About these ads

Archive

Posts Tagged ‘Java Virtual Machine’

The Dangerous Liaisons (Updated)

August 22, 2011 1 comment

Did you know that a smartphone might involve as many as 250,000 patent claims? You may easily understand why the $ 4.5 billion auction to buy 6,000 Nortel patents by the consortium formed by Apple, Microsoft, Research in Motion, Sony Ericsson and EMC was so cruel. You may also easily understand why Google, the loser of the Nortel auction, decided to react immediately acquiring Motorola and its patent portfolio made of more than 17,000 approved patents (and another 7,500 patents filed and pending approval) for the large sum of $ 12.5 billion.

Said in few words, the mobile arena is getting more and more agressive and cruel. For this reason, a litte bit for curosity, a little bit for fun, I decided to draw a chart (and a table) showing all the moves of the giant players in this mobile chessboard. Although deliberately incomplete (I did not show in the table the patent saga of NTP Inc. against the rest of the world and the settlement of Motorola vs RIM), it gives a good idea of the dangerous intersections involving partnership, fees, alliances and, most of all, lawsuits… With the strange paradox that some companies (read Apple and Samsung) are enemies before the court, but in the same time business partners.

While visualizing the idea I stumbled upon this similar graph showing the status of the mobile arena on 8 Oct 2010. I decided to use the same layout, omitting some informations, but updating it to the current date. The graph is a little bit confusing, but the confusion of the arrows reflects betten than a thousand words the real situation.

Anyway the war will not stop here: the next targets? Interdigital Inc. with its 8,800 patents  which are attracting several bidders such as Apple, Nokia and Qualcomm; and, most of all, Kodak, whose survival depends on the auction of the 10% of its patent portfolio (1,100 patents), valued as high as $3 billion which are vital to compensate the losses estimated in $2.5 billion.

As far as the table is concerned, in order to avoid repetitions, it only shows the status of the lawsuits and alliances from the perspective of Google, Apple and Microsoft. Enjoy your read and the 250,000 patent claims on your smartphone!

Company Filed Suit Against Has technological alliance with Filed Suite From:
  No one (at least so far!)

Of course Google licensees his Mobile OS to HTC and Samsung (in rigorous alphabetical order), and it is the driver for the impressive market share growthof Samsung and HTC.

In an effort to defend Android’s Intellettual Property “to supercharge the Android ecosystem and will enhance competition in mobile computing”, on Aug 15 2011, Google announced the intention to acquire Motorola Mobility with a $12.5 billion deal. Motorola has nearly 17,000 patents.

Aug 12 2010: Oracle has filed suit against Google for infringing on copyrights and patents related to Java,. Oracle claimed Google “knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property”. Android uses a light proprietary Java Virtual Machine, Dalvik VM, which, according to Oracle infringes one or more claims of each of United States Patents Nos. 6,125,447; 6,192,476; 5,966,702; 7,426,720; RE38,104; 6,910,205; and 6,061,520.

The case is in U.S. District Court, Northern District of California, is Oracle America, Inc v. Google Inc, 10-3561.

The lawsuit is still pending and will likely take several months. The trial between Oracle and Google is expected to begin by November and Oracle is seeking damages “in the billions of dollars” from Google.

On Aug 1 2011, the judge overseeing the lawsuit Oracle filed over the Android mobile OS has denied Google’s attempt to get a potentially damaging e-mail redacted.

Mar 2 2010: Apple sued HTC for infringing on ten patents, nine of which involve technologies which apply to the iPhone, while one involves the use of gestures, but only in a specific use case.

The suit has been filed in the U.S. District Court in Delaware , alleging twenty instances of patent infringement. The company also petitioned the US  ITC to block the import of twelve phones designed and manufactured by HTC.

On Jul 15 2011 Apple won a preliminary patent ruling in an early judgment before the US ITC, in which HTC was found to have breached two of 10 patents held by Apple.

On Aug 8 2011 ITC  announced to have dediced to review Apple’s patent infringement complaint against HTC.

Oct 31 2010: In response to Motorola lawsuit against Apple, Apple sued Motorola and Motorola Mobility for Infringment on several Multi-Touch patents infringments in the Wisconsin Western District Court with two distinct lawsuits. A total of six patents are involved in the two lawsuits.

On Nov 23, 2010: US International Trading Commission announced to review Apple patent case against Motorola.

Apr 18 2011: Apple filed suit against Samsung for copying the design of its iPad and iPhone with its smartphones and tablets.

Aug 10 2011: European customs officers have been ordered to seize shipments of Samsung’s Galaxy Tab computers after the ruling late on Tuesday by a German patents court.

In the last days Apple has been accused of presenting inaccurate evidence against Samsung.

Aug 24 2011: Samsung has been banned from selling some galaxy phones in the Netherlands. The ban is set to begin on October 13, but Samsung doesn’t seem to be taking it too hard.

On Jul 1 2011 the intellectual property of the Canada giant Nortel (in Bankrupt), involving 6,000 patents, was sold for $4.5 billion, in a dramatic auction, to a consortium formed by Apple, Microsoft, RIM, Sony, EMC and Ericsson. Google was the other competitor (and the big looser) for the deal. This event acted as a trigger for the acquisition of Motorola Mobility by Google.

On Aug 3 2011, In a post to the Official Google Blog, Google Senior Vice President and Chief Legal Officer David Drummond said that Apple, Microsoft, Oracle, and others have waged “a hostile, organized campaign against Android” by snapping up patents from Novell and Nortel and asking Google for high licensing fees for every Android device”, accusing them of Patent Bulying.

Curiously, Apple is one of the main technological partners of Samsung for displays and semi-conductors. Samsung produces Apple’s A4 systems-on-a-chip (SoC) and also the two companies collaborate for iPad displays (Apple is moving from LG to Samsung because oof quality issues of the former). Nevertheless the lawsuits between the two companies are compromising their relationships so that Apple is evaluating a new supplier (TSMC) for its A6 nexy generation chipset.

Oct 22 2009: Nokia sued Apple in Delaware court for infringing on  ten patents related to GSM, UMTS, and WLAN standards that Nokia states they established after investing more than EUR 40 billion in R&D over the last 20 years.

On Jun 14 2011 Apple agreed to pay between $300m and $600m to cover the 111m iPhones sold since its launch in 2007. Although the exact number was not specified, additional yearly fees could be part of the agreement.

On Jan 2010 Kodak sued Apple and RIM claiming Apple is infringing its 2001 patent covering technology that enables a camera to preview low-resolution versions of a moving image while recording still images at higher resolutions. The cases were filed in U.S. District Court in Rochester, N.Y., as well as the U.S. ITC.

On Apr 2010 Apple argues that some Kodak still and video camera products violate two of its patents

On Jul 2011: While Kodak’s claim is pending, the commission rules on Apple’s complaint and says Kodak’s digital-camera technology doesn’t violate Apple’s patents.

Oct 6 2010: Motorola sued Apple for patent infringement in three separate complaints; in district courts in Illinois and Florida and a separate complaint filed with the U.S. International Trade Commission. The suits covered 18 different patents, infiringed by Apple’s iPhone, iPad, iPod touch, and certain Mac computers.

The Motorola patents include wireless communication technologies, such as WCDMA (3G), GPRS, 802.11 and antenna design, and key smartphone technologies including wireless e-mail, proximity sensing, software application management, location-based services and multi-device synchronization.

Jan 12 2011: Microsoft has motioned for a summary judgment to block Apple from trademarking the phrase “app store,” as it filed with the U.S. Patent and Trademark Office (USPTO) on July 17, 2008.

Mar 30 2011: Microsoft filed a second objection to Apple’s enduring pursuit to trademark the phrase “app store hiring a linguist, Dr. Ronald Butters, to go head-to-head against Apple’s own hired linguist, Robert A. Leonard.

On Jul 1 2011 US ITC said Apple has violated two S3 Graphics Co. patents in its Mac OS X operating system, but not in the iOS platform. Although not directly related to Mobile, this ruling is meaningful since S3 has been acquired by HTC on Jul 6 2011 for $300 million in order to use their patents in the fight against Apple.

HTC expects final ruling on Apple-S3 graphics case in November.

On Aug 16 2011 HTC filed a new lawsuit against Apple in Delaware’s US District Court, in an escalation of the legal battle between the two smartphone giants. HTC accused Apple to have infringed three of HTC’s patents through its sale of devices including iPads, iPods, iPhones and Macintosh computers.

Oct 1 2010: Microsoft sued Motorola for patent infringement relating to the company’s Android-based smartphones. Microsoft filed its complaint with the International Trade Commission and in a Washington state district court. At issue are nine patents that deal with, among others, sending and receiving e-mail, managing and syncing calendars and contacts, and managing a phone’s memory.

Patent dispute will begin from Aug 21 2011, the hearing procedure can take up to 10 days, the judgment procedure is expected to reach the final verdict point only in March 2012.

Nov 9 2010: Microsoft sued again Motorola for charging excessive royalties on network technology used in Microsoft’s Xbox game system.

Feb 11 2011: a deal with the Devil, Microsoft and Nokia announce their plansto form a broad strategic partnership that would use their complementary strengths and expertise to create a new global mobile ecosystem.

Besides the alliances with Apple and RIM (see the corresponding cell), on May 12 2011 Microsoft has teamed up with HTC, Nokia and Sony Ericsson in Europe, filing a challenge seeking to invalidate Apple’s trademarks on the phrases “App Store” and “Appstore.”

Nov 11 2010: Motorola Mobility sued Microsoft with the U.S. District Courts for the Southern District of Florida and the Western District of Wisconsin alleging infringement of sixteen patents by Microsoft’s PC and Server software, Windows mobile software and Xbox products.

Motorola Mobility asked for the infringing devices to be barred from importation into the United States.

On Dec 21 2010, ITC has agreed to hear the complaint.


About these ads

Android Virtual Machine on RIM Tablet, A Security Concern?

The rumors were confirmed and at the end it looks like that the forthcoming RIM Tablet, named Playbook, will be able to run Android Applications. This will be possible thanks to an optional “app player” that will provide an application run-time environment for Android v2.3 code (no mention so far for Honeycomb), allowing users to download Android applications directly from BlackBerry App World and run them on their (future) BlackBerry PlayBook.

This does not sound new to me (at this link an article in Italian in which I discussed about the rumors of an Android Virtual Machine for the Playbook), but in my opinion the point of interest does not rely on the fact that the announced “app player” builds a bridge between the Android and RIM worlds (as a matter of fact the RIM Tablet will offer also a second “app player” for the Blackberry Java applications), but it is really interesting to point out the information security perspective since it looks like that the paradigm Write (Malware Once), Use Many, will undoubtedly come true.

We know that, from the beginning of the 2011, the poor Android is suffering of multiple infections, and this peak of malware is not only due to the fact that the Google platform captured #1 ranking in the mobile platforms but, most of all, to the fact that the number of users which leverage the Android capabilities for professional use is growing day by day. Of course, the effort for developing malware is commensurate  with the value of the target, hence this evidence (together with the fact that Android is an Open Platform and the android market policies are not as strict as the ones from Cupertino) explains why the Android is a little too much sick in this period (and also because, in my opinion, security issues are the main reasons at the base of Mountain View’s decision to hold Honeycomb tight, not making its source code publicly available (at least so far).

Now, the perspective to use the Android as a “malware bridge” to other platforms might sound very appealing to cyber crooks, so this improbable openness from the RIM side could become a little bit embarrassing for Google from an Infosec perspective, further encouraging other malware writers to address their efforts towards the Android. Android Virtual Machine spreading for sure makes life easier for developers but, undoubtedly ends up making it harder (from a security perspective) for users and IT Manager.

And what about the future? It looks like the scenario could become even more complicated since the Android Virtual Machine (the notorious Dalvik, in the middle of a lawsuit against Larry Ellison’s Oracle) could soon land on other devices. As a matter of fact, Myriad, a member of the Open Handset Alliance, which collaborates with Google to develop Android is working for an Alien Android (that is a Dalvik compatible Virtual Machine, called Alien Dalvik) capable to run Native Android application on alien platform, furthermore at the same speed of the Original Android (so, not bad, the malware infections will propagate at the same speed then the original platform). Of course this could sound even more appealing for malware writers.

Definitively the Android is no longer satisfied to be reference platform for the market, rather seems to be pointing to became the reference platform also for malware. Who knows if one day we will ever see an Apple infected by an Android?

Un Androide Da Sogno… Anzi Da Incubo… Magari Alieno…

March 2, 2011 1 comment

Il sogno è quello del nuovo (ennesimo) malware che ha preso di mira il povero Androide (chiamato romanticamente DroidDream). L’incubo è questo scorcio di 2011 che si dimostra veramente un anno di passione per la creatura di Mountain View. L’Alieno è quello con cui l’Androide potrebbe ben presto infettare altri dispositivi (magari anche qualche bella Mela…)

Ma andiamo con ordine: l’ultimo allarme  di sicurezza in ordine di tempo proviene ancora una volta da Lookout (che dimostra una volta  in più di vederla lunga in fatto di mobile malware) ed è stato ripreso poco dopo da Symantec che lo ha invece battezzato il malware nuovo arrivato Android.Rootcager.

La differenza rispetto agli illustri predecessori d’oriente (Geinimi, HongTouTou e l’ultimo arrivato ) risiede nel fatto che questa volta il nemico è tra noi: la nuova minaccia è stata difatti abilmente celata dentro 50 applicazioni ufficiali, regolarmente mantenute nell’Android Market ufficiale. Secondo una stima di Symantec, addirittura, sono stati tra 50.000 e  200.000 gli utenti che hanno scaricato le applicazioni vettori di infezione nei  4 giorni in cui queste sono state nella cresta dell’onda, o sarebbe meglio dire nella cresta dell’onta di Google che se ne è accorta tardivamente e addirittura, secondo Lookout, non ha intrapreso subito azioni efficaci.

Tanto per cambiare il malware prende di mira i dati personali ed il primo utente ad accorgersi dell’anomalia è stato Lampolo, un utente del Social Network Reddit, che ha analizzato due applicazioni sospette, allarmato dal fatto che avessero cambiato nome dello sviluppatore. Analizzando le applicazioni sosepette, Lampolo ha scoperto al loro interno codice maligno in grado di scavalcare il recinto di sabbia di sicurezza (la famigerata sandbox)  in cui l’Androide dovrebbe far girare ile applicazioni impedendogli di accedere direttamente al sistema (ma d’altronde che il recinto di sabbia dell’Androide non sia il massimo della sicurezza non è una novità).

Un ulteriore blogger di Android Police, Justin Case, ha dato uno sguardo un po’ più da vicino alle applicazioni malevole e ha scoperto che il codice maligno è in grado di rootare il dispositivo, mediante lo strumento rageagainstthecage ben noto a chi ha come hobby quello di comprare un androide per prendergli subito la root. Una volta ottenuti i privilegi il malware è in grado di inviare (questa non me l’aspettavo proprio) informazioni sensibili del dispositivo (IMEI e IMSI) ad un server remoto. Il codice cela anche un ulteriore pacchetto APK nascosto all’interno del codice che è in grado di rubare ulteriori dati sensibili.

A questo link, (o quest’altro) la lista completa delle applicazioni infette, riconoscibili per essere riconducibili a tre autori ben precisi: “Kingmall2010″, “myournet” o “we20090202″. Chi non si sentisse particolarmente sicuro può controllare anche la presenza del servizio com.android.providers.downloadsmanager (DownloadManageService) tra i servizi in esecuzione.

Tutti questi mali di stagione sono solo eccezioni, ovvero coda di un Inverno che per l’Androide non sembra mai finire, oppure prefigurano quella che sarà una battaglia senza fine tra autori di malware e forze del bene?

Purtroppo propendo di più per la seconda ipotesi involontariamente rafforzata anche dal fatto che l’Androide, per semplificare la vita agli sviluppatori, utilizza una Java Virtual Machine (la famigerata Dalvik al centro di una causa contro l’Oracolo di Larry Ellison) per far girare il codice, evidenza architetturale che sicuramente aiuta gli sviluppatori, ma, per contro, potrebbe avere pesanti ripercussioni in termini di sicurezza. Il perchè è spiegato in questo articolo di McAfee: “Write Once, Mobile Malware Anywhere“, l’utilizzo di Macchine Virtuali per lo sviluppo ha implicitamente diversi benefici (o sarebbe meglio dire malefici) per il malware.

In effetti se si utilizza una macchina virtuale:

  • Si mantiene la compatibilità visto che le API rimangono le stesse;
  • E’ possibile riutilizzare il codice (alcune porzioni quali l’invio di SMS, il trasferimento Bluetooth, etc.) non devono essere riscritte;
  • Soprattutto rende il malware estremamente contagioso visto che può attaccare diversi dispositivi o Sistemi Operativi che utilizzino una macchina virtuale compatibile con l’originaria.

Poiché la macchina virtuale Dalvik potrebbe presto sbarcare su altri dispositivi,  ne consegue che ben preso l’Androide potrebbe diventare il paziente zero per altri dispositivi. Del lavoro di RIM per sviluppare una JavaVirtual Machine compatibile con l’Androide avevo già parlato in questo post, ora sembra che anche Myriad, un membro della Open Handset Alliance che collabora con Google per lo sviluppo di Android sia al lavoro per un Androide Alieno (ovvero una macchina virtuale compatibile con Dalvik definita scherzosamente Alien Dalvik) in grado di far girare applicazioni Android non modificate su piattaforme aliene, per giunta alla stessa velocità dell’androide nativo (dopo il danno del contagio la beffa della stessa velocità di propagazione dell’infezione).

Certo, conoscendo le politiche di Cupertino, dubito che vedremo mai una Macchina Virtuale Aliena nel cuore della Mela, ad ogni modo, tutto lascia comunque suppore che l’Androide possa diventare la piattaforma di riferimento (anche) per il malware con la conseguenza che  ben presto non dovremo più preooccuparci del solo malware mobile terrestre, ma anche di quello Alieno (molto più alieno di quello con cui Jeff Goldblum salva la Terra su Indipence Day).

Follow

Get every new post delivered to your Inbox.

Join 2,707 other followers