Attackers can use video subtitles to hijack your devices

Be careful before you fire up media player software to play that foreign-language movie — it might be a way for intruders to compromise your system. Check Point researchers have discovered an exploit that uses maliciously crafted subtitles to take control of your device, whether it’s a PC, phone or smart TV. It’s not picky about the program, either — the researchers demonstrated the flaw in Kodi, PopcornTime, Stremio and VLC. The technique isn’t particularly complicated, and relies on a tendency by developers to assume that subtitles are little more than innocuous text files.

As many media player apps download subtitles from repositories they explicitly trust, all it takes is an attacker who sneaks a malicious file into the repository in such a way that you’re likely to download it. An intruder can manipulate a ratings-based subtitle system to push their file to the top, for instance. Combine that with the complexity of the subtitle world (there are over 25 formats, and each media player handles them differently) and you get a plethora of security holes.

The good news: in some cases, it’s fixed. PopcornTime, Stremio and VLC all have updated versions (you can find them in the source link below). However, it’s not guaranteed that your client of choice has a patch ready and waiting. Kodi only has a source code fix available as of this writing. If you’re using another media player with subtitle support, you may want to be careful about using it until you know that the programmers have addressed this exploit.

Via: 9to5Mac

Source: Check Point

Twitter’s live 360-degree videos arrive on Apple TV

Twitter launched its very first streaming app on Apple TV last year with the promise of Thursday Night Football and live sports. Now it’s expanding its television repertoire with even more live content: 360-degree videos. The social media company just announced that it’s adding a Periscope Global Map to its Apple TV app, from which you can then select all kinds of live 360 videos from around the world. After you select a video from the Periscope Global Map, you can then navigate the 360-degree video using the Siri remote.

According to Twitter, 77 million hours of live user-generated video was broadcasted on Periscope in the first quarter of 2017, so it seems you won’t be lacking for content. Also, seeing as Twitter also has live TV apps on Xbox and Amazon TV boxes, it won’t be surprising if live 360 videos appear on those platforms some time soon as well.

This also makes Twitter the very first Apple TV app to support live 360 video, effectively beating YouTube and Facebook to the punch. Yet, YouTube isn’t far behind, as it did announce last week at Google I/O that it was bringing its 360-degree videos to TVs soon. It’s not coming to the Apple TV as far as we know, but Google did announce that it’ll be available for Android TV, Playstation 4, Xbox One as well as 4K TVs from LG and Samsung. It’s not clear yet if Facebook will do the same with its own live videos, but seeing as both Twitter and YouTube already have, it would make sense for it to do it as well.

Source: Twitter

NASA probe on a fast track to reach metallic asteroid

While NASA’s plans to put humans on Mars have suffered recent setbacks, its unmanned robotic programs are achieving milestones on a daily basis. Earlier this year, NASA announced that it had approved a mission, Psyche, to the asteroid belt. Today, the organization announced a shift in Psyche’s launch schedule — with big ramifications.

Psyche 16 is a metal asteroid that may be the remnant of an early planet core. By studying the asteroid, scientists hope to learn more about Earth and the development of planets in our solar system. The mission was originally slated for liftoff in 2023, with arrival at the asteroid Psyche 6 in 2030. However, NASA directed the team to research whether an earlier mission would be feasible. After studying possible trajectories, they determined that launching one year early—in 2022—would shave four years off the spacecraft’s journey. It’s now expected to arrive at Psyche 6 in 2026.

Originally, Psyche was scheduled to have two gravity assists to help it along to the asteroid belt: an Earth flyby in 2024 and another from Mars in 2025. These assists help change the direction and speed of the spacecraft without using engine power. The adjusted trajectory that will occur with an earlier launch eliminates the need for an Earth gravity assist. However, the spacecraft will still require a Mars flyby.

Psyche was chosen as part of NASA’s Discovery program, which is a series of low-cost robotic space missions (capped at $450 million). The target is the asteroid 16 Psych, which measures 130 miles in diameter and is composed of iron and nickel. These are the same elements that comprise Earth’s core, which makes the asteroid of special interest to scientists.

Source: NASA

Apple Releases New Firmware Update for AirPods

Apple today released a new 3.7.2 firmware update for its AirPods, likely introducing bug fixes and performance improvements to the wireless earbuds.

AirPod firmware updates are installed automatically when the AirPods are connected to the iPhone, so AirPods users should begin seeing the new firmware soon as the update rolls out to everyone.

AirPods owners can check the version number in the Settings app by going to General –> About –> AirPods while the AirPods are connected to the iPhone.

Apple did not provide release notes with the firmware update, so it is not known what problems the new software might address.

Though AirPods were first released back in December of 2016, they continue to be in short supply. Shipping times for the AirPods are still at six weeks from the online Apple Store.

Tag: AirPods
Discuss this article in our forums

New iPhone 8 Dummy Video Surfaces as Third-Party Companies Start Developing Clones

Though we’re only four months away from the presumed launch of the “iPhone 8,” we haven’t seen any part leaks for the much-rumored OLED device nor have we seen parts for the two standard LCD iPhones that are said to accompany it.

With a lack of part leaks, we’re relying on dummy units, design drawings, and design renders to give us an idea of what to expect from the device, and there’s been no shortage of those leaks, many of which are somewhat confusing due to the fact that Apple tested several iPhone 8 prototypes.

This week, the first hands-on video featuring an alleged iPhone 8 dummy model surfaced. We already saw the dummy model in question in photographs back in April, but the video provides a better look at the device, and perhaps a better picture of what the iPhone 8 might look like if accurate.

This particular dummy device, said to be a CNC model, aligns with design drawings and rumors pointing towards an edge-to-edge display with a glass body encased in a shiny stainless steel frame. There is no Home button and no visible Touch ID sensor, suggesting it is built into the display, which would be in line with many rumors.

It features a dual-lens rear camera in a vertical orientation and it lacks an Apple logo, so it’s not entirely clear if this is representative of the final design Apple settled on, but it does match up with a lot of the rumors we’ve heard. Alleged iPhone 8 design drawings and schematics that resemble this dummy suggest the iPhone will be thicker than the current iPhone 7 and iPhone 7 Plus.

The dummy device in the video above represents one set of design drawings we’ve seen, but there’s also a second set of design images that have circulated featuring an iPhone with an aluminum body and a rear Touch ID button underneath the Apple logo. The device with a rear Touch ID button is said to be one of the prototypes Apple tested as a fallback should an under-display Touch ID solution not pan out.

Rumors and leaks seem to be coalescing around the first iPhone 8 design without a rear Touch ID sensor, suggesting the images with the back Touch ID button are based on an outdated design that was perhaps scrapped. That it appears unlikely this design will be used in the iPhone 8 hasn’t stopped one China-based company from creating an iPhone 8 clone based on the schematics and design drawings that have been circulating.

Leaker Benjamin Geskin this morning shared images of what he says is an iPhone 8 clone that was designed based on an early iPhone 8 prototype model. It features a front display with slim bezels, a vertical camera, an aluminum body in multiple colors, and a rear Touch ID sensor.

As a clone, this is not representative of what the real iPhone 8 will look like, but it provides an interesting glimpse at prototype design and what an iPhone with a rear Touch ID sensor might resemble.

With multiple prototypes in testing, the actual design of the iPhone 8 will remain unconfirmed and up in the air until we start to see legitimate part leaks. In past years, part leaks have started earlier than May, and their absence may suggest that Apple still has not settled on a finalized design.

For a complete overview of the iPhone 8 rumors and a better picture of what we expect to see included in the overhauled device, make sure to check out our iPhone 8 roundup. It goes into much greater detail on the different design prototypes and it includes information on all of the internal features we expect, like advanced biometrics (facial or iris recognition), an A11 processor, wireless charging, a new front-facing camera system, and more.

Related Roundup: iPhone 8 (2017)
Discuss this article in our forums

Paper Wings is high-flying fun!

Overview:

Paper Wings is a fast-paced arcade game about controlling a papercraft bird to collect coins in an endless run until you miss a coin or die to an obstacle. The difficulty ramps up quickly and the game is fun and has a nice conservationist message built in.

Developer: Fil Games

Cost: Free (with ads)

Impressions:

Paper Wings is a very simple concept on paper (pun intended), with only two buttons that turn your bird left and right to slide it about the screen. You need to rock up and down to facilitate speed and maintain altitude since the bird acts like a paper airplane. The difficulty comes mostly from the lack of control you have over your bird, with the only turning coming from looping around as you’re limited to moving in two directions. To further increase the difficulty, there are also hazards like tracking bombs that are fast and can almost be mistaken for coins.

1 of 8

You have the choice between a large number of real life birds from all over the world to play with, and each one has unique characteristics that change up the gameplay, such as magnets to pull coins or increased power-up times. The different birds all have little biographies about them and where they come from. The game also features a donate option to help support the American Bird Conservancy with donations, which is awesome in its own right.

Conclusion:

I really like Paper Wings, from its cute papercraft visuals to its simple yet challenging gameplay. Its one of the few games I will probably keep on my phone, as I usually delete most of the games I review after I am finished with them. It’s the right mix of short burst play, fun, and polish that makes a mobile game worth playing for me. It’s a

Download Paper Wings on the Google Play Store

Make your own desktop light show with Corsair’s new Commander Pro controller

Why it matters to you

Corsair’s new lighting system is impressive and heavily customizable, but you’ll have to pay quite a lot for it.

Corsair wants you to take your fancy lighting beyond the RGB keyboard and into your desktop PC. Along with a new range of HD140 RGB cooling fans, it’s also launching a new system of fan controllers headed by the Commander Pro, which lets you not only control your fans with ease but coordinate their lighting, too.

Although desktop interior lighting is hardly a new phenomenon, with the growth of RGB backlighting on keyboards and mice, for many companies, the focus over the past few years has been on peripherals. Corsair is looking to turn the RGB spotlight back on the interior of your system though, with its new range of products.

The Commander Pro is described as the ultimate controller for cooling and Corsair Link-enabled hardware. It’s a small black box that you can hide behind your motherboard tray and it connects up all of your cooling fans in one place. It has two RGB lighting channels, which can handle up to six fans or four LED strips a piece, and there are four thermistor inputs too, for temperature control and automated fan speed adjustment.

The system can control fans from 0 RPM, right through to their maximum, with fine-tuning controls and a number of baked-in lighting configurations. That keeps your system not only looking good, but running cool and most importantly quiet, as and when needed (thanks, Hexus).

You can even partner it up with Corsar Link-enabled hardware, like its all in one liquid cooling systems and power supplies.

If you want to expand the lighting options available to you and your RGB fans, Corsair is also offering a new Lighting Node Pro. It gives you access to some much more impressive lighting effects and custom color combinations for up to 12 fans and eight lighting strips. Four of those come with the Node Pro itself, so system builders and hardware enthusiasts can jump on the fancy lighting train in one bundled package.

The Corsair Commander Pro is available now, straight from Corsair, with a price tag of $70. The companion Lighting Node Pro system is a little cheaper, offering greater lighting options for $60. Each of the new Corsair HD140 RGB fans will set you back a further $35. It’s also available in a smaller, 120mm form factor, with a price tag of $30.

For those not looking for the full fan-controlling system, each fan comes with its own three-button controller, so you can manually adjust their lighting as and when you like.

Researchers uncover hack that can take over PCs via video subtitle files

Why it matters to you

If you’re using an outdated media player and you download a dodgy set of subtitles, your computer could potentially be taken over by a malicious hacker.

Researchers at Check Point Security Labs have uncovered a nasty new hacking technique that takes advantage security deficiencies in several popular media players. The exploit uses phony subtitle files to breach a user’s defenses, at which point it’s possible to gain complete control over the system.

Hackers can apparently create malicious subtitle files that run code when they’re loaded into a media player, according to the report published by Check Point. The company estimates that hundreds of millions of users running software like VLC, Kodi, Popcorn Time, and Stremio could be at risk.

Subtitle files are generally perceived as being harmless, and as such they’re rarely vetted too stringently by media players or antivirus software. The situation is made worse by the fact that there’s little standardization, with over 25 different formats with different features and capabilities currently in use.

Check Point has also determined that subtitle repositories are being manipulated to help distribute the malicious files to users. Subtitles submitted by attackers are having are being boosted in the rankings, making it more likely that they’ll be downloaded by users, and selected by media players that can download such files automatically.

Having discovered these vulnerabilities, Check Point disclosed the problem to the developers responsible for the media players that were tested. Some had already taken steps to address the issues, while others are still looking into the situation. As of the time of writing, VLC and Stremio have been officially updated with a fix, while a fixed version of Popcorn Time is available here, and a fixed source code release of Kodi is available here. There are still concerns that other media players might also be affected.

The key here is that subtitle files are being exploited because they’re widely considered to be innocuous. As soon as users and developers drop their guard, malicious hackers see their window of opportunity — and that’s why the work done by organizations like Check Point is so important.

Macphun to bring award-winning photo-editing apps to Windows

Why it matters to you

Macphun’s photo editing apps have won numerous awards in the Mac App store, and for the first time, the company is bringing them to Windows.

Macphun, the developer of MacOS photo-editing apps, is heading to Windows. The company announced that it is bringing its most popular applications, Luminar and Aurora HDR, to Windows for the first time, with a public beta arriving in July.

The move to Windows was a long time coming, according to Macphun Vice President Kevin La Rue. “A PC roadmap has been in our strategy for a long time,” he confirmed with Digital Trends. “Our goal is to offer as many creatives as possible a simple, powerful, and fun way of photo-editing, no matter what platform they use.”

This is good news for Windows users who shoot high dynamic range (HDR) photos or who have been searching for a simpler, less expensive alternative to Adobe Photoshop for image retouching. Aurora HDR was developed with input from renowned landscape photographer Trey Ratcliff, with the intent of making HDR processing easy and flexible. Digital Trends had the opportunity to test out the program in December 2016 and found it to be both approachable and powerful.

We also spent some time with a beta version of Luminar in November 2016, which we called a “breath of fresh air” in the world of photo editing. That application has also received significant updates since our hands-on test.

Windows users may not have heard of Macphun yet, but the company’s apps have won numerous awards, including Apple’s “Editor’s Choice” recognition in the Mac App store for five years running. Luminar also took home the coveted 2017 Technical Image Press Association (TIPA) award for Best Imaging Software.

While those eager to test drive Luminar and Aurora HDR on Windows will get their chance with the beta in July, the full versions won’t be released until this fall, alongside new versions of the MacOS counterparts. Going forward, both versions will be developed simultaneously. We have new versions of these products already in the pipeline for the Fall of 2017 that will launch simultaneously on Mac and Windows, La Rue said.

“Our plan is to be a cross-platform software company going forward and we are starting with Luminar and Aurora HDR,” La Rue said. For now, the back catalog of Macphun’s other apps will remain MacOS-only.

Google’s latest tool will track offline purchases tied to online ad campaigns

Why it matters to you

Next time you buy something in a brick-and-mortar store, Google might know all about it.

The next time you pick up a discounted undershirt at American Eagle, Google might know. This at the Mountain View, California-based search giant’s annual advertiser conference, it announced a new tool that will allow it to track how much money people spend — and on which products they spend it — in brick-and-mortar stores.

It will tie into Google’s digital advertising business. When the integration launches in earnest this year, the ad clicks of Google Account users will be matched to data about their brick-and-mortar purchases. The company won’t be able to examine specific items purchased or how much a specific person spent, but it will use the collated data to track the effectiveness of online ad campaigns. And eventually, it will give retailers a detailed sales report.

Google’s using login information such as email addresses to identify the people clicking on ads. It matches that data with information from merchants and credit card issuers to determine if digital ads motivated an offline purchase.

It won’t work for all payments. Retail customers who pay with cash or use one of the 30 percent of U.S. debit and credit cards that Google can’t access won’t be tracked. And it only tracks customers who login to Google’s services. But it’s an improvement over the current system, which susses out users’ interests mainly from web searches and the content they consume across the company’s services — including Gmail, YouTube, and Android.

And it’s a veritable firehouse of purchases. Google said it has access to roughly 70 percent of U.S. credit and debit card sales through partnerships with companies that track them.

Google’s insists that it’s taken steps to protect users’ privacy. Sridhar Ramaswamy, Google’s senior vice president of ads and commerce, told the Associated Press that “incredibly smart people” designed the new tool to be “secure and […] safe.” Data’s collected in a double-blind way, he said, meaning that data Google’s collected can’t be viewed by merchants or credit partners.

Google’s hoping the new system will convince merchants to boost advertising budgets. The company, which runs an ad network valued at $80 billion, faces increasing competition from social media juggernaut Facebook. Together, the two companies are projected make up 74 percent of digital ad growth in 2017.

Two months ago, major YouTube advertisers including Coca-Cola, Amazon.com, Walmart, Starbucks, and Microsoft pulled campaigns from YouTube, citing faulty filters that prevented ads from appearing next to homophobic, anti-Semitic, and racist content. In response, Google made changes to YouTube’s advertising terms of service and said it would improve its blend of user flagging, human moderation, and algorithmic detection.

But it’s not all doom and gloom. In the first fiscal quarter of 2017, Google reported growth in ad sales of 19 percent to $21.4 billion.