Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor

Do you own an Android Smartphone from Xiaomi, HTC, Samsung, or OnePlus?

If yes, then you must be aware that almost all smartphone manufacturers provide custom ROMs like CyanogenMod, Paranoid Android, MIUI and others with some pre-loaded themes and applications to increase the device's performance.

But do you have any idea about the pre-installed apps and services your manufacturer has installed on your device?, What are their purposes? And, Do they pose any threat to your security or privacy?

With the same curiosity to find answers to these questions, a Computer Science student and security enthusiast from Netherlands who own a Xiaomi Mi4 smartphone started an investigation to know the purpose of a mysterious pre-installed app, dubbed AnalyticsCore.apk, that runs 24x7 in the background and reappeared even if you delete it.

Xiaomi is one of the world's largest smartphone manufacturers, which has previously been criticized for spreading malware, shipping handsets with pre-loaded spyware/adware and forked version of Android OS, and secretly stealing users' data from the device without their permission.

Xiaomi Can Silently Install Any App On your Device

After asking about the purpose of AnalyticsCore app on company’s support forum and getting no response, Thijs Broenink reverse engineered the code and found that the app checks for a new update from the company's official server every 24 hours.

While making these requests, the app sends device identification information with it, including phone's IMEI, Model, MAC address, Nonce, Package name as well as signature.

If there is an updated app available on the server with the filename "Analytics.apk," it will automatically get downloaded and installed in the background without user interaction.

"I couldn't find any proof inside the Analytics app itself, so I am guessing that a higher privileged Xiaomi app runs the installation in the background," Broenink says in his blog post.

Now the question is, Does your phone verify the correctness of the APK, and does it make sure that it is actually an Analytics app?

Broenink found that there is no validation at all to check which APK is getting installed to user's phone, which means there is a way for hackers to exploit this loophole.

This also means Xiaomi can remotely and silently install any application on your device just by renaming it to "Analytics.apk" and hosting it on the server.

"So it looks like Xiaomi can replace any (signed?) package they want silently on your device within 24 hours. And I’m not sure when this App Installer gets called, but I wonder if it’s possible to place your own Analytics.apk inside the correct dir, and wait for it to get installed," Broenink said.

Hackers Can Also Exploit This Backdoor

Since the researcher didn't find the actual purpose of the AnalyticsCore app, neither on Googling nor on the company's website, it is hard to say why Xiaomi has kept this mysterious "backdoor" on its millions of devices.

As I previously said: There is no such backdoor that only its creator can access.

So, what if hackers or any intelligence agency figure out how to exploit this backdoor to silently push malware onto millions of Xiaomi devices within just 24 hours?

Ironically, the device connects and receive updates over HTTP connection, exposing the whole process to Man-in-the-Middle attacks.

"This sounds like a vulnerability to me anyhow, since they have your IMEI and Device Model, they can install any APK for your device specifically," Broenink said.

Even on the Xiaomi discussion forum, multiple users have shown their concerns about the existence of this mysterious APK and its purpose.

"Don't know what purpose does it serve. Even after deleting the file it reappears after some time," one user said.

Another said, "if I go to battery usage app, this app is always at the top. It is eating away at resources I believe."

How to Block Secret Installation? As a temporary workaround, Xiaomi users can block all connections to Xiaomi related domains using a firewall app.

No one from Xiaomi team has yet commented on its forum about the question raised by Broenink. We'll update the story as soon as we heard from the company.

Meanwhile, if you are a Xiaomi user and has experienced anything fishy on your device, hit the comments below and let us know.  

Continue Reading →

Turing’s 2018 phone to have three Snapdragon 830s, 18GB RAM, 1.2TB storage

Turing announces Monolith Chaconne with 3 Snapdragon 830s, 4K display, 18GB of RAM, and much more

Turing Robotics Industries (TRI) with some more craziness after introducing the Turing Phone Cadenzalast week. The company has just announced the Turing Monolith Chaconne, a smartphone with specs even stranger than its name, through an email newsletter.

The above announcement by TRI come two months after the firm finally managed to ship the pilot Turing Phone, a crowdfunded Android handset, to early backers, after much delay and some revisions.

Coming to Turing Monolith Chaconne, let’s have a look at its specifications at a glance:

• 6.4-inch 4K display with 2160×3840 pixel resolution

• 3 Qualcomm Snapdragon 830 processors

• 18GB of LPDDR4X RAM (or 3 x 6GB memory chips)

• 1.2TB of storage (3 x 256GB memory, 512GB via microSD card)

• 60MP quad rear camera with Triplet Lens/T1.2 and iMAX 6K

• 20MP dual front camera

• Swordfish OS with deep learning (AI) features based on Sailfish OSS

• 120 Wh battery based on 3,600mAh Graphene Super-capacitor + 2,400mAh Li-Ion + Hydrogen Fuel Cell wordfish Sailfish OS

• WiGig support, Marshall audio, A.L.A.N

• Advanced AI Voice-Authenticated Power On/Off

• Four Nano-SIM support

• Graphene Oxide composite bodywork with Liquid Metal 2.0 Structural Frame, Lightweight Metal Outer Frame, High Temperature Alloy Components

• 4G + VoLTE, 3G, GSM

• Augmented Reality: Parallel Tracking & Mapping API

Steve Chao, CEO of TRI, in an email newsletter explains how it is going to connect the three Snapdragon 830 SoCs in the smartphone:

“TRI plans on connecting multiple CPUs via WiGig by implementing an ad-hoc driver to the 60GHz channel via on-board USB3.0. This complicated computing process stores a transient matrix in SSD of CPU(1), then it recomputes and shares the transient matrix with the other SSD of CPU(2) simultaneously. This results in the CPUs sharing their computing power in parallel. Such proprietary technology enables TRI to achieve never-seen-before computing power on a mobile device. So what exactly is this technology intended for? The answer is – Computational Intelligence (CI).”

The Turing Monolith Chaconne is expected to release in 2018. Whether or not will the company be able to launch this device next year and keep its promise, only time will tell. TRI also says that it will make its presence felt in Salo, Finland and start building prototypes for the Turing Phone Cadenza in a manufacturing facility right where Nokia and Microsoft used to produce their mobile phone prototypes.

Source: Turing

Continue Reading →

This Extraordinary App Visualizes Radio Waves From Cell Towers And Satellites Around You

iPhone App lets You See the Cell Towers, Wifi Signals and Satellites Around You

Wireless devices like cellphones, tablets, and laptops send out signals that are all around us, but completely invisible to the naked eye. Electromagnetic radiation is everywhere that is transmitted from millions of towers and Wi-Fi routers, which create a pulsating and invisible world around us.

To visualize the landscape wireless world around us, a Dutch artist named Richard Vijgen, who is also a programmer from Netherlands has created a new iOS app called Architecture of Radio, which uses your GPS location to give a 360 degree visualization of the unseen digital world.

“We are increasingly dependent on a global ecosystem of digital signals. We use them for so many things, yet we cannot see them,” reads Vijgen’s description of the app. “We can see the roads we use to travel, the buildings we live in, but not the infrastructure that is changing the world.”

Using datasets of almost 7 million cell towers, 19 million Wi-Fi routers, and hundreds of satellites, this $3 augmented reality app created by Richard Vijgen plots the ‘infosphere,’ the intricate network of signals both wired and wireless.

‘The purpose of this app is to make the invisible visible so we can look at it, think about it and discuss it,’ the iTunes description says.

The app plots the densities of digital signals, like radio waves, which exist outside the spectrum of visible light on a 3-D moving graph.

According to the App website, it is site-specific, and works by ‘reversing the ambient nature of the infosphere; hiding the visible while revealing the invisible technological landscape we interact with through our devices’.

You can now download the $3 iOS app for iPhone or iPad from here. When you fire it up, you see a cobalt-blue screen where the app takes your GPS location and loads a series of datasets drawn from a global database that includes the cell towers around you and the satellites overhead. The Android version of the app is expected to roll out soon.

Continue Reading →

Future Samsung Galaxy Phone To Run Windows And Android Simultaneously, Shows New Patent

Samsung patent shows smartphone running Android and Windows at the same time

Samsung has filed a new patent application in South Korea in which a user can switch back and forth between Android and Windows Phone operating systems simultaneously. The patent was filed back in May 2015. Currently, Samsung phones only run on the Android OS with a few exceptions that run on the company’s home-bred Tizen OS.

Basically, switching between the systems is much like  working with, multiple apps in Samsung’s Multi Window feature as implemented in current Galaxy smartphones. The company is using one OS as standard and whenever a user will press the Home button, it will go back to the same default OS.

According to reports, diagrams of the patent filing show how the two OS will co-exist and be used simultaneously. The OS that is not in use will minimise in the form of an icon and the user can tap it to jump into that OS. Further, it also shows how shared folders and resources can be set-up so that both operating systems have access to them, and their performance could be manually limited by tweaking their access to the CPU, RAM and storage. Users can even drag and drop files between the two operating systems. The patent also states that users will be able to view files from both the OS.

Whether this patent would turn into reality only time will tell. In the past too, the South Korean giant had officially introduced the dual-boot tablet Ativ Q in 2013. Even though it was a really interesting concept, the tablet has never made it to shelves.

Continue Reading →

Here is why Apple killed the 3.5mm headphone jack on the iPhone 7

Apple explains in detail why it killed the 3.5mm headphone jack

Apple unveiled its latest smartphones – the iPhone 7 and iPhone 7 Plus – at a grand event in San Francisco on Wednesday (September 7). Both new iPhones go on pre-order in the U.S. on September 9 and will be going on sale in the country on September 16.

For some time now, the world’s biggest tech company had been widely expected to kill off the headphone jack at the launch of the iPhone 7 in San Francisco. So, it was no surprise when the iPhone 7 was revealed without 3.5mm headphone jack, and has been replaced by headsets that plug into the device’s Lightning adapter, which is also used for charging. The Lightning adapter will be provided for free inside of every iPhone 7 box to help smooth over the transition away from the 3.5mm jack.

However, Apple’s decision to remove the headphone jack that has been around and in-use for decades as part of an underlying push towards wireless, is likely be a topic of heated debate for months to come.

Yesterday, Phil Schiller said that Apple was deserting the headphone jack because it was the only company “courageous” enough to make such a drastic and bold decision. In short, Schiller’s hyperbolic joke became a point of laughter across the web.

Further, defending the company’s decision for removing the headphone jack, Apple’s SVP of hardware engineering Dan Riccio told BuzzFeed News, “We’ve got this 50-year-old connector — just a hole filled with air — and it’s just sitting there taking up space, really valuable space.” He adds, “It was holding us back from a number of things we wanted to put into the iPhone. It was fighting for space with camera technologies and processors and battery life. And frankly, when there’s a better, modern solution available, it’s crazy to keep it around.”

Removal of the headphone jack has allowed Apple to increase the size of the 4.7-inch iPhone 7 battery by 14%, finally offering users with an extra two hours of battery life. Further, removing the 3.5mm jack has also helped Apple deliver a more water-resistant iPhone, Riccio explained.

Apple executive, Greg Joswiak said, “The audio connector is more than 100 years old. It had its last big innovation about 50 years ago. You know what that was? They made it smaller. It hasn’t been touched since then. It’s a dinosaur. It’s time to move on,” justifying that there is no convincing reason to keep the 3.5mm headphone jack active.

In the meanwhile, another Apple executive Phil Schiller said that the shift to wireless technology is “inevitable.”

“You’ve got to do it at some point,” Schiller added. “Sooner or later the headphone jack is going away. There are just too many reasons aligned against it sticking around any longer. There’s a little bit of pain in every transition, but we can’t let that stop us from making it. If we did, we’d never make any progress at all.”

Whether or not Apple has made a sensible decision to do away with the 3.5mm jack on the iPhone only time will tell.

Continue Reading →