TP-Link unveiled its Kasa Smart Plug Mini back at CES 2019. The company quietly announced that it has canceled the device’s HomeKit integration.
It’s not known yet whether the company is abandoning HomeKit for all devices or solely for this one product. Nor are there any details about whether there will be any recourse for customers who bought the Kasa Smart Plug Mini in the expectation that HomeKit was coming.
Harry Potter: Wizards Unite will host a Brilliant Event tomorrow called Back to Hogwarts. Players will get new Brilliant Foundables, earn Restricted Books, and more.
Week 1: Runs from August 13, 2019 (11 A.M. PT/2 P.M. ET) – August 20, 2019 (11 A.M. PT/2 P.M. ET)
Week 2: Runs from August 27, 2019 11 A.M. PT/2 P.M. ET) – September 3, 2019 (11 A.M. PT/2 P.M. ET)
Music app Deezer is adding a new feature called Queue List for premium users. People can change devices in the middle of a song without having to restart it or search for it again.
Each user’s queue list is now stored in the cloud, making it effortless to switch between mobile, web, desktop, smart watches, autos, Android TV and Xbox.
Users can also edit and make changes to their queue list with all changes reflected across devices. Even if your queue list is set to Shuffle or Repeat, you can still enjoy your music on this setting after switching devices.
Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:
Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…
They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.
Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.
Popular gaming platform Twitch had a bad week last week. A very bad week. First, leading Fortnite streamer Tyler “Ninja” Blevins left the platform for a rival. Then, it inadvertently promoted porn on the channel he left behind. And that is not Twitch’s only problem. Eurogamer summed it all up:
After Tyler “Ninja” Blevins left Twitch for rival platform Mixer 10 days ago, visitors to his channel were redirected to a variety of other Fortnite streams – and one stream in particular got Twitch into serious trouble. Last night, Blevins tweeted a video criticising how Twitch had turned his channel into an “ad page” – and one of the promoted streams was a porn broadcast. “I’ve been streaming for eight years to build that brand and build that channel”, Blevins said. “There was a porn account that was number one recommended on my channel. And I have no say in any of this stuff.”
The Eclectic Light Company writes:
A few years ago, most Mac users had firewalls in their routers which blocked all incoming connections, and that was all they wanted. Over those years, we’ve increasingly installed software firewalls on our Macs to block outgoing connections. This article looks at some of the issues that arise from doing that.
The rules of the game keep changing, and this article brings us up-to-date.
In the latest issue of PCMag, Max Eddy writes that you shouldn’t give money to ransomware attackers when they ask.
First, most cyberattacks—including ransomware—don’t last long. The command and control servers that issue the unlock commands and receive payment can be found and taken offline…In either case, anyone who has been infected and not paid the ransom can no longer get their system unlocked, even if they pay.
This is why keeping several backups is important, one online, one offline. And keep your operating system up to date with the latest security patches and improvements.
This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.
The FBI wants to monitor Facebook, Twitter, and Instagram for domestic terrorism threats in real time.
The FBI ultimately wants an interactive tool that can be accessed by all headquarters division and field office personnel via web browsers and through multiple devices. Interested vendors should have the capabilities to offer the agency the ability to set filters around the specific content they see, send immediate and custom alerts and notifications around “mission-relevant” incidents, have broad international reach and a strong language translation capability and allow for real-time geolocation-based monitoring that can be refined as events develop.
Just ask the NSA.
Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).
Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.
Apple increased the team that test-drives its self-driving cars. The team in California has gone from having 110 members in April to 143 members now, macReports noted.
Apple is, currently, testing a total of 69 cars on public roads of California, according to the California Department of Motor Vehicles. The company also has 143 registered safety drivers in the State. This is an increase in drivers since April 24, when Apple had 69 test vehicles and 110 registered drivers. This means that Apple got permits for 33 more self-driving vehicles since April while keeping the same number of cars. The increase suggests that Apple is adding more drivers to the fleet at a steady rate. The new figures show that Apple still has the third-largest autonomous-car test fleet in California.
Goldman Sachs is accepting “subprime” applicants for Apple Card, meaning people with a low credit score.
While there is no standard definition for who qualifies as subprime, most fall under a FICO score of 660, and their loans often sour before borrowers with higher credit scores. Ten years ago, big lenders got into trouble when irresponsible loans made to subprime mortgage borrowers defaulted, helping create the worst excesses of the financial crisis.
I think this is great. Apple Card revolves around helping you pay off your credit as soon as possible, and tells you the minimum payment you need for a zero-interest payment. You might still get a high APR, but as long as you don’t carry a balance that won’t affect you. As we head into another school year, Apple Card could be a good choice for college students who may have low credit.
Huawei is working to find ways to withstand the U.S. – China trade war. Bloomberg News outlined some of its tactics and how it shapes up compared with Apple.
The newly hostile environment is putting to the test not just Apple’s “Designed in California, Assembled in China” slogan, but the overall preparedness of two smartphone-making giants as the decades-old made-in-China model fractures. Here’s a look at how dependent Apple and Huawei are on external suppliers. OS: Apple’s strength has always been the integration of software with hardware, and it has absolute control over iOS. Huawei is trying to do the same with Hongmeng, but it has everything left to prove, starting today. For the foreseeable future, Huawei remains dependent on Android for its mainstream smartphones, especially outside China. Advantage: Apple.
At Black Hat 2019, researcher Joshua Maddux found that security vulnerabilities can arise when websites add online payment integrations like Apple Pay. To be clear, he says it’s not an issue with Apple Pay itself, but rather how websites add it. And other third-party integrations can be similarly affected.
The flaws fit into a well-known type of vulnerability called “server side request forgery,” which allow attackers to bypass protections like firewalls to directly send commands to web applications. These vulnerabilities pose a real threat, and are regularly exploited in the wild. Most recently, they played a role in last month’s massive Capital One breach. Similarly, flexibility in how a website integrates Apple Pay potentially exposes its own backend infrastructure to unauthorized access.
In a piece for Wired, author Chris Stokel-Walker argued that Netflix should fear UK users getting subscription fatigue. He’s right. The same should be true for all the other firms in the UK and elsewhere who have or are planning a video subscription service. That includes Apple.
However, with the number of subscriptions climbing, are we likely to see subscription fatigue? Research by MUSO, an anti-piracy data consultancy, has found that eight in ten European consumers believe they’re already paying too much for content streaming, with two-thirds saying they wouldn’t pay for any more streaming services this year. “I think we’re in an incredible position as an industry where there’s so many things happening this year,” says Chris Elkins of MUSO. “The reality is we’re going into a world of fragmentation, where content is being removed from certain platforms – like Friends and The Office coming off Netflix.”
During the Black Hat 2019 conference, researchers demonstrated a way to spoof Face ID using nothing more than glasses and tape.
To launch the attack, researchers with Tencent tapped into a feature behind biometrics called “liveness” detection, which is part of the biometric authentication process that sifts through “real” versus “fake” features on people. It works by detecting background noise, response distortion or focus blur. One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro.
During Apple’s WWDC 2019 developer session 713 titled, “Advances in Networking” revealed that iOS 13 will stop location tracking using your device’s SSID/BSSID using the CNCopyCurrentNetworkInfo API. Developers have reported getting an email from Apple that says:
Starting with iOS 13, the CNCopyCurrentNetworkInfo API will no longer return valid Wi-Fi SSID and BSSID information. Instead, the information returned by default will be:
SSID: “Wi-Fi” or “WLAN” (“WLAN” will be returned for the China SKU) BSSID: “00:00:00:00:00:00”
With a special chip on the battery, Apple is locking down new iPhone batteries to prevent third-party repairs. Instead, you’ll have to go to an Apple store or an authorized repair center.
iFixit reports that replacing a battery in the iPhone XR, XS, or XS Max generates a “service” message saying the phone is “unable to verify this iPhone has a genuine Apple battery.” The phone will also not display any battery health readings.
The change is due to the chip on the battery itself. In addition to being able to relay information about battery cycles and temperature to the phone, the chips on the newer iPhone models also have an authentication feature for pairing with a specific phone.
DeepMind, the Google owned AI firm, is a company on a mission. In its UK cover story this month, Wired went into the company’s new HQ and spoke with CEO Demis Hassabis.
For DeepMind, the emergence of the new headquarters is symbolic of a new chapter for the company as it turns its research heft and compute power to try to understand, among other things, the building blocks of organic life. In so doing, the company hopes to make breakthroughs in medicine and other disciplines that will significantly impact progress in a number of fields. “Our mission should be one of the most fascinating journeys in science,” Hassabis says. “We’re trying to build a cathedral to scientific endeavour.”
Dark mode arrived on the Android version of Apple Music. Cult of Mac reported that the app also introduced time-synced lyrics support.
The new dark mode makes Apple Music easier on the eyes when you’re listening to your favorite tracks in a dimly-lit room at night. And it works just as well as the dark mode in iOS 13. The option inverts Apple Music’s color scheme, but intelligently differentiates things like images and text to prevent everything on-screen from going dark. Time-synced lyrics support is even more impressive. Not only does it let you follow the words to a song in real-time, but it also lets you skip to certain parts of the track by tapping on specific phrases.
Some teens were making thousands of dollars a month running Instagram accounts that shared memes. Then the photo-sharing network shut their accounts down. MarketWatch spoke to one of those affected.
The purge has cost some users thousands of dollars. Ben told MarketWatch his pages earned him $4,000 a month and were his only salary. He made the money through selling shoutouts: Users looking to grow their pages paid Ben to promote those pages on his account. “I don’t have another job as Instagram paid in one week what I would get in one month of an actual job,” Ben said. He did not think it would last forever, however. Ben saved most of the money he earned from his page, but is now looking for another source of income.
The Verge writes:
… today’s just-announced Samsung Galaxy Note 10 doesn’t include the 3.5mm socket, even though it’s the phone that would have been most likely to keep it around….
Now, like some of its competitors, Samsung just has to pretend it never made fun of Apple for doing the same damn thing. Because even if you try to delete these videos, Samsung, the internet has a long memory.
The excuses explanations Samsung makes are hilarious.
A couple weeks ago I shared news that Amazon is requiring police to promote its Ring surveillance cameras. Not that bad, I thought, because at least the police had to have the owner’s permission. But I was optimistic, because Amazon is giving police talking points on how to persuade owners, and even seizing the video footage if the owner said no.
As reported by GovTech on Friday, police can request Ring camera footage directly from Amazon, even if a Ring customer denies to provide police with the footage. It’s a workaround that allows police to essentially “subpoena” anything captured on Ring cameras.
Things like government surveillance and hacking are precisely why I will never buy smart home products. Update: A Ring spokesperson emailed me a correction: The reports that police can obtain any video from a Ring doorbell within 60 days is false. Ring will not release customer information in response to government demands without a valid and binding legal demand properly served on us. Ring objects to overbroad or otherwise inappropriate demands as a matter of course.
David Murphy has a good tip: Create an email filter for your bank so you don’t miss important messages like fraud alerts.
Get specific when you set your filters, because you don’t want to accidentally drag in phishing emails that are attempting to pose as your bank. This shouldn’t be a problem if your email service is good about eradicating spam but, when in doubt, I’d probably try to set a combined filter for emails from your bank’s exact domain that contain the word “fraud,” rather than just a filter that catches subject lines with “your bank’s name” and “fraud.”
Smart camera firm Arlo has added HomeKit support to some of its products, DigitalTrends reported. Interestingly, the top-of-the line Arlo Ultra 4K was not amongst the cameras that got the update.
Unfortunately for buyers of the company’s top-of-the-line cameras, the new connectivity to HomeKit only applies to select Arlo cameras, specifically the popular Arlo Pro and Arlo Pro 2 systems. Owners of the VMB5000 model and the corresponding Arlo Ultra 4K will have to wait a bit longer to add their smart cameras to Apple’s smart home ecosystem. On the bright side, the firmware update reduces the need for Apple HomeKit users to use the Arlo app or its corresponding remote control. The select models of Arlo smart cameras will appear in the directory of other HomeKit accessories in a user’s Home app and can also be controlled using Apple’s digital assistant, Siri, via an iPhone, iPad, Apple Watch,or Mac computer.
