Businesses

Internal Documents Show Apple Knew the iPhone 6 Would Bend (vice.com) 46

In 2014, multiple users reported that their iPhone 6 and 6 Plus handsets were bending under pressure, such as when they were kept in a pocket. As a byproduct of this issue, the touchscreen's internal hardware was also susceptible to losing its connection to the phone's logic board. It turns out, Apple was aware that this could happen. Motherboard: Apple's internal tests found that the iPhone 6 and iPhone 6 Plus are significantly more likely to bend than the iPhone 5S, according to information made public in a recent court filing obtained by Motherboard. Publicly, Apple has never said that the phones have a bending problem, and maintains that position, despite these models commonly being plagued with "touch disease," a flaw that causes the touchscreen to work intermittently that the repair community say is a result of bending associated with normal use. The information is contained in internal Apple documents filed under seal in a class-action lawsuit that alleges Apple misled customers about touch disease. The documents remain under seal, but US District Court judge Lucy Koh made some of the information from them public in a recent opinion in the case. The company found that the iPhone 6 is 3.3 times more likely to bend than the iPhone 5s, and the iPhone 6 Plus is 7.2 times more likely to bend than the iPhone 5s, according to the documents. Koh wrote that "one of the major concerns Apple identified prior to launching the iPhones was that they were 'likely to bend more easily when compared to previous generations.'"
Encryption

FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public (techcrunch.com) 152

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls "Going Dark" -- the spread of encrypted software that can block investigators' access to digital data even with a court order. "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,'' the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

United States

Trump Ignores 'Inconvenient' Security Rules To Keep Tweeting On His iPhone, Says Report (politico.com) 522

According to Politico, "President Donald Trump uses a White House cellphone that isn't equipped with sophisticated security features designed to shield his communications." The decision is "a departure from the practice of his predecessors that potentially exposes him to hacking or surveillance." From the report: The president uses at least two iPhones, according to one of the officials. The phones -- one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites -- are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications. While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was "too inconvenient," the same administration official said. The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump's call-capable phones, which are essentially used as burner phones, are swapped out.
Bug

Comcast Website Bug Leaks Xfinity Customer Data (zdnet.com) 43

An anonymous reader quotes a report from ZDNet: A bug in Comcast's website used to activate Xfinity routers can return sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, can be tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password. Two security researchers, Karan Saini and Ryan Stevenson, discovered the bug. Only a customer account ID and that customer's house or apartment number is needed -- even though the web form asks for a full address.

ZDNet obtained permission from two Xfinity customers to check their information. We were able to obtain their full address and zip code -- which both customers confirmed. The site returned the Wi-Fi name and password -- in plaintext -- used to connect to the network for one of the customers who uses an Xfinity router. The other customer was using his own router -- and the site didn't return the Wi-Fi network name or password.

Cellphones

The Toughest (And Weakest) Phones Currently On the Market (tomsguide.com) 111

New submitter Daneel Olivaw R. shares a report from Tom's Guide: To measure each phone's toughness, [Tom's Guide] dropped it from both 4 and 6 feet onto wood and concrete. After each test, we recorded the damage to the phone. If a phone was rendered unusable -- the screen totally shattered, for instance -- then we stopped dropping it. [More details on the testing process can be found here.] Each drop was worth a maximum of 5 points; if a phone made it through all of the rounds unscathed, it would earn 35 points. The more severe the damage per drop was, the more points were deducted. If a phone was rendered unusable after a given drop, it would earn no points, and would not undergo any subsequent test. In total, there were seven tests. [...] If a phone died in the 6-foot edge drop, it was penalized an extra 10 percent. If it died in the 6-foot face drop, it was penalized 5 percent. And if it died when dropped into the toilet, it lost 2.5 percent. We then divided the total score by 3.5, to put it on a 10-point scale. Here are the scores of each device:

Motorola Moto Z2 Force - Toughness score: 8.5/10
LG X Venture - Toughness score: 6.6/10
Apple iPhone X - Toughness score: 6.2/10
LG V30 - Toughness score: 6/10
Samsung Galaxy S9 - Toughness score: 6/10
Motorola Moto G5 Plus - Toughness score: 5.1/10
Apple iPhone 8 - Toughness score: 4.9/10
Samsung Galaxy Note 8 - Toughness score: 4.3/10
OnePlus 5T - Toughness score: 4.3/10
Huawei Mate 10 Pro - Toughness score: 4.3/10
Google Pixel 2 XL - Toughness score: 4.3/10
iPhone SE - Toughness score: 3.9/10
Advertising

Should T-Mobile Stop Claiming It Has 'Best Unlimited Network'? (arstechnica.com) 54

An anonymous reader writes: Speed isn't everything, or is it? According to a report from Ars Technica, the National Advertising Division (NAD) says T-Mobile should stop claiming that is has "America's Best Unlimited Network" because it needs to prove it also has the widest geographic coverage and best reliability. T-Mobile is saying that speed outweighs all other factors.

"T-Mobile's claim is based on data from Ookla and OpenSignal, which offer speed-testing apps that let consumers test their wireless data speeds," reports Ars Technica. "Both Ookla and OpenSignal have issued reports saying that T-Mobile's speeds were higher than Verizon's, AT&T's, and Sprint's. The OpenSignal tests also gave T-Mobile an edge over rivals in latency and 4G signal availability." T-Mobile "did not provide evidence that its network is superior in providing talk and text mobile services or in providing high-speed data more reliably or to a greater coverage area," the industry group's announcement said.

Google

Google Sued For 'Clandestine Tracking' of 4.4 Million UK iPhone Users' Browsing Data (theguardian.com) 32

Google is being sued in the high court for as much as $4.3 billion for the alleged "clandestine tracking and collation" of personal information from 4.4 million iPhone users in the UK. From a report: The collective action is being led by former Which? director Richard Lloyd over claims Google bypassed the privacy settings of Apple's Safari browser on iPhones between August 2011 and February 2012 in order to divide people into categories for advertisers. At the opening of an expected two-day hearing in London on Monday, lawyers for Lloyd's campaign group Google You Owe Us told the court information collected by Google included race, physical and mental heath, political leanings, sexuality, social class, financial, shopping habits and location data.

Hugh Tomlinson QC, representing Lloyd, said information was then "aggregated" and users were put into groups such as "football lovers" or "current affairs enthusiasts" for the targeting of advertising. Tomlinson said the data was gathered through "clandestine tracking and collation" of browsing on the iPhone, known as the "Safari Workaround" -- an activity he said was exposed by a PhD researcher in 2012. Tomlinson said Google has already paid $39.5m to settle claims in the US relating to the practice. Google was fined $22.5m for the practice by the US Federal Trade Commission in 2012 and forced to pay $17m to 37 US states.

Privacy

'TeenSafe' Phone Monitoring App Leaked Thousands of User Passwords (zdnet.com) 44

An anonymous reader quotes a report from ZDNet: At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children. The mobile app, TeenSafe, bills itself as a "secure" monitoring app for iOS and Android, which lets parents view their child's text messages and location, monitor who they're calling and when, access their web browsing history, and find out which apps they have installed. But the Los Angeles, Calif.-based company left its servers, hosted on Amazon's cloud, unprotected and accessible by anyone without a password.

"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," said a TeenSafe spokesperson told ZDNet on Sunday. The database stores the parent's email address associated with their associated child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.

Android

The Verge Goes Hands-On With the 'Wildly Ambitious' RED Hydrogen One Smartphone (theverge.com) 53

It's been almost a year since RED, a company known for its high-end $10,000+ cameras, teased a smartphone called the RED Hydrogen One. Several months have passed since the phone was announced and we still don't know much about it, aside from it having a very industrial design and "Hydrogen holographic display." Earlier this week, AT&T and Verizon confirmed that they'll launch the device later this year. Now, The Verge's Dieter Bohn has shared his hands-on impressions with the device, which he claims to be "one of the most ambitious smartphones in years from a company not named Apple, Google, or Samsung." Here's an excerpt from the report: The company better known for high-end 4K cameras with names like "Weapon" and "Epic-w" isn't entering the smartphone game simply to sell you a better Android phone. No, this phone is meant to be one piece of a modular system of cameras and other media creation equipment -- the company claims it will be "the foundation of a future multi-dimensional media system." To that end, it has a big set of pogo-pins on the back to connect it to RED's other cameras also to allow users to attach (forthcoming) modules to it, including lens mounts. If it were just a modular smartphone, we'd be talking about whether we really expected the company to produce enough modules to support it.

RED is planning on starting with a module that is essentially a huge camera sensor -- the company is not ready to give exact details, but the plan is definitely more towards DSLR size than smartphone size. Then, according to CEO Jim Jannard, the company wants any traditional big camera lens to be attached to it. Answering a fan question, he joked that support for lenses will be "pretty limited," working "just" with Fuji, Canon, Nikon, Leica, and more. [...] The processor inside will be a slightly-out-of-date Qualcomm Snapdragon 835, but it seemed fast enough in the few demos I was able to try. Honestly, though, if you're looking to get this thing just as a phone, you're probably making your decision based on the wrong metrics. It's probably going to be a perfectly capable phone, but at this price (starting at $1,195) what you're buying into is the module ecosystem.

Software

Popular 'Gboard' Keyboard App Has Had a Broken Spell Checker For Months 54

The popular Gboard keyboard app for iOS and Android devices has a fundamental flaw. According Reddit user SurroundedByMachines, the red underline has stopped appearing for incorrectly spelled words since November of last year -- and it doesn't appear to be limited to any one device. Issues with the spell checker have been reported on multiple devices across Android and iOS. A simple Google search brings up several different threads where people have reported issues with the feature.

What's more is that nobody at Google seems to get the memo. The Reddit user who first brought this to our attention filed several bug reports, left a review, and joined the beta channel to leave feedback there, yet no response was given. "Many people have been having the issue, and it's even been escalated to the community manager," writes SurroundedByMachines. Since the app has over 500 million downloads on the Play Store alone, this issue could be frustrating a lot of users, especially those who use their phones to send work emails or write documents. Have you noticed Gboard's broken spell checker on your device? If so, you may want to look into another third-party keyboard, such as SwiftKey or Cheetah Keyboard.
Cellphones

Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years (nextgov.com) 112

Long-time Slashdot reader Zorro quotes Nextgov: The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.

Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.

A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"
Canada

People Hate Canada's New 'Amber Alert' System (www.cbc.ca) 324

The CBC reports: When the siren-like sounds from an Amber Alert rang out on cellular phones across Ontario on Monday, it sparked a bit of a backlash against Canada's new mobile emergency alert system. The Ontario Provincial Police had issued the alert for a missing eight-year-old boy in the Thunder Bay region. (The boy has since been found safe)... On social media, people startled by the alerts complained about the number of alerts they received and that they had received separate alerts in English and French... Meanwhile, others who were located far from the incident felt that receiving the alert was pointless. "I've received two Amber Alerts today for Thunder Bay, which is 15 hours away from Toronto by car," tweeted Molly Sauter. "Congrats, you have trained me to ignore Emergency Alerts...."

The CRTC ordered wireless providers to implement the system to distribute warnings of imminent safety threats such as tornadoes, floods, Amber Alerts or terrorist threats. Telecom companies had favoured an opt-out option or the ability to disable the alarm for some types of alerts. But this was rejected by the broadcasting and telecommunications regulator. Individuals concerned about receiving these alerts are left with a couple of options: they can turn off their phone -- it will not be forced on by the alert -- or mute their phone so they won't hear it.

Long-time Slashdot reader knorthern knight complains that the first two alerts-- one in English, followed by one in French -- were then followed by a third (bi-lingual) alert advising recipients to ignore the previous two alerts, since the missing child had been found.
United States

40 Cellphone-Tracking Devices Discovered Throughout Washington (nbcwashington.com) 62

The investigative news "I-Team" of a local TV station in Washington D.C. drove around with "a leading mobile security expert" -- and discovered dozens of StingRay devices mimicking cellphone towers to track phone and intercept calls in Maryland, Northern Virginia, and Washington, D.C. An anonymous reader quotes their report: The I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City... The I-Team's test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours. "I suppose if you spent more time you'd find even more," said D.C. Councilwoman Mary Cheh. "I have bad news for the public: Our privacy isn't what it once was..."

The good news is about half the devices the I-Team found were likely law enforcement investigating crimes or our government using the devices defensively to identify certain cellphone numbers as they approach important locations, said Aaron Turner, a leading mobile security expert... The I-Team got picked up [by StingRay devices] twice off of International Drive, right near the Chinese and Israeli embassies, then got another two hits along Massachusetts Avenue near Romania and Turkey... The phones appeared to remain connected to a fake tower the longest, right near the Russian Embassy.

StringRay devices are also being used in at least 25 states by police departments, according to the ACLU. The devices were authorized by the FCC back in 2011 for "federal, state, local public safety and law enforcement officials only" (and requiring coordination with the FBI).

But back in April the Associated Press reported that "For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages... More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware."
Software

In Virtual Reality, How Much Body Do You Need? (nytimes.com) 34

An anonymous reader quotes a report from The New York Times: Will it soon be possible to simulate the feeling of a spirit not attached to any particular physical form using virtual or augmented reality? If so, a good place to start would be to figure out the minimal amount of body we need to feel a sense of self, especially in digital environments where more and more people may find themselves for work or play. It might be as little as a pair of hands and feet, report Dr. Michiteru Kitazaki and a Ph.D. student, Ryota Kondo. In a paper published Tuesday in Scientific Reports, they showed that animating virtual hands and feet alone is enough to make people feel their sense of body drift toward an invisible avatar (Warning: source may be paywalled; alternative source). Their work fits into a corpus of research on illusory body ownership, which has challenged understandings of perception and contributed to therapies like treating pain for amputees who experience phantom limb.

Using an Oculus Rift virtual reality headset and a motion sensor, Dr. Kitazaki's team performed a series of experiments in which volunteers watched disembodied hands and feet move two meters in front of them in a virtual room. In one experiment, when the hands and feet mirrored the participants' own movements, people reported feeling as if the space between the appendages were their own bodies. In another experiment, the scientists induced illusory ownership of an invisible body, then blacked out the headset display, effectively blindfolding the subjects. The researchers then pulled them a random distance back and asked them to return to their original position, still virtually blindfolded. Consistently, the participants overshot their starting point, suggesting that their sense of body had drifted or "projected" forward, toward the transparent avatar.

Google

Google Is Making An AR Headset With New Qualcomm Chips (theverge.com) 11

Google is reportedly working on a standalone augmented reality headset that will use new Qualcomm chips. "It will be built by Taiwanese computer maker Quanta," reports The Verge. "The project is still in its early stages, according to documents obtained by WinFuture." From the report: The AR headset is supposed to be similar to Microsoft's HoloLens, a headset that came out in 2016 and is aimed at design, training, and industrial use. The Google AR headset that's in development will reportedly be self-contained and powered by a Qualcomm chip, rather than tethered to another device. It will also include cameras and microphones. The headset is currently going by the name "Google A65." There's no release date yet for the Google A65 as it's still in the prototype stage, according to WinFuture. The headset won't only operate like a HoloLens, but it will use the same chips. HoloLens is rumored to be getting an update this year, with a new ARM-powered design and an improved field of view. The Qualcomm chips that will reportedly be used in both the new HoloLens and the new Google headset are the Qualcomm QSC603 four-core chips, based on ARM architecture.

Slashdot Top Deals