Intel faces multiple lawsuits over chip security vulnerabilities

Intel is already facing multiple lawsuits over the chip security flaws revealed earlier this week. Gizmodo reports that three have been filed so far — in California, Oregon and Indiana. All three are class action complaints and note Intel’s delay in disclosing the vulnerabilities — it knew about them for months — as well as reduced performance caused by subsequent security patches. The Register reported that PC slow downs could amount to as much as five to 30 percent, but Intel has said that its solution’s impacts are “highly workload-dependent” and won’t be noticed much by the typical user.

It’s still early — the flaws were only officially revealed on Wednesday — so Intel could be facing more lawsuits going forward. In the week following Apple’s reveal that it intentionally slows older iPhone models to prevent sudden shutdowns, it was hit with a number of lawsuits in multiple countries.

Intel says 90 percent of affected chips should be patched by the end of the week while companies like Microsoft, Google and Apple are also releasing updates to mitigate the effects of the Spectre and Meltdown vulnerabilities.

Via: The Verge

Engadget RSS Feed

Apple faces a price-fixing suit over App Store purchases

Apple is in court once again. This time, the company is part of an anti-trust lawsuit over the strict limitations over where users can buy iOS applications. Specifically, the requirement that all apps be purchased through the Cupertino company’s App Store. The suit alleges that by not allowing customers to buy apps from third-party services, Apple was price fixing and that customers could sue as a result, according to Bloomberg.

If this sounds familiar, it’s because this was originally filed back in 2011. Apple’s defense is that it isn’t directly selling software to consumers, but that its 30 percent cut of an app’s price amounts to renting space on its digital storefront, Reuters writes.

The US Appeals Court thinks otherwise. “Apple’s analogy is unconvincing,” it said. “In the case before us, third-party developers of iPhone apps do not have their own stores.”

Currently, the suit covers apps purchased from 2007 to 2013. Attorney Mark Rifkin says that while the case hasn’t hit class-action status yet he might expand the scope of it to anyone who’s bought iPhone apps to this day. All of which could cost Apple a boatload of cash; “hundreds of millions” of dollars in damages by Bloomberg‘s estimate.

Rifkin says that if the court sides with users that Apple should let people buy apps from anywhere they desire, a move that could lower the price on apps. However, that doesn’t take into account that third-party app stores (and folks with jail-broken iPhones) often have to contend with rafts of malware, or the risk of compromising their phones and security.

Source: Bloomberg

Engadget RSS Feed

Foxconn exec faces 10 years for stealing 5,700 iPhones

A senior manager at Foxconn, the company that makes Apple’s iPhone handsets, is facing 10 years incarceration after being charged with the theft of 5,700 iPhones valued at nearly $ 1.5 million. According to AsiaOne, the Taiwanese testing department manager, identified only by his family name Tsai, coerced eight of his subordinates to smuggle iPhone 5 and 5Ses out of the Foxconn Shenzhen plant between 2013 and 2014.

Apparently, these phones were designated for testing, rather than sale, which could explain how the gang managed to take so many without tipping off security. However, an internal audit conducted earlier this year outed the group.

Via: Business Insider

Source: AsiaOne

Engadget RSS Feed

Our fingerprints, eyes and faces will replace passwords

Passwords are a pain in the ass. They’re either easy to crack or hard to remember, and when breaches occur you have to come up with a whole new one. So people are trying to do away with passwords altogether, and so far, fingerprint scanners are doing the job nicely.

Still, fingerprints alone are not enough. Online security has become increasingly important, forcing service providers to come up with better measures such as two-factor authentication to defend user information. Companies are turning to other parts of our bodies to find biometric complements that are up to the task, and our faces and eyes are at the top of the list. Although facial and eye-based recognition appear gimmicky for now (the Galaxy Note 7’s iris scanner, anyone?), they may soon become as prevalent and popular as fingerprint scanners. That pairing could eradicate passwords and clunky text-message two-factor verification altogether, making it a completely biometric process.

Before you brush the notion aside, think about the history of fingerprint scanners on smartphones. After Apple first put Touch ID on the iPhone 5s in 2013, people pointed out that it didn’t work very well and that it wasn’t secure. But Apple soldiered on, improving the hardware and implementing more useful features. Since then, many other tech giants have followed suit. Today, they’re basically a given feature on flagship Samsung, Nexus (or Pixel), LG and HTC phones, and are even spreading to more affordable handsets such as the $ 99 ZMax Pro, the $ 200 Huawei Honor 5X, the $ 400 OnePlus 3 and the $ 400 ZTE Axon 7. We can expect to see them everywhere soon, said Sayeed Choudhury, Qualcomm’s senior director of product management.

chiang mai thailand dec 30  ...

Despite the proliferation of fingerprint sensors, companies continue to chase convenience and novelty by introducing new biometric methods of logging in. We started seeing facial recognition as a method of identification when Google first revealed Face Unlock on Android 4.0 Ice Cream Sandwich. Years later, eye-print authentication started popping up on phones such as the ZTE Grand S3 and the Alcatel Idol 3. The latter two used a retinal scan to match the user by looking at the full eye and veins.

The good thing about this method, said Choudhury, was that it didn’t require additional hardware — you could just use the selfie camera. The challenge in retinal scanning is in its computation and algorithms, which Choudhury said is “very heavyweight” and “almost always uses the GPU in addition to the CPU.” This means it takes longer to detect and recognize your prints. Indeed, in my experience reviewing the Eyeverify system on ZTE and Eye-D on the Alcatel Idol 3, snapping a pic of my eyes to unlock the phones was always excruciatingly slow.

In contrast, iris scanning, which was one of the highlights of the Galaxy Note 7 when it launched (and before all that exploding hoopla), uses more compact algorithms, said Choudhury. That means faster detection and a shorter wait time. Plus, iris scanning has been around for a long time. People have been using it to get into secure labs, buildings and even through airport security (Global Entry), so the technology is pretty mature. It’s also more secure than fingerprints. According to Choudhury, “Iris-recognition technologies found in devices today identify three to five times more ‘feature markers’ to classify a specific iris versus what today’s fingerprint technologies can do.” The bad news with iris scanning, though, is it requires an infrared (IR) camera, which isn’t on many phones. But Samsung isn’t alone in looking to implement it — other brands will likely follow suit.

One of the biggest forces pushing the move toward eye-based authentication is the payments industry, said Choudhury. “What we’re seeing, driven by the mobile payments industry, is that both iris and retina biometrics are going to be incorporated in many more devices,” he said. Mobile payments are a “killer-use case,” according to him, and it certainly has a history of forcing even the most stubborn companies to adopt new technologies. The most obvious example of this would be Apple finally incorporating NFC into the iPhone 6 to enable its payment system, after years of resisting the tech that’s proliferated in Android phones.

Payments giant Mastercard is one of the proponents of the biometric security bandwagon, which encompasses fingerprints, eyes and faces. “We want to remove passwords,” said Ajay Bhalla, president of global enterprise risk and security at Mastercard. “Passwords are a big problem for people — they keep forgetting it or they use passwords which are very simple and dumb,” said Bhalla.

The company has been researching biometric-authentication methods using facial recognition, eye-based tech, fingerprints, heartbeats and voice, because these are unique to the user and don’t require memorizing or guesswork. It found fingerprints and face detection to be the most easily scalable. “We feel it’s reached a stage where it can become mainstream — it’s on devices, and consumers understand it,” said Bhalla.

Mastercard recently launched its “selfie pay” authentication method in Europe via its Identity Check Mobile app. The feature lets you authorize transactions by taking a portrait of yourself and blinking to prove it’s you and not a picture some wannabe hacker printed.

While it may sound cheesy to hold up your phone and pose for a picture each time you want to buy something, the company claims it is well-received. According to research from its 2015 trials, 90 percent of respondents found the Identity Check app more convenient than what they had been using. Seventy-one percent rated facial recognition as “highly convenient,” while 93 percent rated fingerprint recognition the same.

The popularity, prevalence and convenience of fingerprint scanning means it is here to stay, and by no means are face- and eye-recognition meant to replace it. Both Choudhury and Bhalla see the newer method as a complement to fingerprints, providing a more convenient second-factor authentication as opposed to entering a text code sent to your phone. While the tech we have right now may not be fast or secure enough to be truly convenient and helpful, we’re getting close. Using the adoption of fingerprint scanners as a model, Choudhury estimated that we are five years away from iris scanners and face detection becoming just as widespread. Until then, we’ll have to deal with changing our crappy passwords every so often and hope we don’t forget them.

Engadget RSS Feed