Best Buy, Target, Walmart, others to take on Google Wallet

A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.

The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.

Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.

Researchers at the University of California San Diego have shown for the first time that Bluetooth signals each have an individual, trackable, fingerprint.

In a paper presented at the IEEE Security and Privacy Conference last month, the researchers wrote that Bluetooth signals can also be tracked, given the right tools.

However, there are technological and expertise hurdles that a miscreant would have to clear today to track a person through the Bluetooth signals in their devices, they wrote.

Opinion It has been 14 years since Apple opened its App Store with its shiny shopfront of tempting toys and gloomy back office of rules and rentier revenues, but only now has the proposed EU Digital Markets Act threatened to end Apple's web browser engine monopoly. 

And even then, it's only by 2024, when the App Store will celebrate its 16th birthday. Nobody ever accused market regulators of warp speed.

You'd be forgiven for remembering a much earlier monopoly browser decision, that of Microsoft's bundling of Internet Explorer with Windows. The courts alleged that was (US v Microsoft Corp) that illegal and Microsoft finally settled in 2001, nine years after antitrust investigations had started into the company. Not that it made much difference, with only one update to Internet Explorer in the next four years due to lack of competition. As the web went wild, browser innovation stalled. 

From May 2019 through August 2020, the mobile app published by multinational restaurant chain Tim Hortons surveilled customers constantly by gathering their location data without valid consent, according to a Canadian government investigation.

In a report published Wednesday, Office of the Privacy Commissioner (OPC) of Canada and the privacy commissioners from three provinces – Alberta, British Columbia, and Quebec – presented the results of an inquiry that began shortly after the publication of a June 2020 National Post article.

That article revealed the Tim Hortons app tracked location data every few minutes even when relegated to the background, and the report compiled by Canadian privacy officials confirmed as much.

First Look The /e/ Foundation's de-Googled version of Android 10 has reached the market in a range of smartphones aimed at the privacy-conscious.

The idea of a privacy-centric version of Android is not new, and efforts to deliver are becoming friendlier all the time. The Register interviewed the founder of the /e/ Foundation in 2020, and reported on /e/ OS doing rather well in privacy tests the following year. Back then, the easiest way to get the OS was to buy a Fairphone, although there was also the option of reflashing one of a short list of supported devices.

Now there's another option: a range of brand-new Murena phones. The company supplied The Register with a Murena One for review, with a pre-release version of the /e/ OS installed.

WWDC Apple this week at its Worldwide Developer Conference delivered software development kits (SDKs) for beta versions of its iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 platforms.

For developers sold on seeking permission from Apple to distribute their software and paying a portion of revenue for the privilege, it's a time to celebrate and harken to the message from the mothership.

While the consumer-facing features in the company's various operating systems consist largely of incremental improvements like aesthetic and workflow enhancements, the developer APIs in the underlying code should prove more significant because they will allow programmers to build apps and functions that weren't previously possible. Many of the new capabilities are touched on in Apple's Platforms State of the Union presentation.

There are lots of software keyboards for smartphones and tablets alike, but one stands head and shoulders above the rest… However you can't have it.

Last year, Microsoft bought Nuance for just shy of $20 billion, mainly for its voice-to-text tools. Nuance also owned Swype, which it killed off in 2018. Microsoft, meanwhile, also owns Swiftkey, which it still offers.

The Reg liked both. We called Swype "The world's fastest text entry system", and said that Swiftkey's predictive engine was so good it was a "psychic keyboard."

Right-to-repair advocates are applauding the passage of New York's Digital Fair Repair Act, which state assembly members approved Friday in a 145–1 vote.

The law bill, previously green-lit by the state senate in a 49-14 vote, now awaits the expected signature of New York Governor Kathy Hochul (D).

Assuming the New York bill becomes law as anticipated, it will be the first US state legislation to address the repairability of electronic devices. A week ago, a similar right-to-repair bill died in California due to industry lobbying.

While Apple has, temporarily at least, backed away from last year's plan to run client-side scanning (CSS) software on customers' iPhones to detect and report child sexual abuse material (CSAM) to authorities, European officials in May proposed rules to protect children that involve the same highly criticized approach.

The European Commission has suggested several ways to deal with child abuse imagery, including scanning online private communication and breaking encryption. It has done so undeterred by a paper penned last October by 14 prominent computer scientists and security experts dismissing CSS as a source of serious security and privacy risks.

In response, a trio of academics aims to convey just how ineffective and rights-violating CSS would be to those who missed the memo the first time around. And the last time, and the time before that.

India's government has reportedly started probes into the local activities of Chinese tech companies Vivo and ZTE, prompting a rebuke from China's foreign ministry.

As was the case when Indian authorities seized $725 million from Chinese gadget-maker Xiaomi, the investigations focus on possible irregular financial reporting that may amount to fraud, according to newswire Bloomberg's original report on the matter.

A Bloomberg reporter asked about the state of the investigations at the daily press conference staged by China's Ministry of Foreign Affairs, which produces a transcript of each day's event.