December 2014

AT&T and T-Mobile might owe you money!

by Joey deVilla on December 31, 2014

caught

In the telecom world, “cramming” takes place when a telco charges its customers for services they didn’t order or ask for, such as premium text messaging, ringtones, wallpapers, and subscriptions to services such as horoscopes and celebrity gossip. These services are typically offered by third parties through telcos, who collect about 30 to 40 percent of the charge. To keep users unaware of these charges, telcos have structured their bills so that it’s difficult for customers to tell that they’d be charged for services they didn’t ask for.

Earlier this year, the FCC took action against AT&T for cramming, which resulted in the biggest enforcement action and settlement in FCC history, to the tune of $105 million. Just before Christmas, T-Mobile announced a $90 million settlement with the FCC for their cramming activities, which T-Mobile called “unfounded and without merit” earlier this year. Sprint is also being targeted by the FCC for cramming, and it’s expected that they’ll be fined $105 million once the case is finalized. Verizon appears to be the only major US carrier that hasn’t been sued by federal officials.

As a result of their cases, AT&T and T-Mobile have set aside a pool of funds — $80 million in AT&T’s case, $68 million in T-Mobile’s — which will be used to refund people whose accounts have been crammed. If you were a customer of either over the past five years, you may be eligible for a refund. Here are the steps you should take to see if they owe you money:

this article also appears in the GSG blog

{ 0 comments }

What programmers wear

by Joey deVilla on December 30, 2014

programmer outfits

Found via AcidCow.

{ 0 comments }

Why you shouldn’t allow cheap tablets in your workplace

by Joey deVilla on December 30, 2014

black friday shopping

This year’s Black Friday offered some amazing deals for tablet shoppers. Even outside bargain season, there are a number of tablets that retail for under $100, but on the most recent Friday after Thanksgiving, you could — if you were able to beat the crowds to the shelves — pick up a tablet for under $50.  On one level, that’s nothing short of amazing: you’re getting the power of a laptop computer from a couple of years ago for about the same cost as a family of four to go to the movies. On another level, it’s frightening, because cheap tablets have a nasty little secret.

cheapest tablets worst security threats

The good thing and bad thing about Android devices is that just about any manufacturer can build and sell them. The good thing is that this approach has created a large ecosystem of devices at all price points, from top-tier models like HTC’s Nexus 9 and Samsung’s Galaxy Tab S to a wide array of cheap tablets that you can get via AmazonWalmart or even your neighborhood drug store for under $100. The bad thing is that it’s resulting in a market of products at all levels of quality, from best-in-class to nightmarishly horrible. In order to sell tablets to the lower end of the market, something’s got to give, and more often than not, that “something” is quality control.

security chain

While poor hardware quality control is more likely to affect the owners of devices who bring them to work, it’s poor software quality control that businesses who allow the use of personal devices for work have to watch out for. The problem isn’t with the Android operating system itself, but in the way that vendors install the operating system and modify it to work with their devices, as well as the add-ons and applications that they install on their devices to differentiate themselves from the others. You’re generally safe with the more expensive tablets from “name” vendors like Samsung and HTC, but once you go into off-brand cut-rate territory, you’ll encounter things like:

  • operating systems that haven’t been patched for vulnerabilities,
  • operating systems with modifications that either bypass or weaken the built-in security measures,
  • misconfigured security settings, and
  • malicious software and intentional security holes designed to allow unauthorized parties to access and take control of the device.

Now imagine giving these compromised devices access to your corporate systems. Each cheap, poorly-secured device on your network adds to the “attack surface” — the total of all the different points where an attacker can use for unauthorized entry — that malicious parties can use to access your data and resources.

How vulnerable are cheap tablets?

cheap tablet general rule

The short answer: Very. The long answer is below.

The San Francisco-based mobile data security company Bluebox decided to test the security of a number of tablets — a couple of premium ones (the HTC Nexus 9 and Samsung Galaxy Tab 3 Lite) as well as a variety of sub-$100 tablets that were hyped in this year’s Black Friday sales — by running their new app, Trustable, on them to see what it would report. The app is available for free on the Google Play store, and running it on an Android device generates a trust score ranging from 0 to 10 (with 10 being the most trustworthy) that factors in such things as:

  • Known system vulnerabilities on the device,
  • insecure configurations that are the fault of the device vendor,
  • insecure configurations that are the fault of the device user, and
  • number of applications installed on the device, both by the vendor and the user.

As you can see in the table below, the Nexus 9 and Galaxy Tab 3 Lite were rated as “trustworthy” by Trustable. The cheaper tablets didn’t do as well on their security tests:

Device Black Friday Price Trust score Notes
HTC Nexus 9 $399.99 10 (trustable) No known vulnerabilities, security back doors, potential to have its data stolen via USB, or security misconfigurations that are the vendor’s fault.
Samsung Galaxy Tab 3 Lite $99.99 8.6 (trustable) No known vulnerabilities, security back doors, potential to have its data stolen via USB, or security misconfigurations that are the vendor’s fault.
Nextbook (Walmart) $49.00 7 (semi-trustable) Ships with the FakeID and Towelroot vulnerabilities.
RCA 7 Mercury (Target) $39.99 6.9 (semi-trustable) Ships with the FakeID and Towelroot vulnerabilities.
Mach Speed Xtreme Play (Kmart) $39.99 6.5 (semi-trustable) Ships with the FakeID and Towelroot vulnerabilities.
Pioneer 7″ (Walmart) $49.99 6.4 (semi-trustable) Ships with the Master Key and FakeID vulnerabilities.
Ematic (Walmart) $39.99 6.3 (semi-trustable) Ships with the Master KeyFakeID and Towelroot vulnerabilities.
Mach Speed Jlab Pro (Staples) $49.99 6.1 (semi-trustable) Ships with the FakeID and Towelroot vulnerabilities, as well as vulnerability to data theft via USB.
RCA 9 Gemini (Walmart) $69.00 5.8 (semi-trustable) Ships with the Master KeyFakeID and Towelroot vulnerabilities.
Craig 7″ (Fred’s) $49.99 5.5 (semi-trustable) Ships with the Master KeyFakeID and Towelroot vulnerabilities.
Worryfree Zeepad (Walmart) $47.32 4.4 (suspicious) Ships with the FakeID and Towelroot vulnerabilities, a security back door, vulnerability to data theft via USB, and security misconfigurations that are the vendor’s fault.
Polaroid (Walgreens) $49.99 2.7 (suspicious) Ships with the HeartbleedMaster KeyFakeID and Towelroot vulnerabilities, a security back door, and security misconfigurations that are the vendor’s fault.
Zeki (Kohl’s) $49.99 2.1 (damned suspicious) Ships with the FakeID and Towelroot vulnerabilities, a security back door, vulnerability to data theft via USB, and security misconfigurations that are the vendor’s fault.
Digiland (Best Buy) $49.99 Too insecure to measure Ships with the Towelroot vulnerability, a security back door, and security misconfigurations that are the vendor’s fault.

The folks at Bluebox discovered that:

  • Almost all the cheap tablets had two vulnerabilities — weak points in the operating system that have been discovered and used by malicious parties — called “FakeID” and “Towelroot” (the folks at Bluebox call it by another name, “Futex”). FakedID is a weakness that allows a program to pretend that it’s a trusted program and thereby gain privileges that an untrusted program wouldn’t otherwise have, and Towelroot can give an unauthorized program “root” or administrative privileges, allowing it complete control of the device, These vulnerabilities are the product of operating systems being so complex that it’s all too easy to unintentionally leave a weak point in them that someone motivated enough to do so will eventually find them. Google, the people behind Android, regularly make “patches” — fixes for these errors — available, but it’s up to the vendors to incorporate them into devices that they’re manufacturing, and to push these updates to their devices “in the wild”. The bigger, pricier tablet vendors are pretty good about this, but the off-brand purveyors of bargain-bin tablets? Not so much.
  • Many of the cheap tablets also shipped with the “Master Key” vulnerability, which makes it possible for a maliciously-modified app to pose as the original. The folks at Bluebox figured this out, and responsibly disclosed it to Google. Google has posted a fix for this problem, but it’s up to Android device vendors to make sure that they use this fix. Once again, the high-end vendors have done so, while the cheaper ones may get around to it someday.
  • Some of the cheaper devices came “out of the box” with less-secure security configurations. These settings allow the user to install apps from sources other than Google Play, which also allows the installation of apps from malicious sources.
  • A few of the devices came pre-installed with “back door” software. Back door applications are software specifically designed to run without the user’s knowledge or approval and allow certain malicious parties who know how to access them gain entry into a system. The cheapest of the cheap tablets had these installed and lying in wait.

Don’t let people use their Black Friday bargain tablets for work!

where your cheap tablet should go

People are starting coming back to work from the holidays, and some of them may want to use the bargain tablets they picked up for themselves or got as a gift for work. Don’t let them!

If you do allow the use of personal devices at work, make sure that you:

  • Have a policy that clearly specifies platforms and devices that are approved for work use, and make sure that bargain mobile devices are clearly disallowed. They’re often more vulnerable thanks to cut-rate quality control,
  • Explain the risks involved in using cheap devices to access corporate resources, whether at the office, on the go, or at home,
  • Use mobile device management to ensure that mobile devices used for work are configured properly, and
  • Take advantage of security software like Bluebox’s Trustable (once again, it’s free) to see how trustworthy your mobile devices are.

this article also appears in the GSG blog

{ 0 comments }

Have a safe and happy holiday!

santa - ufo crash

All of us at GSG would like to wish you and your families a safe and happy holiday. We’d rather you didn’t get in the situation pictured above!

Save on great last-minute gifts at O’Reilly: 50% off ebooks and training videos and 40% off print books

oreilly books

O’Reilly make a good number of go-to books and videos for programmers, but they have a great selection of business books as well! Better still, they’re on sale for 50% off in electronic form (which you can get right away) or 40% off in print form until Friday, December 26 at 8:00 a.m. Eastern (GMT-5) / 5:00 a.m. Pacific (GMT-8)! Some notable books from their collection are:

  • Be the Best Bad Presenter Ever: If you hate leading presentations and public speaking, this book is for you! Author Karen Hough debunks over a dozen myths about presenting, explains how practicing in front of a mirror makes you worse, why you should never end with questions, and tells stories about people who not only were able to become great presenters by being “bad” but actually came to enjoy it! Follow her wise and witty advice, and you’ll be able to tear up the old rules and embrace and develop your own style. You’ll be freed to be a living, breathing, occasionally clumsy human being whose enthusiasm is powerful and infectious.
  • The Discomfort Zone: The Discomfort Zone is the moment when the mind is most open to learning. Author Marcia Reynolds says that it can prompt people to think through problems, see situations more strategically, and transcend their limitations. This book shows how to ask the kinds of questions that short-circuit the brain’s defense mechanisms and habitual thought patterns. The results: people are freed to find insightful and often profound solutions and get around the mental roadblocks holding them back. It features exercises and case studies will help you use discomfort in your conversations to create lasting changes and an enlivened workforce.
  • Rebels at Work: Ready to stand up and create positive change at work, but reluctant to speak up? True leadership doesn’t always come from a position of power or authority. By teaching you skills and providing practical advice, this handbook shows you how to engage your coworkers and bosses and bring your ideas forward so that they are heard, considered, and acted upon.
  • The Connected Company: In a world with social media, when your company’s performance runs short of what you’ve promised, customers can seize control of your brand message, spreading their disappointment and frustration faster than you can keep up. To keep pace with today’s connected customers, your company must become a connected company. That means deeply engaging with workers, partners, and customers, changing how work is done, how you measure success, and how performance is rewarded. It requires a new way of thinking about your company: less like a machine to be controlled, and more like a complex, dynamic system that can learn and adapt over time.
  • Who Kidnapped Excellence? This book has only 5-star reviews on Amazon and explains personal and organizational excellence in the form of a crime thriller. Excellence (personified) has been kidnapped, and Leadership pulls together a team made up of Passion, Flexibility, Communication, Competency, and Ownership to carry out the rescue. The problem: Average may be trying to replace that team with lesser people: N. Different, N. Ept, N. Flexible, Miss Communication, and Poser.

At half price and in ebook form, many of the books go for just above 10 bucks apiece. Just go to shop.oreilly.com and use the discount code HDPDNY at checkout!

Samsung starts mass production of chips that will reduce the gap between smartphone power and laptop power

samsung 8 gigabit ram chips

If you take a look at Best Buy’s selection of laptops, you’ll see they currently start at 4GB RAM, which these days is considered to be the minimum for running today’s operating systems and applications. Today’s smartphones currently have at most 2GB of RAM (and iOS devices are getting a lot of bang out of a mere 1GB). This is expected to change in the coming year as Samsung ramps up their production of their latest RAM chips, which have twice the capacity of their current best chips, and consume only 60% of the power.

The gap between mobile devices and laptops has been closing for some time. If you’d like to know more, check out our infographic, which you can also download from Pinterest:

2014's mobile tech vs 2010's laptops

A blue Christmas for Samsung’s flagship store in London

samsung london store closed

Photo by Najeeb Khan. Click to see the source.

London’s flagship Samsung Experience store, located in the Westfield Stratford City shopping center, has closed its doors permanently. As one of the two large Samsung shops in London, it was meant to be the go-to place to try out — and hopefully, buy — Samsung devices. However, with Samsung dropping out of the laptop business in Europe, their losing mobile sales to nimbler, cheaper Android competitors, and given the high price of London real estate, they had to close shop.

There are still a number of smaller Samsung stores in the UK, and so far, the company still has plans to open 60 new retail locations in Europe. We’ll have to see what happens with them in the new year.

iPhone 6 demand is strong, and supplies are surging just in time for the holidays

iphone 6

Gene Munster, an analyst with investment bank/asset management company Piper Jaffray reports that there’s good news for Apple investors and people who want an iPhone 6: demand for Apple’s newest, largest phones is strong, and Apple’s supply chain seems able to meet that demand. Here’s what he has to say about the demand:

We conducted a survey of 1,004 US consumers. Of those looking to purchase a smartphone in the next three months, 50% said they plan on purchasing an iPhone vs. 47% in September, following the iPhone 6 announcement. By comparison, demand for the iPhone decreased from 50% in Sep-13 to 44% in Dec-13 following the iPhone 5S launch. Overall we believe this shows that consumers are extremely interested in the larger screen iPhone 6, a testament to the strength of the current upgrade cycle.

And here’s his take on the supply:

While supply of the iPhone 6/6 Plus has been constrained since launch, our store checks suggest that supply is improving. In our checks of 80 Apple retail stores at the end of last week, we noted that 77.6% of stores had iPhone 6 units in stock vs. 56.1% of stores in the prior week.

Zacks Investment Research is also bullish on Apple, with analyst Eric Dutram calling the company the “Bull of the Day”, based on their 2015 prospects, which will include the release of the Apple Watch.

this article also appears in the GSG blog

{ 0 comments }

GSG’s infographics on Pinterest

by Joey deVilla on December 22, 2014

gsg on pinterest

Click the graphic to visit GSG’s Pinterest board for infographics.

You might not know that GSG (where I work) has a Pinterest board featuring infographics that explain, cover, and simplify all sorts of information about the world of telecom and mobile with graphs and pictures. I took some of the dullest, driest, most coma-inducing reports, articles, and white papers, gleaned whatever useful information was in them, gave them context and sharp graphics and unleashed them on the world. Give them a look!

(Don’t know what Pinterest is? It’s one of the most popular social media sites, geared towards sharing pictures grouped by topic. The Atlantic has an interesting take on it.)

The easiest way to get to GSG’s Pinterest is to use this easy-to-remember URL: bit.ly/gsgpinterest. We update it quite often with material gleaned from our blog posts, white papers, and presentations, so be sure to visit it regularly.

this article also appears in the GSG blog

{ 0 comments }

Infographic: The next three years in mobile

by Joey deVilla on December 19, 2014

The next three years in mobile preview

I recently listened to IDC’s FutureScape: Worldwide Mobile Enterprise Applications and Solutions 2015 Predictions webinar, taking copious notes along the way. While you should always take industry analyst predictions with an appropriately-sized grain of salt, these predictions seem to be based on observations that match patterns that I’ve seen across GSG’s customer base and in enterprises in general.

Starting next year, the next three years in mobile for the enterprise will see the more mobile apps with a stronger focus on “mobile first”, more spending on mobile, IT departments and internal development teams reorganizing themselves to adapt to an increasingly mobile computing world, and a need to manage the increased business and security risks that come with the territory.

We took what we felt were the most important take-aways from their webinar and turned them into an infographic, which we’ve posted below:

The next three years in mobile

Click the infographic to see it at full size.

this article also appears in the GSG blog

{ 0 comments }

What a difference 20 years makes!

by Joey deVilla on December 15, 2014

1994 vs 2014

Mind you, laptops still do things that smartphones can’t, thanks not just to their processing power, but their form factor as well, and tablets fill a Newton-like role. However, having just spent the weekend at various amusement park areas in Orlando and doing some people-watching while there, I can say with certainty that the bulky old-school cellphone, walkman, watch, still and video camera have been supplanted by the smartphone.

{ 0 comments }