A group of U.S. states suing to block T-Mobile from merging with Sprint on Wednesday told a federal judge that the deal would violate antitrust laws and raise wireless prices for consumers. Reuters reports: The states filed a lawsuit in June to block the merger, saying it would harm low-income Americans in particular. T-Mobile and Sprint contend that the merger would enable the combined company to compete more effectively with dominant carriers Verizon and AT&T. U.S. District Court Judge Victor Marrero, who presided over a two-week trial last month in federal court in Manhattan, began hearing closing arguments in the case on Wednesday.

"I'm here speaking on behalf of 130 million consumers who live in these states," Glenn Pomerantz, a lawyer for the states, said at the outset of his argument. "If this merger goes forward, they're at risk for paying billions of dollars more every single year for those services." When T-Mobile majority shareholder Deutsche Telekom first contemplated the deal in 2010, it "expressly and unambiguously admitted that it had potential to reduce price competition," Pomerantz said. The states also emphasized that the carriers did not need a merger to introduce previous generations of wireless technology, and Pomerantz argued that T-Mobile would continue to acquire spectrum, or airwaves that carry data, from a variety of sources even if the merger was blocked.

Google said today that it's on track to bring more than 120 games to its cloud gaming service Stadia in 2020 and is planning to offer more than 10 Stadia-exclusive games for the first half of the year. From a report: That would be a pretty massive jump from the 26 games and one exclusive that are currently available, and all in a little more than a year after the service's launch, if those projections hold true. Previously, Google had only explicitly confirmed four games for 2020, so this news was much needed to let early adopters know there are a lot more games on the way. Google also announced other updates rolling out to Stadia over the next three months, including 4K gaming on the web, support for more Android phones (it's currently only available on Google's Pixels), wireless gameplay on the web through the Stadia controller (you currently have to plug in a cable), and "further [Google] Assistant functionality" when playing Stadia through a browser. We're asking Google for more details -- and we're particularly curious whether any of the new exclusive games are the kind that are only possible with the power of the cloud. The company said in October that it's building out a few first-party studios to eventually make that a reality.

Bruce Schneier comments on the issues surrounding 5G security: [...] Keeping untrusted companies like Huawei out of Western infrastructure isn't enough to secure 5G. Neither is banning Chinese microchips, software, or programmers. Security vulnerabilities in the standards, the protocols and software for 5G, ensure that vulnerabilities will remain, regardless of who provides the hardware and software. These insecurities are a result of market forces that prioritize costs over security and of governments, including the United States, that want to preserve the option of surveillance in 5G networks. If the United States is serious about tackling the national security threats related to an insecure 5G network, it needs to rethink the extent to which it values corporate profits and government espionage over security. To be sure, there are significant security improvements in 5G over 4G in encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough. The 5G security problems are threefold.

First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it. Second, there's so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems. Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.

On Monday, members of the European Parliament (MEPs) discussed the idea of introducing "binding measures" that would require chargers that fit all mobile phones and portable electronic devices. The company that would be impacted most by this legislation would be Apple and its iPhone, which uses a Lightning cable while most new Android phones use USB-C ports for charging. ZDNet reports: The EU introduced the voluntary Radio Equipment Directive in 2014, but MEPs believe the effort fell short of the objectives. "The voluntary agreements between different industry players have not yielded the desired results," MEPs said. The proposed more stringent measures are aimed at reducing electronic waste, which is estimated to amount to 51,000 tons per year in old chargers.

Apple last year argued that regulations to standardize chargers for phones would "freeze innovation rather than encourage it" and it claimed the proposal was "bad for the environment and unnecessarily disruptive for customers." Noted Apple analyst Ming-Chi Kuo reckons Apple has a different idea in store: getting rid of the Lightning port and not replacing it with USB-C, which is a standard that Apple doesn't have complete control over. According to the analyst, Apple plans to remove the Lightning connector on a flagship iPhone to be released in 2021. Instead it would rely on wireless charging.

A Princeton University academic study found that five major US prepaid wireless carriers are vulnerable to SIM swapping attacks. From a report: A SIM swap is when an attacker calls a mobile provider and tricks the telco's staff into changing a victim's phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and gain access to sensitive online accounts, like email inboxes, e-banking portals, or cryptocurrency trading systems. All last year, Princeton academics spent their time testing five major US telco providers to see if they could trick call center employees into changing a user's phone number to another SIM without providing proper credentials. According to the research team, AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless were found to be using vulnerable procedures with their customer support centers, procedures that attackers could use to conduct SIM swapping attacks. In addition, the research team also looked at 140 online services and websites and analyzed on which of these attackers could employ a SIM swap to hijack a user's account. According to the research team, 17 of the 140 websites were found to be vulnerable.

An anonymous reader quotes a report from CNN: Verizon is changing the way it sells its internet and cable packages as customers are increasingly seeking ways to cut the costly cord. The company is eliminating bundles and contracts, Verizon announced Thursday. Instead, it will sell its Fios TV and internet services separately. Long-term contracts are also being trashed in favor of charging customers month-to-month. That is similar to how streaming services charge customers. Verizon is calling the new offers "Mix and Match on Fios." There are now three internet packages and five Fios TV packages. Notably, Verizon will continue selling Google's YouTube TV for $49.99 per month as a TV option under an agreement the two companies signed last year. A home telephone package will also be sold for $20 per month. The new bundle-free packages offer more price transparency for customers, Verizon claims. Not all surcharges are going away though. "Verizon will continue charging a $15 monthly fee for routers in some of its internet packages and a $12 set-top monthly fee in most of its Fios TV packages," the report adds. "But other fees it previously charged, including for regional sports networks, will now be included in the total Fios TV price."

Low-end smartphones sold to Americans with low-income via a government-subsidized program contain unremovable malware, security firm Malware bytes said today in a report. From a report: The smartphone model is Unimax (UMX) U686CL, a low-end Android-based smartphone made in China and sold by Assurance Wireless, a cell phone service provider part of the Virgin Mobile group. The telco sells cell phones part of Lifeline, a government program that subsidizes phone service for low-income Americans. "In late 2019, we saw several complaints in our support system from users with a government-issued phone reporting that some of its pre-installed apps were malicious," Malwarebytes said in a report published today. The company said it purchased a UMX U686CL smartphone and analyzed it to confirm the reports it was receiving.

An anonymous reader quotes a report from The Verge: Now that most smartphones don't have headphone jacks, there's no shortage of complaints about Bluetooth. This year at CES, the industry group in charge of defining the standard, the Bluetooth SIG, is introducing new features that should address some of them. Later this year, it will finalize new support for Bluetooth LE Audio, which is an umbrella term for a bunch of new features for Bluetooth devices. The new features include higher-quality audio, hearing aid support, broadcasting to many people, and working better with wireless earbuds. Unfortunately, as is the way with all industry specs, it will take some time for these features to make their way into consumer products. The old joke that "Bluetooth will be better next year" still holds true.

The feature that will likely affect the most people is the new "Low Complexity Communication Codec," or LC3. LC3 simultaneously reduces power consumption while increasing audio quality. Right now, the lowest common denominator for Bluetooth audio is the relatively old and relatively bad SBC codec, though many phones support Qualcomm's proprietary codec, AptX. In order to get SBC to sound good, you have to increase the bitrate, which increases power consumption. The Bluetooth SIG claims that, in its testing, users preferred the new LC3 codec, even at significantly lower bitrates. The group is also finally beefing up official support for Bluetooth hearing aids. It has worked in conjunction with a European hearing instrument association to ensure broad support in the coming years, including working with TVs and other devices. A new "broadcast" feature will theoretically allow an entire movie theater audience to use their Bluetooth headphones to tune in to the movie, although how exactly the pairing process would work is "TBD," the report says.

Bluetooth LE will natively support multistream audio, which "means wireless earbuds will be able to receive their own independent signal from a phone instead of having to communicate with each other," the report adds. "Multistream also will allow for easier sharing of Bluetooth audio among multiple users from the same source."

Sprint is officially pulling the plug on its decaying Virgin Mobile prepaid service and will transfer current customers to its Boost Mobile brand starting in February. From a report: The move doesn't come as a complete surprise as Sprint has long been pulling back marketing and distribution for the brand, most recently in October severing ties with Walmart as a distribution partner. Since then Virgin Mobile could only be purchased through an online portal, as Walmart was the last remaining brick-and-mortar sales channel, following earlier decisions in 2019 to pull the brand from Best Buy stores and Meijer. These moves were noticed by Jeffrey Moore at Wave7 Research, who previously predicted that Virgin Mobile was not long for this world. Back in November he told FierceWireless that it had been 31 months since Virgin Mobile had changed its rate card and the brand's press portal hadn't seen an update in 19 months.

Audio company Sonos has sued Google for allegedly copying its patented speaker technology while undercutting it at market. From a report: The New York Times reports that it filed two lawsuits covering five patents on its wireless speaker design. Sonos is also asking for a sales ban on Google's laptops, phones, and speakers in the US through a separate case with the International Trade Commission. Sonos claims that Google stole its multiroom speaker technology after getting access to it through a 2013 partnership. The original partnership would let Sonos speakers support Google Play Music, but the company allegedly used patented technology in its now-discontinued Chromecast Audio device, then continued to use it in the Google Home lineup of smart speakers and the Pixel product lineup. Meanwhile, Sonos says Google subsidized its own products to sell them at a cheaper price while using them to extract more data from buyers.

Bluetooth will soon roll out some of its technology's biggest improvements in its nearly 20-year history. From a report: The new Bluetooth standard will be known as LE Audio and one of the biggest improvements it will include will be a feature called Multi-Stream Audio. Bluetooth is currently limited to streaming audio to just a single device. That's fine for portable speakers and headphones where both sides are connected with a wire, but for wireless earbuds, such as Apple's AirPods, your smartphone can actually only connect to one side. That earbud then has to forward the audio stream onto the one in your other ear, which requires some clever software tricks to ensure everything remains in sync. Multi-Stream Audio will solve that, as it will allow a single device, such as a smartphone, to stream flawlessly synced audio to multiple audio devices at the same time.

The most obvious benefit is that it will be much easier to make wireless earbuds work more reliably, without any audio lag issues. But the feature promises to also benefit those who want to use their wireless headphones with multiple devices at the same time, such as a tablet, phone, and a laptop, streamlining the process of switching between each audio source without having to go through an annoying disconnect/reconnect process each time. Bluetooth LE Audio will also make sharing a music stream with others possible. Users should be able to easily share audio from their smartphone with friends, as multiple sets of wireless headphones can be connected to a single source device at once, and each should receive the exact same audio stream in perfect sync with all the others. Further expanding on that idea is another new feature known as Broadcast Audio which allows a single audio source device to broadcast several audio streams to an unlimited number of wireless headphones, without any private pairing required.

"First they came for our headphone jacks. Now, they're taking our ports," writes CNET: Reliable Apple analyst Ming-Chi Kuo has reported that the company is gearing up to remove the Lightning connector from the flagship iPhone released in 2021... Kuo predicts that having a totally wireless phone will help differentiate the flagship iPhone from all other models in the lineup. Having no physical ports mean iPhones will have less moving parts and it can improve water resistance or make more room for a bigger battery...

We've also seen other rumors indicating that Apple may bundle AirPods with the new iPhones, which makes sense if we get a portless phone. Apple would not be the first to experiment with a portless phone: Other companies have shown off concepts, like the Vivo Apex from earlier in 2019.

The fight against annoying robocalls just got another boost. This week President Trump signed the Traced Act into law, giving government agencies and law enforcement officials more weapons to go after individuals and companies who break telephone consumer-protection laws. From a report: The bi-partisan legislation was previously approved by the House and Senate, respectively, earlier this month before arriving on the president's desk. Crafted by Sens. John Thune, a Republican from South Dakota, and Ed Markey, a Democrat from Massachusetts, among the act's features are an increase in penalties for those scammers who knowingly initiate illegal robocalls and the requirement that phone companies authenticate calls to determine if the number calling you is real. As part of a Federal Communications Commission push, major wireless carriers and home phone providers have been implementing a verification process known as STIR/SHAKEN throughout 2019 to authenticate calls and fight spammers. In addition to raising penalties and pushing for authentication, the bill also gives regulators like the FCC and the Federal Trade Commission four years to go after scammers, as opposed to the one-year statute of limitations that was previously in place.

Hundreds of thousands of American students are being tracked by their colleges to monitor attendance, analyze behavior and assess their mental health, the Washington Post reported this week. That article has now provoked some responses...

Jay Balan, chief security researcher at Bitdefender, told Gizmodo that the makers of the student-tracking apps should at least offer bug bounties and disclose their source code -- while rattling off easily foreseeable scenarios like the stalking of students. Gizmodo notes one app's privacy policy actually allows them to "collect or infer" students' approximate location -- even when students have turned off location tracking -- and allows third parties to "set and access their own tracking technologies on your devices."

And cypherpunk Lance R. Vick tweeted in response to the article, "If you are at one of these schools asking you to install apps on your phone to track you, hit me up for some totally hypothetical academic ideas..."

Gizmodo took him up on his offer -- and here's a bit of what he said: Students could reverse engineer the app to develop their own app beacon emulators to tell the tracking beacons that all students are present all the time. They could also perhaps deploy their own rogue tracking beacons to publish the anonymised attendance data for all students to show which teachers are the most boring as evidenced by lack of attendance. If one was hypothetically in an area without laws against harmful radio interference (like outside the U.S.) they could use one of many devices on the market to disrupt all Bluetooth communications in a target area so no one gets tracked... If nothing else, you could potentially just find a call in the API that takes a bit longer to come back than the rest. This tells you it takes some amount of processing on their side. What happens if you run that call a thousand times a second? Or only call it partway over and over again? This often brings poorly designed web services to a halt very quickly...

Assuming explorations on the endpoints like the phone app or beacon firmware fail you could still potentially learn useful information exploring the wireless traffic itself using popular SDR tools like a HackRF, Ubertooth, BladeRF. Here you potentially see how often they transmit, what lives in each packet, and how you might convert your own devices, perhaps a Raspberry Pi with a USB Bluetooth dongle, to be a beacon of your own.

Anyone doing this sort of thing should check their local and federal laws and approach it with caution. But these exact sorts of situations can, for some, be the start of a different type of education path -- a path into security research. Bypassing annoying digital restrictions at colleges was a part of how I got my start, so maybe a new generation can do similar. :)
Gizmodo calls his remarks "hypothetical hacking that you (a student with a bright future who doesn't want any trouble) should probably not do because you might be breaking the law."

But then how should students respond to their school's surveillance systems?

An anonymous reader quotes a report from Ars Technica: Federal regulators that want to let T-Mobile complete its acquisition of rival wireless carrier Sprint are pushing back on a collective effort by some states to block the deal. The $26 billion transaction was subject to federal approval by both the Department of Justice and the Federal Communications Commission. The agencies both blessed the deal, with the DOJ reaching a settlement in July and the FCC granting a green light in October. The deal also requires approval by regulators in several states, however. While about a dozen have in some way approved the deal or signaled support for the federal settlements, attorneys general representing 13 states and the District of Columbia filed suit to block the merger.

The FCC and DOJ on Friday submitted a filing [400-page PDF] in that case arguing that the deal is in the best interest of the U.S., and any nationwide injunction holding up the merger would block "substantial, long-term, and procompetitive benefits for American consumers." The argument, in large part, boils down to: trust us, we're the experts. "Both the Antitrust Division and the FCC have significant experience and expertise in analyzing these types of transactions and do so from a nationwide perspective," the agencies write. "Thus, their conclusions that the merger as remedied is in the public interest deserve appropriate weight in this remedy inquiry by this honorable court."

"We're at a turning point for driving surveillance," reports the Washington Post (in an article shared by long-time Slashdot reader davidwr ). "In the 2020 model year, most new cars sold in the United States will come with built-in Internet connections, including 100 percent of Fords, GMs and BMWs and all but one model Toyota and Volkswagen."

Often included for free (or sold as an add-on), these connections mean "Cars are becoming smartphones on wheels," collecting and sending data "pretty much wherever their makers want. Some brands even reserve the right to use the data to track you down if you don't pay your bills...." On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone's ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection... Modern vehicles don't just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car... Most hide what they're collecting and sharing behind privacy policies written in the kind of language only a lawyer's mother could love...

The Tesla Model 3 can collect video snippets from the car's many cameras. Coming next: face data, used to personalize the vehicle and track driver attention... Coming 5G cellular networks promise to link cars to the Internet with ultra-fast, ultra-high-capacity connections. As wireless connections get cheaper and data becomes more valuable, anything the car knows about you is fair game. GM's view, echoed by many other automakers, is that we gave them permission for all of this...

Five years ago, 20 automakers signed on to volunteer privacy standards, pledging to "provide customers with clear, meaningful information about the types of information collected and how it is used," as well as "ways for customers to manage their data." But when I called eight of the largest automakers, not even one offered a dashboard for customers to look at, download and control their data.... GM's privacy policy, which the company says it will update before the end of 2019, says it may "use anonymized information or share it with third parties for any legitimate business purpose." Such as whom? "The details of those third-party relationships are confidential," said GM spokesman David Caldwell.

There are more questions. GM's privacy policy says it will comply with legal data demands. How often does it share our data with the government? GM doesn't offer a transparency report like tech companies do....
GM said "much" of their data can't be linked to a specific person, though the Post adds that "there were clues to what more GM knows on its website and app. It offers a Smart Driver score -- a measure of good driving -- based on how hard you brake and turn, and how often you drive late at night."

Meanwhile, the Post also reports that OnStar's privacy policy lets them keep the data they collect "pretty much forever... At least smartphone apps like Google Maps let you turn off and delete location history."

Car and Driver noted that the Post's reporter even found photos of his phone's contacts, concluding "Your car is collecting and transmitting a lot more data than you think." In 2017, the U.S. Government Accountability Office looked at automakers and their data privacy policies and found that the 13 car companies it looked at are not exactly using best practices. For example, while the automakers say they obtain "explicit consumer consent before collecting data," the GAO says they "offered few options besides opting out of all connected vehicle services to consumers who did not want to share their data."

Apple has a secret team working on satellites and related wireless technology, striving to find new ways to beam data such as internet connectivity directly to its devices, Bloomberg reported Friday, citing people familiar with the work. From a report: The Cupertino, California-based iPhone maker has about a dozen engineers from the aerospace, satellite and antenna design industries working on the project with the goal of deploying their results within five years, said the people, who asked not to be identified discussing internal company efforts. Work on the project is still early and could be abandoned, the people said, and a clear direction and use for satellites hasn't been finalized. Still, Apple Chief Executive Officer Tim Cook has shown interest in the project, indicating it's a company priority. Apple's work on communications satellites and next-generation wireless technology means the aim is likely to beam data to a user's device, potentially mitigating the dependence on wireless carriers, or for linking devices together without a traditional network. Apple could also be exploring satellites for more precise location tracking for its devices, enabling improved maps and new features.

There are real concerns about the way 5G is being deployed in the US, including security issues, the potential to interfere with weather forecasting systems, and the FCC steamrolling local regulators in the name of accelerating the 5G rollout. But concerns over the potential health impacts of 5G are overblown. From a report: If you weren't worried about prior generations of cellular service causing cancer, 5G doesn't produce much new to worry about. And you probably didn't need to be worried before. Few 5G services will use higher frequencies in the near term, and there's little reason to think these frequencies are any more harmful than other types of electromagnetic radiation such as visible light. Most concerns about health impacts from 5G stem from millimeter-wave technology, high-frequency radio waves that are supposed to deliver much faster speeds. The catch is that millimeter-wave transmissions are far less reliable at long distances than transmissions using the lower frequencies that mobile carriers have traditionally used. To provide reliable, ubiquitous 5G service over millimeter-wave frequencies, carriers will need a larger number of smaller access points.

That's led to two fears: That the effects of millimeter-wave signals might be more dangerous than traditional frequencies; and that the larger number of access points, some potentially much closer to people's homes, might expose people to more radiation than 4G services. But millimeter waves aren't the only, or even the main, way that carriers will deliver 5G service. T-Mobile offers the most widespread 5G service available today. But it uses a band of low frequencies originally used for broadcast television. Sprint, meanwhile, repurposed some of the "mid-band" spectrum it uses for 4G to provide 5G. Verizon and AT&T both offer millimeter-wave-based services, but they're only available in a handful of locations. The wireless industry is focused more on using mid- and low-band frequencies for 5G, because deploying a massive number of millimeter-wave access points will be time-consuming and expensive. In other words, 5G will continue using the same radio frequencies that have been used for decades for broadcast radio and television, satellite communications, mobile services, Wi-Fi, and Bluetooth.

Google, Amazon, Apple, and other technology companies have teamed up to develop a smart home connectivity standard that makes it easier for software and devices to play ball across the smart home ecosystem. From a report: Connected Home Over IP, as the new working group is called, will be spearheaded by the Zigbee Alliance, a group of companies that develop and maintain the ZigBee standard, which enables close-proximity devices (e.g light switches, smart speakers, locks) to talk to each other in the home. Smart home devices can use any number of protocols, such as Bluetooth, Wi-Fi, Wireless USB, Z-Wave, and ZigBee. Google also develops two open source protocols -- called Weave and Thread. All of these various protocols have inherent benefits and may appeal to equipment manufacturers and IoT system makers for different reasons, but manufacturers have to invest considerable resources to ensure their devices will work with all the others. So the working group is setting out to achieve a common standard for the smart home, based on internet protocol (IP).

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission is giving $87.1 million in rural-broadband funding to satellite operator Viasat to help the company lower prices and raise data caps. The FCC's Connect America Fund generally pays ISPs to expand their networks into rural areas that lack decent home Internet access. Viasat's satellite service already provides coverage of 98 percent of the US population in 50 states, so it doesn't need government funding to expand its network the same way that wireline operators do. But Viasat will use the money to offer Internet service "at lower cost to consumers, while also permitting higher usage allowances, than it typically provides in areas where it is not receiving Connect America Fund support," the FCC said in its announcement yesterday.

Viasat's $87.1 million is to be used over the next 10 years "to offer service to more than 121,700 remote and rural homes and businesses in 17 states." Viasat must provide speeds of at least 25Mbps for downloads and 3Mbps for uploads. While the funding for Viasat could certainly improve access for some people, the project helps illustrate how dire the broadband shortage is in rural parts of many states. Viasat's service is generally a last-ditch option for people in areas where there's no fiber or cable and where DSL isn't good enough to provide a reasonably fast and stable connection. Viasat customers have to pay high prices for slow speeds and onerous data limits. A Viasat spokesperson wouldn't comment on what prices and data caps will be applied to the company's FCC-subsidized plans. Viasat said it will provide the required 25Mbps service "along with an evolving usage allowance, and at FCC-defined prices, to certain areas, where we will be subject to a new range of federal and state regulations."