Your modern car might be as vulnerable as the first iPhone

Over 10 years ago, the first iPhone burst on the scene and changed mobile computing forever. But it had a flaw: The baseband (the part that manages all the radios) on the installed Infineon chip could be exploited to run the phone on networks other than AT&T — which was, at the time, the exclusive provider. Fast-forward to 2017 and that same chip was recently found in various Nissan Leafs built between 2011 and 2015.

While such chips are typically used in multiple devices across different markets, the problem is that the Infineon chip with the same vulnerability was found in a modern car so many years later. But it’s not just one car with this issue; BMWs and Fords were found to have the same vulnerable silicon that would allow someone to remotely access and control memory. At Def Con recently, McAfee researchers Mickey Shkatov, Jesse Michael and Oleksandr Bazhaniuk warned that the chip could be used to send ransomware to the car. However, they decided that a good old-fashion Rick Roll would suffice for their presentation.

“We just randomly picked a car at the wrecking yard and happened to find this and our jaws kinda dropped,” said Michael.

The actual flaw was discovered in the telematics control units (TCU) of the vehicle supplied by Continental AG. It was a vendor-supplied component that housed the Infineon chip. That piece of hardware found its way into BMWs, Fords and Inifinitis (the luxury arm of Nissan), according to an ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) advisory issued on July 27th this year.

Fortunately, Intel (which purchased Infineon back in 2011) and Nissan worked with the researchers to help identify and figure out a way to fix the issue for current owners. Also, Nissan, BMW and Ford have all delivered system updates to fix or disable the affected modems. But that doesn’t get at the larger issue of potentially vulnerable hardware permeating multiple, unrelated devices. While the iPhone was a huge target for hackers, other lesser-known devices with the same chipset just don’t register with people looking for vulnerabilities. At least not initially.

Car hacking has only recently become something automakers and their suppliers have to worry about. But even in a world where all devices are fair game to bad actors, even the most security-minded company will find it difficult to vet all the hardware that goes into a car that’s teaming with thousands of pieces of silicon.

It’s not only the automotive world that should be concerned. Hardware with known exploits could be in just about anything. Boats, security systems and infrastructure components could potentially have hardware that’s not up to snuff.

It’s not just vulnerable silicon that’s used over and over again. In 2014, researchers Lior Oppenheim and Shahar Tal found routers running old versions of software for embedded devices that let folks bypass the device’s security. The old version of the software had been used over and over again, even though the original vendor issued an update seven years earlier.

“The problem is that the notion of managing your supply chain when it comes to computer technology and software is not there,” Veracode founder and researcher Chris Wysopal told Engadget. Wysopal noted that when it comes to hardware and software, no one seems to be tracking down to the component level.

So who is responsible when something like this happens? In this case is it the automaker, the vendor or the chipmaker? To Wysopal, all parties involved are responsible, and if (for example) a chip is found with a vulnerability, it’s up to the company that built it to recall those pieces of silicon from resellers.

Plus, companies should be tracking updates to the components put into their products. It’s going to be costly, but it needs to happen or the next exploit might not be found by researchers, meaning one morning the owners of certain car models could wake up to a vehicle that’s locked them out unless they are willing to pay a ransom.

When that happens, no amount of PR spin or free fixes from the dealer is going to repair an automaker’s — or any company’s — image.

Wysopal said, “It’s a new world out there. We just need to build some new processes. We need standard industry processes for this solution so people can sort of rely on these things being able to get updated.”

Engadget RSS Feed

The next Apple Watch might not need an iPhone for data

Well, Apple Watch fans have more to look forward to than just a new operating system. According to a new report from Bloomberg, Apple will release a version of its Watch with cellular network support built-in by year’s end, relieving users of the need to carry their iPhones around. Three words: it’s about time.

Rumors of a cellular Apple Watch are nothing new, and the whole concept should sound very familiar by now. After all, Samsung and LG have had LTE-enabled smartwatches for years, and the latter developed one such wearable to help launch Android Wear 2.0 earlier this year. While it’s not yet clear what Apple plans to let people do with these mobile data connections, it’s likely that users will be able to send messages and make phone and FaceTime Audio calls without being tethered to an iPhone.

Interestingly, Intel is said to be providing the modem for the new Apple Watch, which isn’t a huge surprise — Apple tapped the chipmaker for modems used in certain versions of the iPhone 7 and 7 Plus. Given the Watch’s small size, Apple and Intel may opt to use a digital “eSIM” rather than a traditional plastic SIM card as well. That could signal a similar decision for future iPhones, which would have potentially huge ramifications for how such smartphones (and their data plans) are sold.

If nothing else, though, use of an eSIM would likely preserve the Apple Watch’s compact footprint. Consider LG’s flagship Watch Sport: it was the more powerful of the two smartwatches that debuted alongside Android Wear 2.0, and the space required to fit a physical SIM card inside helped make it big and somewhat unwieldy. That’s not really Apple’s style, especially since the company’s new Watch is said to benefit from an all-new form factor.

If true, Apple’s next step in wearables may be an iterative one. Still, if the company’s most recent earnings release is any indication, demand for the Watch is still going strong. According to CEO Cook, Watch sales grew 50 percent year over year — seriously, Tim, would some hard numbers now and then really kill you?

Source: Bloomberg

Engadget RSS Feed

Essential’s exclusivity deal with Sprint might not be so bad

Few Android phones have generated the enthusiasm that Essential’s PH-1 has. If you haven’t been keeping up, it’s a very pretty, surprisingly clever smartphone from Andy Rubin, one of the men responsible for unleashing Android upon the world.

On the flip side, few US wireless carriers have fared as poorly as Sprint. In terms of subscribers, it’s in last place out of the Big Four. So, it was a surprise for these two companies come together to cook up an exclusivity deal of sorts: Sprint gets to be the exclusive US carrier for the PH-1, leaving Essential to sell unlocked models to everyone else.

This seemed, in a word, dumb. In an interview with USA Today, Essential President Niccolo de Masi said the company took the leap with Sprint because it likes to “bet where the market is going as opposed to where the market was.” He went on to add that Sprint is the “network of the future,” which is probably the nicest thing anyone under contractual obligation has ever said about the carrier. At this point, it’s a little difficult to imagine the pendulum of fortune swinging back in Sprint’s direction, but that doesn’t matter. The thing to remember is that while this isn’t a perfect deal, it’s still a deal. That’s more than most of Essential’s premium, unlocked competition have. Even better, Essential gets to have its cake and eat it too.

Remember: The PH-1 looks a lot like a love letter to Android’s power users. (I affectionately refer to them as the OnePlus crowd.) They like insane performance, thoughtful design and straight talk; they abhor compromise. OnePlus is a great example of a company that has been chasing this flagship dream for years and done well. Essential is ready to compete in this very specific market. For all the people who prefer to skip middlemen and get their devices straight from the source, Essential has you covered. Just buy it unlocked, pop a SIM in there, and have a great time.

Essential

The deal with Sprint just opens extra doors. If nothing else, Essential gets access to marketing money that it may have been unwilling to shell out itself. In case you haven’t been keeping track, Sprint is actually trying really hard to get back into people’s good graces. I’m not talking about those obnoxious “post-Verizon glasses guy” ads either (though some people seem inordinately fond of them).

Look at their most recent ploy: Customers who are willing to switch from their current carriers basically get an extended, one-year trial run of Sprint service for basically nothing. (You pay for a SIM and cover a small administrative fee each month.) Sprint has admitted that this won’t actually make it much money — instead, it’s a pretty naked grab for subscribers that could help liven up its next earnings release. It’s a clear sign that Sprint will do what it has to to stay in the fight. If it thinks it has a handle on the next big thing — which it might — we may see Essential ads on TV. Your Top-40-FM binge may break into a polished, 30-second Essential spot. Most important, you may be able to walk into a store and see what an Essential phone is like, and talk to a staff that’s been trained on it. By settling on a deal, Essential gets a whole new front in its war for success.

That Essential couldn’t close this kind of deal with a bigger carrier like Verizon or AT&T is telling. There’s very little detail available on Essential’s approach to software. We know that PH-1 will run Android, and that Essential founder Rubin was trying very hard to keep carrier apps off the device at launch. I suspect that was a big sticking point for other carriers. Whether you like Sprint or not, it isn’t nearly as bad as its rivals.

I mean, have you seen all the crap that comes on a Verizon phone? This junk software falls into two major categories: apps that have been pre-installed because of some lucrative partnership, or shortcuts that point to app listings in the Play Store (presumably because those companies didn’t want to pay as much). Verizon cut a deal with Google to sell its high-end Pixels to its customers, but come on — it was Google. Of course Verizon was going to figure something out. Essential obviously doesn’t have that kind of clout or leverage (yet).

AT&T is no saint in all this either. It generally adds less trash in favor of cross-promotional DirecTV nonsense that’s difficult for normal users to get rid of. And let’s not forget how many times AT&T has been burned by taking a chance on an exclusive phone deal over the years. Let’s see: there was the big stuff, like Amazon’s Fire Phone, Facebook and HTC’s First, the Padfone X … the list goes on. AT&T gets points for gumption, but the last time it really got an exclusivity deal right was with the iPhone 10 years ago.

If Sprint pledged some marketing muscle and promised not to screw about with Essential software, it’s hard to see how Essential could’ve refused. Andy Rubin’s new brainchild has little to lose and everything to gain from this tie-up. As for Sprint, it’s been batted around by the market for awhile, anyway — if it could survive that, it’ll survive a potentially misguided exclusivity play. Like I said, this isn’t a perfect deal, but a having a deal at all is better than nothing.

Engadget RSS Feed

Qualcomm might try to block iPhone shipments over royalty dispute

The Qualcomm vs. Apple licensing squabble had already gotten messy with lawsuits flying in both directions, but a report by Bloomberg says things could go to the next level soon. That’s because according to sources, Qualcomm plans to ask the ITC to block Apple from importing its phones from where they’re built in Asia to the US, ahead of new devices that we’re anticipating in the fall. We don’t know if it could be successful, although Qualcomm holds a number of patents in the space and Apple stopped making payments while the dispute is ongoing.

Qualcomm has cut its revenue outlook by $ 500 million because of the anticipated lack of licensing fees, so this is no small matter. It claims its patented technology is crucial to the iPhone even as it’s being manufactured by someone else, while Apple disagrees. We don’t know if there’s any chance the ITC will side with Qualcomm and actually ban any devices, but the threat puts billions of dollars in iPhone sales at risk.

Source: Bloomberg

Engadget RSS Feed

Google might bring curved screens to its next Pixel phone

Google, which has taken a hands-off approach to Android hardware until recently, may be getting more involved in smartphone production. It’s reportedly investing up to $ 875 million in LG Display to develop a stable supply of flexible OLED screens for its Pixel phones, according to reports from Korea’s Yonhap News and Electronic Times (ET). That would help ease supply problems for the next-gen device, as the current model has been nearly impossible to find.

The search giant would invest a trillion won ($ 875 million) and possibly more to secure a production line dedicated to its own smartphones. It may also reserve some flexible OLED screens for other devices like a rumored pair of “Pixel” smartwatches. LG display is reportedly mulling the offer, which would be a strategic investment and not just an order deposit. If it signs on, curved screens for the Pixel would likely be built in LG’s $ 1.3 billion flexible OLED line in Gumi, North Gyeongsang Province.

With its Nexus phones, Google let partners Huawei, LG and HTC control all aspects of the devices and hardware. However, with the Pixel and Pixel XL, Google actually took charge of the design and thus, to some level, the hardware. That was both a good and bad thing — the phone was generally acknowledged as the best-ever Google device, but was only released in the US, UK, Australia, Germany and Canada. Even in those nations, it was pretty damn hard to find.

If the news is accurate (and with supply rumors, that’s a big “if”) then Google would be playing favorites with one Android supplier, LG, over another, Samsung. On the other hand, Samsung might be quite okay with that, considering it’s about to launch its own curved OLED Galaxy S8 smartphone and possibly supply the flexible OLED display for Apple’s next iPhone 8. With OLED tech seemingly the only thing that manufacturers want, it makes sense for Google to cut a deal with LG, which isn’t faring so well with its own devices.

Via: Techcrunch

Source: Yonhap, ET News (translated)

Engadget RSS Feed

Next iPhone might have depth-sensing front camera

It’s that time of year, folks. Rumors of what the next iPhone will be like are coming in hot and heavy. Last week, well-connected Apple analyst Ming-Chi Kuo noted that the new handsets would nix the home button for a touch-friendly “function area.” Now there’s another bit of info. In a KGI Securities report detailed by 9to5Mac, the analyst explains that the upcoming OLED iPhone will feature a “revolutionary” front camera that’s capable of sensing 3D space via infrared.

More specifically, the report explains that the newfangled camera can combine depth information with 2D images for things like facial recognition, iris recognition and, perhaps most importantly, 3D selfies. Given the previous report about the home button being put out to pasture, there will need to be a replacement for Touch ID. Rumors indicate that either facial recognition or a fingerprint reader embedded in the display would assist with unlocking the device. This new report would point more to the former method.

The report also explains a bit about how the 3D front-facing camera would be used in gaming scenarios. The camera could be used to replace an in-game character’s head or face with that of the user and those 3D selfies could be destined for augmented reality.

It’s no surprise to get word of potential depth-sensing camera tech from Apple. The company nabbed PrimeSense in 2013, an outfit that co-developed the original Kinect for Xbox. This latest KGI report says PrimeSense algorithms will allow the hardware to depth and location of objects in its field of view. An earlier report from Fast Company explained that Apple was working with Lumentum to use its 3D-sensing tech on the next iPhone.

While the 3D camera will only be on the front side for now, Kuo says Apple will eventually employ the tech on around back as well. The report also explains that the company is way ahead of Android as far as 3D algorithms go, so a depth-sensing camera would be a unique feature for a couple of years. Of course, if the early rumors are true, you can expect to pay $ 1,000 for the 10th anniversary iPhone when it arrives.

Source: 9to5Mac

Engadget RSS Feed

Report: Apple might be revamping its iPad lineup in March

Japanese website Macotakara reports that Apple’s upcoming March event will see the release of a new line of iPad Pros as well as 128GB iPhone SE and a new bright red color choice for the iPhone 7 and 7 Plus. The company is expected to unveil iPad Pros in 7.9-inch, 9.7-inch, 10.5-inch, and 12.9-inch models.

That could mean that Apple is replacing the iPad mini 4 with the 7.9-inch Pro, refreshing the 9.7-inch and 12.9-inch models. and introducing a whole new model, the 10.5. However there have been some conflicting reports as to whether Apple really will do that. Both Barclays and KGI Securities failed to mention the 7.9-inch model in their predictions so it could be that the 10.5-inch will actually replace the mini 4. As DigiTimes points out, the 10.5’s screen width would be the same as the iPad mini’s screen height and, with that rumored edge-to-edge display, would fit in the same overall footprint.

Still, Macotakara is saying that the 7.9-inch will use the Smart Connector, a 12MP iSight camera, True Tone flash and display, just like its larger counterparts. The 10.5 and 12.9 inch versions will reportedly run on A10X chips while the smaller models will use the A9X.

Macotakara’s report also states that Apple plans to release an iPhone SE with 128GB of onboard storage as well as red variants of the iPhone 7 and iPhone 7 Plus, potentially as a licensing tie-in with Product Red. We might see new Watch bands in March as well given that the company similarly refreshed those at last year’s “Loop You In” event.

And while Macotakara is generally trusted as a source for advanced Apple announcements, there is no guarantee that the company will actually announce all of this stuff. We’ll simply have to wait until March to find out.

Via: Macrumors

Source: Macotakara

Engadget RSS Feed

Meet the wearable tablet you might use at your next job

There’s no way I would wear the Rufus Cuff wrist computer. After a few minutes with this 3.2-inch Android tablet strapped to my body, my wrist started to get all sweaty. It felt bulky, weird and to be honest, not very cool. But if the massive pre-orders are any indication, there is clearly a market out there. In particular, says the company’s CEO, Gabe Grifoni, in a few years something like the Cuff will replace the iPhone in your pocket and even be part of your next work uniform.

I’ll admit, I was initially dubious that a device that makes me feel like a less-cooler version of Leela from Futurama will be the first step of an inevitable wearable-computer revolution. But then Grifoni began telling me about potential industrial uses for the Cuff and it all started to make sense.

Employers believe that small Bluetooth-enabled Android tablets on their employees’ arms are a pretty good idea, according to feedback from the companies that have reached out to Rufus. With an app and a connected scanner, tasks like inventory, housekeeping at hotels and ticket-taking can be streamlined by freeing up the hands of the employees who would otherwise have to hold a tablet. The relatively low $ 300 price tag also means that smaller companies without the deep pockets of corporations could also get in on the action.

After a successful crowdfunding campaign, Grifoni started getting unexpected calls from businesses and their employees. “We were starting to get all these emails from warehouse workers and hotels.” he told Engadget. He says he’s talked to UPS and other companies about their employees using the Cuff in the workplace.

While the campaign generated $ 800,000 in pre-orders, Grifoni realized that enterprise is where all the growth is right now. But don’t worry, early adopters, the company will still sell the Cuff to consumers. Just beware that you’re not going to be rocking the latest generation of technology. Specifically, the pre-production unit I tried out had a 400×240 3.2-inch screen, which will look absolutely ancient next to your modern-day smartphone. Also, the 640×480 front-facing camera is guaranteed to make all your selfies look awful.

The actual bracelet portion of the device looks fine, though, and at least kept the Cuff mostly parallel with my arm. That said, while I would probably get used to having a computer on my wrist all day, it’s not something I’d look forward to. Did I mention it made my arm sweaty?

Grifoni predicts that wearable computers (not smartwatches) will be the norm in five to 10 years. We’ll get tired of pulling our phones out of our pockets and instead opt to have them visible at all times.

Maybe he’s right. It’s possible the future of mobile computing could be attached to our bodies. But even if he’s wrong, if he can get the Cuff into businesses and warehouses, it doesn’t really matter if the world’s population embraces tablets on their bodies in their free time because at work, some of us will get them with our nametags.

Engadget RSS Feed