Like boarding a sinking ship , European entrepreneur Luca Filigheddu ( Twimbow , Sitòfono ) is actually joining Research In Motion.
Starting next week, Filigheddu will become part of RIM’s Developer Relations team as BlackBerry Developer Evangelist for the Italian market.
That’s obviously not huge news, but we were just amazed why anyone would be interested in working for RIM – especially now .
The troubled Canadian firm is getting utterly squeezed by companies like Apple and Android smartphone and tablet makers worldwide, and its stock is getting hammered like never before after it reported a gruesome $518 million net loss for the quarter yesterday. The company is slashing 5,000 jobs, and it has delayed the launch of the first BlackBerry 10 smartphone until 2013.
Filigheddu considers it a challenge, and he’s actually optimistic.
An entrepreneur at heart, he’s going to maintain board seats at the companies he’s been involved with for the past 12 years, but will be “100% committed to the new role at RIM”. He motivates his decision thusly:
Duly noted, and we wish Luca best of luck. We still think he’s a very brave man.
FinFisher malware goes mobile: Infects Android, iPhone, BlackBerry
The infamous FinFisher cyber espionage tool has gone mobile, malware style. Multiple mobile Trojans for the Android, iOS, BlackBerry, Symbian, and Windows Mobile platforms have been discovered as have many Command and Control (C&C) servers around the world that they communicate with. Security researchers from the University of Toronto Munk School of Global Affairs ‘ Citizen Lab (via The Financial Post ) have published an extensive report detailing their findings.
The malware is designed to spy on you via your phone. It can monitor your apps, emails, text messages, and voice calls. It can phone home to send data as well as get further instructions. It can track your location.
While FinFisher is described as surveillance software developed by U.K.-based Gamma Group , what we’re talking about here is malware. The researchers say the discovered “tools” are consistent in functionality with documentation for the FinSpy Mobile product, a component of the FinFisher toolkit.
Your phone can get infected if you are tricked into downloading the spyware, which can be disguised as something other than FinSpy. You don’t even have to be using your browser: it can come via a text message that looks like it’s from your cellular provider, asking you to install an app or perform a system update.
The Android version of this threat comes in the form of an APK that installs itself as “Android Services.” It requests a massive slew of permissions:
Access_Coarse_Location
Access_Fine_Location
Internet
Read_Phone_State
Access_Network_State
Read_Contacts
Read_Sms
Send_Sms
Receive_Sms
Write_Sms
Receive_Mms
Receive_Boot_Completed
Process_Outgoing_Calls
Access_Network_State
Access_Wifi_State
Wake_Lock
Change_Wifi_State
Modify_Phone_State
Bluetooth
And_Receive_Wap_Push
One of the samples calls home to C&C servers located in the Czech Republic and the U.K.
The iOS threat was developed for Arm7, and appears to work on iOS 4.0+, meaning the iPhone 4, iPhone 4S, iPad 1, iPad 2, iPad 3, as well as the iPod touch 3 and the iPod touch 4 are all affected. The bundle is typically called “install_manager.app.” Multiple references to “FinSpy” are all over the binary, and it appears that a developer’s certificate belonging to Martin Muench, Managing Director of Gamma International and head of the FinFisher product portfolio, was used. The malware makes a point to keep itself from being wiped upon a reboot of an infected iOS device. The threat can perform arbitrary data exfiltration, SMS interception, and so on.
The BlackBerry threat is a complex ode file. It can manipulate BlackBerry apps, access crypto libraries, and access other phone functionality such as sending SMS messages. The malware can call home to Germany and Indonesia. It asks for a slew of permissions:
USB
Phone
Location Data
Internet
Wi-Fi
Cross Applicaiton Communication
Device Settings
Media
Application Management
Themes
Input Simulation
Browser Filtering
Recording
Security Timer Reset
Organizer Data
Files
and Security Data
The malware can log and manipulate phone events, and can even accept a silent call so that the attacker can listen to a conversation in the infected phone’s vicinity. It can also record sent and received email messages, record BBM messages, listen for both incoming and outgoing SMS messages, and even monitor WhatsApp.
The Symbian threat calls itself “System Update” or “Installation File.” The former requests the following capabilities:
PowerMgmt
ReadDeviceData
TrustedUI
SwEvent
NetworkServices
ReadUserData
WriteUserData
Location
The Trusted UI one is interesting because it is only specifically used when confidentiality and security are critical. In other words, most apps don’t ever touch it.
The Windows Mobile threat provides interception and monitoring capabilities (Windows Phone appears unaffected). Depending on the status of the device or monitored events, the malware communicates notifications back to the C&C server. It uses the following modules:
AddressBook
CallInterception
PhoneCallLog
SMS
Tracking
The malware can thus manipulate phone calls as well as track the device using GPS.
In addition to their app analysis, the security researchers also scanned the Internet for where FinSpy C&C servers could be operating. They found two servers in Brunei, one in Turkmenistan’s Ministry of Communications, two in Singapore, one in the Netherlands, a new server in Indonesia, and a new server in Bahrain. There are new ones in certain countries because Rapid7 previously found C&C servers for FinFisher in 10 countries: Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, Mongolia, Latvia, the UAE, and the U.S.
Despite all this worrying information, there’s good news. While these Trojans provide substantial surveillance functionality, there is no evidence of them exploiting the aforementioned mobile platforms on their own. As such, cybercriminals will need to figure out how to leverage an existing exploit, or use social engineering to get on your device. Alternatively, they can also physically access your phone.
To protect yourself, here’s what the researchers suggest you do:
In other words, stay clear of any apps that ask for far too many permissions to install, and always keep your phone on you and away from those who may want to track you.
Image credit: stock.xchng
Song matching coming to Google Play, music purchases coming to Europe on November 13
Amid all its Nexus announcements today , as well as Android 4.2 ( still Jelly Bean ), Google announced a new matching feature for Google Play that cuts down the time it takes to upload your personal music collection to the service. The search giant will soon scan your content for songs it can match against the Google Play catalog; anything it finds will be automatically added to your online library without needing to upload it.
At the same time, Google announced a huge win for European customers: buying music is coming to Google Play on November 13. More interesting, in my opinion, is what comes along with the legal purchases: music streaming for content you already own. The Music Match feature will also be available in Europe on November 13, and will be coming to the US “soon after” at an undisclosed date.
Buying music in Europe will be limited to five countries (France, Germany, Italy, Spain, and the UK), though Google will likely expand this at a later date. Europeans residing there will be able to purchase music from the Google Play store as well as add up to 20,000 songs for free from their existing collection for streaming to their Android devices and Web browser.
This is a big deal because it means, just like in the US, Europeans will be able to keep using their existing music libraries with the Google Play Store. It’s a smart way for Google to ensure increased adoption of its cloud service. The new song matching feature is just icing on the cake. The best part is that Google says everything above will be available for free: “free storage of your music, free matching, free syncing across your devices and free listening.”
Furthermore, Google Play movie purchases are now available in more countries: Australia, Canada, France, Spain, and the UK. Oh, and if that wasn’t enough, Google has partnered with Time (more magazines) and Warner Music Group (new songs coming each day), meaning it now has deals with all major record labels globally and all major US magazine publishers.
Image credit: teakettle