Saturday, August 31, 2013

Hacked Feature Phone Can Block Other People’s Calls Swapping software can give one GSM phone the power to prevent incoming calls and text messages from reaching other phones nearby.

Hacked Feature Phone Can Block Other People’s Calls

Swapping software can give one GSM phone the power to prevent incoming calls and text messages from reaching other phones nearby.

By making simple modifications to common Motorola phones, researchers in Berlin have shown they can block calls and text messages intended for nearby people connected to the same cellular network. The method works on the second-generation (2G) GSM networks that are the most common type of cell network worldwide. In the U.S., both AT&T and T-Mobile carry calls and text messages using GSM networks.

The attack involves modifying a phone’s embedded software so that it can trick the network out of delivering incoming calls or SMS messages to the intended recipients. In theory, one phone could block service to all subscribers served by base stations within a network coverage area known as a location area, says Jean-Pierre Seifert, who heads a telecommunications security research group at the Technical University of Berlin. Seifert and colleagues presented a paper on the technique at the Usenix Security Symposium in Washington, D.C., last week. An online video demonstrates the attack in action.

Seifert’s group modified the embedded software, or “firmware,” on a chip called the baseband processor, the component of a mobile phone that controls how it communicates with a network’s transmission towers.

In normal situations, when a call or SMS is sent over the network, a cellular tower “pages” nearby devices to find the one that should receive it. Normally, only the proper phone will answer—by, in effect, saying “It’s me,” as Seifert puts it. Then the actual call or SMS goes through.

The rewritten firmware can block calls because it can respond to paging faster than a victim’s phone can. When the network sends out a page, the modified phone says “It’s me” first, and the victim’s phone never receives it.

“If you respond faster to the network, the network tries to establish a service with you as an attacker,” says Nico Golde, a researcher in Seifert’s group. That’s enough to stall communications in a location area, which in Berlin average 200 square kilometers in size. The group didn’t design the hack to actually listen to the call or SMS but just hijacked the paging process.

Traditionally, the details of how baseband processors work internally has been proprietary to makers of chips and handsets. But a few years ago, baseband code for a certain phone, the Vitelcom TSM30, leaked out. That enabled researchers to understand how baseband code works and spawned severalopen-source projects to study and tweak it.

The Berlin group used that open-source baseband code to write replacement software for Motorola’s popular C1 series of phones (such as the C118, C119, and C123). Those devices all use Texas Instruments’ Calypso baseband processor.

The researchers tested their attack by blocking calls and messages just to their own phones. However, they calculate that just 11 modified phones would be enough to shut down service of Germany’s third-largest cellular network operator, E-Plus, in a location area. “All those phones are listening to all the paging requests in that area, and they are answering ‘It’s me,’ and nobody in that cell will get an SMS or a phone call,” Seifert explains.

Jung-Min Park, a wireless-security researcher at Virginia Tech, says that although devising the attack requires detailed technical knowledge, once it is created, “if someone had access to the same code and hardware, repeating the attack should be possible for an engineer.”

Although carriers today mostly tout their 3G and 4G services, most networks around the world still use GSM networks. Around four billion people worldwide use GSM networks for calls, and carriers also use them for some machine-to-machine applications.

The problem could be fixed, but that would require changing GSM protocols to require phones to prove their identity through an additional exchange of encrypted codes. “The defense is expensive to deploy,” says Victor Bahl, principal researcher and manager of the mobility and networking research group at Microsoft. “I can only speculate that the cell network providers are reluctant to invest in mitigation strategies in the absence of an immediate threat.”

Seifert says the research of his group and others shows that basic aspects of mobile communications can no longer be assumed to be safe from hacking. “The answer of the carriers is: ‘It’s illegal—you are not allowed to do it,’” he says, “However, the implication is that the good old times, where you can assume that all the phones are honest and following the protocol, are over.”

www.mohanvamsi.com

Do e-cigarettes cause cancer?

Do e-cigarettes cause cancer?

A customer smokes an electronic cigarette at Vape New York, a dedicated vaporized nicotine retailer in New York City.

A customer smokes an electronic cigarette at Vape New York, a dedicated vaporized nicotine retailer in New York City.

ore steam for the anti-vaping movement: A French consumer magazine, National Consumer Institute, reported Monday that e-cigarettes contain "a significant quantity of carcinogenic molecules" in their vapor that have so far gone undetected.

E-cigarettes, those battery-powered devices you see people puffing indoors, use heat to vaporize liquid nicotine, but contain no tobacco and produce no smoke, and thus evade anti-smoking regulation.

Using a new method of testing, researchers found that in three out of the ten e-cigs studied, the level of formaldehyde, a known carcinogen, came close to the amount in conventional cigarettes. Furthermore, a highly toxic molecule called acrolein was detected "sometimes at levels even higher than in traditional cigarettes," said Thomas Laurenceau, chief editor of the magazine.

"This is not a reason to ban them, but to place them under better control," he said.

Laurencea's sentiment has been echoed by vaping skeptics across the pond, where the U.S. Food and Drug Administration is chewing on a set of possible regulations due out this fall, including a ban of online sales to prevent sales to minors and limits on advertising. Meanwhile, Michael Bloomberg, New York City's health-conscious mayor, is considering a plan that, among other things, would outlaw e-cig flavors like bubble gum that seem designed to attract youngsters.

The problem, say e-cig's detractors, is that without more long-term studies and tests, we don't know if they're the safe alternative to regular cigarettes that their proponents claim they are.

"The small studies that have been done so far hint at both pros and cons; one found that smokers cut back on real cigarettes after trying the electronic kind, while another found particles of metal and and silicates in e-cigarette vapor that could cause breathing problems," says the Bangkok Post. "It would be great if e-cigarettes turned out to be the breakthrough that gets people to give up smoking tobacco. In the meantime, we should all be careful that e-cigarettes not perpetuate a habit that society has come a long way toward snuffing out."

On the other end, vaping advocates are offended by the rush to condemn a breakthrough that could save hundreds of thousands of lives a year. "The anti-smoking movement is a victim of its own success," says Nick Gillespie at The Daily Beast. "This time, the buttinskys are trying to douse the dreaded e-cigarette, a device that supplies a safe nicotine hit to the user without bothering or endangering anybody else."

"[T]he prohibitionists are taking on e-cigarettes because... because... because... smoking tobacco is bad for you. And they don't think you should decide how to live your life," he says.

The idea is that e-cigs can't be as bad as regular cigarettes. And if regulators get too rule-happy, they might prevent real smokers from becoming faux smokers.

"Allowing anti-smoking ideology to dictate e-cig legislation would condemn smokers to using ineffective quitting strategies or dying premature, tar-sodden deaths, but evidence-based regulation that prioritizes public health would cause a revolution in tobacco harm reduction," says Lindsay Fox, an e-cigarette advocate, at The New York Times.

While the debate rages on, the e-cigarette industry is gaining momentum. The market is expected to reach $1 billion this year, and analysts say sales could top $10 billion in the next five years. Without regulation, the e-cigarette business could outgrow the cigarette business by2047.

www.mohanvamsi.com

The Next Google: It's Like Google, But For Search

It is no longer appropriate for search to be under the thumb of private industry. It's a critical part of the national infrastructure. So if I were a real pinko, I'd be advocating for the nationalization of Google, à la Chavez—but I'm not a real pinko. Besides, the American people have already bought and paid for an ideal alternative to Google. That's right: we have the means in hand to create a public, ad-free, totally fair and reasonably transparent search engine with a legal mandate to operate in the public interest, and most of the work is already done. We have also a huge staff of engineers to conclude what little remains on the development and deployment side.

Who are these American heroes, soon to be accepting the thanks of a grateful nation? Why, our fellow citizens, the software engineers and tech gurus and endless numbers of contractors of the NSA! Why don't they make themselves useful and stop spying on everyone and instead, use all that computing power and archived information to make us a fair, fast, ad-free search engine?

They have a copy of the whole Internet, soon to be housed in their giant bunker in Utah!

It is already, apparently, equipped with the latest in search technology! It's probably already better than Google.

Others make their case against Google on antitrust laws. It's not illegal to have a monopoly. According to U.S. courts, it's just not your fault that everybody loves your product! What's illegal is using that power to do bad things, like suppress your own competition. This is why there are ongoing government investigations into Google's anti-competitive business practices in the U.S., in Canada and in Europe.

Probes like these have so far tended to focus on Google's preferential treatment of its own services over those of its competitors in Google search results. Which amounts to ignoring the elephant in the room: Google, with its 67% share of U.S. search traffic (sounds low, tbh), has a potential influence far beyond the industries in which it operates formally. At the moment, Google can legally use its power to make or break any business, or any politician, publication, or public figure it chooses, for any old reason it wants, provided that reason doesn't fall foul of antitrust laws.

For instance, let's suppose one of Google co-founder Sergey Brin's friends were to open a new cafe in Mountain View: there is no legal proscription whatsoever against Google's vaulting the Friends o' Brin Cafe to the top of results on searches for "best cafe Mountain View." Or even "best cafe."

A close reading of Google's ten "Core Principles" appears to suggest, but not quite guarantee, that Google won't simply grant preferential treatment at its own discretion. The fact is, however, that it's entirely up to them. Given the understandably secret nature of Google's algorithms and other techniques for determining search results, it would be impossible to say whether or not this is in fact already happening.

Already companies live or die at the hands of Google. Any update to the Google Panda search ranking algorithm has rippling effects through the Internet. One thing that seems to be the case: older sites, with thousands of internal links and a deep history on the Internet, seem to be constantly downgraded. That's bad news for some non-spam media companies that in part live off search traffic. Google results, in general, overweight newness. It is becoming more and more impossible to find relevant results older than three months.

As well, Google will tell you that active engagement with their product Google+ will be "beneficial" to any publisher as a whole, including in search. Publishers now ignore Google+ at their peril, whether it is relevant to their business or not.

But let's take the real case of 23andMe.com, the "privately-held personal genetics company" whose CEO, Anne Wojcicki, is married to Sergey Brin. According to recent SEC filings, Google invested approximately $1.5 million in the company's Series D round, and Google leases office space to the company. Here's the current results for a search on the phrase "genetic testing":

23andMe is the first paid result; the first result appearing below Wikipedia and the National Institute of Health is also 23andMe. If Ms. Wojcicki has privileged access to the inside scoop on how Google's search rankings work (if!), or if Google merely wants to shoot her company's links to the top of relevant searches, would that even contravene existing anti-trust laws?

Nope, according to James Grimmelmann, Professor of Law and Director of the Intellectual Property Program at the University of Maryland:

There is not any obvious law that this kind of favoritism would violate. It does favor one genetic testing company at the expense of another, but you're right that this doesn't directly suppress competition among search engines. I have seen arguments that this kind of favoritism is an antitrust issue, but the lack of direct injury to a competitor, and fact that Google is not itself competing in genetic testing, make that argument extremely tenuous. The argument is stronger for something like maps or social networking features, but there, Google can point to the obvious benefits to consumers of having a single integrated set of results.

In this article draft, I give a detailed analysis of whether one of the other testing companies could sue on the theory that Google is falsely claiming that it's less relevant than 23andme. That's a hard, though not completely impossible, case to make because the meaning of "relevant" is deeply ambiguous.

The final possibility would be an enforcement action by the FTC for deceiving consumers. If 23andme were owned by Google, a disclaimer would probably suffice to satisfy the FTC. It's a little different where the connection is more attenuated. But because they're primarily policing for hidden marketing, a clear disclosure of the relationship would be likely to satisfy them.

The potential for shenanigans is also problematic in view of Google's cozy relationships with its VCs who, being invested in businesses other than Google, are liable to have a strong incentive to throw their weight around in Google's search results. As matters stand right now, it would be perfectly legal for them to do so, and nearly impossible to detect.

A number of Google's liabilities with respect to fairness are ably illustrated in "Can Google Be Trusted?," a grimly amusing little slideshow from FairSearch.org, a group of businesses and organizations "fostering and defending competition in online and mobile search." (Hilariously, the group counts the much-sued monopolist Microsoft among its members.)

I asked Brewster Kahle of the Internet Archive and the Wayback Machine some questions on this.

Would it be illegal for Google to disfavor competitors in their search results? Are they required to be impartial and if so, by what laws? What about blacklisting in search results for other reasons?

Maybe antitrust like they are getting hit for in Europe.

What do you think about the secret nature of the algorithm Google uses to produce the results? What do you think about the SEO world, these days?

It is not great. That company is becoming both the navigation and the publisher, which will make for conflicts of interest.

It would be great to let a hundred Googles bloom—but it is difficult to match them in search. They are on a roll.

But we don't need a hundred Googles. Just one free, fair, intelligent and comprehensive one. All we need to do is permanently erase all the emails, phone calls and private correspondence illegally obtained by the NSA and then make their search technology and WWW archive available to the rest of us. We already own the information and the software and are paying the salaries of these engineers. It's been entirely funded, after all, with insanity-making amounts of your tax dollars.

www.mohanvamsi.com

How Google can avoid becoming the next Microsoft, as told by an insider with knowledge of both

The deeper you dig into the causes of Microsoft’s decade of stagnation and the departure of CEO Steve Ballmer, the more apparent it is that the problems Microsoft faced affect all large companies, to one extent or another. Fortunately for the world (and unfortunately for Microsoft) the company’s dysfunction drove away so many talented engineers and managers that they are practically climbing over one another to recount what went wrong in Redmond.

Quartz has already written about how Microsoft veterans who left the company see its problems, and what they think needs to be done to fix them. But the observations of one of the veterans we spoke with are worth writing about separately—because of their implications for Google, the company’s most visible competitor. This person, who requested to remain anonymous, has inside knowledge of the workings of Google as well. Here are some of our key takeaways from talking with them.

1. Too many cooks in the kitchen will kill innovation every time

As a rule, decision-making grows exponentially harder with the number of people involved. In Microsoft’s early days, it was, like most young organizations, fairly flat in structure. A general manager oversaw 50-300 people, and decisions only needed his or her blessing. But in part because graduating into management is the only route to a promotion at Microsoft, the company added more and more layers of management.

This meant that decisions that were once made by a single manager now had to be agreed on by a dozen people. Needing that many more people to say “yes” meant that only the most obvious (or least provocative) ideas got the go-ahead. Born as the product of feverish late-night coding sessions by Bill Gates and a handful of trusted lieutenants, Microsoft became a centrally-planned, Kafka-esque nightmare.

Lessons for Google:

Management is the enemy, decisions that must be made by committee are suspect, and you have to trust key decision-makers to wield broad power over large groups of engineers. Who are, if you’ve hired correctly, self-motivated and entrepreneurial to begin with. (There’s a thoughtful article detailing a startup named Medium’s approach to this issue here.)

So far Google has avoided the trap of building the ranks of management, in part because the company is so dedicated to hiring the right engineers—in other words, the kind that require little supervision—in the first place.

2. Don’t shackle teams to your past successes or your existing business

With the success of Windows and Office, Microsoft made a classic mistake: it tried to force its other businesses to integrate and support its most profitable products. Instead, Microsoft should have instructed each of its divisions to focus on building the best product. (XBox is one example where it got this right.) Internally, Google has a great deal of integration between products, but it’s voluntary. Google Now, voice search and Maps teams, for example, all draw on the company’s enormous internal database of places and things.

Case study: Windows Phone

Microsoft released a smartphone operating system seven years before Steve Jobs announced the iPhone. But rather than empowering the builders of the early “Pocket PC” to create something appropriate for the mobile form factor, Microsoft released an operating system that had a tiny Start menu, so that it would resemble the Windows 98 desktop OS. The result was a terrible user experience.

Case study: MSN.com

For years, MSN.com was sort of a newspaper, but on the internet—what was then known as a “portal.” Lots of people visited the site because it was the default homepage for Microsoft’s Internet Explorer, which for a time was the most-used web browser in the world.

But with the rise of search, people began switching their default homepage to Google or, if they simply didn’t want to see MSN.com’s noisy, advertisement-filled homepage, nothing at all. Revenue dropped at MSN, and the response was more ads. This turned into a downward spiral, and MSN.com lost relevance. Had MSN been forced to compete on its own merits, it might have been a completely different site.

Lessons for Google:

Products enabled by new technologies must live or die on their own merits, and while there are ways to push people onto your latest experiment, forcing engineers to integrate with your past successes, or shielding them from competition, will only make your products uncompetitive in the long run.

3. The consumer is more important than ever

Companies are having to contend with employees who are newly empowered—by the web and by their mobile devices, which they’re upgrading continuously—to take IT into their own hands. This is driving internal corporate IT managers to use systems that match what their employees are bringing to work, like iPhones and Android tablets, and more than ever, those systems are not made by Microsoft.

Lessons for Google:

The devices that people use at home are the same ones they want to use at work. The success of Google’s Android operating system for mobile devices is perhaps Google’s most potent weapon against Microsoft. Being a web-based company is also a critical advantage, because the web is available across every kind of mobile device. Google must never lose sight of the fact that the web could itself be disrupted by some other system that consumers will flock to before businesses do.

4. But the market for enterprise software is still huge

Spend enough time with Googlers, and especially those who remember the birth of Google Docs (now part of Google Apps), and it becomes apparent that Google built its “enterprise” software primarily to satisfy the company’s own needs for internal communication. While Google is pushing aggressively into the market for productivity software for businesses, and offers businesses cloud computing infrastructure in the form of the Google Compute Engine, Google remains primarily a consumer, not an enterprise company.

Microsoft, meanwhile, is still making billions selling software that manages databases and serves files, and can charge a premium for the superior feature set of its Office suite. Indeed, if it weren’t for Microsoft’s successful focus on enterprise, which helped the company continue to grow its revenue even as consumers have failed to switch to new versions of Windows, Ballmer probably would have been pushed out long ago.

Lessons for Google:

There is a huge opportunity to capture more revenue by focusing on businesses, especially with Google’s productivity software (Google Apps). And while it might be anathema to the “rock star” programmers Google typically hires, figuring out how to integrate with or migrate businesses off of their legacy systems—something Microsoft and its third-party vendors excel at—would also go a long way to growing Google’s enterprise business.

5. Big companies must be comprised of small companies

As companies become larger, rates of innovation per employee go down. And yet the opposite is true in cities—the bigger they get, the more new ideas they incubate.

What’s the difference? Cities are more like coral reefs, their individual members spontaneously self-organizing into neighborhoods, companies and organizations, while corporations tend to have a more hierarchical, top-down structure. What Ballmer should have been doing all these years is organizing Microsoft so that engineers at the lowest levels can move fast and be trusted as experts in their fields.

Instead Ballmer became the decider. If you’re the sort of CEO upon whom thousands rely for decisions, you’re the bottleneck. A more nimble organization is comprised of teams which are granted autonomy to act. Yes, some amount of supervision is necessary—and Google CEO Larry Page’s successful effort to tighten up Google is evidence of this—but what a CEO should be aiming for is employees who require as little of management’s cooperation as possible.

Less oversight means less time spent communicating through the chain of command, and fewer decision makers participating in collaborations

Lessons for Google:

According to people in the know, Google’s business divisions, and the teams that comprise them, still have a relatively high level of autonomy. While much has been made of the “death of 20% time” at Google, what’s more important than the autonomy of individual engineers is the autonomy of the teams of which they are a part. As long as Google’s creeping corporatization stops at the end of 20% time, it’s probably fine. Google X, Sergey Brin’s skunkworks division, which is producing innovations like Glass and self-driving cars, is one smart way to nourish innovation as the company gets bigger, but Google’s leadership needs to stay focused on turning those projects into products, or it could be transformed into an isolated backwater, like Xerox Parc in the old days or Microsoft Research.

6. Stay positive

While at least one Microsoft veteran I talked to said that the company’s apparently-poisonous management policy known as “stack ranking” wasn’t as bad as media reports made it out to be, it’s clear that it alienated many. The problem was that the system branded those who had the poorest evaluations as “below average,” a label that meant they were largely ineligible for bonuses or raises. Because everyone was graded on a curve, this meant even worthy engineers were sometimes given “below average” rankings.

Another problem Microsoft had at the management level was an apparent insecurity about the company’s failure to invent The Next Big Thing. Given that Microsoft only ever employed a small fraction of the world’s programmers, the odds that it would invent the iPhone or Facebook were low. But instead of concentrating on its own potential, Microsoft became a slavish copyist of its competitors, rolling out one late, misbegotten clone after another—Zune (Microsoft’s iPod), Bing (search) and Surface (the iPad).

Lessons for Google:

Something like stack ranking has apparently crept into Google’s culture, but employees are not yet objecting to it strenuously because the company’s internal HR and management policy is evaluation and continuous improvement, not punishment.

Google also needs to recognize that, while it has a history of attracting some of the best talent in the world, no company is cool forever. At some point, talent will go elsewhere, if it hasn’t already, which means innovation that is a perceived threat to Google’s business will arise outside the company. Google is going to have to be selective about which markets it tries to compete in.

So is Google really the new Microsoft?

It’s become almost cliche to compare Google to Microsoft. But in terms of the two companies’ internal cultures, it appears that Google is still a long way from adopting the nearly feudal internal structure of Microsoft.

It’s also a ridiculous comparison when you consider just how different the world of personal computing is now from what it was during Microsoft’s heyday, in the mid 1990s. The internet, mobile devices, Apple’s resurgence and the birth of countless competitors in Asia all happened, and are driving the entire landscape of computing in ways that hardly anyone can anticipate. It’s possible that a Google that resembled Microsoft—resistant to change, with an emphasis on sales over flexibility and innovation—wouldn’t last long in today’s world. Out of necessity, Google may never become “the new Microsoft.” And Microsoft The real lesson here might not be how Google can avoid becoming the next Microsoft, but how Microsoft can stop being itself.