Encryption

Leaked Files Reveal Scope of Cellebrite's Smartphone-Cracking Technology (zdnet.com) 37

An anonymous reader quotes a report from ZDNet: Earlier this year, we were sent a series of large, encrypted files purportedly belonging to a U.S. police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password. Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite, an Israeli firm that provides phone-cracking technology. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone's owner didn't use a passcode, meaning the phone was entirely unencrypted. The phone was plugged into a Cellebrite UFED device, which in this case was a dedicated computer in the police department. The police officer carried out a logical extraction, which downloads what's in the phone's memory at the time. (Motherboard has more on how Cellebrite's extraction process works.) In some cases, it also contained data the user had recently deleted. To our knowledge, there are a few sample reports out there floating on the web, but it's rare to see a real-world example of how much data can be siphoned off from a fairly modern device. We're publishing some snippets from the report, with sensitive or identifiable information redacted.
Portables (Apple)

2016 MacBook Pro Fails To Receive a Recommendation From Consumer Reports (9to5mac.com) 212

Consumer Reports has released its evaluation of the new MacBook Pro laptops, and it's not good. The 2016 MacBook Pro is the first MacBook to fail to receive a recommendation from the nonprofit organization dedicated to unbiased product testing. 9to5Mac reports: In a post breaking down the decision not to recommend the new MacBook Pros, Consumer Reports explains that while the new models held up well in terms of display quality and performance, the battery life issues were too big of an issue to overlook. The organization tested three MacBook Pro variants: a 13-inch Touch Bar model, a 15-inch Touch Bar model, and a 13-inch model without the Touch Bar. The general consensus was that "MacBook Pro battery life results were highly inconsistent from one trial to the next." Consumer Reports explains that the 13-inch Touch Bar model saw battery life of 16 hours in one test and 3.75 hours in another, while the non-Touch Bar model maxed out at 19.5 hours, but also lasted just 4.5 hours in another test. The 15-inch model ranged from 18.5 hours to 8 hours. Generally, according to the report, it's expected for battery life to vary from one trial to another by less than 5 percent, meaning that the battery life variances with the new MacBook Pro are very abnormal. Once that was completed, Consumer Reports experimented by conducting the same test using Chrome and "found battery life to be consistently high on all six runs." While the organization can't let that affect its final decision due to its protocol to only use the first-party browser, it's something users may want to try.
IOS

Pokemon Go Arrives On the Apple Watch (techcrunch.com) 35

Niantic, the developers behind Pokemon Go, have finally launched the Apple Watch version of the game. The new smartwatch app will let you play Pokemon Go without having to constantly pull out your smartphone. Instead, you can use the watch to tap to find nearby Pokemon, collect items from PokeStops, and log your gameplay as a "workout." TechCrunch reports: The AR and GPS-powered game, which has been downloaded 600 million times as of November, offers a unique combination of gameplay and physical activity that makes sense for a platform like the Apple Watch. The new app will take advantage of the watch's fitness-tracking capabilities, as gameplay counts toward your personal Activity rings. In addition, your Apple Watch sessions will count toward hatching your Pokemon Eggs, too, as well as receiving Candy with your Buddy Pokemon. In addition to fitness tracking, Pokemon Go will also tie into the Apple Watch's ability to push notifications to your wrist. The app will send alerts about a variety of important events, including when there are nearby Pokemon to catch, when you're near a PokeStop, when your Eggs hatch, and when medals are awarded, says Niantic. However, when it comes time to actually catch the Pokemon, you'll still need to break out your iPhone.
Programming

Apple Delays App Store Security Deadline For Developers 25

Reader Trailrunner7 writes: Apple has pushed back a deadline for developers to support a key transport security technology in apps submitted to the company's app stores. Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Thursday, the company announced that it has decided to extend the deadline indefinitely. ATS is Apple's collection of transport security standards designed to provide attack resistance for data that's sent between iOS and macOS apps and backend servers. It requires apps to support a number of modern transport security technologies, including TLS 1.2, AES-128 or stronger, and certificates must be signed using SHA-2. ATS also requires the use of forward secrecy, a key-exchange method that protects encrypted sessions even if the server certificate is compromised at some point in the future.
Desktops (Apple)

Raspberry Pi's Linux-Based PIXEL Desktop Now Available For PC and Mac (betanews.com) 50

From a report on BetaNews: If you own a Raspberry Pi, you're probably familiar with PIXEL. The desktop environment is included in the Raspbian OS. The Raspberry Pi Foundation describes PIXEL as the "GNU/Linux we would want to use" and understandably so. It offers a smart, clean interface, a decent selection of software, the Chromium web browser with plug-ins, and more -- and from today it's available for PC and Mac. The version of Debian+PIXEL for x86 platforms is described as "experimental" but having taken it for a spin, it seems pretty stable to me. To run PIXEL on your PC or Mac, download the image, burn it onto a DVD or flash it onto a USB memory stick, and boot from it. The desktop environment will load ready for use.
Iphone

Nokia Sues Apple, Claims Patent Infringement in iPhone and Other Devices (marketwatch.com) 77

Nokia today announced a number of patent infringement complaints against Apple in Europe and the U.S. courts. There are 32 patents in total that Nokia claims Apple infringed, covering technologies such as display, user interface, software, antenna, chipsets and video coding. From a report on MarketWatch: Nokia said Apple agreed to license a few of Nokia Technologies' patents in 2011, but has declined offers by Nokia since then to license other patents whose inventions have been used in Apple mobile devices, including the iPhone and iPad, and the Mac. The lawsuits, filed in a Munich, Germany, regional court and a district court in Texas, cover technologies such as display, user interface, software, antenna, chipsets and video coding. Nokia said it's in the process of filing further actions in other jurisdictions as well. "After several years of negotiations trying to reach agreement to cover Apple's use of these patents, we are now taking action to defend our rights," said Ilkka Rahnasto, head of patent business at Nokia.
Businesses

Apple In Talks With India To Manufacture Locally (reuters.com) 118

Apple is in talks with India's government to explore making products locally, the Wall Street Journal reported on Tuesday, as the U.S. firm aims to make deeper inroads in the world's second-largest mobile phone market by users. From a report: India Prime Minister Narendra Modi is trying to boost technology manufacturing in the country through his 'Make in India' initiative. His government in June exempted foreign retailers for three years from a requirement to locally source 30 percent of goods sold in their stores. The Journal said Apple, in a letter to the federal government in November, outlined manufacturing plans and asked for financial incentives.
Businesses

At Apple, Mac Is Getting Far Less Attention - How It Handled the New MacBook Pro Is a Living Proof (bloomberg.com) 230

Apple CEO Tim Cook may have assured employees that the company is committed to Mac computers, but people working in the Mac team say the company now pays far less attention to the computer lineup, according to Bloomberg's Mark Gurman, who has been right just about every time with Apple scoops. From his report: Interviews with people familiar with Apple's inner workings reveal that the Mac is getting far less attention than it once did. They say the Mac team has lost clout with the famed industrial design group led by Jony Ive and the company's software team. They also describe a lack of clear direction from senior management, departures of key people working on Mac hardware and technical challenges that have delayed the roll-out of new computers. While the Mac generates about 10 percent of Apple sales, the company can't afford to alienate professional designers and other business customers. After all, they helped fuel Apple's revival in the late 1990s. In a stinging critique, Peter Kirn, founder of a website for music and video creators, wrote: "This is a company with no real vision for what its most creative users actually do with their most advanced machines." If more Mac users switch, the Apple ecosystem will become less sticky -- opening the door to people abandoning higher-value products like the iPhone and iPad. The report also sheds light on battery issues in the new MacBook Pro lineup that many have complained about. From the report: In the run-up to the MacBook Pro's planned debut this year, the new battery failed a key test, according to a person familiar with the situation. Rather than delay the launch and risk missing the crucial holiday shopping season, Apple decided to revert to an older design. The change required roping in engineers from other teams to finish the job, meaning work on other Macs languished, the person said. The new laptop didn't represent a game-changing leap in battery performance, and a software bug misrepresented hours of power remaining. Apple has since removed the meter from the top right-hand corner of the screen.
Desktops (Apple)

Tim Cook Assures Employees That It Is Committed To Mac and 'Great Desktops' Are Coming (techcrunch.com) 307

Apple CEO Tim Cook has assured the employees that the company is committed to the computer lineups and that a desktop computer is certainly on the way. From a report on TechCrunch: "Some folks in the media have raised the question about whether we're committed to desktops," Cook wrote. "If there's any doubt about that with our teams, let me be very clear: we have great desktops in our roadmap. Nobody should worry about that." Cook cites the far better performance of desktop computers, including screen sizes, memory, storage and more variety in I/O (ha) as a reason that they are "really important, and in some cases critical, to people." So no matter how you feel about the state of the Mac at the moment, you have new machines to look forward to. No mention of whether that meant iMac or Mac Pro or both, but at the very least it's encouraging to those of us who couldn't live without a desktop computer.
Iphone

Filmmaker Installed Security Software On a Decoy Phone To Spy On Smartphone Thieves (theverge.com) 118

An anonymous reader writes from a report via The Verge: Dutch film student Anthony van der Meer had the unfortunate pleasure of having his phone stolen while having lunch in Amsterdam. Unsatisfied with the response from the Amsterdam police, who register an average of 300 stolen phones per week, Meer decided to find out what kind of person steals a phone. He downloaded DIY security software on a decoy Android phone, intentionally got the phone stolen, and was able to spy on his thief for weeks. He recorded the ups and downs of his covert investigation and turned it into a 22-minute documentary called Find My Phone. Meer preloaded the decoy device with an anti-theft application called Cerberus, which allows the owner of the device to access any file on the phone remotely, as well as discretely activate the phone's camera and microphone. Meer and his friends were able to navigate the technicalities of surveilling the thief with relative ease. They even snapped a close-up of the guy's face. The hard part, it turns out, was getting the preloaded phone stolen in the first place. It took Meer four days to get his device pilfered in a city with high rates of theft because concerned citizens kept coming to his rescue.
Desktops (Apple)

Adobe Releases Flash Player 24 For Linux Four Years After the Last Major Update (bleepingcomputer.com) 88

An anonymous reader writes: Adobe released today Flash Player 24 for Linux, after previously abandoning the application without explanation in 2012. The NPAPI architecture of Flash Player for Linux is now on par with Windows and Mac releases on version 24, after spending the last few years stuck at version 11.2 and only receiving small patches and security fixes, but no new features. Today's Flash Player 24 for Linux release comes after Adobe teased its release on August 31, and later released a Beta version (v23) in October. Despite updating Flash Player for Linux to the same version number as its Windows and Mac alternatives, the Linux variant still lags behind on features. While Flash Player 24 includes all the security features included in the Windows and Mac versions, the Linux version doesn't support accelerated GPU 3D acceleration and video DRMs. If users need these features, Adobe says users should use Chrome for Linux, where Google's own port, the Pepper Flash plugin (PPAPI architecture) supports them.
EU

Apple Appeals EU Tax Ruling, Says It Was a 'Convenient Target' (reuters.com) 122

Apple has launched a legal challenge to a record $14 billion EU tax demand, arguing that EU regulators ignored tax experts and corporate law and deliberately picked a method to maximize the penalty, senior executives said. From a report on Reuters: Apple's combative stand underlines its anger with the European Commission, which said on Aug. 30 the company's Irish tax deal was illegal state aid and ordered it to repay up to 13 billion euros ($13.8 billion) to Ireland, where Apple has its European headquarters. European Competition Commissioner Margrethe Vestager, a former Danish economy minister, said Apple's Irish tax bill implied a tax rate of 0.005 percent in 2014. General Counsel Bruce Sewell and Chief Financial Officer Luca Maestri outlined in an interview with Reuters at Apple's global headquarters in Cupertino the company's plans for its appeal against the Commission's ruling at Europe's second highest court. The iPhone and iPad maker was singled out because of its success, Sewell said. "Apple is not an outlier in any sense that matters to the law. Apple is a convenient target because it generates lots of headlines. It allows the commissioner to become Dane of the year for 2016," he said, referring to the title accorded to Vestager by Danish newspaper Berlingske last month.
Government

A Century of Surveillance: An Interactive Timeline Of FBI Investigations (muckrock.com) 55

"Over a century of fear and filing cabinets" at the FBI has been exposed through six years of Freedom of Information Act requests. And now MuckRock founder (and long-time Slashdot reader) v3rgEz writes: MuckRock recently published its 100th look into historical FBI files, and to celebrate they've also compiled a timeline of the FBI's history. It traces the rise and fall of J. Edgar Hoover as well as some of the Bureau's more questionable investigations into famous figures ranging from Steve Jobs to Hannah Arendt. Read the timeline, or browse through all of MuckRock's FBI FOIA work.
The FBI interviewed 29 people about Steve Jobs (after he was appointed to the President's Export Council in 1991), with several citing his "past drug use," and several individuals also saying Jobs would "distort reality."
The Courts

Apple Loses In Court, Owes $2 Million For Not Giving Workers Meal Breaks (cnn.com) 255

An anonymous reader writes: Apple has been ordered to cut a $2 million check for denying some of its retail workers meal breaks. The lawsuit was first filed in 2011 by four Apple employees in San Diego. They alleged that the company failed to give them meal and rest breaks [as required by California law], and didn't pay them in a timely manner, among other complaints. In 2013, the case became a class action lawsuit that included California employees who had worked at Apple between 2007 and 2012, approximately 21,000 people...

The complaint says Apple's culture of secrecy keeps employees from talking about the company's poor working conditions. "If [employees] so much as discuss the various labor policies, they run the risk of being fired, sued or disciplined."

Apple changed their break policy in 2012, according to CNN, which reports that the second half of the case should conclude later this week. The employees that had been affected by Apple's original break policy could get as much as $95 each from Friday's settlement, according to CNN, "but it's likely some of the money will go toward attorney fees."
China

Apple Explores Dual-SIM Capability in iPhones, Patent Filing Reveals (ibtimes.com.au) 127

Apple is exploring the idea of having two SIM card slots in its iPhones. The Cupertino-based company has registered a patent for a dual-SIM card technology that involves two separate antennas. Though not as popular in the US, and UK markets, smartphones with dual-SIM card capability are extremely popular in developing regions such as China and India. For instance, according to Counterpoint Research marketing firm, more than 90 percent smartphones sold in India, world's fastest growing smartphone market had dual-SIM card slot in them. But why does Apple care about India and China, you ask. The iPhones sales growth has dropped everywhere in the world, except India, which is also the world's second most populous nation, and world's second largest smartphone market. As per Apple's previous earnings call, sales of iPhones grew by 50 percent in India, and Tim Cook has said that he sees a huge potential in the country.
Security

Zero-Days Hitting Fedora and Ubuntu Open Desktops To a World of Hurt (arstechnica.com) 164

An anonymous reader writes: It's the year of the Linux desktop getting pwned. Chris Evans (not the red white and blue one) has released a number of linux zero day exploits, the most recent of which employs specially crafted audio files to compromise linux desktop machines. Ars Technica reports: "'I like to prove that vulnerabilities are not just theoretical -- that they are actually exploitable to cause real problems,' Evans told Ars when explaining why he developed -- and released -- an exploit for fully patched systems. 'Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out.' Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them."
Desktops (Apple)

A $300 Device Can Steal Mac FileVault2 Passwords (bleepingcomputer.com) 88

An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap.
The Almighty Buck

Apple Will Charge You $69 To Replace a Lost AirPod (macrumors.com) 253

Apple's AirPods finally went on sale earlier this week after being announced in September and delayed in October. Now that people are able to actually purchase these wireless earphones for $159, many are wondering what happens if they lose an AirPod. Apple has recently updated its repair and replacement costs for AirPods on its iPhone Service Pricing Page, mentioning a $69 fee for those who need to replace an AirPod or charging case. Mac Rumors reports: Apple doesn't appear to be offering AppleCare+ for AirPods, instead providing a standard one-year warranty that's available on all Apple products. If the AirPods need service during that one year period, all work will be covered for free. After the one-year warranty has expired, Apple will charge a $69 fee for out-of-warranty service repairs. Battery service for AirPods that lose battery capacity is free during the one-year warranty period or $49 out of warranty. If you lose or damage one of the AirPods or the charging case, Apple will charge $69 for a replacement, regardless of whether or not the AirPods are still under warranty. The pricing in Apple's support document is U.S. pricing, and will vary based on country.
Nintendo

Super Mario Run Is Now Available (independent.co.uk) 70

Nintendo's first smartphone game "Super Mario Run" is now available in the App Store across the world. The game follows the success of Pokemon Go, which launched earlier this year. Nintendo owns a third of the Pokemon Company, but the game itself was developed by Niantic. The Independent reports: But just like Pokemon Go, the game requires that anyone playing it has a connection to the internet. That's intended as a way of stopping pirates getting around the game's relatively expensive $10 price -- not required to download the game, but to unlock it -- but has already drawn some complaints. In the case of Pokemon Go, which also required that people were online, the huge popularity of the game meant that its servers regularly crashed and were sometimes intentionally taken offline. That in turn meant that the game was impossible to play for large amounts of time, since it required that same connection, as Super Mario Run will. The restriction will also mean that fans won't be able to play the game underground or on flights, or anywhere else with restricted Wi-Fi. But for the most part, the game has been hailed as a signal that Nintendo are finally bringing their nostalgia-inducing characters to a broader range of platforms and consoles. The company unveiled the game at the launch event for the iPhone 7, drawing praise for having liberated Mario and his friends and enemies from Nintendo's own consoles for the first time. You can download Super Mario Run here.
Iphone

Florida Court Says Suspected Voyeur Must Reveal His iPhone Passcode To Police (bbc.com) 184

A Florida appeals court has reversed a decision by a previous judge and ruled that a suspected voyeur can be made to reveal his iPhone passcode to police. "The defendant was arrested after a woman out shopping saw a man crouch down and aim what she believed was a smartphone under her skirt," reports BBC: Store CCTV captured footage of a man crouched down, holding an illuminated device and moving it towards the victim's skirt, according to court documents published by news site Courthouse News. Aaron Stahl was identified by law enforcement officers who reviewed the footage, according to court documents. After his arrest, Mr Stahl initially agreed to allow officers to search his iPhone 5, which he told them was at his home. However, once it had been retrieved by police - but before he had revealed his passcode - he withdrew consent to the search. The trial court had decided that Mr Stahl could be protected by the Fifth Amendment, which is designed to prevent self-incrimination. However, Judge Anthony Black's formal opinion to the court quashed the decision. Judge Black referred to a famous Supreme Court case, Doe v US 1988, in which Justice John Paul Stevens wrote that a defendant could be made to surrender a key to a strongbox containing incriminating documents but they could not "be compelled to reveal the combination to his wall safe." "We question whether identifying the key which will open the strongbox - such that the key is surrendered - is, in fact, distinct from telling an officer the combination," wrote Judge Black. "More importantly, we question the continuing viability of any distinction as technology advances."

Slashdot Top Deals