The U.S. Federal Aviation Administration has banned select MacBook Pro laptops on flights after Apple recently said that some units had batteries that posed a fire risk. In a statement, the FAA said it was "aware of the recalled batteries that are used in some Apple MacBook Pro laptops" and stated that it alerted major U.S. airlines about the recall. Bloomberg reports: The watchdog also reminded airlines to follow 2016 safety instructions for goods with recalled batteries, which means that the affected Apple laptops should not be taken on flights as cargo or in carry-on baggage by passengers. The Apple laptops in question are some 15-inch MacBook Pros sold between September 2015 and February 2017. Apple issued the recall in June, saying it had "determined that, in a limited number of older generation 15-inch MacBook Pro units, the battery may overheat and pose a fire safety risk."

This week, four airlines with cargo operations managed by Total Cargo Expertise -- TUI Group Airlines, Thomas Cook Airlines, Air Italy, and Air Transat -- implemented a ban, barring the laptops from being brought onto the carriers' planes as cargo, according to an internal notice obtained by Bloomberg News. A spokesperson for TUI Group Airlines said airport staff and flight attendants will start making announcements about these MacBook Pros at the gate and before takeoff. Laptops that have replaced batteries won't be impacted, the spokesperson said. The company also posted a notice on its website banning the recalled computers on board, in both cargo and passenger areas of its planes. It's unclear what efforts will, if any, be made at U.S. airports.

A researcher known as MG has modified Lightning cables with extra components to let him remotely connect to the computers that the cables are connected to. "It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," MG said. Motherboard reports: One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target's legitimate one. MG suggested you may even give the malicious version as a gift to the target -- the cables even come with some of the correct little pieces of packaging holding them together. MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.

The cable comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. A hacker can also remotely "kill" the USB implant, hopefully hiding some evidence of its use or existence. MG made the cables by hand, painstakingly modifying real Apple cables to include the implant. "In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way," he said. MG did point to other researchers who worked on the implant and graphical user interface. He is selling the cables for $200 each.

Long-time Slashdot reader Huxley_Dunsany writes: After much work rebuilding and upgrading it, my Macintosh SE/30 from 1989 is now connected via Ethernet to the Web, and is hosting a simple website and old-style "guestbook." The site has been online for a few days (other than semi-frequent reboots of the system when it gets overloaded with requests), and has served nearly 20,000 visitors. For a machine with a 16MHz CPU and 68 megabytes of ram, it's held up remarkably well!

I'm basically inviting a "Slashdotting" of my old Mac, but I thought this project might bring a few smiles here. Enjoy!
"Awesome," wrote one visitor in the guestbook, adding "You should join a webring!"

Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications -- including Apple's FaceID. But there is a catch. Doing so requires the victim to be out cold. From a report: Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim's FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim's face the researchers demonstrated how they could bypass Apple's FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up.

To launch the attack, researchers with Tencent tapped into a feature behind biometrics called "liveness" detection, which is part of the biometric authentication process that sifts through "real" versus "fake" features on people. It works by detecting background noise, response distortion or focus blur. One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro. "With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles' heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture," researchers said during the Black Hat USA 2019 session.

Goldman Sachs is casting a wide net for customers of its new credit card with Apple, approving some subprime borrowers for the product. CNBC: The bank, which is in charge of deciding who gets the Apple Card, is accepting some applications from users with less-than-stellar credit scores, according to people with knowledge of the matter. Goldman began to make the card available to some Apple customers this week ahead of a broader rollout later this month. From the start, Apple wanted its bank partner to create a technology platform that would approve as many of its 100 million-plus U.S. iPhone users as possible, within the bounds of regulations and responsible lending, according to the people. That's in line with the tech giant's desire to provide a good user experience for its customers.

Apple says it will offer up to $1 million for hackers who can find vulnerabilities in iPhones and Macs. "That's up from $200,000, and in the fall the program will be open to all researchers," reports Forbes. "Previously only those on the company's invite-only bug bounty program were eligible to receive rewards." From the report: As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple's head of security engineering Ivan Krstic gave a talk on iOS and macOS security. Forbes also revealed on Monday that Apple was to give bug bounty participants "developer devices" -- iPhones that let hackers dive further into iOS. They can, for instance, pause the processor to look at what's happening with data in memory. Krstic confirmed the iOS Security Research Device program would be by application only. It will arrive next year.

The full $1 million will go to researchers who can find a hack of the kernel -- the core of iOS -- with zero clicks required by the iPhone owner. Another $500,000 will be given to those who can find a "network attack requiring no user interaction." There's also a 50% bonus for hackers who can find weaknesses in software before it's released. Apple is increasing those rewards in the face of an increasingly profitable private market where hackers sell the same information to governments for vast sums.

A longtime nightmare scenario for independent iPhone repair companies has come true: Apple has tied batteries to specific iPhones, meaning that only it has the ability to perform an authorized battery replacement on the newest versions of iPhones, two independent experiments have found. From a report: Battery replacements are among the most common repairs done by Apple and by independent repair companies. This is because lithium ion batteries eventually lose their ability to hold a charge, which will eventually make the phone unusable. Replacing the battery greatly extends the life of the phone: Apple CEO Tim Cook acknowledged earlier this year that battery replacements are resulting in fewer people buying new iPhones, which has affected Apple's bottom line. It's concerning on many levels, then, that on the iPhone XS, XS Plus, and XR, that any battery swap not performed by Apple will result in the phone's settings saying that the new battery needs "Service." An iPhone will still turn on and function with an aftermarket battery, but several important features are unavailable, and the iPhone warns users that they should seek service, presumably from an Apple Store.

Privacy has been a renewed focus with Apple's next operating system update. One new feature in iOS 13 that seems centered on user privacy could have sweeping consequences for messaging and online call apps. From a report: In iOS 13, Apple will not allow apps to run voice over Internet protocol (VoIP) in the background when the programs are not actively in use. Many apps that offer VoIP services currently run in the background, and they will need to be rewritten to adjust to Apple's upcoming rules. The change is slated to roll out when iOS 13 is released in September. However, app developers will get a grace period, and they have until April 2020 to comply. VoIP services ostensibly stay running in the background so they can connect calls quickly, but they also let those apps collect information about what users are doing on their devices. Restricting the programs that can simply be open at any time on its mobile hardware fits the narrative Apple is crafting about being a trusted place for customer privacy in an increasingly untrustworthy industry.

According to The Financial Times, Google's parent company Alphabet has overtaken Apple to become the most cash-rich company in the world. As of the second quarter of this year, Alphabet holds $117 billion in liquid reserves, compared to $102 billion net of debt, for Apple. The Verge reports: Despite the obvious benefits of hoarding so much cash, earning the title of "Cash Kings" might not give much cause for celebration. As the FT notes, such a conspicuous display of wealth could increase pressure from shareholders who'd like to see the company spend more of its money on share buybacks or dividends, and could lead to increased scrutiny from regulators concerned with Google's dominance. Google and its parent company have been hit with around $9.05 billion in antitrust fines by the EU in the past two years, and the company is also facing heavy scrutiny by U..S lawmakers.

Apple says it will temporarily suspend its practice of using human contractors to grade snippets of Siri voice recordings for accuracy. The move follows a report in The Guardian where a former worker detailed the program, claiming that contractors "regularly hear confidential medical information, drug deals, and recordings of couples having sex" as part of their job. The Verge reports: "We are committed to delivering a great Siri experience while protecting user privacy," an Apple spokesperson says in a statement to The Verge. "While we conduct a thorough review, we are suspending Siri grading globally. Additionally, as part of a future software update, users will have the ability to choose to participate in grading." Apple did not comment on whether, in addition to pausing the program where contractors listen to Siri voice recordings, it would also stop actually saving those recordings on its servers. Currently the company says it keeps recordings for six months before removing identifying information from a copy that it could keep for two years or more.

In its second-quarter report, Spotify said its subscribers rose 31% year over year to hit 108 million subscribers at the end of June. "That figure was weaker than Spotify expected but keeps it well above its closest competitor, Apple Music, which had 60 million subscribers as of June," reports CNET. From the report: Spotify also said Wednesday that 232 million people now use its service at least once a month, up 29% from a year earlier. Spotify, unlike Apple, has a free tier that lets anyone listen to music with advertising. Apple has never disclosed a monthly-active-user stat; almost all people who use Apple Music are subscribers. Spotify's growth in monthly active users beat the best-case prediction the company made in April, coming in 4 million above the 228 million high end of guidance. But its subscribers -- who make Spotify way more money than ad-supported free listeners -- were at the low end of its expectations. Its 108 million figure scraped into its guidance range of 107 million to 110 million.

Its subscriber growth was relatively weaker because fewer people signed up for its heavily discounted student plan. Spotify also said it would make up for the latest quarter's shortfall by the end of the year. Looking ahead, Spotify predicted that it will have 110 million to 114 million paid subscribers by the end of September and that its monthly active users will increase to between 240 million and 245 million. By the end of the year, it expects to cross the milestone of a quarter of a billion monthly listeners.

No country on earth has benefited from President Trump's trade fight with China more than Vietnam. From a report: The country's factories have swelled with orders as American tariffs cause companies to reconsider making their products in China. Now, more big technology firms are looking to bulk up their manufacturing operations in Vietnam, lifting the ambitions of a nation already well on its way to becoming a powerhouse maker of smartphones and other high-end gadgets. First, though, Vietnam needs to get better at making the little plastic casings on your earbuds.

Vu Huu Thang's company in the northern city of Bac Ninh, Bac Viet Technology, produces small plastic parts for Canon printers, Korg musical instruments, and Samsung cellphones and phone accessories, including earbuds. He said it would be hard for his firm to compete against Chinese suppliers as long as he had to buy 70 to 100 tons of imported plastic material every month, most of it made in China. "Vietnam cannot compare with China," Mr. Thang said. "When we buy materials, it's 5, 10 percent more expensive than China already." And the Vietnamese market is too small, he said, to entice plastic producers to set up plants here.

Security researchers say they can extract a user's phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations. From a report: The attack works because, when Bluetooth is enabled on an Apple device, the device sends BLE (Bluetooth Low Energy) packets in all directions, broadcasting the device's position and various details. This behavior is part of the Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect and allow data transfers between nearby devices. Previous academic research has revealed that AWDL BLE traffic contains device identification details such as the phone status, Wi-Fi status, OS version, buffer availability, and others. However, in new research published last week, security researchers from Hexway said that during certain operations these BLE packets can also contain a SHA256 hash of the device's phone number.

An anonymous reader quotes a report from The New York Times: Apple has long performed like clockwork, growing steadily and producing an ever-growing stream of profit. Not anymore. On Tuesday, the Silicon Valley behemoth said that its net income had fallen 13 percent and that its revenue rose 1 percent in the latest quarter, with iPhone sales continuing to decline and gains in the company's services and wearables business failing to make up the difference. The results showed persistent signs of weakness for one of the world's financial standouts. Apple built its enormous business on the iPhone, but sales of the device have slipped for three straight quarters in a saturated market for smartphones. Yet the results also suggested that the company could be starting to halt declines in those sales and other key areas, including revenue from the Chinese market. Over the previous two quarters, Apple's profits and revenue had fallen over all.

Apple said net income had dropped to $10.04 billion for its fiscal third quarter, from $11.5 billion a year earlier, with profit of $2.18 a share exceeding Wall Street estimates. Revenue rose to $53.8 billion from $53.3 billion a year earlier. In the latest quarter, revenue from iPhone sales fell nearly 12 percent, to $25.97 billion, from a year earlier. In the company's previous quarter, iPhone sales fell 17 percent. For the first time since 2013, iPhone sales did not account for at least half of Apple's revenue, said Yoram Wurmser, an analyst at the market-research firm eMarketer. Sales in China have declined nearly 25 percent over the previous two quarters, the report adds. "In the latest quarter, Apple's sales in the region fell 4.1 percent, while revenue specifically in mainland China grew."

Google researchers have shared details of five flaws in Apple's iMessage software that could make its devices vulnerable to attack. The BBC reports: In one case, the researchers said the vulnerability was so severe that the only way to rescue a targeted iPhone would be to delete all the data off it. Another example, they said, could be used to copy files off a device without requiring the owner to do anything to aid the hack. Apple released fixes last week. But the researchers said they had also flagged a sixth problem to Apple, which had not been rectified in the update to its mobile operating system.

Apple's own notes about iOS 12.4 indicate that the unfixed flaw could give hackers a means to crash an app or execute commands of their own on recent iPhones, iPads and iPod Touches if they were able to discover it. Apple has not commented on this specific issue, but has urged users to install the new version of iOS, which addresses Google's other discoveries as well as a further range of glitches and threats. One of the two Google researchers involved - Natalie Silvanovich - intends to share more details of her findings at a presentation at the Black Hat conference in Las Vegas next month.

An anonymous reader shares a report from VentureBeat: Google today launched Chrome 76 for Windows, Mac, Linux, Android, and iOS. The release includes Adobe Flash blocked by default, Incognito mode detection disabled, multiple PWA improvements, and more developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. Google has been taking baby steps to kill off Flash for years. In 2015, Chrome started automatically pausing less important Flash content. In 2016, Chrome started blocking "behind the scenes" Flash content and using HTML5 by default. In July 2017, however, Adobe said it would kill Flash by 2020. With Chrome 76, Flash is now blocked by default. Users can still turn it on in settings, but next year, Flash will be removed from Chrome entirely.

Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks. From a report: These are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US. The project sought to analyze the Apple Wireless Direct Link (AWDL), a protocol that Apple rolled out in 2014 and which also plays a key role in enabling device-to-device communications in the Apple ecosystem. While most Apple end users might not be aware of the protocol's existence, AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods. But in the past five years, Apple has never published any in-depth technical details about how AWDL works. This, in turn, has resulted in very few security researchers looking at AWDL for bugs or implementation errors.

An anonymous reader quotes a report from CNBC: In a tweet on Friday, President Trump said his administration will not grant Apple any relief on Mac Pro parts made in China. "Apple will not be given Tariff wavers (sic), or relief, for Mac Pro parts that are made in China," President Trump said. "Make them in USA, no Tariffs!" Apple asked for waivers on tariffs on the Mac Pro. Apple said it wanted to be exempt on some parts it uses for the new Mac Pro, including a power supply unit, the stainless-steel enclosure, finished mice and trackpads and circuit boards. "There are no other sources for this proprietary, Apple-designed component," Apple said in a filing. Apple shifted production of the Mac Pro to China in June, saving shipping costs for components that are supplied near Shanghai.

Alex Hern, reporting for The Guardian: Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or "grading," the company's Siri voice assistant, the Guardian has learned. Although Apple does not explicitly disclose it in its consumer-facing privacy documentation, a small proportion of Siri recordings are passed on to contractors working for the company around the world.

They are tasked with grading the responses on a variety of factors, including whether the activation of the voice assistant was deliberate or accidental, whether the query was something Siri could be expected to help with and whether Siri's response was appropriate. Apple says the data "is used to help Siri and dictation ... understand you better and recognise what you say." [...] Apple told the Guardian: "A small portion of Siri requests are analysed to improve Siri and dictation. User requests are not associated with the user's Apple ID. Siri responses are analysed in secure facilities and all reviewers are under the obligation to adhere to Apple's strict confidentiality requirements." The company added that a very small random subset, less than 1% of daily Siri activations, are used for grading, and those used are typically only a few seconds long." Further reading: Google Contractors Are Secretly Listening To Your Assistant Recordings; and Amazon Workers Are Listening To What You Tell Alexa.

Apple is officially acquiring Intel's smartphone modem business for $1 billion, the two companies announced today. As rumored earlier this week, the move "would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." The Verge reports: The acquisition means that Apple is now well on the way to producing its own 5G modems for its smartphones, rather than having to rely on Qualcomm for the hardware. Developing its own modems has the potential to deliver big benefits for Apple. In particular, it would no longer be subject to the patent licensing terms of Qualcomm, which were the source of the two companies' lengthy legal dispute. In the past, Apple has accused Qualcomm for charging "disproportionately high" fees in patent royalties, which it was accused of forcing companies to agree to if they want access to its hardware as part of a "no license -- no chips" policy.

The talks with Intel to acquire its modem business are understood to have started last summer, according to the WSJ, when Intel's new CEO Bob Swan arrived with a focus on cleaning up the company and addressing its loss-making segments. Acquiring another business to develop an in-house competitor is a tactic Apple has used at least once before when it spent $300 million to acquire part of Dialog, a company that previously supplied Apple with power management chips for its phones. The time of the acquisition, which included 300 employees, was Apple's biggest ever in terms of headcount.