"Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them," reports Bleeping Computer, "even when running the latest firmware." Slashdot reader joshuark shared their report: The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people... Researchers at IoT Inspector carried out the security tests in collaboration with CHIP magazine, focusing on models used mainly by small firms and home users. "For Chip's router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version," Florian Lukavsky, CTO & Founder at IoT Inspector, told BleepingComputer via email. "The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other security issues...."

While not all flaws carried the same risk, the team found some common problems that affected most of the tested models:

- Outdated Linux kernel in the firmware
- Outdated multimedia and VPN functions
- Over-reliance on older versions of BusyBox
- Use of weak default passwords like "admin"
- Presence of hardcoded credentials in plain text form....

All of the affected manufacturers responded to the researchers' findings and released firmware patches.
The researchers demonstrated one exploit they found on one of the routers that extracted the AES key used for the firmware encryption, letting malicious firmware image updates pass verification checks on the device — and thus potentially planting malware on the router.

jd (Slashdot reader #1,658) shares another perspective on the same study from Security Week: Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity.

Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays?
But wait — it gets even more interesting...

The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.")

But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built.

While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities!

In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening!

An anonymous reader quotes a report from Reuters: Israel said on Thursday it was halting the use of mobile phone tracing to curb the spread of the new coronavirus variant Omicron, a practice that had been challenged by privacy watchdogs. Prime Minister Naftali Bennett's government authorized the surveillance technology, which matches virus carriers' locations against other mobile phones nearby to determine their contacts, to be used for Omicron cases on Nov. 27. That authorization will not be renewed after it lapses at midnight between Thursday and Friday, Bennett's office said in a statement, citing "up-to-date situational assessments."

The technology, originally developed by Israel's Shin Bet security agency for counter-terrorism and counter-espionage, had "contributed over the last week to the effort to break the chain of infection", the statement said. Israel has confirmed at three cases of the new variant and at least 30 others are suspected of having contracted it, the Health Ministry said. Earlier on Thursday, Israel's Supreme Court rejected a petition by four rights groups seeking to repeal the measure. "Considering the uncertainty around the Omicron variant and its effects..., it has not been proven that the Shin Bet authorization poses a disproportionate infringement on the right to privacy which would justify its striking down," the ruling said.

Apple's iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, Reuters reported Friday, citing people familiar with the matter. From the report: The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said. The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.

Apple, suffering from a global supply crunch, is now confronting a different problem: slowing demand. From a report: The company has told its component suppliers that demand for the iPhone 13 lineup has weakened, people familiar with the matter said, signaling that some consumers have decided against trying to get the hard-to-find item. Already, Apple had cut its iPhone 13 production goal for this year by as many as 10 million units, down from a target of 90 million, because of a lack of parts, Bloomberg News reported. But the hope was to make up much of that shortfall next year -- when supply is expected to improve. The company is now informing its vendors that those orders may not materialize, according to the people, who asked not to be identified because the discussions are private.

At the Snapdragon Tech Summit 2021 yesterday, Qualcomm introduced their new always-on camera capabilities in the Snapdragon 8 Gen 1 processor, which is expected to arrive in high-end Android phones early next year. The company says this new feature will let users wake and unlock their phone without having to pick it up or have it instantly lock when it no longer sees their face. Even though Judd Heape, Qualcomm Technologies vice president of product management, said that the "always-on camera data never leaves the secure sensing hub while it's looking for faces," it raises a serious privacy concern that "far outweighs any potential convenience benefits," argues The Verge's Dan Seifert. From the report: Qualcomm is framing the always-on camera as similar to the always-on microphones that have been in our phones for years. Those are used to listen for voice commands like "Hey Siri" or "Hey Google" (or lol, "Hi Bixby") and then wake up the phone and provide a response, all without you having to touch or pick up the phone. But the key difference is that they are listening for specific wake words and are often limited with what they can do until you do actually pick up your phone and unlock it. It feels a bit different when it's a camera that's always scanning for your likeness.

It's true that smart home products already have features like this. Google's Nest Hub Max uses its camera to recognize your face when you walk up to it and greet you with personal information like your calendar. Home security cameras and video doorbells are constantly on, looking for activity or even specific faces. But those devices are in your home, not always carried with you everywhere you go, and generally don't have your most private information stored on them, like your phone does. They also frequently have features like physical shutters to block the camera or intelligent modes to disable recording when you're home and only resume it when you aren't. It's hard to imagine any phone manufacturer putting a physical shutter on the front of their slim and sleek flagship smartphone.

Lastly, there have been many reports of security breaches and social engineering hacks to enable smart home cameras when they aren't supposed to be on and then send that feed to remote servers, all without the knowledge of the homeowner. Modern smartphone operating systems now do a good job of telling you when an app is accessing your camera or microphone while you're using the device, but it's not clear how they'd be able to inform you of a rogue app tapping into the always-on camera. [...] But even if it's not found in every phone next year, the mere presence of the feature means that it will be used by someone at some point. It sets a precedent that is unsettling and uncomfortable; Qualcomm may be the first with this capability, but it won't be long before other companies add it in the race to keep up. Maybe we'll just start having to put tape on our smartphone cameras like we already do with laptop webcams.

An anonymous reader quotes a report from Motherboard: When a scammer wants to set up an account on Amazon, Discord, or a spread of other online services, sometimes a thing that stands in their way is SMS verification. The site will require them to enter a phone number to receive a text message which they'll then need to input back into the site. Sites often do this to prevent people from making fraudulent accounts in bulk. But fraudsters can turn to large scale, automated services to lease them phone numbers for less than a cent. One of those is 5SIM, a website that members of the video game cheating community mention as a way to fulfill the request for SMS verification.

Various YouTube videos uploaded by the company explain how people can use its service explicitly for getting through the SMS verification stage of various sites. The videos include instructions specifically on PayPal, Instagram, Facebook, Telegram, and dating site Plenty of Fish. Instagram told Motherboard it is concerned by sites that suggest people can use services to bypass Instagram's measures to then abuse the platform. Instagram said it uses SMS verification to prevent the creation of fake accounts and to make account recovery possible. "We have many measures in place to protect against scripted account creation and block millions of fake accounts at registration every day," an Instagram spokesperson said.

Some online services don't allow users to perform SMS verification with VoIP numbers, presumably in an effort to mitigate against fraud. 5SIM's numbers, however, are just like ordinary phone numbers, the site claims. When people buy 5SIM's services, they must only use it for receiving texts related to an online account. "Different SMS will [be] rejected," the website adds. 5SIM also offers an API to automate parts of the service. 5SIM's rules say that customers are "Forbidden to use the service for any illegal purposes as well as not to take actions that harm the service and (or) third parties." The website also includes a denylist of words that its service may block. In an email to Motherboard, 5SIM said: "5sim service is prohibited to use for illegal purposes. In cases, where fraudulent operations with registered accounts are detected, restrictions may be imposed on the 5sim account until the circumstances are clarified. 5sim is used by those who want to get a discount or bonus, webmasters, SMM specialists, owners of business for advertising and increasing business loyalty."

An anonymous reader quotes a report from Reuters: Rights groups petitioned Israel's top court on Monday to repeal new COVID-19 measures that authorize the country's domestic intelligence service to use counter-terrorism phone tracking technology to contain the spread of the Omicron virus variant. Announcing the emergency measures on Saturday, Prime Minister Naftali Bennett said the phone tracking would be used to locate carriers of the new and potentially more contagious variant in order to curb its transmission to others. Israeli rights groups say the emergency measures violate previous Supreme Court rulings over such surveillance, used on-and-off by the country's Shin Bet domestic intelligence agency since March, 2020.

A senior health ministry official said on Sunday that use of phone tracking would be "surgical" in nature, only to be utilized on confirmed or suspected carriers of the variant. The surveillance technology matches virus carriers' locations against other mobile phones nearby to determine with whom they have come into contact. Israel's Supreme Court this year limited the scope of its use after civil rights groups mounted challenges over privacy concerns. Further reading: Omicron Covid Variant Poses Very High Global Risk, Says WHO

An anonymous reader quotes a report from Ars Technica: Component shortages have been wreaking havoc on the tech industry since the onset of the COVID-19 pandemic, and smartphones are no outlier. Decelerated production schedules have given way to smaller stock and delayed launches. All of this has resulted in a decline in smartphone sales in Q3 of 2021 compared to Q3 2020, Gartner reported today. According to numbers the research firm shared today, sales to consumers dropped 6.8 percent. A deficit in parts like integrated circuits for power management and radio frequency has hurt smartphone production worldwide.

"Despite strong consumer demand, smartphone sales declined due to delayed product launches, longer delivery schedule, and insufficient inventory at the channel," Anshul Gupta, senior research director at Gartner, said in a statement accompanying the announcement. The analyst added that the production schedules of "basic and utility" phones were more affected by supply constraints than "premium" ones. As a result, premium smartphone sales actually increased during this time period, even though smartphone sales overall declined. Still, shoppers were left with limited options, Gartner noted. Samsung ended up winning the greatest market share (20.2 percent), thanks to its foldable smartphones. Apple's quarterly market share (14.2 percent) was aided by new features in its iPhones, namely the A15 processor and improvements to battery life and the camera sensor. Gartner also pointed to interest in 5G.

Because of a "surprising and sudden request" from America's Federal Aviation Administration that's "based on unverified potential radio interference, a highly anticipated increase in 5G speeds and availability just got put on hold," writes the president/chief analyst of market research/consulting firm TECHnalysis.

But in an opinion piece for USA Today, he asks if the concern is actually warranted? [A]s soon as you start to dig into the details, the concerns quickly seem less practical and more political. Most notably, the plan to launch 5G services on C-Band frequencies has been in the works for several years and really took on momentum after the three big U.S. carriers spent over $80 billion earlier this year to get access to these frequencies. In addition, a report that the FAA cited as part of their complaint has been out for well over a year, so why the last-minute concerns?

U.S. government agencies are, unfortunately, known to hold grudges against one another, sometimes without real clarity as to what's actually involved, as appears to be the case here... Some 40 countries around the world are already using most of the C-Band frequencies for 5G (part of the reason the U.S. has fallen behind on the 5G front), and none have reported any interference with radio altimeters on planes in their countries, the wireless trade association CTIA argues on its website 5GandAviation.com. In addition, new filtering technologies being built into a somewhat obscure part of smartphones called the RF (radio frequency) front end, such as Qualcomm's recently introduced ultraBAW filters, can reduce interference issues on next generation smartphones.

All told, there are numerous reasons why the FAA's concerns around 5G deployment look to be more of a red herring than a legitimate technical concern. While it is true that some older radio altimeters with poor filtering might have to be updated and/or replaced to completely prevent interference, it's not clear that the theoretical interference would even cause an issue.
The article complains that the delayed expansion of bandwidth "could also delay important (and significant) economic impacts," since every previous change in cellular service levels "has triggered billions of dollars of new business and thousands of new jobs by creating new opportunities that faster wireless networks bring with them and 5G is expected do the same...

"While airplane safety shouldn't be compromised in any way, an overabundance of unnecessary caution on this issue could have a much bigger negative impact on the U.S.'s technology advancements and economy than many realize."

iOS 15.2 has been released today, bringing a new feature called Communication Safety in Messages that is able to detect and automatically blur nude images that are sent or received by children. It's one of several Child Safety features Apple announced over the summer. As MacRumors notes, it's "not the same as the controversial anti-CSAM feature that Apple plans to implement in the future after revisions." From the report: Communication Safety is a Family Sharing feature that can be enabled by parents, and it is opt-in rather than activated by default. When turned on, the Messages app is able to detect nudity in images that are sent or received by children. If a child receives or attempts to send a photo with nudity, the image will be blurred and the child will be warned about the content, told it's okay not to view the photo, and offered resources to contact someone they trust for help. When Communication Safety was first announced, Apple said that parents of children under the age of 13 had the option to receive a notification if the child viewed a nude image in Messages, but after receiving feedback, Apple has removed this feature. Apple now says that no notifications are sent to parents.

Apple removed the notification option because it was suggested that parental notification could pose a risk for a child in a situation where there is parental violence or abuse. For all children, including those under the age of 13, Apple will instead offer guidance on getting help from a trusted adult in a situation where nude photos are involved. Checking for nudity in photos is done on-device, with Messages analyzing image attachments. The feature does not impact the end-to-end encryption of messages, and no indication of the detection of nudity leaves the device. Apple has no access to the Messages.

Apple says it will back off its plan to break Face ID on independently repaired iPhones. Ars Technica reports: The company's often contentious relationship with the repair community was tested again when "unauthorized" iPhone 13 screen replacements started resulting in broken Face ID systems. A new report from The Verge says that Apple "will release a software update that doesn't require you to transfer the microcontroller to keep Face ID working after a screen swap." Screen replacements are the most common smartphone repairs. Apple included a new microcontroller in the iPhone 13's display that pairs each screen with other components in the phone. As iFixit reported, if a third-party repair shop replaced the iPhone 13 display, Apple would disable the phone's Face ID system. [...] After a wave of bad press, it's "crisis averted" for the repair community. It would be nice if this was never an issue in the first place, though.

Slashdot reader FlatEric521 tipped us off to an interesting story (from the News Service of Florida): When police responded in 2018 to a call about a shattered window at a home in Orange County, they found a black Samsung smartphone near the broken window. A woman in the home identified the phone as belonging to an ex-boyfriend, Johnathan David Garcia, who was later charged with crimes including aggravated stalking.

But more than three years after the shattered window, the Florida Supreme Court is poised to hear arguments in the case and consider a decidedly 21st Century question: Should authorities be able to force Garcia to give them his passcode to the phone?

Attorney General Ashley Moody's office appealed to the Supreme Court last year after the 5th District Court of Appeal ruled that requiring Garcia to turn over the passcode would violate his constitutional right against being forced to provide self-incriminating information... The case has drawn briefs from civil-liberties and defense-attorney groups, who contend that Garcia's rights under the U.S. Constitution's 5th Amendment would be threatened if he is required to provide the passcode.

But Moody's office in a March brief warned of trouble for law enforcement if the Supreme Court sides with Garcia in an era when seemingly everybody has a cell phone. Police obtained a warrant to search Garcia's phone but could not do so without a passcode. "Modern encryption has shifted the balance between criminals and law enforcement in favor of crime by allowing criminals to hide evidence in areas the state physically cannot access," the brief said.

Peloton, the makers of an internet-connected exercise bike, saw their stock price drop 35% overnight on Thursday, reports CNBC. "At least four Wall Street investment firms downgraded the stock following Peloton's dismal fiscal first-quarter financial report... Peloton's stock has fallen 63% year to date."

The company had cut its annual revenue forecast — by $1 billion — and lowered its projections for both profit margins and paying subscribers. Bloomberg reports: At best, Peloton currently expects to have 3.45 million connected fitness subscriptions by the end of the fiscal year. It had previously called for 3.63 million. And gross profit margin will be 32%, compared with an earlier forecast of 34%. All that will add up to a loss of as much as $475 million, excluding some items....

On a more upbeat note, the company hinted that it plans to launch new products in the coming weeks and months. Peloton has been working on a rowing machine and a heart-rate monitor that attaches to a wearer's arm, Bloomberg News has reported.
The article suggests Peloton's business was hurt by the end of lockdowns, supply-chain constraints, and the cost of freight. But they also point out another factor. "Like several other companies, Peloton also blamed Apple Inc.'s ad-related privacy changes, which have made it more difficult to target shoppers based on their interests." Apple's new Ad Tracking Transparency feature (or "ATT") now first asks users to deny or allow apps to track their activity for the targeted advertising which had apparently been boosting Peloton's business.

And tlhIngan (Slashdot reader #30,335) tipped us off to a larger trend, since Gizmodo reports that Peloton "isn't the only company that has pointed accusingly at Apple lately." When reporting its third quarter earnings at the end of October, Facebook (now called Meta) — which depends on targeted ads for almost 98% of its revenue — said that ATT had decreased the accuracy of its ad targeting. The feature also increased "the cost of driving outcomes" for advertisers, Facebook COO Sheryl Sandberg explained, and made it harder to measure those outcomes. "Overall, if it wasn't for Apple's iOS 14 changes, we would have seen positive quarter-over-quarter revenue growth," Sandberg said.

On Sunday, the Financial Times reported that ATT had cost Snap, Facebook, Twitter, and YouTube an estimated $9.85 billion in lost revenue in the second half of this year. That's an 87% increase year over year.

An anonymous reader quotes a report from Motherboard: A tweak to the iPhone's repairability that has been long prophesied and feared has finally come to pass, giving staggering new urgency for legislation that makes repair more accessible: The iPhone 13's screen cannot be replaced without special software controlled by Apple. This is a devastating blow to independent repair shops, who make the vast majority of their money doing screen replacements, and, specifically, make the vast majority of their money doing iPhone screen replacements. According to iFixit, replacing the screen on an iPhone 13 disables Face ID functionality. That's because the screen itself is paired to a small microcontroller attached to the display. Replacing a cracked screen with a new screen will disable this pairing, thus breaking a core piece of functionality in the phone. An authorized Apple repair tech can pair a new screen to an iPhone with the click of a few buttons using proprietary Apple tech. Everyone else will have a much harder time. "It is still possible to change a screen on an iPhone 13," notes Motherboard. "The difference is that in order to do so now, this microcontroller needs to be removed from the broken screen and resoldered onto the new screen (after the existing microcontroller on that screen is removed). Doing this requires microsoldering, which requires the use of a microscope and a highly skilled technician."

In an email to Motherboard, iFixit CEO Kyle Wiens said: "This is a clear case of a manufacturer using their power to prevent competition and monopolize an industry. Society loses: small repair shops will wither and fade away and consumers will be left with no choice but to pay top dollar for repairs or replace their device."

According to Nikkei Asian Review, "Nintendo will only be able to produce about 24 million units of its popular Switch game console in the fiscal year through March, 20% below an original plan." From the report: Its production has been held up by shortages of semiconductors and other electronic parts amid strong demand for Switch, including for its latest version released on Oct. 8. Nintendo's trouble is a reminder of the far-reaching impact of the global supply crunch that has affected a wide range of industries from autos to electronics to machinery.

The Kyoto-based company originally planned on producing a record 30 million Switch units on the back of rising demand for computer games triggered by the COVID pandemic, which has forced people to spend more time at home. However, production bottlenecks quickly emerged around springtime for key components including microcomputers. The company concluded it would have to revise down production targets as it was not able to secure enough supplies. Nintendo's suppliers have already been notified about the production cuts.

Beginning next year, iPhone users who are in a car accident could have their phone dial 911 automatically. From a report: Apple plans next year to roll out a product feature called "crash detection" for iPhones and Apple Watches, according to documents reviewed by The Wall Street Journal and people familiar with the feature. Crash detection uses data from sensors built into Apple devices including the accelerometer to detect car accidents as they occur, for instance by measuring a sudden spike in gravity, or "g," forces on impact. The feature would mark the latest move by Apple and its competitors to use motion-sensor technology to build safety functions into their devices. Apple introduced a fall-detection feature in its smartwatch several years ago that senses when wearers have taken a hard fall and dials 911 if they don't respond to a notification asking if they are OK. The company this year added a feature to the newest version of its iPhone operating system that assesses the walking steadiness of users. The timing of the new feature could change, or Apple could choose not to release it, people familiar with the company's development process said.

Apple has been testing the crash-detection feature in the past year by collecting data shared anonymously from iPhone and Apple Watch users, the documents show. Apple products have already detected more than 10 million suspected vehicle impacts, of which more than 50,000 included a call to 911. Apple has been using the 911 call data to improve the accuracy of its crash-detection algorithm, since an emergency call associated with a suspected impact gives Apple more confidence that it is indeed a car crash, according to the documents. The documents don't specify how Apple users are sharing information with the company so it can test its new crash-detection algorithm.

"The third time my 1999 Honda Civic was stolen, I had a plan," writes Washington Post technology reporter Heather Kelly. Specifically, it was a tile tracker hidden in the car, "quietly transmitting its approximate location over Bluetooth." Later that day, I was across town hiding down the block from my own car as police detained the surprised driver. When the Tile app pinged me with a last known location, I showed up expecting the car to be abandoned. I quickly realized it was still in use, with one person looking through the trunk and another napping in the passenger seat, so I called the police...

In April of this year, one month after my car was stolen, Apple released the $29 AirTag, bringing an even more effective Bluetooth tracking technology to a much wider audience. Similar products from Samsung and smaller brands such as Chipolo are testing the limits of how far people will go to get back their stolen property and what they consider justice. "The technology has unintended consequences. It basically gives the owner the ability to become a mini surveillance operation," said Andrew Guthrie Ferguson, a law professor at the American University Washington College of Law...

Apple has been careful to never say AirTags can be used to recover stolen property. The marketing for the device is light and wholesome, focusing on situations like lost keys between sofa cushions. The official tagline is "Lose your knack for losing things" and there's no mention of crime, theft or stealing in any of the ads, webpages or support documents. But in reality, the company has built a network that is ideal for that exact use case. Every compatible iPhone, iPad and Mac is being silently put to work as a location device without their owners knowing when it happens. An AirTag uses Bluetooth to send out a ping with its encrypted location to the closest Apple devices, which pass that information on to the Apple cloud. That spot is visible on a map in the Find My app. The AirTag owner can also turn on Lost Mode to get a notification the next time it's detected, as well as leave contact information in case it's found. Apple calls this the Find My network, and it also works for lost or stolen Apple devices and a handful of third-party products. The proliferation of compatible Apple devices — there are nearly a billion in the network around the world — makes Find My incredibly effective, especially in cities. (Apple device owners are part of the Find My network by default, but can opt out in settings, and the location information is all encrypted...)

All the tracker companies recommend contacting law enforcement first, which may sound logical until you find yourself waiting hours in a parking lot for officers to address a relatively low-priority crime, or having to explain to them what Bluetooth trackers are.
The Times shares stories of two people who tried using AirTags to track down their stolen property. One Seattle man tracked down his stolen electric bike — and ended up pedalling away furiously on the (now out of power) bicycle as the suspected thief chased after him.

And an Ohio man waited for hours in an unfamiliar drugstore parking lot for a response from the police, eventually travelling with them to the suspect's house — where his stolen laptop was returned to the police officer by a man holding two babies in his arms.

Some parents have even hidden them in their childrens' backpacks, and pet owners have hidden them in their pet's collars, the Times reports — adding that the EFF's director of cybersecurity sees another possibility. "The problem is it's impossible to build a tool that is designed to track down stolen items without also building the perfect tool for stalking."

A Microsoft software engineer working on open-source technologies recently wrote that "you can find an open-source implementation for (almost) anything.

"But the mobile landscape is a notable exception." While there are some open-source success stories, Android being a massive one, only a handful of major companies rule hardware and software innovation for the devices we carry in our pockets. Together, Apple and Samsung hold over 50 percent of the world's market share for mobile devices, a figure that underscores just how few dominant players exist in the space. Numbers like these might leave you feeling somber about the overall viability of mobile open source. But a growing demand for better security and privacy, among other factors, may be turning the tides, and a host of inspectable, open-source solutions with transparent life cycle processes are emerging as promising alternatives....

Along with the open-source messaging app Telegram, Signal has garnered attention as a more privacy-focused alternative to apps like Facebook Messenger. The browser Chromium and the mobile game 2048 are other noteworthy examples, as well as proof that although open-source apps aren't the norm, they can be widely adopted and popular. For example, over 65 percent of mobile traffic flows through Chromium-based browsers...

Despite the many open-source technologies available to help build mobile apps, there's plenty of room to grow in the user-facing space — especially as more people recognize the value of having open-source and open-governance applications that can better safeguard their personal information. That growth isn't likely to extend to the hardware space, where the cost of building open-source implementations isn't as rewarding for developers or users — though we may start to see more devices that allow people to choose individual hardware modules from a variety of providers.
The article does cite the open source mobile hardware company Purism. And there's plenty of interesting open source software for mobile app developers, including frameworks like Apache Cordova (which lets developers use CSS3, HTML5, and JavaScript) and a whole ecosystem of open source libraries. But it all does raise the question...

Why aren't there more open source solutions for mobile devices?

Just a few days after releasing iOS 15.1 and iPadOS 15.1, Apple has seeded the first betas of iOS 15.2 and iPadOS 15.2 to developers for testing purposes, with the update adding promised iOS 15 features like App Privacy Report. MacRumors reports: App Privacy Report is one of the iOS 15 additions that Apple showed off at WWDC. It's a new privacy feature that's designed to allow users to see how often apps have accessed their sensitive info like location, photos, camera, microphone, and contacts across the last seven days. It's also set up to show which apps have contacted other domains and how recently they've contacted them so you can keep an eye on what apps are doing behind the scenes.

Auto Call, the feature that lets call emergency services with a series of button presses, has been updated in iOS 15.2. You can now press the side button rapidly multiple times to initiate, or hold down the side button and the volume button together. There's now a longer eight-second countdown before a call is placed, which is up from the prior three-second countdown. Other features and/or changes include a new card-style appearance to Notification Summary and the Communication Safety feature. "Communication Safety is built into the Messages app on iPhone, iPad, and Mac, and it will warn children and their parents when sexually explicit photos are received or sent from a child's device, with Apple using on-device machine learning to analyze image attachments," reports MacRumors.

An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone.

"We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links," Rosenworcel said. "It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm."

Today, Google has officially launched Android 12 for select Pixel devices. The Verge reports: It's available to install right now on Pixel 3 and up, including the Pixel 3A, Pixel 4, Pixel 4A, Pixel 4A 5G, the Pixel 5, and the Pixel 5A. It'll launch on the Pixel 6 and Pixel 6 Pro, as well. Android 12 will be coming later this year to Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices.

The most noticeable feature in Android 12 is the new Material You design, which lets you go a little deeper to tweak the look of the homescreen to your liking. It's more expressive than previous versions of Android, with tools to let you coordinate colors that can extend across app icons, pull-down menus, widgets, and more. Speaking of widgets, many of those have been updated to match the new look, and Google shared today that by the end of October, it plans to have over a dozen new or refreshed widgets available for its first-party apps. Google has published a blog post detailing more features available in this release, including the "Pixel-first" features like Material You.

For its 60th anniversary, Fisher-Price announced a special edition Chatter telephone that can make and receive real phone calls. Engadget reports: Before you start planning on where to display it at your home, know that it doesn't work as a landline unit. It connects to your iOS or Android phone via Bluetooth instead and has to be within 15 feet of your mobile device to work. You'll get nine hours of talk time on the Chatter phone on a single charge, and it comes with a speakerphone button. Other than the features that make it a working device, this Chatter for grown-ups looks just like its toy counterpart with its rotary dial, red handset and wheels. [...] You can get the fully functional Chatter for $60 exclusively from Best Buy's website, starting today until supplies last.

Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

Elon Musk touted SpaceX's plan to use Starlink for in-flight Wi-Fi, saying in a tweet on Thursday that the service could add "low latency ~half gigabit connectivity in the air!" CNBC reports: Starlink is the company's plan to build an interconnected internet network with thousands of satellites, known in the space industry as a constellation, designed to deliver high-speed internet to consumers anywhere on the planet. SpaceX has launched 1,740 Starlink satellites to date, and the network has more than 100,000 users in 14 countries who are participating in a public beta, with service priced at $99 a month.

Airlines work with satellite broadband providers for inflight Wi-Fi, with Viasat and Intelsat -- the latter of which purchased Gogo's commercial aviation business -- two such companies that add connectivity on flights by airlines including Delta, JetBlue, American Airlines and United. But, while existing services use satellites in distant orbits, Starlink satellites orbit closer to the Earth and could boost the speeds that passengers see inflight. SpaceX Vice President Jonathan Hofeller earlier this year said that the company is "in talks with several" airlines about adding Starlink in-flight Wi-Fi, noting that it has an "aviation product in development." Hofeller also emphasized that Starlink "provides a global mesh," so that "airlines are flying underneath that global mesh have connectivity anywhere they go."

Apple is likely to slash its projected iPhone 13 production targets for 2021 by as many as 10 million units as prolonged chip shortages hit its flagship product. Bloomberg reports: The company had expected to produce 90 million new iPhone models in the last three months of the year, but it's now telling manufacturing partners that the total will be lower because Broadcom and Texas Instruments are struggling to deliver enough components [...]. The technology giant is one of the world's largest chip buyers and sets the annual rhythm for the electronics supply chain. But even with strong buying power, Apple is grappling with the same supply disruptions that have wreaked havoc on industries around the world. Major chipmakers have warned that demand will continue to outpace supply throughout next year and potentially beyond. Apple gets display parts from Texas Instruments, while Broadcom is its longtime supplier of wireless components. One TI chip in short supply for the latest iPhones is related to powering the OLED display. Apple also is facing component shortages from other suppliers.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table.

It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

Ken Pillonel, a robotics engineer on YouTube, replaced an iPhone's Lightning port with a working USB-C port. AppleInsider reports: In a YouTube Short titled "World's First USB-C iPhone," Ken Pillonel claims to have installed the component into the iPhone X, replacing Lightning in the process. In the video, the iPhone is said to receive power via the connection, as well as being able to handle data transfers over a USB-C cable. In the description of the video, Pillonel says he reverse-engineered Apple's C94 connector, in order to make a PCB with a female USB-C port. After the schematics were set in place, it then became a challenge to shrink it down and install it into an iPhone.

Pillonel has spent a few months on his creation, with a blog post from May showing the thinking behind the replacement, and the challenges of replacing the Lightning port itself. A video at that time showed a DIY prototype that worked and laid out the work ahead to make it small enough to work within an iPhone enclosure. A late September update advised he had designed and ordered a flexible PCB, a key component in enabling the port switch to occur. He adds a future video is in production, explaining how the board was made and squeezed into the iPhone itself.

Google executive Hiroshi Lockheimer has called on Apple to adopt the Rich Communication Services (RCS) protocol that would enable improved and more secure messaging between iPhone and Android devices. From a report: RCS brings a number of modern features -- including support for audio messages, group chats, typing indicators and read receipts -- and end-to-end encryption to traditional text messaging. But it's unlikely Apple will play ball.

[...] Lockheimer, senior vice president for Android, has encouraged the company to change its mind. In response to a tweet about how group chats are incompatible between iPhone and Android devices, Lockheimer said, "group chats don't need to break this way. There exists a Really Clear Solution." "Here's an open invitation to the folks who can make this right: we are here to help." Lockheimer doesn't mention Apple specifically, but it's clear that the "folks" he is referring to are those in Cupertino, who have been against RCS.

An anonymous reader quotes a report from Motherboard: [O]rganizers and programmers with the Mycelium Mesh Project are [...] designing a decentralized, off-grid mesh network for text communications that could be deployed quickly during government-induced blackouts or natural disasters. Mesh networks, a form of intranet distributed across various nodes rather than a central internet provider, have the potential to decrease our collective reliance on telecommunication conglomerates like Spectrum and Verizon. During a civil unrest situation, government operatives could theoretically disconnect established commercial mesh networks by raiding activists' homes and destroying their nodes or super nodes. The Mycelium Mesh Project is addressing this potential weak link by developing a system that could be deployed at a moment's notice in non-locations, such as on abandoned buildings, tree tops, electric boxes and utility poles.

Nodes would be cheap, run independently of the power grid, and could be produced with materials that can be obtained locally. So far, the collective has successfully sent and received text messages across thirteen miles during field testing around Atlanta, Georgia with nodes powered by rechargeable batteries harvested from disposable vapes. [...] The Mycelium Mesh Project is still in its relatively early stages of development. Messages aren't encrypted -- a necessary feature for activists -- and the model isn't ready for long-range use. But developers are hopeful that their open-source model will promote cooperation amongst like-minded coders. "The network that we all use will work pretty much fine in 99.9% of the cases. But then when it doesn't, it's a real big problem," Marlon Kautz, an organizer and developer with the project, told Motherboard. "The authorities' control over our communications infrastructure can just completely determine what is politically possible in a situation where the future is really up for grabs, where people are making a move to change things in a serious and radical way."

"This is anti-capitalist work, which is non-commercial. We are not trying to start a business," Kautz explained. "We're explicitly trying to take advantage of open source type concepts. So not not only do we want the code that we're developing to be open source, but our entire production model will be."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.

Apple, Google, Sony, Zoom, PayPal and several other tech companies as well as scores of banks have cautioned customers and partners in India to expect a surge in declined transactions as the world's second-largest internet market's central bank enforces a new directive for the way recurring payments are processed in the country. From a report: The Reserve Bank of India's directive, which goes into effect on Friday, requires banks, financial institutions and payment gateways to obtain additional approval for auto-renewables transactions worth over 5,000 Indian rupees ($67) from users by conducting notifications, e-mandates and Additional Factors of Authentication (AFA). The directive impacts all such transactions for debit cards as well as credit cards. The Reserve Bank of India said in the original circular in 2019, that the framework was designed to serve as "a risk mitigant and customer facilitation measure," adding that the issuer processing such transactions "shall send a pre-transaction notification to the customer, at least 24 hours prior to the actual charge by SMS or email, as per the customer's preferences."

With the recent release of iOS 15, Apple appears to have made some changes to Siri functionality that have removed features relied on by low vision and blind iPhone users. MacRumors reports: Several Siri commands that provide details on phone calls, voicemails, and sending emails no longer appear to be working. The following commands used to be functional, but have recently been removed: Do I have any voicemails?, Play my voicemail messages, Check my call history, Check my recent calls, Who called me?, Send an email, and Send an email to [person]. Over the last two weeks, we've received several emails from iPhone users who are missing this key Siri functionality, or their relatives who are attempting to help them navigate the changes. The Siri feature removals have also been documented on the AppleVis forums for blind and low vision users of Apple products. Asking Siri to provide details on recent phone calls or voicemails results in the following response: "I can't help with that, but you can ask me to open the Phone app."

Asking about email garners a similar response about Siri being unable to help. It's worth noting that it's still possible to ask Siri to play the most recent voicemail message that's available, or a voicemail from a specific person, but Siri will not read out a list of all the available voicemails. The Siri commands seem to have disappeared when iOS 15 was released, but iOS 14 users are also not able to use them anymore so it's not an issue tied to iOS 15.

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. Threatpost reports: An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.'s National Cyber Security Centre (NCSC). But Visa, for its part, said that Apple Pay payments are secure and that any real-world attacks would be difficult to carry out.

The team explained that fraudulent tap-and-go payments at card readers can be made using any iPhone that has a Visa card set up in "Express Transit" mode. Express Transit allows commuters around the world, including those riding the New York City subway, the Chicago El and the London Underground, to tap their phones on a reader to pay their fares without unlocking their devices. "An attacker only needs a stolen, powered-on iPhone," according to a writeup (PDF) published this week. "The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge. The attacker needs no assistance from the merchant."

This attack is made possible by a combination of flaws in both Apple Pay and Visa's systems, the academic team noted. "The details of this vulnerability have been disclosed to Apple (Oct 2020) and to Visa (May 2021)," according to the writeup. "Both parties acknowledge the seriousness of the vulnerability, but have not come to an agreement on which party should implement a fix." "Variations of contactless-fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world," Visa said in a statement to the BBC, adding that its fraud-detection systems would flag any suspicious transactions. Apple meanwhile shifted the responsibility to Visa and told the outlet, "We take any threat to users' security very seriously. This is a concern with a Visa system, but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa's zero-liability policy." The researchers say users can protect themselves by not using Visa as a transport card in Apple Pay, and if they do, by remotely wiping the device if lost or stolen. The bug does not affect other types of payment cards or payment systems.

New submitter thegreatnick writes: The next generation of Fairphone -- an attempt to make an ethical smartphone -- has been announced with the Fairphone 4. The base specs include a Qualcomm Snapdragon 750G SoC, 6GB of RAM, and 128GB of storage (upgradeable to 8GB and 256GB). On the front, you'll get a 6.3-inch, 2340x1080 LCD display with slimmer bezels (compared to the Fairphone 3 design) and a teardrop notch for the 25-megapixel front camera. The 3,905mAh battery is Qualcomm Quick Charge 4.1 compatible, so if you have a compatible USB-C charger (not included in the box to reduce waste) you can take the battery from 0-50% in 30 minutes. The phone ships with Android 11 and has a side-mounted fingerprint reader in the power button, a MicroSD slot, and the option for dual-SIM usage via one physical nanoSIM and an eSIM.

Continuing Fairphone's progress in making a "fair" supply chain -- both ethically-clean raw materials and paying workers a fair wage -- it also describes the 4 as "e-waste neutral." This is a neat way of summing up the idea that the company will recycle one device for every Fairphone 4 it sells. In addition, Fairphone can boast that it now uses 70% "fair" materials inside the handset, including FairTrade Gold and Silver, aluminum from ASI-certified vendors, and a backplate made from 100% post-consumer recycled polycarbonate. In an upgrade to previous models, the Fairphone 4 has dual cameras, though it loses the headphone jack. The company says this was to achieve an IP54 waterproof rating (light splashes) -- a first for the Fairphone brand. It's also been announced that it will come with an industry-leading 5-year warranty and aims to get 6 years of software updates for the phone.

Eero and Ring -- two Amazon-owned companies -- have teamed up to produce a home security system that incorporates an Eero router inside. Engadget reports: Ring COO Mike Harris said that the decision to work with Eero was not one foisted down from upon high by Amazon. Instead, Harris said that both companies saw the opportunity to work together to help leverage their individual skills in tandem. To take advantage of the technology, you'll need to sign up to Ring's new subscription product, dubbed Protect Pro. The package offers cloud video storage, professional monitoring, Alexa Guard Plus, 24/7 backup internet for your security devices (via an LTE module in the Ring Pro base station) and Eero's cybersecurity subscription product for network protection. This, at least in the US as it launches, will set you back $20 a month, or $200 per year per location up front.

At the same time, Ring is launching a system dubbed "Virtual Security Guard," which connects users to third-party security guards. You'll need to pay for that separately, but you can hand over access to select Ring camera feeds to those companies who can keep a watch over your property. It is only when motion is detected that an operator can access your feed, and can speak to whoever is there to determine their intentions. Ring adds that third parties can't view motion events when the camera is disarmed, and can't download, share or save the clips of what's going on in your front yard. The first company to sign up for the program is Rapid Response, with others expected to join in the near future. The Virtual Security Guard service will require you to apply for early access, but the Ring Alarm Pro can be pre-ordered today for $250. (Since this isn't a Slashvertisement, we won't include a link to the product; you'll have to search for it yourself. Sorry not sorry.)

An anonymous reader shares a report from Daring Fireball, written by John Gruber: Chaim Gartenberg, writing for The Verge, "The Lightning Port Isn't About Convenience; It's About Control": "Notably absent from Apple's argument, though, is the fact that cutting out a Lightning port on an iPhone wouldn't just create more e-waste (if you buy Apple's logic) or inconvenience its customers. It also means that Apple would lose out on the revenue it makes from every Lightning cable and accessory that works with the iPhone, Apple-made or not -- along with the control it has over what kinds of hardware does (or doesn't) get to exist for the iPhone and which companies get to make them. Apple's MFi program means that if you want to plug anything into an iPhone, be it charger or adapter or accessory, you have to go through Apple. And Apple takes a cut of every one of those devices, too." Gartenberg summarizes a commonly-held theory here: that Apple is sticking with its proprietary Lightning port on iPhones because they profit from MFi peripherals. That it's a money grab.

I don't think this is the case at all. Apple is happy to keep the money it earns from MFi, of course. And they're glad to have control over all iPhone peripherals. But I don't think there's serious money in that. It's loose-change-under-the-couch-cushion revenue by Apple's astonishingly high standards. How many normal people do you know who ever buy anything that plugs into a Lightning port other than a USB cable? And Apple doesn't make more money selling their own (admittedly overpriced) Lightning cables to iPhone owners than they do selling their own (also overpriced) USB-C cables to iPad Pro and MacBook owners. My theory is that Apple carefully weighs the pros and cons for each port on each device it makes, and chooses the technologies for those ports that it thinks makes for the best product for the most people. "What makes sense for the goals of this product that we will ship in three years? And then the subsequent models for the years after that?" Those are the questions Apple product designers ask.

The sub-head on Gartenberg's piece is "The iPhone doesn't have USB-C for a reason". Putting that in the singular does not do justice to the complexity of such decisions. There are numerous reasons that the iPhones 13 still use Lightning -- and there are numerous reasons why switching to USB-C would make sense. The pro-USB-C crowd, to me, often comes across as ideological. I'm not accusing Gartenberg of this -- though it is his piece with the sub-head claiming there's "a" singular reason -- but many iPhones-should-definitely-use-USB-C proponents argue as though there are no good reasons for the iPhone to continue using Lightning. That's nonsense. To be clear, I'm neither pro-Lightning nor pro-USB-C. I see the trade-offs. If the iPhones 13 had switched to USB-C, I wouldn't have complained. But I didn't complain about them not switching, either. You'll note that in none of my reviews of iPad models that have switched from Lightning to USB-C in recent years have I complained about the switch. Apple, to my eyes, has been managing this well. But, if the iPhones 13 had switched to USB-C, you know who would have complained? Hundreds of millions of existing iPhone users who have no interest in replacing the Lightning cables and docks they already own. "In 15 generations of iPhones, Apple has changed the connector once. And that one time was a clear win in every single regard," adds Gruber. "Changing from Lightning to USB-C is not so clearly an upgrade at all. It's a sidestep."

Regardless of which side you take on this debate, it's inevitable that Apple iPhones will adopt USB-C. Last week, the executive arm of the European Union, the European Commission, announced plans to force smartphone and other electronics manufacturers to fit a common USB-C charging port on their devices. The rules are intended to cut down on electronic waste by allowing people to re-use existing chargers and cables when they buy new electronics. Unless Apple plans to skip out on the European market or pay a potentially steep fine for refusing to adopt the port, they'll likely give into the pressure and release a USB-C-equipped iPhone by the time this law goes into effect in late 2023 or 2024.

EFF.org has the story: For the last month, civil liberties and human rights organizations, researchers, and customers have demanded that Apple cancel its plan to install photo-scanning software onto devices. This software poses an enormous danger to privacy and security. Apple has heard the message, and announced that it would delay the system while consulting with various groups about its impact. But in order to trust Apple again, we need the company to commit to canceling this mass surveillance system.

The delay may well be a diversionary tactic. Every September, Apple holds one of its big product announcement events, where Apple executives detail the new devices and features coming out. Apple likely didn't want concerns about the phone-scanning features to steal the spotlight.

But we can't let Apple's disastrous phone-scanning idea fade into the background, only to be announced with minimal changes down the road. To make sure Apple is listening to our concerns, EFF turned to an old-school messaging system: aerial advertising.

During Apple's event, a plane circled the company's headquarters carrying an impossible-to-miss message: "Apple, don't scan our phones!" The evening before Apple's event, protestors also rallied nationwide in front of Apple stores. The company needs to hear us, and not just dismiss the serious problems with its scanning plan. A delay is not a cancellation, and the company has also been dismissive of some concerns, referring to them as "confusion" about the new features.

Apple's iMessage is one of the preeminent end-to-end encrypted chat clients. End-to-end encryption is what allows users to exchange messages without having them intercepted and read by repressive governments, corporations, and other bad actors. We don't support encryption for its own sake: we fight for it because encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world.

Now that Apple's September event is over, Apple must reach out to groups that have criticized it and seek a wider range of suggestions on how to deal with difficult problems, like protecting children online...

The world, thankfully, has moved towards encrypted communications over the last two decades, not away from them, and that's a good thing. If Apple wants to maintain its reputation as a pro-privacy company, it must continue to choose real end-to-end encryption over government demands to read user's communication.

Privacy matters now more than ever. It will continue to be a selling point and a distinguishing feature of some products and companies. For now, it's an open question whether Apple will continue to be one of them.

At Microsoft's Surface event today, the company announced its Surface Duo 2 dual-screen Android smartphone, featuring a trio of new cameras, a faster processor, larger displays, and support for 5G. The company also unveiled a successor to the Surface Book line of laptops, the Surface Laptop Studio, as well as the Surface Pro 8. From a report: The first-generation of the Duo made a splash thanks to its unique design. While the original Duo had no exterior screen at all, the Duo 2 now has a sliver of screen called the Glance Bar that peeks out from where its displays come together and provides you with the time and notifications when the Duo is closed. Microsoft has seemingly addressed a number of the original Duo's shortcomings with its Duo 2. One of the biggest issues with the first-generation version was its lack of any truly capable camera. [...] This time around, Microsoft has outfitted the Surface Duo 2 with a trio of external cameras. Like Apple's iPhone and Samsung's Galaxy line of smartphones, the Duo 2 gets a wide-angle camera, an ultra-wide angle camera, and a telephoto camera. There's also a dedicated night photography mode, 2x optical zoom with the telephoto lens, and the ability to record 4K video at 60 frames per second.

As for the occasionally sluggish performance, the Duo 2 should have that sorted out. This time around, Microsoft has dropped Qualcomm's latest Snapdragon 888 processor into the Duo 2, which means the phone should run as smoothly and quickly as any of the leading smartphones on the market. What's more, the Duo 2 gets 8GB of RAM and 128GB, 256GB, or 512GB of storage. On top of that, the Surface Duo 2 gets 5G connectivity, something that was conspicuously absent from the first-generation Duo.

The Duo 2 also gets two larger displays this time around. Rather than two 5.1-inch panels, the Duo 2 gets two 5.3-inch screens that open up to an 8.3-inch display that you can use to move your apps across or as a single canvas for more expansive apps. [...] The gist of the Surface Duo 2 is that two screens are better than one. To that end, Microsoft has combined two panels with a hinge to make an Android-powered device that lets you not only use both displays at the same time, but also seamlessly move apps and content between them. That capability will cost you a pricey $1,499 when the Duo 2 hits store shelves. It's available for pre-order today.

Lithuania's Defense Ministry recommended that consumers avoid buying Chinese mobile phones and advised people to throw away the ones they have now after a government report found the devices had built-in censorship capabilities. From a report: Flagship phones sold in Europe by China's smartphone giant Xiaomi have a built-in ability to detect and censor terms such as "Free Tibet", "Long live Taiwan independence" or "democracy movement", Lithuania's state-run cybersecurity body said on Tuesday. The capability in Xiaomi's Mi 10T 5G phone software had been turned off for the "European Union region", but can be turned on remotely at any time, the Defence Ministry's National Cyber Security Centre said in the report. "Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible," Defence Deputy Minister Margiris Abukevicius told reporters in introducing the report.

The European Commission will on Thursday present a legislative proposal for a common charger for mobile phones, tablets and headphones, a move likely to affect iPhone maker Apple more than its rivals, Reuters reported on Tuesday, citing a person familiar with the matter. From the report: The European Union executive and EU lawmakers have been pushing for a common charger for over a decade, saying it would be better for the environment and more convenient for users. The Commission wants the sale of chargers to be decoupled from devices, and also propose a harmonised charging port, the person said. Apple, whose iPhones are charged from its Lightning cable, has said rules forcing connectors to conform to one type could deter innovation, create a mountain of electronic waste and irk consumers.

On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes. From a report: In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year. "Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded with $5,000," the researcher wrote on Twitter last week. [...] Because of the unprofessional way Apple handled his bug report, the researcher published today a variation of the same bypass, but this time one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock. Further reading: Apple Pays Hackers Six Figures To Find Bugs in Its Software. Then It Sits On their Findings.

Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand.

A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15. Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.

A man who the Department of Justice says unlocked AT&T customers' phones for a fee was sentenced to 12 years in prison, in what the judge called "a terrible cybercrime over an extended period," which allegedly continued even after authorities were on to the scheme. The Verge reports: According to a news release from the DOJ, in 2012, Muhammad Fahd, a citizen of Pakistan and Grenada, contacted an AT&T employee via Facebook and offered the employee "significant sums of money" to help him secretly unlock AT&T phones, freeing the customers from any installment agreement payments and from AT&T's service. Fahd used the alias Frank Zhang, according to the DOJ, and persuaded the AT&T employee to recruit other employees at its call center in Bothell, Washington, to help with the elaborate scheme. Fahd instructed the AT&T employees to set up fake businesses and phony bank accounts to receive payments, and to create fictitious invoices for deposits into the fake accounts to create the appearance that money exchanged as part of the scheme was payment for legitimate services.

In 2013, however, AT&T put into place a new unlocking system which made it harder for Fahd's crew to unlock phones' unique IMEI numbers, so according to the DOJ he hired a developer to design malware that could be installed on AT&T's computer system. This allegedly allowed him to unlock more phones, and do so more efficiently. The AT&T employees working with Fahd helped him access information about its systems and other employees' credentials, allowing his developer to tailor the malware more precisely, the DOJ said. A forensic analysis by AT&T showed Fahd and his helpers fraudulently unlocked more than 1.9 million phones, costing the company more than $200 million. Fahd was arrested in Hong Kong in 2018 and extradited to the US in 2019. He pleaded guilty in September 2020 to conspiracy to commit wire fraud.

Apple introduced eSIM support on iPhone with iPhone XR and iPhone XS in 2018. However, while you can use a regular SIM and an eSIM simultaneously, there was no way to use two eSIMs simultaneously -- until now. iPhone 13 and iPhone 13 Pro feature dual eSIM support for the first time. From a report: The new capability was confirmed by Apple on the iPhone 13 specs webpage. There, Apple says that iPhone 13 models support Dual SIM using both regular SIM and eSIM and "Dual eSIM," as the company calls it. If you check the webpage of the iPhone 12 or previous generations, only combined Dual SIM support is mentioned. These are the SIM support specifications for iPhone 13 mini, iPhone 13, iPhone 13 Pro, and iPhone 13 Pro Max: Dual SIM (nanoâ'SIM and eSIM), and dual eSIM support. During the event, Apple also mentioned that iPhone 13 models have support for more 5G bands, which should enable the new faster network in more countries.

Apple has officially announced the high-end part of the iPhone 13 lineup: the iPhone 13 Pro and 13 Pro Max. It's got a faster A15 Bionic chip, three all-new cameras, and an improved display with up to a 120Hz ProMotion high refresh rate display that can go as bright as 1,000 nits. The iPhone 13 Pro will start at $999, while the iPhone 13 Pro Max will start at $1099. Both will be available to order on Friday, shipping on September 24th. From a report: The OLED screens on both models are the same sizes as last year at 6.1 and 6.7 inches but with slightly smaller notches that should allow for more space in the iOS status bar. Apple says the phones have an all-new three-camera system. The ultrawide should offer better low-light photography, and the telephoto now goes up to 3x zoom, enabling 6x optical zoom across the three cameras. All three cameras now have night mode, and there's a new macro mode for photographing subjects at just 2cm.

Long-time Slashdot reader fahrbot-bot quotes Engadget: Hold off on purchasing that iPhone mount for your motorbike.

In a new Apple Support post first seen by MacRumors, the tech giant has warned that high amplitude vibrations, "specifically those generated by high-power motorcycle engines" transmitted through handlebars, can damage its phones' cameras.

As the publication notes, that damage can be permanent. A simple Google search will surface posts over the past few years by users whose cameras were ruined after they mounted their iPhone on their bike, mostly so they can use it for navigation.
MacRumors summarizes another Apple recommendation: for slower vehicles like mopeds and scooters "at least use a vibration-dampening mount to minimize the chances of any damage."

Engadget's suggestion? "Just use another GPS device to make sure you don't ruin a device that costs hundreds to over a thousand dollars."

The Guardian tells the story of "a viral sensation in the global underworld," the high-security An0m phones, which launched with "a grassroots marketing campaign, identifying so-called influencers — 'well-known crime figures who wield significant power and influence over other criminal associates', according to a US indictment — within criminal subcultures." An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet.

Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone's calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled...

[U]sers could set an option to wipe the phone's data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker's voice. An0m was marketed and sold not so much to the security conscious as the security paranoid...

An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 — 19.37m of them — had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.

On 7 June 2021, more than 800 arrests were made around the world....
Law enforcement agencies ultimately saw An0m as a creative workaround for unbreakable encryption, according to the Guardian. "Why debate tech companies on privacy issues through costly legal battles if you can simply trick criminals into using your own monitored network?"

The Guradian's story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"

Apple's next event, during which it will likely unveil its next slate of devices, including the seventh-generation Apple Watch and a new iPhone, is happening Sept. 14 at 10 a.m. PT, the company confirmed Tuesday. The event, like all previous ones over the last year and a half, will be held entirely online amid continued concerns about the coronavirus pandemic. From a report: Apple's invite includes the phrase "California streaming." It features a neon outline of the Apple logo set atop a silhouette of a mountain range. The company's flashy event is its most important of the year, setting its product lineup for the holiday shopping season. Last year, Apple held three major product releases in the second half, separating out announcements for its latest Apple Watches, iPads, iPhones and Mac computers. The releases helped propel Apple's sales and profit to their highest levels, setting new revenue records for the company's iPhones, iPads and Mac computers. It's unclear just what products Apple will announce and if it will repeat last year's tactic of holding multiple events throughout the second half. The iPhone 13 is almost assuredly going to make an appearance. The rumored Apple Watch 7 could as well.

"A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores," reports the Record: In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection. ValdikSS, who set up a local 2G base station in order to intercept the phones' communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser...

All the remote servers that received this activity were located in China, ValdikSS said, where all the devices were also manufactured before being re-sold on Russian online stores as low-budget alternatives to more popular push-button phone offerings, such as those from Nokia.
But who's responsible, the article ultimately asks. The third party supplying the firmware? The parties shipping the phones? The vendors selling the phone without detecting its malware? Or the government agencies lacking a mechanism for collecting reports of malware...