New NASA app puts you in the pilot’s seat of Boeing’s Starliner or SpaceX’s Crew Dragon

NASA has a new app (or web-based game, if you’re on desktop) that provides a simplified simulation of what it’s like to plan and run a commercial crew mission – meaning one of the planned varieties of mission that will actually take place aboard the SpaceX Crew Dragon and Boeing Starliner once they begin flying crews next year.

The app takes you through each part of the process, from spacecraft choice, to mission type, to crew selection and then to the actual launch and docking process. It’s mostly about providing some education aoudad each part of the process, rather than offering up an exhaustively realistic flight simulator – but the docking process with the International Space Station can be handled either on full automatic, or on manual mode – and manual mode is fairly challenging and fun.

[gallery ids="1911680,1911681,1911682,1911683,1911684"]

NASA has included plenty of great info on both the Crew Dragon and the Starliner, and the respective rockets they will launch atop. It also included great bios for 10 actual astronauts you can select from to staff your mission. The launch assembly stage was a bit buggy when I gave it a try on my iPhone, but still workable, and it also provides key info about each element of the launch spacecraft, from boosters to crew capsules and everything in between.

The ‘Rocket Science: Ride 2 Station’ app is a free download, out now on iOS, and also available on the web.

Facebook says government demands for user data are at a record high

Facebook’s latest transparency report is out.

The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first-half of this year compared to the second-half of last year.

That’s the highest number of government demands its received in any reporting period since it published its first transparency report in 2013.

The U.S. government led the way with the most number of requests — 50,741 demands for user data resulting in some account or user data given to authorities in 88% of cases. Facebook said two-thirds of all of the U.S. government’s requests came with a gag order, preventing the company from telling the user about the request for their data.

But Facebook said it was able to release details of 11 so-called national security letters (NSLs) for the first time after their gag provisions were lifted during the period. National security letters can compel companies to turn over non-content data at the request of the FBI. These letters are not approved by a judge, and often come with a gag order preventing their disclosure. But since the Freedom Act passed in 2015, companies have been allowed to request the lifting of those gag orders.

The report also said the social media giant had detected 67 disruptions of its services in 15 countries, compared to 53 disruptions in nine countries during the second-half of last year.

And, the report said Facebook also pulled 11.6 million pieces of content, up from 5.8 million in the same period a year earlier, which Facebook said violated its policies on child nudity and sexual exploitation of children.

Read more:

MacBook Pro 16” first impressions: Return of the Mack

In poker, complacency is a quiet killer. It can steal your forward momentum bit by bit, using the warm glow of a winning hand or two to cover the bets you’re not making until it’s too late and you’re out of leverage. 

Over the past few years, Apple’s MacBook game had begun to suffer from a similar malaise. Most of the company’s product lines were booming, including newer entries like the Apple Watch, AirPods and iPad Pro. But as problems with the models started to mount — unreliable keyboards, low RAM ceilings and anemic graphics offerings — the once insurmountable advantage that the MacBook had compared to the rest of the notebook industry started to show signs of dwindling. 

The new 16” MacBook Pro Apple is announcing today is an attempt to rectify most, if not all, of the major complaints of its most loyal, and vocal, users. It’s a machine that offers a massive amount of upsides for what appears to be a handful of easily justifiable tradeoffs. It’s got better graphics, a bigger display for nearly no extra overall size, a bigger battery with longer life claims and yeah, a completely new keyboard.

I’ve only had a day to use the machine so far, but I did all of my research and writing for this first look piece on the machine, carting it around New York City, through the airport and onto a plane where I’m publishing this now. This isn’t a review, but I can take you through some of the new stuff and give you thoughts based on that chunk of time. 

This is a re-think of the larger MacBook Pro in many large ways. This is a brand new model that will completely replace the 15” MacBook Pro in Apple’s lineup, not an additional model. 

Importantly, the team working on this new MacBook started with no design constraints on weight, noise, size or battery. This is not a thinner machine, it is not a smaller machine, it is not a quieter machine. It is, however, better than the current MacBook Pro in all of the ways that actually count.

Let’s run down some of the most important new things. 

Performance and thermals

The 16” MacBook Pro comes configured with either a 2.6GHz 6-core i7 or a 2.3GHz 8-core i9 from Intel . These are the same processors as the 15” MacBook Pro came with. No advancements here is largely a function of Intel’s chip readiness. 

The i7 model of the 16” MacBook Po will run $2,399 for the base model — the same as the old 15” — and it comes with a 512GB SSD drive and 16GB of RAM. 

Both models can be ordered today and will be in stores at the end of the week.

The standard graphics configuration in the i7 is an AMD Radeon Pro 5300M with 4GB of memory and an integrated Intel UHD graphics 630 chip. The system continues to use the dynamic handoff system that trades power for battery life on the fly.  


The i9 model will run $2,699 and comes with a 1TB drive. That’s a nice bump in storage for both models, into the range of very comfortable for most people. It rolls with an AMD Radeon Pro 5500M with 4GB of memory.

You can configure both models with an AMD Radeon Pro 5500M with 8GB of GDDR6 memory. Both models can also now get up to 8TB of SSD storage – which Apple says is the most on a notebook ever – and 64GB of 2666 DDR4 RAM but I’d expect those upgrades to be pricey.

The new power supply delivers an additional 12w of power and there is a new thermal system to compensate for that. The heat pipe that carries air in and out has been redesigned, there are more fan blades on 35% larger fans that move 28% more air compared to the 15” model. 

The fans in the MacBook Pro, when active, put out the same decibel level of sound, but push way more air than before. So, not a reduction in sound, but not an increase either — and the trade is better cooling. Another area where the design process for this MacBook focused on performance gains rather than the obvious sticker copy. 

There’s also a new power brick which is the same physical size as the 15” MacBook Pro’s adapter, but which now supplies 96w up from 87w. The brick is still as chunky as ever and feels a tad heavier, but it’s nice to get some additional power out of it. 

Though I haven’t been able to put the MacBook Pro through any video editing or rendering tests I was able to see live demos of it handling several 8K streams concurrently. With the beefiest internal config Apple says it can usually handle as many as 4, perhaps 5 un-rendered Pro Res streams.

A bigger display, a thicker body

The new MacBook Pro has a larger 16” diagonal Retina display that has a 3072×1920 resolution at 226 ppi. The monitor features the same 500 nit maximum brightness, P3 color gamut and True Tone tech as the current 15”. The bezels of the screen are narrower, which makes it feel even larger when you’re sitting in front of it. This also contributes to the fact that the overall size of the new MacBook Pro is just 2% larger in width and height, with a .7mm increase in thickness. 

The overall increase in screen size far outstrips the increase in overall body size because of those thinner bezels. And this model is still around the same thickness as the 2015 15” MacBook Pro, an extremely popular model among the kinds of people who are the target market for this machine. It also weighs 4.3 lbs, heavier than the 4.02 lb current 15” model.

The display looks great, extremely crisp due to the increase in pixels and even more in your face because of the very thin bezels. This thing feels like it’s all screen in a way that matches the iPad Pro.

This thick boi also features a bigger battery, a full 100Whr, the most allowable under current FAA limits. Apple says this contributes an extra hour of normal operations in its testing regimen in comparison to the current 15” MacBook Pro. I have not been able to effectively test these claims in the time I’ve had with it so far. 

But it is encouraging that Apple has proven willing to make the iPhone 11 Pro and the new MacBook a bit thicker in order to deliver better performance and battery life. Most of these devices are pretty much thin enough. Performance, please.

Speakers and microphone

One other area where the 16” MacBook Pro has made a huge improvement is the speaker and microphone arrays. I’m not sure I ever honestly expected to give a crap about sound coming out of a laptop. Good enough until I put in a pair of headphones accurately describes my expectations for laptop sound over the years. Imagine my surprise when I first heard the sound coming out of this new MacBook and it was, no crap, incredibly good. 

The new array consists of six speakers arranged so that the subwoofers are positioned in pairs, antipodal to one another (back to back). This has the effect of cancelling out a lot of the vibration that normally contributes to that rattle-prone vibrato that has characterized small laptop speakers pretty much forever.

The speaker setup they have here has crisper highs and deeper bass than you’ve likely ever heard from a portable machine. Movies are really lovely to watch with the built-ins, a sentence I have never once felt comfortable writing about a laptop. 

Apple also vents the speakers through their own chambers, rather than letting sound float out through the keyboard holes. This keeps the sound nice and crisp, with a soundstage that’s wide enough to give the impression of a center channel for voice. One byproduct of this though is that blocking one or another speaker with your hand is definitely more noticeable than before.

The quality of sound here is really very, very good. The HomePod team’s work on sound fields apparently keeps paying dividends. 

That’s not the only audio bit that’s better now though, Apple has also put in a 3-mic array for sound recording that it claims has a high enough signal-to-noise ratio that it can rival standalone microphones. I did some testing here comparing it to the iPhone’s mic and it’s absolutely night and day. There is remarkably little hiss present here and artists that use the MacBook as a sketch pad for vocals and other recording are going to get a really nice little surprise here.

I haven’t been able to test it against external mics myself but I was able to listen to rigs that involved a Blue Yeti and other laptop microphones and the MacBook’s new mic array was clearly better than any of the machines and held its own against the Yeti. 

The directional nature of many podcast mics is going to keep them well in advance of the internal mic on the MacBook for the most part, but for truly mobile recording setups the MacBook mic just went from completely not an option to a very viable fallback in one swoop. It really has to be listened to in order to get it. 

I doubt anyone is going to buy a MacBook Pro for the internal mic, but having a ‘pro level’ device finally come with a pro level mic on board is super choice. 

I think that’s most of it, though I feel like I’m forgetting something…

Oh right, the Keyboard

Ah yes. I don’t really need to belabor the point on the MacBook Pro keyboards just not being up to snuff for some time. Whether you weren’t a fan of the short throw on the new butterfly keyboards or you found yourself one of the many people (yours truly included) who ran up against jammed or unresponsive keys on that design — you know that there has been a problem.

The keyboard situation has been written about extensively by Casey Johnston and Joanna Stern and complained about by every writer on Twitter over the past several years. Apple has offered a succession of updates to that keyboard to attempt to make it more reliable and has extended warranty replacements to appease customers. 

But the only real solution was to ditch the design completely and start over. And that’s what this is: a completely new keyboard.

Apple is calling it the Magic Keyboard in homage to the iMac’s Magic Keyboard (but not identically designed). The new keyboard is a scissor mechanism, not butterfly. It has 1mm of key travel (more, a lot more) and an Apple-designed rubber dome under the key that delivers resistance and springback that facilitates a satisfying key action. The new keycaps lock into the keycap at the top of travel to make them more stable when at rest, correcting the MacBook Air-era wobble. 

And yes, the keycaps can be removed individually to gain access to the mechanism underneath. And yes, there is an inverted-T arrangement for the arrow keys. And yes, there is a dedicated escape key.

Apple did extensive physiological research when building out this new keyboard. One test was measuring the effect of a keypress on a human finger. Specifically, they measured the effect of a key on the pacinian corpuscles at the tips of your fingers. These are onion-esque structures in your skin that house nerve endings and they are most sensitive to mechanical and vibratory pressure. 

Apple then created this specialized plastic dome that sends a specific vibration to this receptor making your finger send a signal to your brain that says ‘hey you pressed that key.’ This led to a design that gives off the correct vibration wavelength to return a satisfying ‘stroke completed’ message to the brain.

There is also more space between the keys, allowing for more definitive strokes. This is because the keycaps themselves are slightly smaller. The spacing does take some adjustment, but by this point in the article I am already getting pretty proficient and am having more grief from the autocorrect feature of Catalina than anything else. 

Notably, this keyboard is not in the warranty extension program that Apple is applying to its older keyboard designs. There is a standard 1 year warranty on this model, a statement by the company that they believe in the durability of this new design? Perhaps. It has to get out there and get bashed on by more violent keyboard jockeys than I for a while before we can tell whether it’s truly more resilient. 

But does this all come together to make a more usable keyboard? In short, yes. The best way to describe it in my opinion is a blend between the easy cushion of the old MacBook Air and the low profile stability of the Magic Keyboard for iMac. It’s truly one of the best feeling keyboards they’ve made in years and perhaps ever in the modern era. I reserve the right to be nostalgic about deep throw mechanical keyboards in this regard, but this is the next best thing. 

Pro, or Pro

In my brief and admittedly limited testing so far, the 16” MacBook Pro ends up looking like it really delivers on the Pro premise of this kind of machine in ways that have been lacking for a while in Apple’s laptop lineup. The increased storage caps, bigger screen, bigger battery and redesigned keyboard should make this an insta-buy for anyone upgrading from a 2015 MacBook Pro and a very tempting upgrade for even people on newer models that have just never been happy with the typing experience. 

Many of Apple’s devices with the label Pro lately have fallen into the bucket of ‘the best’ rather than ‘for professionals’. This isn’t strictly a new phenomenon for Apple, but more consumer centric devices like the AirPods Pro and the iPhone Pro get the label now than ever before. 

But the 16” MacBook Pro is going to alleviate a lot of the pressure Apple has been under to provide an unabashedly Pro product for Pro Pros. It’s a real return to form for the real Mack Daddy of the laptop category. As long as this new keyboard design proves resilient and repairable I think this is going to kick off a solid new era for Apple portables.

Facebook says a bug caused its iPhone app’s inadvertent camera access

Facebook has faced a barrage of concern over an apparent bug that resulted in the social media giant’s iPhone app exposing the camera as users scroll through their feed.

A tweet over the weekend blew up after Joshua Maddux tweeted a screen recording of the Facebook app on his iPhone. He noticed that the camera would appear behind the Facebook app as he scrolled through his social media feed.

Several users had already spotted the bug earlier in the month. One person called it “a little worrying.”

Some immediately assumed the worst — as you might expect, given the long history of security vulnerabilities, data breaches and inadvertent exposures at Facebook over the past year. Just last week, the company confirmed that some developers had improperly retained access to some Facebook user data for more than a year.

Will Strafach, chief executive at Guardian Firewall, said it looked like a “harmless but creepy looking bug.”

The bug appears to only affect iPhone users running the latest iOS 13 software, and those who have already granted the app access to the camera and microphone. It’s believed the bug relates to the “story” view in the app, which opens the camera for users to take photos.

One workaround is to simply revoke camera and microphone access to the Facebook app in their iOS settings.

Facebook vice president of integrity Guy Rosen tweeted this morning that it “sounds like a bug” and the company was investigating. Only after we published, a spokesperson confirmed to TechCrunch that the issue was in fact a bug.

“We recently discovered that version 244 of the Facebook iOS app would incorrectly launch in landscape mode,” said the spokesperson. “In fixing that issue last week in v246 — launched on November 8th — we inadvertently introduced a bug that caused the app to partially navigate to the camera screen adjacent to News Feed when users tapped on photos.”

“We have seen no evidence of photos or videos being uploaded due to this bug,” the spokesperson added. The bug fix was submitted for Apple’s approval today.

“I guess it does say something when Facebook trust has eroded so badly that it will not get the benefit of the doubt when people see such a bug,” said Strafach.

Updated with Facebook comment.

Foursquare CEO calls on Congress to regulate the location data industry

The chief executive of Foursquare, one of the largest location data platforms on the internet, is calling on lawmakers to pass legislation to better regulate the wider location data industry amid abuses and misuses of consumers’ personal data.

It comes in the aftermath of the recent location sharing scandal, which revealed how bounty hunters were able to get a hold of any cell subscriber’s real-time location data by obtaining the records from the cell networks. Vice was first to report the story. Since then there have been numerous cases of abuse — including the mass collection of vehicle locations in a single database, and popular iPhone apps that were caught collecting user locations without explicit permission.

The cell giants have since promised to stop selling location data but have been slow to act on their pledges.

“It’s time for Congress to regulate the industry,” said Foursquare’s chief executive Jeff Glueck (shown on the left in the photo above) in an op-ed in The New York Times on Wednesday.

In his opinion piece, Glueck called on Congress to push for a federal regulation that enforces three points.

Firstly, phone apps should not be allowed to access location data without explicitly stating how it will be used. Apple has already introduced a new location tracking privacy feature that tells users where their apps track them, and is giving them options to restrict that access — but all too often apps are not clear about how they use data beyond their intended use case.

“Why, for example, should a flashlight app have your location data?,” he said, referring to scammy apps that push for device permissions they should not need.

Second, the Foursquare chief said any new law should provide greater transparency around what app makers do with location data, and give consumers the ability to opt-out. “Consumers, not companies, should control the process,” he added. Europe’s GDPR already allows this to some extent, as will California’s incoming privacy law. But the rest of the U.S. is out of luck unless the measures are pushed out federally.

And, lastly, Glueck said anyone collecting location data should promise to “do no harm.” By that, he said companies should apply privacy-protecting measures to all data uses by not discriminating against individuals based on their religion, sexual orientation or political beliefs. That would make it illegal for family tracking apps, for example, to secretly pass on location data to healthcare or insurance providers who might use that data to hike up a person’s premiums above normal rates by monitoring their driving speeds, he said.

For a business that relies on location data, it’s a gutsy move.

But Glueck hinted that businesses like Foursquare would be less directly affected as they already take a more measured and mindful approach to privacy, whereas the fast and loose players in the location data industry would face greater scrutiny and more enforcement action.

“These steps are necessary, but they’re not sufficient,” said Glueck. But he warned that Congress could do “great damage” if lawmakers fail to sufficiently push overly burdensome regulations on smaller companies, which could increase overheads, put companies out of business and have a negative effect on competition.

“There’s no good reason that companies won’t be able to comply with reasonable regulation,” said Glueck.

“Comprehensive regulation will support future innovation, weed out the bad companies and earn the public trust,” he said.

Nomad’s new Base Station Pro offers a taste of what Apple’s AirPower had promised

Accessory maker Nomad already offers a couple of excellent wireless chargers that work great with Apple and other Qi-compatible devices, but they’re introducing a new one that could be their most versatile yet. Using technology provided by partner Aira, called “FreePower,” the new Nomad Base Station Pro will be able to charge up to three devices at once placed in any orientation on its surface — cool both because of the three-device simultaneous support and the fact that you don’t have to make sure the gadget you’re charging is lined up exactly right on the charger, as is typically the case.

This is pretty similar to what Apple’s AirPower promised, before its unfortunate demise. The hardware similarly makes use of a matrix of multiple charging coils, which interlink to offer charging capabilities across the surface of the Base Station Pro. Perhaps intentionally, Aira’s website URL is “airapower.com,” one letter off from Apple’s shelved first-party accessory.

Nomad’s charger inherits the same aesthetics of the company’s existing chargers, which means you get a black soft leather surface for putting your devices on top of, and the surrounding frame is made of slate-gray aluminum. The charger should look and feel very premium, if Nomad’s other Base Stations are any indication.

The Base Station Pro supports charging speeds of up to 5W each, which is not the max supported by the iPhone or other devices — but according to Aira co-founder Jake Slatnick, that’s not actually much of a limitation at all.

“An interesting detail that we’ve learned through benchmarking is that our 5W output charge time is comparable to other 10W advertised chargers,” Slatnick explained via email. “It turns out, as soon as the phone starts to heat up, the charge speed slows down significantly, usually below 5W. The 7.5W+ chargers seem to only last at those speeds for a few minutes. We think the performance right now is on par with everything else and that it shouldn’t be noticeable to most users.”

The Nomad Base Station Pro supports up to three devices, all at 5W; you could use it to charge say, two iPhones and AirPods with Apple’s wireless charging case all at once.

Nomad also includes a 27W USB-C charger with Power Delivery in the box with the Base Station Pro, and a USB-C cable to connect to the charger. This probably will be a fairly premium-priced piece of hardware, but we’ll find out for sure when pre-orders begin in November.

The one significant way this differs from what Apple was building, at least for Apple fans, is that it doesn’t provide charging for the Apple Watch. Nomad has a Base Station model that offers an integrated Apple Watch charger, but of course with that you’re not getting the “place anywhere” overlapping coil design built for this new model.

Nintendo’s ‘Mario Kart Tour’ is out now for iPhone and iPad

Mario Kart Tour, Nintendo’s latest mobile game, is now available on iOS for iPhone, iPad and iPod touch. The game, like Nintendo’s other iOS releases, is free-to-play with in-app purchases (in-game currency called ‘rubies’) that you use for upgrades and unlocks.

Players immediately unlock one rider and get a tutorial to start, which introduces you to the Mario Kart Tour driving mechanics, which are slightly different than the ones you’re probably used to if you’ve played Mario Kart games for Nintendo’s various consoles. Specifically, your kart will always be moving forward, so there’s no acceleration to press, and instead you slide your finger side-to-side on the screen to steer left and right, with a tap firing off any items or weapons you might pick up.

High scores earn you points that can be redeemed for in-game unlocks, and the game also features other new mechanics like ‘frenzy mode,’ which gives you a timed period of unlimited item use whenever you pick up three of the same. Special challenges are also new in this mobile iteration, which introduce new ways to win instead of just placing first in a race with other kart drivers. Mario Kart Tour also features online ranking with other mobile players worldwide.

The ‘Tour’ component of the game is also a new twist: Nintendo is mixing courses inspired by real-world cities in with levels that are taken from classic Mario Kart games, and these will be cycling every two weeks for a fresh global tour on a regular basis. In-game characters will also get costume variants that are inspired by these globe-trotting destinations.

Based on Nintendo’s past track record, Mario Kart Tour should be perfectly playable without any in-game purchases, but players may feel that they hit a progression wall pretty quickly without picking up some currency. It’ll be interesting to see how this one fares, given that Apple has just introduced its own Arcade subscription service focused on games that eschew in-app purchase mechanics – including cart racer Sonic Racing, which looks very much like it was once intended to offer similar in-app mechanics before Arcade came along.

Apple says a bug may grant ‘full access’ to third-party keyboards by mistake

Apple is warning users of an iOS bug involving third-party keyboards.

In a brief advisory posted Tuesday, the tech giant said the bug impacts third-party keyboards which have the ability to request “full access” permissions.

Third-party keyboards can either run as standalone or, with “full access” they can talk to other apps or get internet access for additional features, like spell check. But “full access” also allows the keyboard maker to capture keystroke data or anything you type — like emails, messages or passwords — to its servers.

This bug, however, may allow third-party keyboards to gain full access permissions — even if it was not approved

Apple didn’t say much more about the problem. A spokesperson did not comment beyond the advisory. But the advisory said that the bug doesn’t affect iOS’ in-built keyboard.

The bug will be fixed in an upcoming software update.

Tibetans hit by the same mobile malware targeting Uyghurs

A recently revealed mobile malware campaign targeting Uyghur Muslims also ensnared a number of senior Tibetan officials and activists, according to new research.

Security researchers at the University of Toronto’s Citizen Lab say some of the Tibetan targets were sent specifically tailored malicious web links over WhatsApp, which, when opened, stealthily gained full access to their phone, installed spyware and silently stole private and sensitive information.

The exploits shared “technical overlaps” with a recently disclosed campaign targeting Uyghur Muslims, an oppressed minority in China’s Xinjiang state. Google last month disclosed the details of the campaign, which targeted iPhone users, but did not say who was targeted or who was behind the attack. Sources told TechCrunch that Beijing was to blame. Apple, which patched the vulnerabilities, later confirmed the exploits targeted Uyghurs.

Although Citizen Lab would not specify who was behind the latest round of attacks, the researchers said the same group targeting both Uyghurs and Tibetans also utilized Android exploits. Those exploits, recently disclosed and detailed by security firm Volexity, were used to steal text messages, contact lists and call logs, as well as watch and listen through the device’s camera and microphone.

It’s the latest move in a marked escalation of attacks on ethnic minority groups under surveillance and subjection by Beijing. China has long claimed rights to Tibet, but many Tibetans hold allegiance to the country’s spiritual leader, the Dalai Lama. Rights groups say China continues to oppress the Tibetan people, just as it does with Uyghurs.

A spokesperson for the Chinese consulate in New York did not return an email requesting comment, but China has long denied state-backed hacking efforts, despite a consistent stream of evidence to the contrary. Although China has recognized it has taken action against Uyghurs on the mainland, it instead categorizes its mass forced detentions of more than a million Chinese citizens as “re-education” efforts, a claim widely refuted by the west.

The hacking group, which Citizen Lab calls “Poison Carp,” uses the same exploits, spyware and infrastructure to target Tibetans as well as Uyghurs, including officials in the Dalai Lama’s office, parliamentarians and human rights groups.

Bill Marczak, a research fellow at Citizen Lab, said the campaign was a “major escalation” in efforts to access and sabotage these Tibetans groups.

In its new research out Tuesday and shared with TechCrunch, Citizen Lab said a number of Tibetan victims were targeted with malicious links sent in WhatsApp messages by individuals purporting to work for Amnesty International and The New York Times. The researchers obtained some of those WhatsApp messages from TibCERT, a Tibetan coalition for sharing threat intelligence, and found each message was designed to trick each target into clicking the link containing the exploit. The links were disguised using a link-shortening service, allowing the attackers to mask the full web address but also gain insight into how many people clicked on a link and when.

“The ruse was persuasive,” the researchers wrote. During a week-long period in November 2018, the targeted victims opened more than half of the attempted infections. Not all were infected, however; all of the targets were running non-vulnerable iPhone software.

One of the specific social engineering messages, pretending to be an Amnesty International aid worker, targeting Tibetan officials (Image: Citizen Lab/supplied)

The researchers said tapping on a malicious link targeting iPhones would trigger a chain of exploits designed to target a number of vulnerabilities, one after the other, in order to gain access to the underlying, typically off-limits, iPhone software.

The chain “ultimately executed a spyware payload designed to steal data from a range of applications and services,” said the report.

Once the exploitation had been achieved, a spyware implant would be installed, allowing the attackers to collect and send data to the attackers’ command and control server, including locations, contacts, call history, text messages and more. The implant also would exfiltrate data, like messages and content, from a hardcoded list of apps — most of which are popular with Asian users, like QQMail and Viber.

Apple had fixed the vulnerabilities months earlier (in July 2018); they were later confirmed as the same flaws found by Google earlier this month.

“Our customers’ data security is one of Apple’s highest priorities and we greatly value our collaboration with security researchers like Citizen Lab,” an Apple spokesperson told TechCrunch. “The iOS issue detailed in the report had already been discovered and patched by the security team at Apple. We always encourage customers to download the latest version of iOS for the best and most current security enhancements.”

Meanwhile, the researchers found that the Android-based attacks would detect which version of Chrome was running on the device and would serve a matching exploit. Those exploits had been disclosed and were “obviously copied” from previously released proof-of-concept code published by their finders on bug trackers, said Marczak. A successful exploitation would trick the device into opening Facebook’s in-app Chrome browser, which gives the spyware implant access to device data by taking advantage of Facebook’s vast number of device permissions.

The researchers said the code suggests the implant could be installed in a similar way using Facebook Messenger, and messaging apps WeChat and QQ, but failed to work in the researchers’ testing.

Once installed, the implant downloads plugins from the attacker’s server in order to collect contacts, messages, locations and access to the device’s camera and microphone.

When reached, Google did not comment. Facebook, which received Citizen Lab’s report on the exploit activity in November 2018, did not comment at the time of publication.

“From an adversary perspective what makes mobile an attractive spying target is obvious,” the researchers wrote. “It’s on mobile devices that we consolidate our online lives and for civil society that also means organizing and mobilizing social movements that a government may view as threatening.”

“A view inside a phone can give a view inside these movements,” they said.

The researchers also found another wave of links trying to trick a Tibetan parliamentarian into allowing a malicious app access to their Gmail account.

Citizen Lab said the threat from the mobile malware campaign was a “game changer.”

“These campaigns are the first documented cases of iOS exploits and spyware being used against these communities,” the researchers wrote. But attacks like Poison Carp show mobile threats “are not expected by the community,” as shown by the high click rates on the exploit links.

Gyatso Sither, TibCERT’s secretary, said the highly targeted nature of these attacks presents a “huge challenge” for the security of Tibetans.

“The only way to mitigate these threats is through collaborative sharing and awareness,” he said.

Amazon might reveal fitness-tracking Alexa wireless earbuds, Echo with better sound this week

Amazon is building wireless earbuds that offer Alexa voice assistant access, and fitness tracking for use during activities, according to a new report from CNBC. These earbuds, combined with a new, larger Echo designed to provide more premium sound, could feature into Amazon’s hardware event taking place this Wednesday in Seattle, though the outlet is unclear on the release timeline for this gear based on its source.

These earbuds would be a major new product for Amazon, and would be the company’s first foray into personal health and fitness devices. While Amazon has either built or bought products in a wide range of connected gadget categories, including smart home and smart speakers in particular, so far it hasn’t seemed all that aggressive in personal health, even as Apple, Samsung and others have invested heavily in these areas.

CNBC’s report says that these new Alexa buds will have an accelerometer on board for measuring motion, and will be able to also provide distance tracking, calories burned and pace – in other words, all the things that you’d expect to track with a fitness wearable like the Apple Watch or a Fitbit.

Leaving aside their fitness features, earbuds would provide Amazon a way to deliver a more portable Alexa for people to take with them outside of the house. The company has partnered with other headphone makers on similar third-party Alexa integrations, and they’ve also experimented with bringing Alexa to the car, for instance, but it’s largely still a home-based assistant, successful as its been.

Helping the appeal of these reported new products, the buds are said to be retailing for under $100, which will put them at a big price advantage when compared to similar offerings from either dedicated audio companies and headphone makes, and to potential rivals like Apple’s AirPods. Though the report indicates that they’ll still rely on being connected to an iPhone or Android device for connectivity, as they won’t have their own data connection.

Amazon is also readying a bigger echo that has a built-in woofer and overall better sound than its existing lineup, according to CNBC . That mirrors a report from July from Bloomberg that also said Amazon was readying a high-end echo, with a planned launch for next year.

Some or all of these new hardware devices could make their debut at Wednesday’s event, but it seems likely a lot of what we’ll see will be a surprise.