An iOS bug in AirDrop let anyone temporarily lock-up nearby iPhones

Apple has fixed a bug in iOS 13.3, out today, which let anyone temporarily lock users out of their iPhones and iPads by forcing their devices into an inescapable loop.

Kishan Bagaria found a bug in AirDrop, which allows users to share files between iOS devices. He found the bug let him repeatedly send files to all devices able to accept files within wireless range of an attacker.

When a file is received, iOS blocks the display until the file is accepted or rejected. But because iOS didn’t limit the number of file requests a device can accept, an attacker can simply keep sending files again and again, repeatedly displaying the file accept box, which causes the device to get stuck in a loop.

Using an open-source tool, Bagaria could repeatedly send files again and again to not only a specific target in range, but to any device set to accept files within wireless range.

A demonstration of an “AirDoS” attack (Image: Kishan Bagaria/supplied)

Bagaria calls the bug “AirDoS,” the latter part is short for “denial-of-service,” which effectively denies a user access to their device.

Devices that had their AirDrop setting set to receive files from “Everyone” were mostly at risk. Turning off Bluetooth would effectively prevent the attack, but Bagaria said that the file accept box is so persistent it’s near-impossible to turn off Bluetooth when an attack is under way.

The only other way to stop an attack? “Simply run away,” he said. Once a user is out of wireless range of the attacker, they can turn off Bluetooth.

“I’m not sure how well this’d work in an airplane,” he joked.

Apple fixed the bug by adding a rate-limit that prevents a barrage of requests over a short period of time. But because the bug wasn’t strictly a security vulnerability, Apple said it would not issue a common vulnerability and exposure (CVE) score, typically associated with security-related issues, instead “publicly acknowledge” Bagaria’s findings in the security advisory.

Apple exec Susan Prescott is coming TechCrunch Sessions: Enterprise

Susan Prescott, Apple’s vice president of markets, apps and services, has been at Apple since 2003. She worked with the company’s mythical co-founder Steve Jobs, and has witnessed such milestones as the launch of the iPhone and the iPad. Susan will be coming to TechCrunch Sessions: Enterprise in San Francisco on September 5 to discuss Apple’s enterprise strategy.

Prescott has been closely involved in that from the earliest days of the iPhone, and as she told TechCrunch in a 2018 article on Apple’s enterprise strategy, the company was thinking about the enterprise as a potential market from the start. “Early on we engaged with businesses and IT to understand their needs, and have added enterprise features with every major software release,” she said at the time.

When you think about it, it was in fact the iPhone and the iPad that led to the Consumerization of IT and Bring Your Own Device movements, two huge trends in enterprise IT that began in the 2011 timeframe. Later the company helped grow the business further by partnering with such enterprise stalwarts as IBM, SAP, Cisco, GE and most recently Salesforce along with systems integrators like Deloitte and Accenture. Today, the company offers a range of business tools including Apple Business Chat and Apple Business Manager, an IT management tool for managing Macs, iPhones and iPads and the apps that run on them.

All of that adds up to robust enterprise strategy, and Prescott will discuss all of that and more with TechCrunch editors. We’ll dive into Apple’s history in the enterprise and what it’s doing today to enhance that part of its business.

In all, Prescott has over 25 years of computing industry experience. Before joining Apple in 2003, she worked for Adobe where she had a range of engineering, marketing and management roles. Her last position before joining Apple in 2003 was Vice President of product management and marketing in Adobe’s Creative Professional Solutions group.

Grab your $349 tickets today to join the show and meet amazing enterprise leaders. Don’t wait! Ticket prices go up at the door! If you book 4+ tickets you’ll save 20% – book for your team here.

Artificial intelligence can contribute to a safer world

We all see the headlines nearly every day. A drone disrupting the airspace in one of the world’s busiest airports, putting aircraft at risk (and inconveniencing hundreds of thousands of passengers) or attacks on critical infrastructure. Or a shooting in a place of worship, a school, a courthouse. Whether primitive (gunpowder) or cutting-edge (unmanned aerial vehicles) in the wrong hands, technology can empower bad actors and put our society at risk, creating a sense of helplessness and frustration.

Current approaches to protecting our public venues are not up to the task, and, frankly appear to meet Einstein’s definition of insanity: “doing the same thing over and over and expecting a different result.” It is time to look past traditional defense technologies and see if newer approaches can tilt the pendulum back in the defender’s favor. Artificial Intelligence (AI) can play a critical role here, helping to identify, classify and promulgate counteractions on potential threats faster than any security personnel.

Using technology to prevent violence, specifically by searching for concealed weapons has a long history. Alexander Graham Bell invented the first metal detector in 1881 in an unsuccessful attempt to locate the fatal slug as President James Garfield lay dying of an assassin’s bullet. The first commercial metal detectors were developed in the 1960s. Most of us are familiar with their use in airports, courthouses and other public venues to screen for guns, knives and bombs.

However, metal detectors are slow and full of false positives – they cannot distinguish between a Smith & Wesson and an iPhone. It is not enough to simply identify a piece of metal; it is critical to determine whether it is a threat. Thus, the physical security industry has developed newer approaches, including full-body scanners – which are now deployed on a limited basis. While effective to a point, the systems in use today all have significant drawbacks. One is speed. Full body scanners, for example, can process only about 250 people per hour, not much faster than a metal detector. While that might be okay for low volume courthouses, it’s a significant problem for larger venues like a sporting arena.

Image via Getty Images

Fortunately, new AI technologies are enabling major advances in physical security capabilities. These new systems not only deploy advanced sensors to screen for guns, knives and bombs, they get smarter with each screen, creating an increasingly large database of known and emerging threats while segmenting off alarms for common, non-threatening objects (keys, change, iPads, etc.)

As part of a new industrial revolution in physical security, engineers have developed a welcomed approach to expediting security screenings for threats through machine learning algorithms, facial recognition, and advanced millimeter wave and other RF sensors to non-intrusively screen people as they walk through scanning devices. It’s like walking through sensors at the door at Nordstrom, the opposite of the prison-like experience of metal detectors with which we are all too familiar. These systems produce an analysis of what someone may be carrying in about a hundredth of a second, far faster than full body scanners. What’s more, people do not need to empty their pockets during the process, further adding speed. Even so, these solutions can screen for firearms, explosives, suicide vests or belts at a rate of about 900 people per hour through one lane.

Using AI, advanced screening systems enable people to walk through quickly and provide an automated decision but without creating a bottleneck. This volume greatly improves traffic flow while also improving the accuracy of detection and makes this technology suitable for additional facilities such as stadiums and other public venues such as Lincoln Center in New York City and the Oakland airport.

Apollo Shield’s anti-drone system.

So much for the land, what about the air?   Increasingly drones are being used as weapons. Famously, this was seen in a drone attack last year against Venezuelan president Nicolas Maduro. An airport drone incident drew widespread attention when a drone shut down Gatwick Airport in late 2018 inconveniency stranded tens of thousands of people.

People are rightly concerned about how easy it is to get a gun. Drones are also easy to acquire and operate, and quite difficult to monitor and to defend against. AI is now being deployed to prevent drone attacks, whether at airports, stadiums, or critical infrastructure. For example, new AI-powered radar technology is being used to detect, classify, monitor and safely capture drones identified as dangerous.

Additionally, these systems use can rapidly develop a map of the airspace and effectively create a security “dome” around specific venues or areas. These systems have an integration component to coordinate with on-the-ground security teams and first responders. Some even have a capture drone to incarcerate a suspicious drone. When a threatening drone is detected and classified by the system as dangerous, the capture drone is dispatched and nets the invading drone. The hunter then tows the targeted drone to a safe zone for the threat to be evaluated and if needed, destroyed.

While there is much dialogue about the potential risk of AI affecting our society, there is also a positive side to these technologies. Coupled with our best physical security approaches, AI can help prevent violent incidents.

Apple’s new Sidecar feature is great for users, but third-parties take a hit

Apple has a new feature it’s introducing for the Mac in macOS 10.15 Catalina that is admittedly amazing for anyone like me who happens to have both an iPad and a Mac. It’s called ‘Sidecar,’ and it lets you use your iPad as a second display – wired or wirelessly, and with Apple Pencil support for iPads that work with that stylus.

Based on what we saw at Apple’s WWDC 2019 on stage today, this should work pretty seamlessly out of the box, without anything else to install or configure. It’ll also provide support for Mac apps that already work with drawing tablets, including crucial industry stand-by Adobe Creative Suite.

This is basically something that people have been asking for since day one with the iPad, and as with most obvious omissions in Apple software and features, third-parties sprung up to fill the gap. One of the earliest was Rahul Dewan, an ex-Apple engineer who used his expertise to create Duet Display, a wired/wireless display mirroring and extension app for iPad that continues to be incredibly useful. Likewise, Astropad provides a suite of offerings that can extend your Mac display to your iPad, with specialized offerings targeting digital artists.

And then there’s Wacom, which has long been the default choice for professional artists and animators who need to do the bulk of their work digitally. This company’s Cintiq line was, for a long time, the only real option available for anyone who wanted a high quality drawing tablet that supported stylus input directly on the display. They were also so pricey that you could really only justify picking one up if digital art was what you did for a living.

Wacom has continued to innovate with its Cintiq Pro line, and recently introduced a 16-inch Cintiq that’s far more affordable, likely in part as a response to the iPad line’s widening Apple Pencil support. Other, more affordable alternatives are also plentiful on Amazon .

But Sidecar poses a threat to both Wacom, and especially to those third-party iPad apps mentioned above. Which is, unfortunately, one of the risks you inevitably incur when you build on anyone’s ecosystem.

Apple isn’t shy about incorporating features that it once considered too fringe to do itself into its core platform, even if that steps on the toes of some of its ecosystem partners. The thing is, when it offers clear consumer value, and ups the overall feeling that you’re getting your money’s worth when you invest in their hardware, it’s hard to fault them for doing so.

Review: Apple’s new iPad mini continues to be mini

The iPad mini is super enjoyable to use and is the best size tablet for everything but traditional laptop work. It’s very good and I’m glad Apple updated it.

Using Apple Pencil is aces on the smaller mini, don’t worry about the real estate being an issue if you like to scribble notes or make sketches. It’s going to fall behind a larger iPad for a full time artist but as a portable scratch pad it’s actually far less unwieldy or cumbersome than an iPad Pro or Air will be.

The only caveat? After using the brilliant new Pencil, the old one feels greasy and slippery by comparison, and lacks that flat edge that helps so much when registering against your finger for shading or sketching out curves.

The actual act of drawing is nice and zippy, and features the same latency and responsiveness as the other Pencil-capable models.

The reasoning behind using the old pencil here is likely a result of a combination of design and cost-saving decisions. No flat edge would require a rethink of the magnetic Pencil charging array from the iPad Pro and it is also apparently prohibitively expensive in a way similar to the smart connector. Hence its lack of inclusion on either Air or mini models.

Touch ID feels old and slow when compared to iPad Pro models, but it’s not that bad in a mini where you’re almost always going to be touching and holding it rather than setting it down to begin typing. It still feels like you’re being forced to take an awkward, arbitrary additional action to start using the iPad though. It really puts into perspective how fluidly Face ID and the new gestures work together.

The design of the casing remains nearly identical, making for broad compatibility with old cases and keyboards if you use those with it. The camera has changed positions and the buttons have been moved slightly though, so I would say your mileage may vary if you’re brining old stuff to the table.

The performance of the new mini is absolutely top notch. While it falls behind when compared to the iPad Pro it is exactly the same (I am told, I do not have one to test yet) as the iPad Air. It’s the same on paper though, so I believe it in general and there is apparently no ‘detuning’ or under-clocking happening. This makes the mini a hugely powerful tiny tablet, clearly obliterating anything else in its size class.

The screen is super solid, with great color, nearly no air gap and only lacking tap-to-wake.

That performance comes at a decently chunky price, $399. If you want the best you pay for it.

Last year I took the 12.9” iPad Pro on a business trip to Brazil, with no backup machine of any sort. I wanted to see if I could run TechCrunch from it — from planning to events to editorial and various other multi-disciplinary projects. It worked so well that I never went back and have not opened my MacBook in earnest since. I’ll write that experience up at some point because I think there’s some interesting things to talk about there.

I include that context here because, though the iPad Pro is a whole ass computer and really capable, it is not exactly ‘fun’ to use in non standard ways. That’s where the iPad mini has always shined and continues to do so.

It really is pocketable in a loose jacket or coat. Because the mini is not heavy, it exercises little of the constant torsion and strain on your wrist that a larger iPad does, making it one-handed.

I could go on, but in the end, all that can be said about the iPad mini being “the small iPad” has already been said ad nauseam over the years, beginning with the first round of reviews back in 2012. This really is one of the most obvious choices Apple has in its current iPad lineup. If you want the cheap one, get the cheap one (excuse me, “most affordable” one). And if you want the small one, get the iPad mini.

The rest of the iPads in Apple’s lineup have much more complicated purchasing flow charts — the mini does indeed sell itself.

Back even before we knew for sure that a mini iPad was coming, I wrote about how Apple could define the then very young small tablet market. It did. No other small tablet model has ever made a huge dent on the market, unless you count the swarm of super super crappy Android tablets that people buy in blister packs expecting them to eventually implode as a single hive-mind model.

Here’s how I saw it in 2012:

“To put it bluntly, there is no small tablet market…Two years ago we were talking about the tablet market as a contiguous whole. There was talk about whether anyone would buy the iPad and that others had tried to make consumer tablets and failed. Now, the iPad is a massive success that has yet to be duplicated by any other manufacturer or platform.

But the tablet market isn’t a single ocean, it’s a set of interlocking bodies of water that we’re just beginning to see take shape. And the iPad mini isn’t about competing with the wriggling tadpoles already in the ‘small tablet’ pond, it’s about a big fish extending its dominion.”

Yeah, that’s about right, still.

One huge difference, of course, is that the iPad mini now has the benefit of an enormous amount of additional apps that have been built for iPad in the interim. Apps that provide real, genuine access to content and services on a tablet — something that was absolutely not guaranteed in 2012. How quickly we forget.

In addition to the consumer segment, the iPad mini is also extremely popular in industrial, commercial and medical applications. From charts and patient records to point-of-sale and job site reference, the mini is the perfect size for these kinds of customers. These uses were a major factor in Apple deciding to update the mini.

Though still just as pricey (in comparison) as it was when it was introduced, the iPad mini remains a standout device. It’s small, sleek, now incredibly fast and well provisioned with storage. The smallness is a real advantage in my opinion. It allows the mini to exist as it does without having to take part in the ‘iPad as a replacement for laptops’ debate. It is very clearly not that, while at the same time still feeling more multipurpose and useful than ever. I’m falling in real strong like all over again with the mini, and the addition of Pencil support is the sweetener on top.

Tiger Global returns with a $3M investment to help restaurants deal with delivery apps

Tiger Global has returned to backing early-stage Indian startups after it wrote a $3 million check for CheckMate, a U.S.-Indian startup the helps restaurant deals with the pain of multiple food ordering platforms.

The deal is a Series A and it represents the first time that CheckMate has raised outside funding for its business. It is also a return to early-stage investing in India — where CheckMate’s largest office is — for Tiger Global following a period of relative inactivity.

Founded 2.5 years ago initially as a bill-splitting app, CheckMate provides a platform that unifies food and payments to ease the chaos of working with modern consumer platforms. In this current age, restaurants simply must work with platforms like Uber Eats, Postmates, GrubHub, DoorDash and others to get orders, but the services don’t play together, or even with, existing restaurant systems.

That means that each service requires its own tablet for managing orders. On top of that, none integrate with order systems that print receipts for chefs or point-of-sale software. That means that restaurant staff must not only operate a bunch of iPads to handle the orders, but they have to manually enter them into their ordering systems (to ensure the ticket is processed so the order is cooked) then handle point of sale and bank the order for accounts.

That’s a lot of manual hassle and it’s the core issue that CheckMate aims to solve.

It effectively operates like a bridge that connects the various delivery platforms to a restaurant’s management system. It feeds orders from multiple food delivery services into the ordering system automatically, and feed the sales back into the restaurant management system. That helps keep the orders moving quickly, whilst managing account and sales without manual input.

“Online orders are still treated as a stepchild that’s alien to the business,” CheckMate founder and CEO Vishal Agarwal told TechCrunch in an interview. “With our solution, we inject online orders into the true heart and center of these businesses.”

A ‘wall’ of tablets is commonplace in restaurants as food delivery apps become an increasingly important source of orders

Headquartered in New York, where Agarwal is based, CheckMate has rolled out to over 1,000 locations in the U.S. and it counts Five Guys among its customers. The company recently expanded to Australia with its first customers and Agarwal — previously with e-commerce company Choxi.com — said he is looking for further international growth. The plan to get it, however, is by piggybacking the POS systems it supports, including Brink, Toast, and Revel, rather than establishing CheckMate’s own sales team.

That makes a lot of sense since the POS providers have a major incentive for linking their restaurant customers up with CheckMate because it streamlines their operations and makes their life easier. It also helps keep CheckMate lean and mean.

The team itself is already lean and international. While Agarwal, who comes from India, is based in New York, the rest of his 10-person U.S. team is distributed while the operations and tech team of 25 is located in CheckMate’s India-based office.

Since there are no public APIs, CheckMate has built its own platform in conjunction with food delivery services and now Agarwal — who said he has invested his own money in CheckMate — plans to double down on R&D, and in particular more integrations, by using this Series A raise for hiring.

“Technology in the restaurant sector is under-utilized — I was coming from e-commerce background where technology is everywhere,” he explained. “We quickly realized how much resistance to tech there is and we want to make it easy as possible for operators to adopt our product.”

That simplicity also applies to CheckMate’s pricing model which was recently adjusted. Previously, the company charged a setup fee but that has been abolished in favor of two tiers: $85 per restaurant for up to two platforms, and $100 for unlimited platforms per location.

“As restaurants streamline their operations to take advantage of rapidly increasing online orders, we
expect hundreds of thousands of restaurants to benefit from Checkmate’s unique solution,” Tiger Global partner Scott Shleifer said in a prepared statement.

The deal is an interesting one for Tiger Global, the 17-year-old New York investment firm that just closed a new $3.75 billion fund. The firm became well known for writing bold checks that backed ambitious startups in India a couple of years ago before it put the brakes on that strategy.

According to a multitude of media reports, the firm’s management grew concerned that it was overexposed in India, where it had deployed some $2 billion via deals in unicorns like Flipkart and Uber rival Ola. Flipkart’s exit via a majority investment from Walmart, however, made the firm around $3 billion in returns while it also retained a small stake in the business, which is tipped to have its own IPO in the future.

Tiger Global executive Lee Fixel, who spearheaded the India strategy, is said to have spent the last year working closely with Flipkart to realize the deal. Now that it is done, Tiger Global is said to be returning to investment mode in India, according to a recent Economic Times story. That means that CheckMate may be the first of many as the tiger begins roar again.

Apple’s Watch isn’t the first with an EKG reader but it will matter to more consumers

Apple’s COO Jeff Williams exuberantly proclaimed Apple’s Watch was the first to get FDA clearance as an over-the-counter electrocardiogram (EKG) reader during the special event at Apple headquarters on Wednesday. While Apple loves to be first to things, that statement is false.

AliveCor has held the title of first since late last year for its KardiaMobile device, a $100 stick-like metal unit you attach to the back of a smartphone. Ironically, it also received FDA clearance for the Kardiaband, an ECG reader designed to integrate with the Apple Watch and sold at Apple stores and just this week, the FDA gave the go ahead for AliveCor’s technology to screen for blood diseases, sans blood test.

However, the Apple Watch could be the first to matter to a wider range of consumers. For one, Apple holds a firm 17 percent of the world’s wearables market, with an estimated shipment volume of 28 million units in just 2018. While we don’t know how many AliveCor Kardiaband and KardiaMobile units were sold, it’s very unlikely to be anywhere near those numbers.

For another thing, a lot of people, even those who suspect they have a heart condition, might have some hesitations around getting a separate device just to check. Automatic integration makes it easy for those curious to start monitoring without needing to purchase any extra equipment. Also, while heart disease is the number one killer in the U.S. and affects a good majority of the global population, most of us probably aren’t thinking about our heart rhythm on a daily basis. Integrating an EKG reader straight into the Watch makes monitoring seamless and could take away the fear some may have about finding out how their heart is doing.

Then there’s the Apple brand, itself. Many hospitals are now partnering with Apple to use iPads and it’s reasonable to think there could be some collaboration with the Watch.

“Doctors, hospital systems, health insurers, and self-insured employers don’t want to manage separate partnerships with each of Apple, Xiaomi, Fitbit, Huawei, Garmin, Polar, Samsung, Fossil, and every other wearable manufacturers. They need a cross-platform product that works for all of their patients,” Cardiogram founder and EKG researcher Brandon Ballinger told TechCrunch. “So if Apple becomes the Apple of healthcare, then a company like Cardiogram or AliveCor can become the Microsofts of this space.”

How does this announcement from Apple affect AliveCor? CEO Vic Gundotra shrugs it off. He tells TechCrunch the vast majority of AliveCor’s business is from KardiaMobile, not it’s Apple-integrated ECG reader. “Apple has long alluded they were building something like this into the device,” Gundotra said, “so we’ve been anticipating it.”

The best security and privacy features in iOS 12 and macOS Mojave

September is Apple hardware season, where we expect new iPhones, a new Apple Watch and more. But what makes the good stuff run is the software within.

First revealed earlier this year at the company’s annual WWDC developer event in June, iOS 12 and macOS Mojave focus on a running theme: security and privacy for the masses.

Ahead of Wednesday big reveal, here’s all the good stuff to look out for.

macOS Mojave

macOS Mojave will be the sixth iteration of the Mac operating system, named after a location in California where Apple is based. It comes with dark mode, file stacks, and group FaceTime calls.

Safari now prevents browser fingerprinting and cross-site tracking

What does it do? Safari will use a new “intelligent tracking prevention” feature to prevent advertisers from following you from site to site. Even social networks like Facebook know which sites you visit because so many embed Facebook’s tools — like the comments section or the “Like” button.

Why does it matter? Tracking prevention will prevent ad firms from building a unique “fingerprint” of your browser, making it difficult to serve you targeted ads — even when you’re in incognito mode or private browsing. That’s an automatic boost for personal privacy as these companies will find it more difficult to build up profiles on you.

Camera, microphone, backups now require permission

What does it do? Just like when an app asks you for access to your contacts and calendar, now Mojave will ask for permission before an app can access your FaceTime camera and microphone, as well as location data, backups and more.

Why does it matter? By expanding this feature, it’s much more difficult for apps to switch on your camera without warning or record from your microphone without you noticing. That’s going to prevent surreptitious ultrasonic ad tracking and surveillance by malware that hijack your camera. But also asking permission for access to your backups — often unencrypted — will prevent malware or hackers from quietly stealing your data.

iOS 12

iOS 12 lands on more recent iPhones and iPads, but will bring significant performance boosts to older supported devices, new Maps, smarter notifications and updated AIKit .

Password manager will warn of password reuse

What does it do? iOS 12’s in-built password manager, which stores all your passwords for easy access, will now tell if you’re using the same password across different sites and apps.

Why does it matter? Password reuse is a real problem. If you use the same password on every site, it only takes one site breach to grab your password for every other site you use. iOS 12 will let you know if you’re using a weak password or the same password on different sites. Your passwords are easily accessible with your fingerprint or your passcode.

Two-factor codes will be auto-filled

What does it do? When you are sent a two-factor code — such as a text message or a push notification — iOS 12 will take that code and automatically enter it into the login box.

Why does it matter? Two-factor authentication is good for security — it adds an extra layer of protection on top of your username and password. But adoption is low because two-factor is cumbersome and frustrating. This feature keeps the feature security intact while making it more seamless and less annoying.

USB Restricted Mode makes hacking more difficult

What does it do? This new security feature will lock any accessories out of your device — including USB cables and headphones — when your iPhone or iPad has been locked for more than an hour.

Why does it matter? This is an optional feature — first added to iOS 11.4.1 but likely to be widely adopted with iOS 12 — will make it more difficult for law enforcement (and hackers) to plug in your device and steal your sensitive data. Because your device is encrypted, not even Apple can get your data, but some devices — like GrayKeys — can brute-force your password. This feature will render these devices largely ineffective.

Apple’s event starts Wednesday at 10am PT (1pm ET).

more iPhone Event 2018 coverage