Start Up No.1,127: Microsoft finds Russia in printers, Apple stops Facebook listening, Yahoo helps with email, iPhone 11 release date released?, and more


Computing – specifically, hacking overseas finance systems – has paid off for North Korea, says the UN. CC-licensed photo by %28stephan%29 on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. You should have seen what got left out. I’m @charlesarthur on Twitter. Observations and links welcome.

North Korea took $2bn in cyberattacks to fund weapons program: UN report • Reuters

Michelle Nichols:

»

North Korea has generated an estimated $2bn for its weapons of mass destruction programs using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges, according to a confidential UN report seen by Reuters on Monday.

Pyongyang also “continued to enhance its nuclear and missile programmes although it did not conduct a nuclear test or ICBM (Intercontinental Ballistic Missile) launch,” said the report to the UN Security Council North Korea sanctions committee by independent experts monitoring compliance over the past six months.

The North Korean mission to the United Nations did not respond to a request for comment on the report, which was submitted to the Security Council committee last week.

The experts said North Korea “used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income.” They also used cyberspace to launder the stolen money, the report said.

«

Including cryptocurrency exchanges, of course. To get how significant that is: North Korea’s nominal GDP in 2018 was $32bn. So that’s a really significant amount of money, a 6% boost to the economy if it was done in a single year. And it’s all foreign currency – even more useful. Kim Jong-un made hacking one of North Korea’s priorities when he came to power in 2011; looks like the right call.
unique link to this extract


Microsoft catches Russian state hackers using IoT devices to breach networks • Ars Technica

Dan Goodin:

»

Microsoft researchers discovered the attacks in April, when a voice-over-IP phone, an office printer, and a video decoder in multiple customer locations were communicating with servers belonging to “Strontium,” a Russian government hacking group better known as Fancy Bear or APT28. In two cases, the passwords for the devices were the easily guessable default ones they shipped with. In the third instance, the device was running an old firmware version with a known vulnerability. While Microsoft officials concluded that Strontium was behind the attacks, they said they weren’t able to determine what the group’s ultimate objectives were.

Last year, the FBI concluded the hacking group was behind the infection of more than 500,000 consumer-grade routers in 54 countries. Dubbed VPNFilter, the malware was a Swiss Army hacking knife of sorts. Advanced capabilities included the ability to monitor, log, or modify traffic passing between network end points and websites or industrial control systems using Modbus serial communications protocol. The FBI, with assistance from Cisco’s Talos security group, ultimately neutralized VPNFilter.

Fancy Bear was one of two Russian-sponsored groups that hacked the Democratic National Committee ahead of the 2016 presidential election. Strontium has also been linked to intrusions into the World Anti-Doping Agency in 2016, the German Bundestag, and France’s TV5Monde TV station, among many others. Last month, Microsoft said it had notified almost 10,000 customers in the past year that they were being targeted by nation-sponsored hackers. Strontium was one of the hacker groups Microsoft named.

«

unique link to this extract


Facebook hit by Apple’s crackdown on messaging feature • The Information

Aaron Tilley:

»

Debate about how app makers use the internet calling feature, which relies on a technology called Voice over Internet Protocol, or VoIP, has been simmering for years. After Facebook split off messaging into a standalone Messenger app in 2014, the social media giant tried to keep the technology in its main app. But Apple figured out what Facebook was doing and made it stop, said Phillip Shoemaker, who until 2016 was the head of Apple’s app review team. But Messenger and WhatsApp, which allow internet voice calls, still use the feature.

“Messenger can still use [VoIP background] mode, and does,” said Mr. Shoemaker. “What they do in the background, whether it be accept calls, listen in all the time or update the content of the main app, it’s all unclear to Apple, but could be happening.”

Aside from potentially gathering data, the feature also sucks up system resources, shortening battery life. The impact on battery life briefly made it into the headlines back in 2015 when it was discovered that the main Facebook app was using the voice-calling feature to run in the background.

Other major messaging apps like Snapchat and China’s WeChat have been using the feature to run in the background for a number of reasons unrelated to voice calling, one of the people familiar with the issue said.

«

Guess that’s another API closed off to Facebook/WhatsApp for data collection. Though of course once iOS 13 happens, people are going to test what ads they see when they say some particular set of words.

unique link to this extract


How Android paved the way for the smartphone revolution • Bloomberg

Shira Ovide with a rundown of what you’re probably familiar with; but this is different:

»

for Google parent Alphabet, Android’s legacy has grown messy. Last year, after a long investigation, European Union regulators declared that Google’s offering Android for free but with strings attached was a violation of EU anti-monopoly laws. The EU also fined Google for favoring its web shopping service ahead of rivals and for hurting competition in internet search ads. The company is appealing all three actions.

The smartphone is now middle-aged by the sped-up standards of the tech world. IDC estimates that sales of the devices will decline in 2019 for the third straight year. There remains a big gap between the 50% of the world that uses the mobile internet and the 80% to 90% where analysts predict adoption will top out. But reaching the next 3.5 billion to 4 billion people gets progressively harder. Even Android can’t drive phone prices down low enough for some people and places where the smartphone hasn’t spread widely.

And as technologists bet on what lies beyond the smartphone, the odds are that Android or an Android-esque system won’t have a major role. In a future in which wireless connections are so fast and cheap that the internet can be built into every car, desk chair, thermostat, virtual-reality device, and pair of glasses, a single gadget that acts as an access point for the digital world may be much less important. And the biggest platforms for cloud computing, driverless cars, and voice-activated digital assistants are proprietary systems, not open coalitions like Android. The key developers, such as Alphabet, are wagering it’s better for them to act alone.

«

Then again, what’s ever going to surpass the smartphone?
unique link to this extract


Yahoo Mail’s plan to fix email: make computers read it • The Atlantic

Ian Bogost:

»

The team [at AOL, before its acquisition by Verizon] saw that photo sharing was big, along with travel itineraries, receipts, and newsletters. But they also found that email programs were still stuck in a paradigm 20 years old: a list of messages, a literal representation of how the data get stored in a database with a spreadsheet-like view of the various fields. “We were treating all those types of information—from shared files to dining reservations—the same way,” Becker says.

The biggest revelation was that few people knew how to search their email. Becker recalls standing behind a woman at the airport who was frantically looking for her boarding pass. “I could feel her anxiety as she approached the security agent,” he tells me. During a home visit, a woman wanted to show Becker’s team some photos she had been sent by a friend. But she had no idea what to search for. Without better strategies, people were just searching for something—“United,” say, or the photo-sharing friend’s name—and scrolling hopefully. People adapted where email software had not. They started taking screenshots of boarding passes or coupons so they could find them more easily.

This is a dumb way to use computers, which are capable of organizing information in more ways than just in lists and search results. So Becker and his team, still at AOL, created a product called Alto Mail that did just that. Instead of dumping messages into one endless list, or requiring users to organize it themselves into folders (few do), Alto automatically sorted them into virtual stacks, just like people tend to do with physical mail: This is a bill, this is a catalog, this is trash, and so on. Each stack looked and worked differently, depending on the content it contained. “We organized email for our users so they didn’t have to,” Becker says.

«

Fascinating insight: many people don’t care about their email domain at all; it’s just a thing where their email lives. AOL and Yahoo put a lot of work into making their email systems work better. And nobody really notices.
unique link to this extract


Facebook’s Libra: it’s not the ‘crypto’ that’s the issue, it’s the organisation behind it

Bill Maurer is professor of Anthropology and Law at the University of California, and Daniel Tischer is a lecturer in Management at the University of Bristol:

»

When setting up Visa, it was important for [Visa founder Dee] Hock that Visa would not be owned by self-interested shareholders. Instead, it was the users, banks and credit unions, who “owned” Visa as a cooperative membership organisation. Ownership here did not entail the right to sell shares, but an irrevocable right of participation – to jointly decide on the rules of the game and Visa’s future.

The incentive was to create a malleable but durable payment infrastructure from which all members would benefit in the long term. To work, everyone had to give something up – including their own branding on credit cards, subordinating their marks to Visa. This was a really big deal. But Hock convinced the network’s initial members that the payoff would come from the new market in payment services they would create. He was right.

For most of its existence, until it went public in 2016, Visa was an anomalous creature: a for-profit, non-stock corporation based on the principle of self-organisation, embodying both chaos and order. Hock even coined a term for it: “chaordic”.

Libra envisions a similar collaborative organisation among the founding members of its Libra Association. But it turns Hock’s principles upside down. The Libra Association is all about ownership and control by its members as a club…

…Libra’s white paper outlines an organisation that could become a decentralised, participatory system like Hock envisioned Visa would become. But Libra, if it is successful, will likely become an undemocratic behemoth. Alarm bells ring about a global currency’s de facto governance by a private, exclusive club serving the purposes of its investor-owners, not the public good.

«

That is, pretty much, my objection to Libra as well.
unique link to this extract


Apple’s iPhone 11 release date just leaked • BGR

Zach Epstein:

»

A new law in Japan is set to go into effect on October 1st, and it will require that wireless carriers unbundle devices and service plans. Why? Because carriers were forcing customers to pay for overpriced data plans by bundling only the most expensive plans with the most popular smartphones. When asked how the new law might impact Apple’s September iPhone launch, [SoftBank president Ken Miyauchi] had this to say (machine translated):

»

Honestly, I am wondering what should I do for 10 days. No, I shouldn’t say that. Anyway, I don’t know when the new iPhone will be released. However, after about 10 days, it will be unbundled.

«

Oops.

Apple always releases its new iPhones on a Friday and if we count back about 10 days from October 1st when this new unbundling law goes into effect, we land on September 20th. That’s exactly when we expected Apple to release its new iPhone 11 lineup, and now it’s all but confirmed. And with that in mind, we can expect the new iPhone 11, iPhone 11 Max, and iPhone 11R to be unveiled at an Apple press conference on Wednesday, September 11th, or sometime thereabouts.

«

“Miyauchi-san? Tim Cook on the line for you.” Anyway, now you know. Also: Samsung’s Galaxy Note 10 is launched today, Wednesday. It’s a phone and has a pen – a sentence that also used to make sense in the early 20th century, when phones had fold-out tray tables underneath where one could keep paper notes. What’s old is new.
unique link to this extract


HTC suspends UK sales due to patent claim, Xiaomi targeted too • Android Authority

Hadlee Simons:

»

Patent licensing firm IPCom says HTC infringed a 2012 UK court ruling. Back then, the UK High Court ruled that HTC infringed upon IPCom’s patent 100A, which determines how emergency calls are prioritized on 3G networks. The patent in question was obtained by IPCom as part of a deal with Bosch in 2007.

HTC was permitted to use a workaround when launching phones in the UK, the patent firm claimed, but says the brand’s Desire 12 doesn’t use this workaround. The Taiwanese company has therefore decided to suspend sales of the Desire 12, IPCom asserts, but the bad news doesn’t stop there.

“Furthermore, HTC has signalled that it is taking steps to suspend sales of all its mobile devices in the UK,” IPCom’s press release noted.

The patent licensing company says it’s also in negotiations with Xiaomi regarding its alleged patent infringement. It says the Mi Mix 3 slider flagship uses the offending patent.

«

Wonder if HTC forgot how to do the workaround. Then again, it’s news that it sells any phones at all in the UK. Stopping sales will probably save it money – or at least forgo some losses: HTC only did about $14m in sales in July, and probably made an operating loss of half that (ie it spends $3 for every $2 it brings in). The patent stuff, though, is all very 2011.
unique link to this extract


AT+T insiders bribed with over $1m to unlock two million phones and hack their employer, DOJ claims • Forbes

Thomas Brewster:

»

A 34-year-old from Pakistan has been extradited from Hong Kong to the US, over allegations he bribed AT+T employees over five years to unlock more than 2 million phones. He was also accused of hacking into AT+T computers. It cost AT+T millions, whilst the insiders were paid more than $1m in bribes, according to an indictment unsealed Monday.

Muhammad Fahd and his co-conspirator Ghulam Jiwani were accused of paying as much as $420,000 to individual AT&T staff at a call center in Boswell, Washington, asking them to unlock phones tied to the AT+T network. At the same time, US prosecutors claimed Fahd was helping people who were paying to unlock and escape AT+T; in some contracts where cellphone cost has been reduced, AT+T requires customers remain on its network. Fahd would simply get a phone’s IMEI number from a willing buyer and then ask the AT+T insiders to unlock their device.

But Muhammad’s alleged fraud went further, the Department of Justice said, as he asked employees to install malware on AT+T computers so that he could study how the telecoms giant’s internal processes worked. He then created malware that used AT+T employees passwords to get access to different computers so that he could do the unlocking himself, according to the indictment.

«

More fun: the co-conspirator is said to be deceased. The scam started in 2012, AT+T discovered it in October 2013 and thought it shut it down, and then it restarted in November 2014 and ran for another three years. So about 50 cents in bribes per unlocked phone; you’ve got to imagine they charged a lot more.

Given the way AT+T locks people into absurd phone contracts, though, it’s hardly surprising that the demand exists.
unique link to this extract


Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.