The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday December 4, 2019

Raspberry Pi 4 are having problems with WiFi when connected to high definition displays.

Raspberry Pi 4 are having problems with WiFi when connected to high definition displays.

Can't connect your Raspberry Pi 4 to WiFi? Try a lower resolution, or a different HDMI cable.

Developer Enrico Zini reported "if the Raspberry Pi 4 outputs HDMI at a resolution of 2560x1440, the Wi-Fi stops working."

Others have noted the loss of 2.4 GHz WiFi when using just 1080p resolution, but were able to solve it by switching to the 5GHz band.

There are reports that Wi-Fi performance is significantly degraded with monitors connected to HDMI0. There is less degradation when the monitor is connected to HDMI1. If you're experiencing this problem, the current recommendation is to use the HDMI1 port, the lowest resolution possible, do not use Wi-Fi, or wait for the next hardware iteration that will hopefully fix the issue.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Someone pretended to be a mayor and the government gave him a .gov domain.

Someone pretended to be a mayor and the government gave him a .gov domain.

A security researcher acquired an official .gov domain name to prove a suspected weakness in the system, which could have been used to spread fake emergency alerts or obtain private information about citizens.

The researcher posed as the mayor of a small town with a population of less than 6,500 people.

All they had to do was set up a fake Google Voice number and Gmail address, both completely unaffiliated with the town. After that, they filled out an official authorization form, which basically asks for the same contact information a registrar would require.

The documents needed to be printed on the town government’s official letterhead, which the researcher obtained by searching for other official documents posted by the town online.

According to a town clerk from the actual town, the only inquiry the city received from the GSA came 10 days after the researcher’s fake registration was approved. And the GSA only called after the security researcher revealed what they'd done to a cybersecurity reporter who then enquired about the domain.

In the short time they had the domain, which has since been revoked, the researcher was able to sign up for Facebook’s law enforcement subpoena request system, which provides law enforcement and government entities with personal user records.

Initially, .gov domain names were only available to US federal government institutions. They've since been opened to state and local governments. At the end of October 2019, a bill was introduced in Congress to improve oversight over government domains by the Cybersecurity and Infrastructure Security Agency.

Source: mashable.com

Sent to us by: Robbie Ferguson

Google has confirmed that a flaw that allowed hackers to take control of Android phone cameras, microphones and GPS location without the owners’ permission has been fixed.

Google has confirmed that a flaw that allowed hackers to take control of Android phone cameras, microphones and GPS location without the owners’ permission has been fixed.

The flaw was identified by security firm Checkmarx, which found “multiple concerning vulnerabilities” in the Google Camera app that enabled them to spy on its users. The issue, which also affected Samsung, meant that “hundreds of millions of smartphone users” were at risk.

According to the firm, its team found that by “manipulating specific actions and intents, an attacker can control the app to take photos or record videos through a rogue application that has no permission to do so”.

Checkmarx also found that certain scenarios enabled hackers to access stored videos and photos or see “GPS metadata embedded in photos” that would locate a user.

The firm was able to access these vulnerabilities using a mockup weather app that only required basic storage permission from an Android user. According to the firm, storage permissions are “very broad” and give access to the “entire SD card”.

After identifying the flaw, the firm notified Google, which, after researching the report, found that the vulnerabilities were “not specific to the Pixel product line” and that “the impact was much greater and extended into the broader Android ecosystem”.

The tech giant has since fixed the vulnerabilities and thanked the security firm for identifying the issue.

Samsung has also released patches to fix the issue since it was discovered.

Source: www.independent.co.uk

Sent to us by: Roy W. Nash

Google wants to bring Android “as close as possible” to the mainline Linux kernel.

Google wants to bring Android “as close as possible” to the mainline Linux kernel.

A new breed of ARM-based smartphones, including the Librem 5 and the PinePhone, are targeting mainline Linux support as a feature. And Google is clearly thinking along the same lines.

Switching Android to run on the mainline Linux kernel would be a huge undertaking, one that would inevitably require major technical and political changes to the way the Linux kernel is currently developed.

Instead of each Android device shipping its own device-specific Linux kernel, Google’s idea is to upstream as much code as possible.

In short, as reporter Ron Amadeo sums up, ‘Google wants to decouple the Linux kernel from its hardware support’.

Source: arstechnica.com

Sent to us by: Roy W. Nash

A smartwatch advertised as a way to help parents keep track of their children and give them a peace of mind can be turned into a frightening surveillance device.

A smartwatch advertised as a way to help parents keep track of their children and give them a peace of mind can be turned into a frightening surveillance device.

Researchers at the AV-Test Institute have uncovered gaping privacy and security holes in the SMA-WATCH-M2 smartwatch. The security lapses are so severe that the researchers were able to piece together a snapshot of the life and daily habits of a randomly selected 10-year-old child from Germany. Among other data, the Chinese-made device exposed the girl’s name, age, place of residence, where she spends most of her day, and the routes she takes. The researchers could even access the sound messages that were transmitted to her device. And that’s still not all – they were even able to monitor her real-time GPS position.

Obviously, the security shortcomings didn't affect just that single device. The team said it could gain access to the location, phone number, photos and conversations of well over 5,000 children, and was quick to note the number of affected users might, in fact, be far higher.

The researchers found that in addition to communication with the manufacturer’s server being unencrypted, the online interface of the manufacturer’s server was completely unsecured, leaving it entirely open to external unauthorized access. Although an authorization token was generated to prevent unauthorized access, the server does not validate it. Which essentially means anyone with enough “hacking” skills should have no problem in accessing user IDs. This allows potential attackers to have the same access that a parent would have.

This lapse in security was found to affect users in Germany, Turkey, Poland, Mexico, Belgium, Hong Kong, Spain, the Netherlands, and China.

Source: www.welivesecurity.com

Sent to us by: Robbie Ferguson

Apple will have to face the law for distributing crappy keyboards.

Apple will have to face the law for distributing crappy keyboards.

Apple has been trying to stop a class action lawsuit over faulty MacBook keyboards. Federal Judge Edward Davila has tossed out the attempt. The lawsuit accuses Apple of not only hiding the fragility of MacBook butterfly keyboards, but of failing to provide an "effective fix" or full compensation for customers who paid for repairs.

The lawsuit covers many Apple laptops with butterfly keyboards, starting with the original 12-inch MacBook from 2015 and including MacBook Pro models produced in 2016 or later.

Source: www.engadget.com

Sent to us by: Robbie Ferguson