Elon Musk touted SpaceX's plan to use Starlink for in-flight Wi-Fi, saying in a tweet on Thursday that the service could add "low latency ~half gigabit connectivity in the air!" CNBC reports: Starlink is the company's plan to build an interconnected internet network with thousands of satellites, known in the space industry as a constellation, designed to deliver high-speed internet to consumers anywhere on the planet. SpaceX has launched 1,740 Starlink satellites to date, and the network has more than 100,000 users in 14 countries who are participating in a public beta, with service priced at $99 a month.

Airlines work with satellite broadband providers for inflight Wi-Fi, with Viasat and Intelsat -- the latter of which purchased Gogo's commercial aviation business -- two such companies that add connectivity on flights by airlines including Delta, JetBlue, American Airlines and United. But, while existing services use satellites in distant orbits, Starlink satellites orbit closer to the Earth and could boost the speeds that passengers see inflight. SpaceX Vice President Jonathan Hofeller earlier this year said that the company is "in talks with several" airlines about adding Starlink in-flight Wi-Fi, noting that it has an "aviation product in development." Hofeller also emphasized that Starlink "provides a global mesh," so that "airlines are flying underneath that global mesh have connectivity anywhere they go."

Apple is likely to slash its projected iPhone 13 production targets for 2021 by as many as 10 million units as prolonged chip shortages hit its flagship product. Bloomberg reports: The company had expected to produce 90 million new iPhone models in the last three months of the year, but it's now telling manufacturing partners that the total will be lower because Broadcom and Texas Instruments are struggling to deliver enough components [...]. The technology giant is one of the world's largest chip buyers and sets the annual rhythm for the electronics supply chain. But even with strong buying power, Apple is grappling with the same supply disruptions that have wreaked havoc on industries around the world. Major chipmakers have warned that demand will continue to outpace supply throughout next year and potentially beyond. Apple gets display parts from Texas Instruments, while Broadcom is its longtime supplier of wireless components. One TI chip in short supply for the latest iPhones is related to powering the OLED display. Apple also is facing component shortages from other suppliers.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table.

It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

Ken Pillonel, a robotics engineer on YouTube, replaced an iPhone's Lightning port with a working USB-C port. AppleInsider reports: In a YouTube Short titled "World's First USB-C iPhone," Ken Pillonel claims to have installed the component into the iPhone X, replacing Lightning in the process. In the video, the iPhone is said to receive power via the connection, as well as being able to handle data transfers over a USB-C cable. In the description of the video, Pillonel says he reverse-engineered Apple's C94 connector, in order to make a PCB with a female USB-C port. After the schematics were set in place, it then became a challenge to shrink it down and install it into an iPhone.

Pillonel has spent a few months on his creation, with a blog post from May showing the thinking behind the replacement, and the challenges of replacing the Lightning port itself. A video at that time showed a DIY prototype that worked and laid out the work ahead to make it small enough to work within an iPhone enclosure. A late September update advised he had designed and ordered a flexible PCB, a key component in enabling the port switch to occur. He adds a future video is in production, explaining how the board was made and squeezed into the iPhone itself.

Google executive Hiroshi Lockheimer has called on Apple to adopt the Rich Communication Services (RCS) protocol that would enable improved and more secure messaging between iPhone and Android devices. From a report: RCS brings a number of modern features -- including support for audio messages, group chats, typing indicators and read receipts -- and end-to-end encryption to traditional text messaging. But it's unlikely Apple will play ball.

[...] Lockheimer, senior vice president for Android, has encouraged the company to change its mind. In response to a tweet about how group chats are incompatible between iPhone and Android devices, Lockheimer said, "group chats don't need to break this way. There exists a Really Clear Solution." "Here's an open invitation to the folks who can make this right: we are here to help." Lockheimer doesn't mention Apple specifically, but it's clear that the "folks" he is referring to are those in Cupertino, who have been against RCS.

An anonymous reader quotes a report from Motherboard: [O]rganizers and programmers with the Mycelium Mesh Project are [...] designing a decentralized, off-grid mesh network for text communications that could be deployed quickly during government-induced blackouts or natural disasters. Mesh networks, a form of intranet distributed across various nodes rather than a central internet provider, have the potential to decrease our collective reliance on telecommunication conglomerates like Spectrum and Verizon. During a civil unrest situation, government operatives could theoretically disconnect established commercial mesh networks by raiding activists' homes and destroying their nodes or super nodes. The Mycelium Mesh Project is addressing this potential weak link by developing a system that could be deployed at a moment's notice in non-locations, such as on abandoned buildings, tree tops, electric boxes and utility poles.

Nodes would be cheap, run independently of the power grid, and could be produced with materials that can be obtained locally. So far, the collective has successfully sent and received text messages across thirteen miles during field testing around Atlanta, Georgia with nodes powered by rechargeable batteries harvested from disposable vapes. [...] The Mycelium Mesh Project is still in its relatively early stages of development. Messages aren't encrypted -- a necessary feature for activists -- and the model isn't ready for long-range use. But developers are hopeful that their open-source model will promote cooperation amongst like-minded coders. "The network that we all use will work pretty much fine in 99.9% of the cases. But then when it doesn't, it's a real big problem," Marlon Kautz, an organizer and developer with the project, told Motherboard. "The authorities' control over our communications infrastructure can just completely determine what is politically possible in a situation where the future is really up for grabs, where people are making a move to change things in a serious and radical way."

"This is anti-capitalist work, which is non-commercial. We are not trying to start a business," Kautz explained. "We're explicitly trying to take advantage of open source type concepts. So not not only do we want the code that we're developing to be open source, but our entire production model will be."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.

Apple, Google, Sony, Zoom, PayPal and several other tech companies as well as scores of banks have cautioned customers and partners in India to expect a surge in declined transactions as the world's second-largest internet market's central bank enforces a new directive for the way recurring payments are processed in the country. From a report: The Reserve Bank of India's directive, which goes into effect on Friday, requires banks, financial institutions and payment gateways to obtain additional approval for auto-renewables transactions worth over 5,000 Indian rupees ($67) from users by conducting notifications, e-mandates and Additional Factors of Authentication (AFA). The directive impacts all such transactions for debit cards as well as credit cards. The Reserve Bank of India said in the original circular in 2019, that the framework was designed to serve as "a risk mitigant and customer facilitation measure," adding that the issuer processing such transactions "shall send a pre-transaction notification to the customer, at least 24 hours prior to the actual charge by SMS or email, as per the customer's preferences."

With the recent release of iOS 15, Apple appears to have made some changes to Siri functionality that have removed features relied on by low vision and blind iPhone users. MacRumors reports: Several Siri commands that provide details on phone calls, voicemails, and sending emails no longer appear to be working. The following commands used to be functional, but have recently been removed: Do I have any voicemails?, Play my voicemail messages, Check my call history, Check my recent calls, Who called me?, Send an email, and Send an email to [person]. Over the last two weeks, we've received several emails from iPhone users who are missing this key Siri functionality, or their relatives who are attempting to help them navigate the changes. The Siri feature removals have also been documented on the AppleVis forums for blind and low vision users of Apple products. Asking Siri to provide details on recent phone calls or voicemails results in the following response: "I can't help with that, but you can ask me to open the Phone app."

Asking about email garners a similar response about Siri being unable to help. It's worth noting that it's still possible to ask Siri to play the most recent voicemail message that's available, or a voicemail from a specific person, but Siri will not read out a list of all the available voicemails. The Siri commands seem to have disappeared when iOS 15 was released, but iOS 14 users are also not able to use them anymore so it's not an issue tied to iOS 15.

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. Threatpost reports: An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.'s National Cyber Security Centre (NCSC). But Visa, for its part, said that Apple Pay payments are secure and that any real-world attacks would be difficult to carry out.

The team explained that fraudulent tap-and-go payments at card readers can be made using any iPhone that has a Visa card set up in "Express Transit" mode. Express Transit allows commuters around the world, including those riding the New York City subway, the Chicago El and the London Underground, to tap their phones on a reader to pay their fares without unlocking their devices. "An attacker only needs a stolen, powered-on iPhone," according to a writeup (PDF) published this week. "The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge. The attacker needs no assistance from the merchant."

This attack is made possible by a combination of flaws in both Apple Pay and Visa's systems, the academic team noted. "The details of this vulnerability have been disclosed to Apple (Oct 2020) and to Visa (May 2021)," according to the writeup. "Both parties acknowledge the seriousness of the vulnerability, but have not come to an agreement on which party should implement a fix." "Variations of contactless-fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world," Visa said in a statement to the BBC, adding that its fraud-detection systems would flag any suspicious transactions. Apple meanwhile shifted the responsibility to Visa and told the outlet, "We take any threat to users' security very seriously. This is a concern with a Visa system, but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa's zero-liability policy." The researchers say users can protect themselves by not using Visa as a transport card in Apple Pay, and if they do, by remotely wiping the device if lost or stolen. The bug does not affect other types of payment cards or payment systems.

New submitter thegreatnick writes: The next generation of Fairphone -- an attempt to make an ethical smartphone -- has been announced with the Fairphone 4. The base specs include a Qualcomm Snapdragon 750G SoC, 6GB of RAM, and 128GB of storage (upgradeable to 8GB and 256GB). On the front, you'll get a 6.3-inch, 2340x1080 LCD display with slimmer bezels (compared to the Fairphone 3 design) and a teardrop notch for the 25-megapixel front camera. The 3,905mAh battery is Qualcomm Quick Charge 4.1 compatible, so if you have a compatible USB-C charger (not included in the box to reduce waste) you can take the battery from 0-50% in 30 minutes. The phone ships with Android 11 and has a side-mounted fingerprint reader in the power button, a MicroSD slot, and the option for dual-SIM usage via one physical nanoSIM and an eSIM.

Continuing Fairphone's progress in making a "fair" supply chain -- both ethically-clean raw materials and paying workers a fair wage -- it also describes the 4 as "e-waste neutral." This is a neat way of summing up the idea that the company will recycle one device for every Fairphone 4 it sells. In addition, Fairphone can boast that it now uses 70% "fair" materials inside the handset, including FairTrade Gold and Silver, aluminum from ASI-certified vendors, and a backplate made from 100% post-consumer recycled polycarbonate. In an upgrade to previous models, the Fairphone 4 has dual cameras, though it loses the headphone jack. The company says this was to achieve an IP54 waterproof rating (light splashes) -- a first for the Fairphone brand. It's also been announced that it will come with an industry-leading 5-year warranty and aims to get 6 years of software updates for the phone.

Eero and Ring -- two Amazon-owned companies -- have teamed up to produce a home security system that incorporates an Eero router inside. Engadget reports: Ring COO Mike Harris said that the decision to work with Eero was not one foisted down from upon high by Amazon. Instead, Harris said that both companies saw the opportunity to work together to help leverage their individual skills in tandem. To take advantage of the technology, you'll need to sign up to Ring's new subscription product, dubbed Protect Pro. The package offers cloud video storage, professional monitoring, Alexa Guard Plus, 24/7 backup internet for your security devices (via an LTE module in the Ring Pro base station) and Eero's cybersecurity subscription product for network protection. This, at least in the US as it launches, will set you back $20 a month, or $200 per year per location up front.

At the same time, Ring is launching a system dubbed "Virtual Security Guard," which connects users to third-party security guards. You'll need to pay for that separately, but you can hand over access to select Ring camera feeds to those companies who can keep a watch over your property. It is only when motion is detected that an operator can access your feed, and can speak to whoever is there to determine their intentions. Ring adds that third parties can't view motion events when the camera is disarmed, and can't download, share or save the clips of what's going on in your front yard. The first company to sign up for the program is Rapid Response, with others expected to join in the near future. The Virtual Security Guard service will require you to apply for early access, but the Ring Alarm Pro can be pre-ordered today for $250. (Since this isn't a Slashvertisement, we won't include a link to the product; you'll have to search for it yourself. Sorry not sorry.)

An anonymous reader shares a report from Daring Fireball, written by John Gruber: Chaim Gartenberg, writing for The Verge, "The Lightning Port Isn't About Convenience; It's About Control": "Notably absent from Apple's argument, though, is the fact that cutting out a Lightning port on an iPhone wouldn't just create more e-waste (if you buy Apple's logic) or inconvenience its customers. It also means that Apple would lose out on the revenue it makes from every Lightning cable and accessory that works with the iPhone, Apple-made or not -- along with the control it has over what kinds of hardware does (or doesn't) get to exist for the iPhone and which companies get to make them. Apple's MFi program means that if you want to plug anything into an iPhone, be it charger or adapter or accessory, you have to go through Apple. And Apple takes a cut of every one of those devices, too." Gartenberg summarizes a commonly-held theory here: that Apple is sticking with its proprietary Lightning port on iPhones because they profit from MFi peripherals. That it's a money grab.

I don't think this is the case at all. Apple is happy to keep the money it earns from MFi, of course. And they're glad to have control over all iPhone peripherals. But I don't think there's serious money in that. It's loose-change-under-the-couch-cushion revenue by Apple's astonishingly high standards. How many normal people do you know who ever buy anything that plugs into a Lightning port other than a USB cable? And Apple doesn't make more money selling their own (admittedly overpriced) Lightning cables to iPhone owners than they do selling their own (also overpriced) USB-C cables to iPad Pro and MacBook owners. My theory is that Apple carefully weighs the pros and cons for each port on each device it makes, and chooses the technologies for those ports that it thinks makes for the best product for the most people. "What makes sense for the goals of this product that we will ship in three years? And then the subsequent models for the years after that?" Those are the questions Apple product designers ask.

The sub-head on Gartenberg's piece is "The iPhone doesn't have USB-C for a reason". Putting that in the singular does not do justice to the complexity of such decisions. There are numerous reasons that the iPhones 13 still use Lightning -- and there are numerous reasons why switching to USB-C would make sense. The pro-USB-C crowd, to me, often comes across as ideological. I'm not accusing Gartenberg of this -- though it is his piece with the sub-head claiming there's "a" singular reason -- but many iPhones-should-definitely-use-USB-C proponents argue as though there are no good reasons for the iPhone to continue using Lightning. That's nonsense. To be clear, I'm neither pro-Lightning nor pro-USB-C. I see the trade-offs. If the iPhones 13 had switched to USB-C, I wouldn't have complained. But I didn't complain about them not switching, either. You'll note that in none of my reviews of iPad models that have switched from Lightning to USB-C in recent years have I complained about the switch. Apple, to my eyes, has been managing this well. But, if the iPhones 13 had switched to USB-C, you know who would have complained? Hundreds of millions of existing iPhone users who have no interest in replacing the Lightning cables and docks they already own. "In 15 generations of iPhones, Apple has changed the connector once. And that one time was a clear win in every single regard," adds Gruber. "Changing from Lightning to USB-C is not so clearly an upgrade at all. It's a sidestep."

Regardless of which side you take on this debate, it's inevitable that Apple iPhones will adopt USB-C. Last week, the executive arm of the European Union, the European Commission, announced plans to force smartphone and other electronics manufacturers to fit a common USB-C charging port on their devices. The rules are intended to cut down on electronic waste by allowing people to re-use existing chargers and cables when they buy new electronics. Unless Apple plans to skip out on the European market or pay a potentially steep fine for refusing to adopt the port, they'll likely give into the pressure and release a USB-C-equipped iPhone by the time this law goes into effect in late 2023 or 2024.

EFF.org has the story: For the last month, civil liberties and human rights organizations, researchers, and customers have demanded that Apple cancel its plan to install photo-scanning software onto devices. This software poses an enormous danger to privacy and security. Apple has heard the message, and announced that it would delay the system while consulting with various groups about its impact. But in order to trust Apple again, we need the company to commit to canceling this mass surveillance system.

The delay may well be a diversionary tactic. Every September, Apple holds one of its big product announcement events, where Apple executives detail the new devices and features coming out. Apple likely didn't want concerns about the phone-scanning features to steal the spotlight.

But we can't let Apple's disastrous phone-scanning idea fade into the background, only to be announced with minimal changes down the road. To make sure Apple is listening to our concerns, EFF turned to an old-school messaging system: aerial advertising.

During Apple's event, a plane circled the company's headquarters carrying an impossible-to-miss message: "Apple, don't scan our phones!" The evening before Apple's event, protestors also rallied nationwide in front of Apple stores. The company needs to hear us, and not just dismiss the serious problems with its scanning plan. A delay is not a cancellation, and the company has also been dismissive of some concerns, referring to them as "confusion" about the new features.

Apple's iMessage is one of the preeminent end-to-end encrypted chat clients. End-to-end encryption is what allows users to exchange messages without having them intercepted and read by repressive governments, corporations, and other bad actors. We don't support encryption for its own sake: we fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

Now that Apple's September event is over, Apple must reach out to groups that have criticized it and seek a wider range of suggestions on how to deal with difficult problems, like protecting children online...

The world, thankfully, has moved towards encrypted communications over the last two decades, not away from them, and that's a good thing. If Apple wants to maintain its reputation as a pro-privacy company, it must continue to choose real end-to-end encryption over government demands to read user's communication.

Privacy matters now more than ever. It will continue to be a selling point and a distinguishing feature of some products and companies. For now, it's an open question whether Apple will continue to be one of them.

At Microsoft's Surface event today, the company announced its Surface Duo 2 dual-screen Android smartphone, featuring a trio of new cameras, a faster processor, larger displays, and support for 5G. The company also unveiled a successor to the Surface Book line of laptops, the Surface Laptop Studio, as well as the Surface Pro 8. From a report: The first-generation of the Duo made a splash thanks to its unique design. While the original Duo had no exterior screen at all, the Duo 2 now has a sliver of screen called the Glance Bar that peeks out from where its displays come together and provides you with the time and notifications when the Duo is closed. Microsoft has seemingly addressed a number of the original Duo's shortcomings with its Duo 2. One of the biggest issues with the first-generation version was its lack of any truly capable camera. [...] This time around, Microsoft has outfitted the Surface Duo 2 with a trio of external cameras. Like Apple's iPhone and Samsung's Galaxy line of smartphones, the Duo 2 gets a wide-angle camera, an ultra-wide angle camera, and a telephoto camera. There's also a dedicated night photography mode, 2x optical zoom with the telephoto lens, and the ability to record 4K video at 60 frames per second.

As for the occasionally sluggish performance, the Duo 2 should have that sorted out. This time around, Microsoft has dropped Qualcomm's latest Snapdragon 888 processor into the Duo 2, which means the phone should run as smoothly and quickly as any of the leading smartphones on the market. What's more, the Duo 2 gets 8GB of RAM and 128GB, 256GB, or 512GB of storage. On top of that, the Surface Duo 2 gets 5G connectivity, something that was conspicuously absent from the first-generation Duo.

The Duo 2 also gets two larger displays this time around. Rather than two 5.1-inch panels, the Duo 2 gets two 5.3-inch screens that open up to an 8.3-inch display that you can use to move your apps across or as a single canvas for more expansive apps. [...] The gist of the Surface Duo 2 is that two screens are better than one. To that end, Microsoft has combined two panels with a hinge to make an Android-powered device that lets you not only use both displays at the same time, but also seamlessly move apps and content between them. That capability will cost you a pricey $1,499 when the Duo 2 hits store shelves. It's available for pre-order today.

Lithuania's Defense Ministry recommended that consumers avoid buying Chinese mobile phones and advised people to throw away the ones they have now after a government report found the devices had built-in censorship capabilities. From a report: Flagship phones sold in Europe by China's smartphone giant Xiaomi have a built-in ability to detect and censor terms such as "Free Tibet", "Long live Taiwan independence" or "democracy movement", Lithuania's state-run cybersecurity body said on Tuesday. The capability in Xiaomi's Mi 10T 5G phone software had been turned off for the "European Union region", but can be turned on remotely at any time, the Defence Ministry's National Cyber Security Centre said in the report. "Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible," Defence Deputy Minister Margiris Abukevicius told reporters in introducing the report.

The European Commission will on Thursday present a legislative proposal for a common charger for mobile phones, tablets and headphones, a move likely to affect iPhone maker Apple more than its rivals, Reuters reported on Tuesday, citing a person familiar with the matter. From the report: The European Union executive and EU lawmakers have been pushing for a common charger for over a decade, saying it would be better for the environment and more convenient for users. The Commission wants the sale of chargers to be decoupled from devices, and also propose a harmonised charging port, the person said. Apple, whose iPhones are charged from its Lightning cable, has said rules forcing connectors to conform to one type could deter innovation, create a mountain of electronic waste and irk consumers.

On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes. From a report: In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year. "Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded with $5,000," the researcher wrote on Twitter last week. [...] Because of the unprofessional way Apple handled his bug report, the researcher published today a variation of the same bypass, but this time one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock. Further reading: Apple Pays Hackers Six Figures To Find Bugs in Its Software. Then It Sits On their Findings.

Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand.

A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15. Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.

A man who the Department of Justice says unlocked AT&T customers' phones for a fee was sentenced to 12 years in prison, in what the judge called "a terrible cybercrime over an extended period," which allegedly continued even after authorities were on to the scheme. The Verge reports: According to a news release from the DOJ, in 2012, Muhammad Fahd, a citizen of Pakistan and Grenada, contacted an AT&T employee via Facebook and offered the employee "significant sums of money" to help him secretly unlock AT&T phones, freeing the customers from any installment agreement payments and from AT&T's service. Fahd used the alias Frank Zhang, according to the DOJ, and persuaded the AT&T employee to recruit other employees at its call center in Bothell, Washington, to help with the elaborate scheme. Fahd instructed the AT&T employees to set up fake businesses and phony bank accounts to receive payments, and to create fictitious invoices for deposits into the fake accounts to create the appearance that money exchanged as part of the scheme was payment for legitimate services.

In 2013, however, AT&T put into place a new unlocking system which made it harder for Fahd's crew to unlock phones' unique IMEI numbers, so according to the DOJ he hired a developer to design malware that could be installed on AT&T's computer system. This allegedly allowed him to unlock more phones, and do so more efficiently. The AT&T employees working with Fahd helped him access information about its systems and other employees' credentials, allowing his developer to tailor the malware more precisely, the DOJ said. A forensic analysis by AT&T showed Fahd and his helpers fraudulently unlocked more than 1.9 million phones, costing the company more than $200 million. Fahd was arrested in Hong Kong in 2018 and extradited to the US in 2019. He pleaded guilty in September 2020 to conspiracy to commit wire fraud.