Samsung and HTC Android phones vulnerable to 'remote wipe' hack

Millions of Android handsets including the Samsung Galaxy S3, Galaxy S2, HTC One X and HTC Desire can be wiped just by visiting a malicious website that embeds particular code in weblinks, security experts have warned.

Update: HTC has issued a statement saying that "our devices do not support a USSD code to factory reset option." This means that they should not be vulnerable to the exploit described below.

A user with a vulnerable handset who visits a page and clicks a link containing the malicious code would see their phone wiped, losing personal data such as photos and texts as well as repleaceable data such as contact details and apps.

The flaw is caused by a security hole in some versions of Android's dialler software, which allows the "tel:" URL prefix to be used on a webpage to perform functions on the phone's dialling software. Normally that is useful for functions such as initiating a call on the handset directly from a site. But the tel: prefix can also be used to pass a string of non-numeric data to the dialler.

Special strings of characters can perform other functions; for example typing #06# on the dialler will display a phone's IMEI number.

The flaw exploits a string that activates a factory reset of some phones because they do not force a user interaction before carrying out the function encoded in the string. The code would have to be embedded as a link to cause the user to activate it - but it would be easy to represent it as an innocent link to Google or any site. Pressing the link would initiate the wipe.

Users of vulnerable handsets may be able to install a third-party dialler and make that the default as protection against the "remote wipe" attack. Experts also pointed out that not all Android handsets have the capability for a remote wipe built in - although the number of models discovered with the vulnerability has grown since it became known on Tuesday.

Dylan Reeve, a New Zealand-based TV editor who first brought the flaw to wide notice, says that Samsung Galaxy phones which use Android 4.1 will be safe from the hack. But that still leaves millions of Galaxy S2 and some S3 models which will not have had the correct revision of the firmware rolled out to them and which could be hit.

The number of phones that could be vulnerable potentially numbers millions. Samsung has shipped more than 20m Galaxy S3 handsets and at least as many of the S2 handset, released in 2011. HTC has similarly sold millions of Desire and One X handsets.

But many will have shipped with versions of Android which are vulnerable to this attack, and there are no figures to show what proportion have been updated. The vast majority of the 480m Android devices in use at present have versions of Android which could potentially be vulnerable to this attack.

Though the vulnerability was fixed in Android's core code earlier this year, that code has not been propagated to every handset in use. The fact that the flaw existed in handsets from Samsung and HTC - the two biggest vendors of Android handsets - also suggests that a huge number of existing handsets could include the outdated code.

Samsung said in a statement that it has already provided a patch for the Galaxy S3, but it is not clear how long that will take for operator approval and rollout. In general software updates to any phone have to first be tested and approved by the carrier supporting the phone. Samsung said it is testing a patch for the Galaxy S2, but had no information on when it will be available or how it will be distributed.

At first it was thought that only Samsung phones were vulnerable. But some HTC devices, including the HTC One X running HTC Sense 4.0 with Android 4.0.3 and the Motorola Defy (running Cyanogen Mod 7 on Android 2.3.5), have also been shown to suffer from the flaw.

Commenting after the discovery that multiple makes and models are vulnerable, Reeve commented: "it is very poor design to allow a passed value to execute as if it were keyed in interactively."

Paul Ducklin of the security company Sophos said: "The bottom line here is this: get into the habit of backing up your phone. Whether you choose to trust the cloud, or synchronise to your laptop, or just copy important files to removable storage, don't take the long-term data integrity of your phone for granted."

The video at the top of the page shows the attack being carried out.

Reeve has created a web page that allows people to test whether their phone passes on and processes the tel: prefix automatically. If the phone allows the automatic processing of tel: codes, Reeve's page displays the IMEI code.

• This article was updated on 28 September 2012 to reflect a statement from HTC that its phones do not have the security weakness described here.

New Android OS ensures Google dominance

Though Android powers the lion's share of superphones, Google's mobile OS won its enormous market share by being widely available across many phones, many carriers and many nations, often at prices that would give Apple accountants a laugh. The features of the OS were decent enough to be competitive, but few ever sang of their beauty and grace.

Now Android is attempting to justify its ascendancy with a head-to-toe software revision, and its competitors should be afraid. If Google's previously frumpy, inconsistent OS was enough to gain majority smartphone market share, what's to stop this elegant, intelligent update from solidifying that dominance?

When the news hit, I went over many of the new features of Android 4.0, a.k.a. Ice Cream Sandwich. Taken altogether, they not only represent Android once again meeting or beating the features of competitors. For the first time, they represent a desire by Android's keepers to unify look-and-feel throughout the OS, to have a single design language, much like that of iOS or Windows Phone. In fact, you could say that the new Android borrows equally from both Apple and Microsoft, to make a product that is arguably stronger than both.

Results CRM Delivers Integration with Citrix ShareFile

Results Software, award-winning provider of Customer Relationship Management (CRM) and Business Management Solutions, announced today integration of the ShareFile cloud-based document storage and file sharing service with its Results CRM solution. This integration enables users to send, receive, sync, and share large files with anyone, from anywhere, and using any device—all within a highly secure space.
The integration with ShareFile provides Results CRM users with an innovative and effective in-the-cloud document management solution—in addition to the existing Results document management options. Results CRM users can easily scan, upload, and attach documents to any Results CRM contact, activity, sales opportunity, and project. This allows Results users to access those attached documents from within Results or directly from ShareFile. ShareFile also enables the creation of a custom-branded, password-protected space where users can exchange business files with clients easily and securely. ShareFile supports the ability to send large files by email, conduct a secure file transfer, or use a shared online space where project-related files can be posted.
“We are very pleased to deliver CRM and Business Management functionality to ShareFile users, so that the files that they store can now be saved and retrieved in context of the Contact or Project that the file belongs to.” said Sam Saab, President and Founder of Results Software.
“The integration delivers a seamless experience that creates increased productivity by providing access to important documents anytime, anywhere. We’re excited to have an integration with an award-winning provider of Customer Relationship and Business Management Solutions, creating an effective cloud document management solution for all businesses," said Cat Allday Senior Director, Product Management SaaS at Citrix ShareFile.
The Results-ShareFile Integration module is currently shipping and is included at no additional charge in all Results QuickStart Bundles.
About Results Software
Founded in 1985, Results Software provides Customer Relationship Management (CRM) and Business Management Solutions to a diverse client base. The Results family of products helps organizations of all sizes and within multiple industries streamline operations, improve efficiencies, and increase performance with its award-winning software and services. Results Software also offers a comprehensive line of professional services focused on helping clients grow their businesses—including consulting, systems analysis, custom programming, data conversion, custom reports, and training. Results has earned top honors from Intuit as a QuickBooks Gold Certified Developer, is a Microsoft® Certified Partner, and has won both a K2 Enterprises Quality Award and the prestigious Awesome QuickBooks Add-on Award from The Sleeter Group.
About Results CRM
Results CRM delivers a complete and flexible approach to business information management and business process automation for sales and marketing, service delivery, customer service, order tracking, project management, time-billing, invoicing, purchase orders, and inventory control. Results CRM provides seamless bi-directional integration with QuickBooks®, Outlook®, Constant Contact®, SmartVault®, Citrix ShareFile®, XpandedReports, and SharePoint®. Results CRM is proudly 100% designed, developed, and supported in the United States.

New Public Cloud by Oracle

The new Oracle Cloud, presented at the company's headquarters in Redwood Shores, Calif., provides platform-as-a-service access to the company's key products.
Virtual Machines
The new service will feature subscription access to Fusion CRM , the Oracle Social Network, Fusion human capital management, the Oracle Database Service, and the Oracle Java Cloud Service. The Oracle Social Network is a suite of collaboration  tools and services that is intended to compete with the variety of cloud-based social business apps being released by competitors, notably Salesforce.
Oracle had previously launched its Public Cloud in October at the Oracle OpenWorld conference as an integrated set of apps and infrastructure, but this announcement raises the bar and offers subscription-based access to the company's suite of products. Ellison said the new cloud provides everything a client would need for platform, application, custom infrastructure or social business.
As Oracle moves to compete with Microsoft, SAP, Salesforce, IBM, Google, Amazon and others, CEO Larry Ellison has said that one of its competitive advantages will be that each enterprise  customer  will have a virtual  machine  instead of a multi-tenant architecture , providing more flexibility and security .
He told a technology conference last week that customers of the Oracle Cloud "will be more secure , more in control and have a much more modern version of the cloud."

Ellison's position represents a turnaround for the high-profile executive, who had previously badmouthed cloud-based computing on more than one occasion.
Now, he says he thought it was "ridiculously hyped," and that his problem with it had been the hype, not the promise. Ellison current position is that cloud-based software offers a "charismatic brand for the next version of computing."
Another attraction is that, according to comments made to news media by Oracle Chief Financial Officer Safra Catz, operating margins for the Oracle Cloud could top 50 percent. But, as with Microsoft and others, the risk to Oracle is that it could hurt its regular sales by making its crown jewels available online.
Oracle has been acquiring companies recently that have major online components and has been retooling its software, in order to get ready for this day. Such acquisitions have included human resources software company Taleo, customer service provider RightNow Technologies, social media analytics firm Collective Intellect, social marketing firm Virtue, and data management company Endeca.
Other companies previously acquired by Oracle include Siebel Systems, JD Edwards, Hyperion and PeopleSoft.
Of course, key rival SAP has not been sitting on its hands, having announced its own cloud-based service in May and having also been on a buying spree. Last month it made an offer for cloud-based commerce network  provider Ariba, and it recently purchased human resources software provider SuccessFactors.

CRM Delivers Integration with Citrix

The integration with ShareFile provides Results CRM users with an innovative and effective in-the-cloud document management solution-in addition to the existing Results document management options. Results CRM users can easily scan, upload, and attach documents to any Results CRM contact , activity, sales opportunity, and project. This allows Results users to access those attached documents from within Results or directly from ShareFile. ShareFile also enables the creation of a custom-branded, password-protected space where users can exchange business files with clients easily and securely. ShareFile supports the ability to send large files by email, conduct a secure file transfer, or use a shared online space where project-related files can be posted.
"We are very pleased to deliver CRM and Business Management functionality to ShareFile users, so that the files that they store can now be saved and retrieved in context of the Contact or Project that the file belongs to." said Sam Saab, President and Founder of Results Software.
"The integration delivers a seamless experience that creates increased productivity by providing access to important documents anytime, anywhere. We're excited to have an integration with an award-winning provider of Customer Relationship and Business Management Solutions, creating an effective cloud document management solution for all businesses," said Cat Allday Senior Director, Product Management SaaS at Citrix  ShareFile.
The Results-ShareFile Integration module is currently shipping and is included at no additional charge in all Results QuickStart Bundles.
About Results Software
Founded in 1985, Results Software provides Customer Relationship Management (CRM) and Business Management Solutions to a diverse client base. The Results family of products helps organizations of all sizes and within multiple industries streamline operations, improve efficiencies, and increase performance with its award-winning software and services. Results Software also offers a comprehensive line of professional services focused on helping clients grow their businesses-including consulting, systems analysis, custom programming, data conversion, custom reports, and training. Results has earned top honors from Intuit as a QuickBooks Gold Certified Developer, is a Microsoft? Certified Partner, and has won both a K2 Enterprises Quality Award and the prestigious Awesome QuickBooks Add-on Award from The Sleeter Group.
About Results CRM
Results CRM delivers a complete and flexible approach to business information management and business process automation for sales and marketing, service delivery, customer  service, order tracking, project management, time-billing, invoicing, purchase orders, and inventory control. Results CRM provides seamless bi-directional integration with QuickBooks?, Outlook?, Constant Contact?, SmartVault?, Citrix ShareFile?, XpandedReports, and SharePoint?. Results CRM is proudly 100% designed, developed, and supported in the United States.

Google Nexus 7 review

Undoubtedly tired of watching OEMs make little headway in their uphill struggle against Apple's iPad, Google executives took the stage at this year's Google I/O developer conference to announce a branded seven-inch tablet of their own, which the search giant is offering direct through its Play store.
Like other Nexus-branded devices, the Nexus 7 tablet isn't actually hardware manufactured by Google. As Mountain View has done with Samsung, HTC and Motorola in the past, the company paired with Asus to design and manufacture its slender tablet.

It's a smart move: Among Android tablets, Asus makes some of the best around, but matching the rock-bottom $199 (£130) price of Amazon's Kindle Fire while exceeding its meager specs would be a challenge for any manufacturer. And make no mistake: The Nexus 7 is more of an effort to stomp out Amazon's unwelcome (and forked) version of Android more than it's attempt to dethrone Apple's reigning champ.

The good news is that very little has been sacrificed along the way, unlike with Amazon's initial offering. According to Android boss Andy Rubin, Google's profit margin bears the brunt of any sacrifices made, both from selling hardware at cost but also from tossing in generous perks such as a $25 (or £15) Google Play credit for every Nexus 7 owner.
But enough about why and how Google has released the Nexus 7: Is it worth even $199 / £159 of your hard-earned cash?

5 Things Motorola's New CEO Must Do

Google today said that it has finally closed its acquisition of Motorola. First announced in August 2011, the $12.5 billion deal took longer than expected to clear regulatory hurdles in China. China gave Google the green light on May 19 and Google now owns Motorola Mobility, for which it paid $40 per share in cash.

Now that the deal is complete, Google has already made changes to the company's leadership. Motorola CEO Sanjay Jha, who led the company for about three and a half years, is stepping aside and being replaced by Dennis Woodside, a Google veteran. According to Google, Woodside played a pivotal role in the acquisition process. Jha will work with Google to help complete the leadership transition, but only temporarily.

"I'm happy to announce the deal has closed," said Google CEO Larry Page. "Motorola is a great American tech company, with a track record of over 80 years of innovation. It's a great time to be in the mobile business, and I'm confident that the team at Motorola will be creating the next generation of mobile devices that will improve lives for years to come."
[ Read about Google's plan to sell "pure Android" smartphones through its Google Play Store. See Why Google's Nexus Plan Makes Sense. ]
One concession Google had to make in order to garner approval from Chinese antitrust regulators was a commitment to Android's openness. Google agreed to keep the platform open to other handset makers for a period of at least five years from the closing of the acquisition. Google explained in its press release that Motorola Mobility will remain a licensee of Android and Android will remain open. Motorola Mobility will be operated as a separate business.
Google and Motorola need to get to work. Motorola Mobility's new CEO Dennis Woodside has already made some changes. He's bringing in a refreshed executive team and mixing them up with a number of existing execs from the Motorola side of the business. Aside from forming a new management team, here are five other things Woodside needs to do.
Focus on Fewer, Better Phones. Motorola has followed the industry trend of launching more than a dozen handsets each year, ranging from entry-level devices to high-end smartphones. The company needs to pull back and bring superior products to market rather than employ the shotgun approach.
Differentiate Hardware. Creating unique handsets is becoming more and more difficult, but differentiation is key to selling in the crowded smartphone market. Motorola can't be afraid to take risks on new technology to achieve this goal.
Foster and Improve Existing Business Partners. Motorola has relationships with carriers worldwide--relationships that were in place long before Google came along. Google and Motorola need to tread lightly and make sure these relationships can move forward productively. If wireless network operators, for example, start to think that Google is going to be another Apple and exert too much control over Android devices, they might not be willing to sell Motorola's devices.
Make a Swift Decision About the Cable Box Business. Motorola Mobility's other business is to provide set-top boxes to cable television subscribers. This is a decent business, but it isn't why Google bought Motorola. Google picked Motorola due to its 17,000 mobile technology patents. The cable box business can be a boon for Google TV, which has failed to really catch on since its 2010 launch. Google and Motorola need to either plow forward with it in a unique and appealing way or divest it so the company can concentrate on its core businesses.
Be Careful With Those Patents (And Settle with Microsoft). The 17,000 patents provide Google, Motorola, and Android licensees some protection in the current smartphone patent war among the hardware vendors. Motorola and Google would do well to sidestep these battles. More importantly, Motorola recently lost a patent case with Microsoft. Microsoft won a ban on Motorola imports. If the ban goes into effect, Motorola won't be allowed to import its key smartphones and sell them in the U.S. Google and Motorola need to sit down with Microsoft and hammer out an agreement for the patents at hand and move past this distraction.
Woodside seems bullish on Motorola's chances moving forward. Let's hope he can do good things with Motorola and get the company back in the game.
"Motorola literally invented the entire mobile industry with the first-ever commercial cell phone in 1983," said Woodside. "Thirty years later, mobile devices are at the center of the computing revolution. Our aim is simple: to focus Motorola Mobility's remarkable talent on fewer, bigger bets, and create wonderful devices that are used by people around the world."