Connect with us

Biz & IT

5G phones are here but there’s no rush to upgrade

Published

on

This year’s Mobile World Congress — the CES for Android device makers — was awash with 5G handsets.

The world’s No.1 smartphone seller by marketshare, Samsung, got out ahead with a standalone launch event in San Francisco, showing off two 5G devices, just before fast-following Android rivals popped out their own 5G phones at launch events across Barcelona this week.

We’ve rounded up all these 5G handset launches here. Prices range from an eye-popping $2,600 for Huawei’s foldable phabet-to-tablet Mate X — and an equally eye-watering $1,980 for Samsung’s Galaxy Fold; another 5G handset that bends — to a rather more reasonable $680 for Xiaomi’s Mi Mix 3 5G, albeit the device is otherwise mid-tier. Other prices for 5G phones announced this week remain tbc.

Android OEMs are clearly hoping the hype around next-gen mobile networks can work a little marketing magic and kick-start stalled smartphone growth. Especially with reports suggesting Apple won’t launch a 5G iPhone until at least next year. So 5G is a space Android OEMs alone get to own for a while.

Chipmaker Qualcomm, which is embroiled in a bitter patent battle with Apple, was also on stage in Barcelona to support Xiaomi’s 5G phone launch — loudly claiming the next-gen tech is coming fast and will enhance “everything”.

“We like to work with companies like Xiaomi to take risks,” lavished Qualcomm’s president Cristiano Amon upon his hosts, using 5G uptake to jibe at Apple by implication. “When we look at the opportunity ahead of us for 5G we see an opportunity to create winners.”

Despite the heavy hype, Xiaomi’s on stage demo — which it claimed was the first live 5G video call outside China — seemed oddly staged and was not exactly lacking in latency.

“Real 5G — not fake 5G!” finished Donovan Sung, the Chinese OEM’s director of product management. As a 5G sales pitch it was all very underwhelming. Much more ‘so what’ than ‘must have’.

Whether 5G marketing hype alone will convince consumers it’s past time to upgrade seems highly unlikely.

Phones sell on features rather than connectivity per se, and — whatever Qualcomm claims — 5G is being soft-launched into the market by cash-constrained carriers whose boom times lie behind them, i.e. before over-the-top players had gobbled their messaging revenues and monopolized consumer eyeballs.

All of which makes 5G an incremental consumer upgrade proposition in the near to medium term.

Use-cases for the next-gen network tech, which is touted as able to support speeds up to 100x faster than LTE and deliver latency of just a few milliseconds (as well as connecting many more devices per cell site), are also still being formulated, let alone apps and services created to leverage 5G.

But selling a network upgrade to consumers by claiming the killer apps are going to be amazing but you just can’t show them any yet is as tough as trying to make theatre out of a marginally less janky video call.

“5G could potentially help [spark smartphone growth] in a couple of years as price points lower, and availability expands, but even that might not see growth rates similar to the transition to 3G and 4G,” suggests Carolina Milanesi, principal analyst at Creative Strategies, writing in a blog post discussing Samsung’s strategy with its latest device launches.

“This is not because 5G is not important, but because it is incremental when it comes to phones and it will be other devices that will deliver on experiences, we did not even think were possible. Consumers might end up, therefore, sharing their budget more than they did during the rise of smartphones.”

The ‘problem’ for 5G — if we can call it that — is that 4G/LTE networks are capably delivering all the stuff consumers love right now: Games, apps and video. Which means that for the vast majority of consumers there’s simply no reason to rush to shell out for a ‘5G-ready’ handset. Not if 5G is all the innovation it’s got going for it.

LG V50 ThinQ 5G with a dual screen accessory for gaming

Use cases such as better AR/VR are also a tough sell given how weak consumer demand has generally been on those fronts (with the odd branded exception).

The barebones reality is that commercial 5G networks are as rare as hen’s teeth right now, outside a few limited geographical locations in the U.S. and Asia. And 5G will remain a very patchy patchwork for the foreseeable future.

Indeed, it may take a very long time indeed to achieve nationwide coverage in many countries, if 5G even ends up stretching right to all those edges. (Alternative technologies do also exist which could help fill in gaps where the ROI just isn’t there for 5G.)

So again consumers buying phones with the puffed up idea of being able to tap into 5G right here, right now (Qualcomm claimed 2019 is going to be “the year of 5G!”) will find themselves limited to just a handful of urban locations around the world.

Analysts are clear that 5G rollouts, while coming, are going to be measured and targeted as carriers approach what’s touted as a multi-industry-transforming wireless technology cautiously, with an eye on their capex and while simultaneously trying to figure out how best to restructure their businesses to engage with all the partners they’ll need to forge business relations with, across industries, in order to successfully sell 5G’s transformative potential to all sorts of enterprises — and lock onto “the sweep spot where 5G makes sense”.

Enterprise rollouts therefore look likely to be prioritized over consumer 5G — as was the case for 5G launches in South Korea at the back end of last year.

“4G was a lot more driven by the consumer side and there was an understanding that you were going for national coverage that was never really a question and you were delivering on the data promise that 3G never really delivered… so there was a gap of technology that needed to be filled. With 5G it’s much less clear,” says Gartner’s Sylvain Fabre, discussing the tech’s hype and the reality with TechCrunch ahead of MWC.

“4G’s very good, you have multiple networks that are Gbps or more and that’s continuing to increase on the downlink with multiple carrier aggregation… and other densification schemes. So 5G doesn’t… have as gap as big to fill. It’s great but again it’s applicability of where it’s uniquely positioned is kind of like a very narrow niche at the moment.”

“It’s such a step change that the real power of 5G is actually in creating new business models using network slicing — allocation of particular aspects of the network to a particular use-case,” Forrester analyst Dan Bieler also tells us. “All of this requires some rethinking of what connectivity means for an enterprise customer or for the consumer.

“And telco sales people, the telco go-to-market approach is not based on selling use-cases, mostly — it’s selling technologies. So this is a significant shift for the average telco distribution channel to go through. And I would believe this will hold back a lot of the 5G ambitions for the medium term.”

To be clear, carriers are now actively kicking the tyres of 5G, after years of lead-in hype, and grappling with technical challenges around how best to upgrade their existing networks to add in and build out 5G.

Many are running pilots and testing what works and what doesn’t, such as where to place antennas to get the most reliable signal and so on. And a few have put a toe in the water with commercial launches (globally there are 23 networks with “some form of live 5G in their commercial networks” at this point, according to Fabre.)

But at the same time 5G network standards are yet to be fully finalized so the core technology is not 100% fully baked. And with it being early days “there’s still a long way to go before we have a real significant impact of 5G type of services”, as Bieler puts it. 

There’s also spectrum availability to factor in and the cost of acquiring the necessary spectrum. As well as the time required to clear and prepare it for commercial use. (On spectrum, government policy is critical to making things happen quickly (or not). So that’s yet another factor moderating how quickly 5G networks can be built out.)

And despite some wishful thinking industry noises at MWC this week — calling for governments to ‘support digitization at scale’ by handing out spectrum for free (uhhhh, yeah right) — that’s really just whistling into the wind.

Rolling out 5G networks is undoubtedly going to be very expensive, at a time when carriers’ businesses are already faced with rising costs (from increasing data consumption) and subdued revenue growth forecasts.

“The world now works on data” and telcos are “at core of this change”, as one carrier CEO — Singtel’s Chua Sock Koong — put it in an MWC keynote in which she delved into the opportunities and challenges for operators “as we go from traditional connectivity to a new age of intelligent connectivity”.

Chua argued it will be difficult for carriers to compete “on the basis of connectivity alone” — suggesting operators will have to pivot their businesses to build out standalone business offerings selling all sorts of b2b services to support the digital transformations of other industries as part of the 5G promise — and that’s clearly going to suck up a lot of their time and mind for the foreseeable future.

In Europe alone estimates for the cost of rolling out 5G range between €300BN and €500BN (~$340BN-$570BN), according to Bieler. Figures that underline why 5G is going to grow slowly, and networks be built out thoughtfully; in the b2b space this means essentially on a case-by-case basis.

Simply put carriers must make the economics stack up. Which means no “huge enormous gambles with 5G”. And omnipresent ROI pressure pushing them to try to eke out a premium.

“A lot of the network equipment vendors have turned down the hype quite a bit,” Bieler continues. “If you compare this to the hype around 3G many years ago or 4G a couple of years ago 5G definitely comes across as a soft launch. Sort of an evolutionary type of technology. I have not come across a network equipment vendors these days who will say there will be a complete change in everything by 2020.”

On the consumer pricing front, carriers have also only just started to grapple with 5G business models. One early example is TC parent Verizon’s 5G home service — which positions the next-gen wireless tech as an alternative to fixed line broadband with discounts if you opt for a wireless smartphone data plan as well as 5G broadband.

From the consumer point of view, the carrier 5G business model conundrum boils down to: What is my carrier going to charge me for 5G? And early adopters of any technology tend to get stung on that front.

Although, in mobile, price premiums rarely stick around for long as carriers inexorably find they must ditch premiums to unlock scale — via consumer-friendly ‘all you can eat’ price plans.

Still, in the short term, carriers look likely to experiment with 5G pricing and bundles — basically seeing what they can make early adopters pay. But it’s still far from clear that people will pay a premium for better connectivity alone. And that again necessitates caution. 

5G bundled with exclusive content might be one way carriers try to extract a premium from consumers. But without huge and/or compelling branded content inventory that risks being a too niche proposition too. And the more carriers split their 5G offers the more consumers might feel they don’t need to bother, and end up sticking with 4G for longer.

It’ll also clearly take time for a 5G ‘killer app’ to emerge in the consumer space. And such an app would likely need to still be able to fallback on 4G, again to ensure scale. So the 5G experience will really need to be compellingly different in order for the tech to sell itself.

On the handset side, 5G chipset hardware is also still in its first wave. At MWC this week Qualcomm announced a next-gen 5G modem, stepping up from last year’s Snapdragon 855 chipset — which it heavily touted as architected for 5G (though it doesn’t natively support 5G).

If you’re intending to buy and hold on to a 5G handset for a few years there’s thus a risk of early adopter burn at the chipset level — i.e. if you end up with a device with a suckier battery life vs later iterations of 5G hardware where more performance kinks have been ironed out.

Intel has warned its 5G modems won’t be in phones until next year — so, again, that suggests no 5G iPhones before 2020. And Apple is of course a great bellwether for mainstream consumer tech; the company only jumps in when it believes a technology is ready for prime time, rarely sooner. And if Cupertino feels 5G can wait, that’s going to be equally true for most consumers.

Zooming out, the specter of network security (and potential regulation) now looms very large indeed where 5G is concerned, thanks to East-West trade tensions injecting a strange new world of geopolitical uncertainty into an industry that’s never really had to grapple with this kind of business risk before.

Chinese kit maker Huawei’s rotating chairman, Guo Ping, used the opportunity of an MWC keynote to defend the company and its 5G solutions against U.S. claims its network tech could be repurposed by the Chinese state as a high tech conduit to spy on the West — literally telling delegates: “We don’t do bad things” and appealing to them to plainly to: “Please choose Huawei!”

Huawei rotating resident, Guo Ping, defends the security of its network kit on stage at MWC 2019

When established technology vendors are having to use a high profile industry conference to plead for trust it’s strange and uncertain times indeed.

In Europe it’s possible carriers’ 5G network kit choices could soon be regulated as a result of security concerns attached to Chinese suppliers. The European Commission suggested as much this week, saying in another MWC keynote that it’s preparing to step in try to prevent security concerns at the EU Member State level from fragmenting 5G rollouts across the bloc.

In an on stage Q&A Orange’s chairman and CEO, Stéphane Richard, couched the risk of destabilization of the 5G global supply chain as a “big concern”, adding: “It’s the first time we have such an important risk in our industry.”

Geopolitical security is thus another issue carriers are having to factor in as they make decisions about how quickly to make the leap to 5G. And holding off on upgrades, while regulators and other standards bodies try to figure out a trusted way forward, might seem the more sensible thing to do — potentially stalling 5G upgrades in the meanwhile.

Given all the uncertainties there’s certainly no reason for consumers to rush in.

Smartphone upgrade cycles have slowed globally for a reason. Mobile hardware is mature because it’s serving consumers very well. Handsets are both powerful and capable enough to last for years.

And while there’s no doubt 5G will change things radically in future, including for consumers — enabling many more devices to be connected and feeding back data, with the potential to deliver on the (much hyped but also still pretty nascent) ‘smart home’ concept — the early 5G sales pitch for consumers essentially boils down to more of the same.

“Over the next ten years 4G will phase out. The question is how fast that happens in the meantime and again I think that will happen slower than in early times because [with 5G] you don’t come into a vacuum, you don’t fill a big gap,” suggests Gartner’s Fabre. “4G’s great, it’s getting better, wi’fi’s getting better… The story of let’s build a big national network to do 5G at scale [for all] that’s just not happening.”

“I think we’ll start very, very simple,” he adds of the 5G consumer proposition. “Things like caching data or simply doing more broadband faster. So more of the same.

“It’ll be great though. But you’ll still be watching Netflix and maybe there’ll be a couple of apps that come up… Maybe some more interactive collaboration or what have you. But we know these things are being used today by enterprises and consumers and they’ll continue to be used.”

So — in sum — the 5G mantra for the sensible consumer is really ‘wait and see’.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Safari and iOS bug reveals your browsing activity and ID in real time

Published

on

Getty Images

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

Obvious privacy violation

Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

“The fact that database names leak across different origins is an obvious privacy violation,” Martin Bajanik, a researcher at security firm FingerprintJS, wrote. He continued:

It lets arbitrary websites learn what websites the user visits in different tabs or windows. This is possible because database names are typically unique and website-specific. Moreover, we observed that in some cases, websites use unique user-specific identifiers in database names. This means that authenticated users can be uniquely and precisely identified.

Attacks work on Macs running Safari 15 and on any browser running on iOS or iPadOS 15. As the demo shows, safarileaks.com is able to detect the presence of more than 20 websites—Google Calendar, YouTube, Twitter, and Bloomberg among them—open in other tabs or windows. With more work, a real-world attacker could likely find hundreds or thousands of sites or webpages that can be detected.

When users are logged in to one of these sites, the vulnerability can be abused to reveal the visit and, in many cases, identifying information in real time. When logged in to a Google account open elsewhere, for instance, the demo site can obtain the internal identifier Google uses to identify each account. Those identifiers can usually be used to recognize the account holder.

Raising awareness

The leak is the result of the way the Webkit browser engine implements IndexedDB, a programming interface supported by all major browsers. It holds large amounts of data and works by creating databases when a new site is visited. Tabs or windows that run in the background can continually query the IndexedDB API for available databases. This allows one site to learn in real time what other websites a user is visiting.

Websites can also open any website in an iframe or pop-up window in order to trigger an IndexedDB-based leak for that specific site. By embedding the iframe or popup into its HTML code, a site can open another site in order to cause an IndexedDB-based leak for the site.

“Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session,” Bajanik wrote. “Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window.”

How IndexedDB in Safari 15 leaks your browsing activity (in real time).

Bajanik said he notified Apple of the vulnerability in late November, and as of publication time, it still had not been fixed in either Safari or the company’s mobile OSes. Apple representatives didn’t respond to an email asking if or when it would release a patch. As of Monday, Apple engineers had merged potential fixes and marked Bajanik’s report as resolved. End users, however, won’t be protected until the Webkit fix is incorporated into Safari 15 and iOS and iPadOS 15.

For now, people should be wary when using Safari for desktop or any browser running on iOS or iPadOS. This isn’t especially helpful for iPhone or iPad users, and in many cases, there’s little or no consequence of browsing activities being leaked. In other situations, however, the specific sites visited and the order in which they were accessed can say a lot.

“The only real protection is to update your browser or OS once the issue is resolved by Apple,” Bajanik wrote. “In the meantime, we hope this article will raise awareness of this issue.”

Continue Reading

Biz & IT

Microsoft warns of destructive disk wiper targeting Ukraine

Published

on

Getty Images

Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin demands.

Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services.

Be afraid and expect the worst

“All data on the computer is being destroyed, it is impossible to recover it,” said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. “All information about you has become public, be afraid and expect the worst.”

Around the same time, Microsoft said in a post over the weekend, “destructive” malware with the ability to permanently destroy computers and all data stored on them began appearing on the networks a dozens of government, nonprofit, and information technology organizations, all based in Ukraine. The malware—which Microsoft is calling Whispergate—masquerades as ransomware and demands $10,000 in bitcoin for data to be restored.

But Whispergate lacks the means to distribute decryption keys and provide technical support to victims, traits that are found in virtually all working ransomware deployed in the wild. It also overwrites the master boot record—a part of the hard drive that starts the operating system during bootup.

“Overwriting the MBR is atypical for cybercriminal ransomware,” members of the Microsoft Threat Intelligence Center wrote in Saturday’s post. “In reality, the ransomware note is a ruse and that the malware destructs MBR and the contents of the files it targets. There are several reasons why this activity is inconsistent with cybercriminal ransomware activity observed by MSTIC.”

Over the weekend, Serhiy Demedyuk, deputy head of Ukraine’s National Security and Defense Council, told news outlets that preliminary findings from a joint investigation of several Ukrainian state agencies show that a threat actor group known as UNC1151 was likely behind the defacement hack. The group, which researchers at security firm Mandiant have linked to the government of Russian ally Belarus, was behind an influence campaign named Ghostwriter.

Ghostwriter worked by using phishing emails and theft domains that spoof legitimate websites such as Facebook to steal victim credentials. With control of content management systems belonging to news sites and other heavily trafficked properties, UNC1151 “primarily promoted anti-NATO narratives that appeared intended to undercut regional security cooperation in operations targeting Lithuania, Latvia, and Poland,” authors of the Mandiant report wrote.

All evidence points to Russia

Ukrainian officials said UNC1151 was likely working on behalf of Russia when it used its skill in harvesting credentials and infiltrating websites to deface Ukraine’s government sites. In a statement, they wrote:

As of now, we can say that all the evidence points to the fact that Russia is behind the cyber attack. Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace.

Russia’s cyber-troops are often working against the United States and Ukraine, trying to use technology to shake up the political situation. The latest cyber attack is one of the manifestations of Russia’s hybrid war against Ukraine, which has been going on since 2014.

Its goal is not only to intimidate society. And to destabilize the situation in Ukraine by stopping the work of the public sector and undermining the confidence in the government on the part of Ukrainians. They can achieve this by throwing fakes into the infospace about the vulnerability of critical information infrastructure and the “drain” of personal data of Ukrainians.

Damage assessment

There were no immediate reports of the defacements having a destructive effect on government networks, although Reuters on Monday reported Ukraine’s cyber police found that last week’s defacement appeared to have destroyed “external information resources.”

“A number of external information resources were manually destroyed by the attackers,” the police said, without elaborating. The police added: “It can already be argued that the attack is more complex than modifying the homepage of websites.”

Microsoft, meanwhile, didn’t say if the destructive data wiper it found on Ukrainian networks had merely been installed for potential use later on or if it had actually been executed to wreak havoc.

There’s no proof that the Russian government had any involvement in the wiper malware or the website defacement, and Russian officials have flatly denied it. But given past events, Russian involvement wouldn’t be a surprise.

In 2017, a massive outbreak of malware initially believed to be ransomware shut down computers around the world and resulted in $10 billion in total damages, making it the most costly cyberattack ever.

NotPetya initially spread spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine. Both Ukrainian
and US government officials have said Russia was behind the attacks. In 2020, federal prosecutors charged four Russian nationals for alleged hacking crimes involving NotPetya.

Continue Reading

Biz & IT

Backdoor for Windows, macOS, and Linux went undetected until now

Published

on

Researchers have uncovered a never-before-seen backdoor written from scratch for systems running Windows, macOS, or Linux that remained undetected by virtually all malware scanning engines.

Researchers from security firm Intezer said they discovered SysJoker—the name they gave the backdoor—on the Linux-based Webserver of a “leading educational institution.” As the researchers dug in, they found SysJoker versions for both Windows and macOS as well. They suspect the cross-platform malware was unleashed in the second half of last year.

The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.

Analyses of the Windows version (by Intezer) and the version for Macs (by researcher Patrick Wardle) found that SysJoker provides advanced backdoor capabilities. Executable files for both the Windows and macOS versions had the suffix .ts. Intezer said that may be an indication the file masqueraded as a type script app spread after being sneaked into the npm JavaScript repository. Intezer went on to say that SysJoker masquerades as a system update.

Wardle, meanwhile, said the .ts extension may indicate the file masqueraded as video transport stream content. He also found that the macOS file was digitally signed, though with an ad-hoc signature.

SysJoker is written in C++, and as of Tuesday, the Linux and macOS versions were fully undetected on the VirusTotal malware search engine. The backdoor generates its control-server domain by decoding a string retrieved from a text file hosted on Google Drive. During the time the researchers were analyzing it, the server changed three times, indicating the attacker was active and monitoring for infected machines.

Based on organizations targeted and the malware’s behavior, Intezer’s assessment is that SysJoker is after specific targets, most likely with the goal of “​​espionage together with lateral movement which might also lead to a ransomware attack as one of the next stages.”

Continue Reading

Trending