Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 6 min 47 sec ago
Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection—they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks.
The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers—and possibly Google employees screening apps submitted to Play—are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.
Security firm Trend Micro found the motion-activated dropper in two apps—BatterySaverMobi, which had about 5,000 downloads, and Currency Converter, which had an unknown number of downloads. Google removed them once it learned they were malicious.
I was 15 when Mortal Kombat first hit the arcades in 1992. It was a different era then—no social media, no modern Internet to speak of, and we didn't have year-long teaser campaigns for new games. You would just walk into the arcade one day and there was a new cabinet sitting there, maybe back in a corner, like a secret, or maybe in the center of the floor, already gathering a crowd.
Being nostalgic for your teenage years is easy, and I don't want to over-mythologize the arcade of my youth. But there was something special about getting those surprises, and we've lost that. It seems rare now to be hit with the unexpected—dodging spoilers is practically a contact sport. Here was this game like nothing else we'd seen before, and it just appeared.
We were already fighting-game players. Street Fighter II, Fatal Fury, World Heroes—we dropped our quarters into every game we could get our hands on. But Mortal Kombat was different.
Ready for a new version of Android? If you remember last year, Android P, the pre-release version of what eventually became Android 9 Pie, dropped in March. So we're probably not that far away from a preview of the next version of Android, which will is expected to be called "Android Q."
The popular news and phone modding site XDA Developers has gotten its hands on a pre-release version of Android Q and has produced an article and video detailing what's inside. Keep in mind: this is a pre-release version of a developer preview, so there are plenty of things that are subject to change. So far though, it looks like Android P's dark mode is extending to more of the system UI, and privacy and permissions controls are getting a big update.A dark mode, maybe for real this time
It seems like every year Google teases us with a dark mode and every year, once release rolls around, Android still doesn't have a comprehensive dark mode. It started with the Android M Developer Preview, which had a dark mode in the developer preview but not in the final Android 6.0 Marshmallow release. It popped up again in the Android N Developer Preview, only to pull the same disappearing act once release time came. Android 9 Pie finally shipped with a user-selectable "dark" mode, but it didn't change a whole lot. It only changed the Quick Settings, app-drawer background, and a few tiny System UI bits like the volume and power menu. Pie didn't even change the settings to white text on a dark background, despite that change being present on earlier M and N developer previews.
A New Jersey woman has sued T-Mobile in state court last week for sexual harassment, invasion of privacy, and other counts. She claims that, when she went to trade in her iPhone 7 at a store, two male employees rifled through her photos without her consent.
The men allegedly quickly found a private naked video of the woman, referred to in the complaint as "N.E.," and played it for themselves. The woman was mortified.
Ars contacted T-Mobile, which did not respond to our questions.
Wearables have brought Google and the fashion-focused Fossil Group closer together. Today, Fossil announced it will sell intellectual property related to smartwatch technology to Google in a deal worth $40 million. Upon news of the deal, Fossil Group shares jumped about 8 percent today.
Along with the IP, a section of Fossil's research and development team focused on wearables will join Google. However, the announcement highlights Google and Fossil's "shared investment in the wearable industry," which likely means that this deal will not quell Fossil's wearable efforts entirely. Fossil Group—which includes Diesel, Armani, Skagen, and Michael Kors—has launched smartwatches running Wear OS and hybrid smartwatches across 14 of its brands.
Greg McKelvey, Executive Vice President and Chief Strategy and Digital Officer at Fossil Group, said the following in a statement:
Lenovo, the current owner of Motorola Mobility, will release a new version of the iconic Razr cell phone, according to a report in The Wall Street Journal citing sources familiar with the matter.
Like a similar phone announced at Samsung's 2018 developers' conference, the new Razr will feature a foldable screen. A patent filed in May of 2017 describes a clamshell form factor with a flexible screen that folds inward. Also like Samsung's phone, it is expected to cost at least $1,500. Two hundred thousand units will be manufactured, according to The Wall Street Journal's sources.
The new Razr is just the latest in a series of very expensive specialty-phone announcements aimed at consumers who do not intend to upgrade frequently, reflecting the current reality of the smartphone business.
On Wednesday, an Etihad Airways Boeing 787 in Abu Dhabi embarked on a roughly seven-hour flight to Amsterdam with its tank full of a mixture of jet fuel and biofuel. The biofuel was derived from oil pressed out of Salicornia plants, which require saltwater to grow.
Gulf News reported that a full 50 percent of the jet fuel needed to take the plane to its destination was biofuel, which is an extraordinarily high ratio of biofuel to jet fuel, if this report is correct. Ars contacted Etihad Airways to confirm this number, and we will update the story when we receive a response.
Previous notable flights using biofuel have included a Qantas flight that used a 10-percent blend of mustard seed oil, a Virgin Atlantic flight that used a 5-percent blend of fuel made from industrial waste gas, an Alaska Airlines flight that used a 20-percent blend of fuel made from waste wood from Pacific Northwest timber harvests, and a series of United Airlines flights that used a 30-percent blend of biofuel from various sources.
A month ago, I asked readers to donate to our 2018 Charity Drive sweepstakes. All told, Ars Technica readers donated $20,210.66 to Child's Play and the EFF through the charity drive. That brings our total donations over 12 years of charity driving over the $300,000 mark! Well done, Arsians!
Thanks to everyone who gave whatever they could. We're still early in the process of selecting and notifying winners of our swag giveaway, so don't fret if you haven't heard if you're a winner yet. In the meantime, enjoy these quick stats from the 2018 drive.
Washington policymakers sought to ratchet up pressure on Chinese telecom giants Huawei and ZTE on Wednesday. A bipartisan group of lawmakers introduced new legislation that would ban exports to companies caught violating US sanctions laws.
It's the latest sign of a growing technological cold war between the United States and China over telecommunications technology. Huawei has allegedly stolen trade secrets from T-Mobile and other US companies. The Wall Street Journal reported yesterday that Huawei could face criminal charges over the issue.
In a separate case, Canadian officials arrested Meng Wanzhou—Huawei's chief financial officer and daughter of the company's founder—at the behest of the US government over allegations that the company had violated US sanctions laws. ZTE also stands accused of violating those laws.
Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list is headlined by a deal on Anker's PowerPort I desktop charger, the black model of which is currently down to $35 on Amazon. Typically, it retails in the high $40 or low $50 range.
This particular charger is meant to live on a desktop and charge various devices at once. Most notably, it comes with one USB-C Power Delivery (PD) port that charges at 30 watts. That's not the most powerful USB-C PD we've seen on a charger like this, and it means that the PowerPort is only really suitable to charge thin laptops like Apple's 12-inch MacBook.
But it's strong enough to charge the latest iPhones (with the right cable) and Android handsets at max speed, and it's good for a charger that also includes four 2.4-amp USB-A ports for refilling other devices. The charger gets 60W of power altogether. The PowerPoint is USB-IF certified, too, and Anker is a known, generally trustworthy name in this market. There's no Quick Charge, but if you need USB-C PD power but also want as many secondary ports as you can get, this is a solid price.
Everyone's favorite reluctant assassin is on the run with a $14 million bounty on his head, and few allies, in the action-packed first trailer for John Wick: Chapter 3—Parabellum.
(Spoilers for first two movies below.)
For those who missed the first two movies in the trilogy, John Wick (Keanu Reeves) is a legendary hitman (known as "Baba Yaga") who tried to retire when he fell in love and got married. Unfortunately, he's drawn back into the dark underground world by an act of senseless violence after his wife's death. As Wick mourns Helen's passing, Iosef Tarasov, the son of a Russian crime syndicate, breaks in, kicks him unconscious, and steals his classic 1969 Ford Mustang Mach 1. On top of all that, Tarasov kills the little dog, Daisy, that Helen gave to John to comfort him. From there, there's really no hope for Iosef. Nothing will stop John Wick from seeking retribution.
The ill-fated Windows 10 October 2018 Update has hitherto been offered only to those Windows users who manually sought it, either by using the dedicated upgrade and media creation tools or by manually checking for the update in Windows Update. Three months after its initial release, Microsoft has at last started pushing it to Windows users automatically.
The update was originally withdrawn because of a data loss bug. A month after the initial release, the bug was fixed and the fixed update was made available. Even this release was limited, with a number of blocks in place due to known incompatibilities. As described above, it was then only offered to those taking certain manual steps to update their machines. One month ago, these blocks were largely removed.
Even with automatic deployment and installation now enabled, the beleaguered update is still rolling out in phases. Initially, it will be offered to spaces where Microsoft is most confident that the update will be trouble-free—machines with configurations already known and tested. As the tap is slowly opened more and the update is made available to a wider range of hardware, the company will use operating system telemetry to detect any lingering incompatibilities with device drivers or unusual software.
After being criticized for charging a new fee that could kill a free texting service for teachers and students, Verizon is trying to deflect blame over the possible shutdown.
However, Verizon has backed down from its original position slightly, and ongoing negotiations could allow the free texting service to continue.
As we reported Monday, the dispute involves Verizon and Remind, which makes a communication service used by teachers and youth sports coaches. Verizon is charging an additional fee, saying the money will be used to fund spam-blocking services.
Health officials in New York are cautiously optimistic that they have a large measles outbreak under control after tackling the noxious anti-vaccine myths and unfounded fears that fueled the disease’s spread.
Since last fall, New York has tallied 177 confirmed cases of measles, the largest outbreak the state has seen in decades. It began with infected travelers, arriving from parts of Israel and Europe where the highly contagious disease was spreading. In New York, that spread has largely been confined to ultra-Orthodox Jewish communities.
As measles rippled through those insular religious communities, health officials ran into members who were wary of outsiders as well as those who harbor harmful myths and fears about vaccines. This included the completely false-yet-pernicious belief that the measles vaccine causes autism.
I was a true nerd growing up in the 1980s—not in the hipster way but in the 10-pound-issue-of-Computer-Shopper-under-my-arm way (these things were seriously huge). I was thoroughly addicted to BBSes (Bulletin Board Systems) by the time I was 10. Maybe it's no surprise I ended up as a technical director for a science and tech site.
In fact, I'd actually draw a direct line between the job of managing your own BBS (aka SysOping) to managing a modern Web infrastructure. And with everyone around Ars looking back given the site's 20th anniversary, let's make that line a bit clearer. It won't be an exhaustive history of websites, but here's how my own experiences with managing websites have evolved in the past two decades—plus how the tools and thinking have changed over time, too.LOAD “*”, 8, 1
My first SysOp experience was powered by a Commodore 128 (in 64 mode, of course) running Greg Pfountz’s Color 64 software. I sent Greg my check—well, my mom’s check—and received back a single 5.25-inch floppy diskette along with a hand-bound dotmatrix-printed manual. It was on.
Because climate change is such a complex, globe-spanning problem, it’s hard to really wrap your head around possible future scenarios. A future where no action is taken to slow greenhouse gas emissions is easy enough to grok, but what exactly does a “middle-of-the-road emissions world” entail?
These scenarios work well for outlining the range of futures available to us, but it can be hard to understand the steps necessary to get to that future. “What if?” scenarios are often easier to think about. What if we eliminated all greenhouse gas emissions tomorrow? Or, if those rainbow unicorns are too impractical for you, what if we didn't replace fossil fuel infrastructure when it reached the end of its life, replacing it with clean alternatives instead?End of life
That’s the question that a new study led by the University of Leeds’ Chris Smith investigated. The basic idea is to find out how much warming the world’s existing fossil-fuel-burning machinery commits us to, given how long that machinery is likely to run before it naturally hits the scrap heap.
Fallout 76 developer Bethesda has confirmed it is issuing temporary bans to players who access a hidden "developer room" full of lucrative and unreleased items for the online game.
News of the room's existence on Fallout 76 servers started leaking out publicly last week, with videos showing an area filled with boxes containing every legitimate item in the game, as well as a few cosmetics and weapons that have yet to be officially released (and a curious human-like NPC named "Wooby.") Details of the apparent teleport hack being used to access the room in the PC version of the game were harder to come by without lurking in private Discord channels and hacking forums, though.
A company that aspires to 3D print almost the entirety of its rockets has reached an agreement with the US Air Force to launch from historic facilities at Cape Canaveral Air Force Station in Florida. Relativity Space said Thursday it has a multiyear contract to build and operate its own rocket launch facilities at Launch Complex 16.
Under terms of the competitively awarded agreement, the site will officially be a “multiuser” facility for five years. However, if Relativity meets certain milestones and begins regularly launching rockets, it will be able to convert the agreement into a 20-year exclusive right to use the launch site.
Relativity has been searching for a launch site almost since the company’s inception in 2015, said co-founder Tim Ellis. However, the formal search has taken about eight months, he said. “This was definitely our top choice, I would say by quite a bit,” he said. “We looked at every launch site in the United States.”
Have I Been Pwned, the breach notification service that serves as a bellwether for the security of login credentials, has just gotten its hands on its biggest data haul ever—a list that includes almost 773 million unique email addresses and 21 million unique passwords that were used to log in to third-party sites.
According to Have I Been Pwned founder Troy Hunt in a post published Wednesday, the monster list is a compilation of many smaller lists taken from past breaches and has been in wide circulation over the past week. It was also posted to the MEGA file sharing site. At least one of the included breaches dated back to 2015. Dubbed "Collection #1," the aggregated data was likely scraped together to serve as a master list that hackers could use in credential stuffing attacks. These attacks use automated scripts to inject credentials from one breached website into a different website in hopes the holders reused the same passwords.
The 773 million email addresses and 21 million passwords easily beat Have I Been Pwned’s previous record breach notification that contained 711 million records. But there are other things that make this latest installment stand out. In all, it contains 1.16 billion email-password combinations. That means that the list covers the same people multiple times, but in many cases with different passwords. Also significant: the list—contained in 12,000 separate files that take up more than 87 gigabytes of disk space—has 2.69 billion rows, many of which contain duplicate entries that Hunt had to clean up.
The homely hagfish might look like just your average bottom feeder, but it has a secret weapon: it can unleash a full liter of sticky slime in less than one second. That slime can clog the gills of a predatory shark, for instance, suffocating it. Scientists are unsure just how the hagfish (affectionately known as a "snot snake") accomplishes this feat, but a new paper in the Journal of the Royal Society Interface suggests that turbulent water flow (specifically, the drag such turbulence produces) is an essential factor.
Scientists have been studying hagfish slime for years because it's such an unusual material. It's not like mucus, which dries out and hardens over time; hagfish slime stays slimy, giving it the consistency of half-solidified gelatin. That's due to long, thread-like fibers in the slime, in addition to the proteins and sugars that make up mucin, the other major component. Those fibers coil up into "skeins" that resemble balls of yarn. When the hagfish lets loose with a shot of slime, the skeins uncoil and combine with the salt water, blowing up more than 10,000 times its original size.
Yet the precise mechanism for slime deployment is still poorly understood, according to co-author Gaurav Chaudhary of the University of Illinois, Urbana-Champaign. Recent research showed that sea water is essential to the formation of the slime and that hagfish skeins can unravel spontaneously if ions in the sea water mix the adhesives that hold the fibrous threads together in skeins. Chaudhary says that what's missing in this earlier work is taking the fast time scales into account. A 2014 study, for instance, showed that any spontaneous unraveling of the skeins would take several minutes—yet the hagfish deploys its slime in about 0.4 seconds.