Apple Car Is Making Some Serious Moves

Even with the Apple Car project seemingly back on track and set to deliver an EV with potentially full self-driving capabilities, the project team continued to lose key members to rival car companies, at least based on information that leaked over time. The most notable of these was Doug Field, a former Apple VP of Mac hardware who had been a key re-hire from Tesla and eventually became the fourth senior executive in six years to lead the Apple Car project, only to leave Apple once again. Field bailed out to head up Ford’s EV technology efforts. Seemingly hoping things might be able to run like clockwork, Apple tapped Kevin Lynch – who had been leading its Apple Watch software efforts — to take over the job, as reported by Bloomberg.

Lynch is clearly determined to stabilize the project, and it was made quite clear that Apple is still aiming to deliver a fully-fledged vehicle with the recent hire of Desi Ujkashevic, a 31-year veteran of Ford, which was also first reported by Bloomberg. Ujkashevic’s LinkedIn profile reveals she is a highly skilled engineer who has headed various Ford global engineering teams covering areas including interior design, chassis design, exterior design, and electrical design. Her arrival at Apple is the strongest sign in recent times that the company is steadfast in its desire to ensure the truckload of money it has undoubtedly sunk into the project will yield an EV that will (hopefully) go on sale to the public. 

Repost: Original Source and Author Link


Lapsus$ gang claims new hack with data from Apple Health partner

After a short “vacation,” the Lapsus$ hacking gang is back. In a post shared through the group’s Telegram channel on Wednesday, Lapsus$ claimed to have stolen 70GB of data from Globant — an international software development firm headquartered in Luxembourg, which boasts some of the world’s largest companies as clients.

Screenshots of the hacked data, originally posted by Lapsus$ and shared on Twitter by security researcher Dominic Alvieri, appeared to show folders bearing the names of a range of global businesses: among them were delivery and logistics company DHL, US cable network C-Span, and French bank BNP Paribas.

Also in the list were tech giants Facebook and Apple, with the latter referred to in a folder titled “apple-health-app.” The data appears to be development material for Globant’s BeHealthy app, described in a prior press release as software developed in partnership with Apple to track employee health behaviors using features of the Apple Watch. Apple did not a request for comment at time of publication.

Globant acknowledged the hack in a press release later the same day. “According to our current analysis, the information that was accessed was limited to certain source code and project-related documentation for a very limited number of clients,” the company said. “To date, we have not found any evidence that other areas of our infrastructure systems or those of our clients were affected.”

On Telegram, Lapsus$ shared a torrent link to the allegedly stolen data with a message announcing, “We are officially back from a vacation.”

If confirmed, the leak would show a swift return to activity after seven suspected members of Lapsus$ were arrested by British police less than a week ago.

The arrests, first reported on March 24th by BBC News, were carried out by City of London Police after a yearlong investigation into the alleged ringleader of the gang, who is believed to be a teenager living with his parents in Oxford. On the other side of the Atlantic, the FBI is also seeking information on Lapsus$ related to the breach of US companies.

The Lapsus$ gang has been remarkably prolific in the range and scale of companies it has breached, having previously extracted data from a number of well-known technology companies, including Nvidia, Samsung, Microsoft, and Vodafone.

Most recently, Lapsus$ was in the spotlight for a hack affecting the authentication platform Okta, which put thousands of businesses on high alert against subsequent breaches. The latter hack has been an embarrassment for a company that provides security services to other businesses and led to criticism of Okta for a slow disclosure.

Correction, 1:38PM ET: A previous version of this post overstated the connection between the breached data and Apple. The data labelled as “apple-health” was not data from Apple itself, but from an app developed in partnership with Apple. The Verge regrets the error.

Update 5:25 PM ET: Added statement from Globant.

Repost: Original Source and Author Link


Apple and Meta shared data with hackers pretending to be law enforcement officials

Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.

Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.

Fake emergency data requests are becoming increasingly common, as explained in a recent report from Krebs on Security. During an attack, hackers must first gain access to a police department’s email systems. The hackers can then forge an emergency data request that describes the potential danger of not having the requested data sent over right away, all while assuming the identity of a law enforcement official. According to Krebs, some hackers are selling access to government emails online, specifically with the purpose of targeting social platforms with fake emergency data requests.

As Krebs notes, the majority of bad actors carrying out these fake requests are actually teenagers — and according to Bloomberg, cybersecurity researchers believe the teen mastermind behind the Lapsus$ hacking group could be involved in conducting this type of scam. London police have since arrested seven teens in connection with the group.

But last year’s string of attacks may have been performed by the members of a cybercriminal group called Recursion Team. Although the group has disbanded, some of them have joined Lapsus$ with different names. Officials involved in the investigation told Bloomberg that hackers accessed the accounts of law enforcement agencies in multiple countries and targeted many companies over the course of several months starting in January 2021.

“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” Andy Stone, Meta’s policy and communications director, said in an emailed statement to The Verge. “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”

When asked for comment, Apple directed The Verge to its law enforcement guidelines, which state: “If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”

Meta and Apple aren’t the only known companies affected by fake emergency data requests. Bloomberg says hackers also contacted Snap with a forged request, but it’s not clear if the company followed through. Krebs on Security’s report also includes a confirmation from Discord that the platform gave away information in response to one of these fake requests.

“This tactic poses a significant threat across the tech industry,” Peter Day, Discord’s group manager for corporate communications said in an emailed statement to The Verge. “We are continuously investing in our Trust & Safety capabilities to address emerging issues like this one.”

Snap didn’t immediately respond to a request for comment from The Verge.

Update March 30th 9:24PM ET: Updated to include a statement from a Discord spokesperson.

Repost: Original Source and Author Link


Apple Business Essentials now available for small businesses

The Business Essentials subscription service that Apple announced and introduced in a limited beta late last year is now available for any small business. This is Apple’s vertical integration of device management and cloud storage under the Business Manager platform that companies already use to buy and manage their Apple hardware, which is designed for organizations with fewer than 500 employees. Now that it’s officially launched, it also includes an optional new business tier of AppleCare Plus hardware coverage with 24/7 support and the ability to call an Apple-trained tech onsite in as little as four hours.

The subscription ties traditional IT services into one portal with a rate starting at $2.99 per employee per month. Apple is opening its doors with a two-month free trial, which is available for companies that were already part of the beta test.

Businesses that could use this package, or a third-party setup like it, probably already have access to Apple’s Business Manager portal. It’s how businesses (and similarly, schools with Apple School Manager) can reserve and distribute managed Apple IDs, so employees can’t accidentally make a personal Apple ID account. It can also automatically procure devices purchased directly from Apple, acquire software licenses in the App Store, sync directories (Microsoft Azure), and more.

The biggest change for those tasked with IT management comes on the deployment and management side: small business customers can use Apple’s service to push pre-configured packages directly to employees’ devices with their Wi-Fi / VPN settings, mandated FileVault encryption, and apps. Then employees can view their setups, access support, or track repairs via the Business Essentials app. Previously, getting deployment and management features on Apple devices required another service and the expertise to use it. The biggest thing this setup can’t do, though, is work with mobile or desktop devices that aren’t made by Apple.

Max out the subscription to $24.99 per month for one employee.

For small businesses that are looking for a simplified and linear approach to Mac management, or who don’t have the capacity in IT personnel, Apple’s new solution might be compelling. The starting price of $2.99 per month, per employee, covers one device and 50GB of iCloud storage, then jumps to $6.99 for 200GB and $12.99 for 2TB.

AppleCare Plus for Business Essentials is an additional $7 per month for the single device tier (covers one repair or replacement) or an additional $13 per month for the three devices and 200GB iCloud tier (covers two repairs or replacements). At the maximum, a single employee can cost $24.99 per month with three devices, 2TB iCloud storage, and AppleCare Plus for Business Essentials (a cost savings of $1 a month on the AppleCare).

IT managers can enroll in the new service by navigating to the company’s existing Apple Business Manager site and clicking on the newly added “Subscription” menu on the sidebar. Once enrolled, new sidebar menu options including Service & Support and Collections will appear. Other features include the ability to have employees set up business accounts on their own computers or phones, without the worry of risking business or private data — Apple’s solution allows for personal data to be “cryptographically separated” from work data.

Apple’s new service presents an alternative to established solutions like Jamf, which is used by thousands of businesses and universities, works with Apple’s Business / School Manager platforms, and has much more comprehensive features including security software solutions. But for small businesses that just need to just easily enroll newly purchased Apple hardware, provide basic onboarding support, and only need to distribute software from Apple’s App store repository, Apple’s Business Essentials certainly might cover — well — the essentials.

Repost: Original Source and Author Link


BMW shipping cars sans advertised Apple and Google features

The global chip shortage continues to cause problems for automakers to the point where some are shipping vehicles without all of their advertised features.

BMW, for example, is shipping some of its new cars without support for Apple CarPlay and Android Auto, according to a recent report by Automotive News.

In an email to affected customers, the German auto giant confirmed that some vehicles built between January and April of this year contain chips that require updated software in order to be able to offer Apple CarPlay and Android Auto. The necessary update will be rolled out “by the end of June at the latest,” the automaker said.

The issue is reportedly the result of BMW changing chip supplier in a bid to deal with the shortage in the most efficient way possible. In other words, changing supplier prevented it from halting shipments while it waited for the chips to come in. Instead, it’s been able to add the new supplier’s chips and then ship the cars, the only challenge being that it needs to roll out updated software to activate certain features.

It’s not clear how many customers and vehicle models are impacted by BMW’s decision to ship vehicles without CarPlay and Android Auto, but Automotive News’ own research suggests the situation involves the automaker’s American, British, French, Italian, and Spanish markets.

While the issue may be an unwelcome annoyance for customers, it shouldn’t prove to be too much trouble provided BMW delivers on its promise to resolve the problem by the end of next month. It’s certainly better than the automaker holding on to the vehicle until the functionality can be added.

Digital Trends has reached out to BMW for more information on the situation and we will update this article when we hear back.

BMW’s decision to ship vehicles without all of the advertised features is similar to moves made by other car companies in recent months. Ford, for example, also cited the global chip shortage for its decision to ship some of its Explorer SUVs without particular features, though it promised to add them when the chips become available.

In Ford’s case, it meant shipping some of its Explorers without functionality for rear seat controls that operate heating, ventilation, and air conditioning, though they are controllable from the driver’s seat.

Caused by pandemic-related supply chain problems and other factors, the chip shortage isn’t expected to end anytime soon, with Intel’s chief saying last month that it could take several more years for his company to get on top of the situation.

Editors’ Choice

Repost: Original Source and Author Link


Researchers find new vulnerability with Apple Silicon chips

Researchers have released details of an Apple Silicon vulnerability dubbed “Augury.” However, it doesn’t seem to be a huge issue at the moment.

Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).

In short, a DMP looks at memory to determine what content to “prefetch” for the CPU. The researchers found that Apple’s M1, M1 Max, and A14 chips used an “array of pointers” pattern that loops through an array and dereferences the contents.

This could possibly leak data that’s not read because it gets dereferenced by the prefetcher. Apple’s implementation is different from a traditional prefetcher as explained by the paper.

“Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.”

Because the CPU cores never read the data, defenses that try to track access to the data don’t work against the Augery vulnerability.

David Kohlbrenner, assistant professor at the University of Washington, downplayed the impact of Augery, noting that Apple’s DMP “is about the weakest DMP an attacker can get.”

The good news here is that this is about the weakest DMP an attacker can get. It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR.

We believe there are better attacks possible.

— David Kohlbrenner (@dkohlbre) April 29, 2022

For now, researchers say that only the pointers can be accessed and even then via the research sandbox environment used to research the vulnerability. Apple was also notified about the vulnerability before the public disclosure, so a patch is likely incoming soon.

Apple issued a March 2022 patch for MacOS Monterey that fixed some nasty Bluetooth and display bugs. It also patched two vulnerabilities that allowed an application to execute code with kernel-level privileges.

Other critical fixes to Apple’s desktop operating system include one that patched a vulnerability that exposed browsing data in the Safari browser.

Finding bugs in Apple’s hardware can sometimes net a pretty profit. A Ph.D. student from Georgia Tech found a major vulnerability that allowed unauthorized access to the webcam. Apple handsomely rewarded him about $100,000 for his efforts.

Editors’ Choice

Repost: Original Source and Author Link


This Is What the Self-Driving Apple Car May Look Like

Thanks to several 3D concept renders, we now know what the future self-driving Apple Car might look like.

Vanarama, a British car-leasing company, took inspiration from other Apple products, as well as Apple patents, in order to accurately picture the rumored Apple car.

Image source: MacRumors

Although Apple has revealed very little about the self-driving car it is allegedly working on, Vanarama claims to have based the renders on patents filed by Apple itself. The design of the car takes after current Apple products, such as iPhones and MacBooks, and incorporates their current style into the coupe SUV model pictured above. Aside from the images, Vanarama has shared a fully interactive 3D concept render that lets the user explore both the exterior and the interior of the car.

The design places a lot of emphasis on the comfort of use and is much different from the cars we see every day, although it’s not too different from Elon Musk’s Tesla. It especially resembles the Tesla Cybertruck, but with a sleeker design without the sharp edges of the Tesla. The interior of the car includes several parts inspired by Apple products, such as the door handles that resemble iPhone buttons.

Vanarama’s render showcases a pillarless design that makes the car easier to get in and out of when both sets of doors are open. The seats are fully rotatable, which allows for the front seats to be turned to face the back seat. The inclusion of coach doors comes from another Apple patent. The car offers ample space for passenger movement when boarding and for loading larger items into the vehicle.

The interior of the rumored Apple Car.
Image source: MacRumors

Apple had also filed a patent for an intelligent automated assistant for the car, and thus, Vanarama included Siri. The assistant is built into the steering column alongside the customizable dashboard and navigation screen.

The renders were first shared by MacRumors. Such a spacious design that promotes freedom and comfort is definitely plausible for the Apple car, as the company seems to have settled on the self-driving technology and might even remove both the steering wheel and the pedals.

The car would rely on hands-off driving and would likely include an iPad for the users to interact with. However, Apple is reportedly still considering adding a steering wheel that would allow the passengers to take over the car in the case of emergencies.

It’s hard to tell whether Vanarama’s design is close to what Apple is planning, but it’s certainly inspired by real Apple patents. According to Bloomberg, Apple may be considering a design that resembles the Lifestyle Vehicle from Canoo, where passengers sit along the sides of the car, facing each other.

Although an exciting prospect, the Apple Car is still a long way from being confirmed or released. The current goal is for the car to be launched sometime in 2025, but at this point in development, delays are very possible.

Editors’ Choice

Repost: Original Source and Author Link


The 15 Best Apple Arcade Games of 2021

Apple Arcade, arguably the best thing to ever happen to mobile gaming, offers a huge library of ad-free, high-quality games for the iPod touch, iPhone, iPad, Mac, and Apple TV. This past year brought dozens of new games to the platform, including remastered versions of classic mobile titles and entirely new hits with excellent graphics.


Quick Apple Arcade Primer

Not familiar with Apple Arcade? The service is a subscription-based platform that gives Apple device owners access to a growing library of mobile games. The titles offered to subscribers are ad-free and can be accessed across Apple’s device ecosystem, including on Apple TV devices.

Customers have two different Apple Arcade plan options: the standalone game platform for $4.99/month or Apple One, a bundle with half a dozen Apple services like TV+ and Music, for $14.95/month. Once you sign up, you’ll have access to more than 200 games, including the 15 exciting titles below.


Oddmar is an action-adventure platformer game that revolves around a Viking warrior named Oddmar. The title revolves around Norse and Viking mythology, magic included, offering 24 total levels packed with magical weapons, enemies, bosses, puzzles, and other challenges.

Players are tasked with taking Oddmar through a variety of landscapes, including everything from the top of snowy mountains to the mines under the fantasy world. Complete the quest and you’ll distinguish yourself as a formidable warrior, earning a place in Valhalla.

The game was released for Apple Arcade with the title Oddmar+ on December 3, 2021.

LEGO Star Wars: Castaways

LEGO Star Wars: Castaways is the latest installment in the LEGO Star Wars universe, one created specifically for the Apple Arcade platform. This title offers a social action-adventure experience set on an abandoned secret planet filled with technology from an ancient civilization. Players can create their own characters, explore an island, participate in battle arenas, relive “key Star Wars moments” in the LEGO versions of iconic locations, and more.

The game, which is rated as suitable for players ages 9 and older, was released on Apple Arcade on November 19, 2021.

NBA 2K22 Arcade Edition

2K brought an exclusive version of 2K22 to the Apple Arcade platform in October, giving basketball fans another way to enjoy the game on their iPad or other Apple device. The game allows players to put in the work for All-Star status or, with “The Association,” climb the ladder to become a Head Coach or GM for an NBA franchise. Top NBA athletes are included in Arcade Edition, including Jayson Tatum and Damian Lillard, among others.

2K22 Arcade Edition is suitable for players ages 4 and older; it includes multiplayer support for two people, as well as controllers.

Crossy Road

Crossy Road+ is the Apple Arcade version of the popular Frogger-like title already available on mobile devices and other platforms like Fire TV. The game, which is rated for ages 9 and older, presents a blocky world full of cars and other obstacles players must avoid while getting to the other side of the road(s). In addition to controller support, Crossy Road is great for devices with limited storage at only 273MB.

Thumper: Pocket Edition

Thumper: Pocket Edition brings a colorful space beetle to Apple Arcade, tasking players with navigating nine colorful, intense levels packed full of psychedelic visuals and boss battles. The game is unique, ridiculously fun, and suitable for players ages 9 and older. Even better, Thumper: Pocket Edition includes 120fps gameplay on devices that support it. Keep in mind that for the best experience, developer Drool says players should use wired, not wireless, headphones during gameplay.

LEGO Star Wars Battles

LEGO Star Wars Battles is another title from the Star Wars universe that hit Apple Arcade this year. Unlike Castaways, however, Battles is a real-time strategy game with player-versus-player battles set in a variety of arenas. The game is suitable for players ages 9 and older, plus it doesn’t require a controller (though one can be used if desired).

Castlevania: Grimoire of Souls

Castlevania: Grimoire of Souls arrived on the Apple Arcade platform on September 17, giving fans of the beloved franchise an entirely new title to enjoy. Konami’s Grimoire of Souls is rated for ages 9 and older; it includes controller support and is designed with an old-school side-scrolling action game format.

Asphalt 8: Airborne

Popular racing game Asphalt 8: Airborne hit Apple Arcade in late August, offering up to eight players the opportunity to race each other in a variety of stunning landscapes.

The game includes cars from some of the world’s most notable makers, including Audi, Mercedes, Ducati, and Ferrari, as well as an extensive career mode with more than 400 career events. The game is rated for players ages 12 and older, but keep in mind the title’s 2.7GB size — you may need to uninstall a few apps to make room for the game.

Detonation Racing

If you’re burned out on Asphalt 8 and looking for a different racing game, check out Detonation Racing added back in July. Developer Electric Square calls its title the “least sensible racing series ever devised.” What makes it so chaotic?

Detonation Racing is full of hazards and amusing gameplay, including the ability to drop submarines on the track to knock out opponents, explosions, and even taking different routes (mostly caused by explosions) to win. The game is suitable for players ages 9 and older; it includes multiplayer support for up to four racers, plus controller support.

Alto’s Odyssey: The Lost City

The endless runner game Alto’s Odyssey took off in mobile gaming circles a few years ago when it launched. Fast-forward to this past summer and Apple Arcade subscribers now have access to Alto’s Odyssey: The Lost City, a similar title that offers new landscapes across four different biomes.

Players are tasked with finding The Lost City and uncovering its secrets. The title is rated for players ages 4 and older, plus there’s controller support. Even better, the game requires very little device storage space at only 183MB.

Leo’s Fortune

Leo’s Fortune, a mobile platformer that revolves around getting back stolen gold, presents some of the best graphics you’ll find on Apple Arcade. Each of the game’s 24 levels features beautiful atmospheric designs that look particularly stunning on Apple’s 4K devices, while the overall gameplay reminds me of older PlayStation 3 platformer titles.

1337 & Senri’s mobile platformer is rated for players ages 9 and older.

Star Trek: Legends

Star Trek: Legends was one of many titles dropped on Apple Arcade back in April. The mobile game allows Trekkers to play as their favorite characters from every generation of the TV shows. Legends is an RPG with battles, turn-based combat, and exploration.

The game includes excellent 3D graphics for a mobile game, as well as the ability to download updates in the background while continuing to play. The single-player game is rated for players ages 9 and older.

The Oregon Trail

Gameloft’s The Oregon Trail arrived on Apple Arcade back in April, giving a new generation of players the opportunity to experience a reimagined version of the hit 1971 game by the same name. The Oregon Trail features a mixture of retro-like pixel art and more modern graphics, as well as a storyline that mixes “the totally extreme” in with historically accurate elements.

The game’s developer rates The Oregon Trail as suitable for kids ages 12 and older; it supports controllers, but requires a somewhat hefty 2GB of storage space.

The Room Two

The Room Two, which arrived on Apple Arcade around the beginning of 2021, boasts nearly perfect ratings in the App Store at 4.9 out of 5 stars. The puzzle game tasks players with following a scientist’s letters as they explore a unique environment and try to solve a mystery.

The game is suitable for players ages 9 and older, plus it only requires 419MB of storage space.

Angry Birds Reloaded

There’s a reason new Angry Birds games are still being made more than a decade after the initial game’s launch. The incredibly popular series returned earlier this year with the release of Angry Birds Reloaded on Apple Arcade, giving fans access to a variety of new birds, pigs, and puzzles to solve by launching birds at pigs.

Players can expect a total of 45 new levels in the Apple Arcade release of this Angry Birds game, a new Eagles game mode, and the same slingshot-based gameplay first experienced back in 2009. The game is rated for kids ages 4 and older, plus there’s controller support and only a 460MB installation size.

Repost: Original Source and Author Link


Qualcomm Takes on Apple M1 With Snapdragon 8cx Gen 3

Qualcomm is ready to step up and strengthen the ARM-based side of the PC market. At its annual Snapdragon Tech Summit, the company announced the Snapdragon 8cx Gen 3 compute platform.

This is a new ARM-based mobile system on chip (SoC) that should take on Apple’s M1 processor and bring new experiences to a potential new wave of laptops in the year 2022.

There’s a couple of big advancements with the new 8cx Gen 3. The most notable is that it’s built on the 5nm PC platform, something that Qualcomm’s rival Intel has yet to accomplish. That means more performance in a smaller CPU die, but the similar power efficiency and consumption remains the same as previous-generation Snapdragon PC-based chips.

In addition, Qualcomm claims that, thanks to new prime cores, the 8cx can deliver an up to 85% generational performance uplift and up to 60% greater performance per watt in Geekbench 5 multi-thread testing when compared to a traditional unnamed x86 processor.

But what about the integrated GPU? According to Qualcomm, advances in the Adreno GPU account for a 60% improvement over the last generation, with the game Big Rumble Boxing being able to run at full HD at 120 frames per second. Outside of gaming, there are some additional features supporting better teleconferencing. That includes including improved camera start-up time (15% faster), support for auto focus, auto white balance, and auto exposure, as well as noise cancellation.

Qualcomm says this is possible through A.I. acceleration, for which the SoC supports 29+ computing operations in a single second. Note that the 8cx Gen 3 also supports 4K HDR cameras, up to 4 cameras, and up to 24-megapixel web cameras.

Qualcomm Snapdragon 8cx Gen 3 platform.
Andrew Martonik / Digital Trends

Another feature in the new 8cX Gen 3 chip is the support for the Microsoft Pluton TPM chip. This should securely store sensitive data such as credentials, personal data, and encryption keys directly on the SoC. In other areas of security, there’s support for Windows Hello, and a new “Dedicated Computer Vision processor,” which can determine user presence and lock the system as someone steps away from it.

Of course, the benefit of Qualcomm mobile compute processors is always-on connectivity. This year’s 8cx Gen 3 sports lightning-fast speeds of up to 10 Gbps, in addition to Qualcomm FastConnect 6900 to enable the fastest Wi-Fi 6/6E speeds available.

To line up with the Snapdragon 8cx Gen 3, Qualcomm also announced the Snapdragon 7c+ Gen 3 Compute Platform This 6nm SoC aims to bring up to 60% faster CPU performance, 70% faster GPU performance, and 5G connectivity to a new range of entry-level Windows PCs and Chromebooks.

Editors’ Choice

Repost: Original Source and Author Link


Apple sues NSO Group for attacking iPhones with Pegasus spyware

Now Apple has followed WhatsApp and its parent company Meta (formerly known as Facebook) in suing Pegasus spyware maker NSO Group. Along with promising new information about how NSO Group infected targeted iPhones via a zero-click exploit that researchers later dubbed ForcedEntry, Apple says it’s “seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.”

Senior VP of software engineering Craig Federighi didn’t mention sideloading this time but says in a statement, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change…Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.” Apple and WhatsApp aren’t alone in their push against NSO Group in court, as last year, tech companies including Microsoft and Google filed a brief supporting Facebook’s lawsuit.

Pegasus spyware is designed to let governments remotely access a phone’s microphones, cameras, and other data on both iPhones and Androids, according to Apple’s press release. It’s also designed to be able to infect phones without requiring any action from the user and without leaving a trace, according to reports that came out earlier this year from a journalistic coalition called the Pegasus Project and Apple’s complaint.

Apple also cites reports that the spyware has been used against journalists, activists, and politicians, despite NSO’s claims that its governmental clients are forbidden from using the spyware against those sorts of targets. It’s understandable why Apple, the “what happens on your iPhone, stays on your iPhone” company, would be upset about its devices and services being used to carry out what it calls “human rights abuses.”

Apple’s senior director of commercial litigation Heather Grenier says in a statement to The New York Times the lawsuit is meant to be a “stake in the ground, to send a clear signal” that the company won’t allow its users to suffer “this type of abuse.” Part of Apple’s argument laid out in the complaint (PDF) is that NSO violated Apple’s terms of service because the group created “more than one hundred” Apple IDs to help it send data to targets.

The Court has personal jurisdiction over Defendants because, on information and belief, they created more than one hundred Apple IDs to carry out their attacks and also agreed to Apple’s iCloud Terms and Conditions (“iCloud Terms”), including a mandatory and enforceable forum selection and exclusive jurisdiction clause that constitutes express consent to the jurisdiction of this Court

In Apple’s complaint, it breaks down how the attack worked — using the Apple IDs it created, NSO would send data to a target via iMessage (after determining that they were using an iPhone), which was maliciously crafted to turn off the iPhone’s logging. That would then let NSO secretly install the Pegasus spyware and control what was being collected on the phone. Apple says that the specific vulnerability that NSO was using was patched in iOS 14.8, which you can read more about here. The summary is that NSO was sending files that exploited a bug in how iMessage rendered GIFs and PDFs.

Apple says in its press release that, thanks to improvements it’s made to iOS 15 security, it “has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions.” When the Pegasus Project was publishing its reports in July, Amnesty International said that the latest versions of iOS (at the time iOS 14.6) were susceptible to attack.

For more information about the reporting done on Pegasus, its capabilities, and its potential targets, see our explainer.

In addition to its lawsuit against NSO, Apple says it’ll be supporting “organizations pursuing cybersurveillance research and advocacy,” both financially and with technical resources. The company says it’ll distribute $10 million (plus any damages it wins from its lawsuit) to groups working on counter-surveillance and pledges in its press release to give free “technical, threat intelligence, and engineering assistance” to Citizen Lab, a group of researchers that were involved with the Pegasus Project and that helped Apple discover and patch NSO’s exploits. Apple also says it’ll do the same for other organizations “where appropriate.”

NSO was recently added to the US Entity List, which limits the ways American companies can sell or provide their technology to the company. According to a report by the MIT Technology Review, the sanction has been seriously detrimental both to employee morale at NSO Group, and the company’s ability to do business. The report says the company has to request permission from the US government to purchase items like laptops running Windows and iPhones, and that the government has said its default decision would be to turn down those requests.

Updated November 23rd, 3:36PM ET: Added context about sanctions against NSO, and the alleged misuse of Pegasus.

Repost: Original Source and Author Link