Android ‘Trusted Voice’: My Voice Is My Password

Today device unlocking has become far more secure over the years, from PIN number unlock to Pattern unlock and biometric unlocks including fingerprinting and facial recognition. But…

…What If Your Android Device Can Identify Your Voice before authenticating any access?

This exactly what Google is trying to provide its Android 5.0 Lollipop users.

Users running Android 5.0 Lollipop on their smartphone devices may soon be able to unlock their devices simply by saying “OK Google.”

“Smart Lock” is one of the most convenient security features provided in Lollipop that offers a handful of clever ways to unlock an Android device automatically, which yet includes:

• Trusted Device
• Trusted Places
• Trusted Face

However, Google is now rolling out a new smart lock, dubbed “Trusted Voice,” that uses your voice as a password to unlock your device.

Just as your fingerprint or face recognition is considered distinctive enough for biometric recognition system purposes, so is your VoicePrint unique too enough to identify you.

Android’s Trusted Voice feature provides you the authentication of your Lollipop 5.0 device when you give an “OK Google” voice command.

This is not new the very first time Google is introducing this feature…

…the company is already offering voice recognition feature in devices such as the Nexus 6, but the function didn’t work for them as some of the voice commands provided by the users get blocked by a secure lock screen.

However, this new “Trusted Voice” smart lock resolves this problem by bypassing the lock based on how you say “OK Google,” which means now it won’t matter how you say OK Google.

How Secure is this system?

Now that’s the point which has to be discussed:

When you enable “Trusted Voice” on your smart device, pop up warns you that this feature is not as secure as other methods to lock the screen.

This is because someone with a similar voice could potentially fool your smartphone, or anyone could just use a recording of your voice to unlock your device.

So, Better Keep your Android Device away from mimicry artist 😉

In real World, Biometric devices use similar voice verification as 2nd-factor of authentication, where an automated system can identify individuals by measuring their unique vocal characteristics.

If a sample of your voice matches, you are verified as being who you claim to be.

So far, it is not clear whether Google will keep users’ voice samples on Android device locally or it would send it to their Cloud as well.

FBI ALSO WANT YOUR VOICE SAMPLES

The FBI Biometric Center of Excellence strongly believes that voice recognition systems are an excellent choice for remote authentication. However, they are deeply interested in collecting massive voice samples around the World.

In 2014, the Operational Technology Division (OTD) of FBI launched a huge database of biometric information, including images of users’ faces, DNA, voice samples, fingerprints, irises, and palms, along with the details of scars, tattoos, and other body marks.

The Agency’s Database already loaded with intimate information about those people as well, who are never convicted of any crime in their entire life.

“Over the years, biometrics has been incredibly useful to the FBI and its partners in the law enforcement and intelligence communities—not only to authenticate an individual’s identity (you are who are say you are), but more importantly, to figure out who someone is (by a fingerprint left on a murder weapon or a bomb, for example), typically by scanning a database of records for a match,” said FBI on its website.

Considering Edward Snowden revelation about Big Tech Companies handling over users’ data to US Law enforcement suggests that ‘Trusted Voice’ could become a legitimate way by U.S Government to collect voice samples around the World if not protected properly.

So, When do you get Trusted Voice?

Google has not officially announced ‘Trusted Voice’ yet, but according to recent reports, this feature is just rolling out now, and there are, so far, no specific timelines available to try this feature on our devices, but most users would start to see it soon.

​Jolla hunts for Sailfish OEMs, taps crypto firm to target the enterprise

Jolla is reviving its hunt for hardware partners to make smartphones or tablets running its Sailfish OS.

In an age of Android, the odds may seem to be stacked against Jolla, but two years since its inception, the small Finnish startup is still afloat and even has some wind in its sails after a crowdfunding campaign breathed life into its forthcoming tablet.

Jolla announced today that shipments of its first tablet should begin in the second quarter of 2015, alongside the release of the 2.0 version of its Sailfish OS. Jolla’s tablet uses Intel’s Atom 3700 series as its application processor and so one of the features the new OS, which is available to other hardware makers to license, is support for Intel architecture.

When Jolla emerged in 2012 after Nokia ditched work on the open-source MeeGo operating system, the companyoutlined ambitions to persuade ODMs, OEMs, internet companies and others to build devices that ran its OS. Companies that wanted to license its OS would do so through the Sailfish OS alliance. While Jolla did gain early support for that mission from Chinese retailer D.Phone, the alliance seemed to have taken a backseat to the launch of its first Sailfish OS smartphone, released last year.

But with Sailfish OS 2.0 on the way, Intel on board, and a tablet in the works, Jolla says the Sailfish alliance is now ready to roll again.

“The roadmap of Sailfish OS already from the beginning in 2012 has led the way to this point: Sailfish OS is now ready for licensing to OEMs and other partners,” Antti Saarnio, co-founder of Jolla and the company’s chairman, said.

“We feel that Sailfish OS is the perfect platform for OEMs, content owners, m-commerce companies, and others to build differentiated mobile products. We are also very happy to work with Intel in planning for the Intel Atom x3 processor support for Sailfish OS,” he added.

The company is at MWC in Barcelona this week, likely scouting for potential members for its alliance.

According to Jolla, Sailfish OS 2.0 offers several improvements on its predecessor, including better Android application compatibility, support for Intel Atom x3 architecture, a new UI, privacy enhancements, and updates to notifications and events views. The Sailfish OS 2.0 UI apparently also lends itself to digital content providers or mobile commerce applications.

The company also has ambitions for the Sailfish OS to be used in the enterprise, today announcing plans to develop a version called ‘Sailfish Secure’ with Finnish security firm SSH Communications Security. The latter company’s claim to fame is that its founder Tatu Ylönen is the father of the Secure Shell (SSH) protocol, which protects data in transit.

The idea would be to become a European alternative to iOS, Android, BlackBerry and Windows Phone, which Jolla reckons will be “ideal for government officials, corporations, and consumers.” In other words, it will try and crack the regulated end of enterprise that Samsung is pursuing with Knox.

The harmful code recently found on Lenovo machines is now surfacing in other apps

As we previously reported, Lenovo apparently pre-loaded a number of its machines with Superfish adware along with other malicious code. The appearance of the potentially harmful software was not only shocking to many, but also prompted researchers to look around to see if the adware (or similar code) made it other places it shouldn’t have.

Based on recent data, that appears to be the case with at least two other firmsreported to have affected apps out in the wild. This dirty code, which was spotted by researcher Fillipo Valsorda, causes devices to accept any old, self-signed certificate from sites, obviously causing serious privacy/security issues in the process. Valsorda noted that code of this nature can be found on the Ad-aware Web Companion anti-virus/privacy software from a company known asLavasoft and within another ad-focused privacy app called PrivDog fromComodo.

Both occurrences expose users to the serious potential of man-in-the-middle attacks and leave personal data up for the taking, not to mention the negative affect it will have on both companies. Comodo is generally trusted on the internet with regard to certificate management, however that may not be the case for long.

While Lenovo has since admitted the issues surrounding the Superfish adware on its machines by offering it own removal tool, there is still no word from Lavasoft or Comodo on the latest findings. Microsoft has also updated Windows Defender so that it will detect and remove Superfish adware on its own.

Flaws in Telegram, the secure messaging App expose Secret Chat messages

Telegram cross-platform messaging flaws allow hackers to bypass encryption and access user messages

Apparently the Secret Chat feature of Telegram saves messages in plain text in the memory dump

Is Telegram secure? not any more! Telegramcross-platform messaging App which was hailed as the most secure messaging App by Electronic Frontier Foundation, has been found to be not so secure after all.

Researchers from security firm Zimperium have discovered that Telegram can be hacked by cyber criminals in two ways.  Zimperium’s founder and CTO stated on Zimperium blog that after conducting research on Telegram App, the researcher have found that there are at least two methods that can be leveraged to bypass encryption and obtain messages.

Telegram has around 55 million active users around the world and has a Secret Chat feature for a one on one private and secure chat between two users.  Secret Chat works by giving encryption and decryption keys to the receiver and sender, thus making it most secure.  EFF in its December secure messaging Apps audit and review had given maximum score to the Telegram’s Secret Chat feature.

According the Avraham, Telegram is vulnerable to the potential hacker gaining complete control of the targeted Android smartphone installed with Telegram App, by leveraging a kernel exploit to elevate privileges. Once the attacker is in control of the smartphone, he can dump process memory and gain access to any file stored on the device.

Zimperium researchers noticed that Telegram Secret Chat messages are stored in the Telegram memory dump in plain text and easily accessible to the hackers.

The researchers further discovered that a database file (Cache4.db) containing tables that store the secret messages is also in plain text. While Telegram users can delete their messages using a special function, the deleted messages can still be retrieved from the process memory, Avraham stated.

“While Telegram was founded upon a noble goal of providing privacy to consumers everywhere at no cost, they have fallen short of their objective by focusing purely on data-in-transit versus protecting data-at-rest on the mobile device itself. What is regrettable is that I approached Telegram multiple times and have yet to receive a response,” Avraham explained in a blog post.  “Telegram’s so-called powerful encryption is not protecting users any better than any other page or app that uses SSL. If you are using Telegram because you want to ensure your privacy and the privacy of the messages you are sending, be aware that it will not stop sophisticated hackers from reading your messages. We highly recommended adding additional protection to your mobile device that can detect device-level cyberattacks.”

Avraham said Zimperium made the vulnerability public after the expiry of 30 day disclosure guidelines and in the absence of any reply from Telegram about the flaw. Telegram is yet to come out with a statement about the flaw.

Google Wants to Put a 3D Camera on Your Smartphone — Here’s Why

Google’s quest to map the entire world doesn’t end with the outdoors. Now, Google wants to create maps of indoor spaces too — and that’s a powerful idea.

The product of the Google Advanced Technologies and Projects (ATAP) division, Project Tango is a way of 3D-mapping indoor spaces using specialized sensors mounted to a mobile device. Not everything born in ATAP makes it to the real world, but Project Tango has recently moved out of ATAP and is on its way to becoming a real product.

Let’s dive in and see what it’s all about.

What is Project Tango?

It’s a smartphone, and it’s a tablet, but the most critical element is a time-of-flight depth camera, which is capable of determining the depth of pixels in an image via a suite of clever algorithms and hardware.  Combining all of that into a smartphone or tablet form factor just makes it easier for people to carry around and interact with.  Using this, Google hopes to make smart devices smarter, giving them a human-like understanding of the physical world.

Google’s first prototype was a smartphone, as shown in the video above. Project Tango launched in an early form about a year ago, and since then has been rapidly evolving. We listed it as one of the cool research projects that could change the world back in November, and it is still firmly on that path.

The second iteration of Project Tango, shown above, was a $1,024 developer-only model that is currently out of stock. Google’s hoping to get developers involved to tap into all the possibilities for this technology, some of which we’ll look at in the next section.

For a glimpse into the work that has gone into Project Tango, check out the video below from ATAP.

A lot of resources are being poured into this project, and it will be exciting to see where it all goes.  At first glance, some of the technology in Tango may seem a little gimmicky, but the applications that developers have come up with so far are hugely exciting.

What Could It Be Used for?

As developers get ahold of the APIs for working with Project Tango, we’re sure to see an explosion of ideas for the platform. For now, here are a few that could come to fruition.

Search and Rescue

ATAP worked with many different companies and universities to produce Project Tango, but one university in particular is set on putting Tango to work in urban search and rescue missions. The University of Massachusetts Lowell Robotics Lab has big plans ahead for this application.

In many search and rescue scenarios, (picture a partially collapsed building) rescuers often  have no idea what sort of conditions are like ahead of them.  Project Tango, mounted on a small drone, would allow unstable spaces to be mapped before humans enter, identifying risks and obstacles and making the process faster and safer.

Navigation for the Visually Impaired

Google does a lot of great things for the world, and this use of Project Tango should probably be counted among those achievements. For those who are completely blind, visually impaired, or just have trouble getting around, Project Tango could view the environment around them, understand its geometry, and give them auditory hints about the locations of people, doors, and potential obstacles.

This could really change the lives of millions of the visually impaired all over the world. Hopefully this application of the technology is the first to reach consumers.

Immersive Technologies

Virtual reality? Augmented reality? Project Tango’s future could be deeply entwined with these two other technologies.

In the augmented reality vane, Target has already tricked out a few of their stores to sport a winter wonderland-style aesthetic when viewed through a Project Tango device. In the future, app developers could use Tango’s sensors and cameras to bring games into your environment. In the video below from Android Authority, you can see one game, Zombie Gunship Reality, already taking advantage of this.

Once Google can get more Tango devices into the hands of consumers, you can bet the game designers will follow. At that point, the kinds of games we’re likely to see are only limited by the creativity of the developers.

In the virtual reality sense, integration with the Oculus Rift, Samsung Gear VR, or Microsoft HoloLens could allow for an even more immersive experience. Not to say that we ever expectGoogle to play nicely with Microsoft.  In particular, one of the major limitations to smartphone-based VR headsets like the Gear VR is the lack of support for positional tracking.  Creating a similar, Oculus-based headset for Project Tango would allow developers to use the depth camera data to track the position of your hands and head.

This could even lead to your body being used a controller.  Like the Microsoft Kinect, Project Tango can sense where bodies are in space, and deduce their pose. Train that Tango device on yourself, and your arms and legs could suddenly be in the game — a feature sadly lacking from current virtual reality games.  Alternately, with the ability to capture depth video, you could use Project Tango to create VR video that allows you to fluidly move your head around and observe the scene from many angles.

Trying out Furniture

Trying to figure out if that couch will fit in your living room? Unsure if that bookshelf would look good across from your shark tank?  With Project Tango, you don’t have to guess.  The depth camera is a virtual tape measure and laser level rolled into one and can measure distances, sizes, and even project an image of a product into a virtual simulation of your room. Walk around your house once with your Tango tablet, and you’ll have a virtual replica of your house on call whenever you need it.  Alternately, you could use the tablet to 3D scan people or objects, and then bring them into the virtual world, to be 3d-printed or used as a virtual prop.

Indoor Directions

Ever spend way too much time wandering around a Walmart or Costco looking for that one item? Project Tango, if adopted by major retailers, could be like Google Maps for the indoors.  Aisle411 and Walgreens have already integrated Project Tango with one Walgreens location, allowing customers with a Tango device to get directions to the appropriate aisle, as shown in the video above.

It doesn’t only have to be used for retail shopping. Finding your way around inside large office buildings is one possible benefit, and in any other areas where GPS is not available, local mapping like this could help people find their way around.

Helping Astronauts

That’s right; Project Tango devices could help astronauts accomplish a bunch of chores that would otherwise take them away from important tasks, by providing a new source of data for experimental autonomous robots called ‘spheres’ that fly around the ISS using cold-gas thrusters.  The spheres are still in the prototyping stage, but eventually they could take over a number of simple functions, and project Tango could help make that happen.

And this application isn’t far off. In fact, as shown in the video above, Google engineers have already taken the Tango into a Zero-G flight to test it out. The possible use cases for NASA and space travel in general are huge.

When Can I Get It?

Google has a lot of great services just on the horizon, and Project Tango is just one of those. Back at Google I/O 2014, ATAP announced that they were working with LG on a consumer product to be released “next year”, which means that we should see a consumer-oriented product coming in 2015. The fact that Tango has graduated from ATAP is good evidence of that.

The first device is likely to be a tablet, but after that, we could see smartphones cropping up from different hardware manufacturers if it catches on — as with Android, Google will probably partner with any hardware manufacturers who are interested.  That said, in the world of razor-thin phones and thinner margins, it may take a while to convince manufacturers of the value of adding bulky, expensive sensors to their devices.

Beyond that general time-frame, we don’t know enough to be more specific. No pricing, specs, or specific release date have been announced yet. Though you can be sure we’ll all be waiting with bated breath.

What’s Your Favorite ATAP Project?

Project Tango isn’t the only idea to have come out of the special division within Google. There’s also Project Ara, the modular smartphone, as well as driverless cars that are taking us into the future.

Be sure to let us know what your favorite ATAP project is in the comments below. And what do you think of Project Tango?  It it a gimmick, or a real evolution in the way we use technology?