The Marmot's Hole

Korea... in Blog Format

Category: IT Korea (page 1 of 17)

Using Smartphones to Rob Us?

robbers_and_shiz

Imagine that there was a better way to help crooks steal more money . . .

Well, now there is a new way to do just that. Apple developed a new way to pay for things by using the iPhone and a new payment system called Apple Pay.  The idea is that when a person goes into a store, instead of using a credit card, they can pay, using their iPhone,  however there is a problem with this.

Brian Krebs, a touted authority on security in today’s online world says “Apple Pay makes it possible for cyber thieves to buy high-priced merchandise from brick-and-mortar stores using stolen credit and debit card numbers that were heretofore only useful for online fraud.” (cite) The banks that Apple has partnered with are now feeling this increase in fraud (6% and growing) and the pressure is on Apple to fix this though the problem is not really their’s to fix.  To be fair, the real real weak point in security is the bank since what is really happening is stolen credit cards are being put into Apple Pay and the banks are not catching this.  Remember all of those stolen credit cards from the Target credit card heist? Apple Pay allows theives to use this stolen information in a  new way (cite).  Avivah Litan (a fraud analyst with Gartner Inc.) believes that this problem will only become worse:

. . . This problem is only going to get worse as Samsung/LoopPay and the MCX/CurrentC (supported by Walmart, BestBuy and many other major retailers) release their mobile payment systems, without the customer data advantages Apple has in their relatively closed environment.

Samsung has wooed the same bank partners Apple did to start a mobile payment service (Samsung Pay), they have released the Galaxy 6 phone as being a means to conduct mobile payments (it is a nice phone too) and they released a security layer for Android called Knox, which enables the user to securely pay for things with their smartphone (preferably their Galaxy phone).  Samsung’s Knox was even certified as being safe and secure by a part of the American Government (the guys that want backdoors into everything).  Knox had been compromised, however Samsung is working to address this problem and has made progress,  Samsung wants their cyberpayment software to use a magnetic card reader, which is not encouraging since credit cards with magnetic strips are known enablers of credit card fraud. (cite and cite)   Samsung will also waive fees for using their mobile payment system, which does encourage use.

Business does make for unusual alliances, and so Blackberry and IBM have come together with Samsung to create SecuTablet – a modified Samsung Galaxy Tab S 10.5 bundled with security management software and a hardware encryption module, however the normally 500.00 USD Samsung phone becomes a 2,250.00 USD device called SecuTablet! (cite) This sort of device is not for the casual user that wants to buy something though, rather it is intended to be for environments that require better security (government, etc.).

Though Apple and Samsung may eventually perfect secure devices, the banks are still the biggest source of security worries, especially when they continue to use cards with magnetic strips or a chip and PIN system that has been hacked.  Even now, the Korean banking industry is finally getting around to blocking the use of mag-stripe plastic cards, in all Korean ATMs, from May.  (cite) There are still reports of credit card information being stolen by infected POP systems in business.  One place that has seen a rise in credit card fraud is Aspen, Colorado, since Aspen has so many holiday visitors from everywhere.  As one Aspen police detective notes:

A lot of these network intrusions are coming from the Ukraine, Russia, North Korea and China . . . It all comes down to the information stored on credit cards. Once a card is scanned at a business that information is sent to a server. If it’s infected with malware, that server sends the credit card information to criminals.

Considering how more and more large businesses are having their fee processing system infected with malware and how inept banks are at dealing with credit card fraud, companies like Apple and Samsung may eventually become more trustworthy than banks, especially if they don’t gouge their customers with processing fees and are more secure than banks are now in their transactions.

Here a cyberwar, there a cyberwar, everywhere a cyberwar cyberwar

Some major North Korean websites, including Uriminzokkiri, a North Korean cyber university (who knew!) and some other propaganda sites are reportedly still down – all these sites apparently have their servers in China.

Sites using the domain .kp such as the Rodong Shinmun and KCNA and some pro-North Korean sites in Japan and the United States, however, seem to be working properly. Or at least that’s what the news, says – they are blocked in South Korea, so I can’t verify.

Anyway, although nobody is officially taking credit for the attacks, North Korea seems pretty sure who the culprits are, and they are expressing their displeasure in, ahem, earthy language:

In a statement Saturday, North Korea’s ruling body, the National Defense Commission, said Obama was “the chief culprit” for the movie’s release.

“Obama always goes reckless in words and deeds like a monkey in a tropical forest,” an unnamed spokesman for the commission said in a statement carried by the official KCNA news agency.

As opposed to monkeys that hang out in temperate forests and Japanese hot spring resorts. Which I’ve always wanted to see.

Anyway, this is not the first time North Korea has used simian comparisons to refer to the American head of state. You’ll recall that in May, the KCNA contributed this bit of reporting around the time of President Obama’s visit to Seoul (see also here):

The Korean only article, comprising the direct opinions of four local North Koreans, said Obama resembled a “monkey“ and that Park, who hosted him during his recent visit to Seoul, was a “whore”.

“How Obama looks like makes me disgusted,” Kang Hyuk, a worker at the Chollima Ironworks Factory said when translated into English.

“As I watch him more closely, I realize that he looks like an African native monkey with a black face, gaunt grey eyes, cavate nostrils, plump mouth and hairy rough ears.

“He acts just like a monkey with a red bum irrationally eating everything – not only from the floor but also from trees here and there…Africa’s national zoo will be the perfect place for Obama to live with licking bread crumbs thrown by visitors,” Kang concluded.

Jung Young Guk of the DPRK Ocean Management Office said the timing of Obama’s visit – so soon after the sinking of the Sewol ferry – was difficult to understand, adding that Obama had a “disgusting monkey look even though he is wearing a fancy suit like a gentleman”.

They also referred to him as a “mongrel,” which on the bright side, at least suggests that in this politically divisive would we live in, there are still things the KCNA and Ted Nugent can agree upon.

Perhaps unsurprisingly, South Korea’s left-leaning Hankyoreh is a bit worried about the North Korea-U.S. cyberwar driving up tensions at a time when they think the two countries should be working to improve relations. Mind you, they do criticize the North for, well, calling President Obama a monkey and, ironically, making “The Interview” more popular with its criticism of it. But they also criticize the United States for concluding the Sony hack and terrorist threats were North Korea’s doing without solid evidence (Marmot’s Hole: fair enough) and criticized President Obama for praising Sony decision to release the film (Marmot’s Hole: OK, whatever). More important, they said if the United States is responsible for the attacks on North Korea’s Internet network (Marmot’s Hole: good luck getting Washington to cop to that – hey, maybe it ain’t – and even if it is those dastardly Yanks, good luck to the North Koreans trying to prove it), Washington will come under international criticism because shutting down an entire country’s Internet network is on a whole different level from the Sony hack and not the “proportional response” promised by President Obama (Marmot’s Hole: Honestly, I’m not sure how much international sympathy North Korea is going to get here).

The right-leaning Dong-A Ilbo, on the other hand, thinks South Korea should develop the hacking capabilities to overwhelmingly retaliate against the North for its suspected hack of the South’s nuclear power plants like the Americans did in response to the Sony hack.

New cyber security laws?

Which brings us to the Korea Hydro & Nuclear Power (KHNP) hack, the cyber-incident that’s been of much more important to South Korea. KHNP says its headquarters is still under attack but the country’s nuclear power stations are safe. The state of the nation’s cyber-security, however, doesn’t leave many folk reassured – in an editorial, the JoongAng Ilbo says if cyber-security isn’t isn’t strengthened, we could even see something like what happened in “Live Free or Die Hard.”

Which I thought was cool, because they cited “Live Free or Die Hard.”

Boosting the number of people dedicated to cyber-security is especially urgent, says the JoongAng, particularly as it pertains to Korea’s 32 nuclear plants. Korea has just three folk dedicated to crafting and overseeing cyber-security technology for Korea’s nuclear power plants, just one sixth the recommended number. It has another nine technicians on the ground. The United States, meanwhile, has 40 people overseeing cyber-security for the country’s 105 nuclear power plants, and Britain has 15 for its 31 plants. The paper suggests the military consider building a “cyber-Talpiot” program in which engineering students would work on developing cyber-security technology while doing their military service.

The ruling party, meanwhile, is trying to pass a cyberterrorism prevention law that would create a national cyber safety center to operate under the direction of the NIS. In light of the KHNP hack, the ruling party is particularly keen to get the bill passed as soon as possible, arguing that Korea needs to build a comprehensive national security system – with the participation of both the government and private individuals – at a time when cyber-attacks were growing more sophisticated. The opposition, however, is arguing that the NIS already has a cyber-security center – created in 2004 – that was supposed to be taking care of these problems but dropped the ball. They see the law as an attempt by the government to avoid taking responsibility for its security failure. The root of the problem, they say, is that the people tasked with protecting cyber-security aren’t properly using the regulations and organizations they already have, and perhaps if the NIS’s cyber-security folk weren’t so busy interfering in politics during the last presidential election, maybe cyber-attacks like this wouldn’t have happened. Ouch.

Anyway, the JoongAng Ilbo has an editorial (in English) supporting the legislation, while the Hankyoreh has one against (in English). Read them at your own leisure.

Photo by Alexandre Dulaunoy.

No Gawker for Kim Jong Un this morning

As the New York Times reported, North Korea is apparently having a really bad Internet day:

A strange thing happened to North Korea’s already tenuous link to the Internet on Monday: It broke.

While perhaps a coincidence, the failure of the country’s computer connections began only hours after President Obama declared Friday that the United States would launch a “proportional response” to what he termed an act of “cybervandalism” against Sony Pictures.

Over the weekend, as North Korean officials demanded a “joint investigation” into the Sony attacks and denied culpability — an assertion the United States rejected — Internet service began to get wobbly. By early Monday, the Internet went as dark as one of those satellite photographs showing the impoverished country by night.

Now, this could be any number of things other than the United States hitting North Korea back, including a server glitch, North Korea preemptively taking its sites down in preparation for a retaliatory cyber-attack, or the North Koreans have only just learned about Kim Kardashian’s ass and have overloaded the one line out of the country.

But if it was a U.S. cyber-attack and you were curious about the legal issues involved, the Daily Beast has got a good roundup of everything you wanted to know about the international legal aspects of cyberwarfare but were afraid to ask.

In case you were wondering, North Korea has just 1,024 official Internet protocol addresses. It wouldn’t surprise me if Ulleungdo has more.

Anyway, North Korea’s websites are reportedly back up and running now. Unless you live in South Korea, of course, where every day is a North Korea blackout day.

Speaking of South Korea…

S. Korean nuke plant hacked

A much more damaging Internet attack has taken place south of the DMZ, where several of South Korea’s nuclear power plants were hacked:

The hacker was able to access blueprints, floor maps and other information on the plant, the South Korean Yonhap News Agency reported Sunday. Using a Twitter account called “president of anti-nuclear reactor group,” the hacker has released a total of four postings of the leaked data since December 15, each one revealing internal designs and manuals of the Gori-2 and Wolsong-1 nuclear reactors run by Korea Hydro and Nuclear Power Co. (KHNP), Yonhap added. The hacker has threatened to leak further information unless the reactors are shut down.

The Ministry of Trade, Industry and Energy and the Korea Hydro and Nuclear Power Corp. also say malicious code was found within the operating network connected to the reactor control system.

As always, North Korea is a suspect, although the authorities also believe the hacker may reside in Hawaii and have asked the U.S. FBI for help. Still, there are plenty of locals who could be responsible, too, and for good reasons. Anyway, KHNP is now running cyber-warfare drills, even as the Hani accuses the government of being more concerned with covering up the attack.

Photo by Adam Mulligan.

UPDATE: Vox takes a really, really good look at the Internet in North Korea. Read it in its entirety on your own, but I’ll give you a sample:

But the third reason is less straightforward. North Korea’s very top elite, the inner core of the inner core, access the internet because they simply don’t live in the same universe as their countrymen. While most of North Korea exists in a propaganda bubble where any outside information is an existential ideological threat and truth about the world is scarce, North Korea’s top elite are perfectly aware of how it all really works. They allow themselves all the comforts: movies, books, internet access, forbidden technology, forbidden luxury goods, and foods and alcohol smuggled in for their pleasure. Kim Jong Un certainly participated in this himself, although it’s also a tool by which he maintains the loyalty of the elite. The country’s elites also do need this information — what’s really happening out there, how the world really works — to run their country, even if they are only running it to keep the cruel, despotic system in place.

Max Fisher also translated North Korea’s most recent rant against the United States and Sony into plain English.

Seoul’s war on Uber intensifies

The Seoul City Council passed on Friday an ordinance that would offer rewards of up to KRW 1 million to people who report Uber taxis.

The ordinance will go into effect after a final screening on Dec. 30.

The city also pointed out five things that make Uber really, really bad, including difficulties involving insurance and driver identification as well as Uber’s pricing system, which differs from Seoul taxi fares which are determined by law. They also don’t like Uber’s terms of agreement – the app provider takes responsibility for next to nothing while charging a 20% commission. Or so says the city, anyway.

Nowhere did the city mention pressure from taxi drivers or domestic app developers, of course.

It goes without saying that Uber is uber-unhappy about this:

“We urge the Council to reject this ordinance on the grounds that it contradicts the city’s sharing economy policies, undermines the city’s efforts to attract foreign investors, discriminating against Uber while the City actively supports (and invests in) companies offering similar services,” said the California-based firm in a press release.

The city government is planning to introduce its own taxi haling services next year in a joint effort with Daum Kakao, the operator of mobile messenger Kakao Talk.
[…]
“I cannot see how this ordinance serves the interests of Seoul citizens. It leads us to question that the City’s officials are bowing to pressure from taxi associations which have declared war on competitors,” said Allen Penn, the head of Asia operations for Uber, expressing his disappoint against the city government.

To be fair to the city, Kakao’s app, scheduled for released in the first half of next year, isn’t completely like Uber, and it probably does comply with the Passenger Transport Service Act:

South Korea’s leading free messenger service operator Daum Kakao said Wednesday it will launch a taxi service app by the first half of next year as it initiates a new platform of connecting online and offline businesses.

Daum Kakao signed a memorandum of understanding with the Seoul Taxi Association and Korea Smart Card Co. for the service that would link customers with the closest cab through a mobile app. The taxi association has some 255 Seoul-based cab operators as members, and Korea Smart Card is the country’s top transportation payment system provider.

“Daum Kakao has established important grounds for the operation of Kakao Taxi, and we plan to expand cooperation with other taxi operators throughout the country in the future,” the company said in its release.

Despite warnings from the government, Uber went live in Seoul earlier this month. This appears to be Uber’s modus operandi:

When Uber got off the ground as a company, its business had an unusual problem. In many markets where it was operating, it was violating the letter of the law. And in essentially all markets where it was operating, it was violating the spirit of the law. That’s because the “spirit” of the prevailing taxi regulations was, almost everywhere, wrong and pernicious. Alongside regulations aimed at promoting public safety, almost every city and state is burdened with rules designed to protect the incomes of incumbent taxi license holders.

I’m with Peter Diamandis when he writes that Uber is a “dematerializing, demonetizing and democratizing” app that “uses technology to dramatically improve a broken system.” Unlike him, however, I’ll put my money on the law winning in Korea, especially when the law is backed by major industrial associations and big local tech firms.

Oh, and while on the subject of IT, would it be too much to ask to put GTA: San Andreas on the Korea iTunes store, for Christ’s sake?

Korean Government Sabotages Kakao Talk

what_happenedDue to claims that the Government and prosecutors have been using Kakao Talk logs to monitor people, Kakao has taken a beating, resulting in over 400,000 users migrating to other applications that have off-shore servers and better security, such as Telegram (cite) (There are reports that even prostitutes that conduct business arrangements through Kakao have switched to Telegram due to security concerns.) I also use Telegram and it works well.

The government has reportedly done so for state security concerns as well as enforcing the infamous defamation laws.  According to one source:

Accusations by the New Politics Alliance for Democracy on alleged cyber monitoring by the government gained more credibility yesterday when it was reported that prosecutors are planning to monitor some key words on major portal sites that they believe would disturb “social order” and “defame” people, after which they would order the managers of those sites to delete the posts. (cite)

Kakao has responded by apologizing for allowing security concerns to mount:

Lee Sirgoo, CEO at DaumKakao which owns Kakao Talk, apologized for its initial handling of privacy issues at a news conference called at short notice by the company. The government’s recent announcement of stern punishment for what it called online rumors prompted many South Koreans to switch from Kakao Talk to foreign messaging services. . . Kakao Talk will introduce new privacy features to protect the information of its users, he said. Next year, it will begin deleting messages from its servers as soon as they have been read by the intended recipients. The company said it could face legal sanction by refusing to cooperate with warrants. . . .It has also adopted a new privacy mode, which uses end-to-end encryption, allowing chat records to be stored only on each user’s smart device and making it impossible for investigators to monitor the contents.  “We will continue to search for more necessary measures and make improvements down the road,” Lee said. “Kakao Talk has been growing on the back of users’ trust. We know it will take excruciating efforts to regain users’ trust,” Lee said.

Daum Kakao commands about 35 million local users for its flagship Kakao Talk in the country with a population of 50 million, compared to around 10 million users held by LINE, operated by Naver Corp. Kakao Talk also has about 152 million users worldwide through 15 languages, including Korean, English, Japanese, Spanish, German, Arabic and Russian. (cite)

As in America, if the government sabotages public confidence in software developers offerings, the result will likely be bad for business and a major setback for Korean software developers, who already have onerous burdens put upon them by government regulations.

Kim Young-ha at the NYT: Getting ready for a Korea without Samsung

Although I briefly mentioned in my last post that Samsung’s Chairman Lee Kun-hee had suffered a heart attack, over at the NYT Kim Young-ha says that there  are apparent rumors that he’s dead or near death:

On May 10, the chairman of the Samsung Group, Lee Kun-hee, had a heart attack and stopped breathing. He was resuscitated at the hospital but remained in a coma for more than two weeks. As the country waited for information about his condition, rumors ran rampant. One of the most widely circulated was that Mr. Lee, 72, had already died and Samsung was covering it up.

Samsung announced last week that Mr. Lee had stirred. One story goes that the chairman opened his eyes for a moment just when Lee Seung-Yeop, a Samsung Lions’ slugger, hit a home run.

Personally, I think Lee Kun-hee is still alive as they don’t build elevators in your house for dead men.  However, the man responsible for much of Samsung’s meteoric growth over the last three decades will eventually die.  Probably sooner rather than later.  Currently, it sounds like his cardiac and pulmonary system is being held together with duct tape and chewing gum.

With the tycoon ailing and with his crown jewel, Samsung Electronics, sucking wind from competition with the Chinese and Apple, the talk is if Korea is ready for a future without Samsung.

As Samsung prepares for its post-Lee Kun-hee future, South Korea needs to prepare for a post-Samsung future. Just like any other company, Samsung can fail, and if that happens, how will the South Korean economy overcome the shock? If we don’t decrease our over-reliance on the chaebols and prepare to let smaller, dynamic start-ups fill the gaps in their place, it won’t.

Related

The WaPo talks about Samsung’s “Imperial” succession plans to the third generation (HT to DLBarch).

Daum and Kakao Are On a First Name Basis

Kakao Corp. and Daum Communications announced that they will adopt the anti-hierarchical office culture of Kakao Corp.  after their merger in October.  All workers and executives will be required to call each other by English first names:  “Some 1,600 employees currently at Daum will choose a new English name for this, and by doing so, we hope to further promote the two firms’ work ethics that prioritize openness and active participation as well as create a synergy effect between the two groups.”

From Yonhap: “Of course, it may feel weird or awkward for people to call each other by a foreign name, but we’ll see how this system settles in when business begins at the new Daum-Kakao in October,” said Kang Yukyeong, a communications official at Daum.

From Korea Times:  “All workers at Kakao call co-CEO Lee Sir-goo by his English first name Vino.”  Kakao employee Dallas said he felt “‘kind of awkward’ when he first joined Kakao about six months ago.  ‘It didn’t take so long before I became used to being called my English name and calling others by their English names. I realized we are encouraged to make active communication in the office even with CEO.'”

State-sponsored Arirang News broadcast a piece, IT companies in Korea change corporate culture to promote innovation (video starts at 9:02):  “Could the seemingly minor changes bring about real changes to Korea’s innovation potential?  A recent innovation index ranked Korea 16th out of 77 countries– higher than Japan or China.   But when it came to the so-called tolerance index, which measures how much a society tolerates different values and thoughts, Korea was ranked near the bottom at 62.”

The C- Word

News sources and quoted experts cited the move as an attempt to counter Confucian culture:

Yonhap stated in its article,”addressing employees of different ranks by their first name is uncommon in South Korea, where corporate culture is often perceived as rigid and is operated along regimented and hierarchical lines, a reflection of the country’s Confucian roots. Such hierarchy at workplaces is palpable in local companies….”

Arirang News aired a (translated) statement from Kim Jae-hee, Professor of Psychology at Chungang University, “if we look at our Confucianist culture, we were taught that there is a right answer to everything. We were never taught to look for new answers. To foster creativity, we need to learn that there isn’t just one correct answer to everything and understand there could be multiple answers.” 


Arirang posed an interesting question: “Could the seemingly minor changes bring about real changes to Korea’s innovation potential?”  

If so, how effectively and at what social or cultural cost?

I suspect that the change in some Korean major players’ corporate culture will carry over to Korean corporate culture in general.  When casual Fridays and then casual dress came into corporate culture, employees liked and perceived it as a benefit.  Employers saw casual dress as a no-cost benefit, and companies that resisted discovered how much the labor marketplace valued casual dress.  I suspect that young, professional Korean talent will similarly place a value on casual address companies.

Will this spillover into wider Korean culture and be the end to Korea’s deeply rooted hierarchical culture?  I think ‘yes’, and we are witnessing a seminal moment.

Something Wicked This Way Comes . . .

There has always been this fear that Chinese technology firms will knock-off major Korean businesses like Samsung or LG and now, these concerns seem to be coming closer to realization: Samsung has lost its top spot in cellphone manufacturing, in China, to an upstart Chinese firm Xiaomi – which makes an android-varient OS and gear that looks a whole lot like Apple’s.

Oddly enough, even their founder looks like a Steve Jobs knock-off.  Can’t he manage something original!?

A Steve Jobs knock-off?

A Steve Jobs knock-off?

Update

Right on the heels of this news, Samsung and Apple have called a truce to their legal pugilism outside of the US.  I suspected that something of this sort would happen and, yep, it certainly did.

U.S. Military Hacked in South Korea

The details of up to 16,000 South Koreans that have worked for the U.S. Command here have been hacked. (link)

According to the military, the affected system (hack) is a human resources recruiting system separate from the U.S. military network  

Maybe that is 16,000 Koreans that will be getting loan offers from companies in the PRC?

Samsung sues newspaper over report on Galaxy 5

Samsung has launched a KRW 300 million lawsuit against Korean IT newspaper The Electronic Times for running an article that questioned whether the company would be able to launch the Galaxy 5 on time:

Last month ET News published claims that Samsung was having trouble producing Galaxy S5 cameras putting the device’s April 11th launch in jeopardy. Samsung states that’s not true. The Korean publication stood by its claims, refusing to change the story when requested by Samsung.

Samsung is now suing for 300 million KRW – about $284,000. The lawsuit was confirmed to TechCrunch by a Samsung representative.

I will say this about the Electronic Times—they aren’t sitting back and taking it. Since Samsung issued its demand for a correction, the paper has been firing back with a flood of articles criticizing Samsung, reports Pressian. So much so that Samsung is accusing the paper of using articles as a weapon. The Electronic Times, meanwhile, is accusing Samsung of using its economic power to “tame” the media.

Now, I have no idea whether the report in the Electronic Times was true or not. That said, Pressian and Media Today note that rather than take its case to the Press Arbitration Commission, the usual practice in cases like this, Samsung chose to launch a lawsuit straight away just two weeks after the store was printed. If true, this might lead some to suspect there’s something else going on here, even if Samsung has legitimate cause for complaint with the Electronic Times.

Now, as somebody who a) likes Samsung products, b) views Samsung as a symbol of Korean drive and ingenuity and therefore wants them to succeed but c) is simultaneously scared shitless of the company because of stuff like this, I’d caution Samsung that in terms of PR, lawsuits of this sort often cause more harm than good. As Media Today notes, Samsung launched the lawsuit because it was worried the Electronic Times’ report would spread and impact sales. Since the lawsuit, however, the foreign press—including FOX News—and big tech bloggers have picked up the story. This is probably NOT the effect Samsung intended. To make matters worse, a story at AppleInsider compares the Korean electronics giant rather unfavorably to the Cupertino Fruit Company, which—assuming the report is true—almost never sues newspapers/blogs despite the countless groundless rumors that accompany the release of just about every iPhone model.

Ummm, My Samsung Has A Hole in It . . .

Funny, it turns out that there is a huge backdoor in Samsung Android phones that lets anyone that wants remote access to that phone in.  Per the Replicant site:

Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device.
In particular, the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the modem to perform remote I/O operations on the phone’s storage. As the modem is running proprietary software, it is likely that it offers over-the-air remote control, that could then be used to issue the incriminated RFS messages and access the phone’s file system.

A DPRK Cyber Weapon To Contend with – Point-of-sale Botnets

DPRK-cardConsidering the DPRKs threat to cause mayhem in South Korea, there is one way that could be used by them to attack the economy here and the latest tool is the point-of-sale cash register that are in so many businesses everywhere.

As of this week, Target – an American chain store – has had all of its 1,800 or so stores across the country “targeted” by a massive botnet that stole up to 40 million credit card numbers, PIN number and other details from in-store shoppers, over a 19-day period.  Apparently Target had suspected they were being hacked at least as far back as August and had blocked non-US traffic to their store website but they could not prevent the results.

Unlike other attempts to raid data servers in one location, infected POS machines can be turned into a gigantic botnet that collects credit information.  The economic harm from this one episode has attracted the attention of the Secret Service as well (link).

The sophistication of this newer type of botnet is notable:

. . . (the newer botnet software is) much more advanced. It allows attackers to corral large numbers of PoS devices into a single botnet. The interface makes it easy to monitor the activities of infected machines in real time and to issue granular commands. In short, they are to PoS terminals what ZeuS, Citadel, and other banking trojans are to online bank accounts. The code helping to streamline the process has been dubbed StarDust. It’s a major revision of Dexter, a previously discovered piece of malware targeting PoS devices that has already been fingered in other real-world payment card swindles. (link)

This means that after infecting a large number of POS registers, the network can operate in coordinated attacks and can be very difficult to shutdown.  Apparently the latest strains of this software (V2 Stardust & V3 Revolution) have ties to Russian criminal networks and is for sale too.

If this sort of attack is used to attack the many under-protected POS machines in South Korea – the source of so many botnets already – what would happen if a concerted effort by the DPRK hackers to take down the entire South Korean economy by coordinated botnet attacks on local business, banks, etc. were attempted?

I shudder at this point . . .

Food for thought: Just replace the product and apologize for any inconvenience

On Dec. 2 Canadian Richard Wygand posted a YouTube video alleging that his Galaxy S4 was dangerously defective.  In the video Wygand says, “I just plugged it in to charge it. Went to sleep, woke up to smoke and a little bit of burning.”

Samsung didn’t take too kindly to the allegations and demanded Wygand pull the video down. They should’ve figured he would post another video about the company’s demands.

(Wygand) said that in order to receive a “similar model” replacement phone, Samsung allegedly asked that he first sign a legal document that would require him to remove his videos from YouTube, remain silent about the agreement and surrender any possible future claims against the company.

Both videos have gone viral and well, there has to be some head scratching going on somewhere. You can read the rest here and see both videos.

(H/T to Joe McP)

photo credit: Fr3d.org via photopin cc

The Apple vs. Samsung Chronicles: The US Steps in For the Sake of Innovation

Upon the advice of Michael Froman, the United States trade representative and the president’s adviser on international trade issues, the Obama administration has vetoed a federal commission’s ban that would have forced Apple to stop selling some iPhones and iPads in the United States next week due to an infringement on a Samsung-held patent related to transmission of data over cellular networks.

This is the first time since 1987 an administration has vetoed an international Trade Commission ban.

(Mr. Froman) wrote in his decision issued on Saturday that it was based in part on the “effect on competitive conditions in the U.S. economy and the effect on U.S. consumers.” . . .  Mr. Froman said his decision did not mean that Samsung was “not entitled to a remedy. On the contrary, the patent owner may continue to pursue its rights through the courts.”

Susan Kohn Ross, an international trade lawyer for Mitchell Silberberg & Knupp, said the administration’s veto announced on Saturday will effectively remove a major bargaining chip for Samsung that could have disrupted Apple’s manufacturing facilities for making iPhones and iPads.

As per the comments section on this report file on the NYTimes, one comment summarizes nicely:

Samsung copied Apple products and then tried to use patents in an illegal way to avoid the consequences: if they get away with this, they can force Apple to ignore the copying or else get products banned.

The Samsung patents at issue here are part of a wireless standard — you’re required to use their invention to connect to some networks. In order to be included in the standard, Samsung promised to license them in a fair and non-discriminatory manner. But for Apple, which used wireless chips from companies that had already paid the licensing fees, Samsung demanded enormous additional fees.

This exact issue has already been litigated in several courts around the world, and this practice has never been allowed. In fact, Samsung faces a potential fine of billions of dollars in Europe for doing this.

All of the other big technology companies support Apple in this matter, since allowing what Samsung has done would wreck the whole standards system.

A New York Times Blog article on this is here.

Buy hey, at least Pirate Bay isn’t blocked… for now

First they came for the P2P operators. Then they went after the Webhards. Now they are going after the torrents:

Police are investigating more than 50 file-sharing enthusiasts as part of a crackdown against online piracy, the Ministry of Culture, Sports and Tourism said Thursday.

Authorities so far have booked 12 operators of some of the country’s largest peer-to-peer file sharing websites and 41 of their biggest customers, who have each uploaded more than 1,000 ”seed’’ files to these websites in the five months through May.

They also raided the offices of 26 hosting companies, looking for servers connected to copyright infringement as they clamp down harder on the unlawful movement of movies, music and games. This is the nation’s first strike targeted at ”torrenting.’’

The Korea Herald takes a look at Korea’s long war against copyright infringement.

One of the folk who was arrested was a 15-year-old kid who opened his own Torrent site.

Seeing how the government hasn’t moved to block sites like Pirate Bay and Kickass Torrents, it seems to me they are primarily concerned—at least for now—with blocking copyright infringements of Korean content.

Older posts

© 2015 The Marmot's Hole

Theme by Anders NorenUp ↑