Week in Review for the Week of 1/28/19

Facebook’s Project Atlas pays users for root access to their phones, Apple apologizes for its Group FaceTime bug, and the US files criminal charges against Huawei.

Headlines

• Facebook pays teens to install VPN that spies on them

TechCrunch reported on Facebook's Project Atlas, a program that since 2016 paid users aged 13 to 35 to install a “Facebook Research” VPN app. The app was installed via beta testing services, and gave Facebook root access to almost all phone activity. Users were paid $20 per month, plus referral fees. As a result of the publication, Apple temporarily revoked Facebook's Enterprise Certificate for the App Store, which allowed it to distribute beta apps and internal testing versions. Revoking the security certificates not only disabled Facebook Research, but reportedly broke all internal testing iOS apps and tools used by the organizations. As of Thursday night, Apple confirmed that Facebook's certificate was restored, and Facebook Research is no longer being distributed, although, as of this recording, it is still available on the Google Play Store. Google also had their Enterprise Certificate temporarily revoked by Apple for distributing a testing app called Screenwise Meter outside of Apple's App Store. Google's certificate was also restored on Thursday.

• U.S. Charges Huawei With Stealing Trade Secrets, Bank Fraud

U.S. prosecutors have filed criminal charges against Huawei, alleging it stole trade secrets from T-Mobile and committed bank fraud by violating sanctions against doing business with Iran. The 13-count indictment filed in New York claims both Huawei, two affiliated companies and Chief Financial Officer Meng Wanzhou engaged in bank and wire fraud, and conspiracy in connection with business in Iran. Additional charges filed in Washington State accuse the company of stealing trade secrets from T-Mobile and offering bonuses to employees who also did so. In a statement, Huawei said “The company denies that it or its subsidiary or affiliates have committed any of the asserted violations of U.S. law set forth in each of the indictments, is not aware of any wrongdoing by Ms. Meng, and believes the U.S. courts will ultimately reach the same conclusion."

• Hackers Are Passing Around a Megaleak of 2.2 Billion Records

A large conglomerate of breached databases have resulted in a collection of 2.2 billion unique usernames and associated passwords, which are being distributed on hacker forums and torrents. Earlier this month, security researcher Troy Hunt identified Collection #1 by an anonymous creator. Hunt said it represented 773 million unique usernames and passwords. More researchers have since obtained and analyzed an additional database called Collections #2–5, totaling 845 gigabytes of stolen data and 25 billion records. Analysts at the Hasso Plattner Institute in Potsdam, Germany now say the total breach represents close to three times the original Collection #1 batch. Most of the stolen data appears to come from previous breaches of Yahoo, LinkedIn, and Dropbox.

• Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Apple took Group FaceTime offline after a bug was discovered that lets users call anyone with FaceTime and then hear the audio from the recipient's phone — before the recipient has accepted or even rejected the incoming call, and 9to5Mac replicated the problem with an iPhone calling a Mac. On Friday, Apple issued an apology and stated the server side security bug has been fixed. It will issue software updates next week to re-enable the feature for users.

• Apple Plans Gaming Subscription Service: Sources

Alex Heath with Cheddar reports that according to sources, Apple is in the early stages of planning a subscription game service, offering unlimited access to a bundle of games for the subscription fee. Apple reportedly began private discussions with game developers on the service in the second half of 2018. The report also stated that Apple has had talks with developers about directly publishing titles, assuming distribution, marketing, and other related costs. Pricing and the types of games the service might include are unknown.

• Japanese government plans to hack into citizens' IoT devices

The Japanese government approved a law amendment that would allow employees of the National Institute of Information and Communications Technology to survey Internet of Things devices in the country. Under the supervision of the Ministry of Internal Affairs and Communications, NICT employees will be able to use default passwords and password dictionaries to attempt to log into IoT devices. The Institute will then compile a list of insecure devices to pass on to authorities and ISPs. The survey kicks off this month and aims to look at over 200 million devices on both consumer and business networks. The hope is to secure these devices ahead of the 2020 summer Olympic games in Tokyo.

• China’s smartphone market falls 14% in 2018, with just under 400 million units shipped

The analyst firm Canalyst published a report showing smartphone shipments in China fell 14% in 2018, reaching their lowest level since 2013, for a total of 396 million units. This marks the second straight year of decline, after a 4% drop in 2017. Huawei and Vivo bucked the trends and grew shipments by 16 and 19%, respectively. Apple saw the largest decline among the top five, down 13% on the year and maintaining the number 5 spot in the country. This was echoed by a report from IDC that showed global smartphone shipments of 375.4 million in Q4, down 4.9% on the year and the fifth consecutive quarter of decline. For all of 2018, shipments were down 4.1 percent with a total of 1.4 billion units shipped.

• Metro Exodus is skipping Steam for the Epic Games Store, and passing the savings on to you

The PC version of the highly anticipated first-person shooter Metro Exodus is bypassing Steam and releasing exclusively on the Epic Games Store. The release on Epic will also see a price drop $10 to $49.99 although this is for US buyers only. The CEO of Deep Silver, the game’s publisher, said the move reflects that “Epic’s generous revenue terms are a game changer that will allow publishers to invest more into content creation, or pass on savings to the players.”

• Ultraviolet Cloud Movie Locker to Shut Down (EXCLUSIVE)

Ultraviolet is shutting down. More specifically The Digital Entertainment Content Ecosystem (DECE), which is the industry consortium behind Ultraviolet, will shut down the service on July 31. The DECE is advising users to not delete their Ultraviolet movie libraries, asking them instead to ensure their libraries are connected to the service of at least one retailer, which they can then use to access their movies and TV shows going forward.

Links

• This episode on dailytechnewsshow.com
• Support DTNS on Patreon
• DTNS subreddit

Preceded by: "Alphabet's Loon Partners with Telesat"

Week in Review for the Week of 1/28/19

Followed by: "Slack Files to Go Public"