Fandroids blow $200,000 on secret PANIC BUTTON for their smartmobes

A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.

The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.

Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.

A Linux distro for smartphones abandoned by their manufacturers, postmarketOS, has introduced in-place upgrades.

Alpine Linux is a very minimal general-purpose distro that runs well on low-end kit, as The Reg FOSS desk found when we looked at version 3.16 last month. postmarketOS's – pmOS for short – version 22.06 is based on the same version.

This itself is distinctive. Most other third-party smartphone OSes, such as LineageOS or GrapheneOS, or the former CyanogenMod, are based on the core of Android itself.

First Look The /e/ Foundation's de-Googled version of Android 10 has reached the market in a range of smartphones aimed at the privacy-conscious.

The idea of a privacy-centric version of Android is not new, and efforts to deliver are becoming friendlier all the time. The Register interviewed the founder of the /e/ Foundation in 2020, and reported on /e/ OS doing rather well in privacy tests the following year. Back then, the easiest way to get the OS was to buy a Fairphone, although there was also the option of reflashing one of a short list of supported devices.

Now there's another option: a range of brand-new Murena phones. The company supplied The Register with a Murena One for review, with a pre-release version of the /e/ OS installed.

Researchers at the University of California San Diego have shown for the first time that Bluetooth signals each have an individual, trackable, fingerprint.

In a paper presented at the IEEE Security and Privacy Conference last month, the researchers wrote that Bluetooth signals can also be tracked, given the right tools.

However, there are technological and expertise hurdles that a miscreant would have to clear today to track a person through the Bluetooth signals in their devices, they wrote.

There are lots of software keyboards for smartphones and tablets alike, but one stands head and shoulders above the rest… However you can't have it.

Last year, Microsoft bought Nuance for just shy of $20 billion, mainly for its voice-to-text tools. Nuance also owned Swype, which it killed off in 2018. Microsoft, meanwhile, also owns Swiftkey, which it still offers.

The Reg liked both. We called Swype "The world's fastest text entry system", and said that Swiftkey's predictive engine was so good it was a "psychic keyboard."

India's government has reportedly started probes into the local activities of Chinese tech companies Vivo and ZTE, prompting a rebuke from China's foreign ministry.

As was the case when Indian authorities seized $725 million from Chinese gadget-maker Xiaomi, the investigations focus on possible irregular financial reporting that may amount to fraud, according to newswire Bloomberg's original report on the matter.

A Bloomberg reporter asked about the state of the investigations at the daily press conference staged by China's Ministry of Foreign Affairs, which produces a transcript of each day's event.

Microsoft is continuing to lavish love on Android for Windows with an update to Android 12.1 that disables telemetry by default, although, as Microsoft notes, "this update may cause some apps to fail to launch."

Such are the delights of living on the bleeding edge of Windows test builds.

The update for the Windows Subsystem for Android arrived at the end of last week in the Windows Insider Dev Channel and comprises Android 12.1, a new settings app, and Windows integration improvements.

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group (TAG).

The Predator campaigns relied on four vulnerabilities in Chrome (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and CVE-2021-38003) and one in Android (CVE-2021-1048) to infect devices with the surveillance-ware. 

Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.

Huawei's long established trading relationship with Leica to integrate the German camera maker's technology into its phones is over, the companies have confirmed.

From February 2016, all Huawei flagships were slated [PDF] to have Leica-developed lenses and branding.

The Reg was generally quite impressed by the combined products over the years.

Smartphone markets the world over are in decline, but that news doesn't appear to have reached North America, where the market grew by 4 percent in the first quarter of 2022.

Tech market analytics firm Canalys reported that smartphone manufacturers shipped a total of 39m units in North America in Q1 2022, and most of it was driven by Apple, which saw 19 percent growth in Q1 to reach 51 percent of the smartphone market in the US, Canada and Mexico.

Apple may lead the quarter in terms of shipments and market share, but Google was the growth leader: It added 380 percent to its North American market share from Q1 2021 to Q1 2022. Still, that only brought it to 3 percent of the market, putting it in fifth place.