"The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented 'backdoor' that could be leveraged for attacks," writes BleepingComputer.

"The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence." This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid. "Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer. "Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls...."

Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs. Armed with this new tool, which enables raw access to Bluetooth traffic, Targolic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions. In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake.
Thanks to Slashdot reader ZipNada for sharing the news.

Equuleus42 (Slashdot reader #723) brings word that the Electronic Frontier Foundation (EFF) is sharing a new tool for fighting back against cellphone surveillance by Stingray cell-site simulators.

Android Authority reports: "Rayhunter" uses an open-source software package designed to look for evidence of IMSI catchers in action, running on an old Orbic Speed RC400L mobile hotspot. The great thing about that choice is that you can pick one up for practically nothing — we're seeing them listed for barely over $10 on Amazon, and you can find them even cheaper on eBay. There's an installation script for Macs and Linux to automate getting set up, but once the Orbic is flashed with the Rayhunter software, it should be ready go, collecting data about sketchy-looking "cell towers" it picks up.

Right now, much of the use of IMSI catchers is still shrouded in mystery, with the groups who regularly employ them extremely hesitant to disclose their methods. As a result, a big focus of this EFF project is just getting more info on how and where these are actually used, giving protestors a better sense of the steps they'll need to take if they want to protect their privacy.

Realme plans to double smartphone battery capacity to 10,000mAh within its three-year strategic roadmap, the company said at tradeshow MWC on Tuesday. Current flagship devices typically offer 5,000mAh, while Realme's latest models already ship with 6,000mAh cells. The company expects to implement 7,500mAh batteries next year before reaching the 10,000mAh target, PCMag reported, citing the firm.

Lenovo demonstrated "a laptop with a foldable screen and one that can get extra battery life from solar power," reports CNBC, emphasizing that "These laptops are just concepts, meaning they are not commercially available."

But "Lenovo, the world's biggest PC maker, has a history of showing off imaginative concepts with some becoming reality, so it's worth keeping an eye on what the Chinese technology giant is up to..." The latest concepts were unveiled at the Mobile World Congress trade show in Barcelona... When fully unfolded, the screen is an 18-inch display [on the Lenovo ThinkBook 'flip' concept]... The screen can then be folded in half horizontally to create two screens — one on the front and one on the back. The entire display can be folded down flat so the laptop turns into a tablet-like device.
Lenovo also showed off a Yoga Solar PC concept, reports Gizmodo, calling it "relatively thin and light" despite a solar panel in its lid with "a supposed 24% solar conversion rate": Lenovo claims they achieved this by maneuvering the gridlines you usually find on a solar panel behind the solar cells, offering more real estate for energy absorption... Lenovo's software showed the power accumulation at around 7 V when facing away from the sunlight and 12 V when facing toward it. It could get more when getting direct sunlight. Despite the presence of the solar panel, the laptop still weighs a little more than 2.6 pounds, which isn't out of the realm of what to expect from most modern laptops.

We should note that the panel isn't generating the required power to run the PC continuously. Lenovo claimed that 20 minutes of direct sunlight will transform into about one hour of video playback battery life. Depending on the CPU and battery, that could be 1/20 of the laptop's battery life.
CNBC had slightly different statistics for the laptop's battery life. "Lenovo said that the solar panels can absorb even ambient light in a person's surroundings to give a user an extra hour of laptop use at the end of an eight-hour work day..."

An anonymous reader quotes a report from Ars Technica: Amnesty International on Friday said it determined that a zero-day exploit sold by controversial exploit vendor Cellebrite was used to compromise the phone of a Serbian student who had been critical of that country's government. [...] The chain exploited a series of vulnerabilities in device drivers the Linux kernel uses to support USB hardware. "This new case provides further evidence that the authorities in Serbia have continued their campaign of surveillance of civil society in the aftermath of our report, despite widespread calls for reform, from both inside Serbia and beyond, as well as an investigation into the misuse of its product, announced by Cellebrite," authors of the report wrote.

Amnesty International first discovered evidence of the attack chain last year while investigating a separate incident outside of Serbia involving the same Android lockscreen bypass. [...] The report said that one of the vulnerabilities, tracked as CVE-2024-53104, was patched earlier this month with the release of the February 2025 Android Security Bulletin. Two other vulnerabilities -- CVE-2024-53197 and CVE-2024-50302 -- have been patched upstream in the Linux kernel but have not yet been incorporated into Android. Forensic traces identified in Amnesty International's analysis of the compromised phone showed that the Serbian authorities tried to install an unknown application after the device had been unlocked. The report authors said the installation of apps on Cellebrite-compromised devices was consistent with earlier cases the group has uncovered in which spyware tracked as NoviSpy spyware were installed.

As part of the attack, the USB port of the targeted phone was connected to various peripherals during the initial stages. In later stages, the peripherals repeatedly connected to the phone so they could "disclose kernel memory and groom kernel memory as part of the exploitation." The people analyzing the phone said the peripherals were likely special-purpose devices that emulated video or sound devices connecting to the targeted device. The 23-year-old student who owned the phone regularly participates in the ongoing student protests in Belgrade. Any Android users who have yet to install the February patch batch should do so as soon as possible.

Denmark is set to ban mobile phones in schools and after-school clubs, following a government commission's recommendation that children under 13 should not have their own smartphones. The Guardian reports: The government said it would change existing legislation to force all folkeskole -- comprehensive primary and lower secondary schools -- to become phone-free, meaning that almost all children aged between seven and 16-17 will be required by law not to bring their phones into school. The announcement marks a U-turn by the government, which had previously refused to introduce such a law. It comes as governments across Europe are trying to impose tighter regulations on children's access to phones and social media.

The Danish wellbeing commission was set up by the prime minister, Mette Frederiksen, in 2023 to investigate growing dissatisfaction among children and young people. Its long-awaited report, published on Tuesday, raised the alarm over the digitisation of children and young people's lives and called for a better balance between digital and analogue life. Among its 35 recommendations was the need for government legislation banning phones from schools and after-school clubs.

The minister for children and education, Mattias Tesfaye, told Politiken: "There is a need to reclaim the school as an educational space, where there is room for reflection and where it is not an extension of the teenage bedroom." There will be scope for local authorities to make exceptions, including for children with special educational needs, but he said mobile phones and personal tablets "do not belong in school, neither during breaks nor during lessons." He said the government had started preparing a legislative amendment.

AT&T and Verizon have successfully completed their first cellphone-to-satellite video calls using AST SpaceMobile's satellites, marking a significant step toward commercial satellite networks. The Verge reports: Verizon has completed its first cellphone-to-satellite video call, while AT&T has completed its first using satellites that will be used as part of a commercial network. [...] Verizon pulled off "a live video call between two mobile devices with one connected via satellite and the other connected via Verizon's terrestrial network connection," according to a company press release.

In AT&T's case, "AT&T and AST SpaceMobile have successfully completed another video call by satellite to an everyday smartphone over AT&T spectrum," per AT&T's press release. Both phone companies relied on AST's constellation of five BlueBird satellites that were launched last September for the tests. AT&T's initial video call test happened in June 2023.

Apple's Google Lens-like took called Visual Intelligence is coming to the iPhone 15 Pro, according to John Gruber of Daring Fireball. It's unclear which update will offer the feature but Gruber speculates it could arrive with iOS 18.4 in April. From a report: Visual Intelligence was originally introduced with the initial iPhone 16 lineup in September, and Apple showed it off as a feature that you launched from the Camera Control button. But yesterday, Apple announced that Visual Intelligence would be available on the iPhone 16E, which does not have the Camera Control button, through its Action Button.

That suggested that the feature could technically work with the iPhone 15 Pro, which also has an Action Button, and now Apple is confirming that Visual Intelligence will indeed come to that phone and be available via the Action Button. You'll also be able to launch Visual Intelligence from the Control Center on the iPhone 15 Pro, Apple told Gruber.

Apple has launched the iPhone 16E, featuring a 6.1-inch OLED display, Face ID, an A18 chipset, USB-C, 48MP camera, and support for Apple Intelligence. Gone but not forgotten: the home button, Touch ID and 64GB of base storage. The Verge reports: The 16E includes the customizable Action Button, but not the new Camera Control you'll find on the 16 series. It does swap its Lightning port for USB-C, now a requirement for the phone to be sold in the EU. On the inside, there's an A18 chipset, the same chip as the iPhone 16. That makes the 16E powerful enough to run Apple Intelligence, the suite of AI tools that includes notification summaries. Even the non-Pro iPhone 15 can't do that, so the 16E is one of the most capable iPhones out there. Apple has previously confirmed that 8GB RAM was the minimum to get Apple Intelligence support in the iPhone 16 series, so it's likely that the 16E also boasts at least that much memory. It's also been bumped to a baseline of 128GB of storage, meaning there's no longer a 64GB iPhone.

There's only a single 48-megapixel rear camera; the lack of additional cameras is the biggest downgrade compared to the company's other handsets. With support for wireless charging and a water-resistant IP rating, there's little you have to give up elsewhere. The iPhone 16E is also the first iPhone to include a modem developed by Apple itself. The company has spent years trying to move away from modems developed by Qualcomm, and we're finally seeing the fruits of that labor. The big questions now are how well the new modem performs and whether Apple is ready to roll out its own connectivity components in the iPhone 17 line later this year. It's available for Friday starting at $599 with 128GB of storage.

A tech enthusiast has successfully transplanted the internal components of an iPhone SE 3 into the body of a Nokia Lumia 1020 Windows Phone, according to a post on Reddit's r/hackintosh forum. The modification preserves all key functions of the iPhone SE 3, including its 12-megapixel camera, 5G capabilities, and Touch ID sensor, which has been relocated to the back of the device. The project retains the Lumia 1020's distinctive design while upgrading its outdated microUSB port to Apple's Lightning connector.

The creator adapted the Lumia's original camera shutter button to work as a secondary volume control that can trigger photos in the iPhone's camera app. The only significant feature lost in the conversion was the headphone jack.

An anonymous reader quotes a report from VentureBeat: A new startup PIN AI (not to be confused with the poorly reviewed hardware device the AI Pin by Humane) has emerged from stealth to launch its first mobile app, which lets a user select an underlying open-source AI model that runs directly on their smartphone (iOS/Apple iPhone and Google Android supported) and remains private and totally customized to their preferences. Built with a decentralized infrastructure that prioritizes privacy, PIN AI aims to challenge big tech's dominance over user data by ensuring that personal AI serves individuals -- not corporate interests. Founded by AI and blockchain experts from Columbia, MIT and Stanford, PIN AI is led by Davide Crapis, Ben Wu and Bill Sun, who bring deep experience in AI research, large-scale data infrastructure and blockchain security. [...]

PIN AI introduces an alternative to centralized AI models that collect and monetize user data. Unlike cloud-based AI controlled by large tech firms, PIN AI's personal AI runs locally on user devices, allowing for secure, customized AI experiences without third-party surveillance. At the heart of PIN AI is a user-controlled data bank, which enables individuals to store and manage their personal information while allowing developers access to anonymized, multi-category insights -- ranging from shopping habits to investment strategies. This approach ensures that AI-powered services can benefit from high-quality contextual data without compromising user privacy. [...] The new mobile app launched in the U.S. and multiple regions also includes key features such as:

- The "God model" (guardian of data): Helps users track how well their AI understands them, ensuring it aligns with their preferences.
- Ask PIN AI: A personalized AI assistant capable of handling tasks like financial planning, travel coordination and product recommendations.
- Open-source integrations: Users can connect apps like Gmail, social media platforms and financial services to their personal AI, training it to better serve them without exposing data to third parties.
- "With our app, you have a personal AI that is your model," Crapis added. "You own the weights, and it's completely private, with privacy-preserving fine-tuning." Davide Crapis, co-founder of PIN AI, told VentureBeat that the app currently supports several open-source AI models, including small versions of DeepSeek and Meta's Llama. "With our app, you have a personal AI that is your model," Crapis added. "You own the weights, and it's completely private, with privacy-preserving fine-tuning."

You can sign up for early access to the PIN AI app here.

Apple has released emergency security updates for iOS 18.3.1 and iPadOS 18.3.1 to patch a zero-day vulnerability (CVE-2025-24200) that was exploited in "extremely sophisticated," targeted attacks. The flaw, which allowed a physical attack to disable USB Restricted Mode on locked devices, was discovered by Citizen Lab and may have been used in spyware campaigns; users are strongly advised to install the update immediately. BleepingComputer reports: USB Restricted Mode is a security feature (introduced almost seven years ago in iOS 11.4.1) that blocks USB accessories from creating a data connection if the device has been locked for over an hour. This feature is designed to block forensic software like Graykey and Cellebrite (commonly used by law enforcement) from extracting data from locked iOS devices.

In November, Apple introduced another security feature (dubbed "inactivity reboot") that automatically restarts iPhones after long idle times to re-encrypt data and make it harder to extract by forensic software. The zero-day vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab's Bill Marczak) patched today by Apple is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management.

The list of devices this zero-day impacts includes: - iPhone XS and later,
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Today T-Mobile announced what they're calling "the next big thing in wireless" — T-Mobile Starlink. But the real surprise is "The beta is now open for absolutely everyone — yes, even Verizon and AT&T customers — to register for free access until July."

And, as they explained to Americans watching the Super Bowl, "If you can see the sky you're connected." Now in public beta, this breakthrough service, developed in partnership with Starlink, uses straight-out-of-a-sci-fi-movie satellite and mobile communications technology to help keep people connected — even you, Verizon and AT&T customers — in the more than 500,000 square miles of the country unreached by any carrier's earth-bound cell towers. That's nearly the size of two Texases...! The beauty of the service is its simplicity: users don't need to do anything out of the ordinary. When a user's cell phone gets out of range of a cell tower, the phone automatically connects to the T-Mobile Starlink network. No need to manually connect. Messages are sent and received just as they are today on a traditional network, even group texts and reactions. And it works on most smartphones from the last four years. It's not limited to a few smartphones or operating systems...

The beta is free until July at which point T-Mobile Starlink will be included at no extra cost on Go5G Next (including variations like Go5G Next 55+), T-Mobile's best plan. Business customers will also get T-Mobile Starlink at no extra cost on Go5G Business Next, first responder agencies on T-Priority plans and other select premium rate plans. T-Mobile customers on any other plan can add the service for $15/month per line. Through February, T-Mobile customers who have registered for the beta can secure a $10/month per line Early Adopter Discount, 33% off the full price.

AT&T and Verizon customers hate dead zones, too

When your service is amazing and different, you want as many people to try it as possible. T-Mobile is giving AT&T and Verizon customers the opportunity to try out T-Mobile Starlink satellite service on their existing phones... During the beta period, Verizon and AT&T customers can experience T-Mobile Starlink text messaging for free, and once the service launches in July, it will be available for $20/month per line... More details and consumer registration can be found here.

A Vision for Universal Coverage

As T-Mobile and Starlink continue to work towards eliminating mobile deadzones, the companies welcome wireless providers from around the world to join their growing alliance, which aims to provide reciprocal roaming for all participating carriers. So far, KDDI (Japan), Telstra (Australia), Optus (Australia), One NZ (New Zealand), Salt (Switzerland), Entel (Chile & Peru), Rogers (Canada) and Kyivstar (Ukraine) are among the providers that have signed on to join the cause and launch satellite-to-mobile technology. Learn more about the alliance and how providers can join at direct.starlink.com.

Apple plans to unveil a long-anticipated overhaul of the iPhone SE in the coming days, a move that will modernize its lower-cost model in a bid to spur growth and entice consumers to switch from other brands. Bloomberg: The company expects to announce the device as early as next week, ahead of it going on sale later in the month, according to people with knowledge of the matter. [...] The new device, code-named V59, also will be Apple's first with an in-house cellular modem, replacing a component from Qualcomm, Bloomberg News has reported. It will have a larger screen with Face ID and also include a speedier A18 chip, which will help support Apple Intelligence. The removal of the home button from the iPhone SE means that Apple will have fully phased out the iconic interface, which debuted on the first iPhone in 2007.

Longtime Slashdot reader AmiMoJo shares a report from the BBC: Banning phones in schools is not linked to pupils getting higher grades or having better mental wellbeing, the first study of its kind suggests. Students' sleep, classroom behavior, exercise or how long they spend on their phones overall also seems to be no different for schools with phone bans and schools without, the academics found. But they did find that spending longer on smartphones and social media in general was linked with worse results for all of those measures.

The first study in the world to look at school phone rules alongside measures of pupil health and education feeds into a fierce debate that has played out in homes and schools in recent years. [...] The University of Birmingham's findings, peer-reviewed and published by the Lancet's journal for European health policy, compared 1,227 students and the rules their 30 different secondary schools had for smartphone use at break and lunchtimes. The schools were chosen from a sample of 1,341 mainstream state schools in England.

The paper says schools restricting smartphone use did not seem to be seeing their intended improvements on health, wellbeing and focus in lessons. However, the research did find a link between more time on phones and social media, and worse mental wellbeing and mental health, less physical activity, poorer sleep, lower grades and more disruptive classroom behavior. The study used the internationally recognized Warwick-Edinburgh Mental Wellbeing Scales to determine participants' wellbeing. It also looked at students' anxiety and depression levels. Dr Victoria Goodyear, the study's lead author, told the BBC the findings were not "against" smartphone bans in schools, but "what we're suggesting is that those bans in isolation are not enough to tackle the negative impacts."

She said the "focus" now needed to be on reducing how much time students spent on their phones, adding: "We need to do more than just ban phones in schools."