Connect with us

Gadgets

Google says its app store will continue to work for existing Huawei smartphone owners – TechCrunch

Published

on

Google said today that existing users of Huawei Android devices can continue to use Google Play app store, offering some relief to tens of millions of users worldwide even as it remains unclear if the Chinese tech giant will be able to use the fully-functioning version of Android in its future phones.

Existing Huawei phone users will also be able to enjoy security protections delivered through Google Play Protect, the company said in a statement to TechCrunch. Google Play Protect is a built-in malware detector that uses machine learning to detect and weed out rogue apps. Google did not specify whether Huawei devices will receive future Android updates.

The statement comes after Reuters reported on Sunday that Google is suspending some businesses with Huawei, the world’s second largest smartphone maker that shipped over 200 million handsets last year. The report claimed, a point not addressed by Google, that future Android devices from Huawei will not run Google Mobile Services, a host of services offered by Google including Google Play Store, and email client Gmail. A Huawei spokesperson said the company is looking into the situation but has nothing to share beyond this.

 

It’s a major setback for Huawei, which unless resolved in the next few weeks, could significantly disrupt its phone business outside of China. The top Android phone vendor, which is already grappling with controversy over security concerns, will have to rethink its software strategy for future phones if there is no resolution. Dearth — or delay in delivery — of future Android updates would also hurt the company’s reputation among its customers around the globe.

“We are complying with the order and reviewing the implications,” a company spokesperson said in a statement.

The two tech companies find themselves in this awkward situation as a result of the latest development in the ongoing U.S-China trade war. Huawei and 70 of its affiliates have been put on an “entity list” by the U.S. Commerce Department over national security concerns, requiring local giants such as Google and Intel to take approval from the government before conducting business with the Chinese firm.

Huawei may have already foreseen this. A company executive revealed recently that Huawei had built its own Android-based operating system in case a future event prevented it from using existing systems. Per Reuters, Huawei can also continue to use AOSP, the open source Android operating system that ships stripped off Google Mobile Services. And on paper, it can also probably have an app store of its own. But convincing enough stakeholders to make their apps available on Huawei’s store and continually push updates could prove incredibly challenging.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Gadgets

VPN servers seized by Ukrainian authorities weren’t encrypted

Published

on

Privacy-tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them.

The Ontario, Canada-based company said earlier this month that two servers hosted in Ukraine were seized as part of an investigation into activity that had occurred a year earlier. The servers, which ran the OpenVPN virtual private network software, were also configured to use a setting that was deprecated in 2018 after security research revealed vulnerabilities that could allow adversaries to decrypt data.

“On the disk of those two servers was an OpenVPN server certificate and its private key,” a Windscribe representative wrote in the July 8 post. “Although we have encrypted servers in high-sensitivity regions, the servers in question were running a legacy stack and were not encrypted. We are currently enacting our plan to address this.”

Guarantees negated

Windscribe’s admission underscores the risks posed by an explosion of VPN services in recent years, many from businesses few people have heard of before. People use VPNs to funnel all their Internet traffic into an encrypted tunnel, to prevent people connected to the same network from being able to read or tamper with data or to detect the IP addresses of the two parties communicating. The VPN service then decrypts the traffic and sends it to its final destination.

By failing to follow standard industry practices, Windscribe largely negated those security guarantees. While the company attempted to play down the impact by laying out the requirements an attacker would have to satisfy to be successful, those conditions are precisely the ones VPNs are designed to protect against. Specifically, Windscribe said, the conditions and the potential consequences are:

  • The attacker has control over your network and can intercept all communications (privileged position for MITM attack)
  • You are using a legacy DNS resolver (legacy DNS traffic is unencrypted and subject to MITM)
  • The attacker has the ability to manipulate your unencrypted DNS queries (the DNS entries used to pick an IP address of one of our servers)
  • You are NOT using our Windscribe applications (our apps connect via IP and not DNS entries)

The potential impact for the user if all of the above conditions are true:

  • An attacker would be able to see unencrypted traffic inside of your VPN tunnel
  • Encrypted conversations like HTTPS web traffic or encrypted messaging services would not be affected
  • An attacker would be able to see the source and destinations of traffic

It’s important to remember that:

  • Most internet traffic is encrypted (HTTPS) inside of your VPN tunnel
  • No historical traffic is at risk thanks to PFS (perfect forward secrecy) which prevents decryption of historical traffic, even if one possesses the private key for a server
  • No other protocols supported by our servers are affected, only OpenVPN

Three years late

Besides the lack of encryption, the company also uses data compression to improve network performance. Research presented at the 2018 Black Hat security conference in Las Vegas disclosed an attack known as Voracle, which uses clues left behind in compression to decrypt data protected by OpenVPN-based VPNs. A few months later, OpenVPN deprecated the feature.

The privacy-tools maker said it’s in the process of overhauling its VPN offering to provide better security. Changes include:

  • Discontinuing use of its current OpenVPN certificate authority in favor of a new one that “follows industry best practices, including the use of an intermediate certificate authority (CA)”
  • Transitioning all servers to operate as in-memory servers with no hard disk backing. This means that any data the machines contain or generate, live solely in RAM and can’t be accessed once a machine has been shut off or rebooted
  • Implementing a forked version of Wireguard as the primary VPN protocol.
  • Deploying “resilient authentication backend” to allow VPN servers to function even if there is a complete outage of core infrastructure.
  • Enabling new application features, such as the ability to change IP addresses without disconnecting, request a specific and static IP, and “multi-hop, client side R.O.B.E.R.T. rules that are not stored in any database.”

Windscribe representatives didn’t respond to an email seeking comment for this post. It’s not clear how many active users the service has. The company’s Android app, however, lists more than 5 million installs, an indication that the user base is likely large.

The seizure of the Windscribe servers underscores the importance of the kind of basic VPN security hygiene that the company failed to follow. That, in turn, emphasizes the risks posed when people rely on little-known or untested services to shield their Internet use from prying eyes.

Continue Reading

Gadgets

iOS 14.7.1 and macOS 11.5.1 arrive with one bug fix and one security fix

Published

on

Enlarge / Apple executive Craig Federighi unveiled iOS 15 this summer. That version is coming later this year.

Apple has issued a new software update for iPhones, iPads, and Macs just a few days after the company launched macOS 10.15 and iOS/iPadOS 14.7.

The updates add no new features, but the iPhone update fixes one bug. From Apple’s release notes:

iOS 14.7.1 fixes an issue where iPhone models with Touch ID cannot unlock a paired Apple Watch using the Unlock with iPhone feature. This update also provides important security updates and is recommended for all users.

As for macOS, there are no listed changes besides security updates. And Apple lists the same security update for iOS, iPadOS, and macOS. Here are the details from Apple’s support hub:

IOMobileFrameBuffer

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30807: an anonymous researcher

Last week, Apple released software updates for all its platforms, including iOS 14.7, iPadOS 14.7, and macOS 10.15. Among other things, iOS 14.7 added support for the new MagSafe Battery Pack accessory, introduced a new multiuser Apple Card Family feature, and made several small tweaks throughout the operating system. macOS 10.15 was a smaller update that came a few days later; it simply added a new way to sort shows in the Podcasts app and fixed a couple of bugs.

Apple’s software releases tend to follow a common pattern. Top-level numbers like “iOS 13” or “iOS 13” are annual releases that introduce a bunch of significant new features or changes. Then, any update with a number after one decimal point (like iOS 14.7) adds at least one new feature and a handful of bug fixes. When you see another number after another decimal point—as in this case with iOS 14.7.1—you’re usually looking at an update that targets one or two bugs or security vulnerabilities but doesn’t add new features.

Today’s follow-up software updates are available to all supported devices right now.

Continue Reading

Gadgets

Report: The iPhone 14 will be a major upgrade, and it will be made of titanium

Published

on

Enlarge / The back of the iPhone 12 Pro.

Samuel Axon

A new investor note from JPMorgan Chase seen by AppleInsider and MacRumors claims that Apple’s high-end iPhone models will soon use titanium alongside or instead of aluminum or stainless steel. It also provides new insights about what to expect from 2022’s iPhone lineup.

Drawing from supply line sources, the note says the materials change is coming in 2022 and that Foxconn will be Apple’s exclusive supplier for the titanium components. The Pro model phones from that year are likely to use a titanium alloy, which is stronger and more resistant to scratches than the stainless steel used in current iPhone models.

While the analyst report does not specify, it’s very likely that we’re talking about the metallic band around the edge of the iPhone, not the front and the back. The front is expected to still be glass, and given that Apple continues to introduce new MagSafe and wireless charging products and features, we expect the back to remain glass as well.

The report also says the iPhone 14 will see more significant changes than the iPhone 13, suggesting that this year’s new iPhones will be spec bumps with minor new features akin to past iPhone launches with an “-S” appended to the products’ names. Meanwhile, the iPhone 14 in 2022 will bring with it a redesign of sorts and major new features, akin to the iPhone X or iPhone 12.

Additionally, JPMorgan Chase corroborates another recent report that Apple will not produce an iPhone 14 mini. That report, from Nikkei Asia, claimed that Apple will sometime in 2022 introduce a 5G iPhone SE with the latest, fastest CPU and the same look and feel as the current iPhone SE—but that this will be a death knell for the iPhone mini, which was introduced as part of the iPhone 12 lineup in 2020 but which has failed to meet sales expectations.

Currently, Apple offers two options for users of small, one-handed phones. There’s the iPhone SE, which emphasizes low cost by using older technologies like an LCD display and the home button. And there’s the iPhone 12 mini, which places the latest chip, screen, and camera tech Apple has to offer in a smaller chassis at a price close to that of the other flagships.

Based on the insights from Nikkei and JPMorgan Chase, it appears that Apple will soon relegate small phones to the budget bin (or midrange bin, you could really argue), with the most expensive flagships with the latest features staying big.

Continue Reading

Trending