Sim cards – all vulnerable to hacking due to their inbuilt browser. CC-licensed photo by mroach on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. And just like that, it’s Friday! I’m @charlesarthur on Twitter. Observations and links welcome.

New Sim card flaw lets hackers hijack any phone just by sending SMS • The Hacker News

Mohit Kumar:

»

Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in Sim cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

Dubbed “SimJacker,” the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic Sim toolkit), embedded on most Sim cards that is widely being used by mobile operators in at least 30 countries and can be exploited regardless of which handsets victims are using.

What’s worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries.

S@T Browser, short for SIMalliance Toolbox Browser, is an application that comes installed on a variety of Sim cards, including eSim, as part of Sim Tool Kit (STK) and has been designed to let mobile carriers provide some basic services, subscriptions, and value-added services over-the-air to their customers.

Since S@T Browser contains a series of STK instructions—such as send short message, setup call, launch browser, provide local data, run at command, and send data—that can be triggered just by sending an SMS to a device, the software offers an execution environment to run malicious commands on mobile phones as well.

«

Not worrying at all. Nothing to see here. Move along.
unique link to this extract

---

Huawei confirms the new Mate 30 Pro won’t come with Google’s Android apps • The Verge

Tom Warren:

»

Richard Yu, the CEO of Huawei’s consumer products division, revealed onstage at a press event in Germany this morning that the company has been forced to drop Google’s Mobile Services (GMS) license on the Mate 30 series of devices.

“We cannot use the Google Mobile Services core, we can use the Huawei Mobile Services (HMS) core,” explained Yu very briefly. “Today that’s because of a US ban that these phones cannot preinstall the GMS core, it has forced us to use the HMS Core running the Huawei app gallery on the Mate 30 series phones.”

Google’s Play Store is an essential part of the company’s Google Mobile Services license, and it’s how the majority of Android-powered handsets outside of China get access to apps. Huawei can’t really work around this very easily, so instead, it’s simply building its own alternative to Google’s Play Store and associated services. Huawei is using $1bn to fund development, user growth, and marketing of its own Huawei Mobile Services.

There are 45,000 apps already integrated with Huawei Mobile Services, but there will be many thousands more that will need to be tweaked and made available in Huawei’s App Gallery. It’s a big task to get developers to support its own app store, but the company has no other real alternative.

Huawei spent less than a minute talking about the Android ban onstage, during a presentation that lasted nearly two hours. It’s clear the company has some big work ahead of it to convince consumers and developers that its version of Android, based on Android Open Source Project, will be viable.

«

Huawei’s $1bn to try to create a virtuous circle – developers bring users who buy phones which brings developers – is just like Microsoft’s effort with Windows Phone 7 ($100 per app, up to 10 apps, per developer), and as doomed outside China. (And inside China, why would you write for Huawei rather than just to be on top of WeChat?) There are 2.7m apps on Google Play.

European carriers won’t want the Mate 30: too much hassle doing customer support for people trying to get Netflix and not understanding why it isn’t there. And “Android” is a Google trademark – so Huawei can’t market it as an Android handset.
unique link to this extract

---

Crash course: how Boeing’s managerial revolution created the 737 Max disaster • The New Republic

Maureen Tkacik:

»

Under the sway of all the naysayers who had called out the folly of the McDonnell deal, the board had adopted a hard-line “never again” posture toward ambitious new planes. Boeing’s leaders began crying “crocodile tears,” Sorscher claimed, about the development costs of 1995’s 777, even though some industry insiders estimate that it became the most profitable plane of all time. The premise behind this complaining was silly, Sorscher contended in PowerPoint presentations and a Harvard Business School-style case study on the topic. A return to the “problem-solving” culture and managerial structure of yore, he explained over and over again to anyone who would listen, was the only sensible way to generate shareholder value. But when he brought that message on the road, he rarely elicited much more than an eye roll. “I’m not buying it,” was a common response. Occasionally, though, someone in the audience was outright mean, like the Wall Street analyst who cut him off mid-sentence:


“Look, I get it. What you’re telling me is that your business is different. That you’re special. Well, listen: Everybody thinks his business is different, because everybody is the same. Nobody. Is. Different.”


And indeed, that would appear to be the real moral of this story: Airplane manufacturing is no different from mortgage lending or insulin distribution or make-believe blood analyzing software—another cash cow for the one percent, bound inexorably for the slaughterhouse. In the now infamous debacle of the Boeing 737 MAX, the company produced a plane outfitted with a half-assed bit of software programmed to override all pilot input and nosedive when a little vane on the side of the fuselage told it the nose was pitching up. The vane was also not terribly reliable, possibly due to assembly line lapses reported by a whistle-blower, and when the plane processed the bad data it received, it promptly dove into the sea.


«

A long read, but a terrific one.
unique link to this extract

---

Facebook working on smart glasses with Ray-Ban, code-named Orion • CNBC

Salvador Rodriguez:

»

Facebook has been working to develop augmented reality glasses out of its Facebook Reality Labs in Redmond, Washington, for the past couple of years, but struggles with the development of the project have led the company to seek help. Now, Facebook is hoping a partnership with Ray-Ban parent company Luxottica will get them completed and ready for consumers between 2023 and 2025, according to people familiar.

The glasses are internally codenamed Orion, and they are designed to replace smartphones, the people said. The glasses would allow users to take calls, show information to users in a small display and live-stream their vantage point to their social media friends and followers.

Facebook is also developing an artificial intelligence voice assistant that would serve as a user input for the glasses, CNBC previously reported. In addition, the company has experimented with a ring device that would allow users to input information via motion sensor. That device is code-named Agios.

«

Problem for Facebook doing hardware is always that its platform is so limited. You’re doing Facebook; you’re not doing Google, not doing Netflix, not doing Twitter, not doing a million other things that any platform company can offer.
unique link to this extract

---

Apple AR/VR patent details plans for eye, gesture, facial tracking • Variety

Janko Roettgers:

»

Apple’s upcoming mixed reality headset could include a number of sensors to track the eyes, gestures and even facial expressions of its users. The company applied for a patent to track these kinds of inputs, and combine them with information gathered from outward-facing sensors for mixed reality experiences.

The patent application in question, simply titled “Display System Having Sensors,” was first filed in March of this year, and published last week. It describes in detail plans to use a range of sensors to gather data from the wearer of a mixed reality headset.

Such sensors would make it possible for Apple to more realistically reproduce a user’s facial expression in mixed reality. Apple has already developed facial tracking software for Animoji, the company’s animated AR emoji. Animoji make use of an iPhone’s selfie camera to track facial expressions, and then translate those movements to animation.

The challenge with that approach is that you can’t simply film a user’s face if they’re wearing a headset. That’s why Apple is looking to combine data from separate sensors, including some used for eyebrow and jaw tracking, as well as eye tracking cameras.

«

The real challenge is to stop the wearer looking like an absolute dork.
unique link to this extract

---

How China unleashed Twitter trolls to discredit Hong Kong’s protesters • The New York Times

Raymond Zhong, Steven Lee Myers and Jin Wu:

»

For fans of pro tennis, European soccer and British tabloids, the mysterious Twitter account had a lot to offer.

Beginning last year, it retweeted news, most of it in English, about Roger Federer and the Premier League, and it shared juicy clickbait on Zsa Zsa, an English bulldog that won the 2018 World’s Ugliest Dog contest.

Then, suddenly, the account began posting, in Chinese, about a different obsession: politics in Hong Kong and mainland China. By this summer, it had become a foot soldier in a covert campaign to shape people’s views about one of the world’s biggest political crises.

The account, @HKpoliticalnew, and more than 200,000 other Twitter accounts were part of a sprawling Russian-style disinformation offensive from China, Twitter now says, the first time an American technology giant has attributed such a campaign to the Chinese government.

China has long deployed propaganda and censorship to subject its citizens to government-approved narratives. As the nation’s place in the world grows, Beijing has increasingly turned to internet platforms that it blocks within the country — including Twitter and Facebook — to advance its agenda across the rest of the planet.

It has done so in part by setting up accounts on the platforms for its state-run news outlets, such as China Daily, to make a public case for its views. But that is quite different from using fake accounts to manipulate opinions surreptitiously or simply to sow confusion.

“The end goal is to control the conversation,” said Matt Schrader, a China analyst with the Alliance for Securing Democracy at the German Marshall Fund in Washington.

Twitter last month took down nearly 1,000 accounts that it said were part of a state-directed effort to undermine the antigovernment protests in Hong Kong. It also suspended 200,000 other accounts that it said were connected to the Chinese operation but not yet very active. Facebook and YouTube quickly followed suit. All three platforms are blocked in mainland China but not in Hong Kong.

«

The obvious question, which this article seems to answer, is that the accounts are hijacked after years of being used by normal people, rather than being long-planned schemes to subvert Twitter.
unique link to this extract

---

Why prescription drugs cost so much more in America • Financial Times

Hannah Kuchler:

»

All over the world, drugmakers are granted time-limited monopolies — in the form of patents — to encourage innovation. But America is one of the only countries that does not combine this carrot with the stick of price controls. 

The US government’s refusal to negotiate prices has contributed to spiralling healthcare costs which, said billionaire investor Warren Buffett last year, act “as a hungry tapeworm on the American economy”. Medical bills are the primary reason why Americans go bankrupt. Employers foot much of the bill for the majority of health-insurance plans for working-age adults, creating a huge cost for business.

In February, Congress called in executives from seven of the world’s largest pharmaceutical companies and asked them: why do drugs here cost so much? The drugmakers’ answer is that America is carrying the cost of research and development for the rest of the world. They argue that if Americans stopped paying such high prices for drugs, investment in innovative treatments would fall. President Trump agrees with this argument, in line with his “America first” narrative, which sees other countries as guilty of freeloading.

For the patients on the trip, the notion is galling: insulin was discovered 100 years ago, by scientists in Canada who sold the patent to the University of Toronto for just $1. The medication has been improved since then but there seems to have been no major innovation to justify tripling the list price for insulin, as happened in the US between 2002 and 2013.

«

Insulin is just one of the many, many cases where Americans are being ripped off by drugs companies.
unique link to this extract

---

An exclusive look inside Apple’s A13 Bionic chip • WIRED

Om Malik:

»

So what happens inside the A13 Bionic when it goes to work? The general concept involves assignments, delegation, and hand-offs. For low-energy tasks—say opening and reading email—the iPhone will use the more efficient cores. But for more intense tasks like loading complex web pages, the high-performance cores take charge. For some routine and well established machine-learning work, the neural engine can hum along by itself. But for newer, more cutting-edge machine-learning models, the CPU and its specialized machine-learning accelerators lend a helping hand.

Apple’s secret, though, lies in the way all of these various parts of the chip work together in a way that conserves battery power. In a typical smartphone chip, parts of the chip are turned on to do particular tasks. Think of it as turning on the power for an entire neighborhood for them to eat dinner and watch Game of Thrones, then turning the power off, then switching on the power for another neighborhood that wants to play videogames.

With the A13, think of doing the same on-and-off approach, but on a single home basis. Fewer electrons go to waste.

“Machine learning is running during all of that, whether it’s managing your battery life or optimizing performance,” [marketing chief Phil] Schiller said. “There wasn’t machine learning running 10 years ago. Now, it’s always running, doing stuff.”

In the end, the progression of this technology is dictated by simple things we humans want from our phones—intense games that run as smoothly on a mobile handset as a console, or a camera that takes beautiful and clean photos in the middle of the dimly lit night. As we tap and swipe, Apple’s engineers are paying attention, retooling their designs, and working on a chip for next year that will entice us to upgrade all over again.

«

This article is a bit all over the place; I think the problem is you really need someone who understands chips very deeply, and gets deep details, to make sense out of it. Schiller and a member of the chip team drop some little tidbits, but I think Malik would have done better just to print the transcript of the interview. Someone would have been able to decode it.
unique link to this extract

---

Here’s how to avoid iOS 13 — if you want to • The Verge

Barbara Krasnoff:

»

If you’re an adventurous iPhone user who doesn’t mind dealing with possible issues, then enjoy your new operating system. But if you depend heavily on your phone for day-to-day tasks and don’t want to deal with what may be a buggy upgrade, caution may be the order of the day. Apple has promised that version 13.1, which will contain a number of bug fixes and new features, will be following shortly; in fact, the upgrade should be available on September 24th, just days after iOS 13 launches.

If you’d rather be safe than sorry, then it’s easy to avoid the iOS 13 update. All you have to do is turn off Automatic Updates.

• Go to Settings > General > Software Update
• If the Automatic Updates setting is on (which it probably is), tap on it
• Move the toggle to the left (so that it’s no longer green)

Your Automatic Updates setting is now off. In 11 days (or whenever you hear from us that most of the bugs that came with iOS 13 have been swatted), you can just follow the same directions to turn Automatic Updates back on.

«

Probably a good idea if you can bear it. The iOS 13.1 update has been moved forward by six days, which I think – though I would, wouldn’t I? – lends even more credence to the idea that 13.0 was frozen early in order to avoid tariffs that never came. New iPhones are in stores today, so we can find out precisely what version of iOS 13 they’re running. Exciting! (Ish.)
unique link to this extract

---

Errata, corrigenda and ai no corrida: none notified