DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Privacy

Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data (vice.com) 88

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.
United States

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk) 507

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
Android

Android Creator Lost Out On a Big Investment, and Apple May Be To Blame (cnbc.com) 74

Earlier this year, we learned that Andy Rubin, creator of the Android operating system, has built a new company called Essential. The company was reportedly working on a "high-end smartphone with a large edge-to-edge screen that lacks a surrounding bezel." It appears things aren't chugging along so smoothly. From a report: Andy Rubin, a co-creator of Android, lost out on a $100 million investment from SoftBank as Apple deepened ties with the Japanese investor, people familiar with the matter told The Wall Street Journal. Rubin's company, Essential Products, is reportedly planning to release a new high-end smartphone this spring, and SoftBank planned to market the phone in Japan, the Journal said. But Apple subsequently agreed to commit $1 billion to SoftBank's Vision Fund, a move that "complicated" SoftBank's investment in Essential Products, the Journal reported Monday. Apple did not directly block the deal, the Journal said, though Rubin's premium phone would be released ahead of the highly anticipated 10th anniversary iPhone. The deal was "nearly complete," sources told the Journal.
Businesses

Apple's Next Big Thing: Augmented Reality (bloomberg.com) 94

Apple is beefing up its staff with acquisitions and some big hires to help design augmented reality glasses and iPhone features, according to Bloomberg. From a report: Apple is working on "digital spectacles" that could connect to an iPhone and beam content like movies and maps, Bloomberg's Mark Gurman reported on Monday. The Cupertino, Calif.- based company is also working on augmented reality features for the iPhone that are similar to Snapchat, Bloomberg said. To make its augmented reality push, Apple has acquired augmented reality start-ups FlyBy Media and Metaio, and hired major players from Amazon, Facebook's Oculus, Microsoft's HoloLens, and Dolby.
Iphone

Inside a Phishing Gang That Targets Victims of iPhone Theft (krebsonsecurity.com) 15

tsu doh nimh writes: Brian Krebs has a readable and ironic story about a phishing-as-a-service product that iPhone thieves can use to phish the Apple iCloud credentials from people who have recently had an iPhone lost or stolen. The phishing service -- which charged as much as $120 for successful phishing attempts targeting iPhone 6s users -- was poorly secured, and a security professional that Krebs worked with managed to guess several passwords for users on the service. From there, the story looks at how this phishing service works, how it tracks victims, and ultimately how one of its core resellers phished his own iCloud account and inadvertently gave his exact location as a result. An excerpt from the report via Krebs On Security: "Victims of iPhone theft can use the Find My iPhone feature to remotely locate, lock or erase their iPhone -- just by visiting Apple's site and entering their iCloud username and password. Likewise, an iPhone thief can use those iCloud credentials to remotely unlock the victim's stolen iPhone, wipe the device, and resell it. As a result, iPhone thieves often subcontract the theft of those credentials to third-party iCloud phishing services. This story is about one of those services..."
The Almighty Buck

Apple Found Guilty of Russian Price-Fixing (bbc.com) 49

An anonymous reader shares a BBC report: Russia's competition watchdog has found that Apple fixed the prices of certain iPhone models sold in the country. The Federal Anti-Monopoly Service (Fas) said that Apple's local subsidiary told 16 retailers to maintain the recommended prices of phones in the iPhone 5 and iPhone 6 families. Non-compliance with the pricing guidelines may have led to the termination of contracts, it found. At the time of the investigation, Apple denied that it controlled its products' pricing, telling Reuters that resellers "set their own prices for the Apple products they sell in Russia and around the world." The regulator said Apple had now ended its price-fixing practices but has not said whether the company faces a fine. The FAS claimed that Apple Rus monitored the retail prices for the iPhone 5c, 5s, 6, 6 Plus, 6s and 6s Plus.
Android

Kickstarter Campaign Aims To Add a Full Android Device To the Back of Your iPhone (macrumors.com) 158

A new Kickstarter campaign aims to expand the iPhone's functionality with its "Eye Smart iPhone Case," which features a fully functional Android device built into the case itself. The campaign was launched on March 1 and has already raised over $100,000. Mac Rumors reports: An always-on 5-inch AMOLED display is built into the case, which runs the Android 7.1 Nougat operating system. The case connects to the iPhone using its Lightning port to enable file transfers, power delivery, and more. A microSD card slot provides up to 256GB of storage for holding photos, videos, and other media, all of which is accessible using the Android file explorer. A built-in 2,800 mAh battery provides additional charge to the iPhone, and the Eye case itself supports Qi wireless charging. Two SIM card slots are included, and higher-end models support 4G LTE connectivity, so up to three phone numbers can be used with an iPhone. Android exclusive features, like native call recording, the file explorer, customization, file transfers, and Android apps are all made available to iPhone users via the Eye case. A 3.5mm headphone jack lets iPhone owners with an iPhone 7 or an iPhone 7 Plus to use wired headphones with the device, and the Eye case includes NFC, an IR blaster and receiver for controlling TVs and other devices, and a car mount. It's available for the iPhone 6 and later, and will allegedly be available for the new wave of iPhones coming in 2017 within a month of their release. The Smart iPhone Case is available for a Super early bird pledge of $95, with prices going up for 4G connectivity. The estimated retail price is between $189 and $229.
Government

FBI Says It Can't Release iPhone Hacking Tool Because It Might Still Be Useful (zdnet.com) 70

Justice Dept. officials say that details of a hacking tool used to access a terrorist's iPhone should not be released because it may still be "useful" to federal investigators. From a report: The government is fighting a case against three news organizations, including the Associated Press, which are fighting to release details of the hacking tool that FBI agents used to unlock a passcode-protected phone used by San Bernardino shooter Syed Farook. Details of the hacking tool have remained classified, not least because the Justice Dept. believes the tool may could still be used by the FBI in similar cases. "Disclosure of this information could reasonably be expected to cause serious damage to national security as it would allow hostile entities to discover the current intelligence gathering methods used, as well as the capabilities and limitations of these methods," said David Hardy, section chief of the FBI's records management division, in a court filing released late Monday.
Nintendo

Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities (arstechnica.com) 89

An anonymous reader quotes a report from Ars Technica: Nintendo's Switch has been out for almost two weeks, which of course means that efforts to hack it are well underway. One developer, who goes by qwertyoruiop on Twitter, has demonstrated that the console ships with months-old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser. A proof-of-concept explainer video was posted here. The potential impact of these vulnerabilities for Switch users is low. A Switch isn't going to have the same amount of sensitive data on it that an iPhone or iPad can, and there are way fewer Switches out there than iDevices. Right now, the Switch also doesn't include a standalone Internet browser, though WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed. The exploit could potentially open the door for jailbreaking and running homebrew software on the Switch, but, as of this writing, the exploit doesn't look like it provides kernel access. The developer who discovered the exploit himself says that the vulnerability is just a "starting point."
Operating Systems

Apple Says It's Already Fixed Many WikiLeaks Security Issues (usatoday.com) 109

An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."
Crime

Federal Criminal Probe Being Opened Into WikiLeaks' Publication of CIA Documents (cnn.com) 236

A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.
Privacy

WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7' (independent.co.uk) 457

Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said.
You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."
Spam

Exploit that Caused iPhones To Repeatedly Dial 911 Reveals Grave Cybersecurity Threat, Say Experts (9to5mac.com) 71

Ben Lovejoy, writing for 9to5Mac: We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one 911 center was in 'immediate danger' of losing service, while two other centers had been at risk -- but a full investigation has now concluded that the incident was much more serious than it appeared at the time. It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call. The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating. Of the 6,500 911 call centers nationwide, just 420 are believed to have implemented a cybersecurity program designed to protect them from this kind of attack.
Businesses

Apple Cracks Down Further On Cobalt Supplier in Congo as Child Labor Persists (washingtonpost.com) 86

Last year, a Washington Post investigation found several instances of miners -- including children -- labored in hazardous, even deadly, conditions at Congo's artisanal cobalt supply chain. Amnesty International and other human rights groups also have alleged problems. Earlier this week, British broadcaster Sky New published an investigation that alleged continued problems in the cobalt supply chain. The Washington Post now reports: Apple said it has temporarily stopped buying cobalt mined by hand in Congo while it continues to deal with problems with child labor and harsh work conditions. The Post connected this troubling trade to Zhejiang Huayou Cobalt Company, a Chinese firm that is the largest buyer of artisanal cobalt in Congo and whose minerals are used in Apple products. Last year, Apple pledged to clean up its cobalt supply chain, but the tech giant said it wanted to avoid hurting the Congolese miners by cutting them off. Mining provides vital income for hundreds of thousands of people in one of the poorest countries in the world. Now, Apple says it has stopped -- for now -- buying cobalt from artisanal mines (Editor's note: the link could be paywalled; alternate source). "We have been working with Huayou on a program that will verify individual artisanal mines, according to our standards," Apple said in a statement, "and these mines will re-enter our supply chain when we are confident that the appropriate protections are in place."
Businesses

Apple Is Expanding Its War With Qualcomm (fortune.com) 21

Apple has opened a new front in its global patent war with Qualcomm. From a report: The Cupertino, Calif.-based company has sued Qualcomm in a U.K. court, accusing the chipmaker of violating patents and design concepts Apple owns. Details on exactly which patents Qualcomm has violated and why Apple believes Qualcomm has violated the patents were not disclosed in the public court records, according to Bloomberg, which earlier reported on the lawsuit. The lawsuit is the latest in a string of disputes Apple and Qualcomm have engaged in around the world. The main dispute resides in the U.S., where Apple has accused Qualcomm of using its position as a prominent chipmaker to hurt competition in the mobile marketplace. Apple, which has used Qualcomm chips for its iPhone's wireless connectivity, claims Qualcomm owes the company $1 billion in rebates the chip maker allegedly held back after Apple spoke to South Korean regulators about Qualcomm's business practices.
Iphone

An 81-Year-Old Woman Just Created Her Own iPhone App (cnn.com) 60

After 43 years working in one of Japan's leading banks, 81-year-old Masako Wakamiya has launched an iPhone app called "Hinadan" that shows users how to stage traditional dolls for the Hinamatsuri festival. From a report on CNN Money: She says she felt compelled to do something after noticing a shortage of fun apps aimed at people her age. "We easily lose games when playing against young people, since our finger movements can't match their speed," Wakamiya told CNN. The retired banker asked a bunch of people to create games for seniors, but no one was interested. So she took matters into her own hands and achieved something many people half her age haven't done. "I wanted to create a fun app to get elderly people interested in smartphones," she said. "It took about half a year to develop." Wakamiya started using computers at age 60 when she was caring for her elderly mother and finding it difficult to get out and socialize with friends.
Android

Sorry, Apple, the Headphone Jack Isn't Going Anywhere (yahoo.com) 332

An anonymous reader quotes a report from Rob Pegoraro via Yahoo Finance: Two things unite almost every phone on display here at Mobile World Congress 2017: Android and a headphone jack. Apple doesn't exhibit its wares at this trade show, so the domination of Google's operating system is predictable. But the headphone jack's persistence did not look so inevitable when Apple cut it from the iPhone 7 and iPhone 7 Plus last September. Lenovo's Motorola subsidiary had already shipped a phone without a headphone hack, the Moto Z, and Apple's influence over the rest of the smartphone industry remains formidable -- indeed, within months, the Chinese firm LeEco had debuted a lineup of Android phones devoid of headphone jacks. As my colleague David Pogue predicted in a post approving Apple's move: "Other brands worldwide will be following suit." The hardware on display here at the world's largest mobile tech conference, though, suggests otherwise. Two days of walking around the show floor showed companies expressing a consistent unwillingness to abandon the humble headphone jack, even on models as thin as, or thinner than, the iPhone 7. The MWC floor revealed only one company willing to do away with the headphone jack: HTC. The Taiwan-based firm, which has struggled financially for years despite shipping such well-reviewed models as the HTC 10, used its exhibit to showcase the U Ultra and the U Play, which rely on their USB-C ports for audio output. Unlike, Apple, though, the company didn't make the move to save space, but rather to incorporate its "USonic" feature, which lets the phones' headphones calibrate themselves to your ears and provide noise cancellation.
Displays

For This Year's iPhone, Apple Is Ditching Lightning Connector and Home Button, But Embracing USB Type-C and Curved Display (wsj.com) 223

Apple has decided to adopt a flexible display for at least one model of the new iPhone, reports WSJ. From the report: People with direct knowledge of Apple's production plans said the Cupertino, Calif., company has decided to go ahead with the technology, and it will release a phone model using the OLED screens this year (Editor's note: the link could be paywalled; alternate source). The technology allows manufacturers to bend screens in ways they couldn't previously -- such as by introducing a curve at the edge of the phone as in some Samsung models. However, once the phone is manufactured, the OLED screen can't be bent or folded by the user, at least with current technology. Using OLED displays would allow Apple to introduce a phone with a new look to fuel sales. They said Apple would introduce other updates including a USB-C port for the power cord and other peripheral devices instead of the company's original Lightning connector. The models would also do away with a physical home button, they said. Those updates would give the iPhone features already available on other smartphones.
United States

The Videogame Industry Is Fighting 'Right To Repair' Laws (vice.com) 266

An anonymous reader quotes Motherboard: The video game industry is lobbying against legislation that would make it easier for gamers to repair their consoles and for consumers to repair all electronics more generally. The Entertainment Software Association, a trade organization that includes Sony, Microsoft, Nintendo, as well as dozens of video game developers and publishers, is opposing a "right to repair" bill in Nebraska, which would give hardware manufacturers fewer rights to control the end-of-life of electronics that they have sold to their customers...

Bills making their way through the Nebraska, New York, Minnesota, Wyoming, Tennessee, Kansas, Massachusetts, and Illinois statehouses will require manufacturers to sell replacement parts and repair tools to independent repair companies and consumers at the same price they are sold to authorized repair centers. The bill also requires that manufacturers make diagnostic manuals public and requires them to offer software tools or firmware to revert an electronic device to its original functioning state in the case that software locks that prevent independent repair are built into a device. The bills are a huge threat to the repair monopolies these companies have enjoyed, and so just about every major manufacturer has brought lobbyists to Nebraska, where the legislation is currently furthest along... This setup has allowed companies like Apple to monopolize iPhone repair, John Deere to monopolize tractor repair, and Sony, Microsoft, and Nintendo to monopolize console repair...

Motherboard's reporter was unable to get a comment from Microsoft, Apple, and Sony, and adds that "In two years of covering this issue, no manufacturer has ever spoken to me about it either on or off the record."
Bug

New iOS Update Fixes Unexpected Shutdown Issue On iPhone 6, iPhone 6s (techcrunch.com) 49

Matthew Panzarino, writing for TechCrunch: Over the past couple of iPhone versions users have complained of "unexpected" shutdowns of their devices. Some iPhone 6, 6S, 6 Plus and 6S Plus devices could basically go dark unexpectedly, forcing a user to have to plug them into an outlet to get them to power back on. Apple has been working on this very annoying bug and it says it has come up with a fix of sorts that should mitigate the problem on a majority of iPhone 6 and iPhone 6s devices. The fix is actually already on your iPhone if you have installed iOS 10.2.1 -- something that around 50 percent of iOS users have already done. After letting the fix simmer on customer devices, Apple now has statistics to share on how it has improved the issue, citing 80 percent reduction on iPhone 6s and 70 percent reduction on iPhone 6 devices.

Slashdot Top Deals