Home Tags IPhone 6s

Tag: iPhone 6s

Apple aims to make all its gadgets from recycled material, but...

"Closed loop supply chain" aims to reduce waste and cut down on mining.

29% off Zendure A8 26,800mAh Portable Battery Bank with LED Display...

One of the world's highest capacity portable chargers.

Charge Zendure while charging your devices at full speed with a single wall charger, a feature rarely seen in other power banks.

The QC port outputs 5-6V/3.0A,6-9V/2.0A,9-12V/1.5A (18W Max) when...

Apple’s new iPad lineup slashes prices, the iPad Air, and iPad...

While we’re still waiting for a fresh iPad with barely there bezels to make an appearance, Apple has returned to its roots with a new 9.7-inch model simply called iPad.

And if you had previously balked at buying an iPad Air 2 because the price was too high, you might want to take notice.Apple hasn’t technically added a new model to the iPad lineup, but it has bolstered the low end.

Gone is the aging iPad Air 2 (as well as the whole Air branding), and in its place is a new model that looks exactly the same, with a 9.7-inch retina screen, Touch ID, 32GB or 128GB of storage, and the same color choices (silver, gold, and space gray). On the inside you’ll get an A9 chip—the same one that’s in the iPhone 6s—and the usual 10-hour battery.

That’s a relatively small upgrade over the 8X chip that was in the iPad Air 2, but the difference here isn’t in performance, it’s in price.To read this article in full or to leave a comment, please click here

Apple says iOS 10.2.1 mostly fixes unexpected shutdowns in the iPhone...

Software fixes follow a recall program announced late last year.

Liveblog: Apple’s Q1 2017 earnings call

Company is expected to return to year-over-year growth after being down in 2016.

The 100 Best iPhone Apps of 2017

Whether you received a new iPhone for the holidays or you just want to breathe new life into an older one, these are the apps you need. The returns are in, and we're declaring our slate of winning iPhone apps. There were no votes cast, however, nor...

Mobile Pwn2Own Hackers Win for Android, iPhone Exploits

At the 2016 mobile Pwn2Own event, held on Oct. 26 in Tokyo, security researchers were able to exploit devices that vendors had fully patched.
In total, Trend Micro's Zero Day Initiative (ZDI) awarded $215,000 to researchers for security flaws in an And...

This is not a drill: Hackers pop stock Nexus 6P in...

Keen hackers at Mobile Pwn2Own The Nexus 6P appears to have been hacked with attackers at the Mobile Pwn2Own contest installing malware without user interaction in less than five minutes. The hack by China's Keen Team happened minutes ago at the Tokyo event and does not require users to do anything. It is as of the time of writing yet to be confirmed but contest organisers tell El Reg they are confident of its legitimacy. Mobile Pwn2Own at the PacSec security conference in Japan pits hackers against the latest phones for a share of US$375,000 (£308,000, A$487,000) handed out by Trend Micro's Zero Day Initiative. The Nexus 6P, Apple iPhone 6S, and Samsung Galaxy S7 will be targeted by hackers who have over previous months developed tailored and often highly-sophisticated chained exploits against the device. Hackers of noted exploit crew Keen Team stand to win US$100,000 (£82,000, A$130,000) in prizes should the 6P hack be confirmed. MWR Labs hackers Robert Miller and Georgi Geshev will within hours also target the Nexus 6P in a bid to install a malicious application, and will score the US$100,000 prize even if Keen's exploit is confirmed. Keen will also target the iPhone 6S attempting to install another rogue application on the stock and updated device for a prize of US$125,000 (£103,000, A$162,000) The team will then return in a bid to rip photos from a locked iPhone 6S.
If successful the crew will bag US$50,000 (£41,000, A$65,000). Each team under the contest rules has five minutes, over three attempts for a total of 20 minutes to pop devices. Keen hacked the Nexus 6P on its first attempt and used the remaining slots to add flair and style to the exploits in a bid to claim the Master of Pwn award worth US$25,000 (£21,000, A$32,000). Hacks can require users to browse to malicious content within the default browser or by viewing or receiving a malicious MMS/SMS messages. More to come. ®

True man-in-the-middle: Transmitting logins through the human body

Apparently your flesh is the equivalent of a 1950s modem Computer science researchers at the University of Washington are developing a technology to securely send data through the human body rather than wires or the air. Passwords sent over insecure networks are liable to sniffing. This well-understood problem is most easily mitigated against using VPN technology but now security academics have taken a left-field approach to the same problem which also guards against the risk of vulnerabilities in custom radio protocols for wearables and implantables. The technology would work in conjunction with fingerprint sensors in the latest generation of smartphones. One use cited is opening a door fitted with an electronic smart lock. A user would touch the doorknob and the fingerprint sensor on their smartphone at the same time, with their credentials been transmitted through their body rather than over the air. The technology is not restricted by body type or posture, as a research paper by the researchers (abstract below) explains: We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Specifically, we show that commodity input devices such as fingerprint sensors and touchpads can be used to transmit information to only wireless receivers that are in contact with the body. We characterize the propagation of the resulting transmissions across the whole body and run experiments with ten subjects to demonstrate that our approach generalizes across different body types and postures. We also evaluate our communication system in the presence of interference from other wearable devices such as smartwatches and nearby metallic surfaces. Finally, by modulating the operations of these input devices, we demonstrate bit rates of up to 50 bits per second over the human body. The approach works because fingerprint sensors “produce characteristic electromagnetic signals at frequencies below 10 MHz” that propagate well through the human body. The researchers ran tests using iPhone 5s and iPhone 6s fingerprint sensors, the Verifi P5100 USB fingerprint scanner, and both Lenovo T440s and Adafruit touch pads. Interference from wearable or metallic objects a users might have about them (such as watches) wasn’t a problem. The data transmission rate achieved of just 25 bits per second, or “less than a quarter the speed of a 1950s modem”, as security blogger Bill Camarda notes, might well be a limitation though. “It’s a long way from a university research lab to your body, but if this proves out, multiple applications are possible,” Camarda adds in a post on the Sophos Naked Security blog. “Instead of manually typing in a secret serial number or password for wirelessly pairing medical devices such as glucose or blood pressure monitors with smartphones, a smartphone could directly transmit arbitrary secret keys through the human body. Of course, having your body as the transmission medium brings a whole new set of security concerns about man-in-the-middle attacks,” he concludes. ®

“Corporate troll” wins $3M verdict against Apple for ring-silencing patent

Enlarge / The iPhone 6S and 6S Plus and the sixth-generation iPod Touch were all introduced in Q4.Andrew Cunningham reader comments 58 Share this story A non-practicing entity called MobileMedia Ideas LLC won a patent lawsuit against Apple today, with a Delaware federal jury finding that Apple should pay $3 million (£2.3 million) for infringing MobileMedia's patent RE39,231, which relates to ring-silencing features on mobile phones. MobileMedia is an unusual example of the kind of pure patent-licensing entity often derided as a "patent troll." It is majority-owned by MPEG-LA, a patent pool that licenses common digital video technologies like H-264, MPEG-2, and MPEG-4. Minority stakes in MobileMedia are owned by Sony and Nokia, which both contributed the patents owned by the company. MobileMedia also has the same CEO as MPEG-LA, Larry Horn. The report of the verdict comes from legal newswire Law360.

The verdict form wasn't immediately available from PACER, the federal courts database. A $3 million verdict is hardly going to make an impact on Apple, and it doesn't represent a huge win for MobileMedia, which was reportedly seeking $18 million in royalties from the trial.
Still, getting a verdict in its favor does represent some validation of MobileMedia's business model, which was a striking example of technology corporations using the "patent troll" business model as a kind of proxy war. Nokia and Sony were able to use MobileMedia and the licensing talent at MPEG-LA to wage a patent attack on Apple without engaging directly in court. The battle ended up being a long one, as MobileMedia first filed the case in 2010.
It went to trial in 2012, and the jury found that Apple infringed three patents.

After reviewing post-trial motions, the judge knocked out some, but not all, of the infringed patent claims.

Then came an appeal in which a panel of Federal Circuit judges upheld (PDF) some of the lower court's judges and overturned others. In all, after years of back-and-forth, the ring-silencing patent was the one that MobileMedia had left. While Apple didn't win the case against one of the first "corporate trolls," it was able to severely pare down the scale of the attack and show that it's willing to fight a long legal war of attrition to make its point. The battle is likely not over, either. Most high-stakes tech patent cases are appealed to the Federal Circuit these days, and there's no reason to think that won't happen here. MobileMedia didn't immediately respond to a request for comment on its win. A small taste of what happened at trial can be gleaned from a Law360 report covering opening arguments on September 12. MobileMedia's attorney told the jury that the case was about “Sony’s invention from 1994 that is still being used." Apple's lawyer responded that Sony "never said one word to Apple" when the patent was in its hands.

iPhone passcode bypassed with NAND mirroring attack

EnlargeSergei Skorobogatov/YouTube reader comments 46 Share this story Passcodes on iPhones can be hacked using store-bought electronic components worth less than $100 (£77), according to one Cambridge computer scientist. Sergei Skorobogatov has demonstrated that NAND mirroring—the technique dismissed by James Comey, the director of the FBI, as unworkable—is actually a viable means of bypassing passcode entry limits on an Apple iPhone 5C. What's more, the technique, which involves soldering off the phone's flash memory chip, can be used on any model of iPhone up to the iPhone 6 Plus, which use the same type of LGA60 NAND chip. Later models, however, will require "more sophisticated equipment and FPGA test boards." In a paper he wrote on the subject, Skorobogatov, a Russian senior research associate at the Cambridge Computer Laboratory's security group, confirmed that "any attacker with sufficient technical skills could repeat the experiment," and while the technique he used is quite fiddly, it should not present too much of an obstacle for a well-resourced branch of law enforcement. The attack works by cloning the iPhone's flash memory chip. iPhones generally allow users six attempts to guess a passcode before locking them out for incrementally longer periods of time; by the complex process of taking the phone apart, removing its memory chip, and then cloning it, an attacker is able to have as many clusters of six tries as they have the patience to make fresh clones.
Skorobogatov estimates that each run of six attempts would take about 45 seconds, meaning that it would take around 20 hours to do a full cycle of all 10,000 passcode permutations.

For a six-digit passcode, this would grow to about three months—which he says might still be acceptable for national security. He demonstrated the fruits of his labour in a YouTube video, which clearly shows him making more than the regulation number of passcode entries by switching a fresh, identical chip into a physical port he'd attached to the phone he was attacking. "Because I can create as many clones as I want, I can repeat the process many many times until the passcode is found," he explained in the video.
NAND mirroring attack. Apple doesn't readily release the part numbers or wiring diagrams for the chips and circuits inside each iPhone, but the information is easy to find online (see the recent iPhone 7 teardown).

This information can be used to cleanly open the handset up and identify the location of the flash memory chip on its main board.

And while NAND flash memory manufacturers have so far managed to prevent the release of any documentation on how they actually work, it's possible to eavesdrop on their protocols and commands with an oscilloscope or a logic analyser. NAND memory is usually preferred to NOR memory on small devices due to its higher density and faster data-transfer rate, though it can only withstand tens of thousands of rewrites rather than hundreds of thousands for NOR, which complicates the hacking process. Despite the strength of the solder and epoxy which affixes the memory to the board, it proved relatively easy to separate the phone's NAND chip, provided a certain amount of care was taken.

From there, Skorobogatov attached an external connector for fresh chips, forcing him to painstakingly rewire the board to get the balance of voltages right once the components were in a different configuration. He then listened to the way the memory chip communicated with the rest of the device and spoofed the commands on a PC, "to support reading, erasing, and rewriting of the flash memory in a separate setup controlled... via a serial port." With this basis and a little refinement, it is possible for a determined hacker to use the technique to brute-force the re-engineered iPhone's passcode, giving full access without the possibility of overwriting the memory too much and changing vital information within. According to Skorobogatov, "the process does not require any expensive and sophisticated equipment." By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts.

This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5C.

Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection.

Also some reliability issues related to the NAND memory allocation in iPhone 5C are revealed. The demonstration should also please the FBI, which earlier this year tried and failed to persuade Apple to build backdoors for law enforcement into future versions of iOS, following a deadly shooting in San Bernardino, California, last December.

The FBI had wanted to access a phone taken from one of the killers, which was protected by a passcode; in March, Director Comey insisted that NAND mirroring "doesn't work." Eventually, the FBI paid a reported $1.3 million (£1 million) to a private security contractor to get into the phone—itself an iPhone 5C. iPhone models since the release of iPhone 6 Plus come with upgraded NAND memory chips, which Skorobogatov told Ars would require "an advanced team of researchers" to properly analyse. We don't know for sure if this attack will work for iPhone 7 therefore we're going to investigate this. However, due to more advanced NAND m-PCIe interface being used starting from iPhone 6S, more sophisticated equipment will be required to decode the protocol and talk to NAND. In order to analyse iPhone 7 for any threats an advanced team of researchers will be necessary, this of course requires substantial funding. Meanwhile, he said, "iPads use very similar hardware, hence models which are based on A6 SoC or previous generations should be possible to attack," though "newer versions will require further testing." And because Android phones are "normally based on standard NAND products, reading them and cloning should be easier because standard off-the-shelf programmes can be used." However, he added that it "all depends on particular implementations," as "NAND mirroring can be defeated." He included suggestions on how to defeat NAND mirroring in his paper. This post originated on Ars Technica UK

Mobile industry urges judges to overturn Berkeley’s radiation warning

Enlarge / The city of Berkeley, as seen in the foreground, looking west toward San Francisco.Daniel Parks reader comments 56 Share this story SAN FRANCISCO—Two titans of the legal world faced off Tuesday before the 9th Circuit Court of Appeals in a case that pits the cell phone industry against the city of Berkeley, California. If the court ends up reversing a lower court’s earlier decision and ruling in favor of CTIA - The Wireless Association, it would overturn a new Berkeley city law that aims to alert cell phone users about possible radiation risks by forcing retailers to post signs in their stores. That law went into effect earlier this year after the cell phone trade group sued to halt it.

Earlier this year, a federal judge ruled in favor of the defendants in CTIA v.

City of Berkeley
, allowing a municipal ordinance to stand, with one small revision. Enlarge / This photo showing the required warning was taken Monday at a cell phone store along Shattuck Avenue in downtown Berkeley. Rebecca Farivar The Cellular Telephone Industries Association (CTIA), meanwhile, has argued that this violates the industry’s First Amendment rights, as it compels speech. “This is confusing,” Ted Olson, a former solicitor general under the George W.

Bush administration, argued before the 9th Circuit on behalf of CTIA. “What the [Federal Communications Commission] says, your honors, with respect to its findings of cell phones used in the US is that they are safe. What Berkeley's message says is: ‘Watch out!’” Olson, who previously made similar arguments before the US District Court level, repeated his claim that this government-required notice was a “burden on speech.” “There’s a reason why Berkeley put the word ‘safety’ in there, it’s to send an alarm,” he said. Second time around The defendants countered with former presidential hopeful and rockstar Harvard law professor Lawrence Lessig.

The author of Code and Other Laws of Cyberspace, among other books, similarly repeated his own earlier arguments by saying that all that Berkeley does is to make more plain the existing radiation disclosures that are already mandated by the FCC. “Our position is that we are relying on a regulation of the FCC,” he told the 9th Circuit. “We don’t want to get into an argument about the science, we don’t think we should have to.

The standard of review should be that we should have a rational basis of review.” Specifically, one of the primary ways that radiation from a phone is measured is through something called the Specific Absorption Rate (SAR)—in other words, how fast a given amount of energy is absorbed by the human body, measured in watts per kilogram. Since 1996, the FCC has required that all cell phones sold in the United States not exceed a SAR limit of 1.6 watts per kilogram (W/kg), as averaged over one gram of tissue. On most phones, it’s not at all obvious what the SAR value for a given handset is. On the iPhone 6S Plus—the author’s phone—for instance, the information is buried four menus deep, and even then requires clicking yet another link. Back in 2010, the city and county of San Francisco passed a similar ordinance that required retailers to provide the SAR value for each display phone and related printed literature as to what that SAR value means.

The ordinance, which was signed into law by then-Mayor Gavin Newsom, would have imposed a fine of $500 for each violation.

The CTIA sued over that law and eventually prevailed at the 9th Circuit—San Francisco gave up after that. Berkeley’s law is much narrower and less burdensome than San Francisco's. What does “safe” mean, anyway? Enlarge / Larry Lessig spoke with reporters after the 9th Circuit hearing. Cyrus Farivar As Lessig spoke, 9th Circuit Judge William Fletcher seemed to suggest that he found Olson’s arguments persuasive. “I also think it is a fair inference from when the language starts out to assure safety, that if you don’t do this, it might well be unsafe.

The question is one of tone or implication,” Judge Fletcher said. “I read that language to say: ‘Uh oh, I’m in trouble if I put it in my pocket.’” He also pointed out early on, as Ars noted in May 2016, that a new $25 million, years-long US government study had finally found a clear connection between cell phone radiation and tumors in rats—striking fear in the hearts of gadget lovers worldwide. However, Judge Fletcher did not mention what Ars further reported: that this study was full of red flags and shouldn’t be viewed as fully conclusive. Large and comprehensive works indicate that any potential risks take decades to be felt, and cell phones simply haven't been in use long enough for us to know for sure. The other judges did not obviously indicate how they might be leaning. As Ars also reported previously, it's important to note that there really isn’t any current science to support the need for the warnings Berkeley is mandating.

There's no well-described mechanism by which non-ionizing radiation can induce long-term biological changes, although it can cause short-term heating of tissues.

There are also no clear indications that wireless hardware creates any health risks in the first place, which raises questions of what, exactly, the city's legislation was supposed to accomplish. Following the conclusion of the hearing, Olson declined to take questions from reporters outside the courthouse. Lessig, for his part, took a few questions. “Our view was that it’s important that jurisdictions have the ability to regulate without requiring a huge factual finding, spending tens or hundreds of thousands of dollars in order to support the regulation,” Lessig said. “I’ve always said this case is not about the science.
It’s about the ability of a government to issue safety warnings without bearing this incredible burden that typically happens when you try to restrict somebody’s speech.

That’s why the case, our brief says: what this case is really about is, you can think of it as a multinational corporate veto on the right of a city to regulate.

Because if cities like Berkeley fear that they’re going to have a lawsuit funded by a multinational corporation against them every time they have a safety warning—they will just stop having safety warnings.

Because they can’t afford to be litigating First Amendment cases every time they want to say something might be unsafe.” The court is expected to rule within the coming months.