We all see the headlines nearly every day. A drone disrupting the airspace in one of the world’s busiest airports, putting aircraft at risk (and inconveniencing hundreds of thousands of passengers) or attacks on critical infrastructure. Or a shooting in a place of worship, a school, a courthouse. Whether primitive (gunpowder) or cutting-edge (unmanned aerial vehicles) in the wrong hands, technology can empower bad actors and put our society at risk, creating a sense of helplessness and frustration.
Current approaches to protecting our public venues are not up to the task, and, frankly appear to meet Einstein’s definition of insanity: “doing the same thing over and over and expecting a different result.” It is time to look past traditional defense technologies and see if newer approaches can tilt the pendulum back in the defender’s favor. Artificial Intelligence (AI) can play a critical role here, helping to identify, classify and promulgate counteractions on potential threats faster than any security personnel.
Using technology to prevent violence, specifically by searching for concealed weapons has a long history. Alexander Graham Bell invented the first metal detector in 1881 in an unsuccessful attempt to locate the fatal slug as President James Garfield lay dying of an assassin’s bullet. The first commercial metal detectors were developed in the 1960s. Most of us are familiar with their use in airports, courthouses and other public venues to screen for guns, knives and bombs.
However, metal detectors are slow and full of false positives – they cannot distinguish between a Smith & Wesson and an iPhone. It is not enough to simply identify a piece …Read More
Ahead of the upcoming school year, Apple this morning announced it’s bringing contactless student IDs in Apple Wallet to several more U.S. universities. The expansion will allow more than 100,000 additional college students to carry their student ID on their iPhone or Apple Watch, where it can be used for a variety of tasks, including paying for their meals and snacks and entry into buildings, like the student’s dorm and other campus facilities.
The expanded list of universities includes: Clemson University, Georgetown University, University of Tennessee, University of Kentucky, University of San Francisco, University of Vermont, Arkansas State University, South Dakota State University, Norfolk State University, Louisburg College, University of North Alabama and Chowan University.
These join the previously supported schools: Duke University, University of Oklahoma, University of Alabama, Temple University, Johns Hopkins University, Marshall University and Mercer University.
The contactless IDs not only serve as a means of student identification, but also work as a payment mechanism for on-campus transactions — like meals at the cafeteria or textbooks and supplies at the college’s bookstore, for example. Contactless entry into buildings is also now common on college campuses, and these digital IDs can work to open doors, too, as an alternative to swiping an entry card.
Support for college student IDs is only one way that Apple is trying to replace the physical wallet. The company also supports the ability to add your debit and credit cards, transit and loyalty cards, tickets and even paper money through Apple Pay Cash. And now it’s launching its own credit card, too, which rewards you with cashback for shopping Apple and using Apple Pay.
“We’re happy to add to the growing …Read More
Most people don’t think twice about picking up a phone charging cable and plugging it in. But one hacker’s project wants to change that and raise awareness of the dangers of potentially malicious charging cables.
A hacker who goes by the online handle MG took an innocent-looking Apple USB Lightning cable and rigged it with a small Wi-Fi-enabled implant, which, when plugged into a computer, lets a nearby hacker run commands as if they were sitting in front of the screen.
Dubbed the O.MG cable, it looks and works almost indistinguishably from an iPhone charging cable. But all an attacker has to do is swap out the legitimate cable for the malicious cable and wait until a target plugs it into their computer. From a nearby device and within Wi-Fi range (or attached to a nearby Wi-Fi network), an attacker can wirelessly transmit malicious payloads on the computer, either from pre-set commands or an attacker’s own code.
Once plugged in, an attacker can remotely control the affected computer to send realistic-looking phishing pages to a victim’s screen, or remotely lock a computer screen to collect the user’s password when they log back in.
MG focused his first attempt on an Apple Lightning cable, but the implant can be used in almost any cable and against most target computers.
“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,” MG said. “Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.”
In his day job as a red teamer at Verizon Media (which owns TechCrunch), he develops innovative hacking methods and techniques to identify and fix security vulnerabilities before malicious attackers find them. Although a personal project, MG said …Read More
Apple is finally giving security researchers something they’ve wanted for years: a macOS bug bounty.
The technology giant said Thursday it will roll out the bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch, almost exactly three years after it debuted its bug bounty program for iOS.
The idea is simple: you find a vulnerability, you disclose it to Apple, they fix it — and in return you get a cash payout. These programs are wildly popular in the tech industry as it helps to fund security researchers in exchange for serious security flaws that could otherwise be used by malicious actors, and also helps fill the void of bug finders selling their vulnerabilities to exploit brokers, and on the black market, who might abuse the flaws to conduct surveillance.
But Apple had dragged its feet on rolling out a bug bounty to its range of computers. Some security researchers had flat-out refused to report security flaws to Apple in absence of a bug bounty.
At the Black Hat conference in Las Vegas, head of security engineering and architecture Ivan Krstić announced the program to run alongside its existing iOS bug bounty.
Patrick Wardle, a security expert and principle security researcher at Jamf, said the move was a “no brainer.”
Wardle has found several major security vulnerabilities and dropped zero-days — details of flaws published without allowing the companies a chance to fix — citing the lack of a macOS bug bounty. He has long criticized Apple for not having a bug bounty, accusing the company of leaving a void open for security researchers to sell their flaws to exploit brokers who often use the vulnerabilities for nefarious reasons.
“Granted, they hired many incredible talented researchers and security professionals — but still …Read More
Waterloo, Canada-based hardware startup North is a rare bird when it comes to the tech sector: It began life as an entirely different kind of hardware startup as Thalmic Labs in 2012, and launched a major pivot and re-brand in 2018.
The shift included a new name, and an entirely new product focus. It launched its Focals smart glasses last year, and earlier in 2019 sold the tech behind its original product a gesture control armband called Myo, to CTRL-labs.
This kind of system-shocking directional change can cause whiplash at even far less ambitious software startups, but when I spoke to co-founder and CEO Stephen Lake about the change and the company’s new focus, he spoke of the about-face more as a natural evolution long in the making than a late-stage shift.
“It goes way back when we started Thalmic in 2012,” Lake said. “Actually, we were working on our Myo product, which was an input for heads-up displays, VR headsets, etc. We realized back then, when we were pairing it up with the early versions of [Google] Glass and a whole variety of other displays and smart glasses, that the glasses were so far from being the consumer product that we actually wanted to wear and use. And we said, ‘We think directionally this is going to exist, we think there’s this future where we can bring technology with us into the world end up being less distracted, more present, but still get those benefits we get from computing today.’ Instead of the future of staring at screens, or being cut off in like Ready Player One world in the future, actually bringing technology and make it a seamless part of our world.”
Basically, Lake positions the problem as a kind of classic ‘cart before the horse’ dilemma: …Read More
It wasn’t “system updates” as it claimed. StockX was mopping up after a data breach, TechCrunch can confirm.
The fashion and sneaker trading platform pushed out a password reset email to its users on Thursday citing “system updates,” but left users confused and scrambling for answers. StockX told users that the email was legitimate and not a phishing email as some had suspected, but did not say what caused the alleged system update or why there was no prior warning.
A spokesperson eventually told TechCrunch that the company was “alerted to suspicious activity” on its site but declined to comment further.
But that wasn’t the whole truth.
An unnamed data breached seller contacted TechCrunch claiming more than 6.8 million records were stolen from the site in May by a hacker. The seller declined to say how they obtained the data.
In a dark web listing, the seller put the data for sale for $300. One person at the time of writing already bought the data.
The seller provided TechCrunch a sample of 1,000 records. We contacted customers and provided them information only they would know from their stolen records, such as their real name and username combination and shoe size. Every person who responded confirmed their data as accurate.
The stolen data contained names, email addresses, scrambled password (believed to be hashed with the MD5 algorithm and salted), and other profile information — such as shoe size and trading currency. The data also included the user’s device type, such as Android or iPhone, and the software version. Several other internal flags were found in each record, such as whether or not the user was banned or if European users had accepted the company’s GDPR message.
Under those GDPR rules, a company can be fined up to four percent …Read More
In February 2013, China surpassed the United States to become the world’s largest smartphone market. More than half a decade on, it still proves an elusive target for international sellers. A glance at reports from the past several quarters reveals the top spots dominated by homegrown names: Huawei, Vivo, Oppo, Xiaomi.
Combined, the big four made up roughly 84% of the nearly 100 million smartphones shipped last quarter, per new numbers from Canalys. Even international giants like Apple and Samsung have trouble cracking double-digit market share. Of the two, Apple has generally done better, with around 6% of the market — around six times Samsung’s share.
But Apple’s struggles have been very visible nonetheless, as the company has invested a good deal of its own future success into the China market. At the beginning of the year, the company took the rare action of lowering its guidance for Q1, citing China as the primary driver.
“While we anticipated some challenges in key emerging markets, we did not foresee the magnitude of the economic deceleration, particularly in Greater China,” Tim Cook said in a letter to shareholders at the time. “In fact, most of our revenue shortfall to our guidance, and over 100 percent of our year-over-year worldwide revenue decline, occurred in Greater China across iPhone, Mac and iPad.”
When it came time to report, things were disappointing, as expected. The company’s revenue in the area dropped nearly $5 billion, year over year. On the tail of two rough quarters, things picked up a bit for Apple in the country. This week, Tim Cook noted “great improvement” in Greater China.Read More
In response to concerns raised by a Guardian story last week over how recordings of Siri queries are used for quality control, Apple is suspending the program world wide. Apple says it will review the process that it uses, called grading, to determine whether Siri is hearing queries correctly, or being invoked by mistake.
In addition, it will be issuing a software update in the future that will let Siri users choose whether they participate in the grading process or not.
The Guardian story from Alex Hern quoted extensively from a contractor at a firm hired by Apple to perform part of a Siri quality control process it calls grading. This takes snippets of audio, which are not connected to names or IDs of individuals, and has contractors listen to them to judge whether Siri is accurately hearing them — and whether Siri may have been invoked by mistake.
“We are committed to delivering a great Siri experience while protecting user privacy,” Apple said in a statement to TechCrunch. “While we conduct a thorough review, we are suspending Siri grading globally. Additionally, as part of a future software update, users will have the ability to choose to participate in grading.”
The contractor claimed that the audio snippets could contain personal information, audio of people having sex and other details like finances that could be identifiable, regardless of the process Apple uses to anonymize the records.
They also questioned how clear it was to users that their raw audio snippets may be sent to contractors to evaluate in order to help make Siri work better. When this story broke, I dipped into Apple’s terms of service myself and, though there are mentions of quality control for Siri and data being shared, I found that it did fall short of explicitly and …Read More
As anticipated, Apple’s hardware numbers were a mixed bag during today’s fiscal Q3 earnings report. Apple continues to shift much of its resources to services and content, including a billion-dollar push into Apple TV+. But while iPhone number were down, things weren’t all bad on the device front.
Notably, wearables are up in a big way. The category hit $5.5 billion for the quarter, up from $3.7 billion, year-over-year. The boost came in no small part due to the arrival of new AirPods, featuring wireless charging functionality, in spite of the company DOAing its AirPower charging pad.
“The wearables category is doing extremely well.” said Tim Cook on today’s earnings call. “We stuck with it when others perhaps didn’t.”
Apple CFO Luca Maestri pointed out that the revenue of the wearables division alone would make for a Fortune 200 company.
“This was our biggest June quarter ever — driven by all-time record revenue from Services, accelerating growth from Wearables, strong performance from iPad and Mac and significant improvement in iPhone trends,” Tim Cook said in a press release tied to earnings. “These results are promising across all our geographic segments, and we’re confident about what’s ahead. The balance of calendar 2019 will be an exciting period, with major launches on all of our platforms, new services and several new products.”
The optimism around iPhone isn’t entirely universal at the moment. The quarter marked another year-over-year decline for iPhone revenues, from $29.5 billion in fiscal Q3 2018 to $25.9 billion in fiscal Q3 2019, with the category dipping below 50% of the company’s total …Read More
At a conference in New Delhi early last year, Netflix CEO Reed Hastings was confronted with a question that his company has been asked many times over the years. Would he consider lowering the subscription cost in India?
It’s a tactic that most Silicon Valley companies have adapted to in the country over the years. Uber rides aren’t as costly in India as they are elsewhere. Spotify and Apple Music cost less than $2 per month to users in the country. YouTube Premium as well as subscriptions to U.S. news outlets such as WSJ and New York Times are also priced significantly lower compared to the prices they charge in their home turf.
Hastings had also come prepared: He acknowledged that the entertainment viewing industry in India is very different from other parts of the world. To be sure, much of the pay-TV in India is supported by ads and the access fee remains too low ($5). But that was not going to change how Netflix likes to roll, he said.
“We want to be sensitive to great stories and to fund those great stories by investing in local content,” he said. “So yes, our strategy is to build up the local content — and of course we have got the global content — and try to uplevel the industry,” he said, identifying movie-goers who spend about Rs 500 ($7.25) or more on tickets each month as Netflix’s potential customers.
Less than a year and a half later, Netflix has had a change of heart. The company today rolled out a lower-priced subscription plan in India, a first for the company. The monthly plan, which restricts usage of the service …Read More