News=Sony's Xperia X Nougat concept will get VoLTE support soon

According to a new report, Sony's Nougat-based Concept for Android firmware for the Xperia X will soon get support for VoLTE. The support will come in form of an update, and the Japanese company is currently working with operators for the new feature.




To begin with, the update containing VoLTE support will be rolled out to eligible units on three of the largest German mobile carriers including Deutsche Telekom, Vodafone, and Telefonica/02. After Germany, units in UK and Spain will also get the update.

News=First Nougat beta build is now available for the OnePlus 3

A few weeks ago, OnePlus promised that the first beta build of Android Nougat for the OnePlus 3 would be out by the end of this month. And today the Chinese company has made said build available, narrowly adhering to its self-imposed timeline.

Nougat comes to the OnePlus 3 in the form of OxygenOS Open Beta 8, which can be downloaded by going to the Source link below. Note that if you've been using previous beta builds for the OnePlus 3, you will not get an over-the-air update to this one. If you want to give it a go, you will need to manually install it.



Aside from the new things that have been packed by Google into Android 7.0, such as a new notifications and Settings menu design, multi-window view, direct replies from notifications, and built-in support for custom DPIs, OnePlus has also added some new features of its own. For example, you get some status bar icon options, quick launch for third party apps, and improved Shelf customization.

Since this is a beta, bugs are inevitable. Since this is the first beta of a new OS version, that's probably an understatement. OnePlus notes that Android Pay may not work correctly on this build, while stability and performance issues are to be expected. Before you take the plunge and install this release, know that you won't be able to go back to Marshmallow without having your phone reset. And if you do want to go back, you'll need to contact OnePlus support to receive a special build of Marshmallow that isn't otherwise available
.
So going this route is undoubtedly going to prove a hassle for many. The good news is that if you've waited this long for Nougat to hit the OnePlus 3, you can probably wait another month or so for the final, stable build, which was promised to come in December.

News=Meizu Pro 6 Plus and M3X unveiled: 12MP Sony camera, Flyme 6

Meizu unveiled both the Pro 6 Plus and the Meizu M3X - a flagship and an upscale mid-ranger, both running the new Flyme 6.0.

Meizu Pro 6 Plus

Bigger than both the Pro 6 and 6s, the Meizu Pro 6 Plus is like a Galaxy S7 "plus" that Samsung never gave us. Meizu crafted a metal body and filled it with 5.7 inches of flat Super AMOLED goodness - complete with QHD resolution (1,440 x 2,560px) and Always On functionality. It aims for 430nits of brightness and is pressure sensitive (Meizu calls it 3D Press) to boot!
All this requires plenty of power, so the phone uses the Exynos 8890 (same as S7 and S7 edge). There are two versions - 64GB and 128GB - which have different clockspeeds for the processor (2GHz and 2.3GHz respectively). Note that this is fast UFS 2.0 storage and in both cases you get 4GB of RAM.
The Meizu Pro 6 Plus packs a 12MP camera with a Sony IMX386 sensor (1/2.9” big, 1.25µm pixels). It’s optically stabilized and has an f/2.0 aperture - not the brightest, but Meizu put a 10-LED ring flash (yes, ten LEDs, dual-tone too). The ring flash surrounds the Laser autofocus, which works up to 2m/6.5ft (other implementations we’ve seen are typically limited to 1.5m/6ft). The selfie camera features a 5MP sensor and an f/2.0 lens.
Meizu actually one-ups Samsung with its new mTouch fingerprint reader - it triggers in a blink of an eye (0.15s) and has a built-in heart rate monitor too. The Pro 6 Plus has a dedicated audio chip by ESS (ES9018K2M), if the name sounds familiar, it’s because LG tapped the same company for the V20 audio (ES9218).
The phone measures 7.3mm thick and weighs 158g (pretty good for a 5.7-incher) and it houses a 3,400mAh battery. On the bottom of the phone is a USB Type-C port (v3.1 speed) with fast charging to the tune of 24W.


he Meizu Pro 6 Plus will be available in Champagne Gold, Deep Ash and Moonlight Silver. The 64GB version is priced CNY 3,000 while the 128GB one (remember it comes with higher clock speeds) is at CNY 3,300 (that’s ~$480/€450, not counting additional taxes and expenses).

Meizu M3X

The Meizu M3X is slightly smaller, but features the same Sony IMX386 sensor for its 12MP camera. It’s not that much smaller with a 5.5” 1080p screen, which is brighter to boot - 500nits (1,500:1 contrast ratio) and by official numbers covers 85% of the front.
The M3X (no “Note” in the name) is powered by a MediaTek Helio P20 chipset with 3GB or 4GB of RAM (with 32GB or 64GB of storage). The phone also runs Flyme 6.0 and has a 3,200mAh battery with fast mCharge (18W, matching Quick Charge 3.0). It also has a fingerprint reader (sans the heart rate sensor) and a USB Type-C port.


The Meizu M3X will be available in China in Phantom Blue, Streamer Gold, Pearl White and Obsidian Black. The 3GB/32GB model will cost CNY 1,700 and the 4GB/64GB one CNY 2,000 (~$290/€270, again not counting additional expenses). Note that in China, the phone is known as the Blue Charm X.

News= Coolpad launches Note 3S and Mega 3 in India available exclusively on Amazon.



Coolpad has launched two new budget smartphones in India, the made for India Coolpad Note 3S and the triple-SIM Coolpad Mega 3.


The Coolpad Note 3S has a 5.5-inch 720p display with 2.5D glass, Qualcomm Snapdragon 415 processor, 3GB RAM, 32GB expandable storage, 13 megapixel rear and 5 megapixel front camera, dual SIM, fingerprint sensor, 2500mAh battery, and Android 6.0 with Cool UI 8.0.


The Coolpad Mega 3 has a 5.5-inch 720p display, MediaTek MT6737 processor, 2GB RAM, 16GB expandable storage, 8 megapixel front and rear cameras, triple SIM support, 3050mAh battery, and Android 6.0.
Coolpad has collaborated with Reliance for customers to get a Jio SIM card with every purchase.
The Coolpad Note 3S is priced at INR 9,999 ($146) and the Coolpad Mega 3 at INR 6,999 ($102) and will be available exclusively on Amazon.



News=Cool Changer 1C with 13-megapixel rear camera, 4060 mAh battery



After launch Cool1 Dual in August this year, Coolpad and LeEco have again co-developed a new smartphone, Cool Changer 1C. The smartphone has been launched in China in silver colour at 899 Yuan (approximately Rs 8,947). The smartphone is now up for registration from LeMall and the sales will start from 5 December. Readers might reall that Le Eco had acquired Coolpad back in august 2016.


The Cool Changer 1C smartphone has a metal unibody with a 5.5-inch Full HD (1920 x 1080 pixels) in-cell display. It has an octa-core Snapdragon 652 processor, which is paired with Adreno 510 GPU. The smartphone runs on Android 6.0 Marshmallow operating system but has a customised user interface called LeEco's EUI 5.8. It has 3GB RAM, and 32 GB of internal storage, with the option to expand with a microSD card.



Related: LeEco, Coolpad co-developed Cool C107 spotted with 3GB RAM, 4000 mAh battery
Related: Cool C105 with 5.5-inch full HD display, Snapdragon 821 SoC spotted
Cool Changer 1C has a 13-megapixel rear cameras which come with f/2.0 aperture, phase-detection auto-focus (PDAF), dual tone LED flash on the back, while in its front lies an 8-megapixel snapper with with f/2.2 aperture for selfies and video calling. The smartphone comes packed with powerful 4060 mAh non-removable battery with fast charging. The smartphone has a fingerprint sensor on the back panel. This dual SIM device offers 4G with VoLTE, WiFi (802.11 ac/a/b/g/n), Bluetooth 4.1, GPS, and USB Type C port. The handset measures 152 × 74.8 × 8.2mm and weighs 172 grams.
As for now, there is no information about the availability of the handset in other markets but we will inform you as soon as we get more information on the Cool Changer 1C.

News=Coolpad Note 3S and Mega 3 launched in India at Rs 9,999, Rs 6,999


As expected, Coolpad has launched Coolpad Note 3S and Mega 3 smartphones in India today. The Coolpad Note 3S is priced at Rs 9,999, where as Coolpad Mega 3 cost Rs 6,999. Both the smartphones will go on sale through Amazon India starting 7th December.


Coolpad Note 3S features a 5.5-inch HD Dual Curved glass display with resolution of 720 x 1280 pixels. It is powered by a 1.36GHz octa-core (MSM8929) processor, along with 3GB RAM, and 32GB of internal storage. The smartphone also comes with an option to expand the storage up-to another 32 GB via micro SD card. The smartphone runs on Android 6.0 Marshmallow which is wrapped under CoolUI 8.0 and is backed up by a 2500mAh battery, which claims to offer up-to 200 hours of standby time.


On the camera front, the Note 3S offers 13-megapixel rear camera with LED flash and a 5-megapixel front facing camera for selfies. The smartphone also houses a fingerprint scanner as well. Besides, the smartphone offers Dual SIM, 4G VoLTE, WiFi (802.11 b/g/n), Bluetooth 4.0, GPS, a micro USB port. Accelerometer, Magnetic sensor, Proximity, and Light sensor. The handset measures 154.5 x 77 x 8.6 mm and weighs 167 grams.The Coolpad Note 3S comes in Gold and White colour options.


On the other hand, Coolpad Mega 3 features a 5.5-inch (1280 x 720 pixels) HD display and is powered by a 1.25GHz Quad-core MediaTek (MT6735) processor. It comes with 2GB of RAM, 16GB internal memory, and up-to 64GB of expandable storage via microSD card. The smartphone runs on Android 6.0 Marshmallow which is wrapped under CoolUI 8.0. The Mega 3 gets its strength from the 3050mAh battery, which claims to offer 200 hours of standby time.


Further, as per listing, Coolpad Mega 3 offers an 8-megapixel camera setup on its back as well as on the front panel. Both the cameras comes with a LED flash light. Besides, the smartphone offers 4G VoLTE, WiFi (802.11 b/g/n), a micro USB port, OTG support, Bluetooth 4.0, GPS, Accelerometer, Proximity, and Light sensor. The handset measures 154.4 x 76.8 x 8.35mm and weighs 170.5 grams
.

Further, the smartphone can accommodate triple SIM with triple-standby (4G+4G+4G). The smartphone comes in Gold, Grey and White colour options.

News=Android 7.1.1 Nougat update will start rolling out for Nexus devices from Dec. 6


Google released final Android 7.1.1 Developer Preview 2 for Nexus devices earlier this week. Now we have an idea of the exact release date of the update.



Vodafone Australia has said that Google will release Android 7.1.1 update to Nexus 6P on December 6. The update will coincide with next month’s security patch for Nexus phones. If Nexus 6P is getting the update, it is very likely that Nexus 5X, Nexus 9, Nexus Player and Pixel C will also get the latest Nougat 7.1.1 update around same time.



Meanwhile, a journalist as well as podcaster has also tweeted that the entire Nexus family will get Android 7.1.1 update on December 6. Google Pixel and Pixel XL phones already run Android 7.1. Earlier this month Nougat debuted to the Android distribution charts and is present on only 0.3% of all Android devices.


News=Vodafone launches one-year pack for Rs. 1501, offers 15GB data upfront and 1GB per month at Rs. 53






After Airtel, Vodafone India has introduced new pocket friendly Data packs for its prepaid users that lets customers enjoy 1 GB of 3G Data at Rs. 53 all year long. Consumer can recharge for a onetime rental of Rs. 1501 and get 15 GB data upfront and enjoy the significantly discounted data benefit of Rs. 53 for 1GB up to a year.

News=Xander Audios Launches in India, Stealth Speaker at Rs 8,999



Expanding their sound solutions, Xander has today announced a new speaker with the name ‘Stealth’. Xander plans to sell the speaker at all the leading stores across the country at Rs 8,999. Xander claims that 'Stealth' is truly a game changer as it is one of the only models on the market that works on an SMPS (Switched Mode Power Supply) solution instead of a standard transformer.


The SPMS helps in lowering the voltage fluctuations and enables stable sound at different volume levels even for long playback durations. The speaker comes with a 6.5" front throw woofer coupled with a mid-range and tweeter set. To sum-up, the speaker has tweeters for high-frequency, mid-range for vocals and for bass it has 6.5" woofer.



Coming to the design, the device can be used both vertically and horizontally based on personal preference and Xander claims that it can fit into any room with its new aesthetics and design. Xander also claims that the device can be easily be connected to your LCD TV and used as a primary source of TV Audio output. For connectivity, the new Stealth can be connected via Bluetooth, USB, SD Card, Aux port and it can even playback via FM Radio. The speaker can also be connected to a gaming console for the even better gaming experience, claims Xander.



For customisation, Xander Audios has given full control over Treble and Bass settings. The speaker further comes with a remote control.

NeWs =Philips Xenium X818 with 5.5-inch full-HD display, 3900mAh battery launched



Philips has launched its new smartphone in Russia, which is named as Philips Xenium X818. The smartphone is priced at 23,990 Russian rubles, which is approximately Rs 25,628 and is available for purchase through Philips' Russian online store. The Xenium X818 comes in Champagne colour option.

The Philips Xenium X818 has a glass metal unibody design and features a 5.5-inch full-HD (920 x 1080 pixels) display with SoftBlue LED technology. It is powered by a 2GHz octa-core MediaTek Helio P10 (MT6755) processor, paired with Mali-T860 MP2 GPU. The smartphone comes with 3GB of RAM and 32GB of internal storage capacity,with option to expand the storage via MicroSD card. It runs on Android 6.0 Marshmallow operating system and is backed up by a 3900 mAh non-removable battery.

On the camera front, the Xenium X818 has 16-megapixel autofocus primary camera with Dual LED flash, and an 8-megapixel front-facing camera for selfies and video chats. It also houses a fingerprint scanner, which is embedded on its home button and has USB Type-C port as well. Besides, the smartphone offers Hybrid Dual-SIM, 4G LTE, Wi-Fi (802.11 b / g / n), Bluetooth 4.1, and GPS/AGPS/GLONASS. The handset measures 153.5 x 76 x 6.95 mm and weighs 167 gra

This Hack Gives Linux Root Shell Just By Pressing 'ENTER' for 70 Seconds



A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds.

The result? The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine.

The security issue relies due to a vulnerability (CVE-2016-4484) in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup (LUKS), which is the standard implementation of disk encryption on a Linux-based operating system.

The flaw actually is in the way the Cryptsetup utility handles password failures for the decryption process when a system boots up, which lets a user retry the password multiple times.

What's even worse? Even if the user has tried up all 93 password attempts, the user is dropped to a shell (Busybox in Ubuntu) that has root privileges.

In other words, if you enter a blank password 93 times – or simply hold down the 'Enter' key for roughly 70 seconds – you will gain access to a root initramfs (initial RAM file system) shell.


Once obtained the root shell on a target Linux machine, you can copy, modify, or destroy the hard disk, or use the network to exfiltrate data.


Vulnerability can also be Exploited Remotely


The flaw, discovered by Spanish security researcher Hector Marco and Ismael Ripoll, affects almost all Linux distributions, including Debian, Ubuntu, Fedora, Red Hat Enterprise Linux (RHEL), and SUSE Linux Enterprise Server (SLES), which potentially puts millions of users at risk.


Here's what the researchers explain about the vulnerability in their security advisory, which was presented at this year's DeepSec conference in Vienna, Austria:


"This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it does not depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to exfiltrate data. This vulnerability is especially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protected (password in BIOS and GRUB) and we only have a keyboard or/and a mouse."


However, you might be thinking that exploiting this flaw is only possible when you have physical access to the target system. True, but exploiting the flaw remotely is also possible.

If you use cloud-based services that use Linux, you can remotely exploit this vulnerability without having 'physical access.'

Here's How Bad is the Vulnerability


However, it is important to note that this vulnerability does not give an attacker access to the contents of the encrypted drive, though, according to the researchers, this shell allows an attacker perform a series of actions, as described by Marco:

Elevation of privilege: Since the boot partition is typically not encrypted:

  1. It can be used to store an executable file with the bit SetUID enabled. This can later be employed by a local user to escalate his /her privileges.
  2. If the boot is not secured, it would then be possible for an attacker to replace the kernel and the initrd image.

Information disclosure: It is possible for an attacker to access all the disks. Although the system partition is encrypted, it can be copied to an external device, where it can later be brute forced. Obviously, it is possible to access to unencrypted information in other devices.

Denial of service (DoS):
The attacker has the ability to delete the information on all the disks.

This security weakness has been confirmed to affect Debian, Ubuntu, and Fedora, along with many other Linux distributions. Arch Linux users, as well as Solus users, are not affected by this issue.


Here's How to Fix the Security Issue:


Fortunately, the vulnerability is incredibly easy to fix.

First of all, press the Enter key for about 70 seconds at the LUKS password prompt until a shell appears, just in order to see if your system is vulnerable.

If vulnerable, you will need to check with your Linux distribution support vendor to find out whether or not a patch is available.


If the patch is not available, the issue can be fixed by modifying the cryptroot file to stop the boot sequence when the number of password attempts has been exhausted. For this, you can add the following commands to your boot configuration:

sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub grub-installSince a patch is already available, so make sure that you are always using the most recent package versions and up to date operating system.

For more technical details of this vulnerability, you can head on to Hector Marco's website.

Adobe Flash Hacked in 4 Seconds, Safari Pwned In Less Than Half Minute

hacked-in-seconds-flash-safari
At PwnFest 2016, many well-known (and amateur) security researchers come together and try to hack different software. The winners get cash prize and the software developers get information about their vulnerabilities. We’ve already told you about the 18-second Microsoft Edge hack and here we’re going to tell you about another web browser.
At the event, Apple’s updated Safari web browser, running on macOS Sierra, was also compromised. This hack was carried out by a renowned Chinese hacker group Pangu Team which regularly releases million-dollar iOS jailbreaks for free.
Pangu Team, along with hacker JH, managed to hack Apple’s Safari web browser with a root privilege escalation zero-day. This exploit took 20 seconds to run and the team won $80,000.
Apart from Safari, Adobe Flash, infamous for its repeated security risks, too wasn’t spared. Chinese security firm Qihoo 360 shattered Flash with an exploit that took just four seconds to complete its job.
Qihoo used a combination of a decade-old zero day and win32k kernel flaw to win $120,000, The Register reports.

Google Pixel Phone Hacked in 60 Seconds at PwnFest 2016


The brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers just in less than a minute.

Yes, the Google's latest Pixel smartphone has been hacked by a team white-hat hackers from Qihoo 360, besides at the 2016 PwnFest hacking competition in Seoul.

The Qihoo 360 team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone.



The exploit then launched the Google Play Store on the Pixel smartphone before opening Google Chrome and displaying a web page that read "Pwned By 360 Alpha Team," the Reg media reports.

Qihoo 360 won $120,000 cash prize for hacking the Pixel.


Google will now work to patch the vulnerability.

Besides the Google Pixel, Microsoft Edge running under Windows 10 was also hacked in PwnFest hacking competition.

The Qihoo 360 team also hacked Adobe Flash with a combination of a decade-old, use-after-free zero-day vulnerability and a win32k kernel flaw to win a $120k prize.

Along with hacker JH, Chinese iPhone jailbreak team Pangu, which release million-dollar iOS jailbreaks for free, discovered a Safari exploit that used a privilege escalation zero-day flaw, giving them root access on Apple's updated Safari browser running on MacOS Sierra in just 20 seconds.

The exploit earned the team $80,000.

Details of all the exploits will be reported to the respected companies so that they can patch their software before black-hat hackers use them for malicious purposes.

The Qihoo 360 team of hackers walked away with a total prize money of $520,000.

News= Asus Zenfone 3 Max with 4,100 mAh battery launching in India tomorrow



Asus is all set to launch its Zenfone 3 Max smartphone in India tomorrow. As of now company has not revealed the pricing of the smartphone. However we would expect the Zenfone 3 Max to be a budget category device. The smartphone comes in titanium gray, glacier silver, sand gold, and rose gold colour options.


The highlight of this smartphone is its powerful 4,100 mAh non-removable battery, which claims to deliver up-to 30 days of standby time and 17 hours of talktime on 3G network. It also supports reverse charging, which can be double up as a power bank to charge other devices.

Asus Zenfone 3 Max has a has metal unibody design and features a 5.2-inch full HD (1080p) 2.5D curved glass display. It comes equipped with 1.2 GHz octa-core Qualcomm Snapdragon 430 processor, along with Adreno 505 GPU. Zenfone 3 Max comes with 3GB RAM and 32GB internal memory, which can be further expandable up to 128GB via microSD card. The smartphone runs on Android 6.0.1 Marshmallow wrapped under ZenUI 3.0 OS.

The Asus Zenfone 3 Max flaunts a 16-megapixel primary shooter with PDAF, laser autofocus, f/2.0 aperture, Dual LED flash, and a 8-megapixel front-facing camera for selfies and video chats. The smartphone also houses a fingerprint scanner, which is placed on its back panel. The company claims the fingerprint scanner can unloack the phone is just 0.3 sec. Besides, the Zenfone 3 Max offers Hybrid Dual SIM, 4G with VoLTE, WiFi (802.11 b/g/n), WiFi Direct, Bluetooth 4.1, and GPS/AGPS.

This Simple Hack Can Hijack More Than 1 Billion Android App Accounts


Short Bytes: Three researchers from the Chinese University of Hong Kong have scanned multiple Google apps on the US and Chinese app store and found a serious vulnerability. This flaw resides in the way OAuth 2.0 is implemented in these apps. Due to faulty practices, a hacker can remotely exploit a victim’s app and access the personal information.

A group of researchers from Hong Kong has discovered a method to attack numerous mobile app accounts effortlessly. They have said that these applications have been downloaded more than 1 billion times.

Ronghai Yang, Wing Cheong Lau, and Tianyu Liu from the Chinese University of Hong Kong have looked at 600 most popular US and Chinese Android applications. Out of that, 182 applications, i.e., 41 percent of the total, supported single sign-on.

The researchers were able to spot issues pertaining to OAuth 2.0. For those who don’t know, it’s a standard that lets the users verify their logins on third-party apps using the Google or Facebook accounts.

What’s the issue with OAuth 2.0 that’s putting apps at risk?

Usually, when a user logs into any service using OAuth, the apps performs a complete check with the ID provider, like Google, Facebook etc. If the details match, OAuth gets an access token from the ID provider. This lets the app/service to allow the user to login using their Facebook or Google credentials.


However, the researchers found that in a multitude of Android apps, the devsdidn’t properly check the validity of the information sent by the ID provider. The mistakes included the failure to verify the signature attached to the authentication information retrieved from Google and Facebook, according to Forbes. Often, the app server would only check for the user ID retrieved from the ID provider. 



This could allow the hackers to download a vulnerable app and login with their own credentials and then switch the username of the target using a server that’s set to tamper with the data sent from the ID provider. This mischief would allow the hackers to get the total control of the data help within the app. The hackers can also remotely exploit an app to perform a sign in without victim’s knowledge.

Wing Cheong Lau, one of the researchers, said that even though the mistake is pretty basic, the impact could be severe. The OAuth protocol is quite complicated,” he told Forbes. “A lot of third party developers are ma and pa shops, they don’t have the capability. Most of the time they’re using Google and Facebook recommendations, but if they don’t do it correctly, their apps will be wide open.”