Necklaces and accessories claiming to "protect" people from 5G mobile networks have been found to be radioactive. The BBC reports: The Dutch authority for nuclear safety and radiation protection (ANVS) issued a warning about ten products it found gave off harmful ionizing radiation. It urged people not to use the products, which could cause harm with long-term wear. [...] The products identified included an "Energy Armor" sleeping mask, bracelet and necklace. A bracelet for children, branded Magnetix Wellness, was also found to be emitting radiation.

"Don't wear it any more, put it away safely and wait for the return instructions," the ANVS said in a statement. "The sellers in the Netherlands known to the ANVS have been told that the sale is prohibited and must be stopped immediately, and that they must inform their customers about this." The ANVS has published a full list of the products it identified as radioactive on its website. Further reading: Worried About 5G's Health Effects? Don't Be

wiredmikey shares a report from SecurityWeek: Security researchers at Google's Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations. If that makes you scratch your head, that was exactly the reaction from Google's premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group's Pegasus surveillance tool on iPhones.

"We assess this to be one of the most technically sophisticated exploits we've ever seen," Google's Ian Beer and Samuel Grob wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia. In its breakdown, Project Zero said the exploit effectively created "a weapon against which there is no defense," noting that zero-click exploits work silently in the background and does not even require the target to click on a link or surf to a malicious website. "Short of not using a device, there is no way to prevent exploitation by a zero-click exploit," the research team said.

The researchers confirmed the initial entry point for Pegasus was Apple's proprietary iMessage that ships by default on iPhones, iPads and macOS devices. By targeting iMessage, the NSO Group hackers needed only a phone number of an AppleID username to take aim and fire eavesdropping implants. Because iMessage has native support for GIF images (especially those that loop endlessly), Project Zero's researchers found that this expanded the attack surface and ended up being abused in an exploit cocktail that targeted a security defect in Apple's CoreGraphics PDF parser. Within Apple's CoreGraphics PDF parser, the NSO exploit writers abused Apple's implementation of the open-source JBIG2, a domain specific image codec designed to compress images where pixels can only be black or white. Describing the exploit as "pretty terrifying," Google said the NSO Group hackers effectively booby-trapped a PDF file, masquerading as a GIF image, with an encoded virtual CPU to start and run the exploit. Apple patched the exploit in September and filed a lawsuit seeking to hold NSO Group accountable.

Major U.S. air carriers warned on Wednesday that plans by AT&T and Verizon to use spectrum for 5G wireless services could be highly disruptive to air travel and cost air passengers $1.6 billion annually in delays. Reuters reports: Trade group Airlines for America (A4A) said if a new Federal Aviation Administration (FAA) directive for addressing potential interference from wireless transmissions had been in effect in 2019 "approximately 345,000 passenger flights, 32 million passengers, and 5,400 cargo flights would have been impacted in the form of delayed flights, diversions, or cancellations." At a hearing Wednesday, senators urged airlines to work to find a resolution. United Airlines CEO Scott Kirby said the 5G wireless issue "is the biggest and most damaging potential issue facing us. We want nothing more than to work to a solution." Southwest Airlines Chief Executive Gary Kelly said the FAA directive "would significantly impact our operations once it is deployed on Jan. 5." The wireless carriers are set to begin using the spectrum in just three weeks. Last week, the FAA issued new airworthiness directives warning interference from 5G wireless spectrum could result in flight diversions.

The aviation industry and FAA have raised significant concerns about potential interference of 5G with sensitive aircraft electronics like radio altimeters. In November, AT&T and Verizon agreed to delay the commercial launch of C-band wireless service until Jan. 5 after the FAA raised concerns. They also adopted precautionary measures for six months to limit interference. The FAA directives order revising airplane and helicopter flight manuals to prohibit some operations requiring radio altimeter data when in the presence of 5G C-Band wireless broadband signals. Aviation industry groups said they were insufficient to address air safety concerns. FCC Chairwoman Jessica Rosenworcel, who did not immediately comment on the airlines' analysis, has said she believes the issues can be resolved and spectrum safely used.

According to job listings on LinkedIn, Google appears to be working on an augmented reality device and operating system to pair with it. Ars Technica reports: On LinkedIn, operating system engineering director Mark Lucovsky announced that he has joined Google. He previously headed up mixed reality operating system work for Meta, and before that he was one of the key architects of Windows NT at Microsoft. "My role is to lead the Operating System team for Augmented Reality at Google," he wrote. He also posted a link to some job listings at Google that give the impression Google is getting just as serious about AR as Apple or Meta.

As 9to5Google discovered, one of the listings ("Senior Software Developer, Embedded, Augmented Reality OS") described Google's objective in clear terms: "Our team is building the software components that control and manage the hardware on our Augmented Reality (AR) products. These are the software components that run on the AR devices and are the closest to the hardware. As Google adds products to the AR portfolio, the OS Foundations team is the very first software team to work with new hardware." Other job listings say new hires will be working on an "innovative AR device." And one specifies that Google is "focused on making immersive computing accessible to billions of people through mobile devices." The roles are largely in the United States, but some are located in Waterloo, Ontario -- the HQ of Canadian smart glasses maker North, which Google acquired in 2020.

An anonymous reader quotes a report from The Washington Post: The U.S. Postal Service pursued a project to build and secretly test a blockchain-based mobile phone voting system before the 2020 election (Warning: may be paywalled; alternative source), experimenting with a technology that the government's own cybersecurity agency says can't be trusted to securely handle ballots. The system was never deployed in a live election and was abandoned in 2019, Postal Service spokesman David Partenheimer said. That was after cybersecurity researchers at the University of Colorado at Colorado Springs conducted a test of the system during a mock election and found numerous ways that it was vulnerable to hacking.

The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system. The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system.

The Postal Service system allowed people to cast votes on an Internet-connected mobile app similar to how they might add items to an online shopping cart or fill out an online survey. The votes were designed to be anonymous and to be recorded in multiple digital locations simultaneously. The idea is that each of those digital records would act as a check to verify the accuracy of the other records. This is essentially the same method that cryptocurrencies such as bitcoin use to ensure transactions are accurately recorded. But the system didn't protect against the numerous ways hackers might fake or corrupt votes, the University of Colorado researchers said. Those include impersonating voters, attacking the blockchain system itself so votes can't be trusted, flooding the system with information so it becomes too overwhelmed to function, and using techniques that undermine voters' privacy and the secrecy of the ballot. The researchers were able to successfully perform all those hacks during a mock election held on campus. "The Postal Service was awarded a public patent for the concept in August 2020, but had not previously revealed that it built a prototype system or tested it," the report notes.

Google's Pixel 6 line may have served as Android 12's big debut for higher-end phones, but Android 12 (Go edition) plans to bring many of the enhancements and features of Android 12 to lower-end phones, too. Google on Tuesday unveiled a host of new features for the Go edition that are set to roll out to devices in 2022. From a report: Google says that in addition to speed enhancements that'll help apps launch up to 30% faster, Android 12 (Go edition) will include a feature that'll save battery life and storage by automatically "hibernating apps that haven't been used for extended periods of time." And with the Files Go app, you'll be able to recover files within 30 days of deletion. Android 12 (Go edition) will also help you easily translate any content, listen to the news and share apps with nearby devices offline to save data, Google says. The company said Android Go has amassed 200 million users.

Apple has allowed app developers to collect data from its 1 billion iPhone users for targeted advertising, in an unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy. Financial Times: In May Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to "Ask App Not to Track," he clicked it and they vanished. Apple's message to potential customers was clear -- if you choose an iPhone, you are choosing privacy.

But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles. For instance Snap has told investors that it plans to share data from its 306m users -- including those who ask Snap "not to track" -- so advertisers can gain "a more complete, real-time view" on how ad campaigns are working. Any personally identifiable data will first be obfuscated and aggregated. Similarly, Facebook operations chief Sheryl Sandberg said the social media group was engaged in a "multiyear effort" to rebuild ad infrastructure "using more aggregate or anonymised data."

These companies point out that Apple has told developers they "may not derive data from a device for the purpose of uniquely identifying it." This means they can observe "signals" from an iPhone at a group level, enabling ads that can still be tailored to "cohorts" aligning with certain behaviour but not associated with unique IDs. This type of tracking is becoming the norm.

"Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them," reports Bleeping Computer, "even when running the latest firmware." Slashdot reader joshuark shared their report: The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people... Researchers at IoT Inspector carried out the security tests in collaboration with CHIP magazine, focusing on models used mainly by small firms and home users. "For Chip's router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version," Florian Lukavsky, CTO & Founder at IoT Inspector, told BleepingComputer via email. "The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other security issues...."

While not all flaws carried the same risk, the team found some common problems that affected most of the tested models:

- Outdated Linux kernel in the firmware
- Outdated multimedia and VPN functions
- Over-reliance on older versions of BusyBox
- Use of weak default passwords like "admin"
- Presence of hardcoded credentials in plain text form....

All of the affected manufacturers responded to the researchers' findings and released firmware patches.
The researchers demonstrated one exploit they found on one of the routers that extracted the AES key used for the firmware encryption, letting malicious firmware image updates pass verification checks on the device — and thus potentially planting malware on the router.

jd (Slashdot reader #1,658) shares another perspective on the same study from Security Week: Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity.

Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays?
But wait — it gets even more interesting...

The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.")

But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built.

While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities!

In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening!

An anonymous reader quotes a report from Reuters: Israel said on Thursday it was halting the use of mobile phone tracing to curb the spread of the new coronavirus variant Omicron, a practice that had been challenged by privacy watchdogs. Prime Minister Naftali Bennett's government authorized the surveillance technology, which matches virus carriers' locations against other mobile phones nearby to determine their contacts, to be used for Omicron cases on Nov. 27. That authorization will not be renewed after it lapses at midnight between Thursday and Friday, Bennett's office said in a statement, citing "up-to-date situational assessments."

The technology, originally developed by Israel's Shin Bet security agency for counter-terrorism and counter-espionage, had "contributed over the last week to the effort to break the chain of infection", the statement said. Israel has confirmed at three cases of the new variant and at least 30 others are suspected of having contracted it, the Health Ministry said. Earlier on Thursday, Israel's Supreme Court rejected a petition by four rights groups seeking to repeal the measure. "Considering the uncertainty around the Omicron variant and its effects..., it has not been proven that the Shin Bet authorization poses a disproportionate infringement on the right to privacy which would justify its striking down," the ruling said.

Apple's iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, Reuters reported Friday, citing people familiar with the matter. From the report: The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said. The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.

Apple, suffering from a global supply crunch, is now confronting a different problem: slowing demand. From a report: The company has told its component suppliers that demand for the iPhone 13 lineup has weakened, people familiar with the matter said, signaling that some consumers have decided against trying to get the hard-to-find item. Already, Apple had cut its iPhone 13 production goal for this year by as many as 10 million units, down from a target of 90 million, because of a lack of parts, Bloomberg News reported. But the hope was to make up much of that shortfall next year -- when supply is expected to improve. The company is now informing its vendors that those orders may not materialize, according to the people, who asked not to be identified because the discussions are private.

At the Snapdragon Tech Summit 2021 yesterday, Qualcomm introduced their new always-on camera capabilities in the Snapdragon 8 Gen 1 processor, which is expected to arrive in high-end Android phones early next year. The company says this new feature will let users wake and unlock their phone without having to pick it up or have it instantly lock when it no longer sees their face. Even though Judd Heape, Qualcomm Technologies vice president of product management, said that the "always-on camera data never leaves the secure sensing hub while it's looking for faces," it raises a serious privacy concern that "far outweighs any potential convenience benefits," argues The Verge's Dan Seifert. From the report: Qualcomm is framing the always-on camera as similar to the always-on microphones that have been in our phones for years. Those are used to listen for voice commands like "Hey Siri" or "Hey Google" (or lol, "Hi Bixby") and then wake up the phone and provide a response, all without you having to touch or pick up the phone. But the key difference is that they are listening for specific wake words and are often limited with what they can do until you do actually pick up your phone and unlock it. It feels a bit different when it's a camera that's always scanning for your likeness.

It's true that smart home products already have features like this. Google's Nest Hub Max uses its camera to recognize your face when you walk up to it and greet you with personal information like your calendar. Home security cameras and video doorbells are constantly on, looking for activity or even specific faces. But those devices are in your home, not always carried with you everywhere you go, and generally don't have your most private information stored on them, like your phone does. They also frequently have features like physical shutters to block the camera or intelligent modes to disable recording when you're home and only resume it when you aren't. It's hard to imagine any phone manufacturer putting a physical shutter on the front of their slim and sleek flagship smartphone.

Lastly, there have been many reports of security breaches and social engineering hacks to enable smart home cameras when they aren't supposed to be on and then send that feed to remote servers, all without the knowledge of the homeowner. Modern smartphone operating systems now do a good job of telling you when an app is accessing your camera or microphone while you're using the device, but it's not clear how they'd be able to inform you of a rogue app tapping into the always-on camera. [...] But even if it's not found in every phone next year, the mere presence of the feature means that it will be used by someone at some point. It sets a precedent that is unsettling and uncomfortable; Qualcomm may be the first with this capability, but it won't be long before other companies add it in the race to keep up. Maybe we'll just start having to put tape on our smartphone cameras like we already do with laptop webcams.

An anonymous reader quotes a report from Motherboard: When a scammer wants to set up an account on Amazon, Discord, or a spread of other online services, sometimes a thing that stands in their way is SMS verification. The site will require them to enter a phone number to receive a text message which they'll then need to input back into the site. Sites often do this to prevent people from making fraudulent accounts in bulk. But fraudsters can turn to large scale, automated services to lease them phone numbers for less than a cent. One of those is 5SIM, a website that members of the video game cheating community mention as a way to fulfill the request for SMS verification.

Various YouTube videos uploaded by the company explain how people can use its service explicitly for getting through the SMS verification stage of various sites. The videos include instructions specifically on PayPal, Instagram, Facebook, Telegram, and dating site Plenty of Fish. Instagram told Motherboard it is concerned by sites that suggest people can use services to bypass Instagram's measures to then abuse the platform. Instagram said it uses SMS verification to prevent the creation of fake accounts and to make account recovery possible. "We have many measures in place to protect against scripted account creation and block millions of fake accounts at registration every day," an Instagram spokesperson said.

Some online services don't allow users to perform SMS verification with VoIP numbers, presumably in an effort to mitigate against fraud. 5SIM's numbers, however, are just like ordinary phone numbers, the site claims. When people buy 5SIM's services, they must only use it for receiving texts related to an online account. "Different SMS will [be] rejected," the website adds. 5SIM also offers an API to automate parts of the service. 5SIM's rules say that customers are "Forbidden to use the service for any illegal purposes as well as not to take actions that harm the service and (or) third parties." The website also includes a denylist of words that its service may block. In an email to Motherboard, 5SIM said: "5sim service is prohibited to use for illegal purposes. In cases, where fraudulent operations with registered accounts are detected, restrictions may be imposed on the 5sim account until the circumstances are clarified. 5sim is used by those who want to get a discount or bonus, webmasters, SMM specialists, owners of business for advertising and increasing business loyalty."

An anonymous reader quotes a report from Reuters: Rights groups petitioned Israel's top court on Monday to repeal new COVID-19 measures that authorize the country's domestic intelligence service to use counter-terrorism phone tracking technology to contain the spread of the Omicron virus variant. Announcing the emergency measures on Saturday, Prime Minister Naftali Bennett said the phone tracking would be used to locate carriers of the new and potentially more contagious variant in order to curb its transmission to others. Israeli rights groups say the emergency measures violate previous Supreme Court rulings over such surveillance, used on-and-off by the country's Shin Bet domestic intelligence agency since March, 2020.

A senior health ministry official said on Sunday that use of phone tracking would be "surgical" in nature, only to be utilized on confirmed or suspected carriers of the variant. The surveillance technology matches virus carriers' locations against other mobile phones nearby to determine with whom they have come into contact. Israel's Supreme Court this year limited the scope of its use after civil rights groups mounted challenges over privacy concerns. Further reading: Omicron Covid Variant Poses Very High Global Risk, Says WHO

An anonymous reader quotes a report from Ars Technica: Component shortages have been wreaking havoc on the tech industry since the onset of the COVID-19 pandemic, and smartphones are no outlier. Decelerated production schedules have given way to smaller stock and delayed launches. All of this has resulted in a decline in smartphone sales in Q3 of 2021 compared to Q3 2020, Gartner reported today. According to numbers the research firm shared today, sales to consumers dropped 6.8 percent. A deficit in parts like integrated circuits for power management and radio frequency has hurt smartphone production worldwide.

"Despite strong consumer demand, smartphone sales declined due to delayed product launches, longer delivery schedule, and insufficient inventory at the channel," Anshul Gupta, senior research director at Gartner, said in a statement accompanying the announcement. The analyst added that the production schedules of "basic and utility" phones were more affected by supply constraints than "premium" ones. As a result, premium smartphone sales actually increased during this time period, even though smartphone sales overall declined. Still, shoppers were left with limited options, Gartner noted. Samsung ended up winning the greatest market share (20.2 percent), thanks to its foldable smartphones. Apple's quarterly market share (14.2 percent) was aided by new features in its iPhones, namely the A15 processor and improvements to battery life and the camera sensor. Gartner also pointed to interest in 5G.

Because of a "surprising and sudden request" from America's Federal Aviation Administration that's "based on unverified potential radio interference, a highly anticipated increase in 5G speeds and availability just got put on hold," writes the president/chief analyst of market research/consulting firm TECHnalysis.

But in an opinion piece for USA Today, he asks if the concern is actually warranted? [A]s soon as you start to dig into the details, the concerns quickly seem less practical and more political. Most notably, the plan to launch 5G services on C-Band frequencies has been in the works for several years and really took on momentum after the three big U.S. carriers spent over $80 billion earlier this year to get access to these frequencies. In addition, a report that the FAA cited as part of their complaint has been out for well over a year, so why the last-minute concerns?

U.S. government agencies are, unfortunately, known to hold grudges against one another, sometimes without real clarity as to what's actually involved, as appears to be the case here... Some 40 countries around the world are already using most of the C-Band frequencies for 5G (part of the reason the U.S. has fallen behind on the 5G front), and none have reported any interference with radio altimeters on planes in their countries, the wireless trade association CTIA argues on its website 5GandAviation.com. In addition, new filtering technologies being built into a somewhat obscure part of smartphones called the RF (radio frequency) front end, such as Qualcomm's recently introduced ultraBAW filters, can reduce interference issues on next generation smartphones.

All told, there are numerous reasons why the FAA's concerns around 5G deployment look to be more of a red herring than a legitimate technical concern. While it is true that some older radio altimeters with poor filtering might have to be updated and/or replaced to completely prevent interference, it's not clear that the theoretical interference would even cause an issue.
The article complains that the delayed expansion of bandwidth "could also delay important (and significant) economic impacts," since every previous change in cellular service levels "has triggered billions of dollars of new business and thousands of new jobs by creating new opportunities that faster wireless networks bring with them and 5G is expected do the same...

"While airplane safety shouldn't be compromised in any way, an overabundance of unnecessary caution on this issue could have a much bigger negative impact on the U.S.'s technology advancements and economy than many realize."

iOS 15.2 has been released today, bringing a new feature called Communication Safety in Messages that is able to detect and automatically blur nude images that are sent or received by children. It's one of several Child Safety features Apple announced over the summer. As MacRumors notes, it's "not the same as the controversial anti-CSAM feature that Apple plans to implement in the future after revisions." From the report: Communication Safety is a Family Sharing feature that can be enabled by parents, and it is opt-in rather than activated by default. When turned on, the Messages app is able to detect nudity in images that are sent or received by children. If a child receives or attempts to send a photo with nudity, the image will be blurred and the child will be warned about the content, told it's okay not to view the photo, and offered resources to contact someone they trust for help. When Communication Safety was first announced, Apple said that parents of children under the age of 13 had the option to receive a notification if the child viewed a nude image in Messages, but after receiving feedback, Apple has removed this feature. Apple now says that no notifications are sent to parents.

Apple removed the notification option because it was suggested that parental notification could pose a risk for a child in a situation where there is parental violence or abuse. For all children, including those under the age of 13, Apple will instead offer guidance on getting help from a trusted adult in a situation where nude photos are involved. Checking for nudity in photos is done on-device, with Messages analyzing image attachments. The feature does not impact the end-to-end encryption of messages, and no indication of the detection of nudity leaves the device. Apple has no access to the Messages.

Apple says it will back off its plan to break Face ID on independently repaired iPhones. Ars Technica reports: The company's often contentious relationship with the repair community was tested again when "unauthorized" iPhone 13 screen replacements started resulting in broken Face ID systems. A new report from The Verge says that Apple "will release a software update that doesn't require you to transfer the microcontroller to keep Face ID working after a screen swap." Screen replacements are the most common smartphone repairs. Apple included a new microcontroller in the iPhone 13's display that pairs each screen with other components in the phone. As iFixit reported, if a third-party repair shop replaced the iPhone 13 display, Apple would disable the phone's Face ID system. [...] After a wave of bad press, it's "crisis averted" for the repair community. It would be nice if this was never an issue in the first place, though.

Slashdot reader FlatEric521 tipped us off to an interesting story (from the News Service of Florida): When police responded in 2018 to a call about a shattered window at a home in Orange County, they found a black Samsung smartphone near the broken window. A woman in the home identified the phone as belonging to an ex-boyfriend, Johnathan David Garcia, who was later charged with crimes including aggravated stalking.

But more than three years after the shattered window, the Florida Supreme Court is poised to hear arguments in the case and consider a decidedly 21st Century question: Should authorities be able to force Garcia to give them his passcode to the phone?

Attorney General Ashley Moody's office appealed to the Supreme Court last year after the 5th District Court of Appeal ruled that requiring Garcia to turn over the passcode would violate his constitutional right against being forced to provide self-incriminating information... The case has drawn briefs from civil-liberties and defense-attorney groups, who contend that Garcia's rights under the U.S. Constitution's 5th Amendment would be threatened if he is required to provide the passcode.

But Moody's office in a March brief warned of trouble for law enforcement if the Supreme Court sides with Garcia in an era when seemingly everybody has a cell phone. Police obtained a warrant to search Garcia's phone but could not do so without a passcode. "Modern encryption has shifted the balance between criminals and law enforcement in favor of crime by allowing criminals to hide evidence in areas the state physically cannot access," the brief said.