Tech Brew Ride Home - Fri. 08/30 - The Worst iPhone Attack Ever

Episode Date: August 30, 2019

The biggest iPhone attack ever, Microsoft wants to make tablet mode on Windows 10 more desktop-y, airlines are banning Macbook Pros, Jack Ma and Elon Musk debate AI and the weekend longreads suggestio...ns. Sponsors: Castro Listennotes.com/api Links: Mysterious iOS Attack Changes Everything We Know About iPhone Hacking (Wired) Project Zero (Google Project Zero) Microsoft unveils new tablet experience for Windows 10 (The Verge) The Long-Term Stock Exchange raises $50 million in new funding (Axios) More Airlines Ban MacBook Pros in Checked Luggage (Bloomberg) When Elon Met Jack: Musings on AI, Mars and the End of Civilization (Bloomberg) The Weekend Longreads Suggestions: Unix at 50: How the OS that powered smartphones started from failure (Ars Technica) Wi-Fi 6 Will Be Here Soon. What Is It? (Wired) Mobile payments have barely caught on in the US, despite the rise of smartphones (CNBC) Drone Bubble Bursts, Wiping Out Startups and Hammering VC Firms (Bloomberg) Older people are embracing video games. For some, that means stardom. (NBC News) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the TechMeme right home for Friday, August 30th, 2019. I'm Brian McCullough today. The biggest iPhone attack ever. Microsoft wants to make tablet mode on Windows 10 more desktop-y. Airlines are banning MacBook pros, Jack Ma and Elon Musk debate AI, and of course the weekend long-reads suggestions.
Starting point is 00:00:56 Here's what you missed today in the world of tech. So, in what was the biggest attack on iPhone users? ever, for two years, a handful of websites were able to hack thousands of iPhones each week that visited those websites, allowing hackers to access the live location data, photos, contacts, even passwords on those iPhones. This is a pretty big deal because iPhones have long been considered pretty difficult to hack. Plus, the attack would lay bare everything. Encrypted emails, WhatsApp, Telegram, IMessage messages, the exploit was discovered by Google's Project Zero Security Research team, quoting them. There was no target discrimination. Simply visiting the
Starting point is 00:01:48 hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites received thousands of visitors per week. Google's threat analysis group was able to collect five separate, complete, and unique iPhone exploit chains covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years, end quote. And quoting from Wired, this is terrifying, says Thomas Reed, a Mac and mobile malware research specialist at the security firm Malwarebytes.
Starting point is 00:02:30 We're used to iPhone infections being targeted attacks carried out by nation. state adversaries. The idea that someone was infecting all iPhones that visited certain sites is chilling, end quote. The attack is notable not just for its breadth, but for the depth of information it could glean from a victim iPhone. Once installed, it could monitor live location data or be used to grab photos, contacts, and even passwords, and other sensitive information from the iOS keychain. With such deep system access, the attackers could also potentially read or listen to communications sent through encrypted message services like WhatsApp, IMessage, or Signal. The malware doesn't break the underlying encryption, but these programs still decrypt data
Starting point is 00:03:12 on the sender and receiver's devices. Attackers may have even grabbed access tokens that can be used to log into services like social media and communication accounts. Reid says that victim iPhone users would probably have had no indication that their devices were infected, end quote. Google is not naming the websites that functioned as the watering holes or the infection vector for this attack. Google did alert Apple to this vulnerability on February 1st and Apple patched the vulnerabilities with the release of iOS 12.1.4 seven days later. What we also don't know is who is behind the attack and the speculation about that is frankly all over the map right now.
Starting point is 00:03:57 a lot of people are saying this is clearly state-sponsored or maybe some form of domestic surveillance. But at the same time, a lot of what the hackers did seemed pretty amateurish. They didn't use HTTPS encryption, for example, so anyone could intercept the data that they themselves stole. Plus, the data was sent to a server whose IP address was actually in the malware code. Thus, it was easy to zero in on the group once detected. Malware Jake tweeted, quote, a hard-coded HTTP IP address is amateur hour. Contrast that with multiple exploit chains and sandbox escapes,
Starting point is 00:04:34 and it sure sounds like a group with tons of money to buy exploits and little operational experience. So many thoughts right now, end quote. The TLDR here, as far as I can tell, is that the assumption has always been that while individual iPhones could be hacked, it was actually very much thought to be a case of individuals. And it was also very much thought to be expensive as much as $2 million per incident. So essentially, security experts always thought that you only had to worry about, say, governments targeting the phones of an individual dissident, not entire groups. But here you have the ability to hack entire populations.
Starting point is 00:05:20 so, as Jason Kobler tweeted, this is crazy, crazy, crazy, crazy. Upends everything I thought I knew about iPhone security, end quote. Microsoft have started testing a more desktop-like Windows 10 tablet mode for two-in-one convertible PCs. Quoting the verge, currently Windows 10 throws you into a more tablet optimized UI that removes taskbar icons and puts the start menu full screen
Starting point is 00:05:52 when a device automatically switches into tablet mode. Microsoft is now walking back some of those changes while keeping some touch-optimized elements for 2-1 PCs. In the new tablet experience, the desktop will remain in full view with the taskbar icons visible and increased spacing between them. If enabled the search box will collapse into an icon,
Starting point is 00:06:14 and the touch keyboard will appear when you tap on a text field. File Explorer will also switch to a touch-optimized layout, end quote. Additionally, Microsoft is testing cloud download options that would allow you to reset or restore a Windows 10 PC without the need for a local disk or recovery drive or USB thumbnail drive, similar to what MacOS has had for a while now. For a while now, this startup has fascinated me. You know, Eric Rees, the author of that book that you might have read called The Lean Startup. Well, Reese and a lot of other people have long decried the short-term pressures that companies have to endure once they go public and then have to juice those quarterly earnings numbers every three months. His brainstorm is the long-term stock exchange. This would provide companies with a stock exchange that had all the good bits of being publicly traded, but without some of those pesky drawbacks like activist investors. but generally short-termism in general.
Starting point is 00:07:26 In short, by doing things like tenured share voting, which means you wouldn't be able to have input on a company until you held your investment for a certain amount of time, the exchange would allow companies, as the name implies, to build for the long-term. The long-term stock exchange, or LTSE, got SEC approval back in May to become the country's 14th national stock exchange.
Starting point is 00:07:49 The LTSE will be under the, the same regulatory framework as the NYSE and NASDAQ, but allowed to implement their own rules. Well, the LTSE has just raised a $50 million Series B led by Founders Fund. Andresen Horowitz also doubled down on their original investment. No word on when this new stock exchange might begin operation, though. If you'll recall, I was worried about exactly this. Multiple airlines worldwide have begun banning Apple's laptops in checked luggage, regardless of whether or not the laptops in question fall under the serial numbers specified in the recalls that Apple recently made. Quoting Bloomberg, all 15-inch versions of Apple's MacBook Pro must be carried in the cabin and
Starting point is 00:08:43 switched off, Quantas said in a statement Wednesday. The rule went into effect Tuesday morning. Rival Virgin Australia went further on August 26, banning all Apple laptops, period, from checked luggage. Australia's two biggest airlines join a growing list of carriers and jurisdictions across the world, cracking down on the portable computers out of concern. Some could self-combust. The models in question are some 15-inch MacBook Pros sold from September 15th to February 2017.
Starting point is 00:09:14 Apple issued the recall in June, saying, quote, in a limited number of older generation 15-inch MacBook Pro units, the batteries may overheat and pose a fire safety risk, end quote. Singapore Airlines and Thai Airways have already stopped passengers from taking any of the affected models on their aircraft, end quote. So the good news, I guess, is that they're still letting the devices on the planes at this point. But still, flying to Australia, that's a trek that would cry out for any distractions your laptop could give you, right? I'm going to segue into the weekend long reads with this sort of read suggestion. Jack Ma and Elon Musk held a public quasi-debat about artificial intelligence in Shanghai yesterday, where Musk, as is his want, sounded the alarm about the perils of AI, while Ma was more sanguine,
Starting point is 00:10:14 which in a way sort of sums up the Chinese-U.S. tech divide. I'm going to read a little bit from a transcript. There's more in the piece that I'm quoting from that Bloomberg put together, and this went viral on the socials, so you might be able to find video out there too. Quote, Musk. People underestimate the capability of AI. They sort of think it's like a smart human, but it's going to be much smarter than the smartest human you will ever know. Ma. I never in my life say human beings will be controlled by machines.
Starting point is 00:10:47 It's impossible. Human beings can never create another thing that is smarter than human beings. Musk. I very much disagree with that. The biggest mistake I see people making is to assume they're smart. Ma. My view is that computers might be more clever. Human beings are much smarter.
Starting point is 00:11:05 Musk. Yeah, definitely not. Ma. I'm quite optimistic, and I don't think artificial intelligence is a threat. I don't think artificial intelligence is something terrible, but human beings are smart enough to learn that. People like us, street smart, we're never scared of that. Musk. I don't know, man.
Starting point is 00:11:24 That's like famous last words. All right, then that means it's time for the weekend long read suggestions. Let's start with my favorite topic, which as you know is tech history. Unix is turning 50 this year. In its own way, Unix has eaten the world in its iOS and Android guises. But have you ever read up on the actual history of Unix? The history lesson I'm pointing you to comes from Ars Technica, so you know it's long and detailed and well-researched.
Starting point is 00:12:00 Here's some color from the very first moment that Unix blinked into life. Quote, The PDP 7 didn't have a tape drive or a hard drive at the time. The system was booted by feeding a punched paper tape into it. Without an attached drive, the file system they had worked so hard on had to wait. But at least they had a functioning multi-user time sharing environment to play around with. Still, the team felt this was an accomplishment and christened, their operating system Unix, U-N-I-C-S, short for Uniplexed information and computing system.
Starting point is 00:12:34 At least that's the official explanation. According to Maltics history site, Malticians.org, the pronunciation like Unix, E-U-N-U-C-H-S, was considered doubly appropriate because the team viewed this new operating system running on an obsolete, hand-me-down computer as, quote, Maltics without any balls, end quote. From the past to the future, did you know that we're about to get Wi-Fi 6? It's coming this fall, in fact. What is Wi-Fi 6? Here's wired to lay out all of the tech specs and standards and companies supporting it.
Starting point is 00:13:10 But top level, quote, as with most new standards, it's stewards say that Wi-Fi 6 will ultimately make our tech lives better and faster. That's probably true. But keep in mind that the main objective with the launch of Wi-Fi 6 is to increase the performance and rely on. ability of wireless connectivity at a network level, not necessarily on a single device or at a single access point. Sure, your Roku and your Nintendo Switch will see wireless speed gains, but a lot of the new computational intelligence behind Wi-Fi 6 will be devoted to handling streaming to multiple gadgets at once. It's Wi-Fi for a world crowded with mobile gadgets, IoT devices, and connected equipment, end quote. And this is something that
Starting point is 00:13:55 I feel like is simultaneously not talked about a lot, but also at the same time, I feel like, fairly well known. For all of the hype, mobile payments have simply not caught on in the U.S. in a major way yet. This piece from CNBC is actually chock full of hard numbers and data, but bottom line, quote, it seems odd considering the ubiquity of iPhones and Androids in the United States, more than 81% of Americans on a smartphone, up from 35% just eight years ago, according to Pew Research Center. While experts say mobile payments in the U.S. will eventually close the gap, they see legacy financial systems, a lack of a need for other options, and rewards cards as major headwinds, end quote. That's interesting. I never thought of the rewards cards angle.
Starting point is 00:14:45 Hmm. Rewards cards. Who recently launched a credit card with generous rewards, despite how. Having one of the more popular mobile payment platforms out there. And according to Bloomberg, there is a major tech bubble bursting right now. It's in the world of drones. And it's wiping out startups and hammering the returns of VCs who dove enthusiastically into the space. Some of the biggest startups began closing their doors last year after burning through hundreds of millions in venture capital poured into a fledgling industry that, despite forecast for explosive growth, is taking longer to mature than expected. dozens of others are getting swept up in a consolidation wave as drone companies search for a profitable niche in a rapidly shifting marketplace. Quote, there was some irrationality around drones, a period of hype driven by the popularity of the hobby sector, said Kay Wackwitz, founder and chief executive officer of research group drone industry insights.
Starting point is 00:15:42 We're getting past that, and people are coming back to reality, end quote. And finally, Ninja Who? NBC says that older people are embracing video games in increasing numbers, and some of them are becoming legitimate gaming idols. In a 2016 study by the American Association of Retired Persons and the Entertainment Software Association, 38% of Americans aged 50 and older said they play video games regularly. Half of the respondents in the 2016 study who said they play online games say they play more online games now, on a range of platforms including mobile, console, and computer than they did five years ago. We're seeing an increase overall, Alison Bryant,
Starting point is 00:16:25 senior vice president of research for AARP, said of Americans 50 and older who play video games. Bryant declined to give updated numbers, citing a study AARP will release on the topic this year, end quote. This NBC piece highlights a 66-year-old man who has a Twitch channel called Grandpa Gaming, where he plays Player Unknown's Battlegrounds before an audience of 200,000 subscribers. And Shirley, 83, who has a YouTube channel with 700,000 subscribers where she plays Skyrim. Bethesda Softworks announced in March that Curry will be immortalized as a character in an upcoming game. Man, the trains were so empty this morning that I actually got a seat on the way in. and half the people on the train this morning were carrying roller luggage as I presume they were heading off for some early weekend destination.
Starting point is 00:17:22 That can only mean one thing. It's the end of summer. It's a holiday weekend in the U.S. Labor Day. What I've learned from doing the weekend bonus episodes this year is that around holidays like these, everyone is out of office. So it's not even worth trying to book people for bonus episodes. That means no weekend. bonus episodes this weekend and no episode this Monday either because I'll be taking a day off as well because frankly there's just not that much news that's going to happen on Monday anyway. Talk to you
Starting point is 00:17:58 all on Tuesday.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.