Skip to main content
 
 
 

Bad RCS implementations are creating big vulnerabilities, security researchers claim - The Verge

Jon Porter writing for The Verge

“We find that is actually a step backwards for a lot of networks [compared to SMS],” Karsten Nohl from SRLabs told Motherboard. “All of these mistakes from the 90s are being reinvented, reintroduced.”

 
 
 
 

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable | Ars Technica

Dan Goodin writing for Ars Technica

An attack wouldn't be completely surreptitious. The screen of an exploited device would display the camera as it recorded video or shot an image. That would tip off anyone who was looking at the handset at the time the attack was being carried out. Still, the attack would be able to capture video, sound, and images at times when a phone display was out of eyesight, such as when the device was placed screen down. The app was able to use the proximity sensor to determine when the device is face down.

Google and Samsung have released fixes, but it's impossible to know how many handsets out there remain vulnerable to this exploit.

 
 

Lin-Manuel Miranda on The Role of the Artist in the Age of Trump

Jason Kottke writing for kottke.org

In a 1969 piece, Kurt Vonnegut asserted that art is an early warning system for society:

I sometimes wondered what the use of any of the arts was. The best thing I could come up with was what I call the canary in the coal mine theory of the arts. This theory says that artists are useful to society because they are so sensitive. They are super-sensitive. They keel over like canaries in poison coal mines long before more robust types realize that there is any danger whatsoever.

 
 

Google Is Finally Rolling Out its Own RCS in the US | WIRED

Ron Amadeo writing for WIRED

The only power RCS has comes from the fact that your carrier might do it, which would instantly upgrade the baseline messaging service it offers on (at least new) phones. RCS's power comes from it being the default. Google's version of RCS isn't the default, though. You need to download the Google Messages app to use it, and Google Messages isn't the default texting app on most phones. The app is not required to ship alongside the Play Store like Gmail, Google Maps, Search, and other top-tier Google apps, so most OEMs don't ship it at all. Instead, they opt for their own messaging app.

I don't have high hopes for RCS.

 
 
 
 

Researchers hack Siri, Alexa, and Google Home by shining lasers at them | Ars Technica

Dan Goodin writing for Ars Technica:

The attack exploits a vulnerability in microphones that use micro-electro-mechanical systems, or MEMS. The microscopic MEMS components of these microphones unintentionally respond to light as if it were sound. While the researchers tested only Siri, Alexa, Google Assistant, Facebook Portal, and a small number of tablets and phones, the researchers believe all devices that use MEMS microphones are susceptible to Light Commands attacks.