U.S. wireless carriers have long said they may slow video traffic on their networks to avoid congestion and bottlenecks. But new research shows the throttling happens pretty much everywhere all the time. From a report: Researchers from Northeastern University and University of Massachusetts Amherst conducted more than 650,000 tests in the U.S. and found that from early 2018 to early 2019, AT&T throttled Netflix 70% of the time and Google's YouTube service 74% of the time. But AT&T didn't slow down Amazon's Prime Video at all. T-Mobile throttled Amazon Prime Video in about 51% of the tests, but didn't throttle Skype and barely touched Vimeo, the researchers say in a paper [PDF] to be presented at an industry conference this week.

Alphabet' Google has shut down a service it provided to wireless carriers globally that showed them weak spots in their network coverage, Reuters reported Monday, citing people familiar with the matter, because of Google's concerns that sharing data from users of its Android phone system might attract the scrutiny of users and regulators. From the report: The withdrawal of the service, which has not been previously reported, has disappointed wireless carriers that used the data as part of their decision-making process on where to extend or upgrade their coverage. Even though the data were anonymous and the sharing of it has become commonplace, Google's move illustrates how concerned the company has become about drawing attention amid a heightened focus in much of the world on data privacy. Google's Mobile Network Insights service, which had launched in March 2017, was essentially a map showing carriers signal strengths and connection speeds they were delivering in each area. The service was provided free to carriers and vendors that helped them manage operations. The data came from devices running Google's Android operating system, which is on about 75% of the world's smartphones, making it a valuable resource for the industry. [...] Nevertheless, Google shut down the service in April due to concerns about data privacy, four people with direct knowledge of the matter told Reuters. Some of them said secondary reasons likely included challenges ensuring data quality and connectivity upgrades among carriers being slow to materialize.

A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors. The Security Ledger reports: "Nobody is trying," said Sarah Zatko, the Chief Scientist at the Cyber Independent Testing Lab (CITL), a non-profit organization that conducts independent tests of software security. "We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products," she said. The CITL study surveyed firmware from 18 vendors including ASUS, D-link, Linksys, NETGEAR, Ubiquiti and others. In all, more than 6,000 firmware versions were analyzed, totaling close to 3 million binaries created from 2003 to 2018. It is the first longitudinal study of IoT software safety, according to Zatko. CITL researchers studied publicly available firmware images and evaluated them for the presence of standard security features such as the use of non-executable stacks, Address Space Layout Randomization (ASLR) and stack guards, which prevent buffer overflow attacks.

The results were not encouraging. Time and again, firmware from commonly used manufacturers failed to implement basic security features even when researchers studied the most recent versions of the firmware. For example: firmware for the ASUS RT-AC55U wifi router did not employ ASLR or stack guards to protect against buffer overflow attacks. Nor did it employ a non-executable stack to protect against "stack smashing," another variety of overflow attack. CITL found the same was true of firmware for Ubiquiti's UAP AC PRO wireless access points, as well as DLink's DWL-6600 access point. Router firmware by vendors like Linksys and NETGEAR performed only slightly better on CITL's assessment. CITL researchers also "found no clear progress in any protection category over time," reports The Security Ledger. "Researchers documented 299 positive changes in firmware security scores over the 15 years covered by the study... but 370 negative changes over the same period. Looking across its entire data set, in fact, firmware security actually appeared to get worse over time, not better."

On the bright side, the survey found that almost all recent router firmware by Linksys and NETGEAR boasted non-executable stacks. "However, those same firmware binaries did not employ other common security features like ASLR or stack guards, or did so only rarely," says the report.

The headphone jack is increasingly being omitted from smartphones and tablets, but what about laptops? When Apple launched the redesigned MacBook Pro in 2016, it decided to remove the SD card slot, full-sized USB Type A ports, and Thunderbolt 2 ports -- but keep the 3.5mm headphone jack, even though it axed the headphone jack in the 2016 iPhone 7. The reason, Apple said, had to do with the lack of wireless solutions for pro audio gear that many users use with their MacBooks. "If it was just about headphones then it doesn't need to be there," said Apple marketing chief Phil Schiller. "We believe that wireless is a great solution for headphones." He added: "But many users have set-ups with studio monitors, amps and other pro audio gear that do not have wireless solutions and need the 3.5mm jack."

While most laptops today still retain the headphone jack, that trend doesn't seem like it'll last for too much longer as the industry moves to embrace wireless audio. Laptop alternatives like Apple's iPad Pro and Samsung's Galaxy Tab S5e have both ditched the 3.5mm port, meaning it's only a matter of time until laptops themselves lose the port. Our question to you is: do you use the headphone jack on your laptop? Would you mind if a manufacturer removed the port to make room for a bigger battery or make the device slimmer and more portable? Let us know your thoughts below.

Long-time Slashdot reader trolman scared this scathing editorial by security researcher Brian Krebs: If you are somehow under the impression that you -- the customer -- are in control over the security, privacy and integrity of your mobile phone service, think again. And you'd be forgiven if you assumed the major wireless carriers or federal regulators had their hands firmly on the wheel. No, a series of recent court cases and unfortunate developments highlight the sad reality that the wireless industry today has all but ceded control over this vital national resource to cybercriminals, scammers, corrupt employees and plain old corporate greed...

Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists...

Is there any hope that lawmakers or regulators will do anything about these persistent problems? Gigi Sohn, a distinguished fellow at the Georgetown Institute for Technology Law and Policy, said the answer -- at least in this administration -- is probably a big "no."

"The takeaway here is the complete and total abdication of any oversight of the mobile wireless industry," Sohn told KrebsOnSecurity. "Our enforcement agencies aren't doing anything on these topics right now, and we have a complete and total breakdown of oversight of these incredibly powerful and important companies."

Slashdot reader Artem S. Tashkinov writes: Mathy Vanhoef and Eyal Ronen have recently disclosed two new additional bugs impacting WPA3. The security researched duo found the new bugs in the security recommendations the WiFi Alliance created for equipment vendors in order to mitigate the initial Dragonblood attacks [found by the same two security researchers]. "Just like the original Dragonblood vulnerabilities from April, these two new ones allow attackers to leak information from WPA3 cryptographic operations and brute-force a WiFi network's password," reports ZDNet.
More from ZDNet: "[The] Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1," Vanhoef said. "Although this update is not backwards-compatible with current deployments of WPA3, it does prevent most of our attacks," the researchers said.

But besides just disclosing the two new Dragonblood vulnerabilities, the two researchers also took the chance to criticize the WiFi Alliance again for its closed standards development process that doesn't allow for the open-source community to contribute and prevent big vulnerabilities from making it into the standard in the first place.

"This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard," the researchers said. "It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept."
While these type of feedback might be ignored when coming from other researchers, it means more when it comes from Vanhoef. The Belgian researchers is the one who discovered the KRACK attack that broke the WPA2 WiFi authentication standard and forced the WiFi Alliance to develop the WPA3 standard, which it launched in June 2018.

Have you ever been in a public place and hopped onto a public WiFi network? From a report: We conducted a survey of 1,195 US residents over the past two weeks asking about internet connectivity and one interesting trend stood out. 82% of respondents (980 total) said they connect to any freely available network while out in public. When asked about the security implications of such a decision, the majority of the respondents said they didn't think about such things, and that it wasn't a concern for them.

Security researchers say they can extract a user's phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations. From a report: The attack works because, when Bluetooth is enabled on an Apple device, the device sends BLE (Bluetooth Low Energy) packets in all directions, broadcasting the device's position and various details. This behavior is part of the Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect and allow data transfers between nearby devices. Previous academic research has revealed that AWDL BLE traffic contains device identification details such as the phone status, Wi-Fi status, OS version, buffer availability, and others. However, in new research published last week, security researchers from Hexway said that during certain operations these BLE packets can also contain a SHA256 hash of the device's phone number.

Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks. From a report: These are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US. The project sought to analyze the Apple Wireless Direct Link (AWDL), a protocol that Apple rolled out in 2014 and which also plays a key role in enabling device-to-device communications in the Apple ecosystem. While most Apple end users might not be aware of the protocol's existence, AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods. But in the past five years, Apple has never published any in-depth technical details about how AWDL works. This, in turn, has resulted in very few security researchers looking at AWDL for bugs or implementation errors.

CNN tells the story of a new medical breakthrough for Keven Walgamott, who 17 years ago lost one hand and part of his forearm in an electrical accident. Now, Walgamott can use his thoughts to tell the fingers of his bionic hand to pick up eggs and grapes. The prosthetic arm he tested also allowed Walgamott to feel the objects he grasped. A biomedical engineering team at the University of Utah created the "LUKE Arm," named in honor of the robotic hand Luke Skywalker obtains in "Star Wars: The Empire Strikes Back" after Darth Vader slices off his hand with a lightsaber.

A new study published Wednesday in the journal Science Robotics explained how the arm revived the sensation of touch for Walgamott. The University of Chicago and the Cleveland Clinic were also involved in the study... The LUKE Arm sends signals to the brain in order to mimic the way a human hand can feel and sense information about an object, like whether it's soft, hard, lightweight or heavy. "We changed the way we are sending that information to the brain so that it matches the human body..." said Jacob George, study author and biomedical engineering doctoral student at the University of Utah. "We're making more biologically realistic signals..."

Utah Emeritus Distinguished Professor Richard A. Normann invented the Utah Slanted Electrode Array, a grouping of 100 microelectrodes and wires implanted in the forearm's nerves and connected to an external computer. The array was able to read signals from the nerves remaining in Walgamott's arm while the computer converted them into digital signals. The signals would act like messages for the arm to move. But in order to be successful, things would have to work the opposite way as well, meaning the LUKE Arm would need to be able to sense objects and understand the necessary pressure needed to hold them. Sensors in the hand of the LUKE Arm send signals through the Array to the existing nerves, communicating the feeling the hand should be receiving when it touches something.
Created by DEKA R&D (founded by Segway inventor Dean Kamen), the LUKE arm "was in development for 15 years and is composed of metal motors with a clear silicon overlay that mimics skin," the article points out.

While it currently draws power from an external battery (and is wired to a computer), they're working on creating a wireless version.

schwit1 quotes IEEE Spectrum: In 2017, members of the mobile telephony industry group 3GPP were bickering over whether to speed the development of 5G standards. One proposal, originally put forward by Vodafone and ultimately agreed to by the rest of the group, promised to deliver 5G networks sooner by developing more aspects of 5G technology simultaneously.

Adopting that proposal may have also meant pushing some decisions down the road. One such decision concerned how 5G networks should encode wireless signals. 3GPP's Release 15, which laid the foundation for 5G, ultimately selected orthogonal frequency-division multiplexing (OFDM), a holdover from 4G, as the encoding option. But Release 16, expected by year's end, will include the findings of a study group assigned to explore alternatives. Wireless standards are frequently updated, and in the next 5G release, the industry could address concerns that OFDM may draw too much power in 5G devices and base stations.

That's a problem, because 5G is expected to require far more base stations to deliver service and connect billions of mobile and IoT devices. "I don't think the carriers really understood the impact on the mobile phone, and what it's going to do to battery life," says James Kimery, the director of marketing for RF and software-defined radio research at National Instruments Corp. "5G is going to come with a price, and that price is battery consumption." And Kimery notes that these concerns apply beyond 5G handsets. China Mobile has "been vocal about the power consumption of their base stations," he says. A 5G base station is generally expected to consume roughly three times as much power as a 4G base station. And more 5G base stations are needed to cover the same area.

The Justice Department approved T-Mobile's acquisition of Sprint, a deal it rejected under the previous administration, clearing one of the biggest hurdles to a takeover that will reshape the wireless industry. From a report: T-Mobile and Sprint agreed to sell multiple assets to Dish Network as a condition for approval, paving the way to creating a new wireless company, the Justice Department said in a statement Friday. The carriers have promised to deploy a 5G network that would cover 97% of the U.S. population within three years and 99% within six years. "The remedies set up Dish as a disruptive force in wireless," said Makan Delrahim, the head of the Justice Department's antitrust division, during a briefing with reporters.

An anonymous reader shares a report: For the better part of two years, the folks at Mozilla have been diligently chipping away at Mozilla WebThings, an open implementation of the World Wide Web Consortium's (W3C) Web of Things standard for monitoring and controlling connected devices. In April, it gained a number of powerful logging, alarm, and networking features, and this week, a revamped component of WebThings -- WebThings Gateway, a privacy- and security-focused software distribution for smart home gateways -- formally debuted. Experimental builds of WebThings Gateway 0.9 are available on GitHub for the Turris Omnia router, with expanded support for routers and developer boards to come down the line. (Separately, there's a new build compatible with the recently announced Raspberry Pi 4.) Mozilla notes that it currently only offers "extremely basic" router configuration and cautions against replacing existing firmware, but the company says that it's a noteworthy milestone in its path to creating a full software distribution for wireless routers.

An anonymous reader quotes a report from Ars Technica: AT&T lost 946,000 TV subscribers in Q2 2019, a loss that the company attributed to price increases, competition, and other factors. AT&T reported a net loss of 778,000 subscribers in the "Premium TV" category, which includes its DirecTV satellite and U-verse wireline TV services. AT&T attributed this loss to "an increase in customers rolling off promotional discounts, competition, and lower gross adds due to a focus on the long-term value customer base." AT&T also lost 168,000 subscribers of DirecTV Now, an online service with linear channels that's similar to traditional satellite and cable TV. AT&T said the DirecTV Now customer loss was "due to higher prices and less promotional activity," meaning that customers have balked at price increases and a refusal to extend discounts.

The Premium TV loss brought AT&T down to 21.6 million customers in that category, while the DirecTV Now loss brought that service down to 1.3 million customers. Including both, AT&T's total number of video subscribers dropped from 25.4 million in Q2 2108 to 22.9 million in Q2 2019. The loss of 946,000 TV subscribers easily outstripped last quarter's AT&T net loss of 627,000 subscribers. "AT&T said it expects a similar level of video losses to continue in the current quarter," according to Reuters.

In an effort to gain an elusive trading edge, some of the world's biggest hedge funds have been snapping up large swaths of alternative data from Fitbits, Rokus, Teslas and employment websites like Glassdoor. Bloomberg reports: Spotting trends and patterns in consumer habits is big business, part of a global market for big data, that a JPMorgan Chase report said could reach more than $200 billion by next year. Still, there's no guarantee all that information will lead to riches. It needs to be scrubbed, organized and aggregated to be of any use. WiFi and Bluetooth connections have become so ubiquitous they're often taken for granted. But hedge funds have become keenly interested in tracking devices that connect to the internet.

Capturing signals they emit can show "when and where new things appear in the world,"; said Hugh O'Connor, director of data sourcing and partnerships at Eagle Alpha, which gathers alternative data for the finance industry. Firms can keep tabs on the number of Roku video-streaming devices or Fitbit fitness trackers being used, the length of time consumers spend on them and their approximate locations. Similarly, if you buy a Tesla Model 3 car and use its Bluetooth-enabled media, a data provider can capture when your new ride is hitting the road. There's been "incredible demand" from some of the world's largest asset managers for this type of information. Hedge funds are also pulling data from mobile phones as they can reveal, in real time, the number of people carrying devices at a particular location. "This can shed light on how many -- or few -- people are frequenting a retailer, supermarket or fast-food joint," the report says. They're also scraping the web to create bespoke collections of public data. "Some examples include pricing trends on airline flights or hotels, inventory figures for products offered on coupon website Groupon, or sales posted for merchandise on Amazon.com," reports Bloomberg.

Additionally, social media sites and credit card data help shed some light on what consumers are thinking. Employment data is also very insightful. "If a tech giant suddenly starts seeking talent from the health-care industry, for example, that could suggest it has a new product or service in the works," reports Bloomberg. "A spike in the removal of job postings from a company's website could signal corporate distress."

An anonymous reader quotes a report from Ars Technica: The Justice Department plans to approve the T-Mobile/Sprint merger as part of a settlement involving the sale of spectrum licenses, wholesale access, and a prepaid wireless business to Dish Network, The Wall Street Journal reported today. "The companies have spent weeks negotiating with antitrust enforcers and each other over the sale of assets to Dish to satisfy concerns that the more than $26 billion merger of the No. 3 and No. 4 wireless carriers by subscribers would hurt competition," the Journal wrote, citing people familiar with the matter. As a result of those negotiations, the DOJ is "poised to approve" the merger and could announce a settlement with T-Mobile and Sprint "as soon as this week, but the timing remains uncertain," the Journal wrote. Even if the DOJ approves the merger, T-Mobile and Sprint will still have to defend it in court because of a lawsuit filed against them by 13 states and the District of Columbia. The Wall Street Journal report said the pending settlement "provides for Dish to acquire prepaid subscribers" but didn't say whether those will come from Boost. "Boost's involvement seems likely, given that FCC Chairman Ajit Pai's approval of the T-Mobile/Sprint merger is contingent on the divestiture of Boost Mobile and a guarantee that Boost will have access to the T-Mobile/Sprint network," reports Ars Technica.

"Dish would also get a multiyear agreement to use the wireless companies' network while it builds dedicated infrastructure," the Journal wrote. The report didn't say how much spectrum Dish will get.

According to The Wall Street Journal, Apple is in advanced talks to buy Intel's smartphone-modem chip business (Warning: source paywalled; alternative source), "a move that would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." From the report: A deal, covering a portfolio of patents and staff valued at $1 billion or more, could be reached in the next week, the people said -- assuming the talks don't fall apart. Though the purchase price is a rounding error for companies valued in the hundreds of billions of dollars, the transaction would be important strategically and financially. It would give Apple access to engineering work and talent behind Intel's yearslong push to develop modem chips for the crucial next generation of wireless technology known as 5G, potentially saving years of development work.

For Intel's part, a deal would allow the company to shed a business that had been weighing on its bottom line: The smartphone operation had been losing about $1 billion annually, a person familiar with its performance has said, and has generally failed to live up to expectations. Though it would exit the smartphone business, Intel plans to continue to work on 5G technology for other connected devices. Earlier this year, it was reported that Apple began discussing plans to acquire parts of Intel's smartphone modem chip business last summer, around the time former Intel Chief Executive Brian Krzanich resigned. "Mr. Krzanich championed the modem business and touted 5G technology as a big future revenue stream," reports The Wall Street Journal. "When Bob Swan was named to that job in January, analysts said the odds of a deal rose because his focus on cleaning up Intel would require addressing the losses in the modem business."

Chinese tech giant Huawei could have helped secretly build a 3G wireless network for North Korea, according to internal documents leaked by a former employee of the company. From a report: Huawei worked with another Chinese company, Panda International Information Technology, on a number of projects in the region over the course of eight years, as suggested by work orders, contracts and spreadsheets published by the Washington Post on Monday. The revelations come as the latest blow to Huawei's reputation in a series of events over the past year, a period in which the company has come under fire from the US government amid its trade war with China. In January, the US Justice Department unsealed indictments that included 23 counts pertaining to the alleged theft of intellectual property, obstruction of justice and fraud related to its alleged evasion of US sanctions against Iran. President Donald Trump has blacklisted the company as a security threat, and Huawei CFO Meng Wanzhou is under house arrest in Canada awaiting extradition to the US.

Senate minority leader Chuck Schumer is calling on the FBI to investigate FaceApp after privacy concerns have been raised about the Russian company which developed the app. In a letter posted on Twitter, Mr Schumer called it "deeply disturbing" that personal data of U.S. citizens could go to a "hostile foreign power." The BBC reports: Wireless Lab, a company based in St. Petersburg, says it does not permanently store images, and does not collect troves of data -- only uploading specific photos selected by users for editing. "Even though the core R&D team is located in Russia, the user data is not transferred to Russia," a company statement reported by news site TechCrunch said. Mr Schumer however has asked that the FBI and the Federal Trade Commission (FTC) investigate FaceApp. "I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it," his letter reads.

A flaw in the Bluetooth communication protocol may expose modern device users to tracking and could leak their ID, researchers claim. From a report: The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and macOS machines. This includes iPhones, iPads, Apple Watch models, MacBooks, and Microsoft tablets & laptops. On Wednesday, researchers from Boston University David Starobinski and Johannes Becker presented the results of their research at the 19th Privacy Enhancing Technologies Symposium, taking place in Stockholm, Sweden. According to the research paper, Tracking Anonymized Bluetooth Devices, many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device. Android is immune as the OS does not continually send out advertising messages, the researchers said.