Apple still has work to do on privacy

There’s no doubt that Apple’s self-polished reputation for privacy and security has taken a bit of a battering recently.

On the security front, Google researchers just disclosed a major flaw in the iPhone, finding a number of malicious websites that could hack into a victim’s device by exploiting a set of previously undisclosed software bugs. When visited, the sites infected iPhones with an implant designed to harvest personal data — such as location, contacts and messages.

As flaws go, it looks like a very bad one. And when security fails so spectacularly, all those shiny privacy promises naturally go straight out the window.

The implant was used to steal location data and files like databases of WhatsApp, Telegram, iMessage. So all the user messages, or emails. Copies of contacts, photos, https://t.co/AmWRpbcIHw pic.twitter.com/vUNQDo9noJ

— Lukasz Olejnik (@lukOlejnik) August 30, 2019

And while that particular cold-sweat-inducing iPhone security snafu has now been patched, it does raise questions about what else might be lurking out there. More broadly, it also tests the generally held assumption that iPhones are superior to Android devices when it comes to security.

Are we really so sure that thesis holds?

But imagine for a second you could unlink security considerations and purely focus on privacy. Wouldn’t Apple have a robust claim there?

On the surface, the notion of Apple having a stronger claim to privacy versus Google — an adtech giant that makes its money by pervasively profiling internet users, whereas Apple sells premium hardware and services (including essentially now ‘privacy as a service‘) — seems a safe (or, well, safer) assumption. Or at least, until iOS security fails spectacularly and leaks users’ privacy anyway. Then of course affected iOS users can just kiss their privacy goodbye. That’s why this is a thought experiment.

But even directly on privacy, Apple is running into problems, too.

 

To wit: Siri, its nearly decade-old voice assistant technology, now sits under a penetrating spotlight — having been revealed to contain a not-so-private ‘mechanical turk’ layer of actual humans paid to listen to the stuff people tell it. (Or indeed the personal stuff Siri accidentally records.)

from iPhone – TechCrunch https://ift.tt/2Pwh5Vv

…or you can always buy a $40 wood case for your Apple Card

Apple really unleashed the spoofs and goofs when the care instructions were spotted online for its new Credit card. Of particular note were warnings against contact with denim and leather— common materials for people who own wallets and/or wear pants.

In the intervening week and change, I’m sure more than one entrepreneur had the thought of targeting those very specific parameters. Take Pittsburg-based KerfCase, which is offering this $39 wooden card case with a pop up feature for the card. It looks nice, I suppose. I mean, it’s the nicest wooden Apple Card case I’ve seen all afternoon (though I’m bound to get 50 more in my inbox after posting this).

Founder Benjamin Saks notes that the project started out a bit tongue-in-cheek, but eventually it became a real project and turned out pretty well. I understand that penicillin was discovered in similar fashion.

from Apple – TechCrunch https://ift.tt/34czEkL

Daily Crunch: Apple will unveil the next iPhone on Sept 10

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Apple will unveil the next iPhone September 10

Apple has sent out invites confirming rumors that its next major press event will happen on September 10. The event is expected to focus on the iPhone 11, unveiling three different models — the standard 11, as well as two Pro options.

If this happens, it would mark a subtle-but-significant shift in the way Apple structures its phone lineup. With a lower-priced flagship replacing the budget XR, the company could appeal to consumers who’ve been turned off by the rising prices for higher-end options.

2. Uber and Lyft are putting $60M toward keeping drivers independent contractors

In the event that California’s Assembly Bill 5 passes — forcing Uber and Lyft to make their drivers W-2 employees — each company is putting in $30 million to fund a 2020 ballot initiative that would enable them to keep their drivers as independent contractors.

3. Google lets David Drummond do the talking

Anyone wondering if Alphabet might reprimand its chief legal officer David Drummond for a long-ago extramarital affair with a former subordinate (which recently resurfaced in a much-discussed blog post), the answer seems to be . . . not right now.

Image via Getty Images / vladwel

4. ‘Filmmaker Mode’ will automatically turn off all the dumb motion smoothing and noise reduction on new TVs

Most new TVs come with a bunch of random junk turned on by default; things like motion smoothing that makes epic movies look like soap operas, or noise reduction that can wash out details and make an actor’s skin look cyborg-y. With Filmmaker Mode, you’ll be able to push a button and all that crap gets turned off.

5. Nike Huaraches get updated for the smartphone age

Slowly but surely, Nike has made its self-lacing motor technology more accessible. The next step: Bringing the tech to its Huarache line next month.

6. What is Andela, the Africa tech talent accelerator?

To put it succinctly, Andela is a startup — backed by $180 million in venture capital — that trains and connects African software developers to global companies for a fee. (Extra Crunch membership required.)

7. Marc Benioff will discuss building a socially responsible and successful startup at TechCrunch Disrupt

Benioff is coming to TechCrunch Disrupt in San Francisco to discuss how to build a highly successful business while giving back to the community.

from Apple – TechCrunch https://ift.tt/2NFKkT2

September’s Mate 30 launch could be a major test for Huawei

Apple isn’t the only smartphone manufacturer planning a big September launch. Huawei’s got a big event on the books as well, set for September 18 in Munich, just over a week after the new iPhones are unveiled. For Huawei, however, the Mate 30 announcement is about more than just smartphones.

The event is effectively the first big handset launch since the embattled Chinese manufacturer was added to the U.S. trade blacklist. The move had seemingly been a long time coming, after years of allegations ranging from spying to sanctions violations, but with the ban in place, the move will mark a key moment of truth for a company that has so far been dependent on offerings from U.S. companies like Google.

The Mate 30, which also marks a push into 5G, could potentially launch without Google apps. The recent U.S. government reprieve only applied to already announced products, according to a statement Google gave to Reuters. Trump has suggested that ban on Huawei products could be lifted with a new U.S.-China trade deal, further clouding the suggestion that the move made purely out of concerns for security.

The smartphone maker gave its own comment to Reuters, noting, “Huawei will continue to use the Android OS and ecosystem if the U.S. government allows us to do so. Otherwise, we will continue to develop our own operating system and ecosystem.”

That last bit is a clear allusion to HarmonyOS. The recently unveiled operating is largely limited to low end handsets and IoT device, but Huawei is also certainly readying itself for a longterm life after Google.

Meanwhile, CNBC is citing a source that suggests the phone will launch with or without Google apps, depending on how things shake out over the next few weeks. That would likely amount to a minor nuisance, requiring users to download them after purchase, while a full out Android brand would prove far more harmful to its bottom line.

It seems quite unlikely at the moment, however, that the company would attempt to launch such a high end device with its own partially baked operation system.

from Android – TechCrunch https://ift.tt/2HyTwow
via IFTTT

Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.

Apple expands its bug bounty, increases maximum payout to $1M

from iPhone – TechCrunch https://ift.tt/32db8Ot

Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.

Apple expands its bug bounty, increases maximum payout to $1M

from Apple – TechCrunch https://ift.tt/32db8Ot

Apple will unveil the next iPhone September 10

Invites for the next big Apple event have just landed in press mailboxes everywhere, confirming the rumored September 10 date. Invites for the event, which is set for Steve Jobs Theater on the company’s shiny new Cupertino campus, note that the event is “by innovation only.” It is a small theater, after all.

The invite features a swirling multi-color homage to the 80s Apple logo, albeit in a subtler pastel hue, which may point to colorful new hardware.

The centerpiece of the event will, of course, be the iPhone 11, which is rumored to arrive in three different flavors: The standard 11 (replacing the budget XR) and two 11 Pro models, set to replace the XS and XS Max, respectively. The scheme would mark a kind of new approach for the company, which has struggled to grapple with declining smartphone sales along with the rest of the industry.

Offering a lower-price-point flagship could help Apple appeal to consumers who have been put off by increasing prices on the high-end units, which have routinely topped out well over $1,000. It could also help Apple in increasingly important markets like China and India, which currently stand as numbers one and two in global smartphone sales, respectively.

A number of new features have been rumored for the new handsets, including a triple-camera array with an ultra-wide lens, a new A13 chip and wireless power sharing à la the Samsung Galaxy series, which would fit nicely alongside the latest AirPods. This being Apple’s last big hardware push before the holidays, there’s sure to be plenty more on the docket, as well.

I’ll be RSVPing as soon as I’m done with this post, so we’ll see you on the ground in Cupertino September 10 at 10AM sharp.

from iPhone – TechCrunch https://ift.tt/2HA6q5I