Apple

App Store To Be 'Split in Two' Ahead of EU iPhone Sideloading Deadline (macrumors.com) 29

Apple is preparing to split the App Store "in two" in the coming weeks ahead of European Union requirements that will force Apple to enable app sideloading in the region, Bloomberg's Mark Gurman reports. From a report: In the latest edition of his "Power On" newsletter, Gurman explained that Apple is gearing up to make changes to the App Store in the EU to comply with the region's impending Digital Markets Act (DMA). Apple is apparently planning to roll out adjustments to comply with the new legal requirements in the coming weeks, including splitting off the App Store in the EU from the rest of the world. The deadline for Apple to comply with the DMA is March 7, so the company has just over seven weeks to enact the changes.
Businesses

Apple Undergoes Its Biggest Board Shakeup In Years (fortune.com) 21

Mark Gurman reports via Bloomberg: In one of Apple's biggest board shake-ups in years (Warning: source may be paywalled; alternative source), longtime directors Al Gore and James Bell will be retiring from the company, with former Aerospace Corp. Chief Executive Officer Wanda Austin coming aboard. The company made the announcement Thursday, citing a policy of directors not standing for reelection after the age of 75. Bell, a former Boeing Co. executive, joined the Apple board in 2015, while former US Vice President Gore has been a director for more than two decades. Both men are 75.

The upheaval is unusual for Apple's board, which rarely has more than one retirement at a time. Gore was the longest-serving member -- having joined in 2003, when co-founder Steve Jobs was CEO and the iPhone didn't yet exist. "Al has contributed an incredible amount to our work -- from his unconditional support for protecting our users' privacy, to his incomparable knowledge of environment and climate issues," Apple CEO Tim Cook said in a statement. "James's dedication has been extraordinary, and we're thankful for the important perspectives and deep expertise he's offered on audit, finance, and so much more over the years."

Austin, the new nominee, has a significant track record of "advancing innovation and shaping corporate strategy," Apple said. She has long been a major proponent of US space exploration efforts, though that's not an area that Apple is directly involved in. She will be up for election at the company's annual shareholder meeting on Feb. 28. In spite of the age policy, another director, Ronald Sugar, is turning 76 this year and not slated to leave the board. Apple said that Sugar is remaining "in consideration of the significant recent transitions in board composition and the value of retaining directors who have developed deep insights into the company during their tenure." Given Apple's rationale for retaining Sugar, it's unclear if the policy will apply to Chairman Arthur Levinson, who turns 75 next year.

Privacy

Apple Knew AirDrop Users Could Be Identified and Tracked as Early as 2019 (cnn.com) 27

Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, the researchers told CNN, in a case that experts say has sweeping implications for global privacy. From a report: The Chinese government's actions targeting a tool that Apple customers around the world use to share photos and documents -- and Apple's apparent inaction to address the flaws -- revive longstanding concerns by US lawmakers and privacy advocates about Apple's relationship with China and about authoritarian regimes' ability to twist US tech products to their own ends.

AirDrop lets Apple users who are near each other share files using a proprietary mix of Bluetooth and other wireless connectivity without having to connect to the internet. The sharing feature has been used by pro-democracy activists in Hong Kong and the Chinese government has cracked down on the feature in response. A Chinese tech firm, Beijing-based Wangshendongjian Technology, was able to compromise AirDrop to identify users on the Beijing subway accused of sharing "inappropriate information," judicial authorities in Beijing said this week. Although Chinese officials portrayed the exploit as an effective law enforcement technique, internet freedom advocates are urging Apple to address the issue quickly and publicly.

Transportation

Polestar CEO Promises To Keep Apple CarPlay and Android Auto Around (techcrunch.com) 30

An anonymous reader quotes a report from TechCrunch: Polestar CEO Thomas Ingenlath couldn't be happier with the integration of Google built-in, the branded product that embeds Google apps and services directly into the company's EVs. But don't expect the EV maker to drop Android Auto or Apple CarPlay as a result. On the sidelines of CES 2024, Ingenlath committed to sticking with Android Auto and Apple CarPlay, the middleware that allows drivers to project their smartphone onto the car's infotainment display. He went a step further and questioned automakers that have. GM, for instance, decided not to make the new 2024 Chevy Blazer EV compatible with Android Auto or Apple CarPlay.

"It's still too important for our customers to have the choice," Ingenlath said during an interview at CES 2024. He later added that, in his view, removing the option isn't the right way of treating customers. "Our priority is very clear; We have a really fantastic system together with Google," he said. While Ingenlath admitted that adding that Google Built-in provides the best experience, he asked "why would we try to dogmatically educate our customers?" Polestar has been a champion of Google built-in. However, it's willingness to keep Android Auto and Apple CarPlay is notable because it illustrates the complexity of appeasing customers even if it might overshadow the native technology in the vehicle.
"Ingenlath seems convinced that as Google built-in improves and continues to add apps and services, consumers will give up Android Auto or Apple CarPlay on there own," adds TechCrunch. "And the updates do keep coming."

"At CES 2024, for instance, Polestar announced that the Chrome browser would start rolling out to Polestar 2 in beta, allowing drivers to surf the internet via the central vehicle display while parked. Ingenlath hinted of more improvements in the future, including more precise navigation in Google Maps that drills down to the specific lane as well as customized features designed for Polestar customers."
Microsoft

Microsoft Dethrones Apple as the Largest US Company 52

The stock market has a new, but familiar, monarch. Microsoft's AI-powered stock rally has made the software giant the largest U.S. company by market value, surpassing Apple for the first time since November 2021. WSJ: Shares edged higher Thursday morning, bringing Microsoft's market value to nearly $2.87 trillion. Apple, meanwhile, fell 1%, pulling its market capitalization just below that threshold. Either Apple or Microsoft has held the title since Feb. 4, 2019, according to Dow Jones Market Data. Microsoft's stock has been on the rise for the past year thanks to the continued growth of its cloud computing division, even as major competitors like Amazon and Google have experienced a gradual slowdown in sales growth.
China

AirDrop 'Cracked' By Chinese Authorities To Identify Senders (macrumors.com) 25

According to Bloomberg, Apple's AirDrop feature has been cracked by a Chinese state-backed institution to identify senders who share "undesirable content". MacRumors reports: AirDrop is Apple's ad-hoc service that lets users discover nearby Macs and iOS devices and securely transfer files between them over Wi-Fi and Bluetooth. Users can send and receive photos, videos, documents, contacts, passwords and anything else that can be transferred from a Share Sheet. Apple advertises the protocol as secure because the wireless connection uses Transport Layer Security (TLS) encryption, but the Beijing Municipal Bureau of Justice (BMBJ) says it has devised a way to bypass the protocol's encryption and reveal identifying information.

According to the BMBJ's website, iPhone device logs were analyzed to create a "rainbow table" which allowed investigators to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop content senders. The "technological breakthrough" has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added. "It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences," the bureau added.

It is not known if the security flaw in the AirDrop protocol has been exploited by a government agency before now, but it is not the first time a flaw has been discovered. In April 2021, German researchers found that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information. According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it.

Apple

Apple Tells Developers Not To Call Their AR or VR Apps AR or VR Apps (engadget.com) 122

With Apple's Vision Pro VR/AR headset set to go on sale on February 2, we're starting to see more details about the app requirements. From a report: The company has released guidelines for visionOS developers planning to release apps and there's one strange caveat. It would rather developers don't use the terms AR and VR when referring to Vision Pro apps, but rather call them "spatial computing apps," according to the developer page.

"Spatial computing: Refer to your app as a spatial computing app. Don't describe your app experience as augmented reality (AR), virtual reality (VR), extended reality (XR), or mixed reality (MR)," the company states. The headset itself should be called "Apple Vision Pro" with three uppercase words, while "visionOS begins with a lowercase v, even when it's the first word in a sentence." The terms should never be translated or transliterated, Apple added.

Iphone

iPhone Survives 16,000-Foot Fall From Alaska Air Flight (bloomberg.com) 76

An anonymous reader shares a report: Among the harrowing details of the blown-off fuselage panel that triggered a sudden decompression event on Alaska Airlines Flight 1282, one revelation seemed to defy the laws of physics: one of the mobile phones that had been sucked out of the Boeing 737 Max 9 jet's cabin remained in functioning condition after a 16,000-foot tumble. A new-generation Apple iPhone landed intact, unlocked and with hours of battery life remaining on a Portland, Oregon roadside, according to a post on X by a user calling himself Seanathan Bates, who said he discovered the device. The screen showed an email from Alaska Airlines about a baggage claim for the flight, based on Bates' photos.

The phone was in airplane mode, Bates said in a TikTok video. "It was still pretty clean, no scratches on it, sitting under a bush and it didn't have a screenlock on it," he said. The National Transportation Safety Board confirmed at a briefing on Sunday that one phone was found on the side of a road and another in a yard. The people have handed in both of the devices, NTSB Chair Jennifer Homendy told reporters.

Businesses

Will Microsoft Overtake Apple as the World's Most Valuable Company? (appleinsider.com) 101

"As Microsoft stock rises and Apple's falls over analysts expectation of slowing iPhone demand, the two firms are once more within $100 billion of each other — the smallest gap in over two years..." writes the blog Apple Insider: In August 2020, Apple became the first publicly-traded US company to reach a $2 trillion market cap, and Microsoft became the second one in June 2021. Later in October 2021, Microsoft took over the top spot, and for a time was move valuable than Apple by $100 billion. While the values of the two firms have continually changed, Microsoft is now worth just $100 billion less than Apple, according to MarketWatch. Microsoft is valued at $2.73 trillion, while Apple — fallen from its recent $3 trillion high — is currently at $2.83 trillion.

MarketWatch notes that Microsoft's stock rose 57% in 2023, compared to Apple's which rose 48%. Microsoft shares have also reportedly seen what are described as slimmer losses at the start of 2024. Apple, on the other hand, has seen its shares take a considerable drop in recent days. The first hit was taken following a claim by Barclays that iPhone demand is weakening and that the iPhone 16 range will not offer any compelling new features to tempt upgraders.

The analyst view that Apple is dependent on iPhone sales is part of why Microsoft is doing better. Analysts see Microsoft has being less attached to any hardware, and more attached to subscription software such as Office 365, and so therefore less attached to any falling demand for phones or computers. And, Microsoft has launched an AI tool in Copilot, while Apple has not unveiled any similar ChatGPT-style app or service.

Apple

Apple Revives Old Fight With Hey Email App (theverge.com) 44

Shortly after the premium email service Hey announced a standalone Hey Calendar app, co-founder David Heinemeier Hansson said it was rejected by Apple for violating App Store rules.

"Apple just called to let us know they're rejecting the HEY Calendar app from the App Store (in current form)," wrote DHH on X. "Same bullying tactics as last time: Push delicate rejections to a call with a first-name-only person who'll softly inform you it's your wallet or your kneecaps. Since it's clear we're never going to pay them the extortionate 30% ransom, they're back to the bullshit about 'the app doesn't do anything when you download it.' Despite the fact that after last time, they specifically carved out HEY in App Store Review Guidelines 3.1.3 (f)!" The Verge's Amrita Khalid reports: New users can't sign up for Hey Calendar directly on the app -- Basecamp, which makes Hey, makes users first sign up through a browser. Apple's App Store rules require most paid services to offer users the ability to pay and sign up through the app, ensuring the company gets up to a 30 percent cut. The controversial rule has a ton of gray areas and carve-outs (i.e. reader apps like Spotify and Kindle get an exception) and is the subject of antitrust fights in multiple countries. But as Hansson detailed on X and in a subsequent blog post, he found Apple's rejection insulting for another reason. Close to four years ago, the company rejected Hey's original iOS app for its email service for the exact same reason.

The outcome of the 2020 fight actually worked out in Hey's favor. After days of back and forth between Apple's App Store Review Board and Basecamp, the Hey team agreed to a rather creative solution suggested by Apple exec Phil Schiller. Hey would offer a free option for the iOS app, allowing new users to sign up directly. But the company had a slight twist -- users who signed up via the iOS app got a free, temporary randomized email address that worked for 14 days -- after which they had to pay to upgrade. Currently, Hey email users can only pay for an account through the browser. Following the saga with Hey, Apple made a carve-out to its App Store rules that stated that free companion apps to certain types of paid web services were not required to have an in-app payment mechanism. But, as Hansson mentions on X, a calendar app wasn't mentioned in the list of services that Apple now makes an exception for, which includes VOIP, cloud storage, web hosting -- and of course -- email.
Hansson plans to fight Apple's decision without elaborating on exactly how he intends to do so.
Government

US Moves Closer To Filing Sweeping Antitrust Case Against Apple (nytimes.com) 119

An anonymous reader quotes a report from the New York Times: The Justice Department is in the late stages of an investigation into Apple and could file a sweeping antitrust case taking aim at the company's strategies to protect the dominance of the iPhone as soon as the first half of this year, said three people with knowledge of the matter. The agency is focused on how Apple has used its control over its hardware and software to make it more difficult for consumers to ditch the company's devices, as well as for rivals to compete, said the people, who spoke anonymously because the investigation was active. Specifically, investigators have examined how the Apple Watch works better with the iPhone than with other brands, as well as how Apple locks competitors out of its iMessage service. They have also scrutinized Apple's payments system for the iPhone, which blocks other financial firms from offering similar services, these people said.

The Justice Department is closing in on what would be the most consequential federal antitrust lawsuit challenging Apple, which is the most valuable tech company in the world. If the lawsuit is filed, American regulators will have sued four of the biggest tech companies for monopolistic business practices in less than five years. The Justice Department is currently facing off against Google in two antitrust cases, focused on its search and ad tech businesses, while the Federal Trade Commission has sued Amazon and Meta for stifling competition. The Apple suit would likely be even more expansive than previous challenges to the company, attacking its powerful business model that draws together the iPhone with devices like the Apple Watch and services like Apple Pay to attract and keep consumers loyal to its products. Rivals have said that they have been denied access to key Apple features, like the Siri virtual assistant, prompting them to argue the practices are anticompetitive.

Businesses

Apple's $85 Billion-a-Year Services Business Faces Legal Reckoning (ft.com) 150

Apple faces mounting regulatory scrutiny that threatens over $85 billion in annual services revenue. An antitrust trial against Google in the U.S. revealed multi-billion dollar payments to Apple to be the iPhone's default search engine. A plaintiff victory may halt the payments, estimated at one-quarter of Apple's services income. Meanwhile, Apple's App Store dominance draws Biden administration and EU oversight, with the EU enforcing changes. The landmark Google case and actions across Apple's two biggest markets represent growing legal and regulatory headwinds challenging the company's services growth strategy. FT adds: In the EU, Apple is preparing to allow "sideloading," which enables iPhone users to bypass its store and download apps from elsewhere. This will breach, for the first time, the walled-off ecosystem that the company has protected since Steve Jobs unveiled the iPhone in 2007. Apple has dragged its feet on this issue, since it maintains the practice will create security risks to its system.

Sideloading could have an impact on the App Store, where Apple charges developers as much as a 30 per cent fee on digital purchases. Games account for more than half of that revenue. Google's Play Store, which charges a similar fee, is also in the spotlight after it lost a landmark trial against Epic Games in California in December. Apple draws between $6bn and $7bn in commission fees from the App Store globally each quarter, according to Sensor Tower estimates. Competitors are pushing to earn some of that share and launch rival app stores and payment methods on Apple devices. Microsoft is talking to partners about launching its own mobile store.

Security

Amnesty International Confirms Apple's Warning to Journalists About Spyware-Infected iPhones (techcrunch.com) 75

TechCrunch reports: Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi's government. Officials publicly doubted Apple's findings and announced a probe into device security.

India has never confirmed nor denied using the Pegasus tool, but nonprofit advocacy group Amnesty International reported Thursday that it found NSO Group's invasive spyware on the iPhones of prominent journalists in India, lending more credibility to Apple's early warnings. "Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said Donncha Ã" Cearbhaill, head of Amnesty International's Security Lab, in the blog post.

Cloud security company Lookout has also published "an in-depth technical look" at Pegasus, calling its use "a targeted espionage attack being actively leveraged against an undetermined number of mobile users around the world." It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple's built-in messaging and email apps, and others. It steals the victim's contact list and GPS location, as well as personal, Wi-Fi, and router passwords stored on the device...

According to news reports, NSO Group sells weaponized software that targets mobile phones to governments and has been operating since 2010, according to its LinkedIn page. The Pegasus spyware has existed for a significant amount of time, and is advertised and sold for use on high-value targets for multiple purposes, including high-level espionage on iOS, Android, and Blackberry.

Thanks to Slashdodt reader Mirnotoriety for sharing the news.
Desktops (Apple)

Inside Apple's Massive Push To Transform the Mac Into a Gaming Paradise (inverse.com) 144

Apple is reinvesting in gaming with advanced Mac hardware, improvements to Apple silicon, and gaming-focused software, aiming not to repeat its past mistakes and capture a larger share of the gaming market. In an article for Inverse, Raymond Wong provides an in-depth overview of this endeavor, including commentary from Apple's marketing managers Gordon Keppel, Leland Martin, and Doug Brooks. Here's an excerpt from the report: Gaming on the Mac in the 1990s until 2020, when Apple made a big shift to its own custom silicon, could be boiled down to this: Apple was in a hardware arms race with the PC that it couldn't win. Mac gamers were hopeful that the switch from PowerPC to Intel CPUs starting in 2005 would turn things around, but it didn't because by then, GPUs started becoming the more important hardware component for running 3D games, and the Mac's support for third-party GPUs could only be described as lackluster. Fast forward to 2023, and Apple has a renewed interest in gaming on the Mac, the likes of which it hasn't shown in the last 25 years. "Apple silicon has changed all that," Keppel tells Inverse. "Now, every Mac that ships with Apple silicon can play AAA games pretty fantastically. Apple silicon has been transformative of our mainstream systems that got tremendous boosts in graphics with M1, M2, and now with M3."

Ask any gadget reviewer (including myself) and they will tell you Keppel isn't just drinking the Kool-Aid because Apple pays him to. Macs with Apple silicon really are performant computers that can play some of the latest PC and console games. In three generations of desktop-class chip design, Apple has created a platform with "tens of millions of Apple silicon Macs," according to Keppel. That's tens of millions of Macs with monstrous CPU and GPU capabilities for running graphics-intensive games. Apple's upgrades to the GPUs on its silicon are especially impressive. The latest Apple silicon, the M3 family of chips, supports hardware-accelerated ray-tracing and mesh shading, features that only a few years ago didn't seem like they would ever be a priority, let alone ones that are built into the entire spectrum of MacBook Pros.

The "magic" of Apple silicon isn't just performance, says Leland Martin, an Apple software marketing manager. Whereas Apple's fallout with game developers on the Mac previously came down to not supporting specific computer hardware, Martin says Apple silicon started fresh with a unified hardware platform that not only makes it easier for developers to create Mac games for, but will allow for those games to run on other Apple devices. "If you look at the Mac lineup just a few years ago, there was a mix of both integrated and discrete GPUs," Martin says. "That can add complexity when you're developing games. Because you have multiple different hardware permutations to consider. Today, we've effectively eliminated that completely with Apple silicon, creating a unified gaming platform now across iPhone, iPad, and Mac. Once a game is designed for one platform, it's a straightforward process to bring it to the other two. We're seeing this play out with games like Resident Evil Village that launched first [on Mac] followed by iPhone and iPad."

"Gaming was fundamentally part of the Apple silicon design,â Doug Brooks, also on the Mac product marketing team, tells Inverse. "Before a chip even exists, gaming is fundamentally incorporated during those early planning stages and then throughout development. I think, big picture, when we design our chips, we really look at building balanced systems that provide great CPU, GPU, and memory performance. Of course, [games] need powerful GPUs, but they need all of those features, and our chips are designed to deliver on that goal. If you look at the chips that go in the latest consoles, they look a lot like that with integrated CPU, GPU, and memory." [...] "One thing we're excited about with this most recent launch of the M3 family of chips is that we're able to bring these powerful new technologies, Dynamic Caching, as well as ray-tracing and mesh shading across our entire line of chips," Brook adds. "We didn't start at the high end and trickle them down over time. We really wanted to bring that to as many customers as possible."

Privacy

Researchers Come Up With Better Idea To Prevent AirTag Stalking (arstechnica.com) 29

An anonymous reader quotes a report from Ars Technica: Apple's AirTags are meant to help you effortlessly find your keys or track your luggage. But the same features that make them easy to deploy and inconspicuous in your daily life have also allowed them to be abused as a sinister tracking tool that domestic abusers and criminals can use to stalk their targets. Over the past year, Apple has taken protective steps to notify iPhone and Android users if an AirTag is in their vicinity for a significant amount of time without the presence of its owner's iPhone, which could indicate that an AirTag has been planted to secretly track their location. Apple hasn't said exactly how long this time interval is, but to create the much-needed alert system, Apple made some crucial changes to the location privacy design the company originally developed a few years ago for its "Find My" device tracking feature. Researchers from Johns Hopkins University and the University of California, San Diego, say, though, that they've developed (PDF) a cryptographic scheme to bridge the gap -- prioritizing detection of potentially malicious AirTags while also preserving maximum privacy for AirTag users. [...]

The solution [Johns Hopkins cryptographer Matt Green] and his fellow researchers came up with leans on two established areas of cryptography that the group worked to implement in a streamlined and efficient way so the system could reasonably run in the background on mobile devices without being disruptive. The first element is "secret sharing," which allows the creation of systems that can't reveal anything about a "secret" unless enough separate puzzle pieces present themselves and come together. Then, if the conditions are right, the system can reconstruct the secret. In the case of AirTags, the "secret" is the true, static identity of the device underlying the public identifier that is frequently changing for privacy purposes. Secret sharing was conceptually useful for the researchers to employ because they could develop a mechanism where a device like a smartphone would only be able to determine that it was being followed around by an AirTag with a constantly rotating public identifier if the system received enough of a certain type of ping over time. Then, suddenly, the suspicious AirTag's anonymity would fall away and the system would be able to determine that it had been in close proximity for a concerning amount of time.

Green notes, though, that a limitation of secret sharing algorithms is that they aren't very good at sorting and parsing inputs if they're being deluged by a lot of different puzzle pieces from all different puzzles -- the exact scenario that would occur in the real world where AirTags and Find My devices are constantly encountering each other. With this in mind, the researchers employed a second concept known as "error correction coding," which is specifically designed to sort signal from noise and preserve the durability of signals even if they acquire some errors or corruptions. "Secret sharing and error correction coding have a lot of overlap," Green says. "The trick was to find a way to implement it all that would be fast, and where a phone would be able to reassemble all the puzzle pieces when needed while all of this is running quietly in the background."
The researchers published (PDF) their first paper in September and submitted it to Apple. More recently, they notified the industry consortium about the proposal.
Government

India Targets Apple Over Its Phone Hacking Notifications (washingtonpost.com) 100

In October, Apple issued notifications warning over a half dozen India lawmakers of their iPhones being targets of state-sponsored attacks. According to a new report from the Washington Post, the Modi government responded by criticizing Apple's security and demanding explanations to mitigate political impact (Warning: source may be paywalled; alternative source). From the report: Officials from the ruling Bharatiya Janata Party (BJP) publicly questioned whether the Silicon Valley company's internal threat algorithms were faulty and announced an investigation into the security of Apple devices. In private, according to three people with knowledge of the matter, senior Modi administration officials called Apple's India representatives to demand that the company help soften the political impact of the warnings. They also summoned an Apple security expert from outside the country to a meeting in New Delhi, where government representatives pressed the Apple official to come up with alternative explanations for the warnings to users, the people said. They spoke on the condition of anonymity to discuss sensitive matters. "They were really angry," one of those people said.

The visiting Apple official stood by the company's warnings. But the intensity of the Indian government effort to discredit and strong-arm Apple disturbed executives at the company's headquarters, in Cupertino, Calif., and illustrated how even Silicon Valley's most powerful tech companies can face pressure from the increasingly assertive leadership of the world's most populous country -- and one of the most critical technology markets of the coming decade. The recent episode also exemplified the dangers facing government critics in India and the lengths to which the Modi administration will go to deflect suspicions that it has engaged in hacking against its perceived enemies, according to digital rights groups, industry workers and Indian journalists. Many of the more than 20 people who received Apple's warnings at the end of October have been publicly critical of Modi or his longtime ally, Gautam Adani, an Indian energy and infrastructure tycoon. They included a firebrand politician from West Bengal state, a Communist leader from southern India and a New Delhi-based spokesman for the nation's largest opposition party. [...] Gopal Krishna Agarwal, a national spokesman for the BJP, said any evidence of hacking should be presented to the Indian government for investigation.

The Modi government has never confirmed or denied using spyware, and it has refused to cooperate with a committee appointed by India's Supreme Court to investigate whether it had. But two years ago, the Forbidden Stories journalism consortium, which included The Post, found that phones belonging to Indian journalists and political figures were infected with Pegasus, which grants attackers access to a device's encrypted messages, camera and microphone. In recent weeks, The Post, in collaboration with Amnesty, found fresh cases of infections among Indian journalists. Additional work by The Post and New York security firm iVerify found that opposition politicians had been targeted, adding to the evidence suggesting the Indian government's use of powerful surveillance tools. In addition, Amnesty showed The Post evidence it found in June that suggested a Pegasus customer was preparing to hack people in India. Amnesty asked that the evidence not be detailed to avoid teaching Pegasus users how to cover their tracks.
"These findings show that spyware abuse continues unabated in India," said Donncha O Cearbhaill, head of Amnesty International's Security Lab. "Journalists, activists and opposition politicians in India can neither protect themselves against being targeted by highly invasive spyware nor expect meaningful accountability."
Apple

Apple Vision Pro Tipped For Late January, Early February Release (techcrunch.com) 35

The Vision Pro, Apple's first "spatial computing" device that costs $3,499, is expected to have a "late-January/early-February" release date, according to Apple analyst Ming-Chi Kuo. "The analyst says that the first wave of Vision Pros are being shipped to Apple in about a month, with total shipments numbering around 500,000 for the full year," adds TechCrunch. From the report: The company's precise target for the year remains an open-ended question. About a month after the device was revealed, reports suggested that Apple has scaled back expectations from around one million to "fewer than 400,000." Even the updated 500,000 figure is small for a company of Apple's massive size and influence. Keep in mind that the company should be shipping more than 200 million iPhones this calendar year.

The Vision Pro, however, is widely regarded as the biggest gambit of Tim Cook's 12-year tenure as CEO. Not only is it an entirely new category and form factor for the company, it's also prohibitively priced, even for customers accustomed to shelling out extra for apple products. Add to that VR's decades-long failure to live up to expectations, and you've got a big uphill fight on your hands. Kuo refers to Vision Pro as "Apple's most important product of 2024." Given the years of speculation and all the time and money the company has no doubt poured into the headset, it's a tough statement to argue.

Apple

Apple Watch Import Ban Temporarily Stopped By US Appeals Court (cnbc.com) 17

An appeals court on Wednesday temporarily stopped the import ban on Apple's latest Apple Watches, allowing the company to continue selling the wearables. CNBC reports: Apple stopped selling its Series 9 and Ultra 2 watches last week in response to an International Trade Commission order in October that found the blood oxygen sensor in the devices had infringed on intellectual property from Masimo, a medical technology company that sells to hospitals. "The motion for an interim stay is granted to the extent that the Remedial Orders are temporarily stayed," a court filing Wednesday said.

On Monday, the Biden administration declined to pause the ITC ban. Apple filed the appeal with the U.S. Court of Appeals for the Federal Circuit on Tuesday. The company continues to seek a longer stay. The ITC will need to reply by Jan. 10. The stay means Apple may be able to sell the latest models of one of its most important products during the busiest time of the year. Apple Watch sales are reported as part of Apple's wearables business, which reported $39.8 billion in sales in Apple's fiscal 2023, which ended in September.

Iphone

4-Year Campaign Backdoored iPhones Using Possibly the Most Advanced Exploit Ever (arstechnica.com) 57

Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of. ArsTechnica: "The exploit's sophistication and the feature's obscurity suggest the attackers had advanced technical capabilities," Kaspersky researcher Boris Larin wrote in an email. "Our analysis hasn't revealed how they became aware of this feature, but we're exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering."

Other questions remain unanswered, wrote Larin, even after about 12 months of intensive investigation. Besides how the attackers learned of the hardware feature, the researchers still don't know what, precisely, its purpose is. Also unknown is if the feature is a native part of the iPhone or enabled by a third-party hardware component such as ARM's CoreSight. The mass backdooring campaign, which according to Russian officials also infected the iPhones of thousands of people working inside diplomatic missions and embassies in Russia, according to Russian government officials, came to light in June. Over a span of at least four years, Kaspersky said, the infections were delivered in iMessage texts that installed malware through a complex exploit chain without requiring the receiver to take any action. With that, the devices were infected with full-featured spyware that, among other things, transmitted microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers. Although infections didn't survive a reboot, the unknown attackers kept their campaign alive simply by sending devices a new malicious iMessage text shortly after devices were restarted.

Slashdot Top Deals