The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday January 17, 2018

OnePlus has admitted that the clipboard app in a beta build of its Android OS was beaming back mystery data to a cloud service in China.

Someone calling themselves v1nc, running the latest test version of OnePlus's Oreo-based operating system, revealed in its support forums that unusual activity from the built-in clipboard manager had been detected by their firewall tool.

Upon closer inspection, it was found that the app had been transmitting information to a block of IP addresses registered to Alibaba: the Chinese e-commerce and cloud hosting giant.

While extra logging and telemetry are to be expected from beta software, the fact that data was being siphoned off without warning from a clipboard manager has raised eyebrows; leading some to fear that their copy-paste actions were being snooped on, and to question the privacy protections on their OnePlus handsets.

A rep for OnePlus told Android Police, "Our OnePlus beta program is designed to test new features with a selection of our community. This particular feature was intended for HydrogenOS, our operating system for the China market. We will be updating our global OxygenOS beta to remove this feature."

This should not come as much of a shock to those who follow the China-based OnePlus. In October last year, researchers discovered that OnePlus handsets were collecting unusually detailed reports on user activities—though the manufacturer said at the time that it was only hoarding the data for its internal analytics. One month later, however, it was discovered that some phones had been shipped with a developer kit left active; resulting in the phones sporting a hidden backdoor.

Today's desktop and mobile operating systems are gung-ho in phoning home information about their users (with Microsoft catching flak for Windows 10 telemetry, in particular).

OnePlus later expanded on their response, saying, "The experimental HydrogenOS feature is designed specifically for the Chinese market, where a unique competitive situation between two major web service providers has led to some ecommerce weblinks being blocked. A workaround developed by one of the parties involved sending a token so link sharing would function fully. We were testing a similar feature in the HydrogenOS beta."

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Officials of the Federal Bureau of Investigation are continuing to voice their displeasure with Apple's approach to iPhone security; with one FBI official reportedly calling the company "jerks" and an "evil genius."

Apple has repeatedly made it more difficult to access data on encrypted iPhones—making Apple customers safer from hackers but also preventing the FBI from breaking into phones used by suspected criminals.

FBI forensic expert Stephen Flatley posed the question last week, "At what point is it just trying to one-up things and at what point is it to thwart law enforcement?"

He also said, "Apple is pretty good at evil genius stuff" and described Apple as "jerks" with regards to its approach to iPhone security.

For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

That means, he explained, that "password attempts speed went from 45 passwords a second to one every 18 seconds," referring to the difficulty of cracking a password using a "brute force" method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time; but if the attempts per minute are limited, it becomes much harder and slower to crack.

While Apple has assisted the FBI in some cases, the company has held firm in its stance that strong encryption is vital for keeping its customers safe.

Flatley's comments came one day after FBI Director Christopher Wray called phone encryption "an urgent public safety issue," saying "In fiscal year 2017, we were unable to access the content of 7,775 devices—using appropriate and available technical tools—even though we had the legal authority to do so." He went on to explain, "Each one of those nearly 7,800 devices is tied to a specific subject, a specific defendant, a specific victim, a specific threat."

He said the problem makes it harder for the FBI in investigations related to "human trafficking, counterterrorism, counterintelligence, gangs, organized crime, and child exploitation."

Source: arstechnica.com

Sent to us by: Roy W. Nash

Tesla's Solar Roof tiles are going ahead with installations following their staff-only trial period.

Tesla began manufacturing solar tiles for solar roof installations in December at the Buffalo, New York, factory that it acquired when it purchased SolarCity in 2016. The electric vehicle and energy company said it will start installing the tiles on the homes of reservation holders immediately.

Up until now, Tesla's solar roof installations have only been available for their employees. In an email, Tesla said that it had completed its pilot installation program, which helped to validate reliability and weatherization testing.

Tesla opened up reservations to the general public last May, which required a $1,000 deposit. The company says it will survey, design, and identify permit issues for each customer individually; thus roof costs are going to widely vary.

The idea behind the solar roof was to offer a visually attractive alternative to solar panels. Tesla cited homes that are part of Home Owners' Associations which might not be able to put solar panels on due to aesthetic restrictions. But the company also stressed that their product would make sense for non-restricted homeowners as well, particularly due to the superior durability and an attractive payback period that an inactive regular roof doesn't have.

Tesla plans to work both of the solar roof markets though, saying that they started making traditional solar panels at the Buffalo factory last summer and have so far hired 500 people to keep the process moving.

Source: arstechnica.com

Sent to us by: Roy W. Nash

Apple is handing off Chinese iCloud operations to a local firm in February.

Chinese iCloud customers have been notified that Apple will transfer operations of its cloud storage service to the local firm Guizhou on the Cloud Big Data (GCBD) starting next month.

Apple announced the partnership with GCBD last year and claims the new iCloud operations will help the company comply with Chinese regulations. As of February 28, Apple will start the transfer of Chinese iCloud data to its new data center in Guizhou, where it will be managed by GCBD.

This means that the physical location of Chinese iCloud customers' data will change, but customers shouldn't see any differences on their end of their iCloud accounts. In Apple's message sent to mainland Chinese customers, the company says the new operations setup will "enable us to continue improving the speed and reliability of iCloud and to comply with Chinese regulations."

Chinese customers may be concerned about the safety of their photos, documents, and other iCloud data because GCBD is owned by the Guizhou provincial government. Apple's partnership with GCBD is also another means for China's government to control data accessible within its territory.

Customers are urged to consider the new terms and conditions of iCloud operated by GCBD, and customers who are not comfortable with GCBD partnership can terminate their accounts.

Source: arstechnica.com

Sent to us by: Roy W. Nash