An anonymous reader quotes a report from Ars Technica: A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light. Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means. Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Microsoft has announced an agreement with Native Network to provide broadband internet access to nearly 73,500 people without service in rural communities in Montana and Washington. Great Falls Tribune reports: This is part of the Microsoft Airband Initiative, which aims to extend broadband access to 2 million people in unserved portions of rural America by July 4, 2022, officials said. Unused parts of the broadcast spectrum are used to help rural communities access the internet. Through the partnership, Native Network will provide affordable hybrid fixed wireless broadband internet access, including TV White Spaces, to tribes within Flathead Reservation in Montana as well as Lummi Nation and Swinomish Tribe in Washington. It will come to rural Americans through commercial partnerships and investment in digital skills training for people. Proceeds from Airband connectivity projects will be reinvested into the program to expand broadband to more rural areas, officials said. "Broadband is the electricity of the 21st century and is critical for farmers, small business owners, health care practitioners, educators and students to thrive in today's digital economy," Microsoft President Brad Smith said in a news release. "We are excited about the partnership with Native Network which will help close the digital divide in rural Montana and Washington, bringing access to approximately 73,500 people within and around the tribal communities."

An anonymous reader quotes a report from Fortune: Sprint has been slowing traffic to Microsoft's internet-based video chat service Skype, according to new findings from an ongoing study by Northeastern University and the University of Massachusetts. Among leading U.S. carriers, Sprint was the only one to throttle Skype, the study found. The throttling was detected in 34 percent of 1,968 full tests -- defined as those in which a user ran two tests in a row -- conducted between Jan. 18 and Oct. 15. It happened regularly, and was spread geographically across the U.S. Android phone users were more affected than owners of Apple Inc.'s iPhones. The finding is particularly troubling because Skype relies on Sprint's wireless internet network, but the app also provides a communication tool that competes with Sprint's calling services, the researcher added. "If you are a telephony provider and you provide IP services over that network, then you shouldn't be able to limit the service offered by another telephony provider that runs over the internet," David Choffnes, one of the researchers who developed the app used to conduct the survey, said. "From a pure common sense competition view, it seems directly anti-competitive."

Apple is not in talks "at any level" to settle its wide-ranging legal dispute with mobile chip maker Qualcomm, Reuters reported Wednesday, citing a source familiar with the matter. From the report: In the past, Apple used Qualcomm's modem chips in its flagship iPhone models to help them connect to wireless data networks. But early last year, Apple sued Qualcomm in federal court in San Diego, alleging that the chip company's practice of taking a cut of the selling price of phones as a patent license fee was illegal. The case is to go to trial early next year and has spawned related legal actions in other courts around the world. In July, Qualcomm's chief executive, Steve Mollenkopf, told investors on the company's quarterly earnings call that the two companies were in talks to resolve the litigation.

FCC Chairman Ajit Pai on Monday wrote the chief executives of major telephone service providers and other companies, demanding they launch a system no later than 2019 to combat billions of "robocalls" and other nuisance calls received by American consumers. Reuters reports: In May, Pai called on companies to adopt an industry-developed "call authentication system" or standard for the cryptographic signing of telephone calls aimed at ending the use of illegitimate spoofed numbers from the telephone system. Monday's letters seek answers by Nov. 19 on the status of those efforts.

The letters went to 13 companies including AT&T, Verizon, T-Mobile, Alphabet, Comcast, Cox, Sprint, CenturyLink, Charter, Bandwith and others. Pai's letters raised concerns about some companies current efforts including Sprint, CenturyLink, Charter, Vonage, Telephone and Data Systems and its U.S. Celullar unit and Frontier. The letters to those firms said they do "not yet have concrete plans to implement a robust call authentication framework," citing FCC staff. The authentication framework "digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it," the FCC said.

An anonymous reader quotes a report from The Washington Post: For the last few weeks, I've been performing the same battery test over and over again on 13 phones. With a few notable exceptions, this year's top models underperformed last year's. The new iPhone XS died 21 minutes earlier than last year's iPhone X. Google's Pixel 3 lasted nearly an hour and a half less than its Pixel 2. Phone makers tout all sorts of tricks to boost battery life, including more-efficient processors, low-power modes and artificial intelligence to manage app drain. Yet my results, and tests by other reviewers I spoke with, reveal an open secret in the industry: the lithium-ion batteries in smartphones are hitting an inflection point where they simply can't keep up.

"Batteries improve at a very slow pace, about 5 percent per year," says Nadim Maluf, the CEO of a Silicon Valley firm called Qnovo that helps optimize batteries. "But phone power consumption is growing up faster than 5 percent." Blame it on the demands of high-resolution screens, more complicated apps and, most of all, our seeming inability to put the darn phone down. Lithium-ion batteries, for all their rechargeable wonder, also have some physical limitations, including capacity that declines over time -- and the risk of explosion if they're damaged or improperly disposed. And the phone power situation is likely about to get worse. New ultrafast wireless technology called 5G, coming to the U.S. neighborhoods soon, will make even greater demands on our beleaguered batteries. If you want a smartphone that excels in battery life, you pretty much have two options: Samsung's Galaxy Note 9 and Apple's iPhone XR. According to The Washington Post's tests, the iPhone XR and Note 9 topped the list with times of 12:25 and 12:00, respectively.

Fast Company reports that Apple is working on a 5G iPhone that will come to market in 2020, according to a source familiar with the matter. From the report: Apple plans to use Intel's 8161 5G modem chip in its 2020 phones. Intel hopes to fabricate the 8161 using its 10-nanometer process, which increases transistor density for more speed and efficiency. If everything goes as planned, Intel will be the sole provider of iPhone modems. Intel has been working on a precursor to the 8161 called the 8060, which will be used for prototyping and testing the 5G iPhone.

Apple, our source says, has been unhappy with Intel lately. The most likely reason relates to the challenge of solving heat dissipation issues caused by the 8060 modem chip. Many wireless carriers, including Verizon and AT&T in the U.S., will initially rely on millimeter-wave spectrum (between 28 gigahertz and 39 Ghz) to connect the first 5G phones. But millimeter-wave signal requires some heavy lifting from the modem chips and RF chains, our source explains. This causes the release of higher-than-normal levels of thermal energy inside the phone -- so much so that the heat can be felt on the outside of the phone. The problem also affects battery life. The alternative is for Apple to source its modems from Qualcomm, but Fast Company's source "says Apple's current issues with Intel are not serious enough to cause Apple to reopen conversations with Qualcomm." Also, Qualcomm's X50 modem has heat dissipation issues of its own. MediaTek is reportedly a distant "Plan B."

iRobot and Google are looking for ways to integrate the Roomba-maker's home maps with Google Assistant to extend instructions to other gadgets. "The collaboration centers on iRobot's Roomba i7+ vacuum models' ability to map home floor plans and remember room names," notes TechCrunch. From the report: As it is, Google Home users or anyone with Google Assistant can give a voice command like, "Hey Google, clean the kitchen," and a Roomba carries out the task. The integration supports the task across multiple rooms that have been assigned a name, such as the bedroom, living room, and other named areas. According to iRobot, the home-mapping data could also be used to make it easier to set up new smart home gadgets and create new ways to automate the home.

In a statement to The Verge, Google said iRobot's maps could help locate wifi-connected lights and automatically assign names and locations to them within the house. Google stressed that Assistant only learns the names people have given to areas in the home so it can then instruct Roomba i7+ to go to that area. Google doesn't receive information about the layout of the home. Colin Angle, chairman and CEO of iRobot, told the publication that the partnership could help users in future tell Assistant to control other smart home gadgets using the same naming and location information used by the Roomba.

Two new zero-day vulnerabilities called "Bleeding Bit" have been revealed by security firm Armis, impacting Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki, and Aruba wireless access points (APs). "Developed by Texas Instruments (TI), the vulnerable BLE chips are used by roughly 70 to 80 percent of business wireless access points today by way of Cisco, Meraki and Aruba products," reports ZDNet. From the report: The first vulnerability, CVE-2018-16986, impacts Cisco and Meraki APs using TI BLE chips. Attacks can remotely send multiple benign BLE broadcast messages, called "advertising packets," which are stored on the memory of the vulnerable chip. As long as a target device's BLE is turned on, these packets -- which contain hidden malicious code to be invoked later on -- can be used together with an overflow packet to trigger an overflow of critical memory. If exploited, attackers are able to trigger memory corruption in the chip's BLE stack, creating a scenario in which the threat actor is able to access an operating system and hijack devices, create a backdoor, and remotely execute malicious code.

The second vulnerability, CVE-2018-7080, is present in the over-the-air firmware download (OAD) feature of TI chips used in Aruba Wi-Fi access point Series 300 systems. The vulnerability is technically a leftover development backdoor tool. This oversight, the failure to remove such a powerful development tool, could permit attackers to compromise the system by gaining a foothold into a vulnerable access point. "It allows an attacker to access and install a completely new and different version of the firmware -- effectively rewriting the operating system of the device," the company says. "The OAD feature doesn't offer a security mechanism that differentiates a "good" or trusted firmware update from a potentially malicious update."

Security researchers at UpGuard discovered that a Washington-based ISP called Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months. "Said bucket, named 'pinapp2,' contained the 'keys to the kingdom,' according to the security firm, including internal network diagramming, network hardware configuration photos, details and inventory lists -- as well as lists of plain text passwords and AWS secret keys for Pocket iNet employees," reports Motherboard. From the report: Upguard says the firm contacted Pocket iNet on October 11 of this year, the same day the exposed bucket was discovered, but the ISP took an additional week before the data was adequately secured. "Seven days passed before Pocket iNet finally secured the exposure," noted the firm. "Due to the severity of this exposure, UpGuard expended significant effort during those seven days, repeatedly contacting Pocket iNet and relevant regulators, including using contact information found within the exposed dataset."

According to UpGuard, the list of plain text passwords was particularly problematic, given it provided root admin access to the ISP's firewalls, core routers and switches, servers, and wireless access points. "Documents containing long lists of administrative passwords may be convenient for operations, but they create single points of total risk, where the compromise of one document can have severe and extensive effects throughout the entire business," noted UpGuard. "If such documents must exist, they should be strongly encrypted and stored in a known secure location," said the firm. "Unfortunately, a single folder of PocketiNet's network operation historical data (non-customer) was publicly accessible to Amazon administrative users," the ISP said in a statement to Motherboard. "It has since been secured."

An anonymous reader quotes a report from Ars Technica: Google's Pixel 3 smartphone is shipping out to the masses, and people hoping to take advantage of the new Qi wireless charging capabilities have run into a big surprise. For some unexplained reason, Google is locking out third-party Qi chargers from reaching the highest charging speeds on the Pixel 3. Third-party chargers are capped to a pokey 5W charging speed. If you want 10 watts of wireless charging, Google hopes you will invest in its outrageously priced Pixel Stand, which is $79.

Android Police reports that a reader purchased an Anker wireless charger for their Pixel 3, and, after noticing the slow charging speed, this person contacted the company. Anker confirmed that something screwy was going on with Google's charging support, saying "Pixel sets a limitation for third-party charging accessories and we are afraid that even our fast wireless charger can only provide 5W for these 2x devices." Normally we would chalk this up to some kind of bug, but apparently Google told Android Police that this was on purpose. The site doesn't have a direct quote, but it writes that, after reaching out to Google PR, it was "told that the Pixel 3 would charge at 10W on the Pixel Stand [and that] due to a 'secure handshake' being established that third-party chargers would indeed be limited to 5W." In an update, Google said the reason has to do with the "proprietary wireless charging technology" it has via its Pixel Stand and other select wireless chargers. The Pixel 3 only supports 5W Qi charging; "Google's 10W proprietary wireless charging technology" is what will allow the phone to charge at faster speeds.

"Google says it is 'certifying' chargers for the Pixel 3 via the 'Made for Google' program and pointed us to one such device, a Belkin charger called the 'Boost Up Wireless Charging Pad 10W for Pixel 3 and Pixel 3 XL,'" reports Ars Technica. "Belkin's description is very enlightening, saying 'Made with the Google Pixel 3 and Pixel 3 XL in mind, this wireless charging pad uses Google's 10W proprietary wireless charging technology. It's certified for Pixel, so you know that the BOOST UP Wireless Charging pad has been made specifically for your Pixel 3 and meets Google's high product standards.'"

Mozilla is reportedly preparing to offer a VPN service for Firefox users to help protect them when surfing the web. According to Trusted Reviews, Mozilla has partnered with the ProtonVPN service, "with a new notification piping-up when the browser detects an unsecured connection, or in a scenario when VPN might be preferable to users." From the report: However, it appears Firefox users will have to pay for the privilege. Austrian site Soeren-hentzschel reports the premium VPN service will be $10 a month, which is what ProtonVPN charges its users. Users will receive a "Firefox Recommends" pop-up when browsing an unsecured wireless network. The pop-up says the VPN service will provide a "private and secure' internet connection. According to the reports, a subset of Firefox 62 users in the United States will begin receiving the pop-up from today. Mozilla will reportedly get a cut of any subscription fee handed over by users to access the VPN service. MSPowerUser points out that this will be the first advertised service that costs money for Firefox users.

sharkbiter shares a report from Ars Technica: The Federal Communications Commission chairman slammed wireless carriers on Tuesday for failing to quickly restore phone service in Florida after Hurricane Michael, calling the delay "completely unacceptable." But FCC Chairman Ajit Pai's statement ignored his agency's deregulatory blitz that left consumers without protections designed to ensure restoration of service after disasters, according to longtime telecom attorney and consumer advocate Harold Feld.

The Obama-era FCC wrote new regulations to protect consumers after Verizon tried to avoid rebuilding wireline phone infrastructure in Fire Island, New York, after Hurricane Sandy hit the area in October 2012. But Pai repealed those rules, claiming that they prevented carriers from upgrading old copper networks to fiber. Pai's repeal order makes zero mentions of Fire Island and makes reference to Verizon's response to Hurricane Sandy only once, in a footnote. Among other things, the November 2017 FCC action eliminated a requirement that telcos turning off copper networks must provide Americans with service at least as good as those old copper networks. This change lets carriers replace wireline service with mobile service only, even if the new mobile option wouldn't pass a "functional test" that Pai's FCC eliminated. Additionally, "in June 2018, Chairman Pai further deregulated telephone providers to make it easier to discontinue service after a natural disaster," Feld wrote. In response to Pai's deregulation, Feld wrote: "The situation in Florida shows what happens when regulators abandon their responsibilities to protect the public based on unenforceable promises from companies eager to cut costs for maintenance and emergency preparedness. This should be a wake-up call for the 37 states that have eliminated traditional oversight of telecommunications services and those states considering similar deregulation: critical communications services cannot be left without some kind of public oversight."

An anonymous reader quotes a report from Reuters: Five industry groups representing major internet providers and cable companies filed suit on Thursday seeking to block a Vermont law barring companies that do not abide by net neutrality rules from receiving state contracts. The lawsuit was filed in U.S. District Court in Vermont by groups representing major providers like AT&T, Comcast and Verizon. It followed a lawsuit by four of the groups earlier this month challenging a much broader California law mandating providers abide by net neutrality rules.

The trade associations are also challenging an executive order on the issue signed by Vermont Governor Phil Scott. The Vermont lawsuit was filed by the American Cable Association; CTIA -- The Wireless Association; NCTA -- The Internet & Television Association; USTelecom -- The Broadband Association and the New England Cable & Telecommunications Association. The lawsuit argues that states cannot regulate "indirectly through their spending, procurement, or other commercial powers what they are forbidden from regulating directly."

"Qualcomm is launching a family of chips that can add incredibly high-speed Wi-Fi -- at speeds up to 10 gigabits per second -- to phones, laptops, routers, and so on," reports The Verge. The Wi-Fi standard used for something like replacing a virtual reality headset's data cable with a high-speed wireless link is being updated. Qualcomm's latest chips improve a wireless technology called WiGig, which relies on a connection standard known as 802.11ad, which can hit speeds up to 5 gigabits per second over close to 10 meters. The new generation of that wireless standard, called 802.11ay, can reach speeds twice as fast, and can do so up to 100 meters away, according to Dino Bekis, the head of Qualcomm's mobile and compute connectivity group. The Wi-Fi Alliance says the new standard "increases the peak data rates of WiGig and improves spectrum efficiency and reduces latency." From the report: So why not just use this as normal Wi-Fi, given how fast it gets? Because that range is only line-of-sight -- when there's literally nothing in the way between the transmitter and the receiver. This high-speed Wi-Fi is based on millimeter wave radio waves in the 60GHz range. That means it's really fast, but also that it has a very difficult time penetrating obstacles, like a wall. That's a problem if you want a general purpose wireless technology. That's why 802.11ay, like 802.11ad before it, is being used as an optional add-on to existing Wi-Fi technology. If you're one of the people who has a need for these extreme wireless speeds, then maybe you'll find a use for it. Just keep in mind, you'll probably need to keep your router and the device receiving these high speeds in the same room in order for it to work, due to the whole "walls" issue. WiGig will also be competing with 5G, as it offers "similarly fast speeds over similarly limited distances," reports The Verge. "[T]he two standards may be competing as an option for delivering internet from a tower to a home -- that's what Facebook's Terragraph is doing with WiGig, and it's what Verizon is doing with 5G."

Huawei's new Mate 20 Pro has a massive screen, three cameras on the back and a fingerprint scanner embedded in the display. From a report: The new top-end phone from the Chinese firm aims to secure its place at the top of the market alongside Samsung, having recently beaten Apple to become the second-largest smartphone manufacturer in August. The Mate 20 Pro follows Huawei's tried and trusted format for its Mate series: a huge 6.39in QHD+ OLED screen, big 4,200mAh battery and powerful new Huawei Kirin 980 processor -- Huawei's first to be produced at 7 nanometres, matching Apple's latest A12 chip in the 2018 iPhones.

New for this year is an infrared 3D facial recognition system, similar to that used by Apple for its Face ID in the iPhone XS, and one of the first fingerprint scanners embedded in the screen that is widely available in the UK, removing the need for a fingerprint scanner on the back or a chin on the front. The Mate 20 Pro is water resistant to IP68 standards and has a sleek new design reminiscent of Samsung's S-series phones, with curved glass on the front and back. The back also has an new pattern etched into the glass, which is smooth to the touch but ridged when running your nail over it.

On the back is a new version of Huawei's award-winning triple camera system using a 40-megapixel standard camera, an 8-megapixel telephoto camera with a 3x optical zoom and new for this year is a 20-megapixel ultra-wide angle camera, replacing the monochrome sensor used on the P20 Pro. The Mate 20 Pro runs EMUI 9, which is based on Android 9 Pie. The variant with 6GB of RAM and 128GB of storage is available for 899 Euro starting today.

New submitter JustChapman writes: Local Dallas/Fort Worth WFAA is reporting a major outage of AT&T U-Verse fiber internet, due to a lightening strike at a switching facility in Richardson, TX. Apparently the strike took out primary and secondary power systems, setting fire to the building. One commenter states a representative allegedly said that 1.5 million customers are currently without service.

An anonymous reader quotes a report from ZDNet: A Russian-speaking grey-hat hacker is breaking into people's MikroTik routers and patching devices so they can't be abused by cryptojackers, botnet herders, or other cyber-criminals, ZDNet has learned. The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already. "I added firewall rules that blocked access to the router from outside the local network," Alexey said. "In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions." But despite adjusting firewall settings for over 100,000 users, Alexey says that only 50 users reached out via Telegram. A few said "thanks," but most were outraged. The vigilante server administrator says he's been only fixing routers that have not been patched by their owners against a MikroTik vulnerability that came to light in late April.

Last November, Razer unveiled a smartphone designed for gamers who value performance and power over bells and whistles like waterproofing and wireless charging. At an event Wednesday night, Razer took the wraps off its successor, aptly named Razer Phone 2, which sports a brighter, notch-less, 5.72-inch IGZO LCD display with a 2560x1440 resolution and HDR, wireless charging, IP67 water- and dust-resistance rating, and RGB lighting behind the Razer logo on the rear. Given the addition of waterproofing and wireless charging, the Razer Phone 2 appears to be much more well-rounded than its predecessor, making the decision all the more difficult when shopping for a premium, high-end smartphone. AnandTech reports: This display is rated at 645 nits peak, up to 50% higher than the previous Razer Phone, and also supports HDR. Razer states that the display also has wide color gamut, which turns out to be 98.4% of DCI-P3. Also on the front, it has two front facing speakers in identical positions to the previous generation, and it has a front facing camera and sensor (albeit with swapped positions). That front camera is an 8MP f/2.0 unit, capable of recording at 1080p60, a user-requested feature for streaming and selfie recording. The front of the device is Corning Gorilla Glass 5, an upgrade from GG3 in the last generation.

When we move to the rear, things change much more noticeably. Instead of the aluminum rear, Razer has a full Gorilla Glass 5 back, which helps enable Qi Wireless Charging, a much requested feature. This is alongside QuickCharge 4+ through a Type-C cable. On the rear we have the dual cameras, this time placed in the center just above the logo. This time around Razer has gone with a 20MP Sony IMX363 f/1.75 main camera with OIS, and an 8MP Sony IMX 351 f/2.6 telephoto camera to enable some extra zoom functionality. Below the cameras is the Razer logo, which has a full 16.8million color RGB LED underneath which users can adjust through the onboard Chroma software. The Razer Phone 2 is still very much power-focused, as it features Qualcomm's latest Snapdragon 845 CPU with a "vapor chamber cooling" which can allow the phone to draw 20-30% more power than other flagships. There's 8GB of LPDDR4X memory, 64GB of UFS storage with support for a microSD card, and a whopping 4,000mAh. Razer says their new smartphone will be priced at $799 and will start shipping in mid-November.