Recently patched vulnerabilities provided hackers complete access to iPhones

Why it matters to you

Although new exploits are being discovered all the time, researchers are working tirelessly to protect you and your information.

A new report from a mobile security firm has highlighted a series of vulnerabilities in previous versions of iOS that, when used in the right context, could give an attacker complete control of a user’s device. The findings were published by Zimperium, and relate to two components in particular: the IOSurface and AppleAVE kernel extensions.

These components are responsible for driving a device’s display and allowing hardware acceleration for videos, respectively — though Zimperium has outlined eight ways in which they can be used to compromise an iPhone or iPad. The vulnerabilities concern the elevation of privileges, so unscrupulous parties can be granted free rein over the system. Once they’re in, a hacker can access a variety of personally identifiable information, like the device’s GPS location data, contacts, microphone, and even photos.

The IOSurface extension in particular has been previously linked to jailbreak methods, and with the release of iOS 10.3.2, Apple has patched the issues. However, users of older devices are still left unprotected. According to Zimperium’s Adam Donenfeld, who discovered the vulnerabilities, the exploits are so discreet that they can be performed without the user’s knowledge.

“Before the patch, the only way for a user to guard itself was to install a third-party mobile protection solution,” Donenfeld told Digital Trends. “Unless patched, without a third-party mobile protection solution there’s no way for a user to know whether he’s being attacked.”

Thankfully, Donenfeld noted that Apple has acted swiftly in issuing fixes. Zimperium notified the company of its findings toward the end of March, and Apple pushed out iOS 10.3.2 to devices in mid-May. The oldest iPhone currently supported with updates is the iPhone 5, meaning the wide majority of current iOS users have been covered. Zimperium will publish an expanded proof-of-concept explaining the vulnerabilities in greater detail soon, but the report is currently being delayed at Apple’s request.

Mobile devices carry unique risks. That’s the reason why firms like Zimperium exist — to address the concerns of smartphone and tablet users, who face a very different threat from their desktop counterparts. One of the dangers Donenfeld identifies is the behavior of many mobile devices in automatically connecting to available public Wi-Fi networks.

“Network-based threats are significant and far too easy to execute,” Donenfeld said. “Plus, malware in many forms has grown at an alarming rate in recent years. We’ve seen an increasing number of mobile vulnerabilities — such as Stagefright — being discovered.”

Despite manufacturers’ and researchers’ best efforts, Donenfeld doesn’t expect the rising tide of crime to turn anytime soon.

“Mobility provides a huge number of assets with much less risk of discovery and prosecution than traditional crimes, so it is only logical that mobile threats will continue to grow.”

What does 4G sound like? Robotic instrument turns mobile data into music

Why it matters to you

Our lives are becoming increasingly connected. This installation helps put that in perspective by turning data usage into music.

We hear it almost every day — robotic machines are getting smarter and they’re coming to take our jobs. But when we think about automation, we tend to see robots in kitchens and factories, not jamming out on concert stages.

That future might not be far away, though. A team of researchers at Georgia Tech recently created a marimba-playing robot that writes and plays its own compositions using deep learning. And now a Lithuanian artist named Andrius Sarapovas has created an immense robotic sculpture that turns 4G data into music.

The Kinetic Generative Music Installation consists of 77 individual “players” that use a metal bar, sound activator, dampener, resonator, and mechatronics, which combine electronics and mechanical engineering.

Each component is either hanging from the ceiling or attached to the wall. With access to mobile company Tele2’s Lithuanian 4G network, the installation uses a custom algorithm to translate the network’s statistical data into sounds.

One second of data usage creates one second of music, while the number of sessions connected to Tele2’s network determine the music’s rhythm, velocity, volume, and lighting within the installation. Pitch is decided by the amount of data downloaded.

“The installation can also be viewed as a single large musical instrument that sets its own routine,” Sarapovas told Creators.

Through his installation, the artist hopes to explore the area where structure and chaos meet in a way that’s perceivable to people.

“What’s interesting is that not all of the data used in the project is generated directly as a result of human actions,” Sarapovas said. “Some of it is determined by long-term choices to use one device or another, by the apps they’ve installed, or by the settings they use.”

We live increasingly connected lives and, although many of us are dependent on data and algorithms, we rarely perceive just how reliant we are.

“Our smart devices are always on, updating their apps, refreshing their news feeds, and synchronizing their data,” Šarapovas said. “This means that our kinetic installation’s algorithm is also being activated by other algorithms, which can be affected by yet other algorithms, and so on.”

Creating the installation was a collaborative and generative process in its own right, including a team of over 70 people, including professional programmers, engineers, and electromechanics.

What does 4G sound like? Robotic instrument turns mobile data into music

Why it matters to you

Our lives are becoming increasingly connected. This installation helps put that in perspective by turning data usage into music.

We hear it almost every day — robotic machines are getting smarter and they’re coming to take our jobs. But when we think about automation, we tend to see robots in kitchens and factories, not jamming out on concert stages.

That future might not be far away, though. A team of researchers at Georgia Tech recently created a marimba-playing robot that writes and plays its own compositions using deep learning. And now a Lithuanian artist named Andrius Sarapovas has created an immense robotic sculpture that turns 4G data into music.

The Kinetic Generative Music Installation consists of 77 individual “players” that use a metal bar, sound activator, dampener, resonator, and mechatronics, which combine electronics and mechanical engineering.

Each component is either hanging from the ceiling or attached to the wall. With access to mobile company Tele2’s Lithuanian 4G network, the installation uses a custom algorithm to translate the network’s statistical data into sounds.

One second of data usage creates one second of music, while the number of sessions connected to Tele2’s network determine the music’s rhythm, velocity, volume, and lighting within the installation. Pitch is decided by the amount of data downloaded.

“The installation can also be viewed as a single large musical instrument that sets its own routine,” Sarapovas told Creators.

Through his installation, the artist hopes to explore the area where structure and chaos meet in a way that’s perceivable to people.

“What’s interesting is that not all of the data used in the project is generated directly as a result of human actions,” Sarapovas said. “Some of it is determined by long-term choices to use one device or another, by the apps they’ve installed, or by the settings they use.”

We live increasingly connected lives and, although many of us are dependent on data and algorithms, we rarely perceive just how reliant we are.

“Our smart devices are always on, updating their apps, refreshing their news feeds, and synchronizing their data,” Šarapovas said. “This means that our kinetic installation’s algorithm is also being activated by other algorithms, which can be affected by yet other algorithms, and so on.”

Creating the installation was a collaborative and generative process in its own right, including a team of over 70 people, including professional programmers, engineers, and electromechanics.

Ether theft escalates with a larger, second digital currency heist this week

Why it matters to you

Digital currency still has value in the real world and users must stay aware that software flaws and link errors can still lead to financial woes.

Just days after a hacker managed to steal more than $7 million in digital currency using a simple link switch on a website, a second hacker group grabbed even more in a separate incident involving a vulnerability in a digital wallet client. The incident took place between 3 p.m. and 4 p.m. (ET) on Wednesday and affected v1.5 and later versions of Parity Wallet. The problem has since been fixed, but not before hackers stole more than $33 million in Ether.

Digital currency such as Bitcoin and Ether are typically transferred across the internet from digital wallet to wallet using special links. A multi-signature wallet requires the use of multiple keys to authorize a digital currency transaction that requires the authorization of multiple individuals. Ethereum creator Gavin Wood developed Parity Wallet, which can support numerous contracts that require multi-signature transactions in one application.

Parity said on Wednesday that affected users consist of any multi-signature wallet created within Parity Wallet prior to 5:14 p.m. (ET) on Monday. All users are encouraged to move assets contained in those wallets to a secure address. So far, the company has not stated who was affected by the vulnerability but several entities have come forth to publicly disclose their loss stemming from the hack, one of which is peer-to-peer sharing economy Swarm City.

“Bernd Lapp, Business Hive leader noticed that the entire contents of the Swarm City ETH multi-sig wallet had been drained. Bernd checked the receiving address and noticed a few very large transactions had hit the same wallet. We alerted the Ethereum Foundation and multiple developer groups immediately,” states Swarm City.

After an investigation, Swarm City determined that hackers exploited a flaw residing within the code handling multi-signature transactions in Parity Wallet. Overall, the hackers stole more than 153,000 Ether coins from multiple Ethereum-based projects such as Aeternity and Edgeless Casino. Swarm City said it also lost 44,055 Ether coins, which equals out to just over $10 million in cash at the current exchange rate.

But the total Ether depletion could have been a lot worse. Swift City said that a whitelist hacker group used the same exploit to drain many multi-signature wallets to keep the digital currency out of the hackers’ hands. This group managed to save more than 377,000 Ether coins ($86 million) as shown in this Etherscan of their digital wallet.

“White Hat Group(s) were made aware of a vulnerability in a specific version of a commonly used multi-sig contract,” a public note states. “This vulnerability was trivial to execute, so they took the necessary action to drain every vulnerable multi-sig they could find as quickly as possible. Thank you to the greater Ethereum Community that helped finding these vulnerable contracts.”

The wallet of the hackers behind the Ether heist can be found here. The account still has around $19 million worth of Ether, which can only be spent on the Ethereum platform. Those who lost Ether in Wednesday’s heist might want to check with the white hat address to see if the “good guys” saved their coins.

Head into orbit as Google Street View now lets you explore the ISS

Why it matters to you

The ISS has a unique perspective on the world and now you can appreciate it, as well as learn about its various modules and technical equipment.

Google Street View gave flat-Earth truthers another reason to doubt their beliefs by opening up the airlocked doors to the International Space Station. Now anyone with access to the navigational tool can explore the layout of one of mankind’s greatest achievements from the comfort of your own home.

Street View is typically used to help people find their way to a particular destination, or explore remote parts of the world which they may not otherwise have access to. This latest update really embodies that second use, though it is not technically part of the world but is in our orbit.

Made up of a collection of images of everything from the station, to the cupola Earth-viewpoint module, space fans can now explore every inch of the ISS to get a better look at what the last 16 years of construction have achieved. There are modules for science and engineering, sleeping quarters and a series of windows with a unique view of the world, all available for anyone to look at.

Taking the opportunity to educate virtual visitors to the space station, NASA has provided a number of descriptions of specific modules and equipment within them. There is a whole paragraph on the WHC, or waste and hygiene compartment, which deals with much of the solid and liquid waste from the astronauts aboard the station. That is just one of the many detailed descriptions you can dig into though.

Be prepared to drag around your view a little more than a standard Street View session because, without the confines of gravity to hold back design, the ISS sprawls in all sorts of directions. You will find interesting information and views from above and below, just as much as you would to the sides.

The timing of the images taken aboard the ISS is of particular interest too, as it happened to be when one of Space X’s Dragon capsules was docked with it, according to TechCrunch. That means you can get a unique view of the cargo capsule from the space station and appreciate what it must be like to see the cargo arriving.

Alongside this new Street View experience, you can also see how Google and the astronauts crafted it in the header video above.

Head into orbit as Google Street View now lets you explore the ISS

Why it matters to you

The ISS has a unique perspective on the world and now you can appreciate it, as well as learn about its various modules and technical equipment.

Google Street View gave flat-Earth truthers another reason to doubt their beliefs by opening up the airlocked doors to the International Space Station. Now anyone with access to the navigational tool can explore the layout of one of mankind’s greatest achievements from the comfort of your own home.

Street View is typically used to help people find their way to a particular destination, or explore remote parts of the world which they may not otherwise have access to. This latest update really embodies that second use, though it is not technically part of the world but is in our orbit.

Made up of a collection of images of everything from the station, to the cupola Earth-viewpoint module, space fans can now explore every inch of the ISS to get a better look at what the last 16 years of construction have achieved. There are modules for science and engineering, sleeping quarters and a series of windows with a unique view of the world, all available for anyone to look at.

Taking the opportunity to educate virtual visitors to the space station, NASA has provided a number of descriptions of specific modules and equipment within them. There is a whole paragraph on the WHC, or waste and hygiene compartment, which deals with much of the solid and liquid waste from the astronauts aboard the station. That is just one of the many detailed descriptions you can dig into though.

Be prepared to drag around your view a little more than a standard Street View session because, without the confines of gravity to hold back design, the ISS sprawls in all sorts of directions. You will find interesting information and views from above and below, just as much as you would to the sides.

The timing of the images taken aboard the ISS is of particular interest too, as it happened to be when one of Space X’s Dragon capsules was docked with it, according to TechCrunch. That means you can get a unique view of the cargo capsule from the space station and appreciate what it must be like to see the cargo arriving.

Alongside this new Street View experience, you can also see how Google and the astronauts crafted it in the header video above.

LG shows off the Q8 — a waterproof V20 in a slightly more manageable package

Why it matters to you

Did you like the V20, but didn’t like the size and lack of waterproofing? The Q8 might be the phone for you, provided you can get one where you live.

LG has two flagship smartphones currently on the market — the G6, which released in the spring, and the V20, which has been kicking around since last fall. They are both powerful, capable devices, but feel very different to use. On Thursday, in a surprise announcement, the company unveiled a third top-tier option — the LG Q8.

The Q8, in essence, appears to be a smaller version of the V20. That phone had a 5.7-inch display with a secondary “ticker” panel at the top, beside the front-facing camera. The Q8 sports a similar layout, though its main display measures just 5.2 inches, while featuring the same QHD resolution. In terms of the design, it also borrows the V20’s metallic, dark silver enclosure and even its Quad DAC audio tech. The dual cameras have been carried over as well — though the Q8’s main shooter is 13 megapixels, compared to the 16-megapixel one found in the V20.

Surprisingly, the Q8 goes even a step further in one very significant respect. It is rated IP67 water-resistant, which is more than can be said for the V20. Despite the smaller size, the phone contains the same processor as its larger sibling — Qualcomm’s Snapdragon 820 — along with the same 4GB of RAM and a battery that is comparable in capacity at 3,000mAh. That is a hair smaller than the 3,200mAh unit in the V20 but the more compact frame had to shave off some bulk from something.

That sounds like a winning package in a much more accessible form factor, though LG is remaining tight-lipped on whether most consumers around the world will be able to get their hands on one. Currently, the Q8 has only been announced in Italy and is scheduled to release sometime before the end of July. At an asking price of 600 euros (about $698), it is still quite expensive considering the age of the V20’s hardware, which is almost a year out of date at this point. We have reached out to LG about expanded availability and will update this article as we receive more information.

We liked the V20 when we reviewed it in 2016, though we admitted that the lack of waterproofing and large size may be deal-breakers for some users. Fortunately, the Q8 looks to solve those issues, if they kept you from snagging a V20 before.

Google brings former iOS-exclusive Motion Stills app to Android

Google’s Motion Stills comes to Android, and it’s fantastic.

Google is bringing one of its remaining iOS exclusives to Android. Motion Stills emerged in the wake of the iPhone 6s’ Live Photos feature as one of the easiest ways to capture short bits of stabilized video and turn it into shareable GIFs.

Now, a year and a bit later, Motion Stills is available on Android — for the 65% or so of devices running Android 5.1 or higher.

The app is set up quite differently on Android: instead of using existing video content and making it into a Motion Still, the Android version forces users to capture video inside the app, creating something like a Boomerang or Hyperlapse.

Like the iOS version, though, resulting video is stabilized — Google said it “redesigned [its] existing iOS video processing pipeline to use a streaming approach that processes each frame of a video as it is being recorded.”

By computing intermediate motion metadata, we are able to immediately stabilize the recording while still performing loop optimization over the full sequence. All this leads to instant results after recording — no waiting required to share your new GIF.

Another feature, Fast Forward, builds on that stabilization algorithm to capture a longer clip and create a time-lapse, or hyperlapse in the modern parlance. Playback can be adjusted from 1x to 8x depending on the desired effect, and then output as a GIF in one of three sizes.

Motion Stills is available for 65.6% of Android users, which leaves out a fair few million, but it’s an impressive technical achievement that needs modern GPUs and APIs. Such is life.

Download Motion Stills (free)

HDHomeRun DVR is a slick and simple way to record TV with Android

The makers of the HDHomeRun TV tuner are working on a DVR to go with it. And it’s pretty great.

Using Android or Android TV, you’re not exactly short on options to watch live TV, nor for recording it. There’s one little box, though, that we often keep coming to that sits at the heart of many of these solutions. And it’s got its own DVR in progress.

Thanks to the good people at SiliconDust, we’re now taking a proper look at it. It’s simply known as the HDHomeRun DVR, and it’s probably the easiest DVR to use if you already have an HDHomeRun tuner.

Setup … or lack thereof

When you sign up to the DVR service, you’re emailed a link and an activation code. Essentially you just link your DVR account to your hardware and then everything works. There’s a dedicated install app that takes the place of the regular HDHomeRun setup, but it’s basically the exact same thing with added DVR settings.

If your HDHomeRun is already configured, all you need to do is point the program to a location to save recordings and hit finish. You can record to a PC or Mac or to a network-attached storage (NAS) drive. The rest can be done within the apps that you use to view live content.

Recording shows

The DVR functionality is enabled within the same HDHomeRun app you’ve already been using. There are some new bits for you to explore and a shiny red record button that presents itself in the live TV window.

One of the benefits you get with the DVR subscription over just using the free HDHomeRun app is a 14-day guide that allows you to browse further into the future and set up your recordings and season pass recordings ahead of time.

The Discover tab also gives you a highly visual interface to browse what’s on right now and what’s up next, and then breaks it down further into TV, movies, and sports.

To set a recording, you select the show or movie you want, and then you’re given the times it’s available to record from. Not only do you have control over what you’re recording, but also exactly when, which is a neat tool to have to maximize the use of the two tuners.

If you’re watching something live that you like the look of, you have one-touch access to record it by hitting the big red button on the bottom bar.

It’s important to note that while the DVR works with the HDHomeRun Prime, DRM-protected channels that can be viewed may still be excluded at this time from recordings.

DVR playback

When you’ve recorded shows, you’ll be able to watch them back in any of the HDHomeRun client apps on your supported devices. They’re handily displayed under the recordings tab and since you’re streaming over the same local network as you use to watch live TV, performance is good.

Recordings are only as good as the channels you receive, but if you’re getting a good signal, you’ll get great recordings. I recorded some samples from HD channels and was very pleased with the results.

What’s also excellent in the HDHomeRun DVR is how well fast-forward works. On some other services, fast-forward can leave buffering, but not so here. For all intents and purposes, it’s just like watching content on an actual DVR box under your TV.

Bottom line

For $35 a year (at least for now), the HDHomeRun DVR represents excellent value. The price will go up eventually, but it’s still in development and you’re getting a great deal on jumping into the early access. It’s already a polished product that’s insanely simple to use.

There’s next to no setup if you’re already using an HDHomeRun tuner on your network, and it’s as close to plug-and-play as you’ll get.

If you’re already using something else, such as Plex DVR, you’re probably not going to benefit much from switching. Especially if you’re already using a service you pay for. But if all you want is a low-cost, easy-to-use DVR system for your home network, give this one a look.

Download HDHomeRun beta from Google Play

See at SiliconDust

All the best deals from Best Buy’s “Black Friday in July” sale

Our friends at Thrifter are back again, this time with roundup of Best Buy’s “Black Friday in July” sale!

Best Buy is kicking off a huge day of deals with “Black Friday in July.” The deals have been leaking out over the last couple days because Best Buy Elite and Elite Plus members (customers who spend $1,500 and $3,500 a year at Best Buy) have had early access. The fun starts today for “My Best Buy” members, which is free to sign up for and requires no obligation other than an email and password.

If you don’t want to sign up for My Best Buy, a lot of these deals might not last very long tomorrow when it all goes live to the public. We’ve rounded up some of the best deals from the sale, which you can find direct links to below:

These Vizio Soundbars provide some of the best bang-for-your-buck in the soundbar market. These models are already super affordable while producing great sound, and these deals are some of the lowest prices ever.

• S3851X 5.1-channel Soundbar System for $179.99 (Normally $299.99)
• SB3830 3.0-Channel Soundbar for $99.99 (from $149.99)

This CyberPower Gamer Desktop with 8GB RAM, 1TB HDD, AMD Radeon RX 460 graphics is only $449.99 (Normally $549.99)

The Netgear Arlo 4-pack Security Cameras is $379.99 (from $483.99). This is even better than previous deals we’ve seen.

Add an Xbox One S console and get a free controller. This deal from Walmart is nearly identical and adds a free game.

While we have seen deals on iPad Pros before, this sale includes both the 9.7-inch and the 12.9-inch versions in multiple capacities and colors. The higher capacity iPad Pros do not regularly drop in price, so if you’ve been looking for more storage in your tablet, this is a good time to buy. The 9.7-inch has been replaced by the 10.5-inch, but these are still great deals.

• 9.7-inch 32GB for $399.99 (from $474.99)
• 9.7-inch 128GB for $499.99 (from $574.99)
• 12.9-inch 128GB for $749.99 (from $899.99)
• 12.9-inch 256GB for $849.99 (from $999.99)

Here’s a few more deals we’ve found:

• MacBook Air 13.3-inch 8GB RAM and 128GB SSD for $699.99 (from $849.99)
• MacBook Air 13.3-inch 8GB RAM and 256GB SSD for $849.99 (from $999.99)
  • These MacBooks are from 2015 but the prices are some of the best we’ve seen
• Mohu Leaf 50 indoor HDTV antenna for $49.99 (from $60.99)
  • This only matches a price Amazon regularly sells at
• TP-Link LB120 Smart LED for $27.99 (from $34.99)
  • This matches Amazon’s Prime Day sale
• PlayStation VR unit for $349.99 (Normally $399.99)
  • This is $50 better than previous deals
• 10% off iTunes Gift Cards
  • If you want to spend $100 you can get a better price at eBay.
• Yuneec Typhoon H Hexacopter for $799.99 (from $999.99)
• WD easystore 4TB USB 3.0 external hard drive for $89.99 (from $199.99)

These deals require Best Buy’s Gamers Club Unlocked:

• Gears of War 4 for Xbox One for $19.99 (from $29.99)

• Halo Wars 2 for Xbox One for $19.99 (from $29.99)

• Nintendo 3DS Games Buy One, Get One 50% Off

• Buy 2 of these Nintendo 3DS games for $24 total (from $40): Animal Crossing: New Leaf, The Legend of Zelda: Ocarina of Time 3D, Luigi’s Mansion: Dark Moon, Mario & Luigi: Dream Team, Kirby: Triple Deluxe

• Buy 2 of these Nintendo 3DS games for $36 (from $60): Mario Kart 7, Super Mario 3D Land, New Super Mario Bros. 2, Metroid Prime: Federation Force

• Buy 2 of these Nintendo 3DS games for $48 (from $80): Pokémon Sun, Pokémon Moon, Pokémon X, Pokémon Y, Pokémon: Alpha Sapphire, Pokémon: Omega Rub, Super Smash Bros, Poochy & Yoshi’s Woolly World, Mario Sports Superstars, Super Mario Maker, Mario Party: Star Rush, Dragon Quest VIII: Journey of the Cursed King, Dragon Quest VII: Fragments of the Forgotten Past, Kirby: Planet Robobot, Bravely Second: End Layer.

See the sale at Best Buy

More Stories from Thrifter:

• It’s smarter to buy physical games instead of digital downloads
• Which warehouse shopping club is for you?

For more great deals be sure to check out our friends at Thrifter now!