Posts tagged crack
Can Apple crack China with the iPhone 4?
Sep 24th
Video: iPad on sale in China
“It is going to be successful. People are going to line up,” said Frank Yu, founder of Kwestr, a Shanghai-based web services company. “It is going to be sold out, that is my guess.”
Sales of the iPhone 3 were initially lackluster with China Unicom only selling around 5,000 units in the weeks following the device’s launch in 2009.
However sales volume picked up dramatically earlier this year after the mobile operator lowered rates for its bundled iPhone packages as well as adjusted tariffs for 3G access, which remains expensive in the country, according to Analysys International, a Beijing research firm.
By the second quarter, Apple became the fifth-largest smartphone vendor in China with just over a 7 percent share of shipments, according to Analysys. Nokia had the largest share with 26.7 percent.
Analysts say what is notable about the recent iPad launch and upcoming iPhone 4 release is a shift in how quickly Apple is introducing its products to the Chinese market.
Of China’s more than 420 million web users, around 233 million use mobile phones and other devices to access the Internet, according to government statistics. That number is likely to more than double by 2014, a report from the market research firm eMarketer said.
Cheaper smartphones combined with more affordable data plans from operators are expected to fuel the growth.
Today, the country has more than 800 million mobile subscribers, making it the largest handset market in the world.
Apple waited over two years to launch the iPhone 3G and iPhone 3GS in China, which were unveiled in the United States and other Western markets in 2007. In contrast, the iPhone 4 went on sale in the U.S., France, Britain, Germany and Japan in June and July. The iPad was released in the U.S. in May.
Slow to act in a booming market?
The delays in launching the original iPhones resulted in a flourishing “gray market” of fake iPhones or iPhones that had been smuggled in from Hong Kong or elsewhere. Many said served to at least partially undercut sales when the handset was legally released in 2009.
“Apple had already lost all of the early adopters in China who wanted to have that fancy phone,” Yu said. “We had all already bought an iPhone.”
It also spurred speculation that Apple was having trouble in its negotiations with Chinese mobile operators to come up with an exclusive deal to bundle subsidized handsets with service contracts.
“[Apple] wasn’t able to come to an agreement some of the operators wanted to come up with,” said Jake Saunders, head of ABI Research’s Asia-Pacific division.
“Apple also has a revenue sharing model in place, which is a stumbling block in the Chinese market where ARPU (average revenue per user) is one of the lowest in the world.”
Others saw the delays as a sign that the California-based company simply was not interested in reaching Chinese consumers.
In July, Liu Chuanzhi, head of Lenovo, China’s leading PC maker, told the Financial Times that Apple did not care about China and that if the company “were to spend the same effort on the Chinese consumer as we do, we would be in trouble.”
Yet some say the quick releases of the iPad and iPhone 4 along with the new store openings is a sign that Apple is not only taking China more seriously but also gaining a greater understanding of its massive mobile market.
The company, for example, released the iPad in its stores without any exclusive deal with operators to link 3G to the device, which also has wireless capabilities.
This means Chinese consumers, most of whom buy pay-as-you-go plans separate from their handsets, are not tied down to lengthy contracts.
“They must have started to realize that the Chinese market is so huge, and it is not the same as other markets,” said an industry insider who declined to be identified due to his company’s ongoing operations in China.
“With the quick launch of the iPad without any negotiation with operators, I think now they don’t care about the 3G connection. They believe it is not that important, at least not in China.”
Facing up to big challenges
Even so, Apple could face further challenges here. While the company’s products are especially popular among China’s expanding middle- and upper-classes who have disposable income to spend on high-end products to show off their wealth, the iPhone is still too expensive for most to purchase.
Additionally, the Chinese version of Apple’s App Store still has an interface in English and requires payment from dual-currency credit cards, which many Chinese don’t have.
There’s also no shortage of pirated iPhone applications available online for free, undercutting Apple’s abilities to generate revenues from its iTunes store. An impending explosion of low-cost smartphones running Google’s Android operating system could also curtail Apple’s growth.
Local application developers say they are now turning their focus to creating Chinese applications for Android devices, only building iPhone apps for more profitable international markets.
“China is going to be an Android market. There will be millions and millions of Android devices here, and right now a lot of companies, even iPhone development companies, are starting to work on Android application development,” said Wang Bo, founder of Bokan Technologies, a Beijing-based application development company.
Still it does not appear the demand for Apple products among status-obsessed Chinese will go away anytime soon.
“A lot of people want to buy Apple,” said Linda Hou, a 31-year-old who was shopping for an iPad for her child at the Apple store in Beijing on Wednesday.
“It is a famous brand. Some people want to buy it because it is fashionable and some because of its function.”
GSM encryption: No need to crack it, just turn it off
Aug 3rd
There are ways to get around GSM encryption, but the equipment has been expensive and difficult to get. It appears that is no longer the case.
—————————————————————————————-
It’s that time of year. Defcon and Black Hat conventions are happening. Invited presenters are spilling the beans about security issues they have uncovered. One of the more controversial presentations explains how to affordably side step GSM encryption. That’s a big deal since billions of people are still using GSM phones.
Some history
GSM encryption can be circumvented due to the trusting nature of the protocol. Fortunately, the following two factors have kept it safe:
The cost of equipment required to circumvent GSM encryption is astronomical. Not just anyone can buy the equipment. You have to work for one of those three-letter organizations or have a badge. Enter Chris Paget
It had to happen; cost is no longer an issue. Chris Paget is saying it’s possible to intercept GSM phone calls on the cheap. That type of bravado created the drama Defcon is known for. So much so, that Mr. Paget wasn’t sure he was going to give his talk.
A credible source indicated to Mr. Paget that AT&T (only AT&T and T-Mobile have GSM networks) might be considering a lawsuit. On top of that, the FCC let it be known they were concerned about unlawful interception of phone calls. After conferring with EFF lawyers, Mr. Paget went ahead with the presentation and live demonstration. Mr. Paget mentions his appreciation for their help in one of his blogs:
“I’d like to say a really big thank you to the EFF; without their assistance the talk would not have gone ahead (the demo certainly wouldn’t have).”
Weak link
Mr. Paget uses what many consider a flaw in the GSM protocol. That being there is no mutual-authentication exchange between mobile phones and the network. Only the phone authenticates. It sends a unique International Mobile Subscriber Identity (IMSI) stored on the SIM to the cell tower it’s trying to associate with.
It would appear that this weakness opens the door for Man-in-the-Middle (MitM) attacks. Yet, some argue that’s not possible. The traffic is encrypted. Well, maybe not. The GSM protocol gives network controllers (cell towers) the option to force connected mobile phones to turn off encryption.
What that means
Like any MitM attack, the idea is to create a situation where a piece of hardware is able to interact with GSM mobile phones in the same manner as the telco provider’s cell tower. Hardware devices capable of this are fittingly called IMSI-catchers.
Any number of things can happen after the IMSI-catcher is in control. Sensitive information such as IMSI, IMEI, and phone numbers can be captured. It’s also possible to record the audio portion of each call.
Required equipment
Some friends of mine stressed that this is not new technology. Several companies sell IMSI-catchers, NeoSoft being one example. The catch is that the equipment is usually only sold to governmental agencies and law enforcement groups. Besides they are hugely expensive.
Therein lies the real significance of what Mr. Paget accomplished. He made an IMSI-catcher for around $1500 US. That includes the transceiver, two directional antennas, a notebook, OpenBTS a software-GSM access point, and Asterisk — software that acts as a gateway between GSM networks and VoIP networks. The following slide gives you an idea of the setup (courtesy of Dave Bullock and Wired):
Indications of an attack
There aren’t strong indicators that a MitM attack is taking place. Mr. Paget did mention we need to be alert for the following oddities when making a phone call:
The phone is on a GSM network in a known 3G coverage area and the phone is 3G capable. The receiving party is seeing an unusual phone number on caller-ID. Paget’s IMSI-catcher only captures outbound calls. Incoming calls go directly to voice mail.
Mr. Paget during his talk admitted the software could easily be upgraded to forward the caller’s real phone number.
Possible workarounds
There is some recourse for people using AT&T and T-Mobile phones. Mr. Paget mentioned that BlackBerry phones from RIM may add a second layer of encryption and have a setting to disable GSM. Another possibility is AT&T’s new encryption service. For the rest of us, it seems we need to make sure to use 3G whenever possible.
Final thoughts
Fortunately, this attack only works if your mobile phone is using a GSM network. CDMA and 3G networks are safe for now. The real concern is that this attack vector is no longer out of reach due to cost. Making it one more thing security-conscious people need to be aware of.
Police crack down on drivers using mobile phones
Jul 28th
A total of 22 lorry drivers have had their licences suspended for up to three weeks for using a mobile phone while driving, following a sting operation by Avon and Somerset Police.
The drivers were caught as part of Operation: Tramline, which took place in May, and resulted in a driver misconduct hearing before Traffic Commissioner (TC) Sarah Bell in Bristol on Monday (25 July).
A further 25 drivers caught during the operation will have their cases heard in a court in Birmingham later this week.
The Freight Transport Association (FTA) has also been brought in to provide further information to operators about road safety and eradicating the use of a mobile phone behind the wheel.
Ian Gallagher, FTA police manager for the South-West, told roadtransport.com: “The message that came out of the hearing was loud and clear: mobile phone use and driving doesn’t mix. If you drive while using the phone you are putting your license and your livelihood in jeopardy.
“Even hands-free calls can be an unwelcome distraction and will not be looked on kindly,” he warned.
He said the case was highlighted by the variety of excuses drivers offered for using a mobile phone: these include one driver who said holding a mobile phone was a substitute for smoking cigarettes as he had recently quit smoking and another who blamed his employer’s traffic office for calling him in the cab.
TC Bell added: “Drivers who persist in using hand-held mobile phones, laptops and other mobile devices while driving place other road users at real risk.
“This hearing should sound a warning to transport operators that their vehicles must be operated within regulations and with consideration for others’ safety – or their businesses will be affected.”
