Total Pageviews
Monday, 30 September 2019
VHA and TPG close by stating ACCC needs a 'forensic Tardis' to oppose merger
from Latest news https://ift.tt/2mYAZL9
via IFTTT
Stratasys leverages high performance partners to expand 3D printing innovation
from Latest news https://ift.tt/2mco1ZQ
via IFTTT
Deck the trees with smart Christmas lights and get festive with it!
Christmas is just around the corner, and many of you are in the process of getting the Christmas tree up, or maybe it's already been done! But what about the Christmas lights? There are some cool lights out there that you can control with your smartphone through an app, and they definitely add a touch of pizazz to your Christmas traditions.
Highly customizable
Twinkly LED String Lights
Staff favorite
Twinkly LED lights can be wrapped around your tree and display custom designs. There are preloaded shapes, or you can make your own custom design with the app.
Play with the lights
Lumenplay Starter Set
Lumenplay comes with 24 starter bulbs that you can use indoors or outdoors. The app lets you change the color of the lights or use a color theme, put on mini light shows, and can remotely turn the lights on and off.
Smart but affordable
Brizled Bluetooth LED Christmas Lights
You get 200 mini lights on a 65-foot string, which should be plenty to wrap around your tree or even outdoor furnishings. They connect to your phone via Bluetooth and the companion app, and you can adjust the speed of the lights, pulsing and disco effects, and more. Up to five sets can work together.
For the Philips Hue fan
Philips Hue LightStrips Plus
Smart lights everywhere
If you're already a Philips Hue user with the Hue Bridge, the LightStrip Plus can be attached under bars, bed frames, cabinets, or wherever else you want them. The Philips Hue app lets you change the color from over 16 million colors, or you can create custom light scenes. Everything can be remotely turned on or off, and it works with other Philips Hue lights.
Smart outdoor lights
Philips Hue White & Color Ambiance Outdoor LightStrip
The Outdoor version of the LightStrip is completely weatherproof, so it can withstand even the wettest environments. And you can have them set to either white or color through the Philips Hue app, so the possibilities outside are infinite.
Turn dumb lights into smart ones
Wemo Mini Smart Plug
The Wemo Smart Plug turns any old Christmas lights (or other electronics that plug in) into smart ones. This smart plug connects to Wi-Fi, allowing you to control your Christmas lights or other appliances through your phone with Google Assistant, Siri, or Amazon Alexa. You can even set schedules to turn them on or randomize the lights.
Illuminate the house with Christmas cheer
Philips Christmas LED Illuminate Starter Kit
If you want Philips Christmas lights but don't want to go all-in with Hue, the Illuminate Christmas LED lights are a good choice. The starter kit comes with 25 bulbs and a control box that lets you connect your phone to the lights with the Illuminate app. From there, you can choose the colors that are displayed, pick out effects, adjust the speed, and even play music and have the lights dance along to the tune. You can have up to 12 sets of Illuminate lights hooked up together.
Affordable color
Elfeland Color Changing Rope Lights
This affordable option on Amazon gives you 300 LED lights strung out over 32-feet. They're multicolored and dimmable, and everything can be controlled directly through the free companion app, including music effects.
Fast and simple
Star Shower Tree Dazzler
Instant setup
Tree Dazzler goes on top of your tree, and the light strings come down naturally, so you need to space them out. The remote control lets you instantly put on a twinkling light show in seconds. The lights are bright and colorful.
Deck the halls with boughs of holly
The holidays are upon us, and it's time to get festive with these smart Christmas lights. One of our favorites is the Twinkly LED String Lights because you can truly get creative with this one. And if creativity isn't your strong suit, then use one of the preloaded designs from the app and get in the spirit!
Another great one that I use personally is the Tree Dazzler. While this one doesn't connect to your phone or anything like that, it's super easy to set up, and the different effects that you can use are sure to cheer you up and get you in a festive spirit instantly. It's hypnotic and soothing, and the lights are very bright. And if you are already invested in the Philips Hue ecosystem, you can't go wrong with adding some LightStrips to the mix.
from iMore - The #1 iPhone, iPad, and iPod touch blog https://ift.tt/2E5MabN
via IFTTT
Japanese telco KDDI goes with Nokia and Ericsson for 5G
from Latest news https://ift.tt/2mbJxxQ
via IFTTT
Over 850,000 diagnostic reports uploaded to My Health Record each week
from Latest news https://ift.tt/2me7dSn
via IFTTT
Singapore defence ministry runs second HackerOne bug bounty programme
from Latest news https://ift.tt/2on0dDd
via IFTTT
Have Indian IT companies been gouging H-1B workers with low wages?
from Latest news https://ift.tt/2nKXByL
via IFTTT
Huawei opens flagship store in Shenzhen
from Latest news https://ift.tt/2nNVVEU
via IFTTT
DFAT seeks to upgrade its digital asset management system with SaaS
from Latest news https://ift.tt/2mWuAA8
via IFTTT
Fallout 76 public test server to arrive in 2020, over a year after game’s launch
from Digital Trends https://ift.tt/2m95oWE
via IFTTT
Studio head says PlayStation 5 will let developers focus on making games fun
from Digital Trends https://ift.tt/2mafN4q
via IFTTT
YouTube Music to be preinstalled on Android 10 devices
from Latest news https://ift.tt/2nOzxed
via IFTTT
Venezuela reportedly wants its central bank to hold bitcoin
YouTube is 'really happy' with viewership for its live MLB games
Australian government stumps up AU$182m for help with its Entrepreneurs' Programme
from Latest news https://ift.tt/2nM6g3Q
via IFTTT
What is semantic rendering, and how it improves your iPhone 11’s camera
from Digital Trends https://ift.tt/2m9Ek9T
via IFTTT
State Department revives investigation of Clinton's private emails
Huawei and Airtel use 1Gbps microwave MIMO backhaul for 5G
from Latest news https://ift.tt/2mKrWO1
via IFTTT
Checkm8, the iPhone 4s to iPhone X bootrom exploit, explained
Checkm8 is a bootrom-level security exploit that can be used against every iPhone from the 4S to the X. It was announced late last week by axi0mX — axi0mX… axi0m10… dammit, Apple! — and ever since we've seen everything from fear, uncertainty, and doubt, to supremely good reporting on what it is, what it isn't, and most importantly, what it means for all of us.
So, let's try to sort it all out.
Now, before we dive in, I'm not an infosec expert nor do I play one on the internet. Checkm8 is absolutely serious but very specific and in some ways very limited. It's certainly helpful for jailbreakers and researchers that it exists, probably neutral good for bad actors, and bad for Apple and a black eye for iOS security that'll no doubt drive them even harder to lock things down even better, again.
But, for the average user, the threat level today probably isn't any different than it was a week ago. I'm going to sum up why as best and as accurately as I can, but I'm also going to link up some terrific work by Ars Technica and Malwarebytes in the description. Hit them up for much, much more. Cool? Cool.
So, what's a bootrom exploit?
Bootrom, or secureBoot, is the very first code that runs on an iOS device when it starts up. It lives on a ROM, or read-only memory chip, at the very lowest level of the device, and it typically can't be changed.
A bootrom exploit, then, is an exploit that targets a bug in the Bootrom. That's as opposed to the far, far more common exploits that target bugs at the higher operating system level.
While operating system exploits are far more common, they're also far more easily fixed. Pretty much every time Apple updates iOS, the new version patches security issues with the old version.
Not so with bootrom exploits. Because they're in ROM, they're nigh-impossible to patch. I mean, never say never, but so far, every device with a bootrom that's exploited stays exploited.
And checkmate exploits every device with an A5 to A11 chipset.
Um… which devices are those exactly?
So far, devices affected by checkm8 include:
- iPhone 4s to iPhone X.
- iPad 2 to 7.
- iPad mini 1 to iPad mini 4.
- iPad Pro 1 and 2.
- Apple TV 3 to 4K.
- iPod touch 5 to 7.
Earlier iPhones, iPads, iPods touch, and the like aren't affected.
What about current devices?
The new entry-level 10.2-inch iPad and iPod touch 7 are on A10, so they're the only current devices currently affected.
Checkm8 doesn't work on A12 or A13, so that means the following devices are NOT affected:
- iPhone XR, XS, 11
- iPad Air 3
- iPad mini 5
- iPad Pro 3 (2019)
As to why, the developer told Arn Technica:
There were changes to make [newer chipsets] not exploitable. All I know is I can't get it to work. For me, it's not something that I can do. What I do involves using multiple bugs. Some that are not serious might be required to access other bugs that are more serious. Because Apple patched some bugs in the newer phones, it can no longer be exploited as far as I know.
Wait, is checkm8 a jailbreak, and attack, something else?
Checkm8 is an exploit, and that's it, at least for now.
It's something that could and probably will turn into a jailbreak sooner rather than later, but also has some very limited, very targeted potential to be turned into an attack as well.
Given what it is and those limits, though, it's probably not something most of us have to worry about.
Why would an attack be limited?
There are a few things that limit Checkm8's potential as an attack.
First, it can't be executed remotely. Someone has to take physical possession of your iPhone, iPad, or other iOS device first, but it in DFU or device firmware update mode, and then plug it into a PC over USB before they can even use the exploit.
Second, Apple has a secure boot chain, so every step is checked by the previous step. And if the signatures aren't verified, the software won't run.
Checkm8 can't rewrite the bootrom, it can only exploit it. Here's what that means, according to what the developer told Ars:
I can't write my code into the read-only memory, so my only option is to write it into RAM or, in this case, SRAM—which is the low-level memory that is used by the bootrom—and then have my injected code live in this small space. But the actual bootrom code itself does not get copied in there. It's only the things that I added to my exploit.
But what that means is, checkm8 isn't persistent. It can be used to run unsigned code on your device, but that code only lasts until the device is rebooted. Then it goes right back to normal, and you'd have to go through the whole exploit process again to run the unsigned code again.
Third, Checkm8 doesn't compromise the Secure Enclave on the A7 or later, which means it can't beat the hardware encryption, get around Touch ID or Passcode — and doesn't work on devices with Face ID — or otherwise give anyone else access to your data or secrets.
To get at those, you would have too leave your device lying around somewhere vulnerable for an extended amount of time, an attacker would have to get ahold of it, run the exploit, get a hold of and load up malware that could try and capture your credentials, put your device back, and then try to capture them.
And, if they're a disgruntled family member with that kind of access to you and your devices, it'd be far easier to just put your finger on the Touch ID sensor or shoulder surf your passcode over time anyway.
For non-family members, again, the creator talking to Ars:
Yes, but [installing a potential back door is] not really a scenario that I would worry much about, because attackers at that level… would be more likely to get you to go to a bad webpage or connect to a bad Wi-Fi hotspot in a remote exploit scenario. Attackers don't like to be close. They want to be in the distance and hidden.
So, again, never say never.
At large scale, I'm not sure checkm8 changes the economics of iOS attacks. But, if you're concerned, and still running an A5 or A6 device, which Apple is no longer supporting or updating anyway, then add this to the voluminous list of reasons you should consider upgrading asap.
And, if you think, based on who you are or what you do, that you have a much higher potential threat level, then you've probably already, routinely upgraded to the latest silicon anyway.
But, jailbreak, exciting, right?
Jailbreakers are probably the most excited about Checkm8. Now, nowhere nearly as many people jailbreak as they used to because iOS has continued to add more and more of the functionality that people used to jailbreak for. But, the ones that do, the customizers, the tweakers, the unsigned appers — they're every bit as passionate as ever.
And this is like the second coming of the holy grail for them, basically because it's been so long since they've had a jailbreak built off of a bootrom level exploit.
What makes it so attractive to jailbreakers is that, unlike operating system exploits, which have led to jailbreaks as recently as iOS 12 this year, bootrom exploits don't get blown away the very next time Apple releases a software update.
So, the jailbreakers can relax and enjoy their open systems, and likely with any version of iOS past, present, and future, for as long as they're using one of the affected devices.
With a few caveats.
First, it'll only be those devices, iPhone 4s to iPhone X, primarily, and as time passes those devices will be less and less modern and interesting.
Second, even when the jailbreak comes, it will be a tethered jailbreak. At least for now.
That means, yes, putting the device in DFU or device firmware update mode, connecting the device to a PC with a USB cable, and running the jailbreak every time it reboots.
And that might be just enough of a hassle that it'll relegate long term use to the hardcore rather than just the curious.
And researchers?
Security researchers are likely the group that benefits the most from checkm8, at least in the short term.
Up until a month or so ago, when Apple announced their new bug bounty program and research-fused devices, researchers had to come up with their own exploit chains or get their hands on blackmarket dev-fused devices to even get into iOS and start poke around.
So, having a likely irrevocable bootrom level exploits, even if only for older devices, will make researchers lives just that much easier. Basically, it solidifies the first link in the exploit chain for them, and they can just get on with everything else.
And even before Apple starts shipping those research-fused devices.
What about nation states?
What does this mean for nation states and government agencies, and the companies that supply exploits and devices to them?
Much the same.
Politics bends everything, including the economics of iOS attacks. But, these entities typically have exploits of their own already. At most, checkm8 will supply them with an alternative to what they already have, and one that can't be blown away by an iOS software update in the future. Though, again, only on older devices.
They'll still need their own exploits for more recent devices, and because checkm8 doesn't get around the secure element or passcode or Touch ID, they'd still need their own exploits for the rest of the chain as well.
The developer, speaking with Ars:
I don't think that they can do anything today with Checkm8 that they couldn't do yesterday [without Checkm8]. It's just that yesterday maybe they would do it a slightly different way. I don't think they gain anything from this release.
So, again, if based on your work or just who you are, you think you're potentially at higher risk from Checkm8 specifically, you can protect yourself by making sure you're on an A12 or A13 device.
So, do I need to worry about checkm8?
Checkm8 is an incredible piece of work. You only have to look at how long it's been since the iOS bootrom was last exploited to understand just how much axi0mX has really accomplished.
But, for right now, this is also so very inside baseball, and not something the average fan in the field is even going to see.
So, stay informed, absolutely. Follow those links in the description if you want to learn more about int, please.
But don't lose any sleep over it, or let anyone steal any of your time with attention bait.
One part of an iOS exploit chain has been made stable for a series of older devices.
Apple has to address that, and address how they're handling iOS security in general in an age where so many eyes and minds are on them.
It's already fixed in newer devices, but Apple has to figure out new and better ways to keep it from happening with current and future devices. It's been a decade since it's happened before but the goal should, and I'm kinda guessing is, forever until it happens again.
But that's all on Apple. For us, again again, anyone at all concerned by checkm8, if you haven't already, upgrade to an iPhone XR, XS, or 11, or a current or eventually later-generation iPad Pro.
And then checkm8 will be checked out of luck.
from iMore - The #1 iPhone, iPad, and iPod touch blog https://ift.tt/2mT6V3q
via IFTTT
Best new shows and movies to stream this week: Marianne, Rango, and more
from Digital Trends https://ift.tt/2Ch6WVl
via IFTTT