IOS

Apple Releases iOS 12.0.1 With Fixes For Wi-Fi 2.4GHz Bug, Lightning Charging Issue (macrumors.com) 84

Apple has released iOS 12.0.1, the first official update to the iOS 12 OS that brings a number of fixes, including a fix to the charging issue that was affecting some iPhone XS owners. Mac Rumors reports: Today's update fixes several high profile bugs that have been plaguing iOS 12 users. It resolves an issue that could cause some iPhone XS devices not to charge when connected to a Lightning cable, an issue that was discovered shortly after iOS 12 was released. Reports suggested multiple iOS 12 devices were affected rather than just the iPhone XS, and it's likely that if other devices are impacted, the new update solves the problem.

https://www.macrumors.com/2018/10/08/apple-releases-ios-12-0-1-update/ iOS 12.0.1 also fixes a major Wi-Fi bug that could cause some iPhone XS devices to prefer to join a 2.4GHz Wi-Fi network rather than a 5GHz Wi-Fi network, resulting in perceived slower Wi-Fi connection speeds. After this update, many users who were stuck with their phones connecting to a 2.4GHz network should see much faster Wi-Fi connection speeds as the devices once again prefer a 5GHz network. Other bug fixes in this update include a reorientation of the "123" number key on the iPad, which was moved in the iOS 12 update and swapped with the emoji/language key, a fix for a problem that could cause subtitles not to appear in some video apps, and an issue where Bluetooth could become unavailable.

Google

UK High Court Blocks Billion-Dollar Privacy Lawsuit Against Google (bbc.com) 43

An anonymous reader quotes a report from the BBC: The High Court has blocked a bid to sue Google for allegedly unlawfully taking data from 4.4 million UK iPhone users. The legal case was mounted by a group called Google You Owe Us, led by former Which director Richard Lloyd. It sought compensation for people whose handsets were tracked by Google for several months in 2011 and 2012. Mr Lloyd said he was "disappointed" by the ruling and his group would appeal, but Google said it was "pleased" and thought the case was "without merit."

Mr Justice Warby who oversaw the case explained that it was blocked because the claims that people suffered damage were not supported by the facts advanced by the campaign group. Another reason for blocking it, he said, was the impossibility of reliably calculating the number of iPhone users affected by the alleged privacy breach. The complaint made by Google You Owe Us alleged that the cookies were used by Google to track people and get around settings on Apple's Safari browser that blocked such monitoring. Ads were sold on the basis of the personal information gathered by Google's cookies. The Safari workaround was used by Google on lots of different devices but the UK case centered on iPhone users. The group hoped to win $1.3 billion in compensation for affected users.

Bug

Some Apple Watch Series 4 Models Are Frequently Crashing and Rebooting Due to a Daylight Saving Time Bug (macrumors.com) 110

Some Apple Watch Series 4 owners in Australia experienced crashes and reboots on Saturday due to a bug that surfaced because of the daylight saving time change. From a report: According to Reddit users hit by the Apple Watch bug, the root of the problem appears to be the Infograph Modular face's Activity complication, which displays a timeline graph with hourly data for the user's Move calories, Exercise minutes, and Stand hours. When daylight saving time (DST) lops an hour off the typical 24-hour day, the Activity complication is apparently unable to compute the change and draw the timeline graph with only 23 hours, which throws the Apple Watch into an endless reboot loop until the battery runs out.
Portables (Apple)

iFixit Confirms You Can Still Repair Your Own iMac Pro Or MacBook Pro -- At Least For Now (engadget.com) 44

After it was reported that proprietary diagnostic software was needed in order to replace key parts on computers equipped with Apple's T2 chip, iFixit decided to put that claim to the test by replacing a part on a brand-new 2018 MacBook Pro. They found that after pulling it apart and replacing the display, it still worked -- even without the software. Engadget reports: As they put it, any "secret repair kill switch hasn't been activated -- yet." So far, it has limited approaches that limit repairs based on security to the TouchID and FaceID sensors that require specialized software, as I noted yesterday, even though people have reported trouble with the ambient light sensor after replacing iPhone displays. While it's possible that a future software update could change things and make it require specialized software that only official Apple Stores and authorized service centers have access to, we're not there yet. Passing "right to repair" laws currently under consideration could be a big step to guaranteeing things stay that way.
United Kingdom

UK Cyber Security Agency Backs Apple, Amazon China Hack Denials (reuters.com) 56

An anonymous reader quotes a report from Reuters: Britain's national cyber security agency said on Friday it had no reason to doubt the assessments made by Apple and Amazon challenging a Bloomberg report that their systems contained malicious computer chips inserted by Chinese intelligence services. "We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple," said the National Cyber Security Centre, a unit of Britain's eavesdropping agency, GCHQ. AWS refers to Amazon Web Services, the company's cloud-computing unit.

"The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us," it said. Apple's recently retired general counsel, Bruce Sewell, told Reuters he called the FBI's then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer, a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips. "I got on the phone with him personally and said, 'Do you know anything about this?," Sewell said of his conversation with Baker. "He said, 'I've never heard of this, but give me 24 hours to make sure.' He called me back 24 hours later and said 'Nobody here knows what this story is about.'"
The U.S. Department of Homeland Security said on Saturday that it too had no reason to doubt statements from companies that have denied the Bloomberg report.

"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise," DHS said in a statement. "Like our partners in the UK, the National Cyber Security Center, at this time we have no reason to doubt the statements from the companies named in the story," it said.
Medicine

Stunt Woman Tests Apple Watch With Violent Fake Falls (hothardware.com) 96

It seems like everyone's curious about how the Apple Watch 4 detects falls. The Washington Post reports: In the interest of science, I've tried jumping off ledges and throwing myself onto furniture. The thing never went off. (The feature is on by default only for people older than 65, but I turned mine on.) It's possible, even likely, that the Watch could tell I was faking.

What's important is actual falls, not stunts. Apple says it studied the falls of 2,500 people of varying ages. Yet the company hasn't said how often it catches real falls or sets off false alarms. This isn't like claiming the "best camera ever" on a smartphone -- if Apple wants us to think of its products as life aids, it ought to show us the data. Even better: peer-reviewed studies. Apple's disclaimer says: "Apple Watch cannot detect all falls. The more physically active you are, the more likely you are to trigger Fall Detection due to high impact activity that can appear to be a fall."

But there's now also a new video by the Wall Street Journal that tests the watch's fall-detecting capabilities with a professional stuntwoman. Hot Hardware reports: The Wall Street Journal found that the Apple Watch did a very good job of detecting a serious fall while ignoring insignificant or outright fake falls. The stunt double performed a series of falls that are similar to falls in the slides that Apple showed in its keynote explaining the feature. In the testing, the watch was able to identify those falls and offer to call emergency services.

The most interesting part is that even though the stunt woman pulled some serious fake falls, complete with Hollywood-style tumbling down a hill, the Apple Watch was able to figure out if the fall was fake and didn't offer to call emergency services.

The Journal's reporter credits the watch's gyroscope and accelerometer, which can monitor numerous factors including both speed and wrist trajectory. Their conclusion?

"Turns out the Apple Watch really does know when you're just playing around."
China

Apple Insiders Say Nobody Internally Knows What's Going On With Bloomberg's China Hack Story (buzzfeednews.com) 176

An anonymous reader quotes a report from BuzzFeed News: Multiple senior Apple executives, speaking with BuzzFeed News on the condition of anonymity so that they could speak freely all denied and expressed confusion with a report earlier this week that the company's servers had been compromised by a Chinese intelligence operation. On Thursday morning, Bloomberg Businessweek published a bombshell investigation. The report -- the result of more than a year of reporting and over 100 interviews with intelligence and company sources -- alleged that Chinese spies compromised and infiltrated almost 30 U.S. companies including Apple and Amazon by embedding a tiny microchip inside company servers. Both Amazon and Apple issued uncharacteristically strong and detailed denials of Bloomberg's claims.

Reached by BuzzFeed News multiple Apple sources -- three of them very senior executives who work on the security and legal teams -- said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them. A senior security engineer directly involved in Apple's internal investigation described it as "endoscopic," noting they had never seen a chip like the one described in the story, let alone found one. "I don't know if something like this even exists," this person said, noting that Apple was not provided with a malicious chip or motherboard to examine. "We were given nothing. No hardware. No chips. No emails." Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation -- Bloomberg wrote that Apple "reported the incident to the FBI." A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person's purview and responsibilities are of such a high level that it's unlikely they would not have been aware of government outreach.

Businesses

Bloomberg's Spy Chip Story Reveals the Murky World of National Security Reporting (techcrunch.com) 67

TechCrunch's security editor, Zack Whittaker, analyzes Bloomberg's recent report that China infiltrated Apple, Amazon and others via a tiny microchip inserted into servers at the data centers associated with these companies. With Apple and Amazon refuting Bloomberg's claims, Whittaker talks about the "murky world of national security reporting" and the difficulties of reporting stories of this magnitude with anonymous sources. An anonymous reader shares an excerpt from his report: Today's bombshell Bloomberg story has the internet split: either the story is right, and reporters have uncovered one of the largest and jarring breaches of the U.S. tech industry by a foreign adversary or it's not, and a lot of people screwed up. Welcome to the murky world of national security reporting. I've covered cybersecurity and national security for about five years, most recently at CBS, where I reported exclusively on several stories -- including the U.S. government's covert efforts to force tech companies to hand over their source code in an effort to find vulnerabilities and conduct surveillance. And last year I revealed that the National Security Agency had its fifth data breach in as many years, and classified documents showed that a government data collection program was far wider than first thought and was collecting data on U.S. citizens. Even with this story, my gut is mixed.

Naturally, people are skeptical of this "spy chip" story. On one side you have Bloomberg's decades-long stellar reputation and reporting acumen, a thoroughly researched story citing more than a dozen sources -- some inside the government and out -- and presenting enough evidence to present a convincing case. On the other, the sources are anonymous -- likely because the information they shared wasn't theirs to share or it was classified, putting sources in risk of legal jeopardy. But that makes accountability difficult. No reporter wants to say "a source familiar with the matter" because it weakens the story. It's the reason reporters will tag names to spokespeople or officials so that it holds the powers accountable for their words. And, the denials from the companies themselves -- though transparently published in full by Bloomberg -- are not bulletproof in outright rejection of the story's claims. These statements go through legal counsel and are subject to government regulation. These statements become a counterbalance -- turning the story from an evidence-based report into a "he said, she said" situation. That puts the onus on the reader to judge Bloomberg's reporting. Reporters can publish the truth all they want, but ultimately it's down to the reader to believe it or not.
Whittaker ends by saying "Bloomberg's delivery could have been better," and that they "missed an opportunity to be more open and transparent in how it came to the conclusions that it did."

"Journalism isn't proprietary," Whittaker writes. "It should be open to as many people as possible. If you're not transparent in how you report things, you lose readers' trust. That's where the story rests on shaky ground. Admittedly, as detailed and as well-sourced as the story is, you -- and I -- have to put a lot of trust and faith in Bloomberg and its reporters."
Security

The Software Side of China's Supply Chain Attack (bloomberg.com) 63

Bloomberg BusinessWeek published a story on Thursday which claimed that data center equipments run by Amazon Web Services and Apple were subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process. Both Amazon and Apple have vehemently refuted Bloomberg's reporting. Bloomberg's reporters, who have spent more than a year on the story and have cited 17 sources for the claims they make in it, have doubled down. In a new story, the news outlet reports that Supermicro was the target of at least two additional forms of attack. This report claims that Facebook was aware of these attacks, too, which has confirmed it. From the story: The first of the other two prongs involved a Supermicro online portal that customers used to get critical software updates, and that was breached by China-based attackers in 2015. The problem, which was never made public, was identified after at least two Supermicro customers downloaded firmware -- software installed in hardware components -- meant to update their motherboards' network cards, key components that control communications between servers running in a data center. The code had been altered, allowing the attackers to secretly take over a server's communications, according to samples passed around at the time among a small group of Supermicro customers. One of these customers was Facebook.

"In 2015, we were made aware of malicious manipulation of software related to Supermicro hardware from industry partners through our threat intelligence industry sharing programs," Facebook said in an emailed statement. "While Facebook has purchased a limited number of Supermicro hardware for testing purposes confined to our labs, our investigations reveal that it has not been used in production, and we are in the process of removing them." The victims considered the faulty code a serious breach.
Further reading: Bloomberg's spy chip story reveals the murky world of national security reporting.
Portables (Apple)

Apple's New Proprietary Software Locks Kill Independent Repair On New MacBook Pros (vice.com) 442

An anonymous reader quotes a report from Motherboard: Apple has introduced software locks that will effectively prevent independent and third-party repair on 2018 MacBook Pro computers, according to internal Apple documents obtained by Motherboard. The new system will render the computer "inoperative" unless a proprietary Apple "system configuration" software is run after parts of the system are replaced. According to the document, which was distributed to Apple's Authorized Service Providers late last month, this policy will apply to all Apple computers with the "T2" security chip, which is present in 2018 MacBook Pros as well as the iMac Pro. The software lock will kick in for any repair which involves replacing a MacBook Pro's display assembly, logic board, top case (the keyboard, touchpad, and internal housing), and Touch ID board. On iMac Pros, it will kick in if the Logic Board or flash storage are replaced. The computer will only begin functioning again after Apple or a member of one of Apple's Authorized Service Provider repair program runs diagnostic software called Apple Service Toolkit 2.
Businesses

Apple CEO Tim Cook Says Giving Up Your Data For Better Services is 'a Bunch of Bunk' (washingtonpost.com) 118

Apple chief executive Tim Cook urged consumers not to believe the dominant tech industry narrative that the data collected about them will lead to better services. From a report: In an interview with "Vice News Tonight" that aired Tuesday, Cook highlighted his company's commitment to user privacy, positioning Apple's business as one that stands apart from tech giants that compile massive amounts of personal data and sell the ability to target users through advertising [The link may be paywalled; alternative source]. "The narrative that some companies will try to get you to believe is: I've got to take all of our data to make my service better," he said. "Well, don't believe them. Whoever's telling you that, it's a bunch of bunk." [...] Cook said in the interview that he is "exceedingly optimistic" that the topic of data privacy has reached an elevated level of public debate. "When the free market doesn't produce a result that's great for society you have to ask yourself what do we need to do. And I think some level of government regulation is important to come out on that."
Security

China Infiltrated Apple, Amazon and Other US Companies Using Spy Chips on Servers, According To Bloomberg; Apple, and Amazon, Among Others Refute the Report (bloomberg.com) 369

Data center equipment run by Amazon Web Services and Apple were subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process, Bloomberg BusinessWeek reported Thursday, citing 17 people at Apple, Amazon, and U.S. government security officials, among others. The compromised chips in question came from a server company called Supermicro that assembled machines used in the centers, the report added. The scrutiny of these chips, which were used for gathering intellectual property and trade secrets from American companies, have also been the subject of an ongoing top secret U.S. government investigation, which started in 2015, the news outlet reported. Amazon, which runs AWS, Apple, and Supermicro have disputed summaries of Bloomberg BusinessWeek's reporting.

The report states that Amazon became aware of a Supermicro's tiny microchip nested on the server motherboards of Elemental Technologies, a Portland, Oregon based company, as part of a due diligence ahead of acquiring the company in 2015. Amazon acquired Elemental as it prepared to use its technologies for what is now known as Prime Video, its video streaming service. The report adds that Amazon informed the FBI of its findings. From the report: One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world's most valuable company, Apple. Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards. Apple severed ties with Supermicro the following year, for what it described as unrelated reasons. [...] [Update: Some counterpoint: According to an earlier report by The Information, security concerns were indeed a reason why Apple and Supermicro parted ways.] A U.S. official says the government's probe is still examining whether spies were planted inside Supermicro or other American companies to aid the attack. Some background on Supermicro, courtesy of Bloomberg: Today, Supermicro sells more server motherboards than almost anyone else. It also dominates the $1 billion market for boards used in special-purpose computers, from MRI machines to weapons systems. Its motherboards can be found in made-to-order server setups at banks, hedge funds, cloud computing providers, and web-hosting services, among other places. Supermicro has assembly facilities in California, the Netherlands, and Taiwan, but its motherboards -- its core product -- are nearly all manufactured by contractors in China. The company's pitch to customers hinges on unmatched customization, made possible by hundreds of full-time engineers and a catalog encompassing more than 600 designs. Further reading: Amazon Offloaded Its Chinese Server Business Because it Was Compromised, Report Says.
Security

Some Apple Laptops Shipped With Intel Chips In 'Manufacturing Mode' (zdnet.com) 36

An anonymous reader writes: Apple has quietly fixed a security issue affecting some laptops that shipped with Intel chips that were mistakenly left configured into "manufacturing mode." The issue was discovered by two security researchers bug hunting for security flaws in Intel's Management Engine. While digging around through the tens of ME configuration options, the two spotted a feature that they believed could lead to problems, if left enabled by accident on Intel chips.

The configuration they eyed was named Manufacturing Mode, and it's an Intel ME option that desktop, server, laptop, or mobile OEMs can enable for Intel chips and use it for testing ME's remote management features. As the name implies, this configuration option should be enabled only on manufacturing lines to enable automated configuration and testing operations, but disabled before shipping the end product. Leaving an Intel ME chip in Manufacturing Mode allows attackers to change ME settings and disable security controls, opening a chip for other attacks.

The two researchers said they only tested Lenovo and Apple laptops for the presence of Intel ME chips in Manufacturing Mode. Other laptops or computers may also be affected. Instructions on how to spot Intel ME chips in Manufacturing Mode and how to disable it are available here. Apple fixed the issue in June, with the release of macOS High Sierra 10.13.5, and Security Update 2018-003 for macOS Sierra and El Capitan.

Transportation

Ex-Apple Engineers Unveil a Next-Generation Sensor For Self-Driving Cars (theverge.com) 32

An anonymous reader quotes a report from The Verge: Aeva, a Mountain View, California-based startup founded only just last year, has built what its two-cofounders claim is a next-generation version of LIDAR, the 3D mapping technology that has become instrumental for how self-driving cars measure the distance of objects and effectively see the road in front of them. And today, the company is officially unveiling its product, a tiny box that can more directly measure objects in a given scene and the distance and velocity of those objects relative to one another.

Aeva's technology is able to separate objects based on distance and whether the object is moving away from or toward it. It's also able to measure the velocity of the object, which enables the software to predict where cars and pedestrians are going. The company even says its sensing system is capable of completely shutting out interference from other, similar sensors -- including those from other companies -- and operating in all weather conditions and in the dark, thanks to a reflectivity sensor. Not only is Aeva's version of LIDAR superior to the variety found in most self-driving test vehicles on the road today, the company says, but the lightweight, low-power box it's housed in also contains all the other types of sensors and cameras necessary for an autonomous vehicle to see and make sense of every component within its field of vision.
Aeva's new system sounds a lot more promising when you consider the company's co-founders, Soroush Salehian and his business partner Mina Rezk, are former Apple engineers who both worked on Apple's "Special Projects" team. Although they will not say so, they likely helped progress the company's secretive autonomous car division. The Verge notes that Salehian also "worked on developing the first Apple Watch and the iPhone 6, while Rezk is a veteran of Nikon where he worked on optical hardware."
Programming

Former Students Say Steve Wozniak's $13,200 Coding Bootcamp Is 'Broken' and Sometimes Links To Wikipedia (9to5mac.com) 135

Last year, Apple co-founder Steve Wozniak announced a coding program called Woz U that's designed with the goal of offering an affordable education. "Our goal is to educate and train people in employable digital skills without putting them into years of debt," Wozniak said last fall. "People often are afraid to choose a technology-based career because they think they can't do it. I know they can, and I want to show them how."

Now that a round of students have been through the 33-week program, a number of problems have appeared. Former student, Bill Duerr, called the program "broken," and that "lots of times there's just hyperlinks to Microsoft documents, to Wikipedia." 9to5Mac reports: "Duerr said typos in course content were one of many problems. So-called 'live lectures' were pre-recorded and out of date, student mentors were unqualified, and at one point, one of his courses didn't even have an instructor," reports CBS. CBS heard from over 24 current and former students and employees that reiterated Duerr's experiences. Instead of a quality program, Duerr said Woz U was comparable to an ultra expensive e-book: "'I feel like this is a $13,000 e-book,' Duerr said. While it was supposed to be a program written by one of the greatest tech minds of all time, 'it's broken, it's not working in places, lots of times there's just hyperlinks to Microsoft documents, to Wikipedia,' he said."

A former Woz U enrollment counselor said that at times he had to do things that didn't feel right: "Asked whether he regrets working for Woz U, Mionske said, 'I regret in the aspect to where they're spending this money for, it's like rolling the dice. [...] But on the reverse side, I have to support my family.'"
According to Business Insider, Steve Wozniak said that he's "not involved" in the "operational aspects" of Woz U and doesn't know anything about the report this morning.
Iphone

Some iPhone XS, XS Max Devices Are Experiencing Charging Issues (theverge.com) 50

Poor cellular reception doesn't appear to be the only issue affecting some new iPhone XS and XS Max owners. "Dozens of users have reported charging issues with their iPhone XS and XS Max devices, and shared their experiences on the MacRumors forums and Apple's support forums," reports The Verge. From the report: Specifically, users are experiencing issues where phones will not charge if the Lightning cable is plugged in while the device is asleep. The problem appears to be a software bug -- perhaps related to the phone's USB accessory settings -- and requires iPhones to be unlocked (or at least have the screen lit up) in order to begin charging. Tech vlogger Lewis Hilsenteger demonstrated the issues on nine different iPhone X, XS, and XS Max devices on his YouTube channel Unbox Therapy. Some iPhones respond immediately to being plugged into a charger, while others have to be tapped to awaken, and others freeze up. If you are experiencing this issue, you should find relief by upgrading to the iOS 12.1 beta, which apparently eliminates the problem entirely. "For now, others suggest going into Settings, FaceID and Passcode, scrolling down to 'Allow access when locked' and turning on USB Accessories," reports The Verge.
Programming

Apple Watch Apps Instantly Went 64-Bit Thanks To Obscure Bitcode Option (venturebeat.com) 149

Jeremy Horwitz, writing for VentureBeat: An obscure feature in Apple's Xcode development software enabled Apple Watch apps to make an instant transition from 32-bit to 64-bit last month, an unheralded win for Apple Watch developers inside and outside the company. The "Enable Bitcode" feature was introduced to developers three years ago, but the Accidental Tech Podcast suggests that it was quietly responsible for the smooth launch of software for the Apple Watch Series 4 last month.

Support for Bitcode was originally added to Xcode 7 in November 2015, subsequently becoming optional for iOS apps but mandatory for watchOS and tvOS apps. Bitcode is an "intermediate representation" halfway between human-written app code and machine code. Rather than the developer sending a completely compiled app to the App Store, enabling Bitcode provides Apple with a partially compiled app that it can then finish compiling for whatever processors it wants to support.
The report suggests that this change allowed Apple to avoid the great "appocalypse" which occurred when it decided to kill support for 32-bit apps on iOS.
Iphone

FBI Forced Suspect To Unlock His iPhone X Through Face ID (engadget.com) 238

In what may be a world first, the FBI has forced a suspect to unlock his iPhone X using Apple's Face ID feature. From a report: Agents in Columbus, Ohio entered the home of 28-year-old Grant Michalski, who was suspected of child abuse, according to court documents spotted by Forbes. With a search warrant in hand, they forced him to put his face on front of the device to unlock it. They were then able to freely search for his photos, chats and any other potential evidence. The FBI started investigating Michalski after discovering his ad on Craigslist titled "taboo." Later, they discovered emails in which he discussed incest and sex with minors with another defendant, William Weekly.
Desktops (Apple)

FBI Solves Mystery Surrounding 15-Year-Old Fruitfly Mac Malware Which Was Used By a Man To Watch Victims Via their Webcams, and Listen in On Conversations (zdnet.com) 111

The FBI has solved the final mystery surrounding a strain of Mac malware that was used by an Ohio man to spy on people for 14 years. From a report: The man, 28-year-old Phillip Durachinsky, was arrested in January 2017, and charged a year later, in January 2018. US authorities say he created the Fruitfly Mac malware (Quimitchin by some AV vendors) back in 2003 and used it until 2017 to infect victims and take control off their Mac computers to steal files, keyboard strokes, watch victims via the webcam, and listen in on conversations via the microphone. Court documents reveal Durachinsky wasn't particularly interested in financial crime but was primarily focused on watching victims, having collected millions of images on his computer, including many of underage children. Durachinsky created the malware when he was only 14, and used it for the next 14 years without Mac antivirus programs ever detecting it on victims' computers. [...]

Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.

Apple

Apple Went Rotten After Steve Jobs' Death, Former Engineer Claims (siliconvalley.com) 182

An anonymous reader quotes the Bay Area Newsgroup: Apple turned against customers and its own employees after the death of co-founder and CEO Steve Jobs, a fired Apple engineer claims in a lawsuit. "No corporate responsibility exists at Apple since Mr. Jobs' death," Darren Eastman alleged in a lawsuit over his termination and patents related to his work at the Cupertino tech giant... Eastman, who is representing himself in court, started working as an engineer for Apple in 2006, largely because Jobs was interested in his idea for a low-cost Mac for education, and wanted him hired straight out of graduate school, Eastman said in the filing. Eastman claims to have invented the "Find my iPhone" function. When Jobs headed Apple, he told Eastman to notify him of any unresolved problems with the company's products, and employees in general were expected to raise such concerns, Eastman said in a lawsuit filed Thursday in Santa Clara County Superior Court.

That changed after Jobs died in 2011, he claimed. "Many talented employees who've given part of their life for Apple were now regularly being disciplined and terminated for reporting issues they were expected to (report) during Mr. Jobs tenure," Eastman alleged in the filing. "Cronyism and a dedicated effort to ignore quality issues in current and future products became the most important projects to perpetuate the goal of ignoring the law and minimizing tax. Complying with the law and paying what's honestly required is taboo at Apple, with judicial orders and paying tax (of any kind) representing the principal frustration of Apple's executives... Notifying Mr. Cook about issues (previously welcomed by Mr. Jobs) produces either no response, or, a threatening one later by your direct manager," Eastman claimed.... "There's no accountability, with attempts at doing the right thing met with swift retaliation."

Eastman even claims one Apple employee was fired for reporting toxic mold in the building, and alleges that employees were intentionally fired just before their stock options were vesting. In fact, his entire lawsuit is over just $165,000 worth of Apple common stock, plus $326,400 in damages, $32,640 in interest -- and resolution of an alleged patent-ownership issue.

Apple "declined to comment on the claims made in the lawsuit."

Slashdot Top Deals