×
Government

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple's New Security Feature (vice.com) 125

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

Privacy

Apple Tries To Stop Developers Sharing Data On Users' Friends (bloomberg.com) 21

Apple has updated its App Store guidelines to close a loophole that let app makers store and share data without many people's consent. The practice has "been employed for years," reports Bloomberg. "Developers ask users for access to their phone contacts, then use it for marketing and sometimes share or sell the information -- without permission from the other people listed on those digital address books." From the report: As Apple's annual developer conference got underway on June 4, the Cupertino, California-based company made many new pronouncements on stage, including new controls that limit tracking of web browsing. But the phone maker didn't publicly mention updated App Store Review Guidelines that now bar developers from making databases of address book information they gather from iPhone users. Sharing and selling that database with third parties is also now forbidden. And an app can't get a user's contact list, say it's being used for one thing, and then use it for something else -- unless the developer gets consent again. Anyone caught breaking the rules may be banned.

While Apple is acting now, the company can't go back and retrieve the data that may have been shared so far. After giving permission to a developer, an iPhone user can go into their settings and turn off apps' contacts permissions. That turns off the data faucet, but doesn't return information already gathered.

Bitcoin

Apple's App Store Officially Bans Cryptocurrency Mining (venturebeat.com) 38

Apple has updated the App Store's Review Guidelines to explicitly ban on-device mining across any type of app, and all of Apple's platforms. The new section 3.1.5 (b), titled Cryptocurrencies, provides five clear rules for what will and won't be allowed in macOS, iOS, tvOS, and watchOS apps going forward. VentureBeat reports: The upshot of the new rules is that while Apple will permit cryptocurrencies to exist on its platforms, it's adding requirements to stop scammers and individuals from exploiting App Store customers, while making explicit that it's blocking developers from eating Apple device processing power for mining activities. As AppleInsider notes, the Review Guidelines were previously less concerned with cryptocurrencies, allowing an app to facilitate crypto and ICO transactions if it complied with the laws in the app's distributed territories.

Since the App Store is virtually the only place to acquire software for iPhones, iPads, iPod touches, Apple TVs, and Apple Watches, Apple's decision will effectively end crypto mining on those devices. On macOS, however, users will continue to be able to acquire apps outside of the Mac App Store, enabling mining and other activities to continue without Apple's seal of approval.

Software

Should Apple Let Competitors Use FaceTime? (cnet.com) 211

In 2010, Steve Jobs first introduced FaceTime and promised it would become an open industry standard that could be used by Apple's competitors -- not just Apple. Well, eight years later and that still hasn't happened. CNET's Sean Hollister provides a theory as to why that is: There's also an ongoing lawsuit to consider -- as Ars Technica documented in 2013, Apple was forced to majorly change how FaceTime works to avoid infringing on the patents of a company called VirnetX. Instead of letting phones communicate directly with each other, Apple added "relay servers" to help the phones connect. Presumably, someone would have to pay for those servers, and/or figure out a way for them to talk to Google or Microsoft or other third-party servers if FaceTime were going to be truly open. But that doesn't make a broken promise less frustrating. Particularly now that Apple could potentially fix annoying business video calls as well. A Skype-killing video chat service that worked on Mac, iOS *and* Windows, Android and the open web? That's something I bet companies would be happy to pay for, too.
IOS

Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (vice.com) 187

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: On Monday, at its Worldwide Developers Conference, Apple teased the upcoming release of the iPhone's operating system, iOS 12. Among its most anticipated features are group FaceTime, Animoji, and a ruler app. But iOS 12's killer feature might be something that's been rumored for a while and wasn't discussed at Apple's event. It's called USB Restricted Mode, and Apple has been including it in some of the iOS beta releases since iOS 11.3.

The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones. "That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."

Transportation

Apple CarPlay Will Now Support Third-Party Navigation and Mapping Apps (techcrunch.com) 44

Apple today announced that it will now let third-party navigation and mapping apps work with CarPlay starting with iOS 12. "Up to now, Apple only allowed its own mapping app, Maps, to work over CarPlay, but now you can use Waze, Google Maps, Here, or whatever other app you might want to use to get from A to B," reports TechCrunch. From the report: The change marks a big shift for Apple, which is well known for favoring its own native apps and generally a more tightly controlled ecosystem on iOS and across devices. But Maps hasn't been the most popular mapping app by some measure, even for users of iOS. This is in a sense is a tacit acknowledgement that iPhone owners are using a wide variety of other services, and so to get CarPlay used more, this needed to be enabled. It's not clear why Apple didn't extend third-party support for other mapping and navigation apps until now. Perhaps it was to sweeten the deal for more people to use its own Maps app.
Desktops (Apple)

Apple Brings iOS Apps Into Mac, But Won't Merge Platforms (cnet.com) 46

Stephen Shankland, writing for CNET: With its next-generation MacOS Mojave software, Macs will be able to run some apps written for iPhones and iPads, a big new step in bringing the two technology platforms closer together. Craig Federighi, Apple's senior vice president of software engineering, announced the change Monday at Apple's Worldwide Developer Conference in San Jose. And he said Mojave will include four apps Apple itself brought from its iOS mobile software to MacOS: Home, Stocks, News and Voice Memo. "There are millions of iOS apps out there, and we think some of them would look great on the Mac," Federighi said. For now, it's only Apple that has the ability to move iOS apps to MacOS. But that'll change in 2019.
IOS

Apple Unveils iOS 12 (apple.com) 77

Apple on Monday unveiled iOS 12, the major software update that is coming later this year to all the iPhones and iPad models the company has released since 2013. iOS 12 offers a handful of new features but the focus this year, said company's VP of engineering Craig Federighi onstage, is on performance improvements. Apps will launch up to 40 percent faster, and you can slide to take a photo at up to 70 percent faster than with iOS 11, Federighi said. Part of the major push this year is also on augmented reality. The company is introducing a Measure app, which will people to use their phone's camera to measure real-life objects accurately. There's also 3D graphics that you can place into the real world through AR. Apple made a new file format called USDZ, which was developed in conjunction with Pixar.

Apple is also introducing something called "personalised Memoji characters," ability to have a group FaceTime call, and minor new features and improvements to Siri, and Photos. There is also grouped notifications, a feature that Apple claims to have invented. (Android has had it for more than 8 years.) Additionally, Apple is also bringing new tools to iOS that will allow users to take better control of the time they spend interacting with their iPhones and iPads. Note from the press release: New modes in Do Not Disturb automatically end based on a specified time, location or action and Do Not Disturb during Bedtime helps people get a better night's sleep by dimming the display and hiding all notifications on the lock screen until prompted in the morning. To help reduce interruptions, iOS 12 gives users more options for controlling how notifications are delivered. They can instantly manage notifications to be delivered quietly or turned off completely. Grouped notifications make it easier to view and manage multiple notifications at once. Screen Time provides users with detailed information and tools to help them better understand and control the time they spend with apps and websites. Daily and weekly Activity Reports show the total time spent in individual apps, usage across categories of apps, how many notifications are received and how often iPhone or iPad are picked up.
Iphone

Apple May Introduce a Triple-Camera iPhone This Year (thenextweb.com) 107

A rumor from The Korea Herald suggests that Apple may be planning on introducing its first triple camera smartphone this year with the rumored 6.5-inch iPhone. The rumor comes buried in a piece mostly about Samsung, which is also expected to introduce a triple-camera smartphone with next year's S10. The Next Web reports: To be clear, this isn't the first time we've heard word of a triple camera iPhone, but the three previous reports have pointed to a 2019 release, according to MacRumors. One of these reports was from Ming Chi Kuo, an Apple analyst who has a solid track record. The fact that's it's mentioned offhandedly in the Korea Herald report makes me think the date may have been a mistake. No matter how good AI and processing get, there's only so much you can do within the physical constraints of a small smartphone sensor. In theory, using multiple cameras and combining the information with some smart processing could help you somewhat replicate the image quality of a larger sensor.
Iphone

iPhones Will Reportedly Get the Power To Unlock Doors Using NFC (engadget.com) 112

The iPhone's NFC chip will soon have the ability open your house's and car's doors, as well as pay for your fare, reports The Information. From a report: The tech giant is reportedly gearing up to introduce a huge update for its devices' near-field communication chip, which is (at the moment) mostly used to make purchases via Apple Pay. Its employees already have access to the new features, the publication says, and have apparently been using their iPhones to access offices and buildings at Apple's HQ in Cupertino. While you can use iPhones to open a lot of smart locks via Bluetooth, NFC is considered the more secure option. According to the publication's sources, Apple has been working with HID Global, the company that made its security systems, to give iPhones the capability to gain access to buildings and offices since 2014. The company has reportedly been talking to transit card maker Cubic for years, as well.
Businesses

Apple Blocks Steam's Plan To Extend Its Video Games To iPhones (reuters.com) 202

Citing "business conflicts," Apple has blocked Steam's plans to distribute PC-based video games to iPhones. It's "a sign that Apple is serious about protecting its ability to take a cut of digital purchases made inside games on its mobile devices," reports Reuters. From the report: Steam, the dominant online store for downloaded games played on Windows PCs, had planned to release a free mobile phone app called Steam Link so that gamers could continue playing on their mobile phones while away from their desktop machines. But Apple has rejected the app, blocking its release, according to a statement from Steam's parent company, the Bellevue, Washington-based Valve. Steam did not give a precise reason for the App Store denials, saying only that Apple cited "business conflicts with app guidelines." But the conflict likely centers on what are known as in-app purchases or micro-transactions, in which gamers can spend small sums of money inside games to buy tokens, extra lives or others so-called digital goods. Lombardi said Steam disabled purchasing its iOS app but did not elaborate on how the change was made. Many analysts believe Apple could lose revenue if they allow Steam's app, which is essentially a store-within-a-store. "Apple takes a 30 percent cut of such purchases made within apps distributed through its App Store," Reuters notes. "[T]hose purchases are among the primary drivers of revenue in Apple's services business."
The Courts

Samsung Must Pay Apple $539 Million For Infringing iPhone Design Patents, Jury Finds (cnet.com) 143

Samsung must pay Apple $539 million for infringing five patents with Android phones it sold in 2010 and 2011, a jury has found in a legal fight that dates back seven years. "The unanimous decision, in the U.S. District Court in San Jose in the heart of Silicon Valley, is just about halfway between what the two largest mobile phone makers had sought in a high-profile case that reaches back to 2011," reports CNET. From the report: The bulk of the damages payment, $533,316,606, was for infringing three Apple design patents. The remaining $5,325,050 was for infringing two utility patents. Samsung already had been found to infringe the patents, but this trial determined some of the damages. The jury's rationale isn't clear, but the figure is high enough to help cement the importance of design patents in the tech industry. Even though they only describe cosmetic elements of a product, they clearly can have a lot of value.

Samsung showed its displeasure and indicated the fight isn't over. "Today's decision flies in the face of a unanimous Supreme Court ruling in favor of Samsung on the scope of design patent damages. We will consider all options to obtain an outcome that does not hinder creativity and fair competition for all companies and consumers," Samsung said.

Businesses

Android Creator Puts Essential Up For Sale, Cancels Next Phone (bloomberg.com) 51

Bloomberg reports that Andy Rubin's Essential Products business is considering selling itself and has canceled development of a new smartphone. The news comes several months after numerous reports suggested that the Essential Phone's sales were tepid. From the report: The startup has hired Credit Suisse Group AG to advise on a potential sale and has received interest from at least one suitor, the people said. Essential is now actively shopping itself to potential suitors, one of the people said. The startup, part of Rubin's incubator Playground Global, has raised about $300 million from several investors, including Amazon, Tencent, and Redpoint Ventures. It was valued at $900 million to $1 billion about a year ago, according to an analysis by Equidate, which runs a market for private company stock.

The startup has spent more than $100 million on developing its first products, about a third of the money it raised to build the company, the people said. Current discussions are focused on a sale of the entire company, including its patent portfolio, hardware products like the original smartphone, an upcoming smart home device and a camera attachment for the phone. Essential's engineering talent, which includes those hired from Apple and Alphabet's Google, would likely be part of a deal. The company hasn't yet made a final decision on a sale, the people said.

Businesses

Internal Documents Show Apple Knew the iPhone 6 Would Bend (vice.com) 130

In 2014, multiple users reported that their iPhone 6 and 6 Plus handsets were bending under pressure, such as when they were kept in a pocket. As a byproduct of this issue, the touchscreen's internal hardware was also susceptible to losing its connection to the phone's logic board. It turns out, Apple was aware that this could happen. Motherboard: Apple's internal tests found that the iPhone 6 and iPhone 6 Plus are significantly more likely to bend than the iPhone 5S, according to information made public in a recent court filing obtained by Motherboard. Publicly, Apple has never said that the phones have a bending problem, and maintains that position, despite these models commonly being plagued with "touch disease," a flaw that causes the touchscreen to work intermittently that the repair community say is a result of bending associated with normal use. The information is contained in internal Apple documents filed under seal in a class-action lawsuit that alleges Apple misled customers about touch disease. The documents remain under seal, but US District Court judge Lucy Koh made some of the information from them public in a recent opinion in the case. The company found that the iPhone 6 is 3.3 times more likely to bend than the iPhone 5s, and the iPhone 6 Plus is 7.2 times more likely to bend than the iPhone 5s, according to the documents. Koh wrote that "one of the major concerns Apple identified prior to launching the iPhones was that they were 'likely to bend more easily when compared to previous generations.'"
United States

Trump Ignores 'Inconvenient' Security Rules To Keep Tweeting On His iPhone, Says Report (politico.com) 542

According to Politico, "President Donald Trump uses a White House cellphone that isn't equipped with sophisticated security features designed to shield his communications." The decision is "a departure from the practice of his predecessors that potentially exposes him to hacking or surveillance." From the report: The president uses at least two iPhones, according to one of the officials. The phones -- one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites -- are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications. While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was "too inconvenient," the same administration official said. The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump's call-capable phones, which are essentially used as burner phones, are swapped out.
Cellphones

The Toughest (And Weakest) Phones Currently On the Market (tomsguide.com) 112

New submitter Daneel Olivaw R. shares a report from Tom's Guide: To measure each phone's toughness, [Tom's Guide] dropped it from both 4 and 6 feet onto wood and concrete. After each test, we recorded the damage to the phone. If a phone was rendered unusable -- the screen totally shattered, for instance -- then we stopped dropping it. [More details on the testing process can be found here.] Each drop was worth a maximum of 5 points; if a phone made it through all of the rounds unscathed, it would earn 35 points. The more severe the damage per drop was, the more points were deducted. If a phone was rendered unusable after a given drop, it would earn no points, and would not undergo any subsequent test. In total, there were seven tests. [...] If a phone died in the 6-foot edge drop, it was penalized an extra 10 percent. If it died in the 6-foot face drop, it was penalized 5 percent. And if it died when dropped into the toilet, it lost 2.5 percent. We then divided the total score by 3.5, to put it on a 10-point scale. Here are the scores of each device:

Motorola Moto Z2 Force - Toughness score: 8.5/10
LG X Venture - Toughness score: 6.6/10
Apple iPhone X - Toughness score: 6.2/10
LG V30 - Toughness score: 6/10
Samsung Galaxy S9 - Toughness score: 6/10
Motorola Moto G5 Plus - Toughness score: 5.1/10
Apple iPhone 8 - Toughness score: 4.9/10
Samsung Galaxy Note 8 - Toughness score: 4.3/10
OnePlus 5T - Toughness score: 4.3/10
Huawei Mate 10 Pro - Toughness score: 4.3/10
Google Pixel 2 XL - Toughness score: 4.3/10
iPhone SE - Toughness score: 3.9/10
Google

Google Sued For 'Clandestine Tracking' of 4.4 Million UK iPhone Users' Browsing Data (theguardian.com) 33

Google is being sued in the high court for as much as $4.3 billion for the alleged "clandestine tracking and collation" of personal information from 4.4 million iPhone users in the UK. From a report: The collective action is being led by former Which? director Richard Lloyd over claims Google bypassed the privacy settings of Apple's Safari browser on iPhones between August 2011 and February 2012 in order to divide people into categories for advertisers. At the opening of an expected two-day hearing in London on Monday, lawyers for Lloyd's campaign group Google You Owe Us told the court information collected by Google included race, physical and mental heath, political leanings, sexuality, social class, financial, shopping habits and location data.

Hugh Tomlinson QC, representing Lloyd, said information was then "aggregated" and users were put into groups such as "football lovers" or "current affairs enthusiasts" for the targeting of advertising. Tomlinson said the data was gathered through "clandestine tracking and collation" of browsing on the iPhone, known as the "Safari Workaround" -- an activity he said was exposed by a PhD researcher in 2012. Tomlinson said Google has already paid $39.5m to settle claims in the US relating to the practice. Google was fined $22.5m for the practice by the US Federal Trade Commission in 2012 and forced to pay $17m to 37 US states.

Privacy

'I Asked Apple for All My Data. Here's What Was Sent Back' (zdnet.com) 172

"I asked Apple to give me all the data it's collected on me since I first became a customer in 2010," writes the security editor for ZDNet, "with the purchase of my first iPhone." That was nearly a decade ago. As most tech companies have grown in size, they began collecting more and more data on users and customers -- even on non-users and non-customers... Apple took a little over a week to send me all the data it's collected on me, amounting to almost two dozen Excel spreadsheets at just 5MB in total -- roughly the equivalent of a high-quality photo snapped on my iPhone. Facebook, Google, and Twitter all took a few minutes to an hour to send me all the data they store on me -- ranging from a few hundred megabytes to a couple of gigabytes in size...

The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information -- like text messages and photos -- but they do contain metadata, like when and who I messaged or called on FaceTime. Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn't turn over your content which is largely stored on your slew of Apple devices. That's set to change later this year... And, of the data it collects to power Siri, Maps, and News, it does so anonymously -- Apple can't attribute that data to the device owner... One spreadsheet -- handily -- contained explanations for all the data fields, which we've uploaded here...

[T]here's really not much to it. As insightful as it was, Apple's treasure trove of my personal data is a drop in the ocean to what social networks or search giants have on me, because Apple is primarily a hardware maker and not ad-driven, like Facebook and Google, which use your data to pitch you ads.

CNET explains how to request your own data from Apple.
Cellphones

Lenovo Teases a True All-Screen Smartphone With No Notch (cnet.com) 177

An anonymous reader quotes a report from CNET: Notches, it seems, are the new black. Originally seen -- and often criticized -- on the Essential PH-1 and iPhone X in 2017, the trend of adding notches to Android phones has only accelerated this year as phone makers look to maximize the screen size. But the Lenovo Z5 is going the other way: It's truly all-screen, and notch-free. At least, that's according to a sketch shared last Friday by Lenovo VP Chang Cheng on Weibo, a Twitter-like platform in China. Cheng's teaser post says (according to Google Translate) that the Lenovo Z5 is the company's new flagship phone. Besides that, the post leaves it pretty vague.

All-screen phones look cool, but they challenge the manufacturer to find a place to put front cameras, sensors and other hardware. That's why we see bezels on some phones and notches on others. It's not clear what Lenovo plans to do with the front camera on the Lenovo Z5. Cheng's post claims that "four technological breakthroughs" and "18 patented technologies" were made for the phone, but doesn't go into details.
One of the first smartphones to launch with an edge-to-edge display was the Xiaomi Mi Mix. It launched with next to no bezel or notch, leaving many to wonder where the earpiece would be. What Xiaomi managed to do was use what it calls "cantilever piezoelectric ceramic acoustic technology." Basically, it's a component that converts electrical energy into mechanical energy to transfer to the phone's internal metal frame, which then vibrates to create sound. It's possible the Z5 relies on a similar technology, or bone conduction technology found in many headphones and some smartphones.

Aside from the front-facing camera and ambient light sensors, the other components that are typically found on the front of smartphones are relatively easy to drag-and-drop to different locations. For example, the speakers in the Z5 are likely bottom facing and the navigation controls are almost certainly software based. The question is whether or not it's worth having a true all-screen smartphone if it means there's no front-facing camera, ambient light sensors, or stereo speakers.
IOS

North Korean Hackers Are Now Developing iPhone Spy Tools (forbes.com) 27

An anonymous reader shares a report: Probing the bowels of what he believed to be North Korean hacking architecture, American cybersecurity researcher Darien Huss found an outlier: iPhone software. It appeared at first glance to be a fairly mundane program, a mobile device management (MDM) tool. Such apps are typically used for businesses to remotely monitor and control employees' phones. But, according to Huss, it's most likely one of, if not the only, example of North Korean spyware for Apple's smartphone.

It's unlikely the MDM app was anything other than malicious, said Huss, an employee of cybersecurity company Proofpoint. Tellingly, it was located on a server believed to contain other hacking tools, in particular those for Microsoft Windows, that he'd linked to one of the bigger North Korean hacking groups, the researcher explained to Forbes. If the iPhone tool is indeed a piece of spyware, Huss hasn't seen it used yet. He believes it's currently in development by that North Korean-linked hacker crew, though Proofpoint declined to provide additional details on his research.

Slashdot Top Deals