Security

Malware Turns Home Routers Into Proxies For Chinese State-Sponsored Hackers (arstechnica.com) 28

An anonymous reader quotes a report from Ars Technica: Researchers on Tuesday unveiled a major discovery -- malicious firmware that can wrangle a wide range of residential and small office routers into a network that stealthily relays traffic to command-and-control servers maintained by Chinese state-sponsored hackers. A firmware implant, revealed in a write-up from Check Point Research, contains a full-featured backdoor that allows attackers to establish communications and file transfers with infected devices, remotely issue commands, and upload, download, and delete files. The implant came in the form of firmware images for TP-Link routers. The well-written C++ code, however, took pains to implement its functionality in a "firmware-agnostic" manner, meaning it would be trivial to modify it to run on other router models.

The main purpose of the malware appears to relay traffic between an infected target and the attackers' command and control servers in a way that obscures the origins and destinations of the communication. With further analysis, Check Point Research eventually discovered that the control infrastructure was operated by hackers tied to Mustang Panda, an advanced persistent threat actor that both the Avast and ESET security firms say works on behalf of the Chinese government.

The researchers discovered the implant while investigating a series of targeted attacks against European foreign affairs entities. The chief component is a backdoor with the internal name Horse Shell. The three main functions of Horse Shell are: a remote shell for executing commands on the infected device; file transfer for uploading and downloading files to and from the infected device; and the exchange of data between two devices using SOCKS5, a protocol for proxying TCP connections to an arbitrary IP address and providing a means for UDP packets to be forwarded. The SOCKS5 functionality seems to be the ultimate purpose of the implant. By creating a chain of infected devices that establish encrypted connections with only the closest two nodes (one in each direction), it's difficult for anyone who stumbles upon one of them to learn the origin or ultimate destination or the true purpose of the infection. As Check Point researchers wrote:
"Learning from history, router implants are often installed on arbitrary devices with no particular interest, with the aim to create a chain of nodes between the main infections and real command and control," Check Point researchers wrote in a shorter write-up. "In other words, infecting a home router does not mean that the homeowner was specifically targeted, but rather that they are only a means to a goal."
Cellphones

Re-Victimization From Police-Auctioned Cell Phones (krebsonsecurity.com) 31

An anonymous reader quotes a report from KrebsOnSecurity: Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found (PDF). In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold "as-is" from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns. Phones may end up in police custody for any number of reasons -- such as its owner was involved in identity theft -- and in these cases the phone itself was used as a tool to commit the crime. "We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner," the researchers explained in a paper released this month. "Unfortunately, that expectation has proven false in practice."

Beyond what you would expect from unwiped second hand phones -- every text message, picture, email, browser history, location history, etc. -- the 61 phones they were able to access also contained significant amounts of data pertaining to crime -- including victims' data -- the researchers found. [...] Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients.
"We informed [PropertyRoom] of our research in October 2022, and they responded that they would review our findings internally," said Dave Levin, an assistant professor of computer science at University of Maryland. "They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren't wiped."
Iphone

France Opens Investigation Into Apple Over 'Planned Obsolescence' For iPhones (france24.com) 47

According to Agence France-Presse, France has opened an investigation into planned obsolescence of Apple products. From the report: The probe into purported misleading commercial practices and planned obsolescence has been under way since December, the Paris prosecutor's office said. It follows a complaint filed by the Halt Planned Obsolescence (HOP) association.

HOP said it hoped the investigation would demonstrate the iPhone maker was "associating the serial numbers of spare parts to those of a smartphone, including via microchips, giving the manufacturer the possibility of restricting repairs by non-approved repairers or to remotely degrade a smartphone repaired with generic parts." The association called on Apple "to guarantee the right to repair devices under the logic of real circular economy."

AI

iPhones Will Be Able To Speak in Your Voice With 15 Minutes of Training (theverge.com) 63

Apple today previewed a bundle of new features designed for cognitive, vision, hearing, and mobility accessibility. That includes a new Personal Voice feature for people who may lose their ability to speak, allowing them to create "a synthesized voice that sounds like them" to talk with friends or family members. From a report: According to Apple, users can create a Personal Voice by reading a set of text prompts aloud for a total of 15 minutes of audio on the iPhone or iPad. Since the feature integrates with Live Speech, users can then type what they want to say and have their Personal Voice read it to whomever they want to talk to. Apple says the feature uses "on-device machine learning to keep users' information private and secure."

Additionally, Apple is introducing streamlined versions of its core apps as part of a feature called Assistive Access meant to support users with cognitive disabilities. The feature is designed to "distill apps and experiences to their essential features in order to lighten cognitive load." That includes a combined version of Phone and FaceTime as well as modified versions of the Messages, Camera, Photos, and Music apps that feature high contrast buttons, large text labels, and additional accessibility tools.

Google

Pixel Users are Reporting Newest Google App Causes Overheating, Battery Drain (engadget.com) 47

One cellphone owner reports their Pixel 6 Pro "has recently been overheating and excessively draining its battery," reports Endgadget.

"They suspect the culprit is the Google app and an update that began rolling out on May 12th..." And they're not the only ones, judging by comments left in the Reddit and Google support forums. "It just started yesterday. Massive battery usage from Google app and to a lesser degree Android System Intelligence...." one Reddit user wrote. Beyond the battery not lasting the phone is getting really warm so I know it's harming the battery and potentially the CPU."

Those who have tried contacting Google report the company's support staff haven't been very helpful. Some users say rolling back to an older version of the Google app hasn't fixed the problem for them. "Actually ended up with an even older version from May 10, still draining the battery," writes one Redditor. The reader who contacted us suspects the problem may be server-side. "Google app keeps wrecking the battery regardless of version, and I've rolled all the way back to May 1st," they write. "I don't know how to see if the app is trying to call home or on a loop with something like that, but the symptoms remain the same."

Google did not immediately respond to Engadget's comment request.

Cellphones

As Wireless Carriers 'Rip and Replace' Chinese-Made Telecom Equipment, Who Pays? (sanjuandailystar.com) 82

"Deep in a pine forest in Wilcox County, Alabama, three workers dangled from the top of a 350-foot cellular tower," reports the New York Times. "They were there to rip out and replace Chinese equipment from the local wireless network..." As the United States and China battle for geopolitical and technological primacy, the fallout has reached rural Alabama and small wireless carriers in dozens of states. They are on the receiving end of the Biden administration's sweeping policies to suppress China's rise, which include trade restrictions, a $52 billion package to bolster domestic semiconductor manufacturing against China and the divestiture of the video app TikTok from its Chinese owner. What the wireless carriers must do, under a program known as "rip and replace," has become the starkest physical manifestation of the tech Cold War between the two superpowers. The program, which took effect in 2020, mandates that American companies tear out telecom equipment made by the Chinese companies Huawei and ZTE. U.S. officials have warned that gear from those companies could be used by Beijing for espionage and to steal commercial secrets.

Instead, U.S. carriers have to use equipment from non-Chinese companies. The Federal Communications Commission, which oversees the program, would then reimburse the carriers from a pot of $1.9 billion intended to cover their costs. Similar rip-and-replace efforts are taking place elsewhere. In Europe, where Huawei products have been a key part of telecom networks, carriers in Belgium, Britain, Denmark, the Netherlands and Sweden have also been swapping out the Chinese equipment because of security concerns, according to Strand Consult, a research firm that tracks the telecom industry. "Rip-and-replace was the first front in a bigger story about the U.S. and China's decoupling, and that story will continue into the next decade with a global race for A.I. and other technologies," said Blair Levin, a former F.C.C. chief of staff and a fellow at the Brookings Institution.

But cleansing U.S. networks of Chinese tech has not been easy. The costs have already ballooned above $5 billion, according to the F.C.C., more than double what Congress appropriated for reimbursements. Many carriers also face long supply chain delays for new equipment. The program's burden has fallen disproportionately on smaller carriers, which relied more on the cheaper gear from the Chinese firms than large companies like AT&T and Verizon. Given rip-and-replace's difficulties, some smaller wireless companies now say they may not be able to upgrade their networks and continue serving their communities, where they are often the only internet providers. "For many rural communities, they are faced with the disastrous choice of having to continue to use insecure networks that are ripe for surveillance or having to cut off their services," said Geoffrey Starks, a Democratic commissioner at the F.C.C.

Last month, Senator Deb Fischer, a Republican of Nebraska, introduced a bill to close the gap in rip-and-replace funding for carriers... In January, the F.C.C. said it had received 126 applications seeking funding beyond what it could reimburse. Lawmakers had underestimated the costs of shredding Huawei and ZTE equipment, and new equipment and labor costs have risen. The F.C.C. said it could cover only about 40 percent of the expenses. Some wireless carriers immediately paused their replacement efforts. "Until we have assurance of total project funding, this project will continue to be delayed as we await the necessary funding required to build and pay for the new network equipment," United Wireless of Dodge City, Kansas, wrote in a regulatory filing to the F.C.C. in January.

Cellphones

Millions of Mobile Phones Come Pre-Infected With Malware, Say Researchers (theregister.com) 45

Trend Micro researchers at Black Hat Asia are warning that millions of Android devices worldwide come pre-infected with malicious firmware before the devices leave their factories. "This hardware is mainly cheapo Android mobile devices, though smartwatches, TVs, and other things are caught up in it," reports The Register. From the report: This insertion of malware began as the price of mobile phone firmware dropped, we're told. Competition between firmware distributors became so furious that eventually the providers could not charge money for their product. "But of course there's no free stuff," said [Trend Micro researcher Fyodor Yarochkin], who explained that, as a result of this cut-throat situation, firmware started to come with an undesirable feature -- silent plugins. The team analyzed dozens of firmware images looking for malicious software. They found over 80 different plugins, although many of those were not widely distributed. The plugins that were the most impactful were those that had a business model built around them, were sold on the underground, and marketed in the open on places like Facebook, blogs, and YouTube.

The objective of the malware is to steal info or make money from information collected or delivered. The malware turns the devices into proxies which are used to steal and sell SMS messages, take over social media and online messaging accounts, and used as monetization opportunities via adverts and click fraud. One type of plugin, proxy plugins, allow the criminal to rent out devices for up to around five minutes at a time. For example, those renting the control of the device could acquire data on keystrokes, geographical location, IP address and more. "The user of the proxy will be able to use someone else's phone for a period of 1200 seconds as an exit node," said Yarochkin. He also said the team found a Facebook cookie plugin that was used to harvest activity from the Facebook app.

Through telemetry data, the researchers estimated that at least millions of infected devices exist globally, but are centralized in Southeast Asia and Eastern Europe. A statistic self-reported by the criminals themselves, said the researchers, was around 8.9 million. As for where the threats are coming from, the duo wouldn't say specifically, although the word "China" showed up multiple times in the presentation, including in an origin story related to the development of the dodgy firmware. Yarochkin said the audience should consider where most of the world's OEMs are located and make their own deductions.

The team confirmed the malware was found in the phones of at least 10 vendors, but that there was possibly around 40 more affected. For those seeking to avoid infected mobile phones, they could go some way of protecting themselves by going high end. That is to say, you'll find this sort of bad firmware in the cheaper end of the Android ecosystem, and sticking to bigger brands is a good idea though not necessarily a guarantee of safety. "Big brands like Samsung, like Google took care of their supply chain security relatively well, but for threat actors, this is still a very lucrative market," said Yarochkin.

Android

Bluetooth Tags For Android's 3 Billion-Strong Tracking Network Are Here (arstechnica.com) 23

An anonymous reader quotes a report from Ars Technica: After the release of Apple's AirTags, Google suddenly has interest in the Bluetooth tracker market. The company has already quietly rolled out what must be the world's largest Bluetooth tracking network via Android's 3 billion active devices, and now trackers are starting to plug in to that network. Google is taking the ecosystem approach and letting various companies plug in to the Android Bluetooth tracking network, which has the very derivative name of "Find My Device." While these Bluetooth trackers are great for finding your lost car keys on a messy desk, they can also work as worldwide GPS trackers and locate items much farther away, even though they don't have GPS. The IDs of Bluetooth devices are public, so Tile started this whole idea of crowdsourced Bluetooth tracker location, called the "Tile Network." Every phone with the Tile app installed scans Bluetooth devices in the background and, using the phone GPS, uploads their last seen location to the cloud. This location data is only available to the person who owns the Tile, but every Tile user works to scan the environment and upload any Tiles the app can see. [...]

Now, third-party Bluetooth trackers for Android's network are starting to arrive. The two companies that have announced products are Chipolo and Pebblebee, both of which seem to be cloning the Tile line of products. Both offer normal keychain tracker tags and slim credit card format trackers. The worst habits of Tile include making completely disposable products because the batteries can't be changed, but it looks like our clones have mostly avoided that. All of Pebblebee's Find My Device products are rechargeable, which is great, while the Chipolo keychain tracker has a replaceable CR2032 battery. Only the Chipolo wallet tracker is disposable (boo!). All these tags will show up in the Find My Device app, right alongside your Android phones, headphones, and whatever else you have that plugs in to the network. They also have a speaker, like normal, so you can make them ring when you're near them. Both sets of products are up for preorder now.

Android

Android 14 Will Add More Customization To Your Home and Lock Screens 21

At Google I/O on Wednesday, VP of Engineering at Android David Burke new customization features coming to Android 14 later this year. Engadget reports: The tools build on the Material You design system Google introduced in 2021 by allowing users to create a custom wallpaper by picking a few of their favorite emojis. One of the new tools allows you to add up to 14 emojis to a single wallpaper. You can then pick a pattern and a color to bring everything together. Once the wallpaper is on your home screen, the characters will react when you tap on them. If you want something more sentimental, there's a separate option to create "Cinematic" wallpapers. The feature uses on-device neural networks to animate your favorite photos. Once the photo is on your home screen, tilting your device will cause it to move, giving the image more depth and life than it would have had you not used the new feature. Burke said both cinematic and emoji wallpapers would arrive on Pixel devices next month.

Come the fall, Google will also introduce a built-in AI image generator within Android's customization menu. You can use the tool to create wallpapers you can't find online. It comes with pre-populated prompts you can tweak to make the process of guiding the AI easier. Once you add an AI wallpaper to your home screen, Android's Material You system will automatically color-match all the user interface elements, including any app icons, so they don't clash with one another. Android 14 will further augment those tools with the addition of new clocks and shortcuts you can add to your lock screen. And if colors aren't your thing, Google also plans to add a new monochromatic theme for those who prefer a more understated look. At I/O, Burke also previewed Magic Compose, a Messages feature that will use Google's generative AI technology to write texts for you. The tool comes with multiple style settings you can use to give your messages a different flair. Google plans to beta test Magic Compose this summer. Separately, Google said after the keynote that Android 14 will add support for Ultra HDR, allowing for photos that feature more vivid colors and detailed shadows.
Encryption

Inside the Italian Mafia's Encrypted Phone of Choice (vice.com) 75

An anonymous reader shares an excerpt from a collaborative investigation between Motherboard, lavialibera, and IrpiMedia: Mafioso Bartolo Bruzzaniti needed everyone to do their job just right. First, the Colombian suppliers would hide a massive amount of cocaine inside bananas at the port city of Turbo, Colombia. That shipping container would then be transported across the ocean to Catania, in Sicily, Italy. A corrupt port worker on the mafia's payroll would wave the shipment through and had advised the group how to package the drugs. This was so the cocaine could remain undetected even if the worker was forced to scan the shipment. Another group of on-the-ground mafiosos would then unload the cocaine outside of the port.

In March 2021, Bruzzaniti, an alleged member of the infamous 'Ndrangheta mafia group and who says Milan belongs to him "by right," asked his brother Antonio to go fetch something else crucial to the traffickers' success. "Go right now," Bruzzaniti wrote in a text message later produced in court records. "It's needed urgently." Investigators know what Bruzzaniti said because European authorities had penetrated an encrypted phone network called Sky and harvested around a billion of the users' messages. These phones are the technological backbone of organized crime around the world.

The thing Antonio needed to urgently fetch was a phone from a different encrypted phone network, one that the authorities appear to have not compromised and which the mafia have been using as part of their operations. To that phone, a contact sent one half of the shipping container's serial number. A reporting collaboration between Motherboard, lavialibera, and IrpiMedia has identified that encrypted phone as being run by a company called No. 1 Business Communication (No. 1 BC). The investigation has found members of the mafia and other organized crime groups turning to No. 1 BC as authorities cracked down on other platforms. The collaboration has identified multiple key players in No. 1 BC's development, sales, and legal structure. "Take the bc1 right away," Bruzzaniti wrote in another text, referring to the No. 1 BC phone.

Android

Google Unveils Pixel 7a With Tensor G2, 90Hz Display and 64MP Camera (gsmarena.com) 16

Google has launched the Pixel 7a for $499, featuring a 6.1-inch OLED display at 90Hz, Tensor G2 chip with 8GB RAM, and 64MP main camera. The Pixel 7a nearly matches the flagship Pixel 7 on specs but starts at a lower price. GSMArena.com reports: Yes, the 7a marks several firsts for the Pixel a series. For starters, its 6.1" OLED display now runs at 90Hz, the same refresh rate as the Pixel 7 (though that one has a slightly larger 6.3" display). The resolution is FHD+ and you get Gorilla Glass 3 protection. Speaking of protection, the phone is rated IP67 for dust and water resistance. It has a metal frame and a plastic back -- Google notes that it used recycled aluminum, glass and plastic to build the phone. For example, the visor is 100% recycled aluminum. Available colors are Charcoal, Sea and Snow.

Another major upgrade is the switch to the Tensor G2 chipset, which is now paired with 8GB of LPDDR RAM (up from 6GB on the 6a) and 128GB UFS 3.1 storage. This is the same configuration as the Pixel 7, so the a-phone will be just as fast at the various computational tasks. Also, note that Google is promising 5 years of security updates. Among them is the Super Res Zoom (up to 8x), which is enabled by the new 64MP camera (up from 12MP). The ultra wide camera has a 13MP sensor and a f/2.2 lens that is blessed with Dual Pixel autofocus. The front-facing camera was also bumped up to 13MP with a fixed-focus lens (f/2.2). The rear camera can record 5K video at up to 60fps, the front one tops out at 4K at 30fps.

The Pixel 7a supports sub-6GHz and mmWave flavors of 5G, though only models for select regions will have mmWave enabled. This is a dual-SIM device with one physical nano-SIM and one eSIM. The 7a is powered by a 4,385mAh battery that supports up to 18W wired charging and for the first time on an a-phone wireless charging is available too -- also at 18W. Note that the port on the bottom is USB-C 3.2 Gen 2, but the retail box comes only with a USB C-to-C cable with USB 2.0 wiring (and you have to supply your own charger).
You can order the Pixel 7a via the Google Store.
Iphone

Apple Reports Better-Than-Expected Quarter Driven By iPhone Sales (cnbc.com) 17

Apple reported stronger-than-anticipated iPhones sales in its second-fiscal quarter earnings report today.

"The highlight of Apple's report was iPhone sales, which grew from the year-ago quarter even as the broader smartphone industry contracted nearly 15% during the same time," reports CNBC, citing an IDC estimate. "IPhone revenue grew 2% during the quarter, suggesting that parts shortages and supply chain issues that had hampered the product for the last few years, including an iPhone factory shutdown late last year, had finally abated." From the report: Here's how the company did versus Wall Street expectations per Refinitiv consensus expectations:

EPS: $1.52 vs. $1.43 expected
Revenue: $94.84 billion vs. $92.96 billion expected
Gross margin: 44.3% vs. 44.1% expected

Apple reported $24.16 billion in net income during the quarter versus $25.01 billion last year. Overall revenue was down 3% from last year's $97.28 billion in sales.

Here's how Apple's individual product lines did versus StreetAccount consensus expectations:

iPhone revenue: $51.33 billion vs. $48.84 billion expected
Mac revenue: $7.17 billion vs. $7.80 billion expected
iPad revenue: $6.67 billion vs. $6.69 billion expected
Other Products revenue: $8.76 billion vs. $8.43 billion expected
Services revenue: $20.91 billion vs. $20.97 billion expected

Security

Apple Releases Its First Rapid-Fire Security Updates for iPhone, iPad and Mac (engadget.com) 26

Apple promised faster turnaround times for security patches with iOS 16 and macOS Ventura, and it's now delivering on that claim. From a report: The company has released its first Rapid Security Response updates for devices running iOS 16.4.1, iPadOS 16.4.1 and macOS 13.3.1. They're available through Software Update as usual, but are small downloads that don't require much time to install. MacRumors says the fix is deploying over the course of 48 hours, so don't be surprised if you have to wait a short while.
Wireless Networking

Are Public Wifi and Phone Chargers Actually Safe? (msn.com) 85

The Washington Post's "Tech Friend" newsletter suggests some "tech fears you can stop worrying about." And it starts by reasuring readers, "You're fine using the WiFi in a coffee shop, hotel or airport. "Yes, it is safe," said Chester Wisniewski, a digital security specialist with the firm Sophos. Five or 10 years ago, it wasn't secure to use the shared WiFi in a coffee shop or another place outside your home. But now, most websites and apps scramble whatever you do online. That makes it tough for crooks to snoop on you when you're connected to public WiFi. It's not impossible, but criminals have easier targets.

Even Wisniewski, whose job involves sensitive information, said he connected to the WiFi at the airport and hotel on a recent business trip. He plans to use the WiFi at a conference in Las Vegas attended by the world's best computer hackers. Wisniewski generally does not use an extra layer of security called a VPN, although your company might require it. He avoids using WiFi in China.

You should be wary of public WiFi if you know you're a target of government surveillance or other snooping. But you are probably not Edward Snowden or Brad Pitt... For nearly all of us and nearly all of the time, you can use public WiFi without stress.

The newsletter also suggests we stop worrying about public phone chargers. ("Security experts told me that 'juice jacking' is extremely unlikely... Don't worry about the phone chargers unless you know you're being targeted by criminals or spies.")

Beyond that, "Focus your energy on digital security measures that really matter" — things like using strong and unique passwords for online accounts. ("This is a pain. Do it anyway.") And it calls two-factor authentication possibly the single best thing you can do to protect yourself online.
Wireless Networking

Tokyo Has 20x As Much Wi-Fi As It Needs (theregister.com) 39

An anonymous reader quotes a report from The Register: Tokyo has five million Wi-Fi access points -- and that's 20 times what the city needs, because they're reserved for private use, according to NTT. The Japanese tech giant proposes sharing the fleet to cope with increased demand for wireless comms without adding more hardware. NTT says it's successfully tested network sharing with a scheme that starts by asking operators of Wi-Fi access points or other connections if they're open to sharing their bandwidth and allowing random netizens to connect. In return they get a share of revenue from those connections.

Under the scheme, netizens search for available networks and, as they connect, a contract would be executed allowing a link to be made. That contract would use Ethereum Proof of Authority to verify identities and initiate the back-end billing arrangements before allowing signed-up users and devices to join private networks. The operator of the Wi-Fi access point gets paid, the punter gets a connection, and everything's on a blockchain so the results can be read for eternity. [...] If this all scales, NTT estimates Tokyo won't need to add any more Wi-Fi access points or private 5G cells, even as demand for connectivity increases. The company also suggests it can enable networks to scale without requiring commensurate increases in energy consumption, and that spectrum will also be freed for other uses.

Cellphones

Motorola Unveils Co-Branded Lenovo 'ThinkPhone' (theverge.com) 40

The Lenovo ThinkPhone by Motorola is being launched today in the U.S. for $699. It's the first co-branded phone from Motorola that arrives nine years after Lenovo purchased the Motorola brand for $2.91 billion. According to The Verge, the smartphone offers "a suite of productivity features designed to work with ThinkPad laptops." From the report: The ThinkPhone has a lot of the same stuff as a mainstream flagship phone, even though it's priced just below the likes of the $799 Samsung Galaxy S23. It comes with a big 6.6-inch 1080p OLED with up to 144Hz refresh rate. Build quality is quite sturdy with an aluminum frame, Gorilla Glass on the front panel, and Lenovo's signature textured aramid fiber back panel for a softer touch. The whole device is IP68 rated for strong dust and water resistance, and it's also MIL-STD-810H compliant to protect against falls and more extreme conditions.

In addition to the ThinkPad-like look and feel, there's a red key on the side of the phone in a nod to Lenovo's classic keyboard nub. You can customize it to a degree: a double-press can be assigned one of the phone's ThinkPad integration features, while a single-press can act as an app shortcut. Some apps will even let you launch certain features -- mapping it to the "Pay" screen of the Starbucks app could save you a lot of embarrassing fumbling at the register, for example.
The ThinkPhone is available first to enterprise customers, with general availability on April 28th via Motorola.com.
Communications

AT&T Helps Complete the First 'Space-Based Voice Call' Using a Standard Smartphone (engadget.com) 34

Satellite manufacturer AST SpaceMobile partnered with AT&T to make the first two-way audio call using satellites with a standard smartphone. "The initial call was placed using AT&T's networks in Midland, Texas, to mobile carrier Ratuken in Japan on an unmodified Samsung Galaxy S22 smartphone using AST SpaceMobile's BlueWalker 3 satellite," reports Engadget. AST SpaceMobile claims to be building "the first and only space-based cellular broadband network." From the report: AT&T aims to use satellites to provide global cellular broadband from 2G to 5G. "Achieving what many once considered impossible, we have reached the most significant milestone to date in our quest to deliver global cellular broadband from space," Abel Avellan, CEO and chairman of AST SpaceMobile, said in a release. "While we take a moment to celebrate this tremendous accomplishment, we remain focused on the path ahead and pivotal next steps that get us closer to our goal of transforming the way the world connects."

It's unclear whether satellite access would come at an extra cost. In AT&T's original AST SpaceMobile partnership announcement, the company couldn't say whether existing plans would include satellite coverage. [...] While satellite offerings aren't available for consumers yet, this successful test brings widespread access one step closer to becoming a reality.

Wireless Networking

Google Fi Gets Third Rebrand In 8 Years (arstechnica.com) 33

Google Fi, Google's cellular service, is getting its third rebrand in eight years. Ars Technica reports: First it was Project Fi, then Google Fi, and now it's "Google Fi Wireless." It also has its third logo, and this one's kind of clever: It's an "F" styled to look like sideways signal bars and in Google's trademark rainbow colors. There is also now a free trial mode. Google is harnessing the power of remotely configurable eSIMs to give anyone with an eSIM-compatible phone a seven-day/10GB free trial of Google Fi. That makes it easy to run around and test coverage.

Google Fi is a mobile virtual network operator (MVNO) -- a cellular reseller -- of T-Mobile's network, so whatever your T-Mobile coverage is like, that's what Fi is like. Google says that during the trial, "We'll give you a new Fi number to try out on your phone, but your current number will still work. During the trial, you can choose between Fi or your current network whenever you're calling, texting, or using mobile data." You'll need to enter a credit card for the trial, and after seven days, you'll be automatically billed on a $50 "Simply Unlimited" plan. Google notes you can cancel immediately (this is just one or two taps inside the app) and will still get the seven-day trial.

Cellphones

Google To Launch Its First Foldable Phone, the 'Pixel Fold,' In June (techcrunch.com) 47

At Google I/O on May 10th, Google will launch its first foldable smartphone, "challenging Samsung's market-leading foldable phone business," reports CNBC. From the report: The Pixel Fold, known internally by the codename "Felix," will have the "most durable hinge on a foldable" phone, according to the documents. It will cost upward of $1,700 and compete with Samsung's $1,799 Galaxy Z Fold 4. Google plans to market the Pixel Fold as water-resistant and pocket-sized, with an outside screen that measures 5.8 inches across, according to the documents. Photos viewed by CNBC show that the phone will open like a book to reveal a small tablet-sized 7.6-inch screen, the same size as the display on Samsung's competitor. It weighs 10oz, slightly heavier than the Samsung Galaxy Z Fold 4, but it has a larger battery that Google says will last for 24 hours, or up to 72 hours in a low power mode.

The Pixel Fold is powered by Google's Tensor G2 chip, according to the documents. That's the same processor that launched in the Pixel 7 and Pixel 7 Pro phones last year.

Security

NSO Hacked iPhones Without User Clicks in 3 New Ways, Researchers Say (washingtonpost.com) 24

Israeli spyware maker NSO Group deployed at least three new "zero-click" hacks against iPhones last year, finding ways to penetrate some of Apple's latest software, researchers at Citizen Lab have discovered. From a report: The attacks struck phones with iOS 15 and early versions of iOS 16 operating software, Citizen Lab said in a report Tuesday. The lab, based at the University of Toronto, shared its results with Apple, which has now fixed the flaws that NSO had been exploiting. It's the latest sign of NSO's ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists.

While it is unsettling to civil rights groups that NSO was able to come up with multiple new means of attack, it did not surprise them. "It is their core business," said Bill Marczak, a senior researcher at Citizen Lab. "Despite Apple notifying targets, and the Commerce Department putting NSO on a blacklist, and the Israeli ministry cracking down on export licenses -- which are all good steps and raising costs -- NSO for the moment is absorbing those costs," Marczak said. Given the financial and legal fights NSO is involved in, Marczak said it was an open question how long NSO could keep finding or buying new exploits that are effective.

Slashdot Top Deals