Monday, October 24, 2011

iPhone Turned Into spiPhone: Smartphone Senses Nearby Keyboard Vibrations and Deciphers Sentences

 

It's a pattern that no doubt repeats itself daily in hundreds of millions of offices around the world: People sit down, turn on their computers, set their mobile phones on their desks and begin to work. What if a hacker could use that phone to track what the person was typing on the keyboard just inches away?

A research team at Georgia Tech has discovered how to do exactly that, using a smartphone accelerometer -- the internal device that detects when and how the phone is tilted -- to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy. The procedure is not easy, they say, but is definitely possible with the latest generations of smartphones.

"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Patrick Traynor, assistant professor in Georgia Tech's School of Computer Science. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."

Previously, Traynor said, researchers have accomplished similar results using microphones, but a microphone is a much more sensitive instrument than an accelerometer. A typical smartphone's microphone samples vibration roughly 44,000 times per second, while even newer phones' accelerometers sample just 100 times per second -- two full orders of magnitude less often. Plus, manufacturers have installed security around a phone's microphone; the phone's operating system is programmed to ask users whether to give new applications access to most built-in sensors, including the microphone. Accelerometers typically are not protected in this way.

The technique works through probability and by detecting pairs of keystrokes, rather than individual keys (which still is too difficult to accomplish reliably, Traynor said). It models "keyboard events" in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart. After the system has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements (i.e., are the letters left/right, near/far on a standard QWERTY keyboard). Finally, the technique only works reliably on words of three or more letters.

For example, take the word "canoe," which when typed breaks down into four keystroke pairs: "C-A, A-N, N-O and O-E." Those pairs then translate into the detection system's code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields "canoe" as the statistically probable typed word. Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80 percent.

"The way we see this attack working is that you, the phone's owner, would request or be asked to download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors," said Henry Carter, a PhD student in computer science and one of the study's co-authors. "Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."

Mitigation strategies for this vulnerability are pretty simple and straightforward, Traynor said. First, since the study found an effective range of just three inches from a keyboard, phone users can simply leave their phones in their purses or pockets, or just move them further away from the keyboard. But a fix that puts less onus on users is to add a layer of security for phone accelerometers.

"The sampling rate for accelerometers is already pretty low, and if you cut it in half, you start to approach theoretical limitations that prevent eavesdropping. The malware simply does not have the data to work with," Traynor said. "But most phone applications can still function even with that lower accelerometer rate. So manufacturers could set that as the default rate, and if someone downloads an application like a game that needs the higher sampling rate, that would prompt a permission question to the user to reset the accelerometer."

In the meantime, Traynor said, users shouldn't be paranoid that hackers are tracking their keystrokes through their iPhones.

"The likelihood of someone falling victim to an attack like this right now is pretty low," he said. "This was really hard to do. But could people do it if they really wanted to? We think yes."

The finding is reported in the paper, "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers," and will be presented on Oct. 20, at the 18th ACM Conference on Computer and Communications Security in Chicago. In addition to Carter, Traynor's coauthors include Georgia Tech graduate student Arunabh Verman and Philip Marquardt of the MIT Lincoln Laboratory.

 

Source: Science Daily

Friday, October 14, 2011

60% Drop In Google+ Traffic Hints At Social Networking Fatigue





The hype machine surrounding the launch of any new social network went into overdrive a few months ago when Google+ debuted to a select group of beta testers, receiving largely positive reviews from the tech elite. But now that the service has been opened to the public, a new report claims that the social networking site has suffered a staggering loss of roughly 60 percent of its traffic.

The report, conducted by data analytics firm Chitika, claims, "The data shows that, on the day of its public debut, Google+ traffic skyrocketed to peak levels. But, soon after, traffic fell by over 60 percent as it returned to its normal, underwhelming state. It would appear that although high levels of publicity were able to draw new traffic to Google+, few of them saw reason to stay."

Of course, this report is just the latest hit to the service, as just last week it was observed that Google's executive team has a spotty record of posting on Google+, breaking the "eat your own dogfood" rule common to most successful social networks.

Sony: 93,000 PlayStation, Online Accounts Hacked



Sony's hacking problems aren't over yet.

On Wednesday morning, Philip Reitinger, Sony's newly hired chief information security officer, said that about 93,000 PlayStation Network and Sony Online Entertainment user accounts have been breached in a Web attack.

The attack is merely the latest for Sony, which has been dealing with online assaults on its user accounts most of the year. So far, more than 90 million Sony user accounts across the company's online services have been breached, which led to online video gaming services being suspended for more than a month.

The security breaches haven't been limited to Sony's gaming business either. Sony's cloud-based Qriocity music service, Sony music websites and Sony Pictures websites have been hacked this year too.

Reitinger, whom Sony hired in September, is a veteran of the online security world and formerly was a top security official at the U.S. Department of Homeland Security and Microsoft Corp.'s chief trustworthy infrastructure strategist. He's also worked for the Department of Defense and the Department of Justice and holds a law degree from Yale.

Sony created an entirely new position for Reitinger in hiring him in a bid to show it was serious about changing what is becoming an image of having a weak security system for users of its online services.

In a statement on Sony's PlayStation blog, Reitinger said it is unsure how successful or widespread the most recent attacks have been, but it has "detected attempts" to crack into Sony's Entertainment Network, PlayStation Network and the Sony Online Entertainment services "to test a massive set of sign-in IDs and passwords against our network database."

"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources," he said. "In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks."

Reitinger said that Sony has made moves to fend off the attacks.

"Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected," he said. "There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts' valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked."

The nearly 93,000 accounts that were hacked and then locked down are currently under review by Sony so the company can figure out if an outside party really did access those accounts or not, Reitinger said.

Despite what Sony believes is the likely hacking of the large number of accounts, credit card numbers were not at risk in the security breach, he said. However, Sony "will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet," Reitinger said.

"As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt," he said. "If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password."

"Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on."


Source:http://latimesblogs.latimes.com

Apple Opens iCloud Ahead Of iOS 5 Launch




When Apple's iOS 5 launches, iCloud will be waiting.

iCloud.com is now open to everyone. The site provides a suite of Web apps for e-mail, contacts, calendars, document viewing and finding your iPhone. Anything you do in these apps will be synced automatically to all other iOS devices.

To access iCloud.com, you first need to set up iCloud on either an iOS 5 device or a Mac running OS X Lion. Because iOS 5 doesn't go live until later today, Windows users and Mac users running older OS X versions will have to wait a bit longer to try the iCloud website.

iCloud's main purpose is to cut the cord between iOS devices -- such as the iPhone and iPad -- and PCs. Starting with iOS 5, Apple will back up user data to the Internet automatically, making it available to Macs, Windows PCs and other iOS devices without wires.

The services at iCloud.com are just one-half of the equation for accessing your data on a PC or Mac. The other half is iTunes, which can be used to manage music, TV shows, apps and e-books. Apple updated iTunes to version 10.5 on Tuesday, bringing with it the ability to view your entire library of purchased content and download it all to a PC or Mac.

Microsoft Finalizes USD8.5 Billion Skype Acquisition

Microsoft said Friday that it has closed its US$8.5 billion acquisition of Skype, the Internet telephony provider in Luxembourg, and the company will function as a new business division within Microsoft.

Skype CEO Tony Bates will assume the title of president of the new Skype Division immediately, reporting directly to Microsoft CEO Steve Ballmer.

The acquisition is however still under review in a few countries, and will be completed in those countries when such reviews are closed, Microsoft said without naming the countries. The deal was cleared by the Department of Justice in the U.S. in June and antitrust regulators in the European Union this month.

Microsoft announced in May that it had agreed to acquire Skype, and said at the time that it would be integrated with Microsoft's products, without affecting availability of the popular Internet telephony application on platforms from competitors.

The Skype division will continue to offer its current products to millions of users globally, Microsoft said on Friday. In the long term, Skype will also be integrated across an array of Microsoft products to broaden Skype's reach and accelerate its growth as a fundamental way for people to communicate online, it added.

Founded in 2003, Skype was acquired by eBay in September 2005, and then acquired by an investment group led by Silver Lake in November 2009. Other members of the selling investor group led by Silver Lake include eBay International, CPP Investment Board, Joltid in partnership with Europlay Capital Advisors, and Andreessen Horowitz, Microsoft said.


Source: www.pcworld.in

Friday, October 7, 2011

iPhone 5 release date faces 4S-incuded 4-12 month wait for Sprint etc.

 

The rise of the iPhone 4S dictates that the iPhone 5 release date won’t be in 2011. Not on new favorite son Sprint. Not on uneasy recent partner Verizon. And not on old frenemy AT&T. But rest easy, it won’t be in 2012 either. The fate of the iPhone 5 now comes down to Apple’s strategy as much as whatever manufacturing or component issues which held it up in the first place, as Tim Cook and the company must not only contend with the passing of Steve Jobs a mere one day after the 4S unveiling, but also the fact that it can’t very well turn around and launch the iPhone 5 a few weeks from now even if it is ready; backlash from 4S buyers would off the charts. So while Apple hasn’t said a word about the iPhone 5 or even so much as spoken the words “iPhone 5″ at any point, here’s a look at what logic, circumstance, and common sense dictate are the practical iPhone 5 release date scenarios. Listed by date, and handicapped by the odds of each happening:

January whiplash: This sees the iPhone 5 ready to go by January and, realizing that the iPhone 4S didn’t overwhelm anyone and opting to waste no time, holds a press event in mid January and gives the iPhone 5 a late January release date. Those who skipped the 4S will be thrilled, those who bought it in October will be more than a little ticked that their new iPhone just became obsolete three months later, particularly in light of stringent cell carrier upgrade pricing schemes. The iPhone 4S would also stick around as a bargain model, and would see a price cut of at least $100 as of the iPhone 5 arrival, leaving 4S buyers feeling not just disappointed but ripped off. This “too soon” scenario seems unlikely unless backlash against the 4S is really bad…

Sunday, October 2, 2011

Scientists release most accurate simulation of the universe to date

 

The Bolshoi supercomputer simulation, the most accurate and detailed large cosmological simulation run to date, gives physicists and astronomers a powerful new tool for understanding such cosmic mysteries as galaxy formation, dark matter, and dark energy.

 

The simulation traces the evolution of the large-scale structure of the universe, including the evolution and distribution of the dark matter halos in which galaxies coalesced and grew. Initial studies show good agreement between the simulation's predictions and astronomers' observations.

"In one sense, you might think the initial results are a little boring, because they basically show that our standard cosmological model works," said Joel Primack, distinguished professor of physics at the University of California, Santa Cruz. "What's exciting is that we now have this highly accurate simulation that will provide the basis for lots of important new studies in the months and years to come."

Primack and Anatoly Klypin, professor of astronomy at New Mexico State University, lead the team that produced the Bolshoi simulation. Klypin wrote the computer code for the simulation, which was run on the Pleiades supercomputer at NASA Ames Research Center. "These huge cosmological simulations are essential for interpreting the results of ongoing astronomical observations and for planning the new large surveys of the universe that are expected to help determine the nature of the mysterious dark energy," Klypin said.

Primack, who directs the University of California High-Performance Astrocomputing Center (UC-HIPACC), said the initial release of data from the Bolshoi simulation began in early September. "We've released a lot of the data so that other astrophysicists can start to use it," he said. "So far it's less than one percent of the actual output, because the total output is so huge, but there will be additional releases in the future."

The previous benchmark for large-scale cosmological simulations, known as the Millennium Run, has been the basis for some 400 papers since 2005. But the fundamental parameters used as the input for the Millennium Run are now known to be inaccurate. Produced by the Virgo Consortium of mostly European scientists, the Millennium simulation used cosmological parameters based on the first release of data from NASA's Wilkinson Microwave Anisotropy Probe (WMAP). WMAP provided a detailed map of subtle variations in the cosmic microwave background radiation, the primordial radiation left over from the Big Bang. But the initial WMAP1 parameters have been superseded by subsequent releases: WMAP5 (five-year results released in 2008) and WMAP7 (seven-year results released in 2010).

The Bolshoi simulation is based on WMAP5 parameters, which are consistent with the later WMAP7 results. "The WMAP1 cosmological parameters on which the Millennium simulation is based are now known to be wrong," Primack said. "Moreover, advances in supercomputer technology allow us to do a much better simulation with higher resolution by almost an order of magnitude. So I expect the Bolshoi simulation will have a big impact on the field."

The standard explanation for how the universe evolved after the Big Bang is known as the Lambda Cold Dark Matter model, and it is the theoretical basis for the Bolshoi simulation. According to this model, gravity acted initially on slight density fluctuations present shortly after the Big Bang to pull together the first clumps of dark matter. These grew into larger and larger clumps through the hierarchical merging of smaller progenitors. Although the nature of dark matter remains a mystery, it accounts for about 82 percent of the matter in the universe. As a result, the evolution of structure in the universe has been driven by the gravitational interactions of dark matter. The ordinary matter that forms stars and planets has fallen into the "gravitational wells" created by clumps of dark matter, giving rise to galaxies in the centers of dark matter halos.

A principal purpose of the Bolshoi simulation is to compute and model the evolution of dark matter halos. The characteristics of the halos and subhalos in the Bolshoi simulation are presented in a paper that has been accepted for publication in the Astrophysical Journal and is now available online. The authors are Klypin, NMSU graduate student Sebastian Trujillo-Gomez, and Primack.

A second paper, also accepted for publication in the Astrophysical Journal and available online, presents the abundance and properties of galaxies predicted by the Bolshoi simulation of dark matter. The authors are Klypin, Trujillo-Gomez, Primack, and UCSC postdoctoral researcher Aaron Romanowsky. A comparison of the Bolshoi predictions with galaxy observations from the Sloan Digital Sky Survey showed very good agreement, according to Primack.

The Bolshoi simulation focused on a representative section of the universe, computing the evolution of a cubic volume measuring about one billion light-years on a side and following the interactions of 8.6 billion particles of dark matter. It took 6 million CPU-hours to run the full computation on the Pleiades supercomputer, recently ranked as the seventh fastest supercomputer in the world.

A variant of the Bolshoi simulation, known as BigBolshoi or MultiDark, was run on the same supercomputer with the same number of particles, but this time in a volume 64 times larger. BigBolshoi was run to predict the properties and distribution of galaxy clusters and other very large structures in the universe, as well as to help with dark energy projects such as the Baryon Oscillation Spectroscopic Survey (BOSS).

Another variant, called MiniBolshoi, is currently being run on the Pleiades supercomputer. MiniBolshoi focuses on a smaller portion of the universe and provides even higher resolution than Bolshoi. The Bolshoi simulation and its two variants will be made publicly available to astrophysical researchers worldwide in phases via the MultiDark Database, hosted by the Potsdam Astrophysics Institute in Germany and supported by grants from Spain and Germany.

Primack, Klypin, and their collaborators are continuing to analyze the results of the Bolshoi simulation and submit papers for publication. Among their findings are results showing that the simulation correctly predicts the number of galaxies as bright as the Milky Way that have satellite galaxies as bright as the Milky Way's major satellites, the Large and Small Magellanic Clouds.

"A lot more papers are on the way," Primack said.

This research was funded by grants from NASA and the National Science Foundation.