David Pierce writes via The Verge: In the summer of 2019, Kevin Moody and Dennis Xu started meeting with investors to pitch their new app. They had this big idea about reshaping the way users' personal information moves around the internet, coalescing all their data into a single tool in a way that could actually work for them. But they quickly ran into a problem: all of their mock-ups and descriptions made it seem like they were building a note-taking app. And even in those hazy early days of product development -- before they had a prototype, a design, even a name -- they were crystal clear that this would not be a note-taking app. Instead, the founders wanted to create something much bigger. It would encompass all of your notes but also your interests, your viewing history, your works-in-progress. "Imagine if you had a Google search bar but for all nonpublic information," Xu says. "For every piece of information that was uniquely relevant to you."

That's what Moody and Xu were actually trying to build. So they kept tweaking the approach until it made sense. At one point, their app was going to be called NSFW, a half-joke that stood for "Notes and Search for Work," and for a while, it was called Supernote. But after a few meetings and months, they eventually landed on the name "Mem." Like Memex, a long-imagined device that humans could use to store their entire memory. Or like, well, memory. Either way, it's not a note-taking app. It's more like a protocol for private information, a way to pipe in everything that matters to you -- your email, your calendar events, your airline confirmations, your meeting notes, that idea you had on the train this morning -- and then automatically organize and make sense of it all. More importantly, it's meant to use cutting-edge AI to give all that information back to you at exactly the right time and in exactly the right place. [...]

So far, Mem is mostly a note-taking app. It's blisteringly fast and deliberately sparse -- mostly just a timeline of every mem (the company's parlance for an individual note) you've ever created or viewed, with a few simple ways to categorize and organize them. It does tasks and tags, but a full-featured project manager or Second Brain system this is not. But if you look carefully, the app already contains a few signs of where Mem is headed: a tool called Writer that can actually generate information for you, based on both its knowledge of the public internet and your personal information; AI features that summarize tweet threads for you; a sidebar that automatically displays mems related to what you're working on. All this still barely scratches the surface of what Mem wants to do and will need to do to be more than a note-taking app...

An anonymous reader quotes a report from Bloomberg: Apple has limited the AirDrop wireless file-sharing feature on iPhones in China after the mechanism was used by protesters to spread images to other iPhone owners. AirDrop allows the quick exchange of files like images, documents or videos between Apple devices. The latest version -- iOS 16.1.1, released Wednesday -- caps the window in which users can receive files from non-contacts at 10 minutes. The previous options didn't limit the time involved. Users could choose to get files from everyone, no one or just their contacts. After the 10-minute period expires, the system reverts to the mode where files can only be received from contacts. That means that individuals won't be able to get an AirDrop transfer from a stranger without actively turning on the feature in the preceding few minutes. It makes it harder for anyone seeking to distribute content and reach people in a discreet manner.

Apple made the change to AirDrop on iPhones sold in China. The shift came after protesters in the country used the service to spread posters opposing Xi Jinping and the Chinese government. The use of AirDrop to sidestep China's strict online censorship has been well-documented over the past three years and was highlighted again recently. Apple didn't comment on why the change was introduced in China, but said that it plans to roll out the new AirDrop setting globally in the coming year. The idea is to mitigate unwanted file sharing, the company said.

"Apple is working on a big change to how its Siri voice assistant works," reports the blog 9 to 5 Mac: While you currently have to say "Hey Siri" to activate the assistant hands-free, that may not be the case for much longer. Bloomberg reports today that Apple engineers are working to drop the "Hey" part of the phrase, so you'd only have to say "Siri" followed by a command to activate the assistant...

In the latest edition of his Power On newsletter, Bloomberg's Mark Gurman says that this is "a technical challenge that requires a significant amount of AI training and underlying engineering work." Apple has reportedly been working on this change for the last several months and hopes to roll it out either next year or in 2024 depending on the progress of development and testing....

Doing so would match what's offered by Amazon, where you simply have to say "Alexa" to trigger the assistant, not "Hey Alexa."
Although long-time Slashdot reader cstacy complains that already, "I can no longer discuss Amazon Alexa, because she hears just 'Alexa' and wakes up... That's not a feature, that's a bug! Not sure why Apple and Google would want to replicate that."

The Intercept reports that protesters in Iran "have often been left wondering how the government was able to track down their locations or gain access to their private communications — tactics that are frighteningly pervasive but whose mechanisms are virtually unknown."

But The Intercept now has evidence of a new possibility: While disconnecting broad swaths of the population from the web remains a favored blunt instrument of Iranian state censorship, the government has far more precise, sophisticated tools available as well. Part of Iran's data clampdown may be explained through the use of a system called "SIAM," a web program for remotely manipulating cellular connections made available to the Iranian Communications Regulatory Authority. The existence of SIAM and details of how the system works, reported here for the first time, are laid out in a series of internal documents from an Iranian cellular carrier that were obtained by The Intercept.

According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests — or those of tomorrow — an expert who reviewed the SIAM documents told The Intercept.

"SIAM can control if, where, when, and how users can communicate," explained Gary Miller, a mobile security researcher and fellow at the University of Toronto's Citizen Lab. "In this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest."
Thanks to long-time Slashdot reader mspohr for submitting the article.

An anonymous reader quotes a report from Android Authority: It's been five years since the advent of the eSIM card on smartphones, and yet the computer in our pockets is still tied down to a plastic tab that hasn't changed all that much since its debut in 1991. What gives? [...] An eSIM-enabled phone can store multiple SIM cards on the device. It makes switching networks as simple as switching your Wi-Fi network, and that's anything but convenient for mobile operators. For users in areas with spotty connectivity or rural networks, easier switching to alternative operators means loss of business for major players like Verizon or AT&T. In markets like India, dual-wielding SIM cards for better data, voice, or preferential rates are exceptionally common. Taking away the friction involved in changing physical SIM cards carries the risk of losing a customer, and it's no secret that operators have been dragging their feet to avoid that.

Theoretically, setting up an eSIM on any network should be as straightforward as pointing your camera at a QR code and activating a line. In practice, that's rarely true. Verizon's support page suggests that Android users need to call up a support desk to activate an eSIM. iPhone users have it slightly easier and can directly add the line to the phone through Verizon's website. Meanwhile, Vodafone requires you to install an app. Finally, the likes of Airtel India ask you to play a game of the fastest finger first by requiring an SMS response within 60 seconds to proceed with adding an eSIM to your line. None of these are as simple as just popping out a tray and plopping in your SIM card.

Meanwhile, as internet-based calling, texting, and video messaging become the norm, carriers are left with increasingly few add-ons to increase revenues. Tack on sky-high spectrum prices for resources like 5G and eSIMs become even less enticing to carriers. Tangential features like premium-priced international roaming plans are yet another profit driver that eSIMs circumvent. When done right, getting started with an international eSIM can be a simple two to three-click process to get you onboarded and ongoing. My colleague Rita and I have had a fantastic experience with travel eSIM services like Airalo. When I tried out Airalo earlier this year, the process took just a few taps indicating that there was no real reason for eSIMs to be complicated. However, for most operators, that just isn't the case. While hard to quantify, this needless friction has certainly hampered consumer perception of eSIMs.

Long-time Slashdot reader UnderAttack writes: IoT devices are often stitched together from various odd libraries and features. The SANS Internet Storm Center has a story about a cat feeder that not only appears to reach out to Baidu.com every five minutes but also uses a vulnerable DNS library that uses repeating query ids allowing for simple spoofing not seen since the early dark years of DNS
The article, by a SANS.edu dean of research, concludes that "Some networking libraries use 'baidu.com' for internet connectivity checks. Even if the DNS lookup succeeds, there is no actual outbound connection in this case. The device is happy as long as an IP address is returned."

Samsung is starting to roll out a "Maintenance Mode" feature for its phones that's designed to keep your messages, photos, info, and accounts safe when you're getting your phone repaired. The Verge reports: According to Samsung's press release, Maintenance Mode basically creates a separate user account that will let someone access "core functions" of the phone without being able to see any of your data. That means a repair tech will still be able to test your phone, but you won't have to worry about them seeing anything they shouldn't. Once you get your phone back, you can unlock it to turn off Maintenance Mode, which will also undo anything that was done while the phone was being repaired (e.g., test photos will be erased, new apps will be uninstalled, and settings changes will be reversed).

Samsung says the feature will be "gradually rolling out over the next few months" to select phones running the Android 13-based One UI 5 -- if you want an idea of when your phone might be getting that update, check out this article. It'll also roll out to "more Galaxy devices" throughout next year. The company does warn, however, that the "timing of availability may vary by market, model and network provider," as updates can take a while to filter through carriers.

The availability of Comcast's promised internet speed boosts has a catch: users need to purchase a $25-per-month xFi Complete add-on. Ars Technica reports: "As markets launch, Xfinity Internet customers who subscribe to xFi Complete will have their upload speeds increased between 5 and 10 times faster," an announcement last week said. "xFi Complete includes an xFi gateway, advanced cybersecurity protection at home and on the go, tech auto-upgrades for a new gateway after three years, and wall-to-wall Wi-Fi coverage with an xFi Pod [Wi-Fi extender] included if recommended. Now, another benefit of xFi Complete is faster upload speeds."

Comcast is deploying the speed upgrade in the Northeast US over the next couple of months. Plans with 10Mbps upload speeds will get up to 100Mbps upload speeds once the new tiers roll out in your region -- if you pay for xFi Complete. Comcast told Ars that faster upload speeds will come to customer-owned modems "later next year" but did not provide a more specific timeline. There is a cheaper way to get the same xFi Gateway with Wi-Fi 6E, as Comcast offers the option to rent that piece of hardware for $14 a month. But Comcast is only making the upload boost available to those who subscribe to the pricier xFi Complete service. While the standard monthly rate for xFi Complete is $25, new customers who sign up by December 31 can get it for $20 monthly during the first year of service.

We asked Comcast today if there's any technical reason it can't deliver the higher upload speeds on customer-owned equipment. A company spokesperson responded that Comcast is working on bringing faster uploads to non-Comcast modems. "We intend to extend the experience to customer-owned modems later next year and are working through the technical requirements as we learn," Comcast said. "We started offering it with our own equipment first and now are working through how to extend to customer-owned equipment." Comcast also said that giving the upload boost to xFi Complete customers first follows its "typical validate, test, and certification process for a new network innovation." But if the reasons for limiting the upload boost to Comcast hardware initially are purely technical instead of revenue-based, it's not clear why people who rent the gateway for $14 a month shouldn't get the same benefit.

"Google is giving Apple a taste of its own medicine," reports Business Insider, arguing that the latest update to Android's messaging app "is going to make texting between iPhone and Androids even more annoying than it already is." [Alternate URL] The updates are great if you're an Android user. Google Messages' new features include the ability to reply to individual messages, star them, and set reminders on texts. But these features and some other updates to Messages are RCS-enabled, meaning they're not going to be very compatible with SMS, which is the texting standard that iMessage switches to when messaging someone without an iPhone. iPhones exchange messages using iMessage, Apple's proprietary messaging system, but revert to SMS when texting an Android.

One feature that's part of Google's payback to Apple is that now, when Messages users react to an SMS text with an emoji, iPhone users will get a text saying the other person reacted to their text with a description of whatever emoji the person used. It's similar to when iMessage users react to an SMS text, with the recipient getting a "so and so loved" message instead of seeing the heart emoji reaction.... In August, Android launched a page on its website calling Apple out for refusing "to adopt modern texting standards when people with iPhones and Android phones text each other." The page has buttons that take users to Twitter to tweet at Apple to "stop breaking my texting experience. #GetTheMessage" with a link to Android's page urging Apple to "fix texting."

"We would much prefer that everybody adopts RCS which has the capability to support proper reactions," Jan Jedrzejowicz, Google Messages product manager, said in a briefing before the Messages updates were announced. "But in the event that's not possible or hasn't happened yet, this feels like the next best thing." Recently, Apple CEO Tim Cook said he doesn't get a lot of feedback from iPhone users that Apple needs to fix messaging between iPhones and Androids. Apple doesn't have much incentive to do so, either. In legal documents from a 2021 lawsuit between Epic Games and Apple, an Apple executive said "Moving iMessage to Android will hurt us more than help us."

Vice reports: Sure, you may be trying to cut down on screen time by tracking your minutes in an app on the very same smartphone you're trying to unplug from, but how about a smartphone that doesn't even have a screen to stare at in the first place? Enter MyManu's Titan screenless smartphone...

Titan is a set of eSim-enabled, voice controlled earbuds with embedded live voice translation.... So, what can you do with a "screenless smartphone, anyway? According to MyManu, you can make calls, send messages, listen to music or other streamed content, and even translate speech into over 30 languages using its built-in MyJune app — so basically, all of the "phone" parts of having a smartphone minus the hours of fucking around on apps, games, and social media.
Its web site promises the phone allows you to:

• Interact without constant screen glare
• Get better sleep, reduce eyestrain and headaches
• Reduce anxiety
• Avoid nasty bacteria or viruses [from constantly touching your screen]

The downside?

There's no screen....

"Everyone visiting Qatar for the World Cup needs to install spyware on their phone," writes security researcher Bruce Schneier. His comments are in response to an article from the Norwegian Broadcasting Corporation (NRK), reporting: Everyone traveling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar. In particular, the covid-19 app Ehteraz asks for access to several rights on your mobile., like access to read, delete or change all content on the phone, as well as access to connect to WiFi and Bluetooth, override other apps and prevent the phone from switching off to sleep mode.

The Ehteraz app, which everyone over 18 coming to Qatar must download, also gets a number of other accesses such as an overview of your exact location, the ability to make direct calls via your phone and the ability to disable your screen lock. The Hayya app does not ask for as much, but also has a number of critical aspects. Among other things, the app asks for access to share your personal information with almost no restrictions. In addition, the Hayya app provides access to determine the phone's exact location, prevent the device from going into sleep mode, and view the phone's network connections. It remains to be seen whether Qatar will strictly enforce the installation of these apps. "I know people who visited Saudi Arabia when that country had a similarly sketchy app requirement," says Schneier. "Some of them just didn't bother downloading the apps, and were never asked about it at the border."

Following increased U.S. export controls against working with Chinese companies, Apple has halted plans to use YMTC chips in the iPhone. AppleInsider reports: According to Nikkei Asia, YMTC flash memory is at least 20% cheaper than that of rivals, and the company's 128-layer 3D NAND chips are the most advanced by a Chinese company. They remain reportedly one or two generations behind the chips made by Micron and Samsung, both of which are known to be working with Apple. Nikkei Asia claims that Apple had completed is months-long testing and verification. Political pressure and criticism from US policymakers made it abandon the plan.

"The products have been verified, but they did not go into the production lines when mass production of the new iPhone began," an unspecified source told Nikkei Asia. Reportedly, the intention had been to initially use YMTC chips only for iPhones being sold in China. Another unnamed source, though, claimed that Apple was considering ultimately buying 40% of all its worldwide iPhone NAND flash memory from the company. "YMTC is government-subsidized so they can really outprice competitors," said another source.

AmiMoJo shares a report from MacRumors: iOS 16 continues to leak data outside an active VPN tunnel, even when Lockdown mode is enabled, security researchers have discovered. Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that iOS 16's approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel.

According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and iOS 16. Mysk and Bakry have now discovered that iOS 16 communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user's knowledge.

Mysk and Bakry also investigated whether iOS 16's Lockdown mode takes the necessary steps to fix this issue and funnel all traffic through a VPN when one is enabled, and it appears that the exact same issue persists whether Lockdown mode is enabled or not, particularly with push notifications. This means that the minority of users who are vulnerable to a cyberattack and need to enable Lockdown mode are equally at risk of data leaks outside their active VPN tunnel. [...] Due to the fact that iOS 16 leaks data outside the VPN tunnel even where Lockdown mode is enabled, internet service providers, governments, and other organizations may be able to identify users who have a large amount of traffic, potentially highlighting influential individuals. It is possible that Apple does not want a potentially malicious VPN app to collect some kinds of traffic, but seeing as ISPs and governments are then able to do this, even if that is what the user is specifically trying to avoid, it seems likely that this is part of the same VPN problem that affects iOS 16 as a whole.

Apple AirTags "are allowed on Lufthansa flights," Lufthansa announced this week — the opposite of their position last Sunday, remembers SFGate: The airline insisted the tech was "dangerous" and referred to International Civil Aviation Organization guidelines (set by the United Nations's specialized agency that recommends air transport policy) stipulating that baggage trackers are subject to the dangerous goods regulations. ["Furthermore, due to their transmission function, the trackers must be deactivated during the flight if they are in checked baggage," Lufthansa added on Twitter, "and cannot be used as a result"]
Ars Technica reports on the public relations debacle that then ensued: Outcry, close reading of the relevant sections (part 2, section C) of ICAO guidelines, and accusations of ulterior motives immediately followed. AppleInsider noted that the regulations are meant for lithium-ion batteries that could be accidentally activated; AirTag batteries are not lithium-ion, are encased, and are commonly used in watches, which have not been banned by any airline. The site also spoke with "multiple international aviation experts" who saw no such ban in ICAO regulations. One expert told the site the ban was "a way to stop Lufthansa from being embarrassed by lost luggage...."

Numerous people pointed out that Lufthansa, in its online World Shop, sells Apple AirTags. One Ars staffer noted that Lufthansa had previously dabbled in selling a smart luggage tag, one that specifically used RFID and BLE to program an e-ink display with flight information. On Tuesday, Apple told numerous publications that it, too, disagreed with Lufthansa's interpretation. It went unsaid but was strongly implied that a company that is often the world's largest by revenue would take something like air travel regulations into consideration when designing portable find-your-object devices....

Representatives from the Federal Aviation Administration and Transportation Security Administration said early this week that Bluetooth-based trackers were allowed in checked luggage. The European Union Aviation Safety Agency said its regulations could "not in itself ban or allow" trackers, but airlines could determine their own guidelines.

On Wednesday, Lufthansa walked back the policy under the cover of "The German Aviation Authorities (Luftfahrtbundesamt)," which the airline said in a tweet "shared our risk assessment, that tracking devices with very low battery and transmission power in checked luggage do not pose a safety risk." This would seem to imply either that Lufthansa was acting on that authority's ruling without having previously mentioned it, or that Lufthansa had acted on its own and has now found an outside actor to approve their undoing.

Apple keeps on losing court battles in Brazil over its decision to stop shipping iPhones with a charger. From a report: The Sao Paulo state court has ruled against the tech giant and slapped it with a 100 million real ($19 million) fine in a lawsuit filed by the Brazilian Consumers' Association, a group of borrowers, consumers and taxpayers. In addition, the court has ordered Apple to supply all customers in Brazil who purchased the iPhone 12 or 13 over the past couple of years with a charger, as well as to start including them with all new purchases. Apple, as you'd expect, told the news organization that it will appeal the decision. According to Barron's, the judge in charge of the case called the non-inclusion of chargers in phone purchases an "abusive practice" that "requires consumers to purchase a second product in order for the first to work." Apple has been at odds with Brazilian authorities over the issue for a while now. In 2021, Sao Paulo consumer protection agency Procon-SP fined Apple around $2 million for removing the power adapter from the iPhone 12, telling the company that it was in violation of Brazil's Consumer Defense Code.

An anonymous reader quotes a report from Phys.Org: More than five billion of the estimated 16 billion mobile phones possessed worldwide will likely be discarded or stashed away in 2022, experts said Thursday, calling for more recycling of the often hazardous materials they contain. Stacked flat on top of each other, that many disused phones would rise 50,000 kilometers (30,000 miles), more than a hundred times higher than the International Space Station, the WEEE research consortium found. Despite containing valuable gold, copper, silver, palladium and other recyclable components, almost all these unwanted devices will be hoarded, dumped or incinerated, causing significant health and environmental harm.

"Smartphones are one of the electronic products of highest concern for us," said Pascal Leroy, Director General of the WEEE Forum, a not-for-profit association representing forty-six producer responsibility organizations. "If we don't recycle the rare materials they contain, we'll have to mine them in countries like China or Congo," Leroy told AFP. Many of the five billion phones withdrawn from circulation will be hoarded rather than dumped in the trash, according to a survey in six European countries from June to September 2022. This happens when households and businesses forget cell phones in drawers, closets, cupboards or garages rather than bringing them in for repair or recycling. Up to five kilos (8 pounds) of e-devices per person are currently hoarded in the average European family, the report found.

According to the new findings, 46 percent of the 8,775 households surveyed considered potential future use as the main reason for hoarding small electrical and electronic equipment. Another 15 percent stockpile their gadgets with the intention to sell them or giving them away, while 13 percent keep them due to "sentimental value." "People tend not to realize that all these seemingly insignificant items have a lot of value, and together at a global level represent massive volumes," said Pascal Leroy. "But e-waste will never be collected voluntarily because of the high cost. That is why legislation is essential."

An anonymous reader quotes a report from The Register: On June 8, 2020, an individual claiming to be billionaire film producer and philanthropist Sidney Kimmel contacted brokerage Charles Schwab by phone and stated that he had uploaded a wire disbursement form using the service's secure email service. The only problem was the call apparently came from prison. Still, the caller made reference to a transfer verification inquiry earlier that day by his wife -- a role said to have been played by a female co-conspirator. The individual allegedly posing as Kimmel had contacted a Schwab customer service representative three days earlier -- on June 5, 2020 -- about opening a checking account, and was told that a form of identification and a utility bill would be required. On June 6, a co-conspirator is alleged to have provided a picture of Kimmel's driver's license and a Los Angeles Water and Power utility bill. According to court documents [PDF] filed by the US Attorney's Office in the Northern District of Georgia, the uploaded documents consisted of a request for funds to be wired to an external bank and a forged letter of authorization -- both of which appeared to be signed by Kimmel.

On June 9, satisfied that Kimmel had been adequately authenticated, the brokerage sent $11 million from Kimmel's Schwab account to a Zions Bank account for Money Metal Exchange, LLC, an Eagle, Idaho-based seller of gold coins and other precious metals. The real Kimmel had no knowledge of the transaction, which resulted in the purchase of 6,106 American Eagle gold coins. The individual who orchestrated the fraudulent purchase of the coins is alleged to have hired a private security firm on June 13, 2020 to transport the coins from Boise, Idaho to Atlanta, Georgia on a chartered plane. An associate of the fraudster allegedly took possession of the coins three days later. All the while the alleged mastermind, Arthur Lee Cofield Jr, was incarcerated in a maximum security prison in Butts County, Georgia, according to the government. Cofield is serving a 14-year sentence for armed robbery and is also under indictment in Fulton County, Georgia for attempted murder.

The day after the coins were purchased, prison staff are said to have searched Cofield's cell and recovered a blue Samsung cellphone hidden under his arm. The prison forensic unit apparently determined that Cofield had been using an account on free voice and messaging service TextNow and matched the phone number with calls made to Money Metals Exchange. On December 8, 2020, a federal grand jury indicted Cofield and two co-conspirators for conspiracy to commit bank fraud and money laundering. Cofield's attorney, Steven Sadow, subsequently sought to suppress the cellphone evidence on Fourth Amendment grounds, arguing that the warrantless search of the device by prison officials was unrelated to the legitimate function of prison security and maintenance. The government said otherwise, insisting that Cofield does not have standing to contest the search, having no "legitimate expectation of privacy in the contents of a contraband cell phone." The judge overseeing the case sided with the government [PDF] and certified the case to proceed to trial.

An anonymous reader quotes a report from The Register: Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. Greg Linares, a security researcher, recently recounted an incident that he said occurred over the summer at a US East Coast financial firm focused on private investment. He told The Register that he was not involved directly with the investigation but interacted with those involved as part of his work in the finance sector. In a Twitter thread, Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network.

The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device. "This led the team to the roof, where a 'modified DJI Matrice 600' and a 'modified DJI Phantom' series were discovered," Linares explained. The Phantom drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing, according to Linares. The Matrice drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable. "During their investigation, they determined that the DJI Phantom drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi," Linares said. "This data was later hard coded into the tools that were deployed with the Matrice."

According to Linares, the tools on the drones were used to target the company's internal Confluence page in order to reach other internal devices using the credentials stored there. The attack, he said, had limited success and is the third cyberattack involving a drone he's seen over the past two years. "The attackers specifically targeted a limited access network, used by both a third-party and internally, that was not secure due to recent changes at the company (e.g. restructuring/rebranding, new building, new building lease, new network setup or a combination of any of these scenarios)," Linares told The Register. "This is the reason why this temporary network unfortunately had limited access in order to login (credentials + MAC security). The attackers were using the attack in order to access an internal IT confluence server that contained other credentials for accessing other resources and storing IT procedures." [...] While the identity of the attacker has not been disclosed, Linares believes those responsible did their homework. "This was definitely a threat actor who likely did internal reconnaissance for several weeks, had physical proximity to the target environment, had a proper budget and knew their physical security limitations," he said.

Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled. BleepingComputer reports: The data being leaked outside VPN tunnels includes source IP addresses, DNS lookups, HTTPS traffic, and likely also NTP traffic. This behavior is built into the Android operating system and is a design choice. However, Android users likely didn't know this until now due to the inaccurate description of the "VPN Lockdown" features in Android's documentation. Mullvad discovered the issue during a security audit that hasn't been published yet, issuing a warning yesterday to raise awareness on the matter and apply additional pressure on Google.

Android offers a setting under "Network & Internet" to block network connections unless you're using a VPN. This feature is designed to prevent accidental leaks of the user's actual IP address if the VPN connection is interrupted or drops suddenly. Unfortunately, this feature is undercut by the need to accommodate special cases like identifying captive portals (like hotel WiFi) that must be checked before the user can log in or when using split-tunnel features. This is why Android is configured to leak some data upon connecting to a new WiFi network, regardless of whether you enabled the "Block connections without VPN" setting.

Mullvad reported the issue to Google, requesting the addition of an option to disable connectivity checks. "This is a feature request for adding the option to disable connectivity checks while "Block connections without VPN" (from now on lockdown) is enabled for a VPN app," explains Mullvad in a feature request on Google's Issue Tracker. "This option should be added as the current VPN lockdown behavior is to leaks connectivity check traffic (see this issue for incorrect documentation) which is not expected and might impact user privacy." In response to Mullvad's request, a Google engineer said this is the intended functionality and that it would not be fixed for the following reasons:

- Many VPNs actually rely on the results of these connectivity checks to function,
- The checks are neither the only nor the riskiest exemptions from VPN connections,
- The privacy impact is minimal, if not insignificant, because the leaked information is already available from the L2 connection.

Mullvad countered these points and the case remains open.

UPDATE: Lufthansa has since reversed their position, and now says Apple AirTags "are allowed on Lufthansa flights, according to SFGate. But only after their earlier remarks stirred up a lot of consternation.

Slashdot's original story appears below:


Citing rules issued by the International Civil Aviation Organization (ICAO), German airliner Lufthansa says it is banning activated Apple AirTags from luggage "as they are classified as dangerous and need to be turned off." Slashdot reader AmiMoJo first shared the news with us. The New York Times reports: Lufthansa, a German airline, set off confusion recently after telling passengers that they could not use trackers like Apple AirTags in checked baggage because of international guidelines for personal electronic devices. Apple rejected that interpretation on Tuesday, saying its trackers comply with all regulations. It does not appear that any other airlines are requiring passengers to turn off the trackers, which have become popular as a way to find lost baggage.

Lufthansa found itself in the middle of the issue when reports surfaced in the German news media that the devices were prohibited. Though Lufthansa said it has no desire to prohibit the devices that it deemed safe, the airline seems to have stepped in a mess based on the reading of obscure international guidelines and regulations, with no clear consensus on what is and is not allowed in Europe.

Lufthansa said on Sunday on Twitter that the trackers must be deactivated in checked baggage on its flights, citing the International Civil Aviation Organization's guidelines for dangerous goods as well as the trackers' "transmission function." Shutting off the trackers renders them useless. The airline has not issued a specific policy prohibiting baggage trackers. Rather, it says it is at the mercy of the rules. On Tuesday, the airline said it was "in close contact with the respective institutions to find a solution as quickly as possible." It also indicated its own examination saw no danger from their use. "The Lufthansa Group has conducted its own risk assessment with the result that tracking devices with very low battery and transmission power in checked luggage do not pose a safety risk," said Martin Leutke, a Lufthansa spokesman. "We have never issued a ban on devices like that. It is on the authorities to adapt regulations that right now limit the use of these devices for airline passengers in checked luggage."

In its statement, Apple said that AirTags are "compliant with international airline travel safety regulations for carry-on and checked baggage."