Apple is preparing a series of major design and format changes to its lineup of iPhones and potentially other products, according to WSJ, a bid to revive growth after years of offering largely incremental upgrades. From the report: Starting next year, Apple plans to introduce an iPhone that will be thinner than the approximately 8-millimeter profile of current models, said people familiar with the company's plans. The model is intended to be cheaper than Pro models, with a simplified camera system to reduce costs.

The company is also planning two foldable devices, the people said. A larger device, intended to serve as a laptop, would have a screen that unfolds to be nearly as large as some desktop monitors, at about 19 inches. A smaller model would unfold to a display size that would be larger than an iPhone 16 Pro Max, intended to serve as a foldable iPhone, the people said.

Both foldable designs have been in development for years, but some key parts weren't ready. Major challenges included improving the hinge, a mechanism that allows the device to fold and unfold, and the display cover, a flexible material protecting the foldable screen. Current foldable phones on the market aren't thin, light or energy-efficient enough to meet Apple's standards, which is why Apple has been slower to enter this segment, said Jeff Pu, an analyst with Hong Kong-based brokerage Haitong International Securities.

"A man is accused of several felony charges after he allegedly posed as an Uber driver and then stole hundreds of thousands of dollars in cryptocurrency from customers in Scottsdale," reports Arizona news channel Fox 10.

"Prosecutors have called it an 'extremely sophisticated electronic fraud,'" reports Gizmodo, " and it's a strange approach to scamming that makes it sound unique in several ways." Nuruhussein Hussein, 40, allegedly picked up two unsuspecting people who were looking for Uber rides they'd ordered in Scottsdale — one in March and the other in October according to Fox 10 — by shouting their names on the street outside a hotel. It's not clear how Hussein may have known these people were looking for rides and court documents give no indication how he accomplished this or knew the victims would have crypto accounts, according to Fox 10, though a hotel does make sense as a target-rich environment for those looking to get picked up.

Once the victims were in the car, Hussein allegedly obtained the phones of the victims through some kind of pretense, including problems with his own phone and the need to look something up as well as a need to connect with the Uber app, according to NBC News. Hussein would then allegedly open up the victim's Coinbase account. "While manipulating the unsuspecting victim's phone the suspect transferred cryptocurrency from their digital wallet to his digital wallet," police reportedly explained in a statement.

"There are concerns human rights will be breached," reports the BBC, as Wales police forces launch a facial-recognition app that "will allow officers to use their phones to confirm someone's identity." The app, known as Operator Initiated Facial Recognition (OIFR), has already been tested by 70 officers across south Wales and will be used by South Wales Police and Gwent Police. Police said its use on unconscious or dead people would help officers to identify them promptly so their family can be reached with care and compassion. In cases where someone is wanted for a criminal offence, the forces said it would secure their quick arrest and detention. Police also said cases of mistaken identity would be easily resolved without the need to visit a police station or custody suite.

Police said photos taken using the app would not be retained, and those taken in private places such as houses, schools, medical facilities and places of worship would only be used in situations relating to a risk of significant harm.
Liberty, a civil liberties group, is urging new privacy protections from the government, according to the article, which also includes this quote from Jake Hurfurt, of the civil liberties/privacy group Big Brother Watch. "In Britain, none of us has to identify ourselves to police without very good reason but this unregulated surveillance tech threatens to take that fundamental right away."

America's telecom-regulating Federal Communications Commission "has opened up the entire 6 GHz frequency band to very low-power devices," reports the Register, "alongside other unlicensed applications such as Wi-Fi kits." The FCC said it has adopted extra rules to allow very low-power device operation across the entire 1,200 MHz of the 6 GHz band, from 5.925 to 7.125 GHz, within the US. The agency had already opened up 850 MHz of the band to small mobile devices a year ago, and has now decided to open up the remaining 350 MHz.

It hopes that this will give a shot in the arm to an ecosystem of short-range devices such as wearables, healthcare monitors, short-range mobile hotspots, and in-car devices that will be able to make use of this spectrum without the need of a license. These applications often call for low power transmission across short distances, but at very high connection speeds, the FCC says — otherwise, existing technologies like Bluetooth could suffice. "This 1,200 MHz means unlicensed bandwidth with a mix of high capacity and low latency that is absolutely prime for immersive, real-time applications," said Jessica Rosenworcel, the FCC's outgoing chair. "These are the airwaves where we can develop wearable technologies and expand access to augmented and virtual reality in ways that will provide new opportunities in education, healthcare, and entertainment."

Because these are such low-power devices, no restrictions have been placed on where they can be used, and they will not be required to operate under the control of an automatic frequency coordination system, as some Wi-Fi equipment must to avoid interference with existing services that use the 6 GHz spectrum. However, to minimize the risk of any potential interference, the devices will be required to implement a transmit power control mechanism and employ a contention-based protocol, requiring a device to listen to the channel before transmission. They are, however, prohibited from operating as part of any fixed outdoor infrastructure.

Epic Games has partnered with Telefonica to pre-install its mobile game storefront on millions of Android devices. Engadget reports: As such, those who buy a phone from a Telefonica network such as O2 or Movistar in Spain, the UK, Germany and Spanish-speaking Latin America will immediately have the app, which offers access to Fortnite, Fall Guys and Rocket League Sideswipe. Epic will bring third-party games to the storefront as well, while the partners plan to offer mobile gamers on Telefonica's networks extra perks over the next year or so. Telefonica has more than 392 million customers. As such, this deal could bring Fortnite and Fall Guys to an even bigger audience.

The head of America's FCC "has drafted plans to regulate the cybersecurity of telecommunications companies," reports the Washington Post, and the plans could include financial penalties phone network operators with insufficient security — "the first time the agency has asserted such powers under federal wiretapping law." Rosenworcel said the FCC's authority in this matter comes from Section 105 of the Communications Assistance for Law Enforcement Act [passed in 1994] — a single sentence that stipulates, without elaboration, that telecommunications carriers should ensure systems security "in accordance with regulations prescribed by the Commission." As one of the measures, she is seeking to require network providers to submit an annual certification to the FCC that they are implementing a cybersecurity risk management plan. In addition to imposing fines, the FCC could coordinate with other agencies to pursue criminal penalties against carriers deemed too careless on cybersecurity...

Biden administration officials said voluntary efforts to protect against aggressive Chinese hacking activity have fallen short. "We've had for the last decade voluntary public-private partnership efforts," Neuberger told The Post in a recent interview. "But we continue to see successful breaches, and in many cases, as with ransomware attacks, we continue to see pretty basic cybersecurity practices not being followed." With China's hackers becoming more brazen, pre-positioning themselves in U.S. critical networks, "we need to lock our digital doors," Neuberger said...

Cyber requirements can make a difference, she said. After the Colonial Pipeline ransomware attack in 2021 shut down one of the nation's largest energy pipelines for several days, creating a national security scare, the Transportation Security Administration issued several security directives, and today, all of the country's several dozen critical pipeline companies are in compliance, she said. Similar directives were subsequently issued for rail and aviation sectors, and the compliance rates in those industries are now at 68 and 57 percent respectively, she said.

China-linked spies may still be lurking in U.S. telecommunications networks — but the breach could be much, much wider. In fact, a "couple dozen" countries were hit by the attack, the Wall Street Journal reported this week, citing a top U.S. national security adviser. "Chinese government hackers have compromised telecommunications infrastructure across the globe as part of a massive espionage campaign..." Speaking during a press briefing Wednesday, Anne Neuberger, President Biden's deputy national security adviser for cyber and emerging technology, said the so-called Salt Typhoon campaign is ongoing and that at least eight telecommunications firms in the U.S. had been breached... The Journal previously identified Verizon, AT&T, T-Mobile and Lumen Technologies among the victims... [M]etadata grabs appeared to be "regional" in focus, and were likely a means to identify phone lines of valuable senior government officials, which the hackers then targeted to steal encrypted text messages and listen in on some phone calls, the official said... President-elect Donald Trump, Vice President-elect JD Vance, senior congressional staffers and an array of U.S. security officials were among scores of individuals to have their calls and texts directly targeted, an intelligence-collection coup that likely ensnared their private communications with thousands of Americans, the Journal has reported.

The senior administration official said the global tally of countries victimized was currently believed to be in the "low, couple dozen" but didn't give a precise figure. The global campaign of hacking activity dates back at least a year or two, the official said.
"Neuberger, on the press briefing, said that it wasn't believed that classified communications were accessed in the breaches."

"SpaceX has launched 20 of its Starlink satellites up into Earth's orbit, enabling direct-to-cellphone connectivity for subscribers anywhere on the planet," reports the tech blog New Atlas. That completes the constellation's first orbital shell, following a launch of an initial batch of six satellites for testing back in January. The satellites were launched with a Falcon 9 rocket from California's Vandenberg Space Force Base on December 5 at 10 PM EST; they were then deployed in low Earth orbit. SpaceX founder Elon Musk noted on X that the effort will "enable unmodified cellphones to have internet connectivity in remote areas." He added a caveat for the first orbital shell — "Bandwidth per beam is only ~10 Mb, but future constellations will be much more capable...."

The big deal with this new venture is that unlike previous attempts at providing satellite-to-phone service, you don't need a special handset or even a specific app to get access anywhere in the world. Starlink uses standard LTE/4G protocols that most phones are compatible with, partners with mobile operators like T-Mobile in the U.S. and Rogers in Canada, and has devised a system to make its service work seamlessly with your phone when it's connecting to satellites 340 miles (540 km) above the Earth's surface. The SpaceX division noted it's also worked out latency constraints, ideal altitudes and elevation angles for its satellites, along with several other parameters, to achieve reliable connectivity. Each satellite has an LTE modem on board, and these satellites plug into the massive constellation of 6,799 existing Starlink spacecraft, according to Space.com.

Connecting to that larger constellation happens via laser backhaul, where laser-based optical communication systems transmit data between satellites. This method leverages the advantages of lasers over traditional radio frequency communications, enabling data rates up to 100 times faster, increased bandwidth, and improved security.
The direct-to-cell program was approved last month, the article points out — but it's ready to ramp up. "You'll currently get only text service through the end of 2024; voice and data will become available sometime next year, as will support for IoT devices (such as smart home gadgets). The company hasn't said how much its service will cost. " (They also note there's already competing services from Lynk, "which has satellites in orbit and launched in the island nation of Palau back in 2023, and AST SpaceMobile, which also has commercial satellites in orbit and contracts with the U.S. government, Europe, and Japan.")

Elon Musk's announcement on X.com prompted this interesting exchange:

X.com User: You've stated that purchasing Starlink goes toward funding the journey to Mars, yes?

Elon Musk: Yes.

Primarily used by law enforcement, Graykey unlocks mobile devices to extract data from both Android and iOS systems, according to the blog AppleInsider, "though its effectiveness varies depending on the specific hardware and software involved." But while its capabilities are rarely disclosed, "a leak of some Grayshift's internal documents was recently reported on by 404 Media." According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1. These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports. Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.
Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

An anonymous reader quotes a report from The Verge: Huawei has announced its new Mate 70 series smartphone lineup, which will be the first offered with the company's new HarmonyOS Next operating system that doesn't rely on Google's Android services and won't run any Android apps, according to a report by Reuters. The four models of the Mate 70 also don't feature any US hardware following a half decade of US sanctions.

The Mate 70, Mate 70 Pro, Mate 70 Pro Plus, and Mate 70 RS will also be offered with Huawei's HarmonyOS 4.3, which first launched in August 2019 as an alternative to Google's Android OS and is still compatible with Android's extensive app library. Users who decide to opt for Huawei's new Android-free HarmonyOS Next will have less choice when it comes to the apps they can install. Huawei says it has "secured more than 15,000 applications for its HarmonyOS ecosystem, with plans to expand to 100,000 apps in the coming months," according to Reuters.

Starting next year, Huawei also says all the new phones and tablets it launches in 2025 will run HarmonyOS Next. [...] Huawei hasn't confirmed what processors are being used in the Mate 70 lineup, but the company has previously used chips made by China's SMIC for last year's Mate 60 series and other smartphones.

Indonesia rejected Apple's $100 million investment proposal to build an accessory and component plant, stating it was insufficient to lift the current ban on iPhone 16 sales in the country. Indonesia banned sales of Apple's iPhone 16 last month after it failed to meet requirements that smartphones sold domestically should comprise at least 40% locally-made parts. Reuters reports: "We have done an assessment and this (proposal) has not met principles of fairness," Industry Minister Agus Gumiwang Kartasasmita told a press conference, comparing the proposal to Apple's bigger investments in neighboring Vietnam and Thailand. Apple has no manufacturing facilities in Indonesia, but has since 2018 set up application-developer academies, which Jakarta considers a way for the company to meet local content requirement for the sale of older iPhone models. Agus said Apple had an outstanding investment commitment of $10 million it should have carried out before 2023. He also wanted Apple to commit to new investment until 2026.

"Steven Adair, of cybersecurity firm Veloxity, revealed at the Cyberwarcon security conference how Russian hackers were able to daisy-chain as many as three separate Wi-Fi networks in their efforts to attack victims," writes Longtime Slashdot reader smooth wombat. Wired reports: Adair says that Volexity first began investigating the breach of its DC customer's network in the first months of 2022, when the company saw signs of repeated intrusions into the customer's systems by hackers who had carefully covered their tracks. Volexity's analysts eventually traced the compromise to a hijacked user's account connecting to a Wi-Fi access point in a far end of the building, in a conference room with external-facing windows. Adair says he personally scoured the area looking for the source of that connection. "I went there to physically run down what it could be. We looked at smart TVs, looked for devices in closets. Is someone in the parking lot? Is it a printer?" he says. "We came up dry."

Only after the next intrusion, when Volexity managed to get more complete logs of the hackers' traffic, did its analysts solve the mystery: The company found that the hijacked machine which the hackers were using to dig around in its customer's systems was leaking the name of the domain on which it was hosted -- in fact, the name of another organization just across the road. "At that point, it was 100 percent clear where it was coming from," Adair says. "It's not a car in the street. It's the building next door." With the cooperation of that neighbor, Volexity investigated that second organization's network and found that a certain laptop was the source of the street-jumping Wi-Fi intrusion. The hackers had penetrated that device, which was plugged into a dock connected to the local network via Ethernet, and then switched on its Wi-Fi, allowing it to act as a radio-based relay into the target network. Volexity found that, to break into that target's Wi-Fi, the hackers had used credentials they'd somehow obtained online but had apparently been unable to exploit elsewhere, likely due to two-factor authentication.

Volexity eventually tracked the hackers on that second network to two possible points of intrusion. The hackers appeared to have compromised a VPN appliance owned by the other organization. But they had also broken into the organization's Wi-Fi from another network's devices in the same building, suggesting that the hackers may have daisy-chained as many as three networks via Wi-Fi to reach their final target. "Who knows how many devices or networks they compromised and were doing this on," says Adair. Volexity had presumed early on in its investigation that the hackers were Russian in origin due to their targeting of individual staffers at the customer organization focused on Ukraine. Then in April, fully two years after the original intrusion, Microsoft warned of a vulnerability in Windows' print spooler that had been used by Russia's APT28 hacker group -- Microsoft refers to the group as Forest Blizzard -- to gain administrative privileges on target machines. Remnants left behind on the very first computer Volexity had analyzed in the Wi-Fi-based breach of its customer exactly matched that technique. "It was an exact one-to-one match," Adair says.

Google is introducing "Restore Credentials," a feature that simplifies transferring app credentials when switching Android devices to keep you logged into your apps. The Verge reports: While some apps already did this, Google is making it easier for developers to include this experience by implementing a "restore key" that automatically transfers to the new phone and logs you back into the app. [...] Restore Credentials requires less work than the previous approach on Android, and can automatically check if a restore key is available and log you back in at the first app launch. A restore key is a public key that uses existing passkey infrastructure to move about your credentials.

Restore keys can also be backed up to the cloud, although developers can opt out. For that reason, transferring directly from device to device will still likely be more thorough than restoring from the cloud, as is the case with Apple devices today. Notably, Google says restore keys do not transfer if you delete an app and reinstall it.

An anonymous reader quotes a report from Ars Technica: Who up missing Musi?" a Reddit user posted in a community shocked by the free music streaming app's sudden removal from Apple's App Store in September. Apple kicked Musi out of the App Store after receiving several copyright complaints. Musi works by streaming music from YouTube -- seemingly avoiding paying to license songs -- and YouTube was unsurprisingly chief among those urging Apple to stop allowing the alleged infringement.

Musi was previously only available through the App Store. Once Musi was removed from the App Store, anyone who downloaded Musi could continue using the app uninterrupted. But if the app was ever off-loaded during an update or if the user got a new phone, there would be no way to regain access to their Musi app or their playlists. Some Musi fans only learned that Apple booted Musi after they updated their phones, and the app got offloaded with no option to re-download. Panicked, these users turned to the Musi subreddit for answers, where Musi's support staff has consistently responded with reassurances that Musi is working to bring the app back to the App Store. For many Musi users learning from others' mistakes, the Reddit discussions leave them with no choice but to refuse to update their phones or risk losing their favorite app. The app may remain unavailable for several months as the litigation unfolds. "After Apple gave in to the pressure, Musi sued (PDF) in October, hoping to quickly secure an injunction that would force Apple to reinstate Musi in the App Store until the copyright allegations were decided," reports Ars. "But a hearing on that motion isn't scheduled until January, making it appear unlikely that Musi will be available again to download until sometime next year."

Further reading: Google, Apple Drive 'Black Box' IP Policing with App Store Rules

Wi-Fi 8 (also known as IEEE 802.11bn Ultra High Reliability) is expected to arrive around 2028, prioritizing an enhanced user experience over speed by optimizing interactions between devices and access points. While it retains similar bandwidth specifications as the previous standard, Wi-Fi 8 aims to improve network efficiency, reducing interference and congestion for a more reliable and adaptive connection. PCWorld's Mark Hachman reports: As of Nov. 2024, MediaTek believes that Wi-Fi 8 will look virtually identical to Wi-Fi 7 in several key areas: The maximum physical layer (PHY) rate will be the same at 2,880Mbps x 8, or 23Gbits/s. It will also use the same four frequency bands (2, 4, 5, and 6GHz) and the same 4096 QAM modulation across a maximum channel bandwidth of 320MHz. (A Wi-Fi 8 router won't get 23Gbps of bandwidth, of course. According to MediaTek, the actual peak throughput in a "clean," or laboratory, environment is just 80 percent or so of the hypothetical peak throughput, and actual, real-world results can be far less.)

Still, put simply, Wi-Fi 8 should deliver the same wireless bandwidth as Wi-Fi 7, using the same channels and the same modulation. Every Wi-Fi standard has also been backwards-compatible with its predecessors, too. What Wi-Fi 8 will do, though, is change how your client device, such as a PC or a phone, interacts with multiple access points. Think of this as an evolution of how your laptop talks to your home's networking equipment. Over time, Wi-Fi has evolved from communications between one laptop and a router, across a single channel. Channel hopping routed different clients to different bands. When Wi-Fi 6 was developed, a dedicated 6GHz channel was added, sometimes as a dedicated "backhaul" between your home's access points. Now, mesh networks are more common, giving your laptop a variety of access points, channels, and frequencies to select between. For a detailed breakdown of the upcoming advancements coming to Wi-Fi 8, including Coordinated Spatial Reuse, Coordinated Beamforming, and Dynamic Sub-Channel Operation, read the full article.