Think your iPhone is hard to hack? By the size of rewards for remote iPhone hacks, it would appear to be. But Google’s crack squad of hackers at Project Zero recently showed that with skill and determination, iPhones can be hacked just by receiving an SMS message.
Thanks to Google Project Zero, who were behind a fistful of patches in Apple’s recent iOS update, iOS devices are more secure than they were a few months ago.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
But the team that found all those iOS bugs has now called on Apple to make iMessage less prone to remote attacks by reducing the ‘attack surface’ of its software, or in tech slang, cutting the ‘cruft’ from iMessage, so that attackers have fewer vulnerable parts to exploit.
“The majority of vulnerabilities occurred in iMessage due to its broad and difficult to enumerate attack surface. Most of this attack surface is not part of normal use, and does not have any benefit to users,” Google Project Zero researcher Natalie Silvanovich wrote in a blogpost.
Silvanovich presented her and her colleagues’ findings at BlackHat on Wednesday, detailing 10 iOS bugs they found, including five of the six that were patched in iOS 12.4. One of them, CVE-2019-8641, still remains under wraps because Apple’s fix “did not fully remediate the issue”.
The fixes Apple released in response to Google Project Zero’s findings are notable because they are ‘interactionless’ or ‘zero click’, meaning the flaws don’t require a single click by the end user to exploit.
There have been a few stories about zero-click exploits for iOS, but not much evidence they exist. For example, a 2017 report by Reuters exposed a group of ex-NSA hackers working in the Middle East who were reportedly using an iPhone hacking tool called Karma.
The tool was said to partly rely on a zero-day flaw in Apple’s messaging app, iMessage. However, the users didn’t understand how the vulnerability worked. Karma reportedly allowed the hackers to open a line to an iPhone even if the user didn’t use iMessage.
And when it comes to messaging apps, exploit broker Zerodium – which offers $2m for zero-click iPhone exploits – has also claimed that iMessage is the least secure from a zero-day exploit perspective compared with Signal, WhatsApp, and even Telegram.
But again, there was no evidence, which was the motivation for Google Project Zero’s research into zero-click attacks on iOS.
Several of the bugs affected Apple’s iMessage messaging system. In some cases, just receiving an SMS or MMS message iMessage would be enough to do the trick for an attacker, putting this set of bugs on a similar severity scale to Google’s Android Stagefright bugs in 2015.
Stagefright bugs could lead to a complete compromise just by an Android device receiving an SMS or MMS message and it affected 95% of Android handsets.
Project Zero researchers focused on SMS, MMS, and newer fancy features of iMessage like Digital Touch, which arrived in iOS 10 and let iPhone users send drawings and animations to one another to keep up with WhatsApp and Facebook Messenger. One of the flaws Silvanovich found was due to an issue in Digital Touch.
SEE: 10 tips for new cybersecurity pros (free PDF)
As she notes, SMS in iOS was a “good starting point” for their research because of Apple’s design choices.
“Unlike Android, SMS messages are processed in native code by the iPhone, which increases the likelihood of memory corruption vulnerabilities,” she explained.
Silvanovich suggests that Apple could help improve iPhone security by cutting out unnecessary avenues for remote attackers to use.
“Overall, the number and severity of the remote vulnerabilities we found was substantial. Reducing the remote attack surface of the iPhone would likely improve its security,” she wrote.
Apple’s head of security engineering and architecture, Ivan Krstić, is scheduled to deliver a presentation today at Black Hat about iOS and Mac security.
5 tips for brands that want to succeed in the new era of influencer marketing – TechCrunch
If I told you a decade ago that a spin bike would be a social community, you’d have had a good laugh. But that’s precisely what Peloton is: A spin bike with a social community where the instructors are the influencers.
Peloton is just one example of how social is being integrated into every aspect of the customer experience in an increasingly digital world. Whether it’s considering a new restaurant to check out, a movie to see or a product to buy, most people look at reviews before making a final decision. They want social proof as an indicator of quality and relevance.
Influencers are a natural byproduct of this desire for social validation, and as social permeates the customer journey, creators have become an essential source of validation and trust.
Influencers are a natural byproduct of this desire for social validation, and as social permeates the customer journey, creators have become an essential source of validation and trust. Indeed, social validation is what social platforms are built on, so it’s a significant component of how we derive relevance online — and the deeper integration of social is changing the dynamic between brands and digital creators.
The shifting economy of creator monetization
Brand sponsorships are the holy grail for creators hoping to monetize their online influence. According to an eMarketer report, brand partnerships are still the No. 1 source of revenue for most digital creators.
However, digital creators have a lot more monetization options to choose from, thanks to Patreon, affiliate platforms, paid content platforms and platform revenue sharing, making it easier to earn a living without relying so heavily on brand sponsorships.
Have you worked with a talented individual or agency who helped you find and keep more users?
Respond to our survey and help us find the best startup growth marketers!
As a result, creators are diversifying their revenue streams, which, for some creators, allows them to be more selective about the brands they work with. What’s more, creators aren’t reliant on just one channel or one form of revenue.
YouTube creators probably have the most diversified revenue, often combining brand sponsorships, subscription models, affiliate deals, tipping/donations, their line of branded products and revenue share. However, it’s important to note that not all monetization options apply to every creator. But with so many options to choose from, making a living as a digital creator is more accessible than ever.
Here are a few of the ways online creators can monetize their content:
Ad revenue sharing: Advertising is the most traditional form of revenue for online creators. With this model, ads are injected into and around the creator’s content, and they make a certain percentage of revenue based on impressions. However, the revenue split can vary based on the platform, and some platforms have a specific threshold creators must hit before they can participate in ad revenue sharing.
Affiliate marketing: Similar to advertising or a brand sponsorship, affiliate marketing is an agreement for a share of revenue based on products sold. This kind of arrangement generally works best when the creator has a blog, website or YouTube account. Affiliate links allow the influencer to proactively choose the products they want to talk about and earn from, rather than having to wait for a brand deal to come their way.
Instagram’s TikTok rival, Reels, rolls out ads worldwide – TechCrunch
Instagram Reels are getting ads. The company announced today it’s launching ads in its short-form video platform and TikTok rival, Reels, to businesses and advertisers worldwide. The ads will be up to 30 seconds in length, like Reels themselves, and vertical in format, similar to ads found in Instagram Stories. Also like Reels, the new ads will loop, and people will be able to like, comment, and save them, the same as other Reels videos.
The company had previously tested Reels ads in select markets earlier this year, including India, Brazil, Germany, and Australia, then expanded those tests to Canada, France, the U.K. and the U.S. more recently. Early adopters of the new format have included brands like BMW, Nestlé (Nespresso), Louis Vuitton, Netflix, Uber, and others.
Instagram tells us the ads will appear in most places users view Reels content, including on the Reels tab, Reels in Stories, Reels in Explore, and Reels in your Instagram Feed, and will appear in between individual Reels posted by users. However, in order to be served a Reels ad, the user first needs to be in the immersive, full-screen Reels viewer.
The company couldn’t say how often a user might see a Reels ad, noting that the number of ads a viewer may encounter will vary based on how they use Instagram. But the company is monitoring user sentiment around ads themselves, and the overall commercially of Reels, it says.
Like Instagram’s other advertising products, Reels ads will launch with an auction-based model. But so far, Instagram is declining to share any sort of performance metrics around how those ads are doing, based on tests. Nor is it yet offering advertisers any creator tools or templates that could help them get started with Reels ads. Instead, Instagram likey assumes advertisers already have creative assets on hand or know how to make them, because of Reels ads’ similarities to other vertical video ads found elsewhere, including on Instagram’s competitors.
While vertical video has already shown the potential for driving consumers to e-commerce shopping sites, Instagram hasn’t yet taken advantage of Reels ads to drive users to its built-in Instagram Shops, though that seems like a natural next step as it attempts to tie the different parts of its app together.
But perhaps ahead of that step, Instagram needs to make Reels a more compelling destination — something other TikTok rivals, which now include both Snap and YouTube — have done by funding creator content directly. Instagram, meanwhile, had made offers to select TikTok stars directly.
The launch of Instagram Reels ads follows news of TikTok’s climbing ad prices. Bloomberg reported this month that TikTok is now asking for more than $1.4 million for a home page takeover ad in the U.S., as of the third quarter, which will jump to $1.8 million by Q4 and more than $2 million on a holiday. Though the company is still building its ads team and advertisers haven’t yet allocated large portions of their video budget to the app, that tends to follow user growth — and TikTok now has over 100 million monthly active users in the U.S.
Both apps, Instagram and TikTok, now have over a billion monthly active users on a global basis, though Reels is only a part of the larger Instagram platform. For comparison, Instagram Stories is used by some 500 million users, which demonstrates Instagram’s ability to drive traffic to different areas of its app. Instagram declined to share how many users Reels has as of today.
Twine raises $3.3M to add networking features to virtual events – TechCrunch
Twine, a video chat startup that launched amid the pandemic as a sort of “Zoom for meeting new people,” shifted its focus to online events and, as a result, has now closed on $3.3 million in seed funding. To date, twine’s events customers have included names like Microsoft, Amazon, Forrester, and others, and the service is on track to do $1 million in bookings in 2021, the company says.
The new round was led by Moment Ventures, and included participation from Coelius Capital, AltaIR Capital, Mentors Fund, Rosecliff Ventures, AltaClub, and Bloom Venture Partners. Clint Chao, founding Partner at Moment, will join twine’s board of directors with the round’s close.
The shift into the online events space makes sense, given twine’s co-founders — Lawrence Coburn, Diana Rau, and Taylor McLoughlin — hail from DoubleDutch, the mobile events technology provider acquired by Cvent in 2019.
Coburn, previously CEO of DoubleDutch, had been under a non-compete with its acquirer until December 2020, which is one reason why he didn’t first attempt a return to the events space.
The team’s original idea was to help people who were missing out on social connections under Covid lockdowns find a way to meet others and chat online. This early version of twine saw some small amount of traction, as 10% of its users were even willing to pay. But many more were nervous about being connected to random online strangers, twine found.
So the company shifted its focus to the familiar events space, with a specific focus on online events which grew in popularity due to the pandemic. While setting up live streams, text chats and Q&A has been possible, what’s been missing from many online events was the casual and unexpected networking that used to happen in-person.
“The hardest thing to bring to virtual events was the networking and the serendipity — like the conversations that used to happen in an elevator, in the bar, the lobby — these kinds of things,” explains Coburn. “So we began testing a group space version of twine — bringing twine to existing communities as opposed to trying to build our own, new community. And that showed a lot more legs,” he says.
By January 2021, the new events-focused version of twine was up-and-running, offering a set of professional networking tools for event owners. Unlike one-to-many or few-to-many video broadcasts, twine connects a small number of people for more intimate conversations.
“We did a lot of research with our customers and users, and beyond five [people in a chat], it turns into a webinar,” notes Coburn, of the limitations on twine’s video chat. In twine, a small handful of people are dropped into a video chat experience– and now, they’re not random online strangers. They’re fellow event attendees. That generally keeps user behavior professional and the conversations productive.
Event owners can use the product for free on twine’s website for small events with up to 30 users, but to scale up any further requires a license. Twine charges on a per attendee basis, where customers buy packs of attendees on a software-as-a-service model.
The company’s customers can then embed twine directly in their own website or add a link that pops open the twine website in a separate browser tab.
Coburn says twine has found a sweet spot with big corporate event programs. The company has around 25 customers, but some of those have already used twine for 10 or 15 events after first testing out the product for something smaller.
“We’re working with five or six of the biggest companies in the world right now,” noted Coburn.
Because the matches are digital, twine can offer other tools like digital “business card” exchanges and analytics and reports for the event hosts and attendees alike.
Despite the cautious return to normal in the U.S., which may see in-person events return in the year ahead, twine believes there’s still a future in online events. Due to the pandemic’s lasting impacts, organizations are likely to adopt a hybrid approach to their events going forward.
“I don’t think there’s ever been an industry that has gone through a 15 months like the events industry just went through,” Coburn says. “These companies went to zero, their revenue went to zero and some of them were coming from hundreds of millions of dollars. So what happened was a digital transformation like the world has never seen,” he adds.
Now, there are tens of thousands of event planners who have gotten really good at tech and online events. And they saw the potential in online, which would sometimes deliver 4x or 5x the attendance of virtual, Coburn points out.
“This is why you see LinkedIn drop $50 million on Hopin,” he says, referring to the recent fundraise for the virtual conference technology business. (The deal was reportedly for less than $50 million). “This is why you see the rounds of funding that are going into Hoppin and Bizzabo and Hubilo and all the others. This is the taxi market, pre-Uber.”
Of course, virtual events may end up less concerned with social features when they can offer an in-person experience. And those who want to host online events may be looking for a broader solution than Zoom + twine, for example.
But twine has ideas about what it wants to do next, including asynchronous matchmaking, which could end up being more valuable as it could lead to better matches since it wouldn’t be limited to only who’s online now.
With the funding, twine is hiring in sales and customer success, working on accessibility improvements, and expanding its platform. To date, twine has raised $4.7 million.
Peter Jackson’s 6-hour Beatles documentary confirmed for Disney+ this November
The Beatles: Get Back is now a Disney+ exclusive. And hoo boy, it’s six hours long. The Walt Disney Company...
5 tips for brands that want to succeed in the new era of influencer marketing – TechCrunch
Eric Dahan is co-founder and CEO of Open Influence, one of the first agencies to embrace influencer marketing. If I...
Lordstown Motors woes worsen with binding order update
Lordstown Motors has dropped itself in a new set of electric truck troubles, admitting that despite what previous announcements may...
Bethesda VP offers apology for Starfield’s absence on PS5
Bethesda Senior Vice President of Marketing and Communications Pete Hines talks to GameSpot about Starfield. This week, Microsoft and Bethesda...
Apple Back to School 2021 promo adds free AirPods to select iPad and Mac
Apple has launched its new Back to School deals, and if you’ve been considering a new iPad or Mac for...
Social1 year ago
CrashPlan for Small Business Review
Gadgets3 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile3 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social3 years ago
iPhone XS priciest yet in South Korea
Cars3 years ago
What’s the best cloud storage for you?
Security3 years ago
Google latest cloud to be Australian government certified
Cars3 years ago
SK Telecom and Samsung to collaborate on 5G for enterprise
Social3 years ago
Apple’s new iPad Pro aims to keep enterprise momentum