Apple says it will back off its plan to break Face ID on independently repaired iPhones. Ars Technica reports: The company's often contentious relationship with the repair community was tested again when "unauthorized" iPhone 13 screen replacements started resulting in broken Face ID systems. A new report from The Verge says that Apple "will release a software update that doesn't require you to transfer the microcontroller to keep Face ID working after a screen swap." Screen replacements are the most common smartphone repairs. Apple included a new microcontroller in the iPhone 13's display that pairs each screen with other components in the phone. As iFixit reported, if a third-party repair shop replaced the iPhone 13 display, Apple would disable the phone's Face ID system. [...] After a wave of bad press, it's "crisis averted" for the repair community. It would be nice if this was never an issue in the first place, though.

Slashdot reader FlatEric521 tipped us off to an interesting story (from the News Service of Florida): When police responded in 2018 to a call about a shattered window at a home in Orange County, they found a black Samsung smartphone near the broken window. A woman in the home identified the phone as belonging to an ex-boyfriend, Johnathan David Garcia, who was later charged with crimes including aggravated stalking.

But more than three years after the shattered window, the Florida Supreme Court is poised to hear arguments in the case and consider a decidedly 21st Century question: Should authorities be able to force Garcia to give them his passcode to the phone?

Attorney General Ashley Moody's office appealed to the Supreme Court last year after the 5th District Court of Appeal ruled that requiring Garcia to turn over the passcode would violate his constitutional right against being forced to provide self-incriminating information... The case has drawn briefs from civil-liberties and defense-attorney groups, who contend that Garcia's rights under the U.S. Constitution's 5th Amendment would be threatened if he is required to provide the passcode.

But Moody's office in a March brief warned of trouble for law enforcement if the Supreme Court sides with Garcia in an era when seemingly everybody has a cell phone. Police obtained a warrant to search Garcia's phone but could not do so without a passcode. "Modern encryption has shifted the balance between criminals and law enforcement in favor of crime by allowing criminals to hide evidence in areas the state physically cannot access," the brief said.

Peloton, the makers of an internet-connected exercise bike, saw their stock price drop 35% overnight on Thursday, reports CNBC. "At least four Wall Street investment firms downgraded the stock following Peloton's dismal fiscal first-quarter financial report... Peloton's stock has fallen 63% year to date."

The company had cut its annual revenue forecast — by $1 billion — and lowered its projections for both profit margins and paying subscribers. Bloomberg reports: At best, Peloton currently expects to have 3.45 million connected fitness subscriptions by the end of the fiscal year. It had previously called for 3.63 million. And gross profit margin will be 32%, compared with an earlier forecast of 34%. All that will add up to a loss of as much as $475 million, excluding some items....

On a more upbeat note, the company hinted that it plans to launch new products in the coming weeks and months. Peloton has been working on a rowing machine and a heart-rate monitor that attaches to a wearer's arm, Bloomberg News has reported.
The article suggests Peloton's business was hurt by the end of lockdowns, supply-chain constraints, and the cost of freight. But they also point out another factor. "Like several other companies, Peloton also blamed Apple Inc.'s ad-related privacy changes, which have made it more difficult to target shoppers based on their interests." Apple's new Ad Tracking Transparency feature (or "ATT") now first asks users to deny or allow apps to track their activity for the targeted advertising which had apparently been boosting Peloton's business.

And tlhIngan (Slashdot reader #30,335) tipped us off to a larger trend, since Gizmodo reports that Peloton "isn't the only company that has pointed accusingly at Apple lately." When reporting its third quarter earnings at the end of October, Facebook (now called Meta) — which depends on targeted ads for almost 98% of its revenue — said that ATT had decreased the accuracy of its ad targeting. The feature also increased "the cost of driving outcomes" for advertisers, Facebook COO Sheryl Sandberg explained, and made it harder to measure those outcomes. "Overall, if it wasn't for Apple's iOS 14 changes, we would have seen positive quarter-over-quarter revenue growth," Sandberg said.

On Sunday, the Financial Times reported that ATT had cost Snap, Facebook, Twitter, and YouTube an estimated $9.85 billion in lost revenue in the second half of this year. That's an 87% increase year over year.

An anonymous reader quotes a report from Motherboard: A tweak to the iPhone's repairability that has been long prophesied and feared has finally come to pass, giving staggering new urgency for legislation that makes repair more accessible: The iPhone 13's screen cannot be replaced without special software controlled by Apple. This is a devastating blow to independent repair shops, who make the vast majority of their money doing screen replacements, and, specifically, make the vast majority of their money doing iPhone screen replacements. According to iFixit, replacing the screen on an iPhone 13 disables Face ID functionality. That's because the screen itself is paired to a small microcontroller attached to the display. Replacing a cracked screen with a new screen will disable this pairing, thus breaking a core piece of functionality in the phone. An authorized Apple repair tech can pair a new screen to an iPhone with the click of a few buttons using proprietary Apple tech. Everyone else will have a much harder time. "It is still possible to change a screen on an iPhone 13," notes Motherboard. "The difference is that in order to do so now, this microcontroller needs to be removed from the broken screen and resoldered onto the new screen (after the existing microcontroller on that screen is removed). Doing this requires microsoldering, which requires the use of a microscope and a highly skilled technician."

In an email to Motherboard, iFixit CEO Kyle Wiens said: "This is a clear case of a manufacturer using their power to prevent competition and monopolize an industry. Society loses: small repair shops will wither and fade away and consumers will be left with no choice but to pay top dollar for repairs or replace their device."

According to Nikkei Asian Review, "Nintendo will only be able to produce about 24 million units of its popular Switch game console in the fiscal year through March, 20% below an original plan." From the report: Its production has been held up by shortages of semiconductors and other electronic parts amid strong demand for Switch, including for its latest version released on Oct. 8. Nintendo's trouble is a reminder of the far-reaching impact of the global supply crunch that has affected a wide range of industries from autos to electronics to machinery.

The Kyoto-based company originally planned on producing a record 30 million Switch units on the back of rising demand for computer games triggered by the COVID pandemic, which has forced people to spend more time at home. However, production bottlenecks quickly emerged around springtime for key components including microcomputers. The company concluded it would have to revise down production targets as it was not able to secure enough supplies. Nintendo's suppliers have already been notified about the production cuts.

Beginning next year, iPhone users who are in a car accident could have their phone dial 911 automatically. From a report: Apple plans next year to roll out a product feature called "crash detection" for iPhones and Apple Watches, according to documents reviewed by The Wall Street Journal and people familiar with the feature. Crash detection uses data from sensors built into Apple devices including the accelerometer to detect car accidents as they occur, for instance by measuring a sudden spike in gravity, or "g," forces on impact. The feature would mark the latest move by Apple and its competitors to use motion-sensor technology to build safety functions into their devices. Apple introduced a fall-detection feature in its smartwatch several years ago that senses when wearers have taken a hard fall and dials 911 if they don't respond to a notification asking if they are OK. The company this year added a feature to the newest version of its iPhone operating system that assesses the walking steadiness of users. The timing of the new feature could change, or Apple could choose not to release it, people familiar with the company's development process said.

Apple has been testing the crash-detection feature in the past year by collecting data shared anonymously from iPhone and Apple Watch users, the documents show. Apple products have already detected more than 10 million suspected vehicle impacts, of which more than 50,000 included a call to 911. Apple has been using the 911 call data to improve the accuracy of its crash-detection algorithm, since an emergency call associated with a suspected impact gives Apple more confidence that it is indeed a car crash, according to the documents. The documents don't specify how Apple users are sharing information with the company so it can test its new crash-detection algorithm.

"The third time my 1999 Honda Civic was stolen, I had a plan," writes Washington Post technology reporter Heather Kelly. Specifically, it was a tile tracker hidden in the car, "quietly transmitting its approximate location over Bluetooth." Later that day, I was across town hiding down the block from my own car as police detained the surprised driver. When the Tile app pinged me with a last known location, I showed up expecting the car to be abandoned. I quickly realized it was still in use, with one person looking through the trunk and another napping in the passenger seat, so I called the police...

In April of this year, one month after my car was stolen, Apple released the $29 AirTag, bringing an even more effective Bluetooth tracking technology to a much wider audience. Similar products from Samsung and smaller brands such as Chipolo are testing the limits of how far people will go to get back their stolen property and what they consider justice. "The technology has unintended consequences. It basically gives the owner the ability to become a mini surveillance operation," said Andrew Guthrie Ferguson, a law professor at the American University Washington College of Law...

Apple has been careful to never say AirTags can be used to recover stolen property. The marketing for the device is light and wholesome, focusing on situations like lost keys between sofa cushions. The official tagline is "Lose your knack for losing things" and there's no mention of crime, theft or stealing in any of the ads, webpages or support documents. But in reality, the company has built a network that is ideal for that exact use case. Every compatible iPhone, iPad and Mac is being silently put to work as a location device without their owners knowing when it happens. An AirTag uses Bluetooth to send out a ping with its encrypted location to the closest Apple devices, which pass that information on to the Apple cloud. That spot is visible on a map in the Find My app. The AirTag owner can also turn on Lost Mode to get a notification the next time it's detected, as well as leave contact information in case it's found. Apple calls this the Find My network, and it also works for lost or stolen Apple devices and a handful of third-party products. The proliferation of compatible Apple devices — there are nearly a billion in the network around the world — makes Find My incredibly effective, especially in cities. (Apple device owners are part of the Find My network by default, but can opt out in settings, and the location information is all encrypted...)

All the tracker companies recommend contacting law enforcement first, which may sound logical until you find yourself waiting hours in a parking lot for officers to address a relatively low-priority crime, or having to explain to them what Bluetooth trackers are.
The Times shares stories of two people who tried using AirTags to track down their stolen property. One Seattle man tracked down his stolen electric bike — and ended up pedalling away furiously on the (now out of power) bicycle as the suspected thief chased after him.

And an Ohio man waited for hours in an unfamiliar drugstore parking lot for a response from the police, eventually travelling with them to the suspect's house — where his stolen laptop was returned to the police officer by a man holding two babies in his arms.

Some parents have even hidden them in their childrens' backpacks, and pet owners have hidden them in their pet's collars, the Times reports — adding that the EFF's director of cybersecurity sees another possibility. "The problem is it's impossible to build a tool that is designed to track down stolen items without also building the perfect tool for stalking."

A Microsoft software engineer working on open-source technologies recently wrote that "you can find an open-source implementation for (almost) anything.

"But the mobile landscape is a notable exception." While there are some open-source success stories, Android being a massive one, only a handful of major companies rule hardware and software innovation for the devices we carry in our pockets. Together, Apple and Samsung hold over 50 percent of the world's market share for mobile devices, a figure that underscores just how few dominant players exist in the space. Numbers like these might leave you feeling somber about the overall viability of mobile open source. But a growing demand for better security and privacy, among other factors, may be turning the tides, and a host of inspectable, open-source solutions with transparent life cycle processes are emerging as promising alternatives....

Along with the open-source messaging app Telegram, Signal has garnered attention as a more privacy-focused alternative to apps like Facebook Messenger. The browser Chromium and the mobile game 2048 are other noteworthy examples, as well as proof that although open-source apps aren't the norm, they can be widely adopted and popular. For example, over 65 percent of mobile traffic flows through Chromium-based browsers...

Despite the many open-source technologies available to help build mobile apps, there's plenty of room to grow in the user-facing space — especially as more people recognize the value of having open-source and open-governance applications that can better safeguard their personal information. That growth isn't likely to extend to the hardware space, where the cost of building open-source implementations isn't as rewarding for developers or users — though we may start to see more devices that allow people to choose individual hardware modules from a variety of providers.
The article does cite the open source mobile hardware company Purism. And there's plenty of interesting open source software for mobile app developers, including frameworks like Apache Cordova (which lets developers use CSS3, HTML5, and JavaScript) and a whole ecosystem of open source libraries. But it all does raise the question...

Why aren't there more open source solutions for mobile devices?

Just a few days after releasing iOS 15.1 and iPadOS 15.1, Apple has seeded the first betas of iOS 15.2 and iPadOS 15.2 to developers for testing purposes, with the update adding promised iOS 15 features like App Privacy Report. MacRumors reports: App Privacy Report is one of the iOS 15 additions that Apple showed off at WWDC. It's a new privacy feature that's designed to allow users to see how often apps have accessed their sensitive info like location, photos, camera, microphone, and contacts across the last seven days. It's also set up to show which apps have contacted other domains and how recently they've contacted them so you can keep an eye on what apps are doing behind the scenes.

Auto Call, the feature that lets call emergency services with a series of button presses, has been updated in iOS 15.2. You can now press the side button rapidly multiple times to initiate, or hold down the side button and the volume button together. There's now a longer eight-second countdown before a call is placed, which is up from the prior three-second countdown. Other features and/or changes include a new card-style appearance to Notification Summary and the Communication Safety feature. "Communication Safety is built into the Messages app on iPhone, iPad, and Mac, and it will warn children and their parents when sexually explicit photos are received or sent from a child's device, with Apple using on-device machine learning to analyze image attachments," reports MacRumors.

An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone.

"We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links," Rosenworcel said. "It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm."

Today, Google has officially launched Android 12 for select Pixel devices. The Verge reports: It's available to install right now on Pixel 3 and up, including the Pixel 3A, Pixel 4, Pixel 4A, Pixel 4A 5G, the Pixel 5, and the Pixel 5A. It'll launch on the Pixel 6 and Pixel 6 Pro, as well. Android 12 will be coming later this year to Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices.

The most noticeable feature in Android 12 is the new Material You design, which lets you go a little deeper to tweak the look of the homescreen to your liking. It's more expressive than previous versions of Android, with tools to let you coordinate colors that can extend across app icons, pull-down menus, widgets, and more. Speaking of widgets, many of those have been updated to match the new look, and Google shared today that by the end of October, it plans to have over a dozen new or refreshed widgets available for its first-party apps. Google has published a blog post detailing more features available in this release, including the "Pixel-first" features like Material You.

For its 60th anniversary, Fisher-Price announced a special edition Chatter telephone that can make and receive real phone calls. Engadget reports: Before you start planning on where to display it at your home, know that it doesn't work as a landline unit. It connects to your iOS or Android phone via Bluetooth instead and has to be within 15 feet of your mobile device to work. You'll get nine hours of talk time on the Chatter phone on a single charge, and it comes with a speakerphone button. Other than the features that make it a working device, this Chatter for grown-ups looks just like its toy counterpart with its rotary dial, red handset and wheels. [...] You can get the fully functional Chatter for $60 exclusively from Best Buy's website, starting today until supplies last.

Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

Elon Musk touted SpaceX's plan to use Starlink for in-flight Wi-Fi, saying in a tweet on Thursday that the service could add "low latency ~half gigabit connectivity in the air!" CNBC reports: Starlink is the company's plan to build an interconnected internet network with thousands of satellites, known in the space industry as a constellation, designed to deliver high-speed internet to consumers anywhere on the planet. SpaceX has launched 1,740 Starlink satellites to date, and the network has more than 100,000 users in 14 countries who are participating in a public beta, with service priced at $99 a month.

Airlines work with satellite broadband providers for inflight Wi-Fi, with Viasat and Intelsat -- the latter of which purchased Gogo's commercial aviation business -- two such companies that add connectivity on flights by airlines including Delta, JetBlue, American Airlines and United. But, while existing services use satellites in distant orbits, Starlink satellites orbit closer to the Earth and could boost the speeds that passengers see inflight. SpaceX Vice President Jonathan Hofeller earlier this year said that the company is "in talks with several" airlines about adding Starlink in-flight Wi-Fi, noting that it has an "aviation product in development." Hofeller also emphasized that Starlink "provides a global mesh," so that "airlines are flying underneath that global mesh have connectivity anywhere they go."

Apple is likely to slash its projected iPhone 13 production targets for 2021 by as many as 10 million units as prolonged chip shortages hit its flagship product. Bloomberg reports: The company had expected to produce 90 million new iPhone models in the last three months of the year, but it's now telling manufacturing partners that the total will be lower because Broadcom and Texas Instruments are struggling to deliver enough components [...]. The technology giant is one of the world's largest chip buyers and sets the annual rhythm for the electronics supply chain. But even with strong buying power, Apple is grappling with the same supply disruptions that have wreaked havoc on industries around the world. Major chipmakers have warned that demand will continue to outpace supply throughout next year and potentially beyond. Apple gets display parts from Texas Instruments, while Broadcom is its longtime supplier of wireless components. One TI chip in short supply for the latest iPhones is related to powering the OLED display. Apple also is facing component shortages from other suppliers.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table.

It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

Ken Pillonel, a robotics engineer on YouTube, replaced an iPhone's Lightning port with a working USB-C port. AppleInsider reports: In a YouTube Short titled "World's First USB-C iPhone," Ken Pillonel claims to have installed the component into the iPhone X, replacing Lightning in the process. In the video, the iPhone is said to receive power via the connection, as well as being able to handle data transfers over a USB-C cable. In the description of the video, Pillonel says he reverse-engineered Apple's C94 connector, in order to make a PCB with a female USB-C port. After the schematics were set in place, it then became a challenge to shrink it down and install it into an iPhone.

Pillonel has spent a few months on his creation, with a blog post from May showing the thinking behind the replacement, and the challenges of replacing the Lightning port itself. A video at that time showed a DIY prototype that worked and laid out the work ahead to make it small enough to work within an iPhone enclosure. A late September update advised he had designed and ordered a flexible PCB, a key component in enabling the port switch to occur. He adds a future video is in production, explaining how the board was made and squeezed into the iPhone itself.

Google executive Hiroshi Lockheimer has called on Apple to adopt the Rich Communication Services (RCS) protocol that would enable improved and more secure messaging between iPhone and Android devices. From a report: RCS brings a number of modern features -- including support for audio messages, group chats, typing indicators and read receipts -- and end-to-end encryption to traditional text messaging. But it's unlikely Apple will play ball.

[...] Lockheimer, senior vice president for Android, has encouraged the company to change its mind. In response to a tweet about how group chats are incompatible between iPhone and Android devices, Lockheimer said, "group chats don't need to break this way. There exists a Really Clear Solution." "Here's an open invitation to the folks who can make this right: we are here to help." Lockheimer doesn't mention Apple specifically, but it's clear that the "folks" he is referring to are those in Cupertino, who have been against RCS.

An anonymous reader quotes a report from Motherboard: [O]rganizers and programmers with the Mycelium Mesh Project are [...] designing a decentralized, off-grid mesh network for text communications that could be deployed quickly during government-induced blackouts or natural disasters. Mesh networks, a form of intranet distributed across various nodes rather than a central internet provider, have the potential to decrease our collective reliance on telecommunication conglomerates like Spectrum and Verizon. During a civil unrest situation, government operatives could theoretically disconnect established commercial mesh networks by raiding activists' homes and destroying their nodes or super nodes. The Mycelium Mesh Project is addressing this potential weak link by developing a system that could be deployed at a moment's notice in non-locations, such as on abandoned buildings, tree tops, electric boxes and utility poles.

Nodes would be cheap, run independently of the power grid, and could be produced with materials that can be obtained locally. So far, the collective has successfully sent and received text messages across thirteen miles during field testing around Atlanta, Georgia with nodes powered by rechargeable batteries harvested from disposable vapes. [...] The Mycelium Mesh Project is still in its relatively early stages of development. Messages aren't encrypted -- a necessary feature for activists -- and the model isn't ready for long-range use. But developers are hopeful that their open-source model will promote cooperation amongst like-minded coders. "The network that we all use will work pretty much fine in 99.9% of the cases. But then when it doesn't, it's a real big problem," Marlon Kautz, an organizer and developer with the project, told Motherboard. "The authorities' control over our communications infrastructure can just completely determine what is politically possible in a situation where the future is really up for grabs, where people are making a move to change things in a serious and radical way."

"This is anti-capitalist work, which is non-commercial. We are not trying to start a business," Kautz explained. "We're explicitly trying to take advantage of open source type concepts. So not not only do we want the code that we're developing to be open source, but our entire production model will be."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.

Apple, Google, Sony, Zoom, PayPal and several other tech companies as well as scores of banks have cautioned customers and partners in India to expect a surge in declined transactions as the world's second-largest internet market's central bank enforces a new directive for the way recurring payments are processed in the country. From a report: The Reserve Bank of India's directive, which goes into effect on Friday, requires banks, financial institutions and payment gateways to obtain additional approval for auto-renewables transactions worth over 5,000 Indian rupees ($67) from users by conducting notifications, e-mandates and Additional Factors of Authentication (AFA). The directive impacts all such transactions for debit cards as well as credit cards. The Reserve Bank of India said in the original circular in 2019, that the framework was designed to serve as "a risk mitigant and customer facilitation measure," adding that the issuer processing such transactions "shall send a pre-transaction notification to the customer, at least 24 hours prior to the actual charge by SMS or email, as per the customer's preferences."

With the recent release of iOS 15, Apple appears to have made some changes to Siri functionality that have removed features relied on by low vision and blind iPhone users. MacRumors reports: Several Siri commands that provide details on phone calls, voicemails, and sending emails no longer appear to be working. The following commands used to be functional, but have recently been removed: Do I have any voicemails?, Play my voicemail messages, Check my call history, Check my recent calls, Who called me?, Send an email, and Send an email to [person]. Over the last two weeks, we've received several emails from iPhone users who are missing this key Siri functionality, or their relatives who are attempting to help them navigate the changes. The Siri feature removals have also been documented on the AppleVis forums for blind and low vision users of Apple products. Asking Siri to provide details on recent phone calls or voicemails results in the following response: "I can't help with that, but you can ask me to open the Phone app."

Asking about email garners a similar response about Siri being unable to help. It's worth noting that it's still possible to ask Siri to play the most recent voicemail message that's available, or a voicemail from a specific person, but Siri will not read out a list of all the available voicemails. The Siri commands seem to have disappeared when iOS 15 was released, but iOS 14 users are also not able to use them anymore so it's not an issue tied to iOS 15.

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. Threatpost reports: An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.'s National Cyber Security Centre (NCSC). But Visa, for its part, said that Apple Pay payments are secure and that any real-world attacks would be difficult to carry out.

The team explained that fraudulent tap-and-go payments at card readers can be made using any iPhone that has a Visa card set up in "Express Transit" mode. Express Transit allows commuters around the world, including those riding the New York City subway, the Chicago El and the London Underground, to tap their phones on a reader to pay their fares without unlocking their devices. "An attacker only needs a stolen, powered-on iPhone," according to a writeup (PDF) published this week. "The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge. The attacker needs no assistance from the merchant."

This attack is made possible by a combination of flaws in both Apple Pay and Visa's systems, the academic team noted. "The details of this vulnerability have been disclosed to Apple (Oct 2020) and to Visa (May 2021)," according to the writeup. "Both parties acknowledge the seriousness of the vulnerability, but have not come to an agreement on which party should implement a fix." "Variations of contactless-fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world," Visa said in a statement to the BBC, adding that its fraud-detection systems would flag any suspicious transactions. Apple meanwhile shifted the responsibility to Visa and told the outlet, "We take any threat to users' security very seriously. This is a concern with a Visa system, but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa's zero-liability policy." The researchers say users can protect themselves by not using Visa as a transport card in Apple Pay, and if they do, by remotely wiping the device if lost or stolen. The bug does not affect other types of payment cards or payment systems.

New submitter thegreatnick writes: The next generation of Fairphone -- an attempt to make an ethical smartphone -- has been announced with the Fairphone 4. The base specs include a Qualcomm Snapdragon 750G SoC, 6GB of RAM, and 128GB of storage (upgradeable to 8GB and 256GB). On the front, you'll get a 6.3-inch, 2340x1080 LCD display with slimmer bezels (compared to the Fairphone 3 design) and a teardrop notch for the 25-megapixel front camera. The 3,905mAh battery is Qualcomm Quick Charge 4.1 compatible, so if you have a compatible USB-C charger (not included in the box to reduce waste) you can take the battery from 0-50% in 30 minutes. The phone ships with Android 11 and has a side-mounted fingerprint reader in the power button, a MicroSD slot, and the option for dual-SIM usage via one physical nanoSIM and an eSIM.

Continuing Fairphone's progress in making a "fair" supply chain -- both ethically-clean raw materials and paying workers a fair wage -- it also describes the 4 as "e-waste neutral." This is a neat way of summing up the idea that the company will recycle one device for every Fairphone 4 it sells. In addition, Fairphone can boast that it now uses 70% "fair" materials inside the handset, including FairTrade Gold and Silver, aluminum from ASI-certified vendors, and a backplate made from 100% post-consumer recycled polycarbonate. In an upgrade to previous models, the Fairphone 4 has dual cameras, though it loses the headphone jack. The company says this was to achieve an IP54 waterproof rating (light splashes) -- a first for the Fairphone brand. It's also been announced that it will come with an industry-leading 5-year warranty and aims to get 6 years of software updates for the phone.

Eero and Ring -- two Amazon-owned companies -- have teamed up to produce a home security system that incorporates an Eero router inside. Engadget reports: Ring COO Mike Harris said that the decision to work with Eero was not one foisted down from upon high by Amazon. Instead, Harris said that both companies saw the opportunity to work together to help leverage their individual skills in tandem. To take advantage of the technology, you'll need to sign up to Ring's new subscription product, dubbed Protect Pro. The package offers cloud video storage, professional monitoring, Alexa Guard Plus, 24/7 backup internet for your security devices (via an LTE module in the Ring Pro base station) and Eero's cybersecurity subscription product for network protection. This, at least in the US as it launches, will set you back $20 a month, or $200 per year per location up front.

At the same time, Ring is launching a system dubbed "Virtual Security Guard," which connects users to third-party security guards. You'll need to pay for that separately, but you can hand over access to select Ring camera feeds to those companies who can keep a watch over your property. It is only when motion is detected that an operator can access your feed, and can speak to whoever is there to determine their intentions. Ring adds that third parties can't view motion events when the camera is disarmed, and can't download, share or save the clips of what's going on in your front yard. The first company to sign up for the program is Rapid Response, with others expected to join in the near future. The Virtual Security Guard service will require you to apply for early access, but the Ring Alarm Pro can be pre-ordered today for $250. (Since this isn't a Slashvertisement, we won't include a link to the product; you'll have to search for it yourself. Sorry not sorry.)

An anonymous reader shares a report from Daring Fireball, written by John Gruber: Chaim Gartenberg, writing for The Verge, "The Lightning Port Isn't About Convenience; It's About Control": "Notably absent from Apple's argument, though, is the fact that cutting out a Lightning port on an iPhone wouldn't just create more e-waste (if you buy Apple's logic) or inconvenience its customers. It also means that Apple would lose out on the revenue it makes from every Lightning cable and accessory that works with the iPhone, Apple-made or not -- along with the control it has over what kinds of hardware does (or doesn't) get to exist for the iPhone and which companies get to make them. Apple's MFi program means that if you want to plug anything into an iPhone, be it charger or adapter or accessory, you have to go through Apple. And Apple takes a cut of every one of those devices, too." Gartenberg summarizes a commonly-held theory here: that Apple is sticking with its proprietary Lightning port on iPhones because they profit from MFi peripherals. That it's a money grab.

I don't think this is the case at all. Apple is happy to keep the money it earns from MFi, of course. And they're glad to have control over all iPhone peripherals. But I don't think there's serious money in that. It's loose-change-under-the-couch-cushion revenue by Apple's astonishingly high standards. How many normal people do you know who ever buy anything that plugs into a Lightning port other than a USB cable? And Apple doesn't make more money selling their own (admittedly overpriced) Lightning cables to iPhone owners than they do selling their own (also overpriced) USB-C cables to iPad Pro and MacBook owners. My theory is that Apple carefully weighs the pros and cons for each port on each device it makes, and chooses the technologies for those ports that it thinks makes for the best product for the most people. "What makes sense for the goals of this product that we will ship in three years? And then the subsequent models for the years after that?" Those are the questions Apple product designers ask.

The sub-head on Gartenberg's piece is "The iPhone doesn't have USB-C for a reason". Putting that in the singular does not do justice to the complexity of such decisions. There are numerous reasons that the iPhones 13 still use Lightning -- and there are numerous reasons why switching to USB-C would make sense. The pro-USB-C crowd, to me, often comes across as ideological. I'm not accusing Gartenberg of this -- though it is his piece with the sub-head claiming there's "a" singular reason -- but many iPhones-should-definitely-use-USB-C proponents argue as though there are no good reasons for the iPhone to continue using Lightning. That's nonsense. To be clear, I'm neither pro-Lightning nor pro-USB-C. I see the trade-offs. If the iPhones 13 had switched to USB-C, I wouldn't have complained. But I didn't complain about them not switching, either. You'll note that in none of my reviews of iPad models that have switched from Lightning to USB-C in recent years have I complained about the switch. Apple, to my eyes, has been managing this well. But, if the iPhones 13 had switched to USB-C, you know who would have complained? Hundreds of millions of existing iPhone users who have no interest in replacing the Lightning cables and docks they already own. "In 15 generations of iPhones, Apple has changed the connector once. And that one time was a clear win in every single regard," adds Gruber. "Changing from Lightning to USB-C is not so clearly an upgrade at all. It's a sidestep."

Regardless of which side you take on this debate, it's inevitable that Apple iPhones will adopt USB-C. Last week, the executive arm of the European Union, the European Commission, announced plans to force smartphone and other electronics manufacturers to fit a common USB-C charging port on their devices. The rules are intended to cut down on electronic waste by allowing people to re-use existing chargers and cables when they buy new electronics. Unless Apple plans to skip out on the European market or pay a potentially steep fine for refusing to adopt the port, they'll likely give into the pressure and release a USB-C-equipped iPhone by the time this law goes into effect in late 2023 or 2024.

EFF.org has the story: For the last month, civil liberties and human rights organizations, researchers, and customers have demanded that Apple cancel its plan to install photo-scanning software onto devices. This software poses an enormous danger to privacy and security. Apple has heard the message, and announced that it would delay the system while consulting with various groups about its impact. But in order to trust Apple again, we need the company to commit to canceling this mass surveillance system.

The delay may well be a diversionary tactic. Every September, Apple holds one of its big product announcement events, where Apple executives detail the new devices and features coming out. Apple likely didn't want concerns about the phone-scanning features to steal the spotlight.

But we can't let Apple's disastrous phone-scanning idea fade into the background, only to be announced with minimal changes down the road. To make sure Apple is listening to our concerns, EFF turned to an old-school messaging system: aerial advertising.

During Apple's event, a plane circled the company's headquarters carrying an impossible-to-miss message: "Apple, don't scan our phones!" The evening before Apple's event, protestors also rallied nationwide in front of Apple stores. The company needs to hear us, and not just dismiss the serious problems with its scanning plan. A delay is not a cancellation, and the company has also been dismissive of some concerns, referring to them as "confusion" about the new features.

Apple's iMessage is one of the preeminent end-to-end encrypted chat clients. End-to-end encryption is what allows users to exchange messages without having them intercepted and read by repressive governments, corporations, and other bad actors. We don't support encryption for its own sake: we fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

Now that Apple's September event is over, Apple must reach out to groups that have criticized it and seek a wider range of suggestions on how to deal with difficult problems, like protecting children online...

The world, thankfully, has moved towards encrypted communications over the last two decades, not away from them, and that's a good thing. If Apple wants to maintain its reputation as a pro-privacy company, it must continue to choose real end-to-end encryption over government demands to read user's communication.

Privacy matters now more than ever. It will continue to be a selling point and a distinguishing feature of some products and companies. For now, it's an open question whether Apple will continue to be one of them.

At Microsoft's Surface event today, the company announced its Surface Duo 2 dual-screen Android smartphone, featuring a trio of new cameras, a faster processor, larger displays, and support for 5G. The company also unveiled a successor to the Surface Book line of laptops, the Surface Laptop Studio, as well as the Surface Pro 8. From a report: The first-generation of the Duo made a splash thanks to its unique design. While the original Duo had no exterior screen at all, the Duo 2 now has a sliver of screen called the Glance Bar that peeks out from where its displays come together and provides you with the time and notifications when the Duo is closed. Microsoft has seemingly addressed a number of the original Duo's shortcomings with its Duo 2. One of the biggest issues with the first-generation version was its lack of any truly capable camera. [...] This time around, Microsoft has outfitted the Surface Duo 2 with a trio of external cameras. Like Apple's iPhone and Samsung's Galaxy line of smartphones, the Duo 2 gets a wide-angle camera, an ultra-wide angle camera, and a telephoto camera. There's also a dedicated night photography mode, 2x optical zoom with the telephoto lens, and the ability to record 4K video at 60 frames per second.

As for the occasionally sluggish performance, the Duo 2 should have that sorted out. This time around, Microsoft has dropped Qualcomm's latest Snapdragon 888 processor into the Duo 2, which means the phone should run as smoothly and quickly as any of the leading smartphones on the market. What's more, the Duo 2 gets 8GB of RAM and 128GB, 256GB, or 512GB of storage. On top of that, the Surface Duo 2 gets 5G connectivity, something that was conspicuously absent from the first-generation Duo.

The Duo 2 also gets two larger displays this time around. Rather than two 5.1-inch panels, the Duo 2 gets two 5.3-inch screens that open up to an 8.3-inch display that you can use to move your apps across or as a single canvas for more expansive apps. [...] The gist of the Surface Duo 2 is that two screens are better than one. To that end, Microsoft has combined two panels with a hinge to make an Android-powered device that lets you not only use both displays at the same time, but also seamlessly move apps and content between them. That capability will cost you a pricey $1,499 when the Duo 2 hits store shelves. It's available for pre-order today.

Lithuania's Defense Ministry recommended that consumers avoid buying Chinese mobile phones and advised people to throw away the ones they have now after a government report found the devices had built-in censorship capabilities. From a report: Flagship phones sold in Europe by China's smartphone giant Xiaomi have a built-in ability to detect and censor terms such as "Free Tibet", "Long live Taiwan independence" or "democracy movement", Lithuania's state-run cybersecurity body said on Tuesday. The capability in Xiaomi's Mi 10T 5G phone software had been turned off for the "European Union region", but can be turned on remotely at any time, the Defence Ministry's National Cyber Security Centre said in the report. "Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible," Defence Deputy Minister Margiris Abukevicius told reporters in introducing the report.

The European Commission will on Thursday present a legislative proposal for a common charger for mobile phones, tablets and headphones, a move likely to affect iPhone maker Apple more than its rivals, Reuters reported on Tuesday, citing a person familiar with the matter. From the report: The European Union executive and EU lawmakers have been pushing for a common charger for over a decade, saying it would be better for the environment and more convenient for users. The Commission wants the sale of chargers to be decoupled from devices, and also propose a harmonised charging port, the person said. Apple, whose iPhones are charged from its Lightning cable, has said rules forcing connectors to conform to one type could deter innovation, create a mountain of electronic waste and irk consumers.

On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes. From a report: In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year. "Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded with $5,000," the researcher wrote on Twitter last week. [...] Because of the unprofessional way Apple handled his bug report, the researcher published today a variation of the same bypass, but this time one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock. Further reading: Apple Pays Hackers Six Figures To Find Bugs in Its Software. Then It Sits On their Findings.

Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand.

A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15. Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.

A man who the Department of Justice says unlocked AT&T customers' phones for a fee was sentenced to 12 years in prison, in what the judge called "a terrible cybercrime over an extended period," which allegedly continued even after authorities were on to the scheme. The Verge reports: According to a news release from the DOJ, in 2012, Muhammad Fahd, a citizen of Pakistan and Grenada, contacted an AT&T employee via Facebook and offered the employee "significant sums of money" to help him secretly unlock AT&T phones, freeing the customers from any installment agreement payments and from AT&T's service. Fahd used the alias Frank Zhang, according to the DOJ, and persuaded the AT&T employee to recruit other employees at its call center in Bothell, Washington, to help with the elaborate scheme. Fahd instructed the AT&T employees to set up fake businesses and phony bank accounts to receive payments, and to create fictitious invoices for deposits into the fake accounts to create the appearance that money exchanged as part of the scheme was payment for legitimate services.

In 2013, however, AT&T put into place a new unlocking system which made it harder for Fahd's crew to unlock phones' unique IMEI numbers, so according to the DOJ he hired a developer to design malware that could be installed on AT&T's computer system. This allegedly allowed him to unlock more phones, and do so more efficiently. The AT&T employees working with Fahd helped him access information about its systems and other employees' credentials, allowing his developer to tailor the malware more precisely, the DOJ said. A forensic analysis by AT&T showed Fahd and his helpers fraudulently unlocked more than 1.9 million phones, costing the company more than $200 million. Fahd was arrested in Hong Kong in 2018 and extradited to the US in 2019. He pleaded guilty in September 2020 to conspiracy to commit wire fraud.

Apple introduced eSIM support on iPhone with iPhone XR and iPhone XS in 2018. However, while you can use a regular SIM and an eSIM simultaneously, there was no way to use two eSIMs simultaneously -- until now. iPhone 13 and iPhone 13 Pro feature dual eSIM support for the first time. From a report: The new capability was confirmed by Apple on the iPhone 13 specs webpage. There, Apple says that iPhone 13 models support Dual SIM using both regular SIM and eSIM and "Dual eSIM," as the company calls it. If you check the webpage of the iPhone 12 or previous generations, only combined Dual SIM support is mentioned. These are the SIM support specifications for iPhone 13 mini, iPhone 13, iPhone 13 Pro, and iPhone 13 Pro Max: Dual SIM (nanoâ'SIM and eSIM), and dual eSIM support. During the event, Apple also mentioned that iPhone 13 models have support for more 5G bands, which should enable the new faster network in more countries.

Apple has officially announced the high-end part of the iPhone 13 lineup: the iPhone 13 Pro and 13 Pro Max. It's got a faster A15 Bionic chip, three all-new cameras, and an improved display with up to a 120Hz ProMotion high refresh rate display that can go as bright as 1,000 nits. The iPhone 13 Pro will start at $999, while the iPhone 13 Pro Max will start at $1099. Both will be available to order on Friday, shipping on September 24th. From a report: The OLED screens on both models are the same sizes as last year at 6.1 and 6.7 inches but with slightly smaller notches that should allow for more space in the iOS status bar. Apple says the phones have an all-new three-camera system. The ultrawide should offer better low-light photography, and the telephoto now goes up to 3x zoom, enabling 6x optical zoom across the three cameras. All three cameras now have night mode, and there's a new macro mode for photographing subjects at just 2cm.

Long-time Slashdot reader fahrbot-bot quotes Engadget: Hold off on purchasing that iPhone mount for your motorbike.

In a new Apple Support post first seen by MacRumors, the tech giant has warned that high amplitude vibrations, "specifically those generated by high-power motorcycle engines" transmitted through handlebars, can damage its phones' cameras.

As the publication notes, that damage can be permanent. A simple Google search will surface posts over the past few years by users whose cameras were ruined after they mounted their iPhone on their bike, mostly so they can use it for navigation.
MacRumors summarizes another Apple recommendation: for slower vehicles like mopeds and scooters "at least use a vibration-dampening mount to minimize the chances of any damage."

Engadget's suggestion? "Just use another GPS device to make sure you don't ruin a device that costs hundreds to over a thousand dollars."

The Guardian tells the story of "a viral sensation in the global underworld," the high-security An0m phones, which launched with "a grassroots marketing campaign, identifying so-called influencers — 'well-known crime figures who wield significant power and influence over other criminal associates', according to a US indictment — within criminal subcultures." An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet.

Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone's calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled...

[U]sers could set an option to wipe the phone's data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker's voice. An0m was marketed and sold not so much to the security conscious as the security paranoid...

An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 — 19.37m of them — had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.

On 7 June 2021, more than 800 arrests were made around the world....
Law enforcement agencies ultimately saw An0m as a creative workaround for unbreakable encryption, according to the Guardian. "Why debate tech companies on privacy issues through costly legal battles if you can simply trick criminals into using your own monitored network?"

The Guradian's story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"

Apple's next event, during which it will likely unveil its next slate of devices, including the seventh-generation Apple Watch and a new iPhone, is happening Sept. 14 at 10 a.m. PT, the company confirmed Tuesday. The event, like all previous ones over the last year and a half, will be held entirely online amid continued concerns about the coronavirus pandemic. From a report: Apple's invite includes the phrase "California streaming." It features a neon outline of the Apple logo set atop a silhouette of a mountain range. The company's flashy event is its most important of the year, setting its product lineup for the holiday shopping season. Last year, Apple held three major product releases in the second half, separating out announcements for its latest Apple Watches, iPads, iPhones and Mac computers. The releases helped propel Apple's sales and profit to their highest levels, setting new revenue records for the company's iPhones, iPads and Mac computers. It's unclear just what products Apple will announce and if it will repeat last year's tactic of holding multiple events throughout the second half. The iPhone 13 is almost assuredly going to make an appearance. The rumored Apple Watch 7 could as well.

"A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores," reports the Record: In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection. ValdikSS, who set up a local 2G base station in order to intercept the phones' communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser...

All the remote servers that received this activity were located in China, ValdikSS said, where all the devices were also manufactured before being re-sold on Russian online stores as low-budget alternatives to more popular push-button phone offerings, such as those from Nokia.
But who's responsible, the article ultimately asks. The third party supplying the firmware? The parties shipping the phones? The vendors selling the phone without detecting its malware? Or the government agencies lacking a mechanism for collecting reports of malware...

Long-time Slashdot reader Nkwe shares an article about AT&T's "Flying COW" drones — their Cell (tower) On Wings drone technology that's helped restore cellphone service after Hurricane Ida and other natural disasters.

"The device is a cell site situated on a drone engineered to beam wireless LTE coverage across an area of up to 40 square miles." The weather-resistant drone can withstand extreme conditions, and its thermal imaging can help search and rescue teams find people in buildings, tree cover, and thick smoke... The drone has the potential to hover over 300 feet and is connected by a tether attached to the ground.

When someone texts, calls, or uses data, the signal is sent to the drone and transferred through the tether to a router. The router pushes information through a satellite, into the cloud, and finally into the AT&T network. The tether also provides constant power to the Flying COW via a fiber, giving the drone unlimited flight time.

Its flying capabilities allow it to soar 500% higher than a terrestrial Cell-on-Wheels mast, expanding how far the signal reaches, though more drones can be added to widen the coverage area. The drone is small and versatile, making it easy to set up, deploy, and move during rapidly changing conditions, like firefighters chasing a wildfire.

Qualcomm says it's figured out a way to deliver lossless audio over Bluetooth, yielding quality that should be indistinguishable from uncompressed sources. And it's calling it aptX Lossless, the next generation of Qualcomm's proprietary audio format. From a report: Taking a "systems level approach," was the key, the company says, as it's "optimized a number of core wireless connectivity and audio technologies, including aptX Adaptive, which work together to auto detect and scale-up and are designed to deliver CD lossless audio when a user is listening to a lossless music file and the RF conditions are suitable." So, yes, there are a few caveats, and you'll need new hardware to get the full aptX Lossless experience -- that goes for the device you're streaming from (a phone, for instance), as well as your listening device, typically a pair of headphones. Qualcomm says devices that support aptX Lossless are expected to be available in early 2022. Its key specs are: Supports 44.1kHz, 16-bit CD lossless audio quality
Designed to scale-up to CD lossless audio based on Bluetooth link quality
User can select between CD lossless audio 44.1kHz and 24-bit 96kHz lossy
Auto-detects to enable CD lossless audio when the source is lossless audio
Mathematically bit-for-bit exact
Bit-rate : ~1Mbps

Apple wants to hire a programmer who knows about RISC-V, a processor technology that competes with the Arm designs that power iPhones, iPads and newer Macs. The company's interest emerged in a job posting for a "RISC-V high performance programmer" that Apple published Thursday. From a report: It's not clear exactly what Apple's plans are for the technology. Landing even a supporting role in an Apple product would be a major victory for RISC-V allies seeking to establish their technology as an alternative to older chip families like Arm or Intel's x86.

One of the RISC-V's creators is seminal processor designer David Patterson, and startups like SiFive and Esperanto Technologies are commercializing RISC-V designs. The job description offers some details about Apple's plans. The programmer will work on a team that's "implementing innovative RISC-V solutions and state of the art routines. This is to support the necessary computation for such things as machine learning, vision algorithms, signal and video processing," the job description says.

What if your smartphone or laptop started charging as soon as you walked in the door? Researchers have developed a specially built room that can transmit energy to a variety of electronic devices within it, charging phones and powering home appliances without plugs or batteries. Scientific American: This system "enables safe and high-power wireless power transfer in large volumes," says Takuya Sasatani, a project assistant professor at the University of Tokyo's Graduate School of Engineering and lead author of the new study, which was published this week in Nature Electronics. The room relies on the same phenomenon as short-range wireless phone chargers: a metal coil, placed in a magnetic field, will produce an electric current. Existing commercial charging docks use electricity from a wall outlet to produce a magnetic field in a small area. Most recent smartphones are equipped with a metal coil, and when such a model) is placed on the dock, the interaction generates enough current to power the phone's battery. But today's commercial products have a very limited range. If you lift a phone off the dock or swathe it in a case that is too thick, the wireless power transfer ceases. But if a magnetic field filled a whole room, any phone within it would have access to wireless power.

"The prospect of having a room where a variety of devices could just receive power anywhere is really compelling and exciting," says Joshua Smith, a professor of computer science and electrical engineering at the University of Washington, who was not involved in the new study. "And this paper takes another step toward making that possible." In the study, the researchers describe a custom test room of about 18 cubic meters (roughly equivalent to a small freight container), which Sasatani built from conductive aluminum panels with a metal pole running down the middle. The team furnished the room with a wirelessly powered lamp and fan, as well as more prosaic items, including a chair, table and bookshelf. When the researchers ran an electric current through the walls and pole in a set pattern, it generated a three-dimensional magnetic field within the space. In fact, they designed the setup to generate two separate fields: one that fills the center of the room and another that covers the corners, thus allowing any devices within the space to charge without encountering dead spots.

By carrying out simulations and measurements, Sasatani and his co-authors found their method could deliver 50 watts of power throughout the room, firing up all of the devices equipped with a receiving coil that they tested: a smartphone, a light bulb and a fan. Some energy was lost in the transfer, however. Delivery efficiency varied from a low of 37.1 percent to a high of about 90 percent, depending on the strength of the magnetic field at specific points in the room, as well as the orientation of the device. Without precautions, running current through the room's metal walls would typically fill it with two types of waves: electric and magnetic. This presents a problem, because electric fields can produce heat in biological tissues and pose a danger to humans. So the team embedded capacitors, devices that store electric energy, in the walls. "It confines the safe magnetic fields within the room volume while confining hazardous parts inside all the components embedded inside the walls," Sasatani explains.

Apple's push to bring satellite capabilities to the iPhone will be focused on emergency situations, allowing users to send texts to first responders and report crashes in areas without cellular coverage. From a report: The company is developing at least two related emergency features that will rely on satellite networks, aiming to release them in future iPhones, according to a person with knowledge of the situation. Apple has been working on satellite technology for years, with a team exploring the concept since at least 2017, Bloomberg has reported. Speculation that the next iPhone will have satellite capabilities ramped up this week after TF International Securities analyst Ming-Chi Kuo said the phone will probably work with spectrum owned by Globalstar. That's led to conjecture that the iPhone will become something akin to a satellite phone, freeing users from having to rely on cell networks. But Apple's plan is initially more limited in scope, according to the person, with the focus on helping customers handle crisis scenarios.

With Apple's latest iPhone just around the corner, reports suggest that it will include support for satellite communications, which consumers could use when terrestrial-based 4G and 5G are not available. The one getting most of the glory: Globalstar, the once-embattled satellite company. From a report: Globalstar shares shot up more than 40% at one point today. Shares in satellite companies Iridium and AST SpaceMobile also rose, more than 9% and 4%, respectively. One report tracks to TF International Securities analyst Ming-Chi Kuo, who, as MacRumors explained, discussed how the iPhone 13 lineup will feature hardware that is able to connect to low earth orbit (LEO) satellites, which could allow iPhone 13 users to make calls and send messages. The MacRumors report notes that the upcoming iPhone 13 supposedly features a customized Qualcomm X60 baseband chip that supports satellite communications; other smartphone brands reportedly are waiting until 2022 for the X65 baseband chip for turning on satellite communications functionality. While there are ample ways to support LEO connectivity in handsets, the bottom line is: The "simplest scenario" for providing LEO communications to users is if network operators work with Globalstar, according to the Kuo-based report. That raised some eyebrows, rightly so.

"T-Mobile CEO Mike Sievert published an open apology to customers Friday after hackers stole more than 50 million users' personal data, including their Social Security numbers and driver's license information," reports NBC News: "The last two weeks have been humbling for all of us at T-Mobile," he wrote. "To say we are disappointed and frustrated that this happened is an understatement."

The incident is the fourth known breach at T-Mobile since 2018, and by far the largest. The full count of how many customers had their data stolen is unclear, but the company said last week it had identified more than 53 million affected customers, most of them on subscription plans. It also included an unspecified number of "prospective" users who are not T-Mobile customers...

It is unclear why T-Mobile was storing customers' driver's license information and Social Security numbers without encrypting them in a way that would make it difficult or impossible for hackers to see them even if they stole them. Jackie Singh, a cybersecurity consultant, said it was irresponsible on the part of T-Mobile, especially for hard-to-change sensitive personal data like Social Security numbers.

"It is frankly bizarre to learn that in this day and age, a major telco continues to store critical customer data in plain text," she said. "Offering two years of credit monitoring services doesn't change the fact that harm was done to their customer base."
NBC says they spoke to the person identified as the perpetrator by the Wall Street Journal, who told them last week that he'd planned to sell the information on more than 100 million users for a hefty profit.

Meanwhile, T-Mobile's CEO now says they're alerting affected users and have set up a hub for victim services. Beneath the words "NOTICE OF DATA BREACH," it adds the tagline "Keeping you safe from cybersecurity threats. What you need to know and how we're protecting you."

It's long been known that Google pays Apple a hefty sum every year to ensure that it remains the default search engine on iPhone, iPad, and Mac. Now, a new report from analysts at Bernstein suggests that the payment from Google to Apple may reach $15 billion in 2021, up from $10 billion in 2020. 9to5Mac reports: In the investor note, seen by Ped30, Bernstein analysts are estimating that Google's payment to Apple will increase to $15 billion in 2021, and to between $18 billion and $20 billion in 2022. The data is based on "disclosures in Apple's public filings as well as a bottom-up analysis of Google's TAC (traffic acquisition costs) payments." Bernstein analyst Toni Sacconaghi says that Google is likely "paying to ensure Microsoft doesn't outbid it." The analysts outline two potential risks for the Google payment to Apple, including regulatory risk and Google simply deciding the deal is no longer worth it:

In an interview earlier this year, Apple's senior director of global privacy Jane Horvath offered reasoning for the deal, despite privacy concerns: "Right now, Google is the most popular search engine. We do support Google but we also have built-in support for DuckDuckGo, and we recently also rolled out support for Ecosia."

Passengers escaped an Alaska Airlines jet via emergency slides on Monday night after a malfunctioning smartphone filled the cabin with smoke. The Register reports: The pilot ordered the evacuation of flight 751 from New Orleans to Seattle after someone's cellphone started to spit out sparks and smoke just after landing. As the aircraft was still waiting on the tarmac at Seattle-Tacoma International Airport for a gate, the slides were deployed and all 129 passengers and six crew made it out. The errant mobile was also stuffed in a bag to curb its compact conflagration. Two people, we're told, were taken to hospital.

"The crew acted swiftly using fire extinguishers and a battery containment bag to stop the phone from smoking," a spokesperson for Alaska Airlines told The Register. "Crew members deployed the evacuation slides due to hazy conditions inside the cabin. Two guests were treated at a local area hospital." Airport officials, meanwhile, said "only minor scrapes and bruises were reported." It's unknown which device malfunctioned on this flight, but it makes us think back to the Galaxy Note 7 fiasco of 2016 that prompted Samsung to formally recall the smartphone after nearly 100 reports of them catching fire and spewing noxious black smoke. The Note 7 was also banned from aircraft in the United States under an emergency order.

If you plan on unlocking the bootloader to root your Galaxy Z Flip 3 or Galaxy Z Fold 3 -- Samsung's two newest foldabes announced earlier this month, you should know that the Korean OEM will disable the cameras. Technically, this has only been confirmed for the Galaxy Z Fold 3, but the Galaxy Z Flip 3 likely has similar restrictions. XDA Developers reports: According to XDA Senior Members [...], the final confirmation screen during the bootloader unlock process on the Galaxy Z Fold 3 mentions that the operation will cause the camera to be disabled. Upon booting up with an unlocked bootloader, the stock camera app indeed fails to operate, and all camera-related functions cease to function, meaning that you can't use facial recognition either. Anything that uses any of the cameras will time out after a while and give errors or just remain dark, including third-party camera apps.

It is not clear why Samsung chose the way on which Sony walked in the past, but the actual problem lies in the fact that many will probably overlook the warning and unlock the bootloader without knowing about this new restriction. Re-locking the bootloader does make the camera work again, which indicates that it's more of a software-level obstacle. With root access, it could be possible to detect and modify the responsible parameters sent by the bootloader to the OS to bypass this restriction. However, according to ianmacd, Magisk in its default state isn't enough to circumvent the barrier.

"According to addiction expert Dr Anna Lembke, our smartphones are making us dopamine junkies," reports the Guardian, "with each swipe, like and tweet feeding our habit..." As the chief of Stanford University's dual diagnosis addiction clinic (which caters to people with more than one disorder), Lembke has spent the past 25-plus years treating patients addicted to everything from heroin, gambling and sex to video games, Botox and ice baths... Her new book, Dopamine Nation, emphasises that we are now all addicts to a degree. She calls the smartphone the "modern-day hypodermic needle": we turn to it for quick hits, seeking attention, validation and distraction with each swipe, like and tweet. Since the turn of the millennium, behavioural (as opposed to substance) addictions have soared. Every spare second is an opportunity to be stimulated... "We're seeing a huge explosion in the numbers of people struggling with minor addictions," says Lembke.

That has consequences. Although we have endless founts of fun at our fingertips, "the data shows we're less and less happy," she says. Global depression rates have been climbing significantly in the past 30 years and, according to a World Happiness Report, people in high-income countries have become more unhappy over the past decade or so. We've forgotten how to be alone with our thoughts. We're forever "interrupting ourselves", as Lembke puts it, for a quick digital hit, meaning we rarely concentrate on taxing tasks for long or get into a creative flow. For many, the pandemic has exacerbated dependence on social media and other digital vices, as well as alcohol and drugs.

Addiction is a spectrum disorder: it's not as simple as being an addict or not being an addict. It's deemed worthy of clinical care when it "significantly interferes" with someone's life and ability to function, but when it comes to minor digital attachments, the effect is pernicious. "It gets into philosophical questions: how is the time I'm spending on my phone in subtle ways affecting my ability to be a good parent, spouse or friend?" says Lembke. "I do believe there is a cost — one that I don't think we fully recognise because it's hard to [see it] when you're in it...."

"It's very different from how life used to be, when we had to tolerate a lot more distress," says Lembke. "We're losing our capacity to delay gratification, solve problems and deal with frustration and pain in its many different forms."
The solution, according to the article, is dopamine fasts — "the longer, the better...to reset our brain's pathways and gain perspective on how our dependency affects us," eventually attaining the lost art of moderation.