BlogsRSS

Telco FAILs: 2017

The telecoms industry never ceases to amuse. Few industries boast such volatility, partly because few industries have millions of amateur beta-testers: when Apple releases a new iPhone, internet forums stack comments to the rafters...and some of the commenters actually bought the phone too.

Overall, the telecoms picture is bright. Places like Bangladesh are seeing improved quality of life due to mobile phone adoption. At our Telecom Asia Awards in May, the audience reacted when Caroline Yin Yin Htay from Telenor Myanmar accepted the award for Best Emerging Market Operator.

“On our first day of operation,” said Htay, “we signed 554,000 customers”...and the audience broke into spontaneous applause. In what other industry do you witness such scale? Consider also that only about a third of the country is connected to an electrical power grid.

On the more evolved side of the scale, vendors now develop the infrastructure that will power the 5G ecosystem. All the bits and pieces—sensors, massive MIMO antennas, small cells—that will coalesce in a few years are being designed, built and bought.

The FAIL Whale
Most vendors fail at one time or another. In the technodrome, if you don't fail at least part of the time, what's your problem? Thinking “inside the box” too much?

And of course, tech journalists love failures—especially at year-end. Here's some boo-boos that deserve the "FAIL Whale" in 2017.

Apple's iOS 11.x
What on earth is going on at Cupertino? In years past, when Apple issued an update to its operating system, users installed it immediately because it fixed bugs and/or improved the user experience. Yet when iOS 11.0 was released in September, users started reporting serious problems immediately. The worst was a decrease in battery life—often a drastic decrease. But there were other goofs, some real head-scratchers, like the built-in calculator delivering erroneous results.

We're currently on iOS 11.2.1 and problems are still being reported. It seems as though older phones (the 6 series mostly) suffer worse than newer phones. That makes sense, but regrettably, Apple is no longer signing their last iteration of iOS 10 (10.3.3), meaning that if you installed iOS 11, guess what: you're stuck with it.

You're also out of luck if you want to use some legacy applications as apps must be compiled for 64-bit architecture in order to be supported on iOS 11. Fire up a 32-bit app and a dialogue box barks: “This app will not work with iOS 11. The developer of this app will need to update it for compatibility.” Yes, we want to evolve beyond outmoded legacy apps, but not every app needs 32-bit functionality, nor will the developer update it.

I appreciate that Apple wants to sell its latest and greatest, but not everyone wants to be forced to buy new phones every year. I personally think that part of the situation, ironically, is that newer gear has dispensed with spinning optical disks and conventional hard disk drives. With solid-state components, it's more difficult to break personal gear—I have a 2011 MacBook Air that runs just fine. Apple has shareholders and needs to be profitable—that's how the business works. I hear iOS11 has some cool new features but I depend on my phone too much and can't risk crippling it.

Cupertino, are you listening?

Mobile security
A recent SMS from the Hong Kong Police reminds me: “Please be vigilant during the festive season and beware of telephone deceptions. Upon receiving suspicious calls, please consult the Police Anti-Deception Coordination Centre via the Anti-Scam Hotline 18222 or visit their website.”

As a non-Cantonese speaker, I always get a chuckle when some poor scammer or telemarketer gets my number. If they don't hang up right away, they'll sometimes ask “Do you speak Chinese?” I'm tempted to say: “No, but I'll fake it so you can scam me,” but I seldom have time, so I say “Dah chuh deenwah!” loud and fast (It means “wrong number” in Cantonese).

More concerning are SMS messages in Chinese with embedded links. As we know, never EVER click on links embedded in an email or text-message, no matter how legitimate the message schemes. If you're concerned, you can always call your bank to see what's up.

Mobile security is an issue and it's not going away.

Android malware boom
Researching Android malware gets real weird real fast. Graham Cluley's website (Cluley was formerly with UK-based firm Sophos Security) posted this in December 2016: according to researcher David Bisson: “The Fancy Bear hacking group used a malicious [Android] app to track Ukrainian artillery field units, an operation which may have helped Russia forces in a conflict with the country.”

“American security firm CrowdStrike says that Fancy Bear, the same threat actor who hacked the Democratic National Committee during the 2016 US presidential campaign, based the app on tool named 'X-Agent',” wrote Bisson. Just when you think it can't get any weirder: “CrowdStrike Intelligence analysts began investigating a curious Android Package (APK)...which contained a number of Russian language artifacts...[related] to the D-30 122mm towed howitzer, an artillery weapon first manufactured in the Soviet Union in the 1960s but still in use today.”

“In-depth reverse engineering revealed the APK contained an Android variant of X-Agent, the command and control protocol was closely linked to observed Windows variants of X-Agent...The APK is a malicious version of an app developed by Yaroslav Sherstuk, a Ukrainian officer of the 55th Artillery Brigade, back in 2013. The app, which had about 9,000 users, is said to reduce the time it takes to fire a D-30 from minutes to 15 seconds."

In other words, Russian hackers attempted to use compromised Android phones to control field artillery.

Most Android malware is more prosaic, although for users of the popular OS, potentially destructive. Writing in Forbes Magazine, Thomas Fox-Brewster wrote in November that “researchers from Check Point...found the second-biggest outbreak to ever hit Google's platform, with as many as 21.1 million infections from one malware family.

“The malware,” wrote Fox-Brewster, “[was] dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services...the total number of victims [is] somewhere between 5.9 million and 21.1 million, the researchers claimed.”

“Not quite the stratospheric heights of the Judy malware,” he wrote, “which hit Android in May and was downloaded as many as 36 million times.”

“In terms of the biggest ever Android malware, Check Point mobile researcher Daniel Padon told Forbes ExpensiveWall was probably second only to Judy, though he couldn't put an estimate on how much the criminals made in the latest explosion in SMS fraud.”

Burning a hole in your pocket
December 2017 saw another form of Android malware which—according to security researcher Dan Goodin—is “so aggressive it can physically damage an infected phone.”

It includes a surreptitious cryptocurrency miner that uses enough of your phone's processing power to overheat both it and/or the battery. Good luck getting warranty repair.

The awkwardly named Trojan.AndroidOS.Loapi malware “is hidden inside apps distributed through third-party markets, browser ads, and SMS-based spam,” wrote Goodin. “Researchers from antivirus provider Kaspersky Lab dubbed it a 'jack of all trades' to emphasize the breadth of nefarious things it can do.”

Loapi apps “carry out a litany of malicious activities, including showing an almost unending series of ads, participating in distributed denial-of-service attacks, sending text messages to any number, and silently subscribing to paid services,” according to Goodin. But that's not enough: there's also “a module that mines Monero, a newer type of digital currency that's less resource intensive than Bitcoin and most other cryptocurrencies. The module allows the malware creators to generate new coins by leaching the electricity and hardware of infected phone owners.”

At least no field artillery's involved. Have a safe and malware-free 2018!