The Wi-Fi Alliance announced the new Wi-Fi 6E terminology for 802.11ax operation in the 6 GHz band last month. At CES 2020, Broadcom announced a number of Wi-Fi 6E access point solutions. Today, Broadcom is announcing the BCM4389 client Wi-Fi 6E chipset. From a report: Consumers can expect to see the chipset in the next generation of high-end smartphones. We have already covered the advantages of Wi-Fi 6E in terms of lower latency, higher throughput, and the availability of more number of 160 MHz channels in our coverage of the Wi-Fi Alliance announcement at CES. The BCM4389 builds upon Broadcom's success with the BCM4375, which happens to be the currently leading client Wi-Fi 6 chipset in the smartphone market. In addition to the new 6 GHz support with tri-band simultaneous operation and 160 MHz channel support, the BCM4389 also brings in additional power efficiency, thanks to its 16nm process technology and architectural improvements.

The BCM4375 is a 28nm chipset with 2x2 2.4 GHz and 2x2 5 GHz support, while the new BCM4389 adds 2x2 6 GHz to the mix. The scanning radio accounts for the additional radio chain. The Bluetooth 5.0 functionality has also received a boost with MIMO support. Broadcom claims that the new implementation can reduce pairing time by a factor of 2 and also alleviate glitching issues when connected to Wi-Fi at the same time (compared to the BCM4375). The icing on the cake is that the MIMO support works with implicit beamforming ensuring that legacy Bluetooth devices stand to benefit too.

The sophistication of the Emotet malware's code base and its regularly evolving methods for tricking targets into clicking on malicious links has allowed it to spread widely. "Now, Emotet is adopting yet another way to spread: using already compromised devices to infect devices connected to nearby Wi-Fi networks," reports Ars Technica. From the report: Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all nearby Wi-Fi networks. It uses a programming interface called wlanAPI to profile the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Then, the malware uses one of two password lists to guess commonly used default username and password combinations. After successfully gaining access to a new Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it. Using a second password list, the malware then tries to guess credentials for each user connected to the drive. In the event that no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.

"With this newly discovered loader-type used by Emotet, a new threat vector is introduced to Emotet's capabilities," researchers from security firm Binary Defense wrote in a recently published post. "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords." The Binary Defense post said the new Wi-Fi spreader has a timestamp of April 2018 and was first submitted to the VirusTotal malware search engine a month later. While the module was created almost two years ago, Binary Defense didn't observe it being used in the wild until last month.

An anonymous reader quotes a report from Reuters: T-Mobile's edged closer to a takeover of Sprint after a federal judge on Tuesday approved the deal, rejecting a claim by a group of states that said the deal would violate antitrust laws and raise prices. During a two-week trial in December, T-Mobile and Sprint argued the merger will better equip the new company to compete with top players Verizon and AT&T as the third-largest U.S. wireless carrier, creating a more efficient company with low prices and faster internet speeds. The states, led by California and New York, had said the deal would reduce competition, leading to higher prices.

The decision by U.S. District Court Judge Victor Marrero clears the path for the deal, which already has federal approval and was originally valued at $26 billion. In his ruling, the judge noted the difficulty in deciding an antitrust case since it forces the judge to predict the future in deciding if a deal will lead to higher prices. But Judge Marrero said that he based his decision on three essential points. The first was that he was not persuaded by the states that the deal would lead to higher prices or lower quality wireless services. He disagreed that Sprint would remain a strong competitor and was unconvinced that DISH, who is buying divested assets from the deal, would fail to live up to its promises to enter and compete in the wireless market. Sprint and T-Mobile said in a statement they would move to finalize the merger, which is still subject to certain closing conditions and possible court proceedings. New York's attorney general said the state is considering an appeal; California's attorney general said that state is "prepared to fight."

Two smartphone makers canceled events at the world's biggest mobile technology showcase in response to the coronavirus outbreak, and organizers reinforced hygiene protocol for people still planning to attend. From a report: Delegates were warned to avoid handshakes and microphones will be changed for different conference speakers in an effort to avoid infections at MWC Barcelona, an annual event that's set to draw around 100,000 people from around the world to the Spanish city from Feb. 24 to 27. This year's conference is supposed to be a launch pad for a renewed push on 5G devices. However, South Korea's LG Electronics said it's withdrawing from exhibiting at the conference because most health experts advised against "needlessly" exposing hundreds of employees to international travel. Shenzhen, China-based ZTE, which makes smartphones and wireless networking equipment, cited difficulties in traveling out of China while virus-containment restrictions are in place, and so it's canceling its MWC press conference, though it will still send a delegation.

Slashdot reader JustAnotherOldGuy quotes ZDNet: Security experts have published a report Tuesday warning that the new and fast-rising LoRaWAN technology is vulnerable to cyberattacks and misconfigurations, despite claims of improved security rooted in the protocol's use of two layers of encryption.

LoRaWAN stands for "Long Range Wide Area Network." It is a radio-based technology that works on top of the proprietary LoRa protocol. LoRaWAN takes the LoRa protocol and allows devices spread across a large geographical area to wirelessly connect to the internet via radio waves...

But broadcasting data from devices via radio waves is not a secure approach. However, the protocol's creators anticipated this issue. Since its first version, LoRaWAN has used two layers of 128-bit encryption to secure the data being broadcast from devices — with one encryption key being used to authenticate the device against the network server and the other against a company's backend application. In a 27-page report published Tuesday, security researchers from IOActive say the protocol is prone to misconfigurations and design choices that make it susceptible to hacking and cyber-attacks. The company lists several scenarios it found plausible during its analysis of this fast-rising protocol.
Some examples:

• "Encryption keys can be extracted from devices by reverse engineering the firmware of devices that ship with a LoRaWAN module."
• "Many devices come with a tag displaying a QR code and/or text with the device's identifier, security keys, or more."

Federal Communications Commission Chairman Ajit Pai told lawmakers Friday he intends to propose fines against at least one U.S. wireless carrier for sharing customers' real-time location data with outside parties without the subscribers' knowledge or consent. From a report: The FCC has been investigating for more than a year following revelations that subscriber location data from AT&T, T-Mobile and Sprint made its way to a resale market used by bounty hunters. Pai said in letters to several lawmakers that the agency's investigation has found that "one or more wireless carriers apparently violated federal law."

Jacob Hoffman-Andrews, writing for EFF: If you follow security on the Internet, you may have seen articles warning you to "beware of public Wi-Fi networks" in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was. The advice stems from the early days of the Internet, when most communication was not encrypted. At that time, if someone could snoop on your network communications -- for instance by sniffing packets from unencrypted Wi-Fi or by being the NSA -- they could read your email. Starting in 2010 that all changed. Eric Butler released Firesheep, an easy-to-use demonstration of "sniffing" insecure HTTP to take over people's accounts. Site owners started to take note and realized they needed to implement HTTPS (the more secure, encrypted version of HTTP) for every page on their site. The timing was good: earlier that year, Google had turned on HTTPS by default for all Gmail users and reported that the costs to do so were quite low. Hardware and software had advanced to the point where encrypting web browsing was easy and cheap.

However, practical deployment of HTTPS across the whole web took a long time. One big obstacle was the difficulty for webmasters and site administrators of buying and installing a certificate (a small file required in order to set up HTTPS). EFF helped launch Let's Encrypt, which makes certificates available for free, and we wrote Certbot, the easiest way to get a free certificate from Let's Encrypt and install it. Meanwhile, lots of site owners were changing their software and HTML in order to make the switch to HTTPS. There's been tremendous progress, and now 92% of web page loads from the United States use HTTPS. In other countries the percentage is somewhat lower -- 80% in India, for example -- but HTTPS still protects the large majority of pages visited. [...] What about the risk of governments scooping up signals from "open" public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies. If that's the case, it means the same information is commonly visible to the government whether they sniff it from the air or from the wires.

Parents cave in to kids' relentless begging for Apple's wireless white earbuds; schools ban the. From a report: AirPods, once just an adult status symbol, are turning up on the playground. Kids' persistent nagging for the tiny wireless earbuds have parents groaning about the cost, the risk of loss or theft and concerns that they scream "privilege." [...] The desire for the high-end tech may well be due to the fact that even very young children see them all over social media, but it also speaks to the rising popularity of "hearables," which my colleagues predicted will be among the life-changing technologies of 2020. By the end of the year, eMarketer predicts, more than one-third of the U.S. population will be using smart ear-worn devices.

Johnny Sanchez's (anecdote in the story) 10-year-old son was begging for AirPods because his three older siblings all have them. Mr. Sanchez, a technology manager at an entertainment company in Los Angeles, finally gave his youngest child his AirPods when he upgraded his own. "We've talked about how it feels cool to have them but you don't rub it in peoples" faces," said Mr. Sanchez. Mr. Sanchez doesn't have to worry about his son showing off to his classmates because he said his elementary school has banned AirPods. Other schools have banned them and regular earbuds too, arguing they cause students to be distracted and can be used to cheat on tests.

Long-time Slashdot reader gabebear writes: The FCC hasn't officially cleared 6 GHz for WiFi, but chipsets that support 6 GHz are starting to be released. 6 GHz opens up a several times more bandwidth than what is currently available with WiFi, although it doesn't penetrate walls as well as 2.4 GHz.

Celeno has their press release and Broadcom has their press release. Still no news from Intel or Qualcomm on chipsets that support 6 GHz.

An anonymous reader quotes a report from Ars Technica: Today's example of smart stuff going dumb comes courtesy of Under Armour, which is effectively rendering its fitness hardware line very expensive paperweights. The company quietly pulled its UA Record app from both Google Play and Apple's App Store on New Year's Eve. In an announcement dated sometime around January 8, Under Armour said that not only has the app been removed from all app stores, but the company is no longer providing customer support or bug fixes for the software, which will completely stop working as of March 31.

Under Armour launched its lineup of connected fitness devices in 2016. The trio of trackers included a wrist-worn activity monitor, a smart scale, and a chest-strap-style heart rate monitor. The scale and wristband retailed at $180 each, with the heart monitor going for $80. Shoppers could buy all three together in a $400 bundle called the UA HealthBox. The end of the road is nigh, it seems, and all three products are about to meet their doom as Under Armour kills off Record for good. Users are instead expected to switch to MapMyFitness, which Under Armour bills as "an even better tracking experience." The company also set the UA Record Twitter account to private, effectively taking it offline to anyone except the 133 accounts it follows. Current device owners also can't export all their data. While workout data can be exported and transferred to some other tracking app, Record users cannot capture weight or other historical data to carry forward with them.

A group of U.S. states suing to block T-Mobile from merging with Sprint on Wednesday told a federal judge that the deal would violate antitrust laws and raise wireless prices for consumers. Reuters reports: The states filed a lawsuit in June to block the merger, saying it would harm low-income Americans in particular. T-Mobile and Sprint contend that the merger would enable the combined company to compete more effectively with dominant carriers Verizon and AT&T. U.S. District Court Judge Victor Marrero, who presided over a two-week trial last month in federal court in Manhattan, began hearing closing arguments in the case on Wednesday.

"I'm here speaking on behalf of 130 million consumers who live in these states," Glenn Pomerantz, a lawyer for the states, said at the outset of his argument. "If this merger goes forward, they're at risk for paying billions of dollars more every single year for those services." When T-Mobile majority shareholder Deutsche Telekom first contemplated the deal in 2010, it "expressly and unambiguously admitted that it had potential to reduce price competition," Pomerantz said. The states also emphasized that the carriers did not need a merger to introduce previous generations of wireless technology, and Pomerantz argued that T-Mobile would continue to acquire spectrum, or airwaves that carry data, from a variety of sources even if the merger was blocked.

Google said today that it's on track to bring more than 120 games to its cloud gaming service Stadia in 2020 and is planning to offer more than 10 Stadia-exclusive games for the first half of the year. From a report: That would be a pretty massive jump from the 26 games and one exclusive that are currently available, and all in a little more than a year after the service's launch, if those projections hold true. Previously, Google had only explicitly confirmed four games for 2020, so this news was much needed to let early adopters know there are a lot more games on the way. Google also announced other updates rolling out to Stadia over the next three months, including 4K gaming on the web, support for more Android phones (it's currently only available on Google's Pixels), wireless gameplay on the web through the Stadia controller (you currently have to plug in a cable), and "further [Google] Assistant functionality" when playing Stadia through a browser. We're asking Google for more details -- and we're particularly curious whether any of the new exclusive games are the kind that are only possible with the power of the cloud. The company said in October that it's building out a few first-party studios to eventually make that a reality.

Bruce Schneier comments on the issues surrounding 5G security: [...] Keeping untrusted companies like Huawei out of Western infrastructure isn't enough to secure 5G. Neither is banning Chinese microchips, software, or programmers. Security vulnerabilities in the standards, the protocols and software for 5G, ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks. If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security. To be sure, there are significant security improvements in 5G over 4G in encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough. The 5G security problems are threefold.

First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it. Second, there's so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems. Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.

On Monday, members of the European Parliament (MEPs) discussed the idea of introducing "binding measures" that would require chargers that fit all mobile phones and portable electronic devices. The company that would be impacted most by this legislation would be Apple and its iPhone, which uses a Lightning cable while most new Android phones use USB-C ports for charging. ZDNet reports: The EU introduced the voluntary Radio Equipment Directive in 2014, but MEPs believe the effort fell short of the objectives. "The voluntary agreements between different industry players have not yielded the desired results," MEPs said. The proposed more stringent measures are aimed at reducing electronic waste, which is estimated to amount to 51,000 tons per year in old chargers.

Apple last year argued that regulations to standardize chargers for phones would "freeze innovation rather than encourage it" and it claimed the proposal was "bad for the environment and unnecessarily disruptive for customers." Noted Apple analyst Ming-Chi Kuo reckons Apple has a different idea in store: getting rid of the Lightning port and not replacing it with USB-C, which is a standard that Apple doesn't have complete control over. According to the analyst, Apple plans to remove the Lightning connector on a flagship iPhone to be released in 2021. Instead it would rely on wireless charging.

A Princeton University academic study found that five major US prepaid wireless carriers are vulnerable to SIM swapping attacks. From a report: A SIM swap is when an attacker calls a mobile provider and tricks the telco's staff into changing a victim's phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and gain access to sensitive online accounts, like email inboxes, e-banking portals, or cryptocurrency trading systems. All last year, Princeton academics spent their time testing five major US telco providers to see if they could trick call center employees into changing a user's phone number to another SIM without providing proper credentials. According to the research team, AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless were found to be using vulnerable procedures with their customer support centers, procedures that attackers could use to conduct SIM swapping attacks. In addition, the research team also looked at 140 online services and websites and analyzed on which of these attackers could employ a SIM swap to hijack a user's account. According to the research team, 17 of the 140 websites were found to be vulnerable.

An anonymous reader quotes a report from CNN: Verizon is changing the way it sells its internet and cable packages as customers are increasingly seeking ways to cut the costly cord. The company is eliminating bundles and contracts, Verizon announced Thursday. Instead, it will sell its Fios TV and internet services separately. Long-term contracts are also being trashed in favor of charging customers month-to-month. That is similar to how streaming services charge customers. Verizon is calling the new offers "Mix and Match on Fios." There are now three internet packages and five Fios TV packages. Notably, Verizon will continue selling Google's YouTube TV for $49.99 per month as a TV option under an agreement the two companies signed last year. A home telephone package will also be sold for $20 per month. The new bundle-free packages offer more price transparency for customers, Verizon claims. Not all surcharges are going away though. "Verizon will continue charging a $15 monthly fee for routers in some of its internet packages and a $12 set-top monthly fee in most of its Fios TV packages," the report adds. "But other fees it previously charged, including for regional sports networks, will now be included in the total Fios TV price."

Low-end smartphones sold to Americans with low-income via a government-subsidized program contain unremovable malware, security firm Malware bytes said today in a report. From a report: The smartphone model is Unimax (UMX) U686CL, a low-end Android-based smartphone made in China and sold by Assurance Wireless, a cell phone service provider part of the Virgin Mobile group. The telco sells cell phones part of Lifeline, a government program that subsidizes phone service for low-income Americans. "In late 2019, we saw several complaints in our support system from users with a government-issued phone reporting that some of its pre-installed apps were malicious," Malwarebytes said in a report published today. The company said it purchased a UMX U686CL smartphone and analyzed it to confirm the reports it was receiving.

An anonymous reader quotes a report from The Verge: Now that most smartphones don't have headphone jacks, there's no shortage of complaints about Bluetooth. This year at CES, the industry group in charge of defining the standard, the Bluetooth SIG, is introducing new features that should address some of them. Later this year, it will finalize new support for Bluetooth LE Audio, which is an umbrella term for a bunch of new features for Bluetooth devices. The new features include higher-quality audio, hearing aid support, broadcasting to many people, and working better with wireless earbuds. Unfortunately, as is the way with all industry specs, it will take some time for these features to make their way into consumer products. The old joke that "Bluetooth will be better next year" still holds true.

The feature that will likely affect the most people is the new "Low Complexity Communication Codec," or LC3. LC3 simultaneously reduces power consumption while increasing audio quality. Right now, the lowest common denominator for Bluetooth audio is the relatively old and relatively bad SBC codec, though many phones support Qualcomm's proprietary codec, AptX. In order to get SBC to sound good, you have to increase the bitrate, which increases power consumption. The Bluetooth SIG claims that, in its testing, users preferred the new LC3 codec, even at significantly lower bitrates. The group is also finally beefing up official support for Bluetooth hearing aids. It has worked in conjunction with a European hearing instrument association to ensure broad support in the coming years, including working with TVs and other devices. A new "broadcast" feature will theoretically allow an entire movie theater audience to use their Bluetooth headphones to tune in to the movie, although how exactly the pairing process would work is "TBD," the report says.

Bluetooth LE will natively support multistream audio, which "means wireless earbuds will be able to receive their own independent signal from a phone instead of having to communicate with each other," the report adds. "Multistream also will allow for easier sharing of Bluetooth audio among multiple users from the same source."

Sprint is officially pulling the plug on its decaying Virgin Mobile prepaid service and will transfer current customers to its Boost Mobile brand starting in February. From a report: The move doesn't come as a complete surprise as Sprint has long been pulling back marketing and distribution for the brand, most recently in October severing ties with Walmart as a distribution partner. Since then Virgin Mobile could only be purchased through an online portal, as Walmart was the last remaining brick-and-mortar sales channel, following earlier decisions in 2019 to pull the brand from Best Buy stores and Meijer. These moves were noticed by Jeffrey Moore at Wave7 Research, who previously predicted that Virgin Mobile was not long for this world. Back in November he told FierceWireless that it had been 31 months since Virgin Mobile had changed its rate card and the brand's press portal hadn't seen an update in 19 months.

Audio company Sonos has sued Google for allegedly copying its patented speaker technology while undercutting it at market. From a report: The New York Times reports that it filed two lawsuits covering five patents on its wireless speaker design. Sonos is also asking for a sales ban on Google's laptops, phones, and speakers in the US through a separate case with the International Trade Commission. Sonos claims that Google stole its multiroom speaker technology after getting access to it through a 2013 partnership. The original partnership would let Sonos speakers support Google Play Music, but the company allegedly used patented technology in its now-discontinued Chromecast Audio device, then continued to use it in the Google Home lineup of smart speakers and the Pixel product lineup. Meanwhile, Sonos says Google subsidized its own products to sell them at a cheaper price while using them to extract more data from buyers.