Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Iphone

Apple Fixes Three Zero Days Used In Targeted Attack (onthewire.io) 75

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Media

The Slashdot Interview With VideoLAN President and Lead VLC Developer Jean-Baptiste Kempf 40

You asked, he answered!

VideoLan President and Lead Developer of VLC Jean-Baptiste Kempf has responded to questions submitted by Slashdot readers. Read on to find out about the upcoming VideoLAN projects; how they keep VLC sustainable; what are some mistakes they wish they hadn't made; and what security challenges they face, among others!
IOS

iPhones and iPads Fail More Often Than Android Smartphones (softpedia.com) 175

An anonymous reader writes: The main question when picking a new phone is whether to choose an Android one or an iPhone. A new study coming from Blancco Technology Group sheds some light on which devices are the most reliable, based on reliability. The study entitled State of Mobile Device Performance and Health reveals the device failure rates by operating systems, manufacturers, models and regions, as well as the most common types of performance issues. The report reveals that in Q2 2016, iOS devices had a 58% failure rate, marking the first time that Apple's devices have a lower performance rate compared to Android. It seems that the iPhone 6 had the highest failure rate of 29%, followed by iPhone 6s and iPhone 6S Plus. Android smartphones had an overall failure rate of 35%, an improvement from 44% in Q1 2016. Samsung, Lenovo and LeTV were among the manufacturers with the weakest performance and higher failure rates. Samsung scored 26% in failure rate, while Motorola just 11%. The study also reveals that iOS devices fail more frequently in North America and Asia compared to Android. Specifically, the failure rate in North America is 59%, while in Asia 52%. The failures could be influenced by the fact that the quality of smartphones shipped around the world varies.
Government

Malware Sold To Governments Helped Them Spy on iPhones (washingtonpost.com) 31

One of the world's most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists, reports The New York Times. (Editor's note: the link could be paywalled, here's an alternate source). From the report: Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target's mobile phone, was responsible for the intrusions. The NSO Group's software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the phone user. In response, Apple on Thursday released a patched version of its mobile software, iOS 9.3.5. Users can get the patch through a normal software update.The Washington Post reports that these "zero-day" flaws were previously used by the governments to take over victims' phones by tricking them into clicking on a link to a text message. Motherboard says that this is the first time anyone has uncovered such an attack in the wild. "Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars."
Android

Opera Brings Its Free VPN Service To Android (techcrunch.com) 26

Frederic Lardinois, writing for TechCrunch: Earlier this year, Opera launched its free and unlimited VPN service for iOS; today it is bringing the same functionality to Android. Like the iOS version, the Android app is based on Opera's acquisition of SurfEasy in 2015 and allows you to surf safely when you are on a public network. While Opera's marketing mostly focuses on safety, Opera VPN also allows you to appear as if you are in the U.S., Canada, Germany, Singapore and The Netherlands, so it's also a way to route around certain geo-restrictions without having to opt for a paid service. In addition to its VPN features, the service also allows you to block ad trackers. Somewhat ironically, though, the app itself will show you some pretty unintrusive ads. "The Opera VPN app for Android sets itself apart from other VPNs by offering a completely free service; without a data limit, no log-in required, advanced Wi-Fi protection features and no need for a subscription," says Chris Houston, the president of Opera's SurfEasy VPN division, in today's announcement.
Microsoft

Microsoft Apps Will Be Pre-loaded On Lenovo and Motorola Android Devices (betanews.com) 76

An anonymous reader writes: There was a time when Microsoft was seen as the enemy of Linux and Apple communities. Understandably, at the time, the company only wanted Windows to succeed. Nowadays, however, the operating system is sort of inconsequential. Microsoft seems happy to have its software succeed on 'competitor' platforms such as iOS, Android, macOS, Ubuntu and more. Today, Microsoft announces that it has partnered with Lenovo on a new mobile initiative. The Windows-maker's productivity apps will be pre-loaded on Lenovo and Motorola-branded devices running Google's Linux-based Android operating system.As of earlier this year, Microsoft had over 74 Android OEM partners. As for submitter's take on this, it's pretty simple. Microsoft is going where users are. If they are not going to purchase Windows Phones, Microsoft will go to Android and iOS.
Crime

Want To Hunt Bank Robbers? There's an App For That, Says The FBI (networkworld.com) 68

Long-time Slashdot reader coondoggie quotes an article from Network World: The FBI today said it released a new application making it easier for the public -- as well as financial institutions, law enforcement agencies, and others -- to view photos and information about bank robberies in different geographic areas of the country.
The FBI's new "Bank Robbers" application runs on both Android and iOS, according to the article, "and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred." The app ties into BankRobbers.fbi.gov, which overlays FBI information about bank robberies onto Google Maps.

The app's users "can also select push notifications to be informed when a bank robbery has taken place near their location," according to the FBI's site, which adds innocently that "If the location services on your device are enabled, you can view a map that shows the relevant bank robberies that took place in your geographic area..."
Android

iOS and Android Combined For Record 99% of Smartphone Sales Last Quarter (macrumors.com) 191

An anonymous reader writes: The research firm Gartner has crunched some numbers and found that Android and iOS accounted for a record 99.1% worldwide market share in the second calendar quarter of 2016, which is compared to 96.8% in the year-ago period. What some may view as even more shocking is that Android accounted for 86.2% of the market share in the second quarter, up from 82.2% a year ago. Meanwhile, iOS lost some ground as it dropped to 12.9% market share from 14.6% in the year-ago period. It's no surprise that Windows and BlackBerry have been losing market share. They dropped to 0.6% and 0.1% market share worldwide respectively. Just six years ago, BlackBerry and Symbian operating systems were industry leaders. Now, they're industry losers. Which third-party operating system has what it takes to take on the establishment?
Communications

Google Duo Video Chat App Arrives On iOS and Android With End-to-end Encryption (betanews.com) 114

An anonymous reader writes: Video chat should be simple, but it is not. The biggest issue is fragmentation. On iOS, for instance, Facetime is a wonderfully easy solution, but there is no Android client. While there are plenty of cross-platform third-party options to solve this, they aren't always elegant. Skype is a good example of an app that should bridge the gap, but ends up being buggy and clunky. Google is aiming to solve this dilemma with its 'Duo' video chat app. With it, the search giant is putting a heavy focus on ease of use. The offering is available for both Android and iOS -- the only two mobile platforms that matter (sorry, Windows 10 Mobile). Announced three months ago, it finally sees release today. There is no news about the Allo chat sister-app, sadly.
Encryption

Serious Flaws In iMessage Crypto Allow For Message Decryption (onthewire.io) 43

Reader Trailrunner7 writes: New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on its iMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim's past iMessage texts. The iMessage system, like much of what Apple does, is opaque and its inner workings have not been made available to outsiders. One of the key things that is known about the system is that messages are encrypted from end to end and Apple has said that it does not have the ability to decrypt users' messages. The researchers at JHU, led by Matthew Green, a professor of computer science at the school, reverse engineered the iMessage protocol and discovered that Apple made some mistakes in its encryption implementation that could allow an attacker who has access to encrypted messages to decrypt them.The team discovered that Apple doesn't rotate encryption keys at regular intervals (most encryption protocols such as OTR and Signal do). This means that the same attack can be used on iMessage historical data, which is often backed up inside iCloud. Apple was notified of the issue as early as November 2015 and it rolled out a patch for the iMessage protocol in iOS 9.3 and OS X 10.11.4.
Google

Google Working On New 'Fuchsia' OS (digitaltrends.com) 146

An anonymous reader writes: Google is working on a new operating system dubbed Fuchsia OS for smartphones, computers, and various other devices. The new operating system was spotted in the Git repository, where the description reads: "Pick + Purple == Fuchsia (a new Operating System). Hacker News reports that Travis Geiselbrech, who worked on NewOS, BeOS, Danger, Palm's webOS and iOS, and Brian Swetland, who also worked on BeOS and Android will be involved in this project. Magenta and LK kernel will be powering the operating system. "LK is a kernel designed for small systems typically used in imbedded applications," reads the repository. "On the other hand, Magenta targets modern phones and modern personal computers with fast processors, non-trivial amounts of RAM with arbitrary peripherals doing open-ended computation." It's too early to tell exactly what this OS is meant for. Whether it's for an Android and Chrome OS merger or something completely new, it's exciting nonetheless.
IOS

Zero-Day Hunters Will Pay Over Twice as Much as Apple's New Bug Bounty Programme (vice.com) 29

Joseph Cox, writing for Motherboard: Last week, Apple finally joined other technology giants and announced a bug bounty programme, where hackers can submit details of previously unknown vulnerabilities in Apple systems and devices, and get paid for sharing them with the company. But Apple is not going to be without competition. On Wednesday, established bug-hunting company Exodus Intelligence launched its own new acquisition programme for both vulnerabilities and exploits. And when it comes to iOS bugs, the company is offering up to more than double Apple's maximum payout. While Apple's highest bounty is $200,000, Exodus is advertising a maximum of $500,000 for vulnerabilities affecting iOS 9.3 or above. Exodus provides details of vulnerabilities and working exploits to customers who pay a subscription fee of around $200,000 per year, according to Time. Those customers could be on the defensive side -- such as antivirus vendors who want to plug newly discovered holes -- or part of an offensive team using the exploit to target systems themselves. On its site, Exodus emphasises the former, writing that it "works with the research community to find these attacks first and make them available to security vendors and enterprises, allowing them to deploy defenses before their adversaries can attack."
Open Source

Ask VideoLAN President and Lead VLC Developer Jean-Baptiste Kempf Your Questions 204

VLC remains one of the most popular applications. First released over 15 years ago, VLC is open-source, and is available across multiple platforms including Windows, OS X, Linux, Android, ChromeOS, iOS, and it's coming to the Xbox One later this year. We thought it would be great to have Jean-Baptiste Kempf, President of VideoLAN non-profit organization (the maker of VLC media player). In addition, he is also a lead developer of VLC.

Leave your questions in the comments section below. Let's get this going.
Medicine

Waze's New Safety Feature Reminds Drivers Not To Forget Their Child In the Car (go.com) 76

An anonymous reader quotes a report from ABC News: The navigation app Waze has released a new safety feature that reminds users not to forget their child, pet or other loved ones in the car before getting out. The feature, called "Child reminder," was made available to the public on Thursday, when Waze released its latest update on app stores for Android and iOS. The new feature comes amid concerns over recent child hot car deaths. Since 1998, there have been 37 child heatstroke fatalities on average per year in the U.S., according to the Department of Meteorology and Climate Science at San Jose State University in California. Waze's Head of Brand, Julie Mossler said in a statement: "Just as drivers sometimes forget to turn off their headlights, they sometimes forget things in the car too. This new feature helps keep people present in the vehicle and gives them an important, possibly life-saving reminder, that drivers sometimes need." The "Child reminder" feature is opt-in and can be turned on and off in the app's "general settings." Mossler also said that drivers can customize the alert "to include their child's name or pet's name -- anything that will get their attention at the end of a drive." It will only disappear if a driver has entered a destination in Waze and has arrived at that destination.
Microsoft

Microsoft Swaps Toy Gun Emoji For Revolver -- Days After Apple Does the Opposite (arstechnica.co.uk) 331

The pistol emoji has become a heated topic of debate among people. Apple's decision to replace the gun with a toy pistol is getting a mixed response. Amid all this, Microsoft has announced it is replacing the toy gun emoji with a symbol for a real revolver. ArsTechnica reports: This emoji change is part of the Windows 10 Anniversary Update, which is rolling out now. The move has surprised some, as Microsoft and Apple had been seen as allies in an effort to dial down violence in emoji generally. In June it emerged that the two had successfully lobbied to have a sports rifle removed from the latest collection of emoji, as it was felt that two firearm symbols would be too many.Microsoft says it is only trying "to align with the global Unicode standard." The issue is that despite Apple's thought on the matter, when an iPhone (or iPad or a Mac) user sends a water pistol emoji, people with devices running non-Apple OS are only going to see a regular pistol. The article adds: Analysts had been worried that without standardisation between platforms, intent for violent emoji could be misunderstood. For instance, if someone sent an acquaintance a message using their iPhone offering to come around with some friends and some waterguns, that acquaintance might well misunderstand the thrust of the message if they were using an Android phone and saw a series of pistols.Emojipedia, an emoji reference website has a good suggestion: Apple: Don't change the pistol emoji. At least not today. Hide it. Unicode does not depreciate emojis, but there is no requirement to show all approved emojis on the keyboard. The pistol emoji could be removed from the iOS emoji keyboard without causing any cross platform compatibility issues.
Bug

Apple Announces Bug Bounty At Black Hat With Maximum $200,000 Reward (threatpost.com) 39

msm1267 quotes a report from Threatpost: Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty. The Apple Security Bounty will be an invitation-only program, open to two dozen researchers at the outset, said Ivan Krstic, head of security engineering and architecture. The maximum payout is $200,000 and five classes of bugs in iOS and iCloud are in scope. Apple said the maximum reward will be $200,000 for vulnerabilities and proof-of-concept code in secure boot firmware components. It will also pay $100,000 for the extraction of confidential material protected by its Secure Enclave Processor, $50,000 for code execution flaws with kernel privileges or unauthorized access to iCloud account data on Apple servers, and $25,000 access from a sandboxed process to user data outside that sandbox.
Social Networks

LinkedIn Moves Into Video, Starting With Quora-Style Q&A From Influencers (techcrunch.com) 35

LinkedIn has become the latest major technology company to get into video content. On Tuesday, the social network for professionals announced a new app that its hand-selected group of influencers can create and share short videos directly to the app's news feed. It's the first time LinkedIn has ever let users upload video directly to the service, something that's been standard on other social sites for years. TechCrunch adds: LinkedIn will start first with videos created by LinkedIn 'Influencers' -- an invitation-only group of 500 LinkedIn users who have significant numbers of followers and who regularly post content to the site -- who will be making videos that are short, 30-seconds-or-less responses to questions put to them specifically or to the community at large. Influencers will be creating their videos using a special iOS and Android app called "Record" that LinkedIn has created for this purpose -- which for now will only be accessible by these Influencers, LinkedIn tells me.
IOS

Apple Replaces The Pistol Emoji With A Water Gun (cnn.com) 246

Apple has a announced a number of new emoji changes on Monday, but the most controversial new change is that the pistol emoji will be replaced with a green water gun emoji in the company's upcoming iOS 10 operating system: The water gun swap is not Apple's first foray into cartoon gun control. Earlier this year the governing body in charge of emojis nixed a proposed rifle emoji. It was one of a number of possible new additions, but Unicode Consortium members Apple and Microsoft argued against the Olympics-inspired gun, according to Buzzfeed. Last year, an organization called New Yorkers Against Gun Violence started a campaign to get Apple to replace its version of the pistol emoji. It launched a site, disarmtheiphone.com, and sent an open letter to remove the firearm emoji "as a symbolic gesture to limit gun accessibility." As it stands, Microsoft is the only major software company to use a toy gun emoji instead of a pistol emoji in Windows -- Google, Samsung, Facebook and Twitter all use realistic pistol emojis. Apple's iOS 10 will be released in fall, but you can download the iOS 10 public beta to be one of the first to wield the toy gun emoji.
Security

WhatsApp Isn't Fully Deleting Its 'Deleted' Chats (theverge.com) 60

Facebook-owned messaging app WhatsApp retains and stores chat logs even after those messages have been deleted, according to iOS researcher Jonathan Zdziarski. The Verge reports: Examining disk images taken from the most recent version of the app, Zdziarski found that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place. In most cases, the data is marked as deleted by the app itself -- but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default. WhatsApp was applauded by many privacy advocates for switching to default end-to-end encryption through the Signal protocol, a process that completed this April. But that system only protects data in transit, preventing carriers and other intermediaries from spying on conversations as they travel across the network.
Google

Google Launches Docs and Sheets Add-ons For Android 12

An anonymous reader writes: Google today announced the launch of new add-ons for the Android versions of Google Docs and Google Sheets. Those services have offered integrations with third-party tools on the web, and now a similar capability is coming to Google's mobile operating system. There's now a dedicated section for add-ons for Docs and Sheets in the Google Play Store, Google Apps product manager Saurabh Gupta wrote in a blog post. Nine add-ons are available for Android as of today: AppSheet, DocuSign, EasyBib, Google Classroom, PandaDoc, ProsperWorks CRM, Scanbot, Teacher Aide, and Zoho CRM. The DocuSign add-on, for example, lets you sign or send a file in Google Docs or Sheets through DocuSign. Generally these services are meant for a work context, but it's possible that developers will build more consumer-oriented add-ons, too.

Slashdot Top Deals