HTC One M9 Price, Release Date, Specs and Features

HTC at Mobile World Congress 2015 in Barcelona, Spain, announced the all-new HTC One M9. While it might look a good bit like its predecessor (why mess with a good thing, right?) there's still a lot going on here.

The phone is slightly smaller and easier to hold. The rear Ultra Pixel camera has been swapped out for a more traditional 20MP shooter. Sense 7 gives you so many new ways to share and edit photos, and it's easier to do now as well.
Boom Sound is back, of course, and this time Dolby is on board to help with the audio lifting.
So we'd love for the HTC One M9 to have more juice. We don't think two days of battery life should be unrealistic, after all the HTC One M8 and a number of other phones can already comfortably make it into a second day, they just need a bit of a boost to make it to the end of the day.

 HTC One M9 specs

SYSTEM	Android 5.0.2 Lollipop + HTC Sense 7
DISPLAY	5-inch LCD, 1,920 x 1,080 Pixel, 441 ppi
PROCESSOR	Qualcomm Snapdragon 810, Octa-Core, 4 x 2.0 GHz + 4 x 1.5 GHz
RAM	3 GB
INTERNAL STORAGE	32 GB + microSD
BATTERY	2,840 mAh
CAMERA	20 MP (rear), HTC UltraPixel (front)
CONNECTIVITY	USB 2.0, WLAN (IEEE 802.11 a/b/g/n/ac 2.4 & 5 GHz), LTE CAT6, Bluetooth 4.1, NFC, CIR, HDMI MHL 3.0
DIMENSIONS	144.6 x 69.7 x 9.61 mm
WEIGHT	157 grams

Water and dust resistance: Another way to keep it protected is with dust and water resistance. We don't need to be able to take it swimming, but knowing that it could survive a spill or a bit of rain would certainly be reassuring and now that Samsung and Sony are both water and dust proofing their phones there's little excuse for HTC not to do the same.

More of a health and fitness focus: The world is going health and fitness mad, or at least that's what many of the latest smartphones and smart watches would lead you to believe. HTC though doesn't seem so interested and we can't help but feel that it's missing a trick, especially if the market for fitness focused tech continues to grow. Sure a heart rate monitor and UV sensor are hardly essential components of a smartphone, but we wouldn't say no to them and we'd also be quite happy to see more of a focus on fitness software from HTC, rather than it relying on third party solutions, as HTC has done with the M8 by simply including the Fitbit app. Apple has Health, Samsung has S Health, HTC needs something.

Lots of power: It's reached the point where almost every high end phone and a fair few lower end ones feel fast and powerful, so we don't really need a lot more power in the HTC One M9. But specs sell and while HTC's flagships are always powerful they're not always quite as powerful as the competition, at least on paper. So next year we hope that changes. Impress us HTC, put in an octa-core Snapdragon 810 with 6GB of RAM, or at least make sure your phone is a match for the Samsung Galaxy S6 and Sony Xperia Z4.

More storage: HTC wisely added a microSD card slot to the M8, but we'd still love more internal storage. Apple now offers 128GB iPhones, so why can't an Android phone do the same? And more specifically why can't HTC? Do that while still including microSD support and we could be looking at a phone with 256GB of combined storage, which is far more than most people are ever likely to need, but we'd rather have too much than too little.

Category 6 LTE: 4G is taking off in a big way, but while current phones are equipped to support the fastest speeds we're likely to get in most places right now, they're not particularly future-proofed. That's why we'd like to see HTC put Category 6 LTE support in the HTC One M9.That would theoretically allow it to reach download speeds of around 300Mbps, which is double what most current handsets can manage and should make it a viable handset right up until 5G arrive

HTC One M9 price: The HTC One M9 price will be set at 749 Euros carrier unlocked, but we are yet to receive UK or US pricing details. The latest rumors suggest a 649 USD price tag, but we will update this page as soon as we know more. While every network will get the One M9 in Gold/Silver and Gun Metal colors, EE will initially be the only network to also have the One M9 in gold. The One M9 will be released in Europe around March 31. At launch, it will be available in two colors: gunmetal gray and silver with a gold frame at the back. Eventually, the all-gold edition is also expected to become widely available. 

sumber disini

Read More

 Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips and gaining higher kernel privileges on the system.

The technique, dubbed "rowhammer", was outlined in a blog post published Monday by Google's Project Zerosecurity initiative, a team of top security researchers dedicatedly identifies severe zero-day vulnerabilities in different software.

Rowhammer is a problem with recent generation DRAM chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row which could allow anyone to change the value of contents stored in computer memory.

WHAT IS ROWHAMMER BUG

DDR memory is arranged in an array of rows and columns, which are assigned to various services, applications and OS resources in large blocks. In order to prevent each application from accessing the memory of other application, they are kept in a "sandbox" protection layer.

However, Sandbox protection can be bypassed using Bit flipping technique in which a malicious application needs to repeatedly access adjacent rows of memory in a tiny fraction of a second.

As a result, hammering two aggressor memory regions can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells.

“With enough accesses, this can change a cell’s value from 1 to 0 or vice versa. In other words, the selected zero area will be transferred to the victims, or vice versa.” researchers explained.

The Bit flipping technique was first presented in an experimental study paper published by Carnegie Mellon University, entitled, "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors."

Bit flipping technique shouldn’t be confused with Buffer overflow or use-after-free memory corruption techniques where an attacker funnels malicious shellcode into protected regions of victim’s computer. 

TWO WORKING EXPLOITS DEMONSTRATE THE FLAW

As we know, DRAM manufacturing scales down chip features to smaller physical dimensions. Latest Technology demands more memory capacity onto a chip, so it has become harder to prevent DRAM cells from interacting electrically with each other.

The Project Zero team has folded such bit flipping into an actual attack by demonstrating two proof-of-concept exploits that successfully take over control of many x86 computers running Linux and believes the same could be done with other operating systems as well.

1. First, Page table entries (PTEs) based exploit uses rowhammer induced bit flips to achieve kernel privileges on x86-64 Linux and hence, gain read-write access to entire of physical memory.
2. Second exploit demonstrates the exploitation of same vulnerability by escaping from the Native Client sandbox.

MITIGATION TECHNIQUES

Cyber Security experts also provided a way to mitigate kernel privilege escalation attack. Researchers changed Native Client to disallow the x86 CLFLUSH instruction that’s required to make the first exploit works. 

Whereas, preventing the Row Hammer exploit with the second proof-of-concept is a more difficult task to achieve on existing machines.

With the help of above exploits, the Project Zero team conducted tests on eight models of x86 notebook computers, built between 2010 and 2014, using five different vendors of DDR3 DRAM and five different CPU families. A large subset of these machines i.e. 15 out of 29 were found to be vulnerable.

The above attack doesn't work against the latest DDR4 silicon or DIMMs that contain ECC (error correcting code) capabilities.

Project Zero team is asking DRAM manufacturers, CPU makers, and BIOS creators to release details about the steps they've taken to mitigate rowhammer-like security issues on their products.

Sumber  klik disini

Read More

Xiaomi Mi 4 Smartphone Pre-loaded with Malware and Custom Android ROM

 Xiaomi Mi 4 Smartphone Pre-loaded with Malware and Custom Android ROM

   

                                                      Feb 07 2015.

Once again the very popular and the world's third largest smartphone distributor Xiaomi, which had previously been criticized for secretly stealing users’ information from the device without the user's permissions, has been found spreading malware.

The top selling Android smartphone in China, Xiaomi Mi4 LTE, has been found to be shipped with pre-loaded spyware/adware and a "forked," or not certified, vulnerable version of Android operating system on top of that, according to a San Francisco-                                                                                     based mobile-security company, Bluebox.

Xiaomi, which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. Just like other Xiaomi devices, Mi4 LTE smartphone seems to attract a large number of customers with more than 25,000 units sold out in just 15 seconds on India’s online retailer Flipkart.

Security Researcher Andrew Blaich of Bluebox firm revealed Thursday that the brand new Chinese Xiaomi Mi4 LTE handset appears to be unsafe to use from the moment you take it out of the box for the first time. After extensive testing, Blaich found two serious security issues in the smartphone:

• Pre-installed Apps which are flagged as malware
• Forked, or not certified version of Android operating system which can be a serious security risk for the users

ISSUE 1: PRE-INSTALLED MALWARE APPS

With the help of several top malware and antivirus scanners, researcher discovered that the Mi4 LTE smartphone contains six suspicious apps that were flagged as malware, spyware or adware.

One particularly malicious app, Yt Service, noticed by Bluebox found to be a piece of adware called DarthPusher, comes preloaded in all Xiaomi Mi4 LTE smartphones. But, what makes this app different is that Yt Service disguised its package to look as if it came directly from Google; something an average Android user would expect to find on their device.

"This was an interesting find because, though the app was named Yt Service, the developer package was named com.google.hfapservice (note this app is NOT from Google)," Andrew Blaich wrote on a blog post on Thursday.

Other shady apps comes pre-installed on the device are as follows:

• PhoneGuardService (com.egame.tonyCore.feicheng) - flagged by the anti-virus solution as a Trojan that could allow malefactors to hijack the phone. The name of this app is enough to fool users.
• SMSreg - another piece of risky software detected by the anti-virus firm as a Malware.
• AppStats - classified (org.zxl.appstats) as Riskware.

In total, the security researchers discovered six suspicious apps whose behavior is similar to malware, spyware or adware.

ISSUE 2: CUSTOM/FORKED VERSION OF ANDROID ROM

There are two kinds of Custom Android ROMs – ‘compatible’ and ‘non-compatible’.

• Compatible Android forks are based on the Android Open Source Project (AOSP), comply with the Android Compatibility Definition Document (CDD); and pass the Compatibility Test Suite (CTS).
• Non-compatible forks are built on Android Open Source Project (AOSP), but are built to run their own ecosystems.

Android version aboard Mi4 LTE found to be a sort of mixture of Android Kitkat, Jellybean and even earlier Android versions.

Using Trustable, their mobile security assessment tool, researcher discovered that the analyzed Mi4 unit was vulnerable to a host of security flaws recently discovered like the Masterkey, FakeID, and Towelroot (Linux futex).

ISSUES 3: MI 4 VULNERABLE TO SEVERAL FLAWS

Bluebox researchers stated that the Mi4 LTE smartphone was vulnerable to all the big vulnerabilities, except Heartbleed bug.

"Not only was the device vulnerable to every vulnerability we scan for (except for Heartbleed which only was vulnerable in 4.1.1), it was also rooted and had USB debugging mode enabled without proper prompting to talk with a connected computer," Blaich explained.

Several conflicting API build properties were also observed, meaning it was "unclear if [the] build of the software was meant for testing or release to consumers."

Bluebox disclosed the issue to the Xiaomi, which has yet not responded to the security firm's queries, nor has it acknowledged the device's purported security weaknesses.

So, if you are planning to buy a brand new Xiaomi Mi4 LTE smartphone, which is no doubt an attractive phone with all popular smartphone features included in it, you must think twice before get one.

Yesterday, the latest update of uTorrent version was also accused of bundling Bitcoin cryptocurrency mining malware with popular BitTorrent client.

UPDATE:

Xiaomi spokesperson provided the following official statement to 'The Hacker News' via an email:

"We are investigating this matter now. There are glaring inaccuracies in the Bluebox blog post. Official Xiaomi devices do not come rooted and do not have malware pre-installed. Therefore, we are certain the device that Bluebox tested is not using a standard MIUI ROM."

"It is likely that the Mi 4 that Bluebox obtained has been tampered with, because it was purchased from an unofficial channel. We only sell via Mi.com, and a small number of select partners such as operators."

"Furthermore, contrary to what Bluebox has claimed, MIUI is true Android, which means MIUI follows exactly Android CDD, which is Google's definition for Android devices, and it passes all CTS tests, the tool used to make sure a given device conforms to CDD, both in China and international markets."

Sumber : http://thehackernews.com/2015/03/Xiaomi-Mi-4-malware.html

Read More