Amazon, Super Micro Executives Join Apple’s Call To Retract Bloomberg Spy Chip Story

amazon and super micro executives join Apple in pulling back on bloomberg spy chip reports

In rare form, Cook in an interview last week slammed Bloomberg for an investigation claiming some 30 companies, including Apple and Amazon, were victims of a complex hardware hack involving spy chips embedded onto network architecture supplied by Super Micro.

“There is no truth in their story about Apple,” Cook said in an interview with BuzzFeed News last week. “They need to do that right thing and retract it.”

Citing information from 17 separate sources, Bloomberg claims Chinese operatives managed to sneak a microchip smaller than a grain of rice onto motherboards that ended up in Apple and Amazon server farms. Allegedly designed by the Chinese military, the chip acted as a “stealth doorway onto any network” and offered “long-term stealth access” to attached computer systems.

Apple immediately refuted details of the report and ultimately issued a strongly worded statement denying the allegations. The company said a wide-reaching investigation into Bloomberg’s claims revealed no evidence of the described hardware tampering.

Cook said much the same last week.

“I was involved in our response to this story from the beginning. I personally talked to the Bloomberg reporters along with Bruce Sewell who was then our general counsel,” Cook said. “We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed and each time we investigated we found nothing.”

Following Cook’s lead, Amazon Web Services CEO Andy Jassy tweeted a brief statement on the matter.

“[Cook] is right. Bloomberg story is wrong about Amazon, too,” he said. “They offered no proof, story kept changing, and showed no interest in our answers unless we could validate their theories. Reporters got played or took liberties. Bloomberg should retract.”

Super Micro CEO Charles Liang, whose motherboards are at the center of the kerfuffle, echoed that sentiment in a statement to CNBC’s Steve Kopack.

“Bloomberg’s recent story has created unwarranted confusion and concern for our customers, and has caused our customers, and us, harm,” Liang said. “Bloomberg should act responsibly and retract its unsupported allegations that malicious hardware components were implanted on our motherboards during the manufacturing process.”

Liang notes the story suggests a large number of motherboards were affected by the breach, though Bloomberg failed to produce hard evidence of the hack. Indeed, security researcher Joe Fitzpatrick, one of the article’s lone named sources, said the publication was unable to provide a single photograph of the chip in question.

Super Micro on Monday said it will continue to investigate the allegations by conducting a “complicated and time-consuming review” of its supply chain.

For its part, Bloomberg stands by its reporting. In a statement to AppleInsider earlier this month the publication said its “reporters and editors

thoroughly vet every story before publication, and this was no exception.”

 

 

Jony Lve Discusses His Team’s Move To Apple Park, Remains Tight-Lipped About Prospects Of Apple Car

 jony lve talks about his team’s move to apple park and remains tight-lipped about prospects of apple car

Questioned on why Apple’s design team was among the last to move into the company’s new Apple Park headquarters, Ive said that was the plan all along, adding that relocating some 9,000 people takes time:

It wasn’t late, it was always scheduled to be then. When you’re moving 9,000 people, you don’t do it in one day. We’re one of the last groups. It’s a loaded and significant event because it meant leaving a studio that has decades of history, where we designed and built first prototypes. This is the studio I went back to on the day that Steve died. And it’s the place where we figured out the iPhone and the iPod.

Ive said his team’s move to Apple Park has allowed for increased collaboration among different areas of creative expertise:

Moving to Apple Park represents the coming together, at last, of these different areas of creative expertise that are incredibly diverse. I’m fairly confident that this has never happened before, to have industrial designers next to font designers, next to prototypers, next to haptic experts. The best haptic experts in the world are sat next to a bunch of guys who have PhDs in material science.

On the prospects of an Apple Car, Ive remained tight lipped. In general, he said it’s important to work on the associated issues and challenges with any new product, rather than talk about it and risk having the ideas and technologies copied:

We explore so many different thoughts and so many different technologies for products or services. Some companies use the fact that they are exploring lots of different ideas as a PR tool — we don’t. If you are genuinely working on something, it’s better to be working on it and struggling with the associated issues and challenges, rather than talking about it. Our capital, our equity, is our ideas and the technologies that we’re developing. It’s important that as long as possible that remains ours, to try and postpone that point when they will then be copied — which is what history suggests.

When asked if the Apple Watch is best described as a watch, Ive instead referred to it as a “very powerful computer”:

No, I think that this is a very powerful computer, with a range of very sophisticated sensors, that is strapped to my wrist. That’s neither very descriptive nor very helpful. You and I share the same perspective and we had this same challenge with the product that we called the iPhone. Clearly the capability of the iPhone extends way beyond the function of what we would traditionally call a phone.

Ive went on to say that Apple believes it has a responsibility to understand and mitigate the implications and consequences, both positive and negative, of the products it creates — i.e. Screen Time in iOS 12. “It keeps me awake,” he said:

If you genuinely have a concern for humanity, you will be preoccupied with trying to understand the implications, the consequences of creating something that hasn’t existed before. I think it’s part of the culture at Apple to believe that there is a responsibility that doesn’t end when you ship a product… It keeps me awake.

Apple’s Online Store Down Ahead Of iPhone XR Pre-Orders

apple's online store drops ahead of iphone xr preorders

In other countries, pre-order times will vary based on local time zone. Pre-orders will kick off at 6:01 p.m. in Sydney, for example, 3:01 p.m. in China, and 8:01 a.m. in the UK. For full details on when pre-orders go live in your country, make sure to check out our post that lists all pre-order times by country.

Apple will accept pre-orders through the Apple website and the Apple Store app. T-Mobile, AT&T, Sprint, and Verizon will all be accepting pre-orders for the iPhone XR in the United States, as will major retailers like Best Buy.

Pre-orders for the iPhone XR will be available from Apple at 12:01 a.m. Pacific Time in the following first wave launch countries:

Albania, Andorra, Australia, Austria, Bahrain, Belgium, Bosnia, Bulgaria, Canada, China, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Greenland, Guernsey, Herzegovina, Hong Kong, Hungary, Iceland, India, Ireland, Isle of Man, Italy, Japan, Jersey, Kosovo, Kuwait, Latvia, Liechtenstein, Lithuania, Luxembourg, Macedonia, Malta, Malaysia, Mexico, Monaco, Montenegro, Netherlands, New Zealand, Norway, Oman, Poland, Portugal, Puerto Rico, Qatar, Romania, Russia, Saudi Arabia, Singapore, Serbia, Slovakia, Slovenia, South Africa, Spain, Sweden, Switzerland, Taiwan, Thailand, the UAE, UK, US and US Virgin Islands.

iPhone XR will expand to Israel on November 1 and Armenia, Bhutan, Brunei, Cambodia, Georgia, Kazakhstan, South Korea, Macau, Maldives, Myanmar, Ukraine, and Vietnam on November 2, according to pre-order details shared by Apple.

Apple did not launch the iPhone XR at the same time as the iPhone XS and XS Max because of issues that delayed production, so it is not clear if Apple will have adequate supply to meet demand. Customers hoping to get one of the new devices on launch day should order as early as possible just in case.

The iPhone XR is priced starting at $749, and it is available in 64, 128, and 256GB capacities in six colors: white, black, blue, coral, yellow, and (PRODUCT)RED.

Compared to the iPhone XS and XS Max, the iPhone XR has an LCD display instead of an OLED display, a single-lens camera rather than a dual lens camera, Haptic Touch instead of 3D Touch, and LTE Advanced instead of Gigabit LTE. On the plus side, the iPhone XR offers even longer battery life than the iPhone XS Max.

For more detail on the iPhone XR, make sure to check out our iPhone XR roundup to read up on the new device’s feature set ahead of when pre-orders begin.

The first pre-orders placed for the new iPhone XR models will arrive on Friday, October 26, the iPhone XR’s official launch date.

Graphic 7 Minute Audio Of Jamal Khashoggi’s Murder Again Linked To Journalist’s Apple Watch

graphic 7 minute audio of jamal khashoggi’s murder again related to journalist’s apple watch

New reports on Wednesday morning keep mentioning the Apple Watch as the source of data for Khashoggi’s reported questioning by a “hit squad” when he visited the embassy to get paperwork. A copy of the audio file was reportedly synced with Khashoggi’s iPhone, which was in the possession of fiancee Hatice Cengiz. Cengiz was waiting outside the consulate during the exchange, assumedly within Bluetooth range of the Apple Watch in question.

The reports still do not specify what app Khashoggi used, how the audio was transferred to his iPhone, or how it made its way to iCloud. Khashoggi has been spotted in previous pictures with the tell-tale red dot signifying a LTE Series 3 Apple Watch on his wrist.

Following the encounter, continuing reports claim that the Saudis responsible gained access to the Apple Watch and deleted certain files on the device. This suggests the so-called “hit squad” confiscated the journalist’s iPhone from Cengiz, something that has gone unconfirmed.

While Saudis were able to wipe certain files from Khashoggi’s device or devices, they were less successful in deleting data from iCloud, the report says.

Even if the Apple Watch recorded the slaughter, as reported on Friday, it isn’t clear from a technological standpoint how this data would be exfiltrated from the embassy, even if Cengiz was in Bluetooth range.

Apple Watch connectivity to the outside world

It shouldn’t surprise anybody embassies are highly secure facilities, that governments take great efforts to protect, and host governments try valiantly to listen in on. Modern connectivity like Bluetooth, LTE, and Wi-Fi have made this dance a bit more complex in the last two decades.

Obviously, RF emissions control is a big concern for embassy security staff, and a big avenue of exploitation by agencies wanting to listen in. To this end, embassies are heavily shielded against radio frequency emissions, both coming in or exiting the facility.

The Apple Watch Series 3 or Series 4 LTE radios do not function in Turkey, at all. So, that eliminates the longest-range way that data could have been handed off to iCloud. Bluetooth is very low energy, and has nearly no penetrative power to overcome intentional RF shielding.

And, if Khashoggi was allowed to connect to the consulate Wi-Fi, that would be one of the largest breaches of embassy RF and data security ever recorded. This seems especially improbable.

As a result, The likelihood of the data getting passed off to the iPhone is also profoundly small.

Given the “leaks” of the audio that have happened over the last 24 hours and were previously teased, odds are the reports that the audio came from the Apple Watch is either a disinformation campaign of some sort, or the government of Turkey is using the report to cover up a surveillance effort inside the embassy that has gone heretofore undiscovered.

AppleInsider’s reporting, and Google manipulation

At some point on Monday, a domain resembling AppleInsider’s was purchased, and registered in Panama. The “Appleinsider.org” domain mostly redirects to our own, at AppleInsider.com. However, one story where we talked about the rumors surrounding the murder and the Apple Watch does not.

On Tuesday, a rework of editor Mikey Campbell’s story regarding the matter emerged on the bogus domain, which alleged that Apple CEO Tim Cook had spoken to us, and for some reason used broken English to comment on the matter.

For the astute, like most AppleInsider readers, the language used by the perpetrators or the domain difference would have been a dead giveaway. For the less aware, as evidenced by our social media feeds, the faked quotes by Apple’s CEO could be taken as authentic.

Cook has not spoken about the Apple Watch as it relates to the killing at all. Nor, has he spoken to AppleInsider about it.

There is no reason that the assailants would want to impugn AppleInsider. The more likely explanation is that parties unknown wanted to manipulate Google search results, and take partial advantage of our own Google rankings to do so.

Apple May Not Have Bought Music Analytics Firm Asaii, Might Be ‘Acquihire’

music analytics firm asaii may not have been bought by apple

On Sunday, it was reported Apple had paid less than $100 million for Asaii, with the three co-founders already working for Apple on Apple Music. A second report supposedly confirmed the initial acquisition murmurs, with a shareholder acting as the source.

According to TechCrunch, the deal wasn’t a purchase of the entire startup, but what is known as an acquihire, typically where a company is bought out by another for the expertise of its employees, not its products or services.

The discovery was apparently due to Apple’s customary way of either confirming an acquisition outright or issuing standard boilerplate, advising it buys smaller technology companies regularly and doesn’t typically discuss purpose or plans for its assets and staff. In this case, Apple declined to confirm the deal to the report and did not allow the use of the standard statement, leading to the conclusion that Apple did not buy the startup’s assets.

Co-founders Sony Theakanath, Austin Chen, and Chris Zhang are all confirmed to be working for Apple since October, though it is unknown exactly what they will be working on. It is highly likely the knowledge of the trio will be put towards analyzing music, bolstering recommendations and looking at new and up-coming artists.

Two of the three had previous experience working for Apple. Theakanath was a software engineer on the company’s Special Projects Team from May 2015 to August 2016, working on Core OD and iAd, while Chen was a global operations manager for four months in 2016.

While the Asaii website is still active at the time of writing, the company announced it was shutting down on October 14 via Twitter, with no explanation as to why it was winding down operations.

It is unclear what will happen to the company’s assets, if they were not part of the Apple deal.

Launched in 2016, Asaii performed analysis on play counts and other data from Apple Music, Facebook, Instagram, SoundCloud, Spotify, and Twitter, with the machine learning systems determining new and popular tracks. Each song was assigned an “Asaii” score based on real-time data, with hot new artists able to gain the attention of A&R executives.

Data was supplied to industry insiders via an analytics dashboard, complete with a newsfeed that contextualized social media reach, and a tracking module for artist management. The Asaii Recommend API was able to be used by streaming services as a data point in creating algorithmically-generated playlists for users.

 

 

Hands On With AirPlay 2 On the Libratone Zipp and Zipp Mini

 take a look at the airplay 2 on the libratone zipp and zipp mini

What sets the Libratone Zipp and Zipp Mini apart from other speakers is their versatility. They work with AirPlay 2 and Bluetooth in a variety of different scenarios. You can be at home, use them on Wi-Fi while plugged in, and also be used while on the go using Bluetooth and the built-in battery. So far, these are also the only battery-powered, portable AirPlay 2 speakers.

AirPlay 2

AirPlay 2 is Apple’s first major update to AirPlay since it replaced AirTunes. It has a much-increased buffer for improved stability, and most importantly, the ability to send audio to multiple speakers at once.

There is also decreased lag between the host and client devices in most situations.

AirPlay on the Libratone Zipp and Zipp Mini

We were very impressed with our initial impressions of the Zipp, and they’ve been cemented with the update to AirPlay 2.

As soon as we had the update installed, we noticed improved performance right away. There was a significant decrease in lag as we cast audio from our iPhone to the Zipp. Play/pause was also quicker than previously.

We could easily stream audio to our HomePod, Sonos Soundbar, and Libratone Zipp at the same time, with no issues.

If you go to the Home app, tap “add accessory”, then choose the “have no code” option, you should see the Zipp become available. By adding it to the Home app you can change the name, the room, and gain Siri control.

Like any other third-party AirPlay 2 speaker, there are limitations. It doesn’t get its own card in the AirPlay 2 interface. That feature is limited to Apple’s own devices such as the AirPort Express, Apple TV, and HomePod.

Updating your speaker

Updating your Zipp or Zipp Mini is quite easy. Simply launch the latest version of their accompanying iOS app, and you should see an exclamation point on the top right corner of the device’s card. When you tap the card, an alert will appear informing you of the pending update and the changes. Install the update and you can now playback your tunes via AirPlay 2.

Where to buy

Libratone also announced that the Zipp Mini would soon be available within select Apple Store nationwide in Atlantic Deep starting on October 17th.

Both the Libratone Zipp and Zipp Mini come in your choice of five colors: Cloudy Grey, Deep Lagoon, Graphite Grey, Nordic Black and Victory Red. The Zipp retails for $299 with all five color choices available at Amazon. The smaller Zipp Mini sells for $249 and is also available at Amazon.com.

 

Six 2018 iPad Pro Models Spotted In App Analytics Data

six 2018 ipad pro models were found in the app analytics data

Mobile analytics firm Appsee claims the model identifiers “iPad8,1,” “iPad8,2,” “iPad8,3,” “iPad8,4,” “iPad8,5,” and “iPad8,8” have recently started to appear on its platform. The identifiers first surfaced on Monday, with the identifiers in the latest report joined by two other labels, namely the missing two from the set: “iPad8,6” and “iPad8,7”

Appsee has yet to spot any references to “iPad8,6” or “iPad8,7” in its logs, but it is likely that the models still exist, if not being used in a way that it could be seen by third-party analytics systems.

The logs also suggest there are two different resolutions of iPad Pro display in use, and that they are the same as the existing 10.5-inch and 12.9-inch models. While the logs indicate the potential resolution, it isn’t able to determine the physical dimensions of each device, which rumors suggest could have a similar screen size but with a smaller bezel, resulting in an overall reduction in size, or for the 10.5-inch model to have a bigger 11-inch screen while staying physically similar to its predecessor.

The lower four model identifiers apparently have the resolution of 1,112 by 834 points and the upper two have 1,366 by 1,024 points. As the iPad Pro use a high-resolution @2x modifier, MacRumors reports, the actual resolutions are doubled, resulting in 2,224 by 1,668 and 2,732 by 2,048 respectively.

The figures also suggest the screens will have the same 4:3 aspect ratios as the current models, despite any potential changes in size.

Rumors suggest the 2018 iPad Pro will use Face ID instead of the Home Button, borrowing the concept used in the iPhone XS. Rather than using the notch aesthetic, the tablets are likely to insert the TrueDepth camera system into the bezel.

It is also rumored the new models will be capable of supporting 4K HDR output to external displays and TVs, using an integrated USB-C port. A new Settings panel will apparently enable control over the outputted resolution, brightness, and enabling and disabling HDR. Other rumors have hinted at Apple replacing Lightning with USB-C to support higher bandwidth applications.

There is also the suggestion the Smart Connector will be replaced by a new “Magnetic Connector, repositioned to the rear and close to the base of the device. The new connector could support new accessories beyond the usual keyboard, though what these could be remain unknown.

Apple is expected to announce a new slate of iPad Pro models at a special event later this month. Check out AppleInsider’s analysis of the presumed October event for more details.

 

 

App Store Fraud Allegedly Impacting Major Mobile Payment Firms In China

apple store fraud allegedly affected major mobile payment companies in China,

The Alibaba-owned Alipay and Tencent-owned WeChat Pay have confirmed a number of their customers have been the subject of fraudulent App Store purchases. Alipay has, for the last few days, posted a warning online advising iPhone users of the thefts, and to secure their accounts where possible.

Alibaba’s payments firm claims it has contacted Apple “multiple times” over the fraud, reports the Wall Street Journal, requesting the company to find out how they are taking place. Apple advised it was investigating the issue.

Customers have recently complained they received notifications of purchases in the App Store that they did not authorize, according to reports by the state media-controlled China National Radio. Social media posts from affected customers also note the notifications arrive at unusual times of day, and for some users has led to losses worth hundreds of dollars.

The notice by Alipay advised the affected customers included those who owned iPhones and had connected their accounts to other payment systems. Customers are “exposed to the risk of financial loss,” until Apple deals with the issue, the notice warned, while also advising the losses could be minimized by lowering how much could be transferred in a transaction without requiring a password to be entered.

It is unknown exactly how the Apple IDs are being acquired by the fraudsters, nor how they are performing the App Store purchases. Alipay and WeChat Pay have to be registered to the Apple ID, potentially along with credit cards and other payment details, in order to perform the transactions.

While WeChat Pay didn’t issue a notice to users about the issue, a statement from the company described similar circumstances.

An Apple spokeswoman advised there are instructions on the Apple support website explaining how to protect the Apple ID against fraud, including how to set up two-factor authentication.

WeChat Pay and AliPay are the largest payment services in the country, with approximately 800 million and 700 million users respectively as of the summer. Combined, the two companies handled in the region of $15 trillion in mobile transactions in the country during 2017, with the services used to pay for a vast number of everyday items and bills.

 

NSA Cybersecurity Head Can’t Find Corroboration For iCloud Spy Chip Report

nsa cybersecurity chief could not find corroboration of the icloud spy chip report

Speaking at a U.S. Chamber of Commerce event, NSA Senior Advisor Rob Joyce was put on the spot about the allegations the Chinese government tampered with servers produced by Supermicro, which were allegedly used by Apple, other major tech companies, and various government organizations. Joyce’s comments suggest he disbelieves the entirety of the report, through checking via his own sources.

In response to Wall Street Journal reporter Dustin Volz’s query on the allegations, Joyce advised “What I can’t find are any ties to the claims in the article,” adding “We’re befuddled.” While noting he has considerable access to intelligence, he has yet to find any corroboration on either the initial story’s allegations, nor with a second connected story pertaining to a major telecommunications provider in the U.S.

The lack of connected evidence to the events led Joyce to plea to others to bring clarity, asking “If somebody has first-degree knowledge, can hand us a board, and point to somebody in a company that was involved in this as claimed, we want to talk to them.”

Reporting on the same meeting, Politico’s Eric Geller quotes Joyce stating “I have a pretty good understanding about what we’re worried about and what we’re working on from my position. I don’t see it. There’s not there there yet. I have grave concerns about where this has taken us. I worry that we’re chasing shadows right now.”

Joyce then admits he has no confidence that there’s something to the story. “I worry about the distraction that it is causing.”

The comments are not the first to be made by members of the security community connected to a government agency. The UK’s National Cyber Security Centre, part of GCHQ, put out a similar plea for people with “credible intelligence” about the report to make contact, commenting “at this stage we have no reason to doubt the detailed assessments made by AWS (Amazon Web Services) and Apple.”

Both companies issued strong denials to the story shortly after its publication, with Apple characterizing it as “wrong and misinformed.” Apple has also performed a “massive, granular, and siloed investigation” into the claims, but did not discover any evidence of hardware tampering, nor any unrelated incidents that could have contributed to the report’s claims.

The Department of Homeland Security also issued a statement on Saturday, again siding with Apple and Amazon, but without delving into detail as to why it doesn’t believe the Bloomberg report.

One of the few named sources in the original report, security researcher Joe Fitzpatrick, has revealed his own doubts about the report, including dealings with one of its authors. Fitzpatrick advised he had previously spoken to the reporter about proof-of-concept devices demonstrated at Black Hat 2016, but found it strange that the ideas he mentioned were confirmed by other sources of the publication.

A number of U.S. officials contacted by one report advised they were uncertain about its accuracy, with one official changing their mind from their initial assertion the “thrust of the article” was true.

Two U.S. senators have written to Supermicro demanding answers over the reports, issuing questions for response by October 17. The questions, asked by Senators Marco Rubio and Richard Blumenthal, query when Supermicro became aware of the malicious hardware reports, if it had investigated the supply chain, and if the Chinese government ever requested access to confidential security information, among other areas.

 

 

Apple Seeds Third Beta Of iOS 12.1 to Developers

 apple releases third beta of ios 12.1 to developers

Registered developers can download the new iOS 12.1 beta from Apple’s Developer Center or over-the-air once the proper configuration profile has been installed from the Developer Center.

iOS 12.1 includes several new features that Apple promised would come to the new iPhone XS and XS Max devices. The beta introduces support for the eSIM, which is a digital SIM that lets you activate a cellular plan from a carrier without the need to use a physical SIM card.

Carriers will need to implement support for eSIM, which is likely to happen after iOS 12.1 launches. In the U.S., AT&T, Verizon, and T-Mobile will support eSIM.

The iOS 12.1 update brings a new real-time Depth Control feature, which lets you adjust the depth of field of your Portrait Mode photos before you capture them. Right now, in iOS 12, Depth Control is only available for post-capture editing.

If you tap on the “F” icon at the top of the screen while capturing a photo you use Depth Control to adjust the amount of background blur in an image.

In addition to these iPhone XS and XS Max features, iOS 12.1 reintroduces the Group FaceTime feature that was removed from iOS 12 during the beta testing period. Group FaceTime was present in many early betas but was ultimately removed because Apple needed more time to test it.

Group FaceTime is designed to let iPhone and Mac users conduct video and audio chats with up to 32 participants at one time, with new camera effects features included.

The update adds more than 70 new emoji to iPhones and iPads, with options that include red hair, gray hair, curly hair, cold face, party face, face with hearts, mango, kangaroo, peacock, lobster, cupcake, and tons more.

As for bug fixes, iOS 12.1 addresses a charging problem that could cause iPhone and iPad models running iOS 12 to fail to charge when connected to a Lightning cable while the screen is off and it fixes a bug that caused iPhone XS and XS Max models to prefer 2.4GHz WiFi networks to 5GHz networks, resulting in perceived slower WiFi speeds. Both of these bugs have also been addressed in the iOS 12.0.1 update, released yesterday.

If any additional new features are found in the third iOS 12.1 beta, we’ll update this post with details.