DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Privacy

Some Of Hacker Group's Claims Of Having Access To 250M iCloud Accounts Aren't False (zdnet.com) 45

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, "the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services," and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site's password reset function. These accounts include "icloud.com," dating back to 2011, and legacy "me.com" and "mac.com" domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data "could be aggregated from various sources." We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.
Patents

Apple Explores Using An iPhone, iPad To Power a Laptop (appleinsider.com) 73

According to the U.S. Patent and Trademark Office, Apple has filed a patent for an "Electronic accessory device." It describes a "thin" accessory that contains traditional laptop hardware like a large display, physical keyboard, GPU, ports and more -- all of which is powered by an iPhone or iPad. The device powering the hardware would fit into a slot built into the accessory. AppleInsider reports: While the accessory can take many forms, the document for the most part remains limited in scope to housings that mimic laptop form factors. In some embodiments, for example, the accessory includes a port shaped to accommodate a host iPhone or iPad. Located in the base portion, this slot might also incorporate a communications interface and a means of power transfer, perhaps Lightning or a Smart Connector. Alternatively, a host device might transfer data and commands to the accessory via Wi-Fi, Bluetooth or other wireless protocol. Onboard memory modules would further extend an iOS device's capabilities. Though the document fails to delve into details, accessory memory would presumably allow an iPhone or iPad to write and read app data. In other cases, a secondary operating system or firmware might be installed to imitate a laptop environment or store laptop-ready versions of iOS apps. In addition to crunching numbers, a host device might also double as a touch input. For example, an iPhone positioned below the accessory's keyboard can serve as the unit's multitouch touchpad, complete with Force Touch input and haptic feedback. Coincidentally, the surface area of a 5.5-inch iPhone 7 Plus is very similar to that of the enlarged trackpad on Apple's new MacBook Pro models. Some embodiments also allow for the accessory to carry an internal GPU, helping a host device power the larger display or facilitate graphics rendering not possible on iPhone or iPad alone. Since the accessory is technically powered by iOS, its built-in display is touch-capable, an oft-requested feature for Mac. Alternatively, certain embodiments have an iPad serving as the accessory's screen, with keyboard, memory, GPU and other operating guts located in the attached base portion. This latter design resembles a beefed up version of Apple's Smart Case for iPad.
AI

Boy, 4, Uses Siri To Help Save Mum's Life (bbc.com) 137

A four-year-old boy saved his mother's life by using her thumb to unlock her iPhone and then asking it to call 999. From a report: Roman, who lives in Kenley, Croydon, south London, used the phone's voice control -- Siri -- to call emergency services. Police and paramedics were sent to the home and were able to give live-saving first aid to his mother.
Security

WikiLeaks' New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago (vice.com) 113

WikiLeaks said on Thursday morning it will release new documents it claims are from the Central Intelligence Agency which show the CIA had the capability to bug iPhones and Macs even if their operating systems have been deleted and replaced. From a report on Motherboard: "These documents explain the techniques used by CIA to gain 'persistenc'' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware," WikiLeaks stated in a press release. EFI and UEFI is the core firmware for Macs, the Mac equivalent to the Bios for PCs. By targeting the UEFI, hackers can compromise Macs and the infection persists even after the operating system is re-installed. The documents are mostly from last decade, except a couple that are dated 2012 and 2013. While the documents are somewhat dated at this point, they show how the CIA was perhaps ahead of the curve in finding new ways to hacking and compromising Macs, according to Pedro Vilaca, a security researcher who's been studying Apple computers for years. Judging from the documents, Vilaca told Motherboard in an online chat, it "looks like CIA were very early adopters of attacks on EFI."
Privacy

Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data (vice.com) 122

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.
Businesses

Apple iPad is a Faster, Cheaper iPad Air 2 (cnet.com) 103

Say good-bye to the iPad Air, it's just the iPad now. From a report on CNET: Apple announced on Tuesday morning that it will be dropping the price of the 9.7-inch iPad by $70. The tablet's A8X processor will be getting an upgrade too, jumping over to the A9 chip used in the iPad Pro. The upgrade will replace the iPad Air 2, but the iPad Mini 4 will live on, starting at $399. The updated pricing will start on Friday, at $329 for the 32GB model and $459 for the 32GB WiFi with cellular service model. It's Apple's cheapest iPad, after the company decided to replace the iPad Mini 2, which started at $269. Although Apple's iPad is leading the tablet market, it's still a tumbling one as demand takes a decline thanks to people holding onto their tablets longer.
Google

Google Maps Lets You Record Your Parking Location, Time Left At the Meter (techcrunch.com) 50

Google Maps has received a neat feature that will help users remember where they parked. "This appears as a new menu option when you tap the blue dot, and will place a 'P' icon on the map so you can find your way back to your spot," reports Ars Technica. From the report: Google had already introduced its own proactive parking saving feature via Google Now, but it had worked by tapping into your phone's sensors and making a determination that you had most likely parked at a given spot. Sometimes, you might see this information appear when it was unwarranted, however -- like if you got off a bus or exited a taxi, Google says. The new feature in Google Maps requires a manual entry, but this is actually a bit of an advantage over the guessing done by Google Now, because it allows you to input more information about your spot. Like Apple Maps, you can add notes about where you parked -- something that's helpful for jotting down cross streets or which floor of a garage you're on, for example. But Google Maps also supports adding multiple photos of your parking location -- a common way people often note the parking space number in the garage, and then, via a separate shot, the floor, row, aisle and/or color code for the garage level itself. In addition, Google's parking location saver will let you enter in how much time you have left at the spot. This is handy if you're in a temporary parking area (e.g. "two hour parking"), or at metered space. The time left is displayed on the map, and when it's due to expire, Google Maps will alert you via push notification.
United States

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk) 519

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
Android

Android Creator Lost Out On a Big Investment, and Apple May Be To Blame (cnbc.com) 74

Earlier this year, we learned that Andy Rubin, creator of the Android operating system, has built a new company called Essential. The company was reportedly working on a "high-end smartphone with a large edge-to-edge screen that lacks a surrounding bezel." It appears things aren't chugging along so smoothly. From a report: Andy Rubin, a co-creator of Android, lost out on a $100 million investment from SoftBank as Apple deepened ties with the Japanese investor, people familiar with the matter told The Wall Street Journal. Rubin's company, Essential Products, is reportedly planning to release a new high-end smartphone this spring, and SoftBank planned to market the phone in Japan, the Journal said. But Apple subsequently agreed to commit $1 billion to SoftBank's Vision Fund, a move that "complicated" SoftBank's investment in Essential Products, the Journal reported Monday. Apple did not directly block the deal, the Journal said, though Rubin's premium phone would be released ahead of the highly anticipated 10th anniversary iPhone. The deal was "nearly complete," sources told the Journal.
Desktops (Apple)

Popular Open-Source Audio Editor Audacity Adds Windows 10 Support, More Improvements (audacityteam.org) 102

Audacity, a popular open-source and cross-platform audio editor, has received a "maintenance" update that brings several improvements. Dubbed v2.1.3, the biggest new addition appears to be support for Windows 10 OS. For Mac users, Audacity now works in tandem with the Magic Mouse. "We now support Trackpad and Magic Mouse horizontal scroll without SHIFT key and Trackpad pinch and expand to zoom at the pointer," the release note says. We also have new "Scrub Ruler" and "Scrub Toolbar" scrubbing options in the application now. Read the full changelog here.
Businesses

Apple's Next Big Thing: Augmented Reality (bloomberg.com) 94

Apple is beefing up its staff with acquisitions and some big hires to help design augmented reality glasses and iPhone features, according to Bloomberg. From a report: Apple is working on "digital spectacles" that could connect to an iPhone and beam content like movies and maps, Bloomberg's Mark Gurman reported on Monday. The Cupertino, Calif.- based company is also working on augmented reality features for the iPhone that are similar to Snapchat, Bloomberg said. To make its augmented reality push, Apple has acquired augmented reality start-ups FlyBy Media and Metaio, and hired major players from Amazon, Facebook's Oculus, Microsoft's HoloLens, and Dolby.
Government

Apple Paid $0 In Taxes To New Zealand, Despite Sales of $4.2 Billion (nzherald.co.nz) 448

Apple paid no income tax to New Zealand's Inland Revenue Department for the last 10 years, according to an article shared by sit1963nz, prompting calls for the company to "do the right thing" even from some American-based Apple users. From the New Zealand Herald: Bryan Chaffin of The Mac Observer, an Apple community blog site founded in 1998...wrote that Apple was the largest taxpayer in the United States, but 'pays next to nothing in most parts of the world... [L]ocal taxes matter. Roads matter. Schools matter. Housing authorities matter. Health care matters. Regulation enforcement matters. All of the things that support civil society matter. Apple's profits are made possible by that civil society, and the company should contribute its fair share.'"
Apple's accounts "show apparent income tax payments of $37 million," according to an earlier article, "but a close reading shows this sum was actually sent abroad to the Australian Tax Office, an arrangement that has been in place since at least 2007. Had Apple reported the same healthy profit margin in New Zealand as it did for its operations globally it would have paid $356 million in taxes over the period."

"It is absolutely extraordinary that they are able to get away with paying zero tax in this country," said Green Party co-leader James Shaw. "I really like Apple products -- they're incredibly innovative -- but it looks like their tax department is even more innovative than their product designers."
Microsoft

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com) 227

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."
Iphone

Inside a Phishing Gang That Targets Victims of iPhone Theft (krebsonsecurity.com) 15

tsu doh nimh writes: Brian Krebs has a readable and ironic story about a phishing-as-a-service product that iPhone thieves can use to phish the Apple iCloud credentials from people who have recently had an iPhone lost or stolen. The phishing service -- which charged as much as $120 for successful phishing attempts targeting iPhone 6s users -- was poorly secured, and a security professional that Krebs worked with managed to guess several passwords for users on the service. From there, the story looks at how this phishing service works, how it tracks victims, and ultimately how one of its core resellers phished his own iCloud account and inadvertently gave his exact location as a result. An excerpt from the report via Krebs On Security: "Victims of iPhone theft can use the Find My iPhone feature to remotely locate, lock or erase their iPhone -- just by visiting Apple's site and entering their iCloud username and password. Likewise, an iPhone thief can use those iCloud credentials to remotely unlock the victim's stolen iPhone, wipe the device, and resell it. As a result, iPhone thieves often subcontract the theft of those credentials to third-party iCloud phishing services. This story is about one of those services..."
The Almighty Buck

Apple Found Guilty of Russian Price-Fixing (bbc.com) 49

An anonymous reader shares a BBC report: Russia's competition watchdog has found that Apple fixed the prices of certain iPhone models sold in the country. The Federal Anti-Monopoly Service (Fas) said that Apple's local subsidiary told 16 retailers to maintain the recommended prices of phones in the iPhone 5 and iPhone 6 families. Non-compliance with the pricing guidelines may have led to the termination of contracts, it found. At the time of the investigation, Apple denied that it controlled its products' pricing, telling Reuters that resellers "set their own prices for the Apple products they sell in Russia and around the world." The regulator said Apple had now ended its price-fixing practices but has not said whether the company faces a fine. The FAS claimed that Apple Rus monitored the retail prices for the iPhone 5c, 5s, 6, 6 Plus, 6s and 6s Plus.
Android

Kickstarter Campaign Aims To Add a Full Android Device To the Back of Your iPhone (macrumors.com) 158

A new Kickstarter campaign aims to expand the iPhone's functionality with its "Eye Smart iPhone Case," which features a fully functional Android device built into the case itself. The campaign was launched on March 1 and has already raised over $100,000. Mac Rumors reports: An always-on 5-inch AMOLED display is built into the case, which runs the Android 7.1 Nougat operating system. The case connects to the iPhone using its Lightning port to enable file transfers, power delivery, and more. A microSD card slot provides up to 256GB of storage for holding photos, videos, and other media, all of which is accessible using the Android file explorer. A built-in 2,800 mAh battery provides additional charge to the iPhone, and the Eye case itself supports Qi wireless charging. Two SIM card slots are included, and higher-end models support 4G LTE connectivity, so up to three phone numbers can be used with an iPhone. Android exclusive features, like native call recording, the file explorer, customization, file transfers, and Android apps are all made available to iPhone users via the Eye case. A 3.5mm headphone jack lets iPhone owners with an iPhone 7 or an iPhone 7 Plus to use wired headphones with the device, and the Eye case includes NFC, an IR blaster and receiver for controlling TVs and other devices, and a car mount. It's available for the iPhone 6 and later, and will allegedly be available for the new wave of iPhones coming in 2017 within a month of their release. The Smart iPhone Case is available for a Super early bird pledge of $95, with prices going up for 4G connectivity. The estimated retail price is between $189 and $229.
Government

Apple, Amazon, and Microsoft Are Helping Google Fight an Order To Hand Over Foreign Emails (businessinsider.com) 67

Apple, Microsoft, Amazon, and Cisco have filed an amicus brief in support of Google, after a Pennsylvania court ruled that the company had to hand over emails stored overseas in response to an FBI warrant. From a report: An amicus brief is filed by people or companies who have an interest in the case, but aren't directly involved. In this case, it's in Silicon Valley's interest to keep US law enforcement from accessing customer data stored outside the US. It isn't clear what data Google might have to hand over and, last month, the company said it would fight to the order. In the brief, the companies argue: "When a warrant seeks email content from a foreign data center, that invasion of privacy occurs outside the United States -- in the place where the customers' private communications are stored, and where they are accessed, and copied for the benefit of law enforcement, without the customer's consent."
Intel

Intel Security Releases Detection Tool For EFI Rootkits After CIA Leak (pcworld.com) 159

After WikiLeaks revealed data exposing information about the CIA's arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant." The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.
Desktops (Apple)

MAC Address Randomization Flaws Leave Android and iOS Phones Open To Tracking (theregister.co.uk) 56

New submitter cryptizard writes: Modern Android and iOS versions include a technology called MAC address randomization to prevent passive tracking of users as they move from location to location. Unfortunately, researchers have revealed that this technology is implemented sporadically by device manufacturers and is often deployed with significant flaws that allow it to be easily defeated. A research paper [published by U.S. Naval Academy researchers] highlights a number of flaws in both Android and iOS that allow an adversary to track users even when their phones are using randomized MAC addresses. Most significantly, they demonstrate that a flaw in the way wireless chipsets handle low-level control messages can be exploited to track 100% of devices, regardless of manufacturer or operating system.
Operating Systems

Apple Says It's Already Fixed Many WikiLeaks Security Issues (usatoday.com) 109

An anonymous reader quotes a report from USA Today: Apple says many of the vulnerabilities to its devices and software that came to light in WikiLeaks' revelations of CIA cyber weapons were already fixed in its latest updates. Late Tuesday, Apple emailed the following statement to USA TODAY: "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest OS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates." For its part, Samsung emailed its own statement Wednesday: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

Slashdot Top Deals