Tech Brew Ride Home - Thu. 01/23 - Security Features As A Feature
Episode Date: January 23, 2020More Samsung phone rumors, Match Group invests in safety features as a feature, the Bezos phone hack story gets a lot murkier, and everyone seems to have noticed that Google search has gotten crufty. ...Sponsors: DoubleUp.agency ClearMe.com/techmeme Code: Techmeme Links: Samsung's new foldable phone already sounds way better than the Galaxy Fold (Mashable) New leak says the Galaxy S20's display will run at 60Hz by default (Android Central) Microsoft starts rolling out developer tools for its dual-screen Surface Duo Android phone (ZDNet) Match Group invests in Noonlight to power new safety features in Tinder and other dating apps (TechCrunch) Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone (Motherboard) Alex Stamos Tweet Storm Google’s ads just look like search results now (The Verge) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the Techmeme right home for Thursday, January 23rd, 2020. I'm Brian McCullough today.
More Samsung phone rumors. Match group invests in safety features as a feature. The Bezos phone
hack story gets a lot weirder and murkier and everybody seems to have noticed that Google Search
has gotten crifty all at once. Here's which you miss today in the world of tech.
More rumors ahead of Samsung's upcoming unpacked event and more scoops from Xx.
XDA developers. XDA's Max Weinbach reported that the expected Galaxy Z-Flip
foldable phone with a clamshell design, by the way, Z-flip is apparently the name for this device.
Anyway, that foldable clamshell phone might be doing something that other foldable phones haven't
done before. Quote, the Galaxy Z-Flip will lock into two different positions, 90 and 180
degrees. You can use it at 90 degrees as a kickstand and apps like Google Duo or the camera will just use the top part of the screen, end quote. So click through to the mashable story that I link to in the show notes to see this sort of demoed in action. It's sort of like how those foldable laptops we've been seeing come out tend to work. When you fold 90 degrees, the top half is the business end and the bottom half becomes controls or a keyboard or a second screen or whatever depending on the app.
That actually makes a ton of sense for a bunch of things.
If you think about it, like setting your phone down when doing a video call or something.
So to sum up, this Z flip is probably a clamshell phone, probably square when folded up,
folds up to be smaller, but also folds halfway to be self-supporting and usable hands-free.
And all in all, since you can fold it up, it should be easier to use one-handed and smaller.
your pocket. By the way, Max also rumor mongered that the flagship Galaxy S20, which was rumored to
be touting a display running at 120 hertz, might actually out of the box only be running at 60
hertz, quoting Android Central, quoting Max's tweets. To enjoy smoother animations and scrolling
users will have to go into settings and manually change the display refresh rate to 120 hertz.
While it is certainly a little disappointing, we aren't shocked. The Asus Rogphone 2, which has
120-hertz display ships with the refresh rate set to 60 hertz by default.
Google's Pixel 4 and 1-plus phones with fluid Amel-led displays, however, ship with 90 hertz enabled by
default.
Since many buyers don't care about their phone displays being on the highest resolution or refresh
rate, it is possible Samsung may be looking to prioritize battery life over improved smoothness.
Prioritizing battery life is also the main reason why the displays on Samsung's current
flagship phones default to the full HD-plus resolution instead of the quad-hd-plus.
Weinbach has also claimed that the Galaxy S20 Ultra
will come with a stainless steel frame instead of aluminum
on the standard S20 and S20 plus.
The most premium Galaxy S20 model is also expected to be the only one
to feature a 108 megapixel primary camera
and a 40 megapixel selfie camera, end quote.
Speaking of dual-screen devices,
Microsoft has started rolling out developer kits
and emulators for its dual-screen Surface Duo
Android phone and Windows 10x-based Surface Neo, quoting Mary Jo Foley in ZDNet.
The immediately available preview SDK for the Duo includes access to documentation and samples
for best practices, U.X design information, and more. It includes native Java application
programming interfaces for dual screen duo development and an Android emulator with a preview
of the Surface Duo image. To use the Duo preview SDK, developers need the Android Studio.
and Android emulator.
For the 10X SDK users will need a recent Windows 10 insider preview build of 64-bit Windows 10 Pro,
enterprise, or education on a four-core device with HyperV enabled.
Microsoft is also doing more work on its new edge browser so that it will support
dual-screen 10X and Android devices, end quote.
So devs get cracking.
Match Group is investing in Safety App Noonlight to add features like
like a panic button, emergency assistance, location tracking, check-ins, and photo verification
to its suite of dating apps. Match Group, of course, owns the likes of Match. Tinder, OKCupid,
plenty of fish, and actually basically any dating app you'd probably be likely to use.
These new features will first come to Tinder, apparently. And this news comes after something
I didn't cover on this show. Last month, ProPublica and Columbia Journalism Investigation
wrote a piece outlining how Match Group might be allowing known sexual predators to use its
apps inadvertently. The report claimed that Match Group didn't have a policy of running background
checks on all its users. The company claimed it didn't collect enough personal information
on users that didn't sign up to the paid versions of the apps. So if you were using their
apps on the free level, they couldn't do background checks and the like on you at all. Well,
quoting Sarah Perez in TechCrunch. Today, Match Group says it has invested in NoonLight with the
intention of rolling out new safety features to its apps, starting with Tinder on January 28th.
Tinder, now Match Group's leading dating app and biggest moneymaker, has been downloaded over 340 million
times and has nearly 5.7 million paying subscribers. It was also the top grossing non-game app of
2019. The company didn't disclose the size of its Noon Light investment, but did say it was joining
Noonlight's Board of Directors.
Noonlight, which has been operating for five years, today partners with Uber, Lyft, Alexa, Google Home, Fitbit, Canary, Smart Things, and others, according to his website.
It has handled over 100,000 emergencies to date and runs three monitoring centers.
One key addition to Tinder powered by Noonlight will allow U.S. users to share details about upcoming dates via Noonlight's timeline technology.
Tinder users will be able to share who they are meeting, where and when, by a newnight.
adding the date to their timeline, end quote.
Perez goes on to speculate that actually beyond the bad publicity match group received from
the ProPublica reporting, this change in strategy might actually have been prompted by good old
fashion competition because, if you'll remember, last fall, Facebook launched its Facebook
dating service, which among other new features allowed daters to share their live location with
trusted friends on Messenger. And of course, ride-sharing apps like Uber and Lyft have
allowed writers to trigger emergency services in app. So safety features like this were probably
looking increasingly like a feature set that data apps would look stupid to be without.
All right, buckle in because we need to come back to that Jeff Bezos phone hacking story.
Motherboard and a bunch of other folks got their hands on the actual report made by FTI consulting.
So we have a lot more detail. And if anything, this story is possibly just more.
confusing because of that. Here's the step by step. Apparently, the investigators found a suspicious
encrypted file on Bezos's iPhone, which caused his data transfers to soar by around 29,000 percent.
But oddly, what's more interesting is what they didn't find. Quote, the report obtained by motherboard
indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two
days pouring over the device but were unable to find any malware on it. Emphasis mine. Instead,
they only found a suspicious video file sent to Bezos on May 1st, 2018, that, quote,
appears to be an Arabic language promotional film about telecommunications, end quote.
That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with
an encrypted downloader. Because the downloader was encrypted, this delayed or further prevented
study of the code delivered along with the video, end quote. So it was after receiving this file that the
data transfer rates on the phone spiked. The investigators naturally assume that the two were
connected, but again, found no actual malware, just the file. The investigators assume that this file is the
culprit, but they're not sure. And the investigators encountered two huge roadblocks, quote,
the first related to the encrypted downloader.
Ferranti's team first examined the attachment alone before deciding they needed to do a full
forensic imaging and analysis of the phone's contents and traffic.
They used a tool from Celebrite, Celebrite UFED 4PC Ultimate and Physical Analyzer,
to grab forensic images from the phone and set up a secure makeshift lab to do the forensics
over two days.
They did not find any malicious code embedded in the video file, but,
discovered that the video was delivered via an encrypted downloader hosted on WhatsApp's media server, end quote.
The problem there was because of WhatsApp's end-to-end encryption,
the investigators couldn't decrypt the contents of the downloader.
And the second problem they encountered was that Bezos' phone had iTunes backup encryption enabled.
They apparently were not able to get the password to unlock the encryption, which is weird.
did Jeff not remember his password or something?
And then when they tested ways to bypass the password,
they accidentally reset all the settings on the phone,
causing it to restore to factory defaults.
Quoting one last time,
a mobile forensic expert told motherboard that the investigation,
as depicted in the report,
is significantly incomplete
and would only have provided the investigators
with about 50% of what they needed,
especially if this is a nation-state attack.
She says the iTunes backup and other extractions they did,
would get them only messages, photo files, contacts, and other files that the user is interested in saving from their applications, but not the core files.
They would need to use a tool like Gray Key or a Celebrite Premium or do a jailbreak to get a look at the full file system.
That's where that state-sponsored malware is going to be found.
Good state-sponsored malware should never show up in a backup, end quote, said Sarah Edwards, an author and teacher of mobile forensics for the Sands Institute, end quote.
So I'm going to link again to a Twitter thread from Alex Damos that gets more into the weeds of this,
but I'm just going to quote from his initial tweet and his summary tweet, quote,
this FTI forensics report is not very strong. Lots of odd circumstantial evidence for sure, but no smoking gun.
The funny thing is that it looks like FTI potentially has the murder weapon sitting right there.
They just haven't figured out how to test it. If FTI doesn't have the capability to do this analysis,
themselves, then they should ask for WhatsApp's help in decrypting the file and then should allow
Facebook and Apple to investigate. There is at least one WhatsApp and one iOS vulnerability involved here.
Anyway, the idea that this report is the furthest you can go with access to the phone is wrong.
The circumstantial evidence is reasonably compelling, but since this is a major national security
issue now, more eyes need to be on the evidence, end quote.
Finally today, you may have seen grousing online over the last few days that Google's new search results, a redesign to their desktop search, is number one ugly because they've added favicon's to clutter up all of the search results.
But number two, it introduces sort of a dark pattern because those favicons that, again, show up on almost every returned result, look functionally the same.
as the little ad banners that are supposed to function as labels or disclaimers for which
results are ads and which are not. In other words, the line between ads and search results
has been even further blurred. Instead of collecting all the various criticisms that have been
floating around online, I'm going to use John Porter's piece in The Verge to stand for all of the
critics generally, quote, in a blog post announcing the new design when it came to mobile last year,
Google partially explained the change by saying that adding favicon's to organic search results means that,
quote, a website's branding can be front and center, which means, quote, you can more easily scan the page of results, end quote.
But it spent far less time talking about the changes to its ad designs, which now feel much more significant,
especially when viewing results on a laptop or monitor. In the past, Google's Sundeep Jane justified simplifying the company's ad designs by saying that,
a simpler design quote makes it easier for users to digest information, end quote,
according to search engine land. He added that the company was trying to reduce the number of
different colors used on a page in order to bring a little more harmony to the layout.
It's hard not to get the feeling that this harmony is less about offering a better user
experience and more about helping Google's ad revenue. As Digidae reports, there's data
to suggest that's actually the case. According to one digital marketing agency,
click-through rates have already increased for some search ads on desktop and mobile click-through
rates for some of its clients increased last year from 17 to 18% after similar changes to Google's
mobile search layout, end quote. So let me add my two cents here. This has been going on for a long,
long time, as I've said before, the slow, gradual crowding out of organic results by ads.
In a way, this is just the latest example and not even the most egregious one. Let's
bring it back to mobile. The majority of search is done on mobile these days, right? Well,
because of the smaller screen real estate on mobile search, Google has long since effectively
been able to fill the first screen of search results on mobile with ads for a long time now.
They haven't even made any effort to hide that. How often have you had to scroll past all of the
ads just to get to the first organic result or find your answer or the site you wanted?
And it's not just the ads. It's all the other, quote unquote, helpful product.
cards, Google map results, etc., etc. If you just want an answer to something on Google,
on mobile, you're going to have to do a lot of scrolling before you can even begin to find
what you're looking for. So my beef is with all of the cruft that you have to wade through
on Google, which is rendering it completely frustrating. But my deeper beef is, the ads have
gotten useless as well. Do you remember when Google ads were actually useful, when they were more
targeted when they tended to at least tangentially relate to what you were searching for?
I think the obvious beef that everyone has, that is logical, is that this cruft is making Google
search garbage, but the deeper second-level beef is that Google ads have become garbage, too.
They're not picture ads, they're still text, but they're effectively now bland, generic,
just shotgun blast banner ads in the non-useful, non-specific generic.
garbage sense of that term. I don't think any of us would care about the Google search getting so
cluttered up with Kroft if it weren't for the fact that the Kroft is so useless. It took them 20 years,
but Google has effectively become the thing it was born to kill. The ugly, marginally useful,
frustrating Yahoo search circa the year 2000. By the way, your ears weren't deceiving you yesterday.
The opening music was indeed different because suddenly,
out of the blue late yesterday, as I was almost done editing, garage band suddenly couldn't find
the sound files in the template that I use every day. Like, I would reopen the file, and I'd get
all these error messages saying they couldn't find this file or this file was a duplicate. And so,
in the end, it delivered that weird music in the intro with the extra symbol splash that some
of you heard. I think it was because it was double layering the files or something. I don't know.
Something was going on. And then this more,
morning, the error messages were gone, and everything was back to normal. So who knows? But man,
some of you have some eagle ears out there. Or I guess that's what happens when you hear the same
song every day over and over again. You know it like you know your heartbeat, I guess. Anyway,
should be fixed, I hope. Talk to you tomorrow.
