Connect with us

Biz & IT

Google opens its Android security-key tech to iPhone and iPad users

Published

on

Google will now allow iPhone and iPad owners to use their Android security key to verify sign-ins, the company said Wednesday.

Last month, the search and mobile giant said it developed a new Bluetooth-based protocol that will allow modern Android 7.0 devices and later to act as a security key for two-factor authentication. Since then, Google said 100,000 users are already using their Android phones as a security key.

Since its debut, the technology was limited to Chrome sign-ins. Now Google says Apple device owners can get the same protections without having to plug anything in.

Signing in to a Google account on an iPad using an Android 7.0 device (Image: Google)

Security keys are an important security step for users who are particularly at risk of advanced attacks. They’re designed to thwart even the smartest and most resourceful attackers, like nation-state hackers. Instead of a security key that you keep on your key ring, newer Android devices have the technology built-in. When you log in to your account, you are prompted to authenticate with your key. Even if someone steals your password, they can’t log in without your authenticating device. Even phishing pages won’t work because only legitimate websites support security keys.

For the most part, security keys are a last line of defense. Google admitted last month that its standalone Titan security keys were vulnerable to a pairing bug, potentially putting it at risk of hijack. The company offered a free replacement for any affected device.

The security key technology is also FIDO2 compliant, a secure and flexible standard that allows various devices running different operating systems to communicate with each other for authentication.

For the Android security key to work, iPhone and iPad users need the Google Smart Lock app installed. For now, Google said the Android security key will be limited to sign-ins to Google accounts only.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

OneWeb emerges from bankruptcy, plans global satellite broadband by 2022

Published

on

Enlarge / Illustration of a OneWeb satellite.

OneWeb has emerged from Chapter 11 bankruptcy under new ownership and says it will begin launching more broadband satellites next month. Similar to SpaceX Starlink, OneWeb is building a network of low-Earth orbit (LEO) satellites that can provide high-speed broadband with much lower latencies than traditional geostationary satellites.

After a launch in December, “launches will continue throughout 2021 and 2022 and OneWeb is now on track to begin commercial connectivity services to the UK and the Arctic region in late 2021 and will expand to delivering global services in 2022,” OneWeb said in an announcement Friday.

In March this year, OneWeb filed for bankruptcy and reportedly laid off most of its staff. In July, OneWeb agreed to sell the business to a consortium including the UK government and Bharti Global Limited for $1 billion. In the Friday announcement, OneWeb said it has secured “all relevant regulatory approvals” needed to exit bankruptcy.

“Together with our UK Government partner, we recognised that OneWeb has valuable global spectrum with priority rights, and we benefit from $3.3 billion invested to date and from the satellites already in orbit, securing our usage rights,” Bharti founder and Chairman Sunil Bharti Mittal said.

Launch scheduled for December 17

OneWeb previously launched 74 satellites into low-Earth orbits and said it plans a launch of 36 more satellites on December 17, 2020. The Friday announcement also said OneWeb plans “a constellation of 650 LEO satellites,” but that could be just the beginning. OneWeb in August secured US approval for 1,280 satellites in medium-Earth orbits, bringing its total authorization to 2,000 satellites.

OneWeb will be playing catchup against SpaceX, which has launched about 800 satellites, has permission to launch nearly 12,000, and is already providing Internet service to US customers in a beta. SpaceX and OneWeb are both seeking US permission to launch tens of thousands of additional satellites.

There’s also competition from Amazon’s Project Kuiper, which has US approval to launch 3,236 low-Earth orbit satellites and a $10 billion investment plan.

Continue Reading

Biz & IT

Comcast to enforce 1.2TB data cap in entire 39-state territory in early 2021

Published

on

Aurich Lawson / Getty Images

Comcast’s 1.2TB monthly data cap is coming to 12 more states and the District of Columbia starting January 2021. The unpopular policy was already enforced in most of Comcast’s 39-state US territory over the past few years, and the upcoming expansion will for the first time bring the cap to every market in Comcast’s territory.

Comcast will be providing some “courtesy months” in which newly capped customers can exceed 1.2TB without penalty, so the first overage charges for these customers will be assessed for data usage in the April 2021 billing period.

Comcast’s data cap has been imposed since 2016 in 27 of the 39 states in Comcast’s cable territory. The cap-less parts of Comcast’s network include Northeastern states where the cable company faces competition from Verizon’s un-capped FiOS fiber-to-the-home broadband service.

But last week, an update to Comcast’s website said that the cap is coming to Connecticut, Delaware, Massachusetts, Maryland, Maine, New Hampshire, New Jersey, North Carolina, New York, Pennsylvania, Vermont, West Virginia, and the District of Columbia. The cap is also coming to parts of Virginia and Ohio where it wasn’t already implemented. In all, Comcast has nearly 28 million residential Internet customers.

We viewed the updated language on Comcast’s website Friday. Comcast appears to have taken the update off that webpage, but a Comcast spokesperson confirmed to Ars today that the data cap is going nationwide in January 2021 and said that notifications are being sent to customers in their bills. The updated language from the Comcast website was also preserved in a news article by Stop the Cap today.

Courtesy months for newly capped users

Comcast’s update said customers in newly capped markets “can take the months of January and February to understand how the new 1.2TB Internet Data Plan affects them without additional charges. We’ll credit your bill for any additional data usage charges over 1.2TB during those months if you’re not on an unlimited data plan.”

That would delay enforcement until March, but Comcast also provides all customers with one courtesy month in each 12-month period. Newly capped customers could thus start getting overage charges for their April 2021 usage.

“Comcast is certain to be criticized for expanding data caps in the middle of the COVID-19 pandemic, especially as the number of cases explodes in the United States, pushing more people than ever to work from home,” Stop the Cap wrote.

The data-cap expansion will likely result in more disputes between Comcast and customers. Comcast has always said its data meter is accurate but has had to correct occasional mistakes. Customers who suddenly face overage fees often suspect the meter is wrong. Comcast provides no way for customers to independently verify the meter readings, and there’s no government regulation of broadband-data meters to ensure their accuracy.

Unlimited data options

Comcast’s overage charges are $10 for each additional block of 50GB, up to a maximum of $100 each month. Customers can avoid overage charges by spending an extra $30 a month on unlimited data or $25 for the “xFi Complete” plan that includes unlimited data and the rental cost for Comcast’s xFi gateway modem and router.

Comcast is trying to give customers in newly capped markets an incentive to upgrade to unlimited data before the caps actually go into effect. It’s a bit convoluted: customers who sign up for unlimited data in December or January will have the $30 unlimited-data charge waived until June, the Comcast spokesperson told Ars. People who sign up for unlimited data in February or March would be charged the extra $30 fee starting in April.

Comcast is doing something similar with the $25 xFi Complete add-on, which essentially combines two charges into one—a $14-per-month charge for Comcast’s gateway and another $11 to get unlimited data. Customers who upgrade to the unlimited-data version of xFi Complete in December or January will not be charged the extra $11 until June, the spokesperson said. Customers who sign up later will pay the charge starting in April.

Comcast says cap is for “super users”

The Comcast spokesperson defended the data-cap expansion, saying that “a very small number of customers drive a disproportionately large volume of traffic,” as “5 percent of residential customers make up more than 20 percent of our network usage.”

About 95 percent of Comcast residential customers use less than 1.2TB a month, with the median customer at 308GB, the spokesperson said. The cap is “for those super users, a very small subset of our customers,” and “for those super users we have unlimited options,” the spokesperson said.

But Comcast customers would likely use more data if they didn’t face caps. New research by OpenVault, a vendor that sells data-usage tracking platform to ISPs, found that 9.4 percent of US customers with unlimited data plans exceeded 1TB a month and that 1.2 percent exceeded 2TB in Q3 2020. For customers with data caps, 8.3 percent exceeded 1TB and 0.9 percent exceeded 2TB.

Comcast did not provide a clear answer as to why the company decided that now is the right time to expand the data cap to more states. The spokesperson said Comcast has spent $12 billion to expand its network since 2017 and that increasing capacity helped the network perform well even as the COVID pandemic caused big increases in residential broadband usage. But Comcast reduced capital spending on its cable division in 2019 and reduced cable-division capital spending again in the first nine months of 2020.

Data caps generate revenue for ISPs

It’s been clear for years that Comcast’s data caps are a revenue-generating system rather than a congestion management tool. When Comcast was enforcing a 300GB monthly cap in 2015, a Comcast engineering executive said imposing the monthly data limit was a business decision, not one driven by technical necessity.

Monthly data caps are not useful for managing congestion in real time, since they apply only to a customer’s monthly total rather than actually addressing the impact heavy users might have on other customers at peak usage times. Comcast used to use a congestion-management system to slow down the heaviest Internet users, but turned the system off a few years ago, saying its network was strong enough that it was no longer needed.

Comcast began imposing the data cap and overage charges in some states in 2012. The cap was originally 300GB and was raised to 1TB in 2016.

Comcast waived the data cap for a few months during the pandemic, then raised it from 1TB to 1.2TB when it was reimposed in July. Despite the temporary data-cap waiver, Comcast boasted that its network was able to handle the pandemic-fueled usage.

One small ISP in Maryland, Antietam Broadband, decided to permanently remove data caps after finding that increased usage during the pandemic didn’t harm the network. Antietam also said that customers working at home switched to “broadband packages that more accurately reflected their broadband needs.” As Antietam’s experience shows, heavy Internet users often pay for faster speeds, ensuring that ISPs get more revenue from heavy users even when there’s no data cap.

As Sen. Ron Wyden (D-Ore.) told Ars earlier this year, the pandemic showed that data caps aren’t necessary to manage network traffic. “Data caps have always been about socking consumers with extra fees to pad Big Cable’s profit margins,” Wyden said at the time. “Even after the COVID-19 emergency passes, ISPs should do away with unnecessary data caps.”

Continue Reading

Biz & IT

Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn

Published

on

Microsoft

For years, Google and Mozilla have battled to keep abusive or outright malicious browser extensions from infiltrating their official repositories. Now, Microsoft is taking up the fight.

Over the past several days, people in website forums have complained of the Google searches being redirected to oksearch[.]com when they use Edge. Often, the searches use cdn77[.]org for connectivity.

After discovering the redirections weren’t an isolated incident, participants in this Reddit discussion winnowed the list of suspects down to five. All of them are knockoffs of legitimate add-ons. That means that while the extensions bear the names of legitimate developers, they are, in fact, imposters with no relation.

They include:

NordVPN
Adguard VPN
TunnelBear VPN
The Great Suspender
Floating Player — Picture-in-Picture Mode

“I had the tunnelbear extension installed, but I removed it once I figured out it was causing the issue,” Laurence Norah, a photographer at Finding the Universe, told me by email. “It’s easy enough to see it happening—if you install one of the affected extensions in Edge, open dev tools, and press the ‘sources’ tab, you’ll see something that shouldn’t be there like ok-search.org or cdn77.”

His account was consistent with images and accounts from other forum participants. Below are two screenshots:

Microsoft officials have yet to provide a response to email seeking comment for this post. But in This Reddit comment someone identifying herself as a community manager for Microsoft Edge said the company is in the process of investigating the extensions.

“The team just updated me to let me know that anyone seeing these injections should turn off their extensions and let me know if you continue to see them at that point,” the person using the handle MSFTMissy wrote. “Once I have any news from them, I will update this thread accordingly.”

None of the five legitimate developers of the real extensions responded to a request for comment. Readers should remember, however, that legitimate developers can’t be held responsible when their apps or add-ons are spoofed.

Along with Android apps, browser extensions are one of the weak links in the online security chain. The problem is that anyone can submit them, and Google, Mozilla, and now Microsoft haven’t come up with a system that adequately vets the authenticity of the people submitting them or the safety of the code.

Search engine redirections are typically part of a scheme to generate fraudulent revenue by ginning up ad clicks, and that’s what’s likely happening here. While reports indicate that the add-ons do nothing more than hijack legitimate searches, the privileges they require provide the possibility of doing much worse. Usage rights include things like:

  • Read and change all your data on the websites you visit
  • Manage your apps, extensions, and themes
  • Change your privacy-related settings

Anyone who has installed any of the above-mentioned Edge add-ons should remove them immediately. And the oft-repeated advice about browser extensions still applies here: (1) install extensions only when they provide true value or benefit and even then (2) take time to read reviews and check the developer for any signs an extension is fraudulent.

Continue Reading

Trending