An "expert" quoted in the Independent predicts that thieves will amputate their victims' fingertips in order to bypass the biometric locks on the new Iphones. I'm not particularly worried about this vulnerability (if you're willing to cut off someone's fingertip to unlock his phone, you're probably also willing to torture him into giving up his PIN), though I remember reading stories of carjackers who amputated their victims' fingertips in order to make off with their biometrically protected cars.
More interesting is the prediction that phone thieves will lift their victims' fingerprints and use them to bypass the readers. As German Interior Minister Wolfgang Schauble discovered, you leak your fingerprints all the time, and once your fingerprint has been compromised, you can't change it. (Schauble was pushing for biometric identity cards; playful Chaos Computer Club hackers lifted his fingerprints off a water-glass after a debate and published 10,000 copies of them on acetate as a magazine insert).
This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent. Unless you never venture into public without a clean-room bunny-suit, mirrorshades, and sharp gravel in your shoes, you're not going to be able to stop dedicate strangers from capturing these measurements. And as with Schauble's fingerprints, you can't revoke your DNA and replace it with new DNA once a ripoff artist has used it to clean out your bank-account or break into your workplace.
That's why cops use them, after all: it's nearly impossible to keep them to yourself, and once they're in the wild, they can be used against you.
Read the rest
Billy Lau and Yeongjin Jang from Georgia Institute of Technology have presented a demo at Black Hat of a way of stealthily compromising Iphones and other Ios devices with gimmicked chargers. The devices need to be unlocked -- either having no unlock code to begin with, or unlocked by the user after connection -- but apart from that, the device can compromise any Ios device.
Read the rest
The Daily Beast investigated the autocomplete on Apple Ios devices (Iphones, Ipads, etc), and discovered that there was a long list of "sensitive" words that the devices have in their dictionary but would not autocomplete -- you would have to type them out in full to get them into your device. This list includes words such as "abortion," "rape," "ammo," and "bullet." They documented their methodology in detail.
Read the rest
"The Plaintiff became totally out of synch in his romantic relationship with his wife, which was a consequence of his use of his Apple product.
" [Above the Law via DF
Reuters reports that Apple will build
a new solar farm with NV Energy Inc, to power the computing giant's new data center in Reno, Nevada. The plan is seen as "a major step towards its goal of having its data centers run on renewable energy."
Apple's new wearable device is called a "Beeper" and the hospital where my niece works is beta testing them! She just started her medical residency and they issued her one.
With a new trailer out to promote Kutcher-starring biopic Jobs, Apple co-founder Steve Wozniak has new thoughts on the movie—not all of them negative. [Jesus Diaz / Kinja]
Andrew Albanese, my editor at Publishers Weekly, has been tracking the antitrust action the DoJ brought against the big six publishers and Apple over price-fixing very carefully, and he's written a great-looking, DRM-free ebook about it called "The Battle of $9.99: How Apple, Amazon, and the Big Six Publishers Changed the E-Book Business Overnight." Here's what he had to say about it:
It is mostly about the backstory of the case, how publishers' antipathy to $9.99 led them to what turned out to be a pretty fateful decision. It is also available in all the major e-book stores, Sony, B&N, Apple, and Amazon. Amazingly, Amazon is featuring it on their Singles home page here in the U.S.
So one note that might be of interest to you, I was surprised to learn in writing this essay how little the publishers negotiated their initial e-book retail terms back when the e-book market was just beginning. And, more to the point, that the thought they did put into e-books was all related to the negative aspects of digital: how to stop piracy, DRM, controlling unauthorized use. This is kind of where this whole legal saga begins. When Amazon came to launch the Kindle in 2007, the publishers were so focused on the bad things that digital might bring that they never really considered, hey, what if this e-book thing really works? What if this Kindle thing takes off?
Remember, at the time Amazon launched the Kindle, the publishers were stumping for the Google Settlement, so their attention was focused more on stopping the digitization and indexing of long out-of-print books that were making money for no one. As a result, they barely negotiated their initial financial terms with Amazon. Amazon officials testified that, in some cases, they just accepted the financial terms publishers had already proposed for e-books, while publishers mostly sought to address DRM, and security concerns. No one apparently stopped to ask Amazon, “Oh, by the way, how much are you planning to charge consumers for our e-books?”
It is easy to say in hindsight, but the major publishers’ fear of digital piracy had kept them from considering the prospects of digital success. And, of course, all of this was exacerbated by the fact that the Kindle was a closed platform, so, the more successful the Kindle became, the more power the company had over the publishers' customer. As you once wrote, the DRM and security they'd insisted on became a whip to beat them with. Another interesting chapter in the way DRM has impacted the publishing industry.
The Battle of $9.99: How Apple, Amazon, and the Big Six Publishers Changed the E-Book Business Overnight
Apple apparently has the power to decrypt iPhone storage in response to law-enforcement requests, though they won't say how. Google can remotely "reset the password" for a phone for cops, too:
Last year, leaked training materials prepared by the Sacramento sheriff's office included a form that would require Apple to "assist law enforcement agents" with "bypassing the cell phone user's passcode so that the agents may search the iPhone." Google takes a more privacy-protective approach: it "resets the password and further provides the reset password to law enforcement," the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised.
Ginger Colbrun, ATF's public affairs chief, told CNET that "ATF cannot discuss specifics of ongoing investigations or litigation. ATF follows federal law and DOJ/department-wide policy on access to all communication devices."
...The ATF's Maynard said in an affidavit for the Kentucky case that Apple "has the capabilities to bypass the security software" and "download the contents of the phone to an external memory device." Chang, the Apple legal specialist, told him that "once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive" and delivered to the ATF.
It's not clear whether that means Apple has created a backdoor for police -- which has been the topic of speculation in the past -- whether the company has custom hardware that's faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET.
It's not clear to me from the above whether Google "resetting the password" for Android devices merely bypasses the lock-screen or actually decrypts the mass storage on the phone if it has been encrypted.
I also wonder if the "decryption" Apple undertakes relies on people habitually using short passwords for their phones -- the alternative being a lot of screen-typing in order to place a call.
Apple deluged by police demands to decrypt iPhones [Declan McCullagh/CNet]
Over at Apple, Jony Ive is reportedly pulling back on the skeuomorphism for iOS 7. I'm glad. I don't care for skeuomorphism except in a very few instances, like the 1982 Chrysler Town & Country seen above with Ricardo Montalbán.
Consumerist's Laura Northrup rounds up several years' worth of stories from Apple customers who say they were denied warranty support on their computers because they'd smoked around them. As an annoying ex-smoker, I can sympathize with a tech who doesn't want to work on a machine that smells like an old ashtray, but that's what painter's masks are for -- I've also serviced machines that reeked of BO and other less savory odors. This just feels like a way to weasel out of doing warranty service and forcing customers to pay for new machines. If the company has a policy of not fixing machines if you smoke near them, it should say so when it sells you the warranty: WARNING: IF YOU LIGHT UP NEAR YOUR LAPTOP, WE WON'T EVER FIX IT, EVEN IF IT IS MATERIALLY DEFECTIVE.
Dena set up an appointment at the same Apple store. They told me that they would take pictures of the computer – both inside and out before determining whether to proceed and that if the only problem was the optical drive, they’d probably just replace it. Dena called me earlier this week to deliver the “bad news.” She said that the computer is beyond economical repair due to tar from cigarette smoke! She said the hard drive is about to fail, the optical drive has failed and it isn’t feasible to repair the computer under the warranty. This computer is less than 2 years old! Only one person in my household smokes – one 21 year old college student. She said that I can get it repaired elsewhere at my expense. I asked why my warranty didn’t cover the repair and was told it’s an OSHA violation.
Smoking Near Apple Computers Creates Biohazard, Voids Warranty
Robert McMillan explains what happens to the data generated and stored with Siri queries: "Once the voice recording is six months old, Apple “disassociates” your user number from the clip
, deleting the number from the voice file. But it keeps these disassociated files for up to 18 more months for testing and product improvement purposes." [Wired]
Posted online is a preview of the first installment of
Manga Taishō and Mari Yamazaki's manga bio of Steve Jobs.
John Brownlee has a solution to the "big cat" problem now faced by OS X's marketing team
, which has run out of cool ones to use as version titles
Derived from Adam Lashinsky's Inside Apple
, rumors spread of "fake" engineering projects within Apple, crafted to expose leakers. Not quite, reports Jacqui Cheng
: "Our own sources acknowledged that Apple may not tell an engineer what project he or she is about to work on until the time comes, which is what Lashinsky was talking about in Inside Apple
. Lashinsky clarified that the "fake" projects line didn't come from him but secondhand from an audience member, who had himself heard about it from a friend."