Security

iPhone Bluetooth Traffic Leaks Phone Numbers -- in Certain Scenarios (zdnet.com) 51

Security researchers say they can extract a user's phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations. From a report: The attack works because, when Bluetooth is enabled on an Apple device, the device sends BLE (Bluetooth Low Energy) packets in all directions, broadcasting the device's position and various details. This behavior is part of the Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect and allow data transfers between nearby devices. Previous academic research has revealed that AWDL BLE traffic contains device identification details such as the phone status, Wi-Fi status, OS version, buffer availability, and others. However, in new research published last week, security researchers from Hexway said that during certain operations these BLE packets can also contain a SHA256 hash of the device's phone number.
Businesses

Apple Reports Declining Profits and Stagnant Growth, Again (nytimes.com) 154

An anonymous reader quotes a report from The New York Times: Apple has long performed like clockwork, growing steadily and producing an ever-growing stream of profit. Not anymore. On Tuesday, the Silicon Valley behemoth said that its net income had fallen 13 percent and that its revenue rose 1 percent in the latest quarter, with iPhone sales continuing to decline and gains in the company's services and wearables business failing to make up the difference. The results showed persistent signs of weakness for one of the world's financial standouts. Apple built its enormous business on the iPhone, but sales of the device have slipped for three straight quarters in a saturated market for smartphones. Yet the results also suggested that the company could be starting to halt declines in those sales and other key areas, including revenue from the Chinese market. Over the previous two quarters, Apple's profits and revenue had fallen over all.

Apple said net income had dropped to $10.04 billion for its fiscal third quarter, from $11.5 billion a year earlier, with profit of $2.18 a share exceeding Wall Street estimates. Revenue rose to $53.8 billion from $53.3 billion a year earlier. In the latest quarter, revenue from iPhone sales fell nearly 12 percent, to $25.97 billion, from a year earlier. In the company's previous quarter, iPhone sales fell 17 percent. For the first time since 2013, iPhone sales did not account for at least half of Apple's revenue, said Yoram Wurmser, an analyst at the market-research firm eMarketer.
Sales in China have declined nearly 25 percent over the previous two quarters, the report adds. "In the latest quarter, Apple's sales in the region fell 4.1 percent, while revenue specifically in mainland China grew."
Google

Google Reveals Fistful of Flaws In Apple's iMessage App (bbc.com) 41

Google researchers have shared details of five flaws in Apple's iMessage software that could make its devices vulnerable to attack. The BBC reports: In one case, the researchers said the vulnerability was so severe that the only way to rescue a targeted iPhone would be to delete all the data off it. Another example, they said, could be used to copy files off a device without requiring the owner to do anything to aid the hack. Apple released fixes last week. But the researchers said they had also flagged a sixth problem to Apple, which had not been rectified in the update to its mobile operating system.

Apple's own notes about iOS 12.4 indicate that the unfixed flaw could give hackers a means to crash an app or execute commands of their own on recent iPhones, iPads and iPod Touches if they were able to discover it. Apple has not commented on this specific issue, but has urged users to install the new version of iOS, which addresses Google's other discoveries as well as a further range of glitches and threats. One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month.

Chrome

Chrome 76 Arrives With Flash Blocked By Default (venturebeat.com) 87

An anonymous reader shares a report from VentureBeat: Google today launched Chrome 76 for Windows, Mac, Linux, Android, and iOS. The release includes Adobe Flash blocked by default, Incognito mode detection disabled, multiple PWA improvements, and more developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. Google has been taking baby steps to kill off Flash for years. In 2015, Chrome started automatically pausing less important Flash content. In 2016, Chrome started blocking "behind the scenes" Flash content and using HTML5 by default. In July 2017, however, Adobe said it would kill Flash by 2020. With Chrome 76, Flash is now blocked by default. Users can still turn it on in settings, but next year, Flash will be removed from Chrome entirely.
Security

Apple's AWDL Protocol Plagued By Flaws That Enable Tracking and MitM Attacks (zdnet.com) 56

Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks. From a report: These are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US. The project sought to analyze the Apple Wireless Direct Link (AWDL), a protocol that Apple rolled out in 2014 and which also plays a key role in enabling device-to-device communications in the Apple ecosystem. While most Apple end users might not be aware of the protocol's existence, AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods. But in the past five years, Apple has never published any in-depth technical details about how AWDL works. This, in turn, has resulted in very few security researchers looking at AWDL for bugs or implementation errors.
China

Trump Says Apple Will Not Be Given Tariff Waivers or Relief For Mac Pro Parts Made In China (cnbc.com) 210

An anonymous reader quotes a report from CNBC: In a tweet on Friday, President Trump said his administration will not grant Apple any relief on Mac Pro parts made in China. "Apple will not be given Tariff wavers (sic), or relief, for Mac Pro parts that are made in China," President Trump said. "Make them in USA, no Tariffs!" Apple asked for waivers on tariffs on the Mac Pro. Apple said it wanted to be exempt on some parts it uses for the new Mac Pro, including a power supply unit, the stainless-steel enclosure, finished mice and trackpads and circuit boards. "There are no other sources for this proprietary, Apple-designed component," Apple said in a filing. Apple shifted production of the Mac Pro to China in June, saving shipping costs for components that are supplied near Shanghai.
Iphone

Apple Contractors 'Regularly Hear Confidential Details' on Siri Recordings, Report Says (theguardian.com) 91

Alex Hern, reporting for The Guardian: Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or "grading," the company's Siri voice assistant, the Guardian has learned. Although Apple does not explicitly disclose it in its consumer-facing privacy documentation, a small proportion of Siri recordings are passed on to contractors working for the company around the world.

They are tasked with grading the responses on a variety of factors, including whether the activation of the voice assistant was deliberate or accidental, whether the query was something Siri could be expected to help with and whether Siri's response was appropriate. Apple says the data "is used to help Siri and dictation ... understand you better and recognise what you say." [...] Apple told the Guardian: "A small portion of Siri requests are analysed to improve Siri and dictation. User requests are not associated with the user's Apple ID. Siri responses are analysed in secure facilities and all reviewers are under the obligation to adhere to Apple's strict confidentiality requirements." The company added that a very small random subset, less than 1% of daily Siri activations, are used for grading, and those used are typically only a few seconds long."
Further reading: Google Contractors Are Secretly Listening To Your Assistant Recordings; and Amazon Workers Are Listening To What You Tell Alexa.
Businesses

Apple Buys Intel's Smartphone Modem Business (theverge.com) 52

Apple is officially acquiring Intel's smartphone modem business for $1 billion, the two companies announced today. As rumored earlier this week, the move "would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." The Verge reports: The acquisition means that Apple is now well on the way to producing its own 5G modems for its smartphones, rather than having to rely on Qualcomm for the hardware. Developing its own modems has the potential to deliver big benefits for Apple. In particular, it would no longer be subject to the patent licensing terms of Qualcomm, which were the source of the two companies' lengthy legal dispute. In the past, Apple has accused Qualcomm for charging "disproportionately high" fees in patent royalties, which it was accused of forcing companies to agree to if they want access to its hardware as part of a "no license -- no chips" policy.

The talks with Intel to acquire its modem business are understood to have started last summer, according to the WSJ, when Intel's new CEO Bob Swan arrived with a focus on cleaning up the company and addressing its loss-making segments. Acquiring another business to develop an in-house competitor is a tactic Apple has used at least once before when it spent $300 million to acquire part of Dialog, a company that previously supplied Apple with power management chips for its phones. The time of the acquisition, which included 300 employees, was Apple's biggest ever in terms of headcount.

Businesses

Apple and Amazon Become Top US Solar Users, Besting Target and Walmart (venturebeat.com) 76

Apple has spent nearly a decade dramatically expanding its use of solar energy across the United States, and the effort has paid off. From a report: The Solar Energy Industries Association (SEIA) reports today that Apple now has the most installed solar capacity of any U.S. company, followed by Amazon, as both companies vaulted over prior industry leaders Target and Walmart. But there's a catch. In the Solar Means Business 2017 report, Apple ranked fourth behind both of the top brick-and-mortar retailers and Prologis, an industrial warehouse company, while Amazon ranked tenth, below such retailers as Kohls, Costco, Ikea, and Macy's.

The SEIA's just-published 2018 report showed Apple and Amazon surging as measured by megawatts of installed solar capacity, with Apple at 393.3MW to Amazon's 329.8MW. Target jumped from 203.5MW in 2017 to 229.7MW in 2018, and Walmart from 149.4MW to 208.9MW, but the year-over-year gains from their digital-first competitors were comparatively huge.

Desktops (Apple)

Dropbox Irks Mac Users With Annoying Dock Icon, Offers Clueless Support (arstechnica.com) 67

An anonymous reader quotes a report from Ars Technica: Dropbox now opens a new file browser and an associated Dock icon every time it starts, even if you don't want it to. If you're not familiar with Macs, the Dock is the line of applications on the bottom of the screen (or the side, if you've moved it in the settings) and serves the same function as the Windows Taskbar. If my computer restarts or if Dropbox restarts, the new Dropbox window that I don't want pops up in the Dock. This isn't a huge deal, as I can quit Dropbox's new file browser and get rid of that Dock icon each time my computer starts up. I'm not going to stop using Dropbox -- I've been paying the company $138 a year for 2TB of storage and for 12 months' worth of file history, which saves all deleted files and revisions to files. (It's going up to $158 next time I get billed, in February.) It's worth it to me because Dropbox still works great, while the alternatives have always been unreliable or disappointing in other ways when I've tried them. I'll get into that more later in this article.

But the Dock icon and window is a major change in how Dropbox presents itself to users. Dropbox has always been the kind of application that is there when you need it and gets out of the way when you don't. Dropbox's syncing and file-sharing features are integrated with the Finder (the Mac file manager), and there's a little icon in the Mac's Menu Bar at the top of the screen for when you need to change a setting. But now, Dropbox wants to be front and center at all times. The company built its own file browser to replace what's already available in the Mac Finder, and it opens that new file manager every time Dropbox starts. We wrote about it last week when Dropbox started rolling it out to more users. I've had it for more than a month since I somehow ended up in Dropbox's Early Access program.
Ars' Jon Brodkin, the author of the article, also discovered that "there are numerous Dropbox support employees who apparently have never used their company's Mac application and do not understand how it works." Specifically, the employees Brodkin talked to didn't know "that it's possible for Mac applications to run without a Dock icon even though that's exactly how Dropbox worked for a decade... And they've been giving bad advice to users who want to change back to the old way of doing things."
Businesses

Apple Dominates App Store Search Results, Thwarting Competitors (wsj.com) 44

Apple's mobile apps routinely appear first in search results ahead of competitors in its App Store, a powerful advantage that skirts some of the company's rules on such rankings, according to a Wall Street Journal analysis. From the report: The company's apps ranked first in more than 60% of basic searches, such as for "maps," [Editor's note: the link may be paywalled; alternative source] the analysis showed. Apple apps that generate revenue through subscriptions or sales, like Music or Books, showed up first in 95% of searches related to those apps. This dominance gives the company an upper hand in a marketplace that generates $50 billion in annual spending. Services revenue linked to the performance of apps is at the center of Apple's strategy to diversify its profits as iPhone sales wane. While many of Apple's products are undoubtedly popular, they are held to a different standard by the App Store. Apple tells developers that downloads, user reviews and ratings are factors that influence search results. Yet more than two dozen of Apple's apps come pre-installed on iPhones and are shielded from reviews and ratings.

[...] Audiobooks.com, an RBmedia company, largely held the No. 1 ranking in "audiobooks" searches in the App Store for nearly two years. Then last September it was unseated by Apple Books. The Apple app had only recently begun marketing audiobooks directly for the first time. "It was literally overnight," said Ian Small, Audiobooks.com's general manager. He said the change triggered a 25% decline in Audiobooks.com's daily app downloads. [...] Apple's role as both the creator of the App Store's search engine and the beneficiary of its results has rankled developers. They contend Apple is essentially pinning its apps No. 1, compelling anyone seeking alternatives to consider Apple apps first. [...] Phillip Shoemaker, who led the App Store review process until 2016, said Apple executives were aware of Podcasts' poor ratings. Around 2015, his team proposed to senior executives that it purge all apps rated lower than two stars to ensure overall quality. "That would kill our Podcasts app," an Apple executive said, according to Mr. Shoemaker, who has advised some independent apps on the App Store review process since leaving Apple. The proposal was eventually rejected, Mr. Shoemaker said.

Iphone

Apple To Release Three 'iPhone 11' Models This Fall, Report Says (9to5mac.com) 93

Similar to last year's introduction of the iPhone XS, iPhone XS Max, and iPhone XR, Apple will release three new 'iPhone 11' models this fall, news outlet 9to5Mac reported on Tuesday. From the report: The new iPhones will feature the Apple A13 chip, internally known by its platform codename Cebu, model T8030. According to people who've seen the devices, all three iPhone 11 models will still feature a Lightning port, contrary to some speculation that they would be moving to USB-C after the change on iPad Pro last year. The 'iPhone 11' models are known as D42 (iPhone12,3) which will replace the iPhone XS; D43 (iPhone12,5) which will replace the iPhone XS Max; and N104 (iPhone12,1) which will replace the iPhone XR. D42 and D43 will have a 3x OLED Retina display, while N104 will still feature the 2x Liquid Retina display just like the current generation. All three iPhones will feature the same screen resolution as their predecessors.
Businesses

Apple In Advanced Talks To Buy Intel's Smartphone-Modem Chip Business (cnbc.com) 64

According to The Wall Street Journal, Apple is in advanced talks to buy Intel's smartphone-modem chip business (Warning: source paywalled; alternative source), "a move that would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." From the report: A deal, covering a portfolio of patents and staff valued at $1 billion or more, could be reached in the next week, the people said -- assuming the talks don't fall apart. Though the purchase price is a rounding error for companies valued in the hundreds of billions of dollars, the transaction would be important strategically and financially. It would give Apple access to engineering work and talent behind Intel's yearslong push to develop modem chips for the crucial next generation of wireless technology known as 5G, potentially saving years of development work.

For Intel's part, a deal would allow the company to shed a business that had been weighing on its bottom line: The smartphone operation had been losing about $1 billion annually, a person familiar with its performance has said, and has generally failed to live up to expectations. Though it would exit the smartphone business, Intel plans to continue to work on 5G technology for other connected devices.
Earlier this year, it was reported that Apple began discussing plans to acquire parts of Intel's smartphone modem chip business last summer, around the time former Intel Chief Executive Brian Krzanich resigned. "Mr. Krzanich championed the modem business and touted 5G technology as a big future revenue stream," reports The Wall Street Journal. "When Bob Swan was named to that job in January, analysts said the odds of a deal rose because his focus on cleaning up Intel would require addressing the losses in the modem business."
Security

NSO Spyware 'Targets Big Tech Cloud Services' (ft.com) 27

The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual's data from the servers of Apple, Google, Facebook, Amazon and Microsoft, Financial Times reported on Friday. [Editor's note: the link may be paywalled; alternative source] From the report: NSO Group's flagship smartphone malware, nicknamed Pegasus, has for years been used by spy agencies and governments to harvest data from targeted individuals' smartphones. But it has now evolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a target's location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration. The documents raise difficult questions for Silicon Valley's technology giants, which are trusted by billions of users to keep critical personal information, corporate secrets and medical records safe from potential hackers. NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents.
Iphone

iOS and iPadOS 13 Beta 4 Signals Death of 3D Touch, Rise of Context Menu (venturebeat.com) 47

Back in 2015, Apple introduced pressure-sensitive iPhone screens alongside 3D Touch as a potentially major hardware-software innovation, but barely supported the feature, leading to informed speculation that all of 2019's iPhones would lose their pressure-sensing hardware. This week's release of the fourth iOS 13 and iPadOS 13 developer betas appears to put the final nail in 3D Touch's coffin, tightening up the responsiveness of its replacement: Context Menus. From a report: If you aren't already familiar with 3D Touch, the concept was simple: slight, medium, and heavy pressure on an iPhone's screen could be recognized differently, such that a light press would open an app while a firm press in the same spot would instead conjure up a contextual menu. Apple sometimes nested additional "peek and pop" features within iPhone apps using the same pressure sensitivity, giving users extra options if they pressed down more on the screen.

Over the last few beta releases of iOS 13 and iPadOS 13, Apple has been rolling out a replacement called Context Menus -- a change it set the stage for last year by releasing the iPhone XR without 3D Touch hardware. Back then, Apple said it was giving the XR an alternative called "Haptic Touch" that pulled up the same sort of contextual menus as earlier iPhones, but did so using two tricks: Instead of pressure, it sensed button press time, counting an extra split-second as a stronger button press, confirming the different intent with a "thump" from the phone's vibration feature. Now iPad users will get a version of Haptic Touch minus the haptics.

Advertising

Apple Plans To Bankroll Original Podcasts To Fend Off Rivals (bloomberg.com) 50

An anonymous reader quotes a report from Bloomberg: Apple plans to fund original podcasts that would be exclusive to its audio service, according to people familiar with the matter, increasing its investment in the industry to keep competitors Spotify and Stitcher at bay. Executives at the company have reached out to media companies and their representatives to discuss buying exclusive rights to podcasts, according to the people, who asked not to be identified because the conversations are preliminary. Apple has yet to outline a clear strategy, but has said it plans to pursue the kind of deals it didn't make before. While Apple doesn't charge for the Podcast app or run its own advertising on the platform, adding exclusives and growing the Podcasts app could give some consumers another reason to stick to their iPhone or subscribe to complementary paid services like Apple Music. "Apple also has an advertising division focused on ads in the App Store, which theoretically could eventually be applied to Podcasts if it continues to increase its user base," the report notes.
Data Storage

The New 2019 MacBook Air Features a Slower SSD Than 2018 Model (imore.com) 121

The new 2019 MacBook Air with a True Tone display, upgraded keyboard and a price cut has been out for a week already, but we're finding out more about. The latest bit of information from Consomac confirms an unfortunate drawback: the SSD is slower than the previous 2018 model. From a report: The French site conducted some tests on the new 2019 MacBook Air using Blackmagic Disk Speed Test and it achieved speeds of 1.3 GB/s read and 1 GB/s write. Compare it to the 2018 MacBook Air, which achieved 2 GB/s read and 0.9 GB/s write. Apple's newer laptop improved slightly on the writing side, but its performance downgraded by 35% on the reading side. That can be attributed to a slower SSD Apple included in the new MacBook Air.
Cloud

Former Tesla Employee Admits Uploading Autopilot Source Code To His iCloud (theverge.com) 64

Guangzhi Cao, a former engineer at Tesla that is accused of stealing company trade secrets and sending them to a Chinese startup, admitted in a court filing this week that he uploaded zip files containing Autopilot source code to his personal iCloud account in late 2018 while still working for the company. "Cao denied stealing sensitive information from the automaker in the same filing," reports The Verge. "His legal team argued he 'made extensive efforts to delete and/or remove any such Tesla files prior to his separation from Tesla.' Cao is now the 'head of perception' at XPeng, where he is '[d]eveloping and delivering autonomous driving technologies for production cars.'" From the report: According to a joint filing from the two parties that was also filed this week, Tesla has subpoenaed documents from Apple. While Apple is not involved in this case, a former employee who worked on the tech company's secretive autonomous car project was charged by the FBI with stealing trade secrets last July. That employee allegedly Air Dropped sensitive data to his wife's laptop and was also caught on CCTV leaving Apple's campus with a box of equipment. He had left his job at Apple to take a position at XPeng before being arrested. Cao was also a senior image scientist for Apple for two years before he joined Tesla, according to his LinkedIn profile.
Businesses

Investigating Some Subscription Scam iOS Apps (ivrodriguez.com) 50

Security engineer Ivan writes: For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's called the freemium business model, except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe. By subscribing you get a number of "free days" (trial) and then they charge you weekly/monthly/yearly for very basic features like scanning QR Codes.

I've been trying to monitor apps that have these characteristics: 1. They have In-App purchases for their subscriptions. 2. They have bad reviews, specially with words like "scam" or "fraud". 3. Their "good" reviews are generic, potentially bot-generated. This weekend I focused on 5 apps from 2 different developers and to my surprise they are very similar, not only their UI/UX but also their code is shared and their patterns are absolutely the same. A side from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.

China

Apple Opens App Design and Development Accelerator in China (techcrunch.com) 20

Apple has opened a design and development accelerator in Shanghai -- its first for China -- to help local developers create better apps as the iPhone maker looks to scale its services business in one of its key overseas markets. From a report: At the accelerator, Apple has begun to hold regular lectures, seminars and networking sessions for developers, the company said this week. It is similar to an accelerator it opened in Bangalore about two years ago. In India, where Apple has about half a million app developers, the accelerator program has proven crucially useful, more than three dozen developers who have enrolled for the program have told TechCrunch over the years. Participation in the accelerator is free of cost. Apple said more than 2.5 million developers from greater China, which includes Taiwan and Hong Kong, actively build apps for its platform. These developers have earned more than $29 billion through App Store sales. More than 15% of Apple's revenue comes from greater China, according to official figures.

Slashdot Top Deals