Technology - Google News

Apple iPhone 12 mass production delayed by a month, according to Wall Street Journal - 9to5Mac
Microsoft Teams fixes funny Gifs cyber-attack flaw - BBC News
Germany changes stance on Apple-Google contact tracing project - AppleInsider

Apple iPhone 12 mass production delayed by a month, according to Wall Street Journal - 9to5Mac

Posted: 27 Apr 2020 04:24 AM PDT

Echoing other reports, the Wall Street Journal is today reporting that Apple is about a month behind on iPhone production. This means the iPhone 12 will likely launch later than the usual September window, as a result of the impacts of the coronavirus on the supply chain.

Apple will launch four new iPhone 12 models this year, one 5.4-inch model, one 6.7-inch model, and two 6.1-inch models. This means Apple will be offering its latest flagship devices in new smaller and larger form factors. The current iPhone 11 and iPhone 11 Pro lines feature 5.8-inch, 6.1-inch, and 6.5-inch displays.

The Journal goes on to say that delaying production means Apple's production estimates for the end of the year have also fallen, as more build orders are pushed into 2021. The report says Apple has cut build estimates for the July-December period as much as 20%.

The flagship feature of the iPhone 12 will be a design update and the addition of 5G cellular networking. The new phones are believed to adopt an iPad Pro-like flat edge chassis, harkening back to an Apple phone design last seen with the iPhone 5. Most publications believe Apple will support 5G cellular on every new iPhone 12 model, although the breakdowns as to which SKUs will support sub-6GHz, mmWave, or both, remain a little unclear.

The high-end iPhone 12 models will also feature the LiDAR scanner sensor first seen on the 2020 iPad Pro, to improve augmented reality applications. The new phones will also sport Apple's latest A14 processor, built by TSMC on a new 5-nanometer process.

The Wall Street Journal is by no means the first publication to report delays. Only last week, Apple analyst Ming-Chi Kuo said that the iPhone 12 is a month behind. As Apple engineers cannot fly to China right now, Apple has shifted engineering verification procedures to remote operations, but iterating on problems with the factory is taking more time than under normal circumstances.

Mass production being pushed back does not necessarily mean that the phone release date will also be delayed, but is a good indicator of that. It is very likely that we will see a repeat of the iPhone X or iPhone XR, where Apple announces the phones at a media event in September but customers have to wait a month or two longer before they can buy the handsets.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Let's block ads! (Why?)

Microsoft Teams fixes funny Gifs cyber-attack flaw - BBC News

Posted: 27 Apr 2020 12:30 AM PDT

A security problem in Microsoft Teams meant cyber-attacks could be initiated via funny Gif images, researchers have revealed.

Like many chat apps, Teams lets colleagues send each other whimsical animated Gif images.

But CyberArk researchers discovered a problem that meant viewing a Gif could let hackers compromise an account and steal data.

Microsoft has since patched the security hole, researchers said.

The flaw involved a compromised subdomain serving up the malicious images.

All a user had to do was view the Gif to allow an attacker to scrape data from their account.

If left open, the flaw could have led to widespread data theft, ransomware attacks and corporate espionage, the team added.

Microsoft Teams, like many workplace collaboration tools, has seen huge growth in the past month, due to coronavirus lockdown rules.

This attack involves using a compromised subdomain to steal security tokens when a user loads an image - but the end user would just see the Gif sent to them, and nothing else.

"They will never know that he or she has been attacked - making this vulnerability... very dangerous," the team said.

CyberArk said it notified Microsoft of the vulnerability on 23 March - the day lockdown began in the UK - and a patch was released earlier this week. There is no evidence it was ever exploited by cyber-criminals.

It also warned that a similar attack could be replicated in future on other platforms.

Prof Alan Woodward, from the University of Surrey, said this type of exploit had been seen before, when applications fail to do the necessary checks while bringing in content from servers - in this case "apparently harmless gifs".

While the attack pattern is not easy to set up, it is a workable attack and "could spread very rapidly between all the users", he said.

"It would be a very niche attack, probably reserved for high-value targets.

"It is a really good demonstration of how data, however apparently innocuous, brought into a web based app can be used to sneak snippets of code onto your machine and conduct functions you simply shouldn't be authorised to do," added Prof Woodward.

"It also demonstrates very nicely so-called zero-click attacks - my merely displaying the gif in this attack could potentially work, no clicking in dodgy links or opening booby-trapped documents."

But Prof Woodward added that all software was bound to have security flaws occasionally.

"It's a salutary tale of why you need to keep your software updated," he said

Let's block ads! (Why?)

Germany changes stance on Apple-Google contact tracing project - AppleInsider

Posted: 26 Apr 2020 01:12 PM PDT

Germany has changed its stance on Apple and Google's work to create a contact tracing system for tracking and managing the spread of COVID-19, supporting a privacy-forward decentralized approach instead of using a centralized system.

A graphic explaining how Apple and Google's system would function

On Friday, it was reported Germany and France were disagreeing with Apple and Google over security technicalities and the storage of data in the two tech giants' cross-platform system-level framework for contact tracing. Two days later, it seems that officials from one of the two countries have changed their mind to instead support similar efforts.

Germany was previously looking to create a centralized contact tracing system that relies on a central server, an approach that would allow health officials to be able to directly observe and potentially contact people suspected of carrying COVID-19. A central system approach is viewed as both a security and privacy risk by critics due to the handing over of potentially sensitive medical data to a single source, and paving the way to future state surveillance.

Apple and Google's system instead relies on a decentralized system, where contacts are stored only on user devices until they receive a positive COVID-19 diagnosis, with data only leaving the device upon that confirmation. The countries disagreed with the API's workings, and instead leaned towards the creation of a centralized monitoring system.

On Sunday, Reuters reports Germany has revised its plans to a "decentralized' approach. The country had backed the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) initiative, which relied on a centralized system, but Chancellery Minister Helge Braun and Health Minister Jens Spahn advised of the change away from PEPP-PT to a more private method.

"We will back a decentralized architecture that will only store contacts on devices. That is good for trust," said Braun in an interview.

At this early stage, it is unclear what Germany is planning for its own system, such as whether it will be taking advantage of the Apple and Google API, or if it would work with the Decentralized Privacy-Preserving Proximity Tracing (DP-3T) effort backed by Switzerland, Austria, and Estonia.

So far, it has taken the Fraunhofer HHI research institute off the project, with officials advising the group on Saturday of its removal. "The project will be handed over and others will be able to make use of the results we have achieved so far to build a decentralized solution," said Fraunhofer HHI chief Thomas Wiegand in a memo to employees.

On the news, DP-3T stated it was "very happy to see that Germany is adopting a decentralized approach to contact tracing and we look forward to its next steps implementing such a technique in a privacy-preserving manner."

Let's block ads! (Why?)