‘Poison Tap’ USB Device Hijacks User Data From Screen-Locked Macs
A developer has created a $5 device that can hack into screen-locked Macs and potentially other computers as long as a web browser is left running on the desktop.
Samy Kamkar made a YouTube video showing what happens when his creation hacks into a target computer. Called a “Poison Tap”, the device runs on a Raspberry Pi Zero which plugs into a computer’s USB port.
Once attached to the locked and password-protected Mac, it hijacks all web traffic by posing as a standard internet connection, after which it sets about siphoning and storing the user’s HTTP cookies.
The attacker can then potentially use the stolen cookie data to access websites the user visited and log-in as them without having to enter username and password information.
Speaking to the BBC, Trend Micro security researcher Rik Ferguson said the device was a plausible threat to users who frequently left their computer unattended.
[In normal circumstances] Even when you are not using a web browser it is still making requests and communicating – due to updates or ads. Once the device is plugged in it exploits that communication and steals session cookies from the top one million websites.
Two-step verification would be susceptible to the same attack, explained Ferguson, because the device is able to intercept the cookies and pretend it is already in an open session. The only way to guard against such an attack would be for websites to use an encrypted connection such as HTTPS.
Otherwise, the best solution is for users to ensure they close their browser every time they leave their Mac unattended, or else close it down completely.
Discuss this article in our forums
You can nab an Amazon Kindle Paperwhite for £80, but be quick about it!
Amazon is one of the biggest drivers for Black Friday deals and you can often find great bargains on its homegrown tech especially.
Take its Kindle Paperwhite, for example. The eBook reader that many believe is one of the best on the market (ourselves included) is now available for as low as £79.99 – more than 25 per cent off.
You’ll have to be quick as the deal is only available until Tuesday 29 November. It could even end sooner if stock runs out – which could be the case considering Christmas. Purchases are limited to two per customer though, in order to stop resellers getting too many, so it might be okay for the next seven days.
The £79.99 model is available in black or white, with Wi-Fi only and with “special offers”, which means you’ll be served adverts for content each time you switch it on. Alternatively, you can ditch the special offers for an extra tenner, with an ad-free model available for £89.99.
A Wi-Fi plus free 3G version – so you can connect and download books when not near a hotspot – is £139.99 with the special offers, £149.99 without. All prices represent healthy discounts for the period.
You can also check out more Amazon and other retailer deals in our handy guide to Black Friday bargains here.
We also have deals round-ups for all the different tech categories, which we are updating constantly:
- Best Black Friday UK TV deals: 4K, HDR, OLED TVs and more
- Black Friday UK laptop deals: the best laptop deals online
- Best Black Friday UK fitness tracker deals: Garmin, Fitbit, Polar and more
- Best Black Friday UK games deals: Amazing PS4, Xbox One and Nintendo deals
- Best Black Friday UK camera deals: DSLR, compact and system camera bargains
- Best Black Friday UK phone deals: Apple, Samsung, Android phone deals galore
- Black Friday UK smartwatch deals: The best smartwatch deals online
- Best Black Friday UK tablet deals: iPad, Android, Surface, Amazon and more
Ofcom bans BT/EE from bidding on new 4G spectrum
In a bid to bring balance to the UK’s mobile industry, communications watchdog Ofcom has confirmed it will limit BT and EE’s role in upcoming 4G auctions. Next year, Ofcom will sell off 190 MHz of spectrum in the 2.3 GHz and 3.4 GHz bands, upping Britain’s overall 4G footprint by almost a third, but BT and its newly-purchased subsidiary will be excluded from bidding on the entire 2.3 GHz band. Ofcom is worried their involvement “could harm competition in the next few years” if they were allowed to own nearly half of the usable spectrum in the market.
As it stands, BT and EE own 45 percent of the “immediately useable” UK spectrum, which is mobile connectivity that can be deployed right away. Vodafone has 28 percent, while O2 and Three own 15 percent and 12 percent respectively. Regardless of what happens in the auction next year, BT and EE’s share of useable spectrum will fall from 45 percent to 42 percent as a result of Ofcom’s block.
The good news for BT and EE is that there won’t be any limits placed on the 3.4 GHz band. That’s because this part of the spectrum can’t immediately be deployed and is earmarked for the development of 5G services. The idea is to let operators acquire spectrum early so they can begin advancing and testing the next standard in mobile networking.
Although Ofcom first announced plans for the auction in November 2014, the process has been beset by delays. The original plan was to sell off the bands in late 2015, early 2016 but when Three owner Hutchison Whampoa tried (but ultimately failed) to buy O2, the auction was delayed again.
When the 2.3 GHz allocation is made available, more carriers will be able to offer speeds of up to 450 Mbps. Newer iPhones and Samsung devices already cater for Cat 9 bands, but device makers are already beginning to include support for faster 4G in new devices as standard.
Source: Ofcom
Amazon Offers $100 discount off 13-inch MacBook Pro Without Touch Bar
Amazon has slashed $100 off the official price of Apple’s new 13-inch MacBook Pro sans Touch Bar, offering the machine at $1,399 instead of £1,499, presumably for a limited time.
Spotted by AppAdvice, the discount is for the stock 13-inch model, which comes with a 2.0GHz dual-core Intel Core i5 processor, 8GB RAM, and 256GB storage.
Meanwhile, for anyone still debating whether a Touch Bar equipped MacBook Pro is for them, Red Sweater has released a free Mac app that simulates the OLED keyboard strip as a bar on the screen.
Touché is essentially a test bed for developers, but still includes a fully functioning Touch Bar that dynamically changes based on the app currently in use, allowing anyone curious to see how it augments the physical keyboard.
On a more frivolous note, Facebook iOS developer Adam Bell has managed to hack Apple’s new Touch Bar to run classic first-person shooter Doom.
Doom runs on pretty much everything… but can it run on the new MacBook Pro Touch Bar?https://t.co/juJGlFIXFW pic.twitter.com/kr5rM0LVmn
— Adam Bell (@b3ll) November 20, 2016
Tag: Amazon
Discuss this article in our forums
Android Wear watches ‘confirmed’ to get tap-to-pay feature
Google could soon make Android Wear watches a more viable smartwatch option as it looks to introduce tap-to-pay. The feature would let Android Wear smartwatches with an NFC chip to touch on various terminals, such as contactless terminals and Oyster terminals on the London Underground, to pay for goods and services.
- Android Wear 2.0: What’s new in the major software update for watches?
- Best Android Wear smartwatch 2016: The best smartwatches available on Google’s platform?
Android Police has delved into v10.0 of the Google Play services apk and found lines of text such as: “<string name=”tp_tokenization_success_on_wear_body”>%1$s %2$s has been added. Please check your watch.</string>” and “<string name=”tp_wear_retap_prompt”>Try holding your watch to the terminal again</string>”
There’s clear references to a watch, which makes this rumour pretty solid.
It also means the feature could be introduced sooner rather than later, as the inclusion of text prompts suggest the features are being tested right now. It’s highly likely Google will roll out the tap-to-pay feature with Android Wear 2.0, which now isn’t due until late 2017 as Google wants to make sure the software is just right before releasing it to the public.
The new feature and Android Wear 2.0 could also release alongside the two previously rumoured smartwatches made by Google. When the rumours first came about back in July this year, they mentioned possible Nexus branding. With the release of Google’s new Pixel phones, the branding of the watches could change to better fit with Google’s new ‘Made by Google’ tagline.
Google readying tap-to-pay for Android Wear smartwatches
Google may finally be ready to bring tap-to-pay to Android Wear, judging by evidence discovered in the Google Play Services version 10.0 by Android Police. Text prompt strings with messages like “Try holding your watch to the terminal again” make it fairly clear that Google is in the late stages of testing the feature. If you have a compatible Android Wear watch (one with an NFC chip), it will let you touch your watch to an NFC-equipped retail terminal to pay for goods.
Another new feature that appears to be coming soon is Instant Apps, a way to get apps (for one-time use or other reasons) without actually installing them. Android Police notes that the Instant App services have been switched on and a flag set from false to true, meaning the feature is likely being tested in the wild.
You can actually tap to pay on Android right now if you really want to, but you have to use a Samsung Gear S3 watch and Samsung Pay, ironically. That feature works on any Android device with KitKat 4.4 or later, because Samsung just made its payment service available to other Android smartphone brands, provided you’re using its Tizen OS-based watch. The Gear S3 is equipped with the same magnetic stripe payment tech as Samsung’s phones, letting you pay with the watch just about anywhere in the US. (iPhone users have also been able to pay with the Apple Watch and Apple Pay for over a year, of course.)
Samsung’s Gear S3 smartwatch
Smartwatches and wearables in general have disappointed of late sales-wise, and companies like Intel are reportedly scaling back development. It probably didn’t help matters that Google delayed Android Wear 2.0, expected this fall, to 2017. Hopefully, Mountain View used the time wisely to improve the software and give folks more reasons to buy a smartwatch (and use Android Pay, which hasn’t exactly set the world on fire either).
Despite its appearance in Google Play Services, you likely won’t see tap-to-pay now until Android Wear 2.0 arrives early next year. It could arrive at the same time as a pair of rumored Android Wear watches designed and built by Google to be the smartwatch equivalent of its Pixel phones.
Via: Android Police
Source: APK Mirror
Apple replacing a small number of iPhone 6s batteries
Apple has let a cat out of its bag, the cat in this case being that there’s a problem with some iPhone 6s models. According to the company, a fault with the battery is causing a “very small number” of handsets to randomly shut down. If you’re rocking a device that was manufactured between September and October 2015, then you’re eligible for a replacement. Simply head down to your local Apple Store or authorized service provider to have your serial number checked and, if you qualify, you’ll get a replacement device.
Also, if you have already found this problem and paid for a battery replacement out of your own pocket, Apple will refund you. It’s not the first issue the firm has had to address in recent weeks, which was the iPhone 6 Plus’ “Touch Disease.” That’s where a flickering gray bar appears across the top of the screen and multitouch issues render the device unusable until fully repaired. Although, in that case, the company still wants $149 for its trouble — you don’t manage to get $231.5 billion in your back pocket being generous.
Via: TechCrunch
Source: Apple
Walmart tries using blockchain to take unsafe food off shelves
It’s scary when stores have to pull unsafe food. It can take days to pinpoint the batch or supplier that caused the problem, which could lead to people getting sick… or at best, force the store to yank more products than necessary. Walmart believes technology could offer a better way. It’s trying out blockchain’s distributed ledger as a means of identifying the sources of poisonous food. Digital receipts for the food identify everyone in the supply chain, ranging from the original location through to the inspectors and shipping companies. If everything passing through a specific warehouse is making people ill, Walmart can identify that troublesome food and yank it within minutes — and there’s no easy way for unscrupulous suppliers to alter the info.
It’s a modest test run at the moment. Walmart is only using blockchain to track both pork in China and a “packaged produced item” in the US. Provided the trial run goes smoothly, though, you’ll see the tech used for more items.
Walmart isn’t conducting this experiment purely out of concern for customer safety, as you might guess — this is a company at once famous and notorious for its cost-cutting measures. Blockchain could keep more products on sale in the event of a bacterial outbreak, and refine the supply chain by identifying recurring safety issues or slowdowns. All told, the big-box store could save money even as it saves you from a trip to the hospital.
Source: Bloomberg
Light-based neural network could lead to super-fast AI
It’s one thing to create computers that behave like brains, but it’s something else to make them perform as well as brains. Conventional circuitry can only operate so quickly as part of a neural network, even if it’s sometimes much more powerful than standard computers. However, Princeton researchers might have smashed that barrier: they’ve built what they say is the first photonic neural network. The system mimics the brain with “neurons” that are really light waveguides cut into silicon substrates. As each of those nodes operates in a specific wavelength, you can make calculations by summing up the total power of the light as it’s fed into a laser — and the laser completes the circuit by sending light back to the nodes. The result is a machine that can calculate a differential math equation 1,960 times faster than a typical processor.
The Princeton prototype is very simple, with just 49 synthetic neurons. It’s nowhere close to replacing the CPU in your phone, let alone the heavy-duty processing power you see in existing neural networks. To put it mildly, though, photonic networks could have tremendous implications for artificial intelligence. They would be particularly useful for rapidly processing info in “radio, control and scientific computing,” according to the scientists. And in the long term, learning systems could have more human-like accuracy and response times when recognizing objects and actions — important for robots that don’t have time to waste. Any truly dramatic developments are likely years away, but it’s notable that they’re even on the horizon.
Via: MIT Technology Review
Source: Princeton (PDF), ArXiv.org
Apple Launches Repair Program for iPhone 6s Devices Experiencing Unexpected Shutdowns
Apple today launched a new repair program for iPhone 6s users whose devices may be unexpectedly shutting down. The issue is a limited one only affecting certain devices manufactured between September and October 2015.
Apple has determined that a very small number of iPhone 6s devices may unexpectedly shut down. This is not a safety issue and only affects devices within a limited serial number range that were manufactured between September and October 2015.
If you have experienced this issue, please visit an Apple Retail Store or an Apple Authorized Service Provider and have your device’s serial number checked to confirm eligibility for a battery replacement, free of charge.
Apple’s resolution for the issue is to replace the device’s battery free of charge, although Apple notes that if there are other problems with a user’s device such as a cracked screen that could impair the battery replacement procedure, those issues must be repaired for a fee before the battery issue can be addressed.
Users who previously paid to have their batteries replaced for this issue can contact Apple to request refunds.
Just three days ago, Apple launched a repair program for iPhone 6 Plus owners whose devices are experiencing so-called “Touch Disease” where users may see display flickering or a loss of touch sensitivity. That program carries a $149 repair fee, as Apple says the issue is caused at least in part by the device having been “dropped multiple times on a hard surface.”
Related Roundup: iPhone 6s
Buyer’s Guide: iPhone (Buy Now)
Discuss this article in our forums
AIVAnet 