Hackers threaten to remotely wipe iCloud accounts unless Apple pays a ransom

Why it matters to you

Your Apple account could be part of a massive data breach and it could be used by hackers to demand ransom from Apple.

A group of hackers is allegedly trying to extort Apple by holding Apple customers’ data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid.

The group self-identifies as the “Turkish Crime Family,” and it is demanding either $75,000 in Ethereum or Bitcoin or $100,000 in iTunes gift cards, according to a report from Motherboard. Not only that, but the hackers gave Apple an April 7 deadline to meet the demands — or else they will start wiping both phones and iCloud accounts.

More: Apple has finally taken the wraps off the new ruby red ‘iPhone (RED)’

The hackers even went to the trouble of providing screenshots, allegedly showing conversations that the group has had with Apple. In one instance, an Apple security team member asked if the hackers were willing to provide a “sample or the data set,” possibly to verify the validity of the data and make sure that the accounts were indeed breached. Last but not least, the hackers uploaded a video to YouTube with further proof.

In other words, things aren’t looking good.

Even worse? The sheer number of accounts the hackers have access to. According to Motherboard, one of the hackers claim to have gained access to 300 million Apple accounts, including Apple’s own @iCloud. Another hacker in the group claimed that the group had access to an even-more-scary 559 million accounts.

The reports do call into question Apple’s security. It’s currently unclear exactly how they gained access to Apple’s servers, however, it’s possible that the team didn’t directly hack Apple but rather gained information through previous data breaches or used social engineering to get information.

Apple says it’s working with the authorities to bring the hackers to justice and it’s likely we haven’t heard the last of this story. We’ll update this article as we hear more.

Android security came a long way in 2016 but Google says there is more work

Why it matters to you

Android users can be sure Google is working closely with manufacturers and carriers to improve security regardless of what device they own.

With hundreds of different Android devices out in the wild, running different versions of the operating system on different hardware, Google faces a massive challenge in distributing critical security updates. In the past, many users have had to wait up to three months before having their phones patched, not only due to the variation between Android products, but also the lack of urgency with which manufacturers pushed fixes out.

Google has been well aware of this problem, which is why it has made significant strides over the past several years, reducing that wait time to just a couple of days, according to TechCrunch. But there is still work to be done, as Adrian Ludwig and Mel Miller, members of Android’s Security Team, have noted in a year-in-review blog post.

More: Top 5 Android security apps: Do they protect you?

More than 735 million devices from more than 200 manufacturers received security updates last year, according to Google. While that illustrates the company’s commitment to keeping users safe, the job is hardly complete. Ludwig and Miller also noted roughly half the Android products in use at the end of 2016 had not received an update in the preceding 12 months. Google claims its new A/B update system, designed to make over-the-air updates more reliable and prevent them from inadvertently bricking phones, will help encourage installation.

The monthly security update initiative, set in motion after the Stagefright vulnerability was discovered in 2015, also saw expansion in 2016, the team reported. Those updates were released for devices running Android 4.4.4 and up, which comprises 86 percent of all active devices globally.

Ludwig and Miller also said they made strides in stamping out potentially harmful apps (PHAs) in the Google Play Store. Verify Apps, a system that checks users’ devices for PHAs, conducted 750 million daily tests last year, up from 450 million in 2015. As a result, installation of PHAs was reportedly reduced in the top 50 countries in which Android devices are used. Google estimated PHAs accounted for 0.05 percent of all apps on the Play Store last year, compared to 0.15 percent in the year prior.

Of course, Google Play isn’t the only place where users can get their apps, and that is one of the roadblocks Google encountered trying to make Android safer for everyone. The number of devices with a PHA installed — from any source, not just Google’s marketplace — actually rose to 0.71 percent from 0.5 percent.

Although many Android users have chosen Pixel and Nexus devices to receive updates straight from Google automatically, the security team attributed much of its progress to enhancements offered by the release of Android 7.0 Nougat. Chiefly, the introduction of file-based encryption and protections against media-based attacks have bolstered security in the most recent Android phones, regardless of manufacturer.

Still, as much as the Android Security Team has accomplished alongside partners and carriers, it still helps to have friends in the research community. Google said its Vulnerability Rewards Program paid out nearly $1 million to researchers in 2016 for their contributions — some of which were set to rave music.

Deal: Unlimited Calls, Text and 2GB of 4G LTE data for $11.67 per month

Right now, Mint SIM has an amazing deal on high-speed 4G LTE data in the U.S.!

In the U.S., between the Big Four carriers, it’s become a game of race to the top — with that top being unlimited data.

But most people don’t need unlimited data. In fact, most Americans don’t use more than a couple of gigabytes per month, and even the top percentage rarely go over 10GB. 1

That’s why Mint SIM is such a great value proposition. The idea is simple: by signing up for three months of service at a time, you save money every month.

For a limited time, get 2GB of data, plus unlimited calls and texts, for $11.67 per month!

Here’s the lowdown on Mint SIM: It cuts through the BS of “unlimited” to provide exactly what you need at a price that no one can match. The company uses T-Mobile’s extensive 4G LTE network that covers most of the coverage in ultra-fast wireless connectivity. And features like tethering are free, so if you find yourself with extra gigs at the end of the month, you can connect your laptop or tablet to your phone’s data plan and enjoy mobile freedom anywhere.

You could be paying just $11.67 per month for 2GB of wireless data! Learn More

1 Data collected independently by Mobile Nations between June 2016 to September 2016.

All Nest Cams have a dangerous bug, but it will be fixed ‘in the coming days’

Nest Cams are incredibly convenient, but having a permanent connection to the Internet can also be a security risk.

Nest, the Alphabet company that scooped up to take over its smart home ambitions, has a problem. Its Nest Cam line, which includes the (admittedly excellent) Outdoor model, has a dangerous bug that allows a would-be thief or hacker (or hacker thief) to send a signal over Bluetooth to force the camera into a reboot, disabling the unit for up to 90 seconds.

The vulnerability was discovered last October and reported to Nest in October by Florida-based security expert, Jason Doyle, but the cries went ignored, so he felt he had no choice but to make them public in hopes of pushing Nest to do something about it.

There are three issues, all to do with problems in the camera’s always-on Bluetooth connection, which end up forcing the unit to either reset or seek out a non-existent Wi-Fi network. All three issues have the same effect: they take down the Nest Cam entirely. Of course, said hacker would need to be within Bluetooth LE range for the connection to be made — some 60 feet in good conditions, but more likely 30 feet — but now that the exploits are out, such antics could become more common.

For its part, Nest has released a statement claiming that it would be sending a patch to all Nest Cam and Dropcam models “in the coming days,” after discovering and patching the issue internally. Good news for active Nest Cam users, but let’s hope Dropcam has a method of forcing such an update to customers that wouldn’t otherwise be aware of the problem.

Destroy your opponents in ‘Rocket League’ Dropshot mode

Chaotic jet-car soccer game Rocket League just got a little crazier with its new Dropshot mode, which changes how you play the game. This free update rolls out to Xbox One, PlayStation 4 and PC today, bringing a new competitive tournament as well as some goofy Easter-themed items for your in-game automobile.

Dropshot changes things up in a big way. The new mode has no goalposts, unlike other Rocket League arenas. Instead, each side of the field is covered with destructible hexagons. Smash the massive soccer ball with your jet-car into the ground to destroy the ground and then use the resulting hole to score. It takes two hits to fully destroy a hex space in the arena. When you do score, your opponent’s hexes repair themselves while yours stay as is. In addition, you can now electrify the ball to do splash damage when it hits. All told, a fully powered ball can smash up to 19 panels. This new mode is full of even more intense strategic action for Rocket League players.

The patch also brings three new cosmetic items to your car: an Easter egg antenna ball and two silly but fun roof decorations, an Easter basket and set of bunny ears. You’ll see these as random drops after each match. The fourth season of tournament play also gets some changes, with new skill tiers, fewer divisions and new ranking and skill reckoning that should help balance out all Rocket League competitive gameplay.

Source: Psyonix

Limited edition black OnePlus phone? Not so limited anymore.

So much for that black OnePlus 3T being an ultra-rare beast. OnePlus has revealed that it will launch a limited Midnight Black edition of the 3T at a “later date,” making that once-special color available to everyone “while supplies last.” And the practical difference between this smartphone and the limited edition Colette model (shown below)? Er… there’s no Colette logo on it. That’s all. Yes, the 250 people who lined up at a Paris store on March 21st now have little to brag about besides getting a black 3T slightly earlier than everyone else. So why spoil their fun? If you ask OnePlus, it’s because most people just want the device that badly.

The company tells us that the “community has been asking” for a completely black OnePlus phone for a while. As proof, it pointed us to a Twitter poll it ran where 92 percent of respondents agreed that OnePlus should “matte black all the things.” That’s not exactly a scientific survey, but there’s no denying that there’s at least some interest in a darker shade. We can’t knock OnePlus too hard, then, but this still serves as a lesson in resisting the urge to snap up an exclusive device color as soon as it’s available.

Source: OnePlus

Nest security cameras can be knocked out via Bluetooth

Your connected security camera might not be as trustworthy a defense as you think. Security researcher Jason Doyle has published details of three vulnerabilities in the Nest Cam, Dropcam and Dropcam Pro that lets an attacker disable their recording over Bluetooth. Two of them, which rely on sending excessively long WiFi data, will trigger a memory overflow that makes the camera crash and reboot. The third exploit tricks the camera into temporarily disconnecting from WiFi by making it try to connect to another network.

As you’ve likely noticed, all of these are temporary attacks. However, burglars could still use them to buy precious time when breaking into a home. It only takes a few seconds to cross a room or turn a camera toward the wall, of course. And while Nest’s cloud-based video storage is normally an advantage (thieves can’t just remove a card to destroy evidence), the disconnection exploit turns that internet feature into a weakness. All of these exploits appear to be avoidable, too. Doyle tells the Register there’s no pressing need to leave Bluetooth turned on after the initial setup process, so Nest may be leaving itself unnecessarily vulnerable.

The good news: Doyle disclosed the security holes to Nest, and the company tells Engadget that it’s “aware of the issue, [has] developed a fix for it, and will roll it out to customers in the coming days.” While there’s no workaround in the meantime, this particular issue won’t last long. The bigger question is whether or not Nest and rival camera makers will see this as motivation to toughen up their wireless security.

Via: The Register

Source: GitHub

Netflix’s big budget ‘Death Note’ remake lands on August 25th

We’ll soon learn why Netflix spent $40-$50 million on a live-action adaptation of the anime series Death Note. The streaming service revealed the first teaser for the film this morning and announced that it’ll be premiering on August 25th. It’s a particularly big get for Netflix: Death Note was wildly popular during its initial manga and anime runs, and it’s spawned several live action films in Japan (there’s even a musical!). Death Note was also one of the few anime series that have been regularly available on Netflix for several years, which gave subscribers plenty of chances to dive into it. So despite the big budget, it makes sense for Netflix to be the home of an American adaptation.

The series centers on a disaffected high school student, Light (Nat Wolff), who stumbles on the “Death Note,” a book which has the power to kill anyone whose name is written in it. As Light goes on a killing spree, he’s also hunted down by a genius detective, L (Keith Stanfield). It all sounds a bit silly when you summarize it, but the original series ended up being a thrilling game of cat and mouse.

The adaptation relocates the action from Tokyo to Seattle, and it also brings in Willem Dafoe as the voice of Ryuk, the Death Note’s demonic owner. It’s also in the capable hands of director Adam Wingard, who’s helmed several solid horror films and thrillers (You’re Next, The Guest and segments in V/H/S 1 and 2). Based on the trailer, the remake looks suitably stylish and moody. Dafoe, in particular, seems perfectly cast.

Netflix is no stranger to original films these days, but Death Note is one of the first big budget gambles for the company. It won’t be the last, though: Netflix has also shelled out $90 million for the Will Smith film Bright, $60 million for Brad Pitt’s War Machine and it reportedly spent over $100 million on Martin Scorsese’s next movie, The Irishman, starring Robert DeNiro. While it costs a lot more to produce new material, rather than just license existing catalogs, the exclusive content both entices new subscribers and convinces existing members to stay. And of course, it serves as material that Netflix can easily bring into new territories, without worrying about regional licensing rights.

Source: Netflix (Twitter)

Finding inner peace (with help from your smartphone)

Technology is draining. Social media networks are programmed to make you come back for more, constantly swiping to refresh, like and post. You are constantly at your PC, your smartphone, your TV. You fall asleep to Netflix or reading Twitter as it spits up funny gifs or more bad news. It can wear you down. You’re no longer in college with all the energy in the world and next to no commitments or obligations. You need to know when to unwind, avoid burning out and control (at least some) of your unhealthy (perhaps excessive) tech habits.

For me, this was recently compounded with a move back to the UK from Japan, changes at work and all this political upheaval both at home and abroad. I’ve been feeling frazzled and have been trying to find time to relax, switch off, center myself and other frivolous terminology I take to mean “feel less shitty.” Ask my friends and they’ll tell you I’m constantly glued to my phone or asking for a cable to recharge it. It takes its toll physically too, in the form of tired eyes, a stiff neck and reaching for my phone when I should be sleeping.

So what did I do? What should you do? Those are probably different answers. There’s no shortage of introductory guides to meditation, relaxation podcasts and devices that promise to help or offer relief. As someone who’s glued to my phone, to every message, email, retweet, like, follow and Tinder match that come my way, could I somehow break free with the help of technology? Not everything will work for you, but something should. I’m new to this. As I alluded to earlier, I’m more prone to burnout (and even getting sick) when work or personal stuff bears down on me, but what follows is a roundup of the things I’ve found most effective.

Engadget has covered a lot of apps and devices for relaxation, but figuring out how to relax and disconnect a bit more doesn’t have to involve laying down much (if anything) in the way of cash. If you have an internet connection (which you probably do, because you’re reading this) and something with speakers, there’s a rich free library of meditation podcasts to stream or download.

Podcasts and other listening

There are so many of them, but at least podcasts are nearly always free to try out. Personally, I found that the host’s voice will either endear you to a meditation podcast or put you off completely. (For some reason, I discovered Aussie accents to be the most relaxing.)

The Daily Meditation Podcast is a good starting point. Host Mary Meckley puts out a new one almost every day, and she’s almost on her thousandth episode.

Then there’s white noise. For the uninitiated, white noise is the result of combining sounds of different frequencies. Why is this a good thing? It squeezes out other sounds: neighbors, the hum of your AC, traffic outside. Even if it doesn’t drown it out completely, it makes it harder for your brain to pick it up, meaning you can better focus or relax. I have a former colleague who uses white noise to fall asleep almost daily. You’ll find something to listen to practically anywhere, from iTunes to Spotify. Here’s an entire YouTube channel dedicated to white noise.

So we have something to start with, but the challenge was often finding time to put into doing nothing (it’s not nothing) into your day. When I’m stressed, I like to spend my time stressing.

The apps

This is where investing in either an app or some sort of gadget can help. Setting aside my cynicism about paying for something that you can do for free, there are a few reasons to do it. Devices and apps can help you build a habit, and they mean you’re (literally) investing in it. Things you pay for will draw you to using them more, at least initially.

Many apps will also track your progress and remind you that you haven’t managed to fit in some relaxation time during the day. Smartphone applications can even improve your meditation sessions, whether that’s heart rate feedback or monitoring the length of your sessions. It’s offering metrics on your efforts — and I find that important.

But as with podcasts, there are so many of them: good and bad, free and paid for. From my time researching and trying things out, the best advice is to explore the options, take advantage of free trials and see what sticks. That’s vague, but then again, mindfulness and meditation often are.

I particularly like Simple Habit, which offers short podcast-esque guided meditations that are aimed at specific things. There’s a daily catchall session but also ones for increasing focus, reducing stress, settling yourself down before sleep and more. The only catch is that it’s not free: After the free trial and lessons, it’s $12 per month, $100 per year or $300 for a lifetime subscription. That raises a good question: What is the cost of peace of mind? You might want to do some of the math, but there are hundreds of sessions to listen to, and the company says it’s adding more weekly. I appreciated this choice — even if the majority of the benefit of mindfulness and deep breathing came regardless of program A or B. We all like options, though, so here’s a handful of other apps worth looking into.

• Smiling Mind
• Calm (with an Android Wear companion app)
• Headspace

Wearables

Possibly the most successful relaxation wearable I’ve tried is a well-established device that might not come immediately to mind: my Apple Watch. It’s probably one of the least free things you can use for mindfulness. However, I already owned one even before I set out to find my inner peace.

In particular, let’s talk about the Watch’s Breathe feature, which arrived as part of watchOS 3 and was a notable addition for me, a (begrudging) early adopter. It’s simple, easy and unobtrusive. While you can tap the Breath app on the Watch to launch, you can also schedule it daily so that it vibrates to remind you it’s time to shut down for a few minutes.

Deep breathing for a minute or two might sound like the bare minimum of effort, but it’s often enough to evoke a relaxation response. This is a term coined by Dr. Herbert Benson to explain the body’s reaction to deep breathing. It’s like the opposite effect of stress. You can set up the deep-breathing session from your wrist; just rotate the crown to control how long. Apple’s wearable also gives breathing guidance without having to look at a light-up screen. It uses haptic feedback to guide your breathing rhythm and then a little melody sounds once you’re done. The watch rounds up your weekly efforts, tallying minutes spent doing nothing but breathing. It’s simple, but I’m finding it sustainable. So far.

Disconnecting

Pulling myself away from my smartphone, my PC and everything with internet outright was far harder. It happens on my vacations (sometimes!) but rarely in my daily life. From waking up and checking emails to falling asleep as Netflix blares from my oversized phone, connection adds distraction and comfort. There are phones that encourage you not to use them, but until they manage to reach their crowdfunding targets, it’s entirely on you to cut back.

A study by researchers at Harvard Medical School found that those who read e-books instead of paper ones needed an extra 10 minutes, on average, to fall asleep. They also experienced 90 minutes of delayed melatonin onset and released half the amount of melatonin to boot. Further, they experienced less rapid eye movement sleep — you know, the good, deep stuff.

There are also ways to make your phone more bedtime friendly. Even if you can’t ban it outright from your bedside (it’s my alarm clock, OK?), Apple’s Night Shift and Android’s Night mode intentionally soften the blue hue from your phone. They remove the blue light, which can coax your brain into feeling alert and awake (like it’s still daytime). f.lux does a similar thing with your PC and is worth trying out if you’re regularly still working into the late hours. Better still: Don’t use light-up displays in the hour before you go to bed — it’s what the National Sleep Foundation recommends.

I don’t think all my stress and distractedness are due to the iPhone. I asked the founder of Simple Habit, Yunha Kim, if phones were part of the problem: “Our phones can add stress to our lives with constant notifications and buzzes,” she said. “But the fact that we carry them everywhere we go shows that they can be such a powerful tool for bringing meditation wherever we go as well.”

Phones can be both part of the problem and part of the solution, but if you’re thinking that constant screens and notifications aren’t helping, then you already know what you need to do.

That’s not to say it’s easy. Our devices, our apps and social networks are addictive.

Tristan Harris, former Google Design Ethicist and cofounder of advocacy group Time Well Spent, lays it out well: We don’t miss what we don’t see. His group is trying to increase the degree of humanity in software design and persuade tech companies to make disengaging from our phones and screens easier. Harris isn’t immune to them and explained in an Atlantic interview how he cuts down on his phone notifications in an “almost militaristic way” and uses the first home screen of his phone for functional apps like Google Maps and Uber — no time killers like social networks and games. He apparently hides more attention-grabbing apps into folders on the second page. (This is something I already do with my dating apps, so I get how that works. It keeps it one step further away from my fingertips.)

My favorite takeaway, however, is how Harris launches apps: by typing its name into the search bar, raising the bar for how much effort is needed to launch something. Do you really need to check Instagram again?

Check out all of Engadget’s “Adult Week” coverage right here.

Dozens watched a Facebook Live stream of sexual assault

It’s no secret that Facebook has its hands full dealing with graphic and violent content being streamed live on the site. Last summer, Antonio Perkins was streaming an otherwise normal evening when he was shot. There have been other cases of graphic footage being streamed on Facebook Live as well. The most recent incident involves the sexual assault of a teenager in Chicago.

Chicago police say that a 15-year-old girl was sexually assaulted by multiple suspects last weekend and that the ordeal was streamed live on Facebook. Police confirmed to The Washington Post that the girl’s family reported her missing Sunday. Family members say the girl left for a trip to the store and was later spotted on the livestream. She was found Monday and police are continuing to investigate the incident. Facebook has taken down the video.

“Crimes like this are hideous and we do not allow that kind of content on Facebook,” a company spokesman told The Washington Post. “We take our responsibility to keep people safe on Facebook very seriously and will remove videos that depict sexual assault and are shared to glorify violence.” We have reached out to the company for further comment on the matter and we’ll update this post when we hear back.

The company further explained that it works “around the clock” to review any questionable content that’s reported by its users. Of course, that system requires any graphic or violent videos to be reported in the first place. In this case, Chicago police say “40 or so” people watched the assault and no one called 911.

Facebook was heavily criticized for reportedly taking two weeks to remove a video of a 12-year-old girl livestreaming her suicide in late December. According to The Washington Post, by the time the company had removed the footage, it had also popped up (and was removed) on YouTube. In early January, four people streamed themselves attacking a mentally disabled teen. Live video is a huge deal for Facebook right now, but until it figures out how to keep acts of violence from its users’ News Feeds, we’ll continue to hear about these incidents being broadcast on a regular basis.

Source: Washington Post