Link

Facebook Tried to Buy a Hacking Tool to Spy on iPhone Users

Andrew Orr ·

According to court filings, when Facebook was in the early stages of building its spyware VPN called Onavo Protect, it noticed that it wasn’t as effective on Apple devices as it was on Android. So Facebook approached a hacking group called NSO Group to use its Pegasus malware.

According to the court documents, it seems the Facebook representatives were not interested in buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo.

Link

iPhone 8 Still Works After Two Months in The River Thames

Charlotte Henry ·

A UK woman dropped her new iPhone 8 into the River Thames. Two months later she stumbled across it, the Mirror reported. After a spell in some dried rice, she and her fiance turned the iPhone 8 on… and it worked.

At two metres beneath the surface, the phone was difficult to reach so the pair returned home to look for something to retrieve it with. After looking on Amazon, the pair eventually decided to fashion a homemade fishing net by attaching a kitchen sieve to the end of a broom. They next day they returned to the site with the contraption and spent 40 minutes fighting against the current to reach the phone.

Link

Apple Pays Hacker Who Found Seven Zero-Days $75,000

Charlotte Henry ·

Apple paid hacker Ryan Pickren $75,000 via its bug bounty program (via Forbes). The former Amazon Web Services engineer found seven zero-day vulnerabilities and used three of them to hijack an iPhone’s camera.

During December 2019, Pickren decided to put the notion that “bug hunting is all about finding assumptions in software and violating those assumptions to see what happens” to the test. He opted to delve into Apple Safari for iOS and macOS, to “hammer the browser with obscure corner cases” until weird behavior was uncovered… To cut a very long and technical story short: Pickren found a total of seven zero-day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787) of which three could be used in the camera hacking kill chain.

Link

Zoom’s Encryption is Linked to Chinese Servers

Andrew Orr ·

Researchers found that Zoom uses its own encryption scheme, sometimes using keys issued by China.

Some of the key management systems — 5 out of 73, in a Citizen Lab scan — seem to be located in China, with the rest in the United States. Interestingly, the Chinese servers are at least sometimes used for Zoom chats that have no nexus in China. The two Citizen Lab researchers, Bill Marczak and John Scott-Railton, live in the United States and Canada. During a test call between the two, the shared meeting encryption key “was sent to one of the participants over TLS from a Zoom server apparently located in Beijing,” according to the report.

I don’t have further commentary on Zoom, other than asking, “How will this end?”

TMO Deals

Smartphone UV Sanitizer: $37.95

Bryan Chaffin ·

We have a deal on a device that sells itself: a smartphone UV sanitizer. This device uses UV lights to disinfect your cell phone killing 99.9% of germs in 15 minutes or less. And, it has an internal battery with a 5,000mAh capacity so you use it on the go more than once. It fits cellphones and smartphones up to 6.3 x 3.22 x 0.43 inches, which includes the iPhone 11 and iPhone 11 Max (6.22 x 3.06  x 0.32 inches). It’s $37.95 through our deal.

Link

iPhone Accessory Maker Gamevice Wants to Ban Nintendo Switch From US

Andrew Orr ·

Gamevice makes game controllers for iPhones, and believes that the Nintendo Switch infringes on its design.

This is a new complaint, separate from another against Nintendo that Gamevice is now appealing after the Patent Trial and Appeal Board ruled in Nintendo’s favor. In that case, Nintendo was accused of infringing 19 Gamevice patents.

Nintendo will be hoping that the ITC dismisses Gamevice’s latest suit before it ends up in another lengthy legal battle. But if Gamevice had its way, Nintendo would not be allowed to import and sell the Switch in the U.S.

I always wonder what goes through company minds in cases like these. Does Gamevice think that people will magically flock to its products if the Switch gets banned? Because that definitely won’t happen.

Link

WireGuard VPN Gets Added to the Next Linux Kernel

Andrew Orr ·

I briefly mentioned WireGuard when I wrote of Cloudflare’s WARP beta. I think it’s something to add to your technology watch lists. It’s just not any old VPN app, it’s a VPN protocol that could very well replace current protocols like IPsec and OpenVPN, or at least be offered as an alternative. You can read the technical whitepaper here [PDF], along with this write up from Ars Technica.

WireGuard will now operate as either a Loadable Kernel Module (LKM) or built statically into the kernel itself. But whether static or loadable, it will be “in-tree”—which means it’s provided ready to go with the vanilla kernel itself, with no need for repackaging by the various distros. This puts it on the same footing as other supported drivers.

Link

YouTube Kids Gets the Watch Time, While Netflix Gets The Installs

Charlotte Henry ·

Netflix was installed 59 million times in the first quarter of 2020. However, it was YouTube Kids that had the most usage, according to AppTopia and Blaze data reported on by Reuters.

Netflix Inc led rivals YouTube, Amazon Prime and Disney+ with over 59 million installs in the first quarter of 2020, but more time was spent on YouTube’s Kids service as usage boomed following the shutdown of thousands of schools in March. YouTube, owned by Alphabet Inc’s Google, collected $110 million in in-app spending during the same time period, the highest among major streaming apps globally, according to a report by analytics firms Apptopia and Braze. The report did not give actual hours of usage, but ranked YouTube Kids first, followed by Netflix. YouTube itself was in third place.

Link

Tile: Apple’s Anticompetitive Behavior Has Gotten Worse

Andrew Orr ·

On Wednesday, Tile told a congressional panel that Apple didn’t live up to its promises to resolve a dispute between the two companies.

Tile had objected to Apple requiring its users to repeatedly agree to allow Tile to operate in the background, which is crucial to Tile’s service…Tile also said that there were indications that Apple planned to update its Find My product, adding hardware, so it would be a competitor to Tile.

Those are Tile’s two arguments. One – They’re mad that Apple cracked down on apps collecting location data in the background. No sympathy there from me. Two – Apple allegedly plans to compete with Tile with its own hardware Bluetooth device, rumored “AirTag.” Tile is acting as if Apple specifically aimed its location crackdown at them, to set itself up for AirTag, but I’m not sure if that’s right. Tile certainly wasn’t the only one doing that.

Link

Latest iPad Pro May Not Have the U1 Chip in it

Charlotte Henry ·

When the 2020 iPad Pro launched there was discussion about whether or not had U1 chip in it. The chip, present in the iPhone 11 series, provides Ultra Wideband support. It is not mentioned in the iPad Pro tech specs but is referred to in the iPhones’ specs. While MacRumors noted that the U1 could still be present and that Apple is waiting until it is useful to highlight it, it has compiled evidence that that is not the case.

The biggest clue of all is that FCC filings for all iPhone 11 models list operating frequencies in the 6GHz range and the 7-8GHz range, and the rules for these frequencies points to “Subpart F — Ultra-Wideband Operation.” TechInsights last year reported that the U1 chip in iPhone 11 models transmits on two different frequencies, 6.24GHz and 8.23GHz. By comparison, FCC filings indicate that all 2020 iPad Pro models operate within a max frequency range of 5GHz for Wi-Fi.

Link

U.S. Census Goes Digital With The iPhone 8

Charlotte Henry ·

It’s census year in the U.S., but this time around it’s going to be different. Each enumerator tasked with getting the data is to be handed an iPhone 8 instead of a pen and paper. CNet looked into how it is all going to work, and the risks involved.

In an effort to make the door-to-door process, which is the most laborious and expensive part of the census, faster and more efficient, the bureau is arming 500,000 enumerators with the Apple iPhone 8. But as the census goes mobile, instantaneously beaming respondents’ answers to data centers and cloud servers, it opens itself up to those who may want to access or manipulate such valuable information. The stakes to pull off a census have always been high, but with this year’s adoption of new technological methods, the pressure to succeed is even higher.

TMO Deals

Restly Sleep App Lifetime Subscription: $39.99

Bryan Chaffin ·

We have a deal on a lifetime subscription to the Restly sleep app. According to the developers, Restly provides a scientifically-based method of falling asleep—male and female voices plus different calming sounds to get you through to the shortened journey of dozing off. The app also features a smart alarm clock, sleeping timer, and statistics to best fit the app’s behavior according to your body rhythm. A lifetime subscription for this app is $39.99 through our deal.