In the latest blast of the HDD vs SSD culture wars, a Pure Storage exec is predicting that no more hard disk drives will be sold after 2028 because of electricity costs and availability, as well as NAND $/TB declines. Shawn Rosemarin, VP R&D within the Customer Engineering unit at Pure, told B&F: “The ultimate trigger here is power. It’s just fundamentally coming down to the cost of electricity.” Not the declining cost of SSDs and Pure’s DFMs dropping below the cost of disks, although that plays a part. In his view: “Hard drive technology is 67 years old. We need to herald this technology that went from five megabytes the size of this room to where we are today. And even the latest HAMR technology, putting a laser on the top of the head in order to heat up the platters, is pretty remarkable … But we’re at the end of that era.”

HDD vendors sing a different tune, of course. Back in 2021, HDD vendor Seagate said the SSD most certainly would not kill disk drives. There’s a VAST vs Infinidat angle to it as well, with the former also stating disk drive IO limitations would cripple the use of larger disk drives in petabyte-scale data stores, with Infidat blasting back that it “must be joking.” Gartner has had a look in too, claiming that enterprise SSDs will hit 35 percent of HDD/SSD exabytes shipped by 2026 – though that would make Rosemarin’s 2028 cutoff unlikely. Pure recently stated SSDs would kill HDDs in a crossover event that would happen “soon.” Rosemarin, meanwhile, continued his argument: “Our CEO in many recent events has quoted that 3 percent of the world’s power is in datacenters. Roughly a third of that is storage. Almost all of that is spinning disk.

So if I can eliminate the spinning disk, and I can move to flash, and I can in essence reduce the power consumption by 80 or 90 percent while moving density by orders of magnitude in an environment where NAND pricing continues to fall, it’s all becoming evident that hard drives go away.” Are high electricity prices set to continue? “I think the UK’s power has gone up almost 5x recently. And here’s the thing … when they go up, they very seldom if ever come down … I’ve been asked many times do I think the cost of electricity will drop over time. And, frankly, while I wish it would and I do think there are technologies like nuclear that could help us over time. I think it’ll take us several years to get there. We’re already seeing countries putting quotas on electricity, and this is a really important one — we’ve already seen major hyperscalers such as one last summer who tried to enter Ireland [and] was told you can’t come here, we don’t have enough power for you. The next logical step from that is OK, so now if you’re a company and I start to say, well, we only have so much power, so I’m gonna give you X amount of kilowatts per X amount of employees, or I’m gonna give you X amount of kilowatts for X amount of revenue that you contribute to the GDP of the country or whatever metric is acceptable.”

Read more of this story at Slashdot.

Will AI Become the New McKinsey?

Sci-fi writer Ted Chiang, writing for New Yorker: So, I would like to propose another metaphor for the risks of artificial intelligence. I suggest that we think about A.I. as a management-consulting firm, along the lines of McKinsey & Company. Firms like McKinsey are hired for a wide variety of reasons, and A.I. systems are used for many reasons, too. But the similarities between McKinsey — a consulting firm that works with ninety per cent of the Fortune 100 — and A.I. are also clear. Social-media companies use machine learning to keep users glued to their feeds. In a similar way, Purdue Pharma used McKinsey to figure out how to “turbocharge” sales of OxyContin during the opioid epidemic. Just as A.I. promises to offer managers a cheap replacement for human workers, so McKinsey and similar firms helped normalize the practice of mass layoffs as a way of increasing stock prices and executive compensation, contributing to the destruction of the middle class in America.

A former McKinsey employee has described the company as “capital’s willing executioners”: if you want something done but don’t want to get your hands dirty, McKinsey will do it for you. That escape from accountability is one of the most valuable services that management consultancies provide. Bosses have certain goals, but don’t want to be blamed for doing what’s necessary to achieve those goals; by hiring consultants, management can say that they were just following independent, expert advice. Even in its current rudimentary form, A.I. has become a way for a company to evade responsibility by saying that it’s just doing what âoethe algorithmâ says, even though it was the company that commissioned the algorithm in the first place.

Read more of this story at Slashdot.

Google Brings Dark Web Monitoring At All US Gmail Users

At Google I/O on Wednesday, Google said that all Gmail users in the U.S. will soon be able to discover if their email address has been found on the dark web. The dark web report security feature will roll out over the coming weeks, and will be expanded to select international markets. BleepingComputer reports: Once enabled, it will allow Gmail users to scan the dark web for their email addresses and take action to protect their data based on guidance provided by Google. For instance, they’ll be advised to turn on two-step authentication to protect their Google accounts from hijacking attempts. Google will also regularly notify Gmail users to check if their email has been linked to any data breaches that ended up on underground cybercrime forums.

“Dark web report started rolling out in March 2023 to members across all Google One plans in the United States, providing a simple way to get notified when their personal information was discovered on the dark web. “Google One’s dark web report helps you scan the dark web for your personal info — like your name, address, email, phone number and Social Security number — and will notify you if it’s found,” said Google One Director of Product Management Esteban Kozak in March when the feature was first announced. The company says all the personal info added to the profile can be deleted from the monitoring profile or by removing the profile in the dark web report settings.

Read more of this story at Slashdot.

Hulu Content Will Be Added To Disney+

Disney CEO Bob Iger said the company will add Hulu content to its Disney+ streaming app, adding that it will also raise the price of its ad-free streaming service later this year. CNBC reports: CEO Bob Iger said the company would soon begin offering a “one app experience” in the U.S. that incorporates Hulu content into its flagship streaming service, Disney+. Standalone options for all of Disney’s platforms, including ESPN+, will remain. “This is a logical progression of our DTC offerings that will provide greater opportunities for advertisers, while giving bundle subscribers access to more robust and streamlined content resulting in greater audience engagement and ultimately leading to a more unified streaming experience,” Iger said during Wednesday’s earnings call.

Iger attributed the move toward a one-app location for both Disney+ and Hulu content to the “advertising potential for the combined platform.” While Hulu has long offered an ad-supported option for subscribers, Disney+ launched the cheaper tier last year. Disney will begin to roll out the one-app offering by the end of the calendar year, and Iger said the company would share further details at a later time. In the company’s fiscal second quarter earnings, the company reported $21.82 billion in revenue, up 13% from the same period last year and beating estimates. It did, however, shed 4 million Disney+ subscribers.

Read more of this story at Slashdot.

Google’s New Pixel Tablet Is a $500 Slate For the Home

Google has announced the Pixel Tablet after teasing it during last year’s Google I/O conference. The Verge reports: The Pixel Tablet is designed from the ground up to be good at what people typically use tablets for: watching video or playing games in the comfort of their own home. It is not, however, making any statements about the future of computing. The looks of the Pixel Tablet are relatively generic. It has an 11-inch, 16:10, 2560 x 1600 pixel LCD display, even bezels all around, and a matte back. It comes in three colors: white, dark green, and light pink, with the dark green model featuring a black bezel. Though it looks like plastic from a distance, the Pixel Tablet has an aluminum frame with a nanotexture coating, not unlike what Google did with the Pixel 5 smartphone.

Bundled in the box with the Pixel Tablet is a magnetic speaker dock. This serves multiple purposes and is meant to prevent the dreaded “dead tablet in a drawer” syndrome: it’s a place to store the Pixel Tablet when it’s not in use; it charges the battery; and it has a louder, fuller speaker better suited for communal listening than the speakers that are built into the tablet. If you’re playing music or watching a video on the tablet when you put it on the dock, it will seamlessly transfer the audio to the dock’s speaker. Pull the tablet off the dock while something is playing, and it will instantly switch to the tablet’s speakers.

When mounted on the speaker dock, the Pixel Tablet looks an awful lot like the Nest Hub Max, a $250 smart display that Google released back in 2019. But make no mistake, the Pixel Tablet is an Android tablet and not a smart display — it runs completely different software and has different capabilities compared to the Nest Hub. That said, when the tablet is docked on the speaker, it can show a slideshow of images from your Google Photos albums just like the Nest Hub. It also has a quick access button to the Google Home app so you can control smart home devices, and it can accept voice commands from a distance for hands-free Google Assistant queries. The lock screen won’t show any personal information like notifications — for that, you’ll have to unlock the tablet to access the accounts that are set up on it. The $499 slab is available for preorder starting today, and will begin shipping on June 20th.

Read more of this story at Slashdot.

Major Psychologists’ Group Warns of Social Media’s Potential Harm To Kids

For the first time, the American Psychological Association (APA) has issued guidelines for teenagers, parents, teachers and policymakers on how to use social media, with the aim of reducing the rate of depression, anxiety and loneliness in adolescents. NPR reports: The 10 recommendations in the report summarize recent scientific findings and advise actions, primarily by parents, such as monitoring teens’ feeds and training them in social media literacy, even before they begin using these platforms. But some therapists and clinicians say the recommendations place too much of the burden on parents. To implement this guidance requires cooperation from the tech companies and possibly regulators.

While social media can provide opportunities for staying connected, especially during periods of social isolation, like the pandemic, the APA says adolescents should be routinely screened for signs of “problematic social media use.” The APA recommends that parents should also closely monitor their children’s social media feed during early adolescence, roughly ages 10-14. Parents should try to minimize or stop the dangerous content their child is exposed to, including posts related to suicide, self-harm, disordered eating, racism and bullying. Studies suggest that exposure to this type of content may promote similar behavior in some youth, the APA notes.

Another key recommendation is to limit the use of social media for comparison, particularly around beauty — or appearance-related content. Research suggests that when kids use social media to pore over their own and others’ appearance online, this is linked with poor body image and depressive symptoms, particularly among girls. As kids age and gain digital literacy skills they should have more privacy and autonomy in their social media use, but parents should always keep an open dialogue about what they are doing online. The report also cautions parents to monitor their own social media use, citing research that shows that adults’ attitudes toward social media and how they use it in front of kids may affect young people.

The APA’s report does contain recommendations that could be picked up by policy makers seeking to regulate the industry. For instance it recommends the creation of “reporting structures” to identify and remove or deprioritize social media content depicting “illegal or psychologically maladaptive behavior,” such as self-harm, harming others, and disordered eating. It also notes that the design of social media platforms may need to be changed to take into account “youths’ development capabilities,” including features like endless scrolling and recommended content. It suggests that teens should be warned “explicitly and repeatedly” about how their personal data could be stored, shared and used.

Read more of this story at Slashdot.

Goodbye To Roblox On Linux With Their New Anti-Cheat and Wine Blocking

Roblox’s new anti-cheat software puts a stop to in-game exploits, but at what cost? According to Liam Dawe from Gaming On Linux, it’s blocking the Wine application, meaning “you won’t be able to play it on Linux any more, at all, unless you find some sort of special workaround.” He adds: “Previously the roll-out of this update was being tested only with some users. Now though it’s here for everyone giving a 64 bit client and introducing their Hyperion anti-cheat software which they are intentionally blocking Wine with.” Here’s what one of their staff had to say about this: Hi – thanks for the question. I definitely get where you’re coming from, and as you point out, you deserve a clear, good-faith answer. Unfortunately that answer is essentially “no.”

From a personal perspective, a lot of people at Roblox would love to support Linux (including me). Practically speaking, there’s just no way for us to justify it. If we release a client, we have to support it, which means QA, CS, documentation, etc., all of which is much more difficult on a fragmented platform. We release weekly on a half-dozen platforms. Adding in the time to test, debug, and release a Linux client would be expensive, which means time taken away from improving Roblox on our current platforms.

Even Wine support is difficult because of anti-cheat. As wonderful as it would be to allow Roblox under Wine, the number of users who would take advantage of that is minuscule compared with our other platforms, and it’s not worthwhile if it makes it easy for exploiters to cheat.

I’m sorry to be such a downer about this, but it’s the reality. We have to spend our time porting to and supporting the platforms that will grow our community.

Again, I’m personally sorry to have to say this. Way back in 2000 I had a few patches accepted into the kernel, and I led the port of Roblox game servers from Windows to Linux several years ago. From a technical and philosophical perspective, it would be a wonderful thing to do. But our first responsibility is to our overall community, and the opportunity cost of supporting a Linux client is far, far too high to justify.

Read more of this story at Slashdot.