Trump halts Broadcoms' bid for Qualcomm claiming national security is at risk

Claiming that an acquisition of San Diego based Qualcomm by Broadcom is a national security risk, President Donald J. Trump has blocked the transaction from taking place. Earlier this month, the U.S. Treasury’s Committee on Foreign Investment in the United States (CFIUS) issued an extraordinary letter complaining that if a foreign company took over Qualcomm, it would damage U.S. participation in the production of components for the next-generation 5G wireless networks. Qualcomm, well known for its mobile chips, already has a number of phone manufacturers lined up to use its Snapdragon X50 5G NR …

New online tool could help calculate your risk of developing melanoma


Melanoma is the most dangerous of skin cancers, and now a new tool claims to help people over 40 calculate their risk of developing it in the next 3.5 years.

Created by researchers at Australia’s QIMR Berghofer Medical Research Institute, the online risk predictor works with accumulated data from 42,000 people aged between 40 to 70 years of age in the world’s largest study of skin cancer.

The tool’s results are determined from a person’s age, sex, ability to tan, number of moles at age 21, number of skin lesions treated, hair colour and sunscreen use. From there, the tool will classify you as one of five risk groups, from very much below average to very much above average. Read more…

More about Australia, Health, Cancer, Melanoma, and Science

Nintendo Switch launched one year ago. Your save data is still at risk.


Nintendo Switch launched on March 3, 2017. Today, exactly one year later, you’re still at risk of losing all your save data in the event of a hardware failure.

We’ve talked about this beforeMore than once. It’s an ongoing problem. The Switch is a great gaming machine, but this omnipresent dark cloud that still hovers over it is baffling.

Can you name another game-playing device released in the past 25 years that didn’t offer some way to protect your data? Proprietary memory cards, game cartridges with built-in storage of their own, flash drives, SD cards, cloud storage — different machines do it in different ways, but the feature itself is a given. An expectation. Read more…

More about Entertainment, Gaming, Nintendo, Nintendo Switch, and Entertainment

New FDA study shows no human brain cancer risk from cellphone use

Two government tests that were part of an FDA study, blasted mice and rats with cellphone radiation. This did not end well for some of the rodents. There was a slight increase in a rare heart tumor discovered in the male rats, although the mice and female rats were unscathed. The good news, at least as far as humans are concerned, is that the testing revealed no reason for humans to worry about getting brain tumors from prolonged cellphone use.

The American Cancer Society’s chief medical officer, Dr. Otis Brawley, made a point of saying, “I am actually holding my cellphone up to my ear.” …

Vulnerability in Samsung Galaxy phones put over 600 million Samsung phone users at Risk

Samsung phones come pre-installed with the Swift keyboard which has a vulnerability that could allow an attacker to remotely tap into GPS, camera and microphone, eavesdrop on text messages and calls and more.

During the Black Hat London presentation “Abusing Android Apps and Gaining Remote Code Execution,” NowSecure mobile security researcher Ryan Welton revealed that over 600 million Samsung mobile devices are vulnerable to an attack that is “highly reliable, completely silent, and affects all devices.”


If you have a Samsung Galaxy phone, then you have the default Swift keyboard installed and that puts you at risk due to a significant security flaw in the keyboard. The Swift keyboard comes pre-installed on Samsung mobile devices and it cannot be uninstalled or even disabled. Even if you don’t use Samsung’s default keyboard, “it can still be exploited.”

Twitter adds autoplaying videos
Twitter has moved well beyond its foundation of 140-character messages. The site will now host videos
If the flaw in the keyboard is exploited, an attacker could remotely:

Access sensors and resources like GPS, camera and microphone.
Secretly install malicious app(s) without the user knowing.
Tamper with how other apps work or how the phone works.
Eavesdrop on incoming/outgoing messages or voice calls.
Attempt to access sensitive personal data like pictures and text messages.
NowSecure notified Samsung about the security flaw in December 2014. “Given the magnitude of the issue, NowSecure notified CERT who assigned CVE-2015-2865, and also informed the Google Android security team.” Samsung provided a patch to wireless carriers in early 2015, but that’s not nearly the same as the devices being patched since each carrier has to push the fix to vulnerable phones on their network. For example, in testing just this week NowSecure found the Galaxy S6 is still vulnerable on Verizon and Sprint networks.

Vulnerable Samsung phones

As of today, June 16, Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini are listed as Samsung phones impacted by the flaw, but NowSecure noted that is not an all-inclusive list of impacted devices.

On the Verizon network: Galaxy S6 is “unpatched,” the status is “unknown” if Verizon deployed the fix to Galaxy S5, Galaxy S4 and Galaxy S4 Mini mobile devices on its network.

On AT&T: The patch status is “unknown” for Galaxy S6, Galaxy S5 and Galaxy S4; Galaxy S4 Mini is listed as “unpatched.”

On Sprint: Galaxy S6 is “unpatched” and the patch status is “unknown” for Galaxy S5, Galaxy S4 and Galaxy S4 Mini phones.

On T-Mobile: Galaxy S5 has not been patched; Galaxy S6, Galaxy S4 and Galaxy S4 Mini have an “unknown” patch status.

Details about the Swift keyboard vulnerability on Samsung phones

According to NowSecure’s technical details, the Swift “keyboard was signed with Samsung’s private signing key and runs in one of the most privileged contexts on the device, system user, which is a notch short of being root.”

The attack vector for this vulnerability requires an attacker capable of modifying upstream traffic. This can include geographically proximate attacks such as rogue Wi-Fi access points or cellular base stations, or attacks from local users on a network, including ARP poisoning. Fully remote attacks are also feasible via DNS Hijacking, packet injection, a rogue router or ISP, etc.

Welton explained that new languages can be added to Swift keyboards or existing languages can be upgraded. Those files come as a .zip and are “written as system user. This is a very powerful user capable of writing many places on the file system.” Oh, and the zip is sent over plaintext. The keyboard app validates the language zip files, but it does this with a manifest that is also sent insecurely.

After a little hacker magic, Welton was able to trigger the vulnerability and execute the payload. He also notes that each model and version of Samsung devices would require a specific payload, but that’s apparently not challenging as “Swift is kind enough to give us model version and build information in the http headers where they ask the server for the langaugePack update.”