September’s Mate 30 launch could be a major test for Huawei

Apple isn’t the only smartphone manufacturer planning a big September launch. Huawei’s got a big event on the books as well, set for September 18 in Munich, just over a week after the new iPhones are unveiled. For Huawei, however, the Mate 30 announcement is about more than just smartphones.

The event is effectively the first big handset launch since the embattled Chinese manufacturer was added to the U.S. trade blacklist. The move had seemingly been a long time coming, after years of allegations ranging from spying to sanctions violations, but with the ban in place, the move will mark a key moment of truth for a company that has so far been dependent on offerings from U.S. companies like Google.

The Mate 30, which also marks a push into 5G, could potentially launch without Google apps. The recent U.S. government reprieve only applied to already announced products, according to a statement Google gave to Reuters. Trump has suggested that ban on Huawei products could be lifted with a new U.S.-China trade deal, further clouding the suggestion that the move made purely out of concerns for security.

The smartphone maker gave its own comment to Reuters, noting, “Huawei will continue to use the Android OS and ecosystem if the U.S. government allows us to do so. Otherwise, we will continue to develop our own operating system and ecosystem.”

That last bit is a clear allusion to HarmonyOS. The recently unveiled operating is largely limited to low end handsets and IoT device, but Huawei is also certainly readying itself for a longterm life after Google.

Meanwhile, CNBC is citing a source that suggests the phone will launch with or without Google apps, depending on how things shake out over the next few weeks. That would likely amount to a minor nuisance, requiring users to download them after purchase, while a full out Android brand would prove far more harmful to its bottom line.

It seems quite unlikely at the moment, however, that the company would attempt to launch such a high end device with its own partially baked operation system.

from Android – TechCrunch https://ift.tt/2HyTwow
via IFTTT

Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.

Apple expands its bug bounty, increases maximum payout to $1M

from iPhone – TechCrunch https://ift.tt/32db8Ot

Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.

Apple expands its bug bounty, increases maximum payout to $1M

from Apple – TechCrunch https://ift.tt/32db8Ot

Apple will unveil the next iPhone September 10

Invites for the next big Apple event have just landed in press mailboxes everywhere, confirming the rumored September 10 date. Invites for the event, which is set for Steve Jobs Theater on the company’s shiny new Cupertino campus, note that the event is “by innovation only.” It is a small theater, after all.

The invite features a swirling multi-color homage to the 80s Apple logo, albeit in a subtler pastel hue, which may point to colorful new hardware.

The centerpiece of the event will, of course, be the iPhone 11, which is rumored to arrive in three different flavors: The standard 11 (replacing the budget XR) and two 11 Pro models, set to replace the XS and XS Max, respectively. The scheme would mark a kind of new approach for the company, which has struggled to grapple with declining smartphone sales along with the rest of the industry.

Offering a lower-price-point flagship could help Apple appeal to consumers who have been put off by increasing prices on the high-end units, which have routinely topped out well over $1,000. It could also help Apple in increasingly important markets like China and India, which currently stand as numbers one and two in global smartphone sales, respectively.

A number of new features have been rumored for the new handsets, including a triple-camera array with an ultra-wide lens, a new A13 chip and wireless power sharing à la the Samsung Galaxy series, which would fit nicely alongside the latest AirPods. This being Apple’s last big hardware push before the holidays, there’s sure to be plenty more on the docket, as well.

I’ll be RSVPing as soon as I’m done with this post, so we’ll see you on the ground in Cupertino September 10 at 10AM sharp.

from iPhone – TechCrunch https://ift.tt/2HA6q5I

Daily Crunch: Apple changes audio review program

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Apple is turning Siri audio clip review off by default and bringing it in house

Following reports that contractors were reviewing customers’ Siri audio samples for quality control, Apple says it has revamped the process. Moving forward, users have to opt-in to participate, and the audio samples will only be reviewed by Apple employees.

“As a result of our review, we realize we haven’t been fully living up to our high ideals, and for that we apologize,” the company said.

2. Mozilla CEO Chris Beard will step down at the end of the year

Mozilla is currently seeking a replacement for Beard, though he’s agreed to stay on through year’s end. Executive chairwoman Mitchell Baker announced in her own post that she’s agreed to step into an interim role if needed.

3. Federal grand jury indicts Paige Thompson on two counts related to the Capital One data breach

Thompson allegedly created software that allowed her to see which customers of a cloud computing company (although the indictment does not name the company, it has been identified as Amazon Web Services) had misconfigured their firewalls, and as a result accessed data from Capital One and more than 30 others.

A woman is holding a Juul e-cigarette, in Montreal. (Photo: Josie_Desmarais/Getty Images)

4. Juul introduces new POS standards to restrict sales to minors

The Retail Access Control Standards program, or RACS for short, automatically locks the point-of-sale system each time a Juul product is scanned until a valid, adult ID is scanned as well.

5. Apple expands access to official repair parts for third-party shops

Until today, if you were a non-authorized repair shop, you couldn’t get official parts. This could result in mixed experiences for customers.

6. Spotify aims to turn podcast fans into podcast creators with ‘Create podcast’ test

The streaming music service is testing a new ‘Create podcast’ feature that shows up above a user’s list of subscribed podcasts. It directs them to download Anchor, the podcast creation app that Spotify acquired in February.

7. How UK VCs are managing the risk of a ‘no deal’ Brexit

The prevailing view among investors about founders is that Brexit means uncertain business as usual. One response: “Resilience is the mother of entrepreneurship!” (Extra Crunch membership required.)

from Apple – TechCrunch https://ift.tt/2L6YsDj

Nike Huaraches get updated for the smartphone age

Ever since they went from Back to the Future fantasy to real world wearable tech, Nike has promised that the Adapt line was more than just a one-off gimmick. Slowly but surely, the company has made its self-lacing motor technology more accessible, most notably though its long awaited Adapt BB sneakers, which arrived earlier this year.

The company announced today that it will be bringing the tech to its Huarache line next month, with the release of the Adapt Huaraches. Introduced in 1991, the line was built around a neoprene bootie derived from water skits. The new shoes feature a similar structure updated for 2019 style and along with smartphone integration.

Nike’s auto-laced future

Like the Adapt BB, the new Huaraches feature a pair of LED lights in the sole that change color based on their connection to the device. The mobile app, meanwhile, is used to adjust the lacing fit. FitAdapt features a bunch of different tension levels, based on different situations. The shoes also, notably, can be used with Apple Watch and Siri, meaning you can ask Apple’s assistant to tighten up your laces.

“This makes the Nike Adapt Huarache a double-barreled revolution,” Nike writes in a release. “First, it brings a storied franchise into the future. Second, and most significant, it propels Nike FitAdapt into the fast-paced, quick-shifting world of the everyday athlete — offering the personalized comfort needed in, say, the sprint to catch the bus, before seamlessly shifting fit as you settle into an empty seat with a sigh of quiet relief.”

The shoes are due out September 13. No pricing yet, but it seems likely they’ll be in the same ballpark as the $350 BBs.

from Apple – TechCrunch https://ift.tt/32eiu4s

Google to pay security researchers who find Android apps and Chrome extensions misusing user data

Google said it will pay security researchers who find “verifiably and unambiguous evidence” of data abuse using its platforms.

It’s part of the company’s efforts to catch those who misuse user data collected through Android apps or Chrome extensions — and to avoid its own version of a scandal like Cambridge Analytica, which saw millions of Facebook profiles scraped and used to identify undecided voters during the U.S. presidential election in 2016.

Google said anyone who identifies “situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent” is eligible for its expanded data abuse bug bounty.

“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store,” read a blog post. “In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed.” The company said abuse of its developer APIs would also fall under the scope of the bug bounty.

Google said it isn’t providing a reward table yet but a single report of data misuse could net $50,000 in bounties.

News of the expanded bounty comes in the wake of the DataSpii scandal, which saw browser extensions scrape and share data from millions of users. These Chrome extensions uploaded web addresses and webpage titles of every site a user visited, exposing sensitive data like tax returns, patient data, and travel itineraries.

Google was forced to step in and suspend the offending Chrome extensions.

Instagram recently expanded its own bug bounty to include misused user data following a spate of data incidents,

After data incidents, Instagram expands its bug bounty

from Android – TechCrunch https://ift.tt/32ia3VT
via IFTTT