Phone photo quality interests Google, Microsoft

by Stephen Shankland

Google and Microsoft have joined a group devoted to creating a way that cell phone buyers can easily comprehend the quality of their camera phones.

The International Imaging Industry Association said the tech titans signed up to help with the third phase of the Camera Phone Image Quality Initiative, in which a variety of companies try to create measurements to capture various test results.

Mobile phones that can take photos are ubiquitous today, but with tiny image sensors and lenses and severe budget constraints, they vary widely in their ability to take good photos. Mostly all that buyers have to go on is a megapixel count, which isn’t terribly meaningful when it comes to such small sensors. The International Imaging Industry Association, a consortium whose mission is to make imaging better for consumers, is trying to come up with a better way.

The mobile phone camera tests include resolution, color uniformity, lens distortion, and lens chromatic aberration, but the group also plans to factor in sharpness and noise reduction. A variety of other possibilities ranging from dynamic range, white balance, and resistance to glare also could be added into the mix as well.

The group is trying boil all this down into an official star rating consumers can trust.

Other companies working on the standard include Aptina Imaging, CDM Optics, DxO Labs, Eastman Kodak, Fujifilm, Motorola, Nokia, OmniVision Technologies, Sony Ericsson Mobile Communications, STMicroelectronics, ST Ericsson, and VistaPoint Technologies.

http://news.cnet.com/8301-30685_3-10408593-264.html?tag=newsEditorsPicksArea.0

Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year

By Kim Zetter

Sprint Nextel provided law enforcement agencies with customer location data more than 8 million times between September 2008 and October 2009, according to a company manager who disclosed the statistic at a non-public interception and wiretapping conference in October.

The manager also revealed the existence of a previously undisclosed web portal that Sprint provides law enforcement to conduct automated “pings” to track users. Through the website, authorized agents can type in a mobile phone number and obtain global positioning system (GPS) coordinates of the phone.

The revelations, uncovered by blogger and privacy activist Christopher Soghoian, have spawned questions about the number of Sprint customers who have been under surveillance, as well as the legal process agents followed to obtain such data.

But a Sprint Nextel spokesman said that Soghoian, who recorded the Sprint manager’s statements at the closed conference, misunderstood what the figure represents. The number of customers whose GPS data was provided to local, state and federal law enforcement agencies was much less than 8 million, as was the total number of individual requests for data.

The spokesman wouldn’t disclose how many of Sprint’s 48 million customers had their GPS data shared, or indicate the number of unique surveillance requests from law enforcement. But he said that a single surveillance order against a lone target could generate thousands of GPS “pings” to the cell phone, as the police track the subject’s movements over the course of days or weeks. That, Sprint claims, is the source of the 8 million figure: it’s the cummulative number of times Sprint cell phones covertly reported their location to law enforcement over the year.

The spokesman also said that law enforcement agents have to obtain a court order for the data, except in special emergency circumstances.

The information about the data requests and portal comes from Paul Taylor, manager of Sprint’s Electronic Surveillance Team. He made the revelations at the Intelligent Support Systems (ISS) conference, a surveillance industry gathering for law enforcement and intelligence agencies and the companies that provide them with the technologies and capabilities to conduct surveillance.

The conference is closed to press, but Soghoian, who is a graduate student at Indiana University, obtained entry and recorded a couple of panel sessions, which he posted on his blog. In one of the recordings, Taylor is heard saying that the automated system was rolled out a year ago and that in 13 months it had processed more than 8 million requests for GPS data from law enforcement.

“We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests,” Taylor is heard saying. “So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy.”

Soghoian concluded on his blog that the quote provided proof that “location requests easily outnumber wiretaps, and … likely outnumber all other forms of surveillance request too.”
He cites a telecom attorney named Al Gidari who claimed at a talk last year that each of the major wireless carriers received about 100 requests a week for customer-location data. At 100 requests a week for each of the top four wireless carriers, the total should be around 20,000 requests a year.

“I now have proof that he significantly underestimated the number of requests by several orders of magnitude,” Soghoian writes.

But Sprint spokesman John Taylor (who is not related to Paul Taylor) says Soghoian had “grossly misrepresented” the 8 million figure, which doesn’t refer to unique requests or to individual customers, but to the total number of “pings” made on every number for the duration of a law enforcement request.

“The figure represents the number of individual ‘pings for specific location information, made to the Sprint network as part of a series of law enforcement investigations and public safety assistance requests during the past year,” said spokesman Taylor. “It’s critical to note that a single case or investigation may generate thousands of individual pings to the network as the law enforcement or public safety agency attempts to track or locate an individual.”

There are four circumstances under which law enforcement agents can use the Sprint website and obtain GPS data: 1) under the authority of a court order; 2) to track the location of a customer who has made a 911 call; 3) in an emergency situation, such as tracking someone lost in the wilderness or trying to locate an abducted child or hostage; 4) with a customer’s consent.

In the case of court orders, Taylor said agents are required to provide Sprint with the order, after which the company provisions the law enforcement account to allow an agency to track the targeted phone number. Court orders cover a 60-day period, and agents can do automated pings to obtain real-time GPS data every three minutes throughout that 60-day period. Taylor says this accounts for the 8 million figure.

“If you can access the info every three minutes over 60 days, that adds up pretty quickly,” he told Threat Level.

He added that the GPS data includes only latitude and longitude and the date and time of the ping.

The automated system was set up so that law enforcement agents wouldn’t have to contact Sprint’s electronic surveillance team each time they wanted to ping a phone number throughout the 60 days of a court order. Agents still have to obtain a subpoena to get historic call detail records, such as phone numbers called, the date, time and duration of calls and the cell site and sector from which the calls were made.

Image: The FBI won a court order to track this Sprint Nextel cell phone’s movements while hunting for a fugitive in Ohio last October. (Source: U.S. District Court Southern Distict of Ohio). Home page image of cell tower: Phil Strahl/Flickr

http://www.wired.com/threatlevel/2009/12/gps-data

Yahoo, Verizon: Our Spy Capabilities Would ‘Shock’, ‘Confuse’ Consumers

By Kim Zetter

Want to know how much phone companies and internet service providers charge to funnel your private communications or records to U.S. law enforcement and spy agencies?

That’s the question muckraker and Indiana University graduate student Christopher Soghoian asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request filed a few months ago. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that, among other things, they would be ridiculed and publicly shamed were their surveillance price sheets made public.

Yahoo writes in its 12-page objection letter (.pdf), that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.”

“Therefore, release of Yahoo!’s information is reasonably likely to lead to impairment of its reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies,” the company writes.

//

Verizon took a different stance. It objected to the release (.pdf) of its Law Enforcement Legal Compliance Guide because it might “confuse” customers and lead them to think that records and surveillance capabilities available only to law enforcement would be available to them as well — resulting in a flood of customer calls to the company asking for trap and trace orders.

“Customers may see a listing of records, information or assistance that is available only to law enforcement,” Verizon writes in its letter, “but call in to Verizon and seek those same services. Such calls would stretch limited resources, especially those that are reserved only for law enforcement emergencies.”

Other customers, upon seeing the types of surveillance law enforcement can do, might “become unnecessarily afraid that their lines have been tapped or call Verizon to ask if their lines are tapped (a question we cannot answer).”

Verizon does disclose a little tidbit in its letter, saying that the company receives “tens of thousands” of requests annually for customer records and information from law enforcement agencies.

Soghoian filed his records request to discover how much law enforcement agencies — and thus U.S. taxpayers — are paying for spy documents and surveillance services with the aim of trying to deduce from this how often such requests are being made. Soghoian explained his theory on his blog, Slight Paranoia:

In the summer of 2009, I decided to try and follow the money trail in order to determine how often Internet firms were disclosing their customers’ private information to the government. I theorized that if I could obtain the price lists of each ISP, detailing the price for each kind of service, and invoices paid by the various parts of the Federal government, then I might be able to reverse engineer some approximate statistics. In order to obtain these documents, I filed Freedom of Information Act requests with every part of the Department of Justice that I could think of.

The first DoJ agency to respond to his request was the U.S. Marshals Service (USMS), which indicated that it had price lists available for Cox Communications, Comcast, Yahoo and Verizon. But because the companies voluntarily provided the price lists to the government, the FOIA allows the companies an opportunity to object to the disclosure of their data under various exemptions. Comcast and Cox were fine with the disclosure, Soghoian reported.

He found that Cox Communications charges $2,500 to fulfill a pen register/trap-and-trace order for 60 days, and $2,000 for each additional 60-day-interval. It charges $3,500 for the first 30 days of a wiretap, and $2,500 for each additional 30 days. Thirty days worth of a customer’s call detail records costs $40.

Comcast’s pricing list, which was already leaked to the internet in 2007, indicated that it charges at least $1,000 for the first month of a wiretap, and $750 per month thereafter.

But Verizon and Yahoo took offense at the request.

Yahoo objected on grounds that its pricing constituted “confidential commercial information” and cited Exemption 4 of the Freedom of Information Act and the Trade Secrets Act.

Exemption 4 of the FOIA refers to the disclosure of commercial or financial information that could result in a competitive disadvantage to the company if it were publicly disclosed. The company claims its pricing is derived from labor rates for employees and overhead and, therefore, disclosing the information would provide clues to its operating costs — regardless of whether these same clues are already available in public records, such as those the company files with the Securities and Exchange Commission. The company also claims that since Soghoian is trying to determine the actual amounts the Marshals Service paid Yahoo for responding to requests, the price lists are irrelevant, since “there are no standard prices for these transactions.”

But equally important to Yahoo’s objections was the potential for “criticism” and ridicule. Yahoo quoted Soghoian on his blog writing that his aim was to “use this blog to shame the corporations that continue to do harm to user online privacy.”

Yahoo also objected to the disclosure of its letter objecting to the disclosure of pricing information saying that “release of this letter would likely cause substantial competitive harm” to the company. The company added, in a veiled threat, that if the Marshals Service were to show anyone its letter objecting to the disclosure of pricing information, it could “impair the government’s ability to obtain information necessary for making appropriate decisions with regard to future FOIA requests.”

If anyone out there has a copy of Verizon or Yahoo’s law enforcement pricing list and wants to share it, feel free to use our anonymous tip address.

Image: FBI.gov

http://www.wired.com/threatlevel/2009/12/wiretap-prices

Twitter Co-Founder Squares Up Credit Card Payments

By Ian Paul

Jack Dorsey, one of the brains behind popular micro-blogging site Twitter, is selling a new product called Square that turns your iPhone into a credit card payment system.

Unlike similar iPhone applications, Square includes not only the payment software, but a magnetic card reader that allows you to swipe cards instead of manually inputting credit card numbers. The payment system is designed for any type of business owner including storefront owners, street vendors, and even part-time flea market salespeople.

What Square is and how it works

Square is a little plastic magnetic card reader that hooks into the headphone jack of your iPhone or iPod Touch. When you swipe a credit card through the device, it converts the card information into an audio signal, which is then processed by Square’s software application on the device, according to GigaOm. Then, the card information is encrypted and transmitted to Square’s servers via a Wi-Fi or 3G connection for processing. Dorsey says your credit card information is never stored on Square-enabled devices.

Once the transaction is approved, you sign for the purchase on the iPhone screen using your finger. Your receipt can then be e-mailed to you or sent via SMS. But it’s not actually a receipt. What you get instead is a link to a private page on Square’s Website where you can view and save your receipt, according to TechCrunch.

Who can use Square?

Square isn’t just for store owners; the device is small enough to fit on your keychain and could be used by anyone who wants to accept credit card payments. That sounds like a real advantage, especially for someone who runs a weekend business for extra money. But I’m doubtful this system is practical for everyone.

For example, TechCrunch has a demonstration video of Square in action at Sightglass Coffee in San Francsico (Dorsey is an investor in this cafe according to TechCrunch). The process for buying, while not particularly long, just has two many steps for a grab-and-go product like coffee. Especially considering that larger chains like Starbucks can get you through the line faster since they don’t require your signature at all. However, for purchases at flower vendors or hot dog stands where there simply wasn’t a plastic payment option before, Square is an ideal solution.

Square-compatible devices

Right now, Square only works with the iPhone or iPod Touch; however, the company’s Job postings list positions for Android and Blackberry Client Engineers, so it’s clear which mobile phones Square has its sights on next.

Square is not the only company to come up with a mobile credit card solution. Apple’s App Store has over twenty applications that allow you to pay with your plastic by manually inputting credit card information. That’s where Square is different: not only does it offer the credit card payment services, but it offers a mobile magnetic stripe reader as well.

Square doesn’t have a formal process for purchasing its service yet, but if you are interested in Square for your business there is an email submission form at the bottom of Square’s Website . As far as cost goes, no one has attached an official price tag to Square’s service, but Dorsey told the LA Times that the magnetic card reader may be given away for free.

Connect with Ian on Twitter (@ianpaul).

• See more like this:
• apple iphone,
• iphone,
• iphone accessories,
• Twitter

Follow Link for video – http://www.pcworld.com/article/183528/twitter_cofounder_squares_up_credit_card_payments.html

Next-gen iPhone in field testing, may have revamped Maps

Once again, usage logs from PinchMedia have revealed that a new iPhone model is already in early testing in the San Francisco Bay Area. What to expect from a new iPhone is a matter of some speculation, though a new job listing from Apple suggest a revamp for the Maps application is in the works.

By Chris Foresman

Apple looks to be already testing its next-generation iPhone hardware in the San Francisco area near its Cupertino headquarters, according to usage logs for the iBART public transit application. Usage logs like these revealed early testing of the iPhone 3GS last year, eight months before it launched this past summer. What the next revision of the iPhone may offer is still a matter of speculation and debate, but a recent job listing for a MapKit software engineer suggests a Maps revamp may be in the works.

The iBART app, which is used to navigate San Francisco’s train system, uses Pinch Media analytics to log usage statistics such as iPhone model and software version number. Developers use these statistics in a variety of ways, such as deciding when to switch to iPhone OS 3.0-only programming APIs. iBART developer Pandav recently noticed that a model reporting as “iPhone3,1″ began appearing in Pinch Media logs.

This reference follows Apple’s model ID convention. The original iPhone was iPhone1,1; the iPhone 3G, considered to be a minor hardware revision, was iPhone1,2. The iPhone 3GS, which had significant internal hardware revisions, is referred to as iPhone2,1. iPhone3,1 would logically be a new iPhone model with significant hardware revision. References to this ID already appeared in early betas of iPhone OS 3.0 in March. It should come as no surprise when Apple launches a new iPhone model next June or July, as it has the past three years.

What changes we can expect are still unknown, though this could be the first iPhone that contains a PA Semi-designed ARM-based processor. Rumors continue to suggest a possible GSM/CDMA hybrid model that would work on CDMA networks like Verizon’s, in addition to GSM/UTMS-based networks that the current iPhone models work with.

A recent job posting suggests that maps and geo-location services will see a revamp in the next model. Apple recently posted a job listing for an iPhone software engineer that would specialize in working with the Maps team. This team is responsible for the Maps and Compass applications, as well as the MapKit and CoreLocation frameworks used for location-based services. On the software side, we could expect use of the data integration APIs from Apple’s Plasebase acquisition. Nothing in the job listing suggests significantly revamped GPS or digital compass hardware, however.

http://arstechnica.com/apple/news/2009/11/next-gen-iphone-in-field-testing-may-have-revamped-maps.ars

Nasty iPhone Worm Hints at the Future

As smart phones become smarter, malicious code will find a friendlier home.

By Robert Lemos

As mobile phones get more powerful, the threat of serious attacks against such devices increases, security experts warn. This week, cybercriminals moved closer to proving this point–exploiting a weakness in modified iPhones to spread a worm programmed to steal banking information. Some experts say the worm may be a sign that criminals are getting more savvy about hacking mobile devices.

Last Saturday, researchers at several security firms reported that the new worm, dubbed “Ikee.B” or “Duh,” spreads using the default password for an application that can be installed on modified versions of the iPhone. Once the device has been compromised, the worm grabs text messages, and searches for banking authorization codes used by at least one bank, before sending the codes to a central server. Earlier this month, another iPhone worm was released. It exploited the same password weakness to spread itself, but did not try to steal personal information.

“The banking [attack] is new to mobile devices,” says Chet Wisniewski, a senior security advisor at antivirus firm Sophos. “It goes through your phone, grabbing all your text messages, and sends them off to a server in Lithuania.”

Since the attack affects only the small number of iPhones that have been “jail broken”–modified to run nonapproved software–the worm will likely inconvenience only a few people. Yet some researchers say the worm confirms that attacks against mobile users are evolving, and that cybercriminals are targeting the personal and financial information kept on portable devices. The ability to communicate with a central command-and-control server–a characteristic more commonly associated with hijacked PCs–also makes such software more dangerous.

This past summer, at the Black Hat Security Briefings conference in Las Vegas, Charlie Miller, a consultant with Independent Security Evaluators, demonstrated a way to remotely attack iPhones using the short message service (SMS) protocol. Miller says it’s only a matter of time before cybercriminals find a way to infect phones that haven’t been jail broken, vastly increasing the potential scale of an infection. “A [more serious] worm against an iPhone or any other mobile device is going to happen,” Miller says. “It is going to happen to [Google's] Android and iPhone and everything else. As more bad guys do research into the mobile platforms, these devices are going to get attacked.”

The evolution of the Ikee.B or Duh worm can be traced back to early attacks against mobile devices. In 2000, Timofonica, a relatively simple virus that spread between desktop computers and servers, also had the ability to spam mobile phones in Spain with text messages. In 2004, Cabir, the first mobile-phone-only worm, was released. Cabir could jump automatically between Nokia handsets.

Article Continues – http://www.technologyreview.com/communications/24011/?a=f

Harnessing Waste Heat from Laptop Computers, Cell Phones May Double Battery Time

In everything from computer processor chips to car engines to electric powerplants, the need to get rid of excess heat creates a major source of inefficiency. But new research points the way to a technology that might make it possible to harvest much of that wasted heat and turn it into usable electricity. (Credit: iStockphoto/Evgeny Kuklev)

In everything from computer processor chips to car engines to electric powerplants, the need to get rid of excess heat creates a major source of inefficiency. But new research points the way to a technology that might make it possible to harvest much of that wasted heat and turn it into usable electricity.

That kind of waste-energy harvesting might, for example, lead to cellphones with double the talk time, laptop computers that can operate twice as long before needing to be plugged in, or power plants that put out more electricity for a given amount of fuel, says Peter Hagelstein, co-author of a paper on the new concept appearing in November in the Journal of Applied Physics.

Hagelstein, an associate professor of electrical engineering at MIT, says existing solid-state devices to convert heat into electricity are not very efficient. The new research, carried out with graduate student Dennis Wu as part of his doctoral thesis, aimed to find how close realistic technology could come to achieving the theoretical limits for the efficiency of such conversion.

Theory says that such energy conversion can never exceed a specific value called the Carnot Limit, based on a 19th-century formula for determining the maximum efficiency that any device can achieve in converting heat into work. But current commercial thermoelectric devices only achieve about one-tenth of that limit, Hagelstein says. In experiments involving a different new technology, thermal diodes, Hagelstein worked with Yan Kucherov, now a consultant for the Naval Research Laboratory, and coworkers to demonstrate efficiency as high as 40 percent of the Carnot Limit. Moreover, the calculations show that this new kind of system could ultimately reach as much as 90 percent of that ceiling.

Hagelstein, Wu and others started from scratch rather than trying to improve the performance of existing devices. They carried out their analysis using a very simple system in which power was generated by a single quantum-dot device — a type of semiconductor in which the electrons and holes, which carry the electrical charges in the device, are very tightly confined in all three dimensions. By controlling all aspects of the device, they hoped to better understand how to design the ideal thermal-to-electric converter.

Hagelstein says that with present systems it’s possible to efficiently convert heat into electricity, but with very little power. It’s also possible to get plenty of electrical power — what is known as high-throughput power — from a less efficient, and therefore larger and more expensive system. “It’s a tradeoff. You either get high efficiency or high throughput,” says Hagelstein. But the team found that using their new system, it would be possible to get both at once, he says.

A key to the improved throughput was reducing the separation between the hot surface and the conversion device. A recent paper by MIT professor Gang Chen reported on an analysis showing that heat transfer could take place between very closely spaced surfaces at a rate that is orders of magnitude higher than predicted by theory. The new report takes that finding a step further, showing how the heat can not only be transferred, but converted into electricity so that it can be harnessed.

A company called MTPV Corp. (for Micron-gap Thermal Photo-Voltaics), founded by Robert DiMatteo SM ‘96, MBA ‘06, is already working on the development of “a new technology closely related to the work described in this paper,” Hagelstein says.

DiMatteo says he hopes eventually to commercialize Hagelstein’s new idea. In the meantime, he says the technology now being developed by his company, which he expects to have on the market next year, could produce a tenfold improvement in throughput power over existing photovoltaic devices, while the further advance described in this new paper could make an additional tenfold or greater improvement possible. The work described in this paper “is potentially a major finding,” he says.

DiMatteo says that worldwide, about 60 percent of all the energy produced by burning fuels or generated in powerplants is wasted, mostly as excess heat, and that this technology could “make it possible to reclaim a significant fraction of that wasted energy.”

When this work began around 2002, Hagelstein says, such devices “clearly could not be built. We started this as purely a theoretical exercise.” But developments since then have brought it much closer to reality.

While it may take a few years for the necessary technology for building affordable quantum-dot devices to reach commercialization, Hagelstein says, “there’s no reason, in principle, you couldn’t get another order of magnitude or more” improvement in throughput power, as well as an improvement in efficiency.

“There’s a gold mine in waste heat, if you could convert it,” he says. The first applications are likely to be in high-value systems such as computer chips, he says, but ultimately it could be useful in a wide variety of applications, including cars, planes and boats. “A lot of heat is generated to go places, and a lot is lost. If you could recover that, your transportation technology is going to work better.”

Story Source:

Adapted from materials provided by Massachusetts Institute of Technology. Original article written by David L. Chandler.

---

Journal Reference:

1. D. M. Wu, P. L. Hagelstein, P. Chen, K. P. Sinha,3 and A. Meulenberg. Quantum-coupled single-electron thermal to electric conversion scheme. Journal of Applied Physics, Online Nov. 13, 2009 DOI: 10.1063/1.3257402

http://www.sciencedaily.com/releases/2009/11/091118101403.htm

A single smartphone can DoS federal wiretaps

The official protocol for providing US law enforcement with the ability to monitor and record calls in the digital era was a product of compromise and, according to new research, it shows: an enterprising hacker could have a wealth of tools to interfere with the monitoring.

By John Timmer

As the telecommunications world went wireless and digital, the tried-and-true method law enforcement agencies used for wiretaps—splicing into the local loop—was in danger of becoming an anachronism. In 1994, Congress passed the Communications Assistance for Law Enforcement Act, which required telecommunications switches to incorporate a capacity for government monitoring of phone calls and other communications. That requirement ultimately produced an ANSI standard, J-STD-025, that dictated the capabilities of the hardware interface used by law enforcement agencies. A team of academic researchers has now put that standard to the test, and found that it’s vulnerable to various forms of denial and obfuscation attacks.

As the authors note, the monitoring of domestic communications has been a source of controversy in recent years; others have questioned whether having a standard capacity built into every piece of communication hardware leaves the US communications infrastructure at risk of external attack. They avoid these issues, however, and focus on a simpler question: how well does the J-standard actually work?

The answer, it appears, is that it’s trivial to defeat it and interfere with wiretaps. The big caveat to this work is that the authors didn’t have access to any of the actual hardware used by law enforcement agencies; they simply tested whether hardware that follows the J-standard could hold up to a variety of attacks. It’s possible that hardware makers have exceeded the standards with more recent equipment, and obviated some of the problems.

Still, there are two reasons to think that at least some wiretaps would be vulnerable. The first is that the hardware that’s actually deployed is probably from a variety of generations and manufacturers, making it likely that some of it does the bare minimum needed to comply. The second is that the authors demonstrate multiple vulnerabilities, making it unlikely that even the best equipment handles all of them.

Part of the problem is that there are two classes of phone monitoring available to law enforcement: simple call logging, which is relatively easy to obtain, and full call recording, which is typically more challenging. The two are handled separately within the protocol, and the capacity granted for the logging was based on typical usage patterns at the time: a single, 64kbps ISDN line. The authors go on to show that it’s relatively simple to exceed this bandwidth with a single computer or smartphone, creating a denial of service situation.

Part of the problem is that there’s an asymmetry between the basic information that needs to be sent down a phone line—there’s a connection waiting—and all the information that law enforcement needs, such as the source, a datestamp, a case identifier, etc. This asymmetry ensures that even a simple unconnected call produces significant data that has to be stuffed down the 64kbps pipe.

The other part of the problem is that modern telephony creates a variety of methods of sending a lot of traffic to an individual phone line with minimal effort. So, for example, the authors use an ISDN phone to send commands to voicemail boxes at a rate of 94 calls a second. Forty-two text messages a second would also work, as would repeated call/hangups using IP telephony. A rate of 20 hangups a second would do the trick, and the researchers were easily able to exceed that from a residential broadband connection.

Since the J protocol doesn’t allow for queueing or buffering, once the bandwidth is exceeded, any information that can’t be stuffed down the pipes is lost. So, once these levels are exceeded, law enforcement call logging becomes unreliable. The protocol is less clear about the capacity allocated to content monitoring, but the authors’ analysis suggests that this would be even easier to saturate.

More sophisticated attacks are also possible. For example, the J protocol calls for a termination of call recording once a tone is registered. However, communications hardware will only register the tone if it originates from specific hardware. As a result, a person being monitored could send the tone over their phone; the monitoring equipment should hang up, while the call would continue.

The authors were also able to craft a variety of IP packets that would interfere with monitoring. These include false datestamp information—which would inject irrelevant packets into the middle of a conversation—and eliminating the directionality information used by packets in some CDMA cellular systems. They also built packets that would be routed part of the way to the end user, but never reach them; these would be seen by the tap, but not interfere with the phone conversation.

All told, the authors come up with six attack scenarios that they consider practical, in that they could be carried out with readily available equipment. In fact, they tested a number of them using a laptop tethered to a CDMA phone (in one case, causing Sprint to throttle back their bandwidth).

They also suggest a number of stopgap measures that could be used to help avert some of their own scenarios, such as providing law enforcement with greater bandwidth. Still, it’s clear that they think the J standard is due for a complete rewrite, as they suggest it was the product of compromise among law enforcement, hardware makers, and telcos, and a product of simpler telecommunications times.

http://arstechnica.com/security/news/2009/11/a-single-smartphone-can-dos-federal-wiretaps.ars

Fujitsu F-04B modular cellphone with pico-projector

By Chris Davies

If you thought you’d seen it all in Nokia’s Vision of 2015 video, book a flight to Tokyo and stop by Fujitsu’s offices there.  They haven’t seen to have got the memo that modular, wirelessly-connected mobile phones with integrated pico-projectors are meant to be the stuff of futurology, not fact, and as such have produced a working version of their F-04B cellphone.  Akihabara have been for a play, and claim it’s a brilliant multifunctional device.

The core F-04B splits into two sections, a touchscreen part and a QWERTY keyboard, with the two linked via Bluetooth and functional either as a combined slider device or separately.  That makes everything pretty bulky – and Fujitsu’s touchscreen doesn’t get the highest marks – but there’s still space for a 12.2-megapixel camera, 1-Seg digital TV.

As for the 854 x 480 pico-projector, that clicks on in place of the keyboard section, which then doubles as a remote-control.  We’re not sure when our Japanese friends will be able to pick one up, but it seems like Fujitsu really do intend to launch the F-04B to the market.

http://www.slashgear.com/fujitsu-f-04b-modular-cellphone-with-pico-projector-gets-played-with-1263375/

Contact lenses to get built-in virtual graphics

by Vijaysree Venkatraman

A contact lens that harvests radio waves to power an LED is paving the way for a new kind of display. The lens is a prototype of a device that could display information beamed from a mobile device.

Realising that display size is increasingly a constraint in mobile devices, Babak Parviz at the University of Washington, in Seattle, hit on the idea of projecting images into the eye from a contact lens.

One of the limitations of current head-up displays is their limited field of view. A contact lens display can have a much wider field of view. “Our hope is to create images that effectively float in front of the user perhaps 50 cm to 1 m away,” says Parviz.

His research involves embedding nanoscale and microscale electronic devices in substrates like paper or plastic. He also wears contact lenses. “It was a matter of putting the two together,” he says.

Fitting a contact lens with circuitry is challenging. The polymer cannot withstand the temperatures or chemicals used in large-scale microfabrication, Parviz explains. So, some components – the power-harvesting circuitry and the micro light-emitting diode – had to be made separately, encased in a biocompatible material and then placed into crevices carved into the lens.

One obvious problem is powering such a device. The circuitry requires 330 microwatts but doesn’t need a battery. Instead, a loop antenna picks up power beamed from a nearby radio source. The team has tested the lens by fitting it to a rabbit.

Parviz says that future versions will be able to harvest power from a user’s cell phone, perhaps as it beams information to the lens. They will also have more pixels and an array of microlenses to focus the image so that it appears suspended in front of the wearer’s eyes.

Despite the limited space available, each component can be integrated into the lens without obscuring the wearer’s view, the researchers claim. As to what kinds of images can be viewed on this screen, the possibilities seem endless. Examples include subtitles when conversing with a foreign-language speaker, directions in unfamiliar territory and captioned photographs. The lens could also serve as a head-up display for pilots or gamers.

Mark Billinghurst, director of the Human Interface Technology Laboratory, in Christchurch, New Zealand, is impressed with the work. “A contact lens that allows virtual graphics to be seamlessly overlaid on the real world could provide a compelling augmented reality experience,” he says. This prototype is an important first step in that direction, though it may be years before the lens becomes commercially available, he adds.

The University of Washington team will present their prototype at the Biomedical Circuits and Systems (BioCas 2009) conference at Beijing later this month.

http://www.newscientist.com/article/dn18146-contact-lenses-to-get-builtin-virtual-graphics.html