More than 95% Android phones vulnerable to StageFright-based exploit!

This one's a doozy.

Experts at Zimperium Mobile Securityhave found a stunning vulnerability in almost all Android-based mobile phones.

This vulnerability allows a remote attacker to take over a victims phone by doing nothing much more than sending a specially crafted video via MMS. No interaction on the part of the victim is required!

The video triggers an internal Android program termed "stagefright", which trips up over the malformed video and allows the attackers program (embedded into the video) to run.

At this point, the attacker can do many things, including:

• Delete stuff
• Change stuff
• (Scary) remotely access phone content without the owner even being aware of it.

For those with a technical bent of mind, read more at the Imperium blog.

Saving yourself from this vulnerability requires you to update the Android phone OS. Unfortunately, except for those who are using Google phones (Such as the Nexus) or those phones under the Google One program (limited models of Micromax, Spice, Karbonn) this is not an option.

Most phone manufacturers are very slow at providing updates. Usually, phones over 18 months old will not receive updates at all.

So, short of buying a new Android phone, what are the options available to avoid this vulnerability?

If you are tech-savvy, or know someone who is, you can opt to root your phone and disable StageFright. However, this option is not for everyone.

The simplest thing you can do to prevent this is to disable MMS if you are not using it at all.

To disable MMS: On most Android phones, go to Settings->More->Mobile Networks->Access Point Names.

Among the list of access points, you will find certain marked as MMS. Touch each one,  then change the following settings to junk values:

• APN
• Proxy
• Port
• Password
• MMS Proxy
• MMS Port
• Uncheck APN enable/disable (most models do not have this option)

Then touch the menu button, and choose the "Save" option. This will disable ALL MMS functionality!

Sequence to disable MMS : click to see full size

You can restore it easily if you like by going to the APN settings page. Touch the menu button, and choose "Restore settings to default."

Also suggested is to disable the Google Hangouts app from being the default messaging app. To do this : Open the Hangouts app, then slide open the settings pane. Choose "Settings"-> "SMS"-> SMS enabled, and change the setting to disabled.

Computer power supplies (SMPS): Cheap is NOT best

One of the main components of any desktop system, and the one most ignored, is the power supply (SMPS).

95% of India-assembled systems use cheap no-name China SMPS's. Most large reseller "brands" also sell these cheapo power supplies.

The reason for their popularity is the compelling price difference. A "no-name" / "reseller brand" power supply retails for as low as Rs 500 for 450 watts (example), while the good brands start at Rs 2,000+ for 350w. So, it seems as though not only are you getting a cheaper power supply, you are getting more power in the bargain.

As usual, the devil is in the (technical) details. However, let's start by seeing something even a layman can understand:

"no-name" SMPS 450w Weight : 584.6 gms	Antec VP450P 450w Weight: 1618.1 gms

The Antec SMPS on the right weighs almost 3 times (~ 276%) more than the "no-name" SMPS on the left. 

However, this is only a symptom; the real problem? Read on...

Both power supplies claim to have 450w output. Background info: SMPS's output at different voltages, as shown below:

3.3v x 25A = 82.5 w 5v x 38A = 190 w 12v x 15A = 180 w Theoretical Total : 452.5 (~ 450w) Efficiency not mentioned: unknown	3.3v x 24A = 79.2 w 5v x 15A = 75 w 12v (1,2) x 18A (each) = 432 w Theoretical total: 586 w Efficiency mentioned 78%  Total: 457.08 (~ 450 w)

Catch 1:

The total wattage calculation is arrived by multiplying the output voltage with it's corresponding amperage rating. So in this case, both supply power output over 450 w. However, note that the Antec actually can supply a maximum theoretical output of over 580w - but not reliably. Given a mentioned efficiency of 78%, it can reliably supply a continuous load of 450 w. There is no efficiency ratio mentioned in the case of "no-name", however, it definitely cannot be 100%.

Catch 2:
The bulk requirement for power in most computers comes from the 12v rail. However, components that supply reliable 12v generate heat. This must be removed by using quality heatsinks and fans. The "no-name" SMPS reduces the amperage on 12v so that it can skimp on the (heavy) heatsink. However, to maintain a 450w rating, it raises the current available (amperage) on 5v to absurd levels.

This becomes clearer when we compare with other "real" power supplies as well:

Brand / Model	3.3v	5v	12v	3.3v+5v	12v
"no-name" 450w	25 A	38 A	15 A	272w	180w
Cooler Master CM350 350w	20 A	12A	10 A + 13 A	126w	276w
Antec VP450P 450w	24 A	15 A	18 A + 18 A	154w	432w
Circle Tech CT 500w	20 A	20 A	32 A	166w	384w

In every case, we see that 3.3v+5v power (wattage) in "no-name" is absurdly high when compared to the expensive "real" power supplies. Similarly, the 12v is very low.

On the "no-name", there is no way one can actually reach the absurdly high load provisioned on 3.3v+5v. However, you will definitely max out the 12v power available even with a very ordinary load.

Catch 3:

Brand / Model	Calculated rating (theoretical)	Actual rating mentioned
"no-name" 450w	452.5w	450w
Cooler Master CM350 350w	402w	350w
Antec VP450P 450w	586.2w	450w
Circle Tech CT 500w	550w	500w

No power supply, no matter how good, can work with 100% efficiency. In every case for the real power supplies, the theoretical rating (wattage of 3.3v+5v+12v) is far over the actual rating. However, in the "no-name", the theoretical rating is treated as the actual rating, with no mention of power conversion efficiency.

Note the massive difference in Antec: This doesn't mean that it is inefficient, it just means that as load increases in 12v1, the max load on 12v2, 3.3v and 5v will reduce, and vice-versa. In other words, there is no way Antec expects you to touch the theoretical load on all rails (3.3v, 5v, 12v1, 12v2) simultaneously.


These "no-name" cheap and unreliable power supplies are the leading cause for failure in most systems. Unfortunately, while the power supplies themselves rarely fail, they invariably cause damage to sensitive electronics such as the motherboard, hard disk, etc, due to non-spec or unreliable supply of load.

A good power supply not only provides reliable and stable power, it will usually sacrifice itself (by failing) when non-spec power (eg over-current) is supplied, to protect sensitive (and usually expensive) components.

So the next time you find your Graphic card, HDD or DVD drive acting up, take a good, hard look at the power supply.

Spend a little more on your power supply, it will reward you in the long run with reliable system performance.

If you are buying an assembled system, insist on a good power supply, and compare the wattage chart with those mentioned above. Remember, 12V load is important, the others less so.

"Soft" drinks : hard to swallow facts

As parents, we've all been there. It's a hot, sweaty day, the kids are cranky, and we just give them something to cool off and let us take a breather.

However, "soft" drinks are not an healthy idea. Here's why:

Below, I have shown the "Nutritional facts" panel on two popular "soft" drinks. Lets look at them in detail:

Both panels show almost 16g of sugar (natural + added). However, the key is what is written above the panel: these values are PER 100 ml (milliliters).

Each drink above is 250ml - which means that each packet contains essentially almost 40 gms (about 10 teaspoons of sugar). This much sugar is NOT healthy for kids. Don't do it.

Take a further look at the ingredients : The "fruit" content is less than 20% (14% apple juice, 19% mango pulp). This means that over 80% content has nothing to do with real fruit !

Both claim a fat content of 0%. That sounds healthy, until you realize that both contain carbohydrates of about 40g each. Carbohydrates are converted into glucose when the body requires energy (exercise, daily activities etc), but are stored within body fat until required.

If the carbohydrate intake is too high, the body generates more fat to store it all. So while the drinks themselves may not have any fat content, it can act as a trigger for the body to retain fat from other sources!

Also, remember all that sugar mentioned before? If not used during exercise (as glucose), that too turns into carbs, to be stored in fat.

Carbonated "soft" drinks are almost as bad. 

So the next time you want to get a quick drink for your kids, or pacify them, don't reach out for the convenient "soft" drink. Take the trouble to find a natural fruit juice stand; it's more expensive now, but healthier kids are worth a darn lot more.

When bigger is not cheaper

When buying household provisions, bigger is usually cheaper, right?

Not in the case of Britannia Jim Jam biscuits.

A 100g pack costs Rs 15 (MRP), making a cost per KG of Rs 150.

A 150g pack costs Rs 25 (MRP), making a cost per KG of over Rs 166.65 !

That's a difference of almost 11% more for the larger pack!

Many companies use non-standard sizes to ensure that comparisions are difficult for the average consumer. Always try to estimate the price/weight for a good deal.

For example, in the above case, a quick estimate can be performed as follows:
for 300g,
small pack price will be 15 x 3 = 45
big pack price will be 25 x 2 = 50

Thus we can see that buying 300g in small packs is a better deal than buying large packs!

Manipal Global's elastic fees

I received an email from Manipal Global, offering an Android Development course.

A click through for more details showed the price as Rs 6,000 - discounted from Rs 8,000 all inclusive.

However, the representative I communicated with said the normal course fees were 7,000. When I pointed out that the website fees were different, she asked for a screenshot via email. I sent her a screenshot as below (price near top right corner) :

A few days later, the upshot? They increased the website price!

Companies like this will always have a raw deal for consumers. Approach with caution.