A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices – Tempemail – Blog – 10 minute

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named ‘SweynTooth,’ affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven’t yet been patched.
All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple system-on-a-chip (SoC) have implemented Bluetooth Low Energy (BLE) wireless communication technology—powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi.
According to the researchers, hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device’s functions that are otherwise only allowed to be accessed by an authorized user.

“As of today, SweynTooth vulnerabilities are found in the BLE SDKs sold by major SoC vendors, such as Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor,” the researchers from the Singapore University of Technology and Design said.

Here is a list and brief information on all 12 SweynTooth vulnerabilities:

Link Layer Length Overflow (CVE-2019-16336, CVE-2019-17519) — These allow attackers in radio range to trigger a buffer overflow by manipulating the LL Length Field, primarily leading to a denial of service attacks.
Link Layer LLID deadlock (CVE-2019-17061, CVE-2019-17060) — These trigger deadlock state when a device receives a packet with the LLID field cleared.
Truncated L2CAP (CVE-2019-17517) — This flaw results due to a lack of checks while processing an L2CAP packet, causing a denial of service and crash of the device.
Silent Length Overflow (CVE-2019-17518) — A buffer overflow occurs when a certain packet payload with higher than expected LL Length is sent, the peripheral crashes.
Invalid Connection Request (CVE-2019-19195) — When devices do not properly handle some connection parameters while the central attempts a connection to the peripheral, they could lead to Deadlock state.
Unexpected Public Key Crash (CVE-2019-17520) — This bug is present in the implementation of the legacy pairing procedure, which is handled by the Secure Manager Protocol (SMP) implementation, and can be used to perform DoS and possibly restart products.
Sequential ATT Deadlock (CVE-2019-19192) — This flaw lets attackers deadlock the peripheral by sending just two consecutive ATT request packets in each connection event.
Invalid L2CAP fragment (CVE-2019-19195) — improper handling of the PDU size of the packets can lead to deadlock behavior.
Key Size Overflow (CVE-2019-19196) — This overflow in the device memory issue is a combination of multiple bugs found during the pairing procedure of devices, resulting in a crash.
Zero LTK Installation (CVE-2019-19194) — This critical vulnerability is a variation of one of the Key Size Overflow. It affects all products using Telink SMP implementation with support for secure connection enabled.

The detailed report says affected products include consumer electronics, smart home devices, wearables, and are also being used in the logistics and healthcare industry, malfunctioning of which can lead to hazardous situations.

“The most critical devices that could be severely impacted by SweynTooth are the medical products. VivaCheck Laboratories, which manufacture Blood Glucose Meters, has many products listed to use DA14580,” the researchers said.
“Hence all these products are potentially vulnerable to the Truncated L2CAP attack. Even worse, Syqe Medical Ltd. and their programmable drug delivery inhalation platform (Syqe Inhaler v01) is affected alongside the latest pacemaker related products from Medtronic Inc.”
According to the report, researchers disclosed these flaws last year to all affect vendors, many of which have now released patches for their respective SoCs.
Wheres, products developed by some SoC vendors, including Dialog, Microchip, and STMicroelectronics, are unpatched at the time of the disclosure.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Amazon unveils a new Fire TV Cube, soundbar, and over a dozen Fire TV Edition products – gpgmail


At the big European tech trade show, IFA 2019, Amazon today announced over 20 new Fire TV-branded devices, including a next-generation Fire TV Cube, Fire TV Edition soundbar from Anker — its first foray into Fire TV Edition audio products — and 15 new Fire TV Edition products, including the first OLED Fire TV Edition smart TVs.

The announcement represents a significant expansion of Amazon’s Fire TV hardware line and integrations at a time when Roku has gained a lead over Amazon in the U.S., in terms of connected-TV market share, while Fire TV has been claiming the top spot in some European markets and an international lead over Roku.

The company today said its Fire TV devices now have over 37 million monthly active users globally, which is ahead of the 30.5 million Roku reported in Q2. Both companies offer products that may be used by more than one person in a household, of course, but each household only gets counted as one user (or account) as long as they’ve streamed through the platform in the past month. It’s a relatively fair comparison, in other words.

Of the new devices, the new Fire TV Cube is one of the more interesting additions to the lineup as it represents the second generation, and a big upgrade, over the existing product. The device offers a hands-free Fire TV experience, and has become the testing ground for many Fire TV software enhancements before they roll out to the wider product lineup.

The updated Fire TV Cube now includes a faster, “hexa-core” processor that’s twice as powerful as the one that shipped in the first generation device. It provides “instant access” to Dolby Vision and 4K Ultra HD content, Amazon claims, at up to 60 frames per second. The new Cube also includes on-device processing with Local Voice Control, which lets you more quickly execute some of your common voice commands like “Alexa, go home,” or “Alexa, scroll right,” for example. These commands will now execute up to 4 times faster, says Amazon.

The Fire TV Cube will also ship with far-field voice recognition capabilities with 8 microphones and technology that helps to suppress noise, reverberation, content currently playing, and even competing speech so Alexa better hears your voice commands even when the TV is on in a room full of people.

Customers will be able to control their compatible TV, soundbar, A/V receiver, cable or satellite box, as well as other smart home devices by way of the device’s support of multi-directional infrared technology, cloud-based protocols, and HDMI CEC, combined with Alexa. 

“Fire TV Cube was the first hands-free streaming media player powered by Alexa, and since launching last year we have gathered a wealth of feedback from customers about how they use voice in the living room,” said Marc Whitten, Vice President of Amazon Fire TV, in a statement. “Over the past year, we have continued to expand and advance the Fire TV Cube experience based on this feedback with dozens of new features including Multi-Room Music, Follow-Up Mode, and Alexa Communications. These key learnings carried over and guided the development of the second-generation Fire TV Cube, and we are excited to introduce this new-and-improved experience to customers around the world,” he said.

The new Fire TV Cube is available for pre-order in the U.S. for $119.99, in Canada for $149.99, the United Kingdom for £109.99, Germany for €119.99, and Japan for ¥14980.  It ships on Oct. 10 in all markets except Japan, where it ships on Nov. 5, instead. And it will be sold in a package with Ring Video Doorbell 2 for $249.99 (or $69 off).

Fire TV Cube Couch

Amazon’s Fire TV Edition lineup is expanding, too. This is the licensed version of the Fire TV OS available to other manufacturers for use in their own products.

The company announced more than 15 new products from brands including Skyworth, Arcelik, TPV, Compal, and others.

In partnership with Dixons Carphone, Amazon is teaming up to launch JVC – Fire TV Edition Smart 4K Ultra HD HDR LED TVs, which are the first Fire TV Edition products in the U.K. They’ll be sold by Currys PC World and online at Amazon.co.uk and are priced at £349 and up.

With IMTRON, a company of MediaMarktSaturn Retail Group, Amazon is launching a lineup of Fire TV Edition smart TVs under the private label ok. These will be available in Germany and Austria, as will the 11 Fire TV Edition smart TVs from Grundig including the first OLED Fire TV Edition television ( available in 55” and 65” models, starting at €1,299.99 for hands-free; or starting at €1,199.99 if not; pictured below). 

Grundig OLED Fire TV Edition display

Other more affordable Grundig Fire TV Edition products will be sold on Amazon.de in 32″, 40″, 43″, 49″, 55″, and 65″ variations, starting at €239.99. They’ll also come to retailers including MediaMarkt, Saturn, Euronics, Expert, EP:, Medimax, and others.

In the U.S., Amazon and Best Buy announced the first 65-inch Toshiba – Fire TV Edition smart TV with Dolby Vision, which will be available for customers in the United States next month for $599.

Finally, following Roku’s lead into home audio, Amazon also announced the first expansion of Fire TV Edition beyond the TV itself with the launch of the Nebula Soundbar from Anker. (Roku also today launched its own wireless soundbar).

The new device supports 4K Ultra HD, a unified smart TV user interface, near-field Alexa voice control, Dolby Vision pass-through, and more. It can also be added to a multi-room speaker group through the Alexa app, and comes with a 90-day trial to Amazon Music Unlimited. 

Nebula Soundbar – Fire TV Edition 4

It’s available for pre-order today for $229.99 in the United States, $269.99 in Canada, £179.99 in the United Kingdom, and €209.99 in Germany. It will begin shipping on November 21.

The expansion of Fire TV Edition-branded products is also meant to challenge Roku on the success of its Roku TV-branded television sets, which are similarly manufactured by partners but run the Roku OS.

In the U.S., Roku OS is the No. 1 licensed TV OS in the U.S. and now powers more than 1 in 3 smart TVs. Amazon is today is clearly answering that challenge by focusing on the international markets with a suite of new partners for Fire TV Edition.

 


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Apple brings contactless student IDs to a dozen more universities – gpgmail


Ahead of the upcoming school year, Apple this morning announced it’s bringing contactless student IDs in Apple Wallet to several more U.S. universities. The expansion will allow over 100,000 college students to carry their student ID on their iPhone or Apple Watch, where it can be used for a variety of tasks including paying for their meals, snacks and for entry into buildings, like the student’s dorm and other campus facilities.

The expanded list of universities includes: Clemson University, Georgetown University, University of Tennessee, University of Kentucky, University of San Francisco, University of Vermont, Arkansas State University, South Dakota State University, Norfolk State University, Louisburg College, University of North Alabama and Chowan University.

These join the previously supported schools like Duke University, University of Oklahoma, University of Alabama, Temple University, Johns Hopkins University, Marshall University, and Mercer University.

Apple had first announced its plans for contactless student IDs at WWDC 2018, then rolled out to its debut schools last October.

The contactless IDs not only serve as a means of student identification, but also work as a payment mechanism for on-campus transactions — like meals at the cafeteria or textbooks and supplies at the college’s bookstore, for example. Contactless entry into buildings is also now common on college campuses, and these digital IDs can work to open doors, too, as an alternative to swiping an entry card.

Apple brings student IDs to iPhone and Apple Watch university of san francisco student ID screen 081319

Support for college student IDs is only one way that Apple is trying to replace the physical wallet. The company also support the ability to add your debit and credit cards, transit and loyalty cards, tickets, and even paper money through Apple Pay Cash. And now it’s launching its own credit card, too, which rewards you with cashback for shopping Apple and using Apple Pay.

“We’re happy to add to the growing number of schools that are making getting around campus easier than ever with iPhone and Apple Watch,” said Jennifer Bailey, Apple’s vice president of Internet Services, in a statement about the expansion. “We know students love this feature. Our university partners tell us that since launch, students across the country have purchased 1.25 million meals and opened more than 4 million doors across campuses by just tapping their iPhone and Apple Watch.”

Related to this launch, Apple says it’s also adding support for CBORD, Allegion and HID — solution providers for campus credentials and mobile access. With these technologies on board, Apple will be able to reach other schools integrated with these systems in the future.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something