back to article It's 2018 and your Macs, iPhones can be pwned by playing evil music

Apple has released security patches for iOS and macOS that include, among other things, Meltdown and Spectre fixes. The new versions should be installed as soon as possible. On macOS, the update will be delivered as High Sierra 10.13.3 or Security Update 2018-001 for Sierra and El Capitan machines. Headlining the security …

  1. theharddick
    Facepalm

    "....HomePod, a $349 smart speaker...."

    So Apple expects the fanbois to <I>pay</I> to have their every utterance spied on and dissected for marketing info? What do they think the fanbois are, Googlistas?

    1. Tim99 Silver badge
      Coat

      Re: "....HomePod, a $349 smart speaker...."

      So the Google Home fandroids got their kit for free?

      1. 45RPM Silver badge

        Re: "....HomePod, a $349 smart speaker...."

        @Tim99

        You say ‘Free’. In fact they had to hand over a minimal amount of dough, and then allow Google access to all private conversations in any room where a google device is installed, including those held by people who may not have a google account.

        Your best bet is to put on an ElWisty voice and plan crimes and world domination whenever you see on of these devices (as long as it’s not yours, of course)

        1. BebopWeBop
          Trollface

          Re: "....HomePod, a $349 smart speaker...."

          Well while I like the idea of using someone uses device (especially if you don't like them) a quick correlation of voice signatures across multiple devices, coupled with a little correlation of social media will probably identify you anyway :-(

          On a somewhat tangential note, one of my acquaintance's partners has an 'Echo' and the house has been blackballed by a number of us unless it is unplugged and powered down when we are in the house. He has a thick skin and am curious to see what some alternative social pressure might persuade him to do.

  2. Stevie

    Bah!

    So do I still have to play my Sabbaff recordings backwards to let the evil out or do they now ex-evilate in forward gear too?

    Sssaaaabbafffffffff. SABBAFF!

  3. 45RPM Silver badge

    So is this a case of n bugs squashed and replaced by n+1 new bugs? /cynicism

    I like macOS (and iOS), but some of the bugs that have caught Apple out recently have been a bit obvious. When the console fills up with errors reporting what seems to be an indexing error in Apple OS date handling (13 months a year!?), one does have to wonder how it slipped through unnoticed.

    On the other hand, Apples response to Spectre and Meltdown has been excellent (ahem - if the fixes work!)

  4. Anonymous Coward
    Anonymous Coward

    I do hope the hackers show some respect and only use the "evil music" bug with bands that you haven't heard of but are cool with beards and 1990's pants.

  5. Frenchie Lad

    Dream On Apple

    No intention of replacing Alexa by a HomePod - Dream on Apple (& Google as well).

    1. Anonymous Coward
      Anonymous Coward

      Re: Dream On Apple

      I guess that you have bought into the Amazon system then? Have you looked at how much of your life is being sent to Bezos and Co?

      It might be worth thinking again about these 'home assistants'.

      I'm not going to plug one as being better than any of the rest as I simply don't know, don't care and won't be having any of that **** in my home.

      Yours

      Joe Luddite.

      1. Warm Braw

        Re: Dream On Apple

        It might be worth thinking again

        The up-front cost of these devices is eventually irrelevant, it's the revenue from ongoing subscriptions that's significant. Of particular note is that all of those Alexa "skills" (and their equivalents) have to run in the cloud somewhere and someone has to pay for that. Amazon is currently swallowing the cost of the basic built-in capabilities, but the only logical long-term economic model would require you to pay a monthly subscription for the benefit of being able to turn your lights on and off and another one to view your doorbell and another one to use your security camera and another one...

        Amazon and Google obviously decided they needed to sell devices cheaply to overcome consumer resistance - Apple cracked that problem years ago.

        1. Naselus

          Re: Dream On Apple

          "but the only logical long-term economic model would require you to pay a monthly subscription for the benefit"

          Have you heard of Facebook? Noticed they don't charge a monthly subscription since they can make their money by selling your marketable information instead?

          That's the business model for all the home assistants. Amazon isn't going to charge you a subscription for Alexa, because the data it's mining is worth far, far more than that. Honestly, they just can't believe that they don't have to pay YOU.

      2. Anonymous Coward
        Anonymous Coward

        Re: Dream On Apple

        I guess that you have bought into the Amazon system then? Have you looked at how much of your life is being sent to Bezos and Co?

        It might be worth thinking again about these 'home assistants'.

        I'm not going to plug one as being better than any of the rest as I simply don't know, don't care and won't be having any of that **** in my home.

        Yours

        Joe Luddite.

        I have 3 in the house, they are welcome to listen in on me if they want, the walls on my "new build" are that thin my neighbours can hear me anyway.

    2. Anonymous Coward
      Anonymous Coward

      Re: Dream On Apple

      Google and Amazon make money by collecting data to use to deliver ads, and by selling stuff and taking a small cut on each sale, respectively. They can sell these devices at cost or even at a loss and still make money. Apple is only making money on the hardware sale, so they can't compete on price and target the mass market like the others do. Google and Amazon's strategy relies on selling as many as possible, Homepod can be successful even if it never gets more than the 5-15% market share the Mac and iPhone have.

      I'm still skeptical about these devices in general, I have no desire to have anyone's in my home. Even ignoring the privacy concerns, these things can't do anything your phone can't do. Oh yeah, you can come up with corner cases like asking it to turn on your lights when you have your hands full with groceries and can't get your phone out of your pocket but if I felt that problem was big enough I needed to spend money to solve it I'd install a motion activated light between the garage and kitchen...

      1. Naselus

        Re: Dream On Apple

        "Homepod can be successful even if it never gets more than the 5-15% market share the Mac and iPhone have."

        Can it, though?

        The very minimal number of decent use-cases for home assistants means that a $350 price tag is hard to justify. Everything else in the same space costs half as much.

        Then we have the other factors. Siri is pretty widely recognized to be the weakest of the voice assistants - and by a very wide margin, being less capable of recognizing questions than any of the other main contenders and even less able to answer them. And Apple are entering the market from way behind here, into a space where the opposition have much larger, well-developed app ecosystems - which is not one of their strengths. Apple are good at entering a market early and leveraging their marketing muscle and design chops to dominate early. They're pretty bad at competing in an established marketplace, particularly one where they have a clear quality disadvantage over competitors.

        This strikes me as the equivalent of Microsoft's efforts to break into the mobile phone market - coming in late and badly overpriced, with little third party support in place and no real quality advantage to make it stand out against cheaper and more mature rivals.

        1. Mad Hacker

          Re: Dream On Apple

          You say:

          Siri is pretty widely recognized to be the weakest of the voice assistants - and by a very wide margin, being less capable of recognizing questions than any of the other main contenders and even less able to answer them.

          While I agree that's what everyone says I have an Alexa speaker in my kitchen and she seems worse than Siri at following commands. Maybe I ask harder things of a speaker than a phone.

          You say:

          And Apple are entering the market from way behind here, into a space where the opposition have much larger, well-developed app ecosystems - which is not one of their strengths. Apple are good at entering a market early and leveraging their marketing muscle and design chops to dominate early.

          I'm not sure I agree with you. The iPhone wasn't the first smartphone and everyone expected Apple to fail. The iPod wasn't the first MP3 player, etc. etc. In general I'd say Apple waits to get a product right and enters markets where they feel the existing products can be outdone. I'm not a huge fan of my Alexa speaker so that might be the case although aside from general improvements in accuracy and capability/skills I cannot envision how much they can surpass the competition.

          Don't get me wrong. I'm not sold on a $350 speaker and this could be Apple's next iPod Hi-Fi

          1. Naselus

            Re: Dream On Apple

            "While I agree that's what everyone says I have an Alexa speaker in my kitchen and she seems worse than Siri at following commands."

            The statistics don't lie. Voice assistants are measured on two metrics - question recognition (the ability to recognize that a question is, in fact, a question), and ability to answer (the capacity to provide a correct answer to a question).

            Google dominates - it has a score of roughly 80/80. Cortana follows on about 60/70, with Alex coming in third at 20/60. Siri languishes at 20/20, barely better than Samsung's dire Bixby (about 20/15). Apple really haven't made much progress in the area, while all the major competitors have done much better - probably directly because Apple is much less interested in compiling large amounts of useful training data, while Google, Amazon and Microsoft all already had large databases available for the purpose and an incentive to increase those databases for other business interests (Search businesses, online shopping, advertizing revenue etc).

            "In general I'd say Apple waits to get a product right and enters markets where they feel the existing products can be outdone. "

            Apple does best in immature markets. The iPhone wasn't the first smartphone, but the smartphone market barely existed prior to 2007. The iPod wasn't the first MP3 player, but the MP3 market was tiny and reliant on stolen media prior to 2004. Apple is undeniably very, very good at moving into an immature market and dominating it for a few years, before losing market share to a competitor who is willing to play the commodity game (Wintel in PCs, Android in phones/tablets, generic competitors in MP3 players prior to streaming destroying the whole market). They're also very, very good at building ancillary markets onto an existing one - think iTunes for the iPod, the App store for phones. First mover advantage on those creates the lock-in effect that Apple relies on to extract maximum value from a marketplace before abandoning it and moving on to the next Big Thing.

            Unfortunately, they've missed the boat with home assistants. The underlying economics don't add up - even with a decent speaker attached, home assistants will only ever be sensibly priced for consumers when subsidized by datamining - and their rivals have mature app/skill stores and, quite frankly, just plain better tech, which is improving faster, at a lower price.

      2. insane_hound

        Re: Dream On Apple

        Do you genuinely believe that Apple is:

        "only making money on the hardware sale"

        Of course they look to monetise your information, perhaps they are not as efficient at it as Google and Amazon.

        1. Anonymous Coward
          Anonymous Coward

          @insane_hound

          How could Apple possibly make money from your personal information? They don't sell ads like Google does, and they don't sell products (other than their own, and I guess a handful of third party stuff they sell in the stores)

          There's no way to monetize personal information without one of the two. In a way they have monetized personal information a little, by mentioning privacy a selling point for their products - that they DON'T collect all that info on you like others do.

          They'd probably make more noise about that if there were more people who actually care about privacy, but the number of drooling morons who willingly put Google's and Amazon's always-on spies in their home shows there probably aren't a lot of privacy minded people out there. I guess that's why the US government is able to keep doubling down on spying of citizens and everyone mostly shrugs...

          1. Naselus

            Re: @insane_hound

            "(other than their own, and I guess a handful of third party stuff they sell in the stores)"

            Uh, has someone forgotten what the App store is...?

    3. Anonymous Coward
      Anonymous Coward

      Re: Dream On Apple

      I had an Alexa, but sold it on, and replaced it with a Google Home, it's vastly superior in pretty much every way, notably IOT support, and ability to support free music streaming and not just pay stuff like Alexa.

  6. Anonymous Coward
    Anonymous Coward

    handle with care

    If it's known to be a cheesecake how can it be UFO? Unless what's unidentified is the means by which the cheesecake is flying. Perhaps cheesecakeupm would be better, for Unidentified Propulsion Mechanism?

  7. The Alphabet

    *picks up my iPhone 5C, checks for updates*

    "Your software is up to date"

    I guess the security on my iPhone doesn't matter too much.

    This isn't a jab at Apple either, as my Nexus 6 never received November 2017 patches (meaning it wasn't patched for blueborne). But note that both Apple and Google (and every other phone manufacturer) make careful attempts to avoid saying clearly what devices will not see an update.

    1. 45RPM Silver badge

      @The Alphabet

      Except that they do say clearly which devices will get an update (and therefore, by a remarkably simple process of deduction (if it ain't listed, it ain't gettin' in), which devices won't). Taking iOS, for example, you can see what qualifies for an update here: https://www.apple.com/ios/ios-11/

      Now you could argue that Apple has it easy, and you'd be right. Apple makes all iOS devices and, in theory, all Macs too. They have a much simpler job of qualifying devices than Google or Microsoft. Apple can, and does, categorically say which devices are compatible. Microsoft can only offer generalities (although, in fairness, those generalities are usually pretty good). And, owing to the way that Android phones are build to the very loosest possible specification, Google would have a hell of a job to list all compatible devices - an impossible task.

      You might also argue that Apple should, on obsolete devices, put up a message saying 'your device isn't up to date, but it's the best it can be. If you want it to be up to date then you'll need to shell out another £600'. But that smacks of 'ner-ner-ner-ner-ner' and would be bound to land them in all sorts of trouble with the seedier side of link-bait journalism. If I were in Apple's position I'd probably do exactly what they are doing. Put all relevant information in an easily accessible website, and signal that a device is up to date if its running the latest possible software for that device.

      1. The Alphabet

        That site you refer to states which devices gets the update, not that devices which are labelled obsolete cannot get any security updates on them even if the patches are released right after EOL.

        Having to work out which are EOL ourselves is not the same as just plain saying "these devices will not get security patches no matter the severity of the issue".

        Google themeslves could have easily said "the Nexus 6 will not be patched for this bug" (which was the last EOL Nexus before blueborne) but opted to stay silent.

    2. Anonymous Coward
      Anonymous Coward

      " But note that both Apple and Google (and every other phone manufacturer) make careful attempts to avoid saying clearly what devices will not see an update."

      False:

      https://support.google.com/nexus/answer/4457705?hl=en#pixel_phones

  8. Craigie

    a maliciously crafted audio file

    Was it Bieber?

  9. John 110
    Trollface

    Everything...

    ...since 1975 has been evil music...

    1. 45RPM Silver badge

      Re: Everything...

      Same with cars. Same with computers. Same with food. When I were a lad we was appy t pile into the Allegro an' breakdown repeatedly ont way t Bejam for frozen prawn cocktails for us birthdee treat supper, and to get replacement valves for ma 'n' pa's Ferranti Mk 1. We was so happy that we used to sing 'Chirpy Chirpy Cheep Cheep' all t way cos radio were broken.

      Aye. Music were better in them days.

    2. FozzyBear

      Re: Everything...

      have to disagree there.

      1977 was one of the best years for music.

      Fleetwood mac

      Sex pistols

      pink floyd

      david bowie

      ac/dc

      Some of the most iconic music/songs ever.

  10. Androgynous Cupboard Silver badge

    It's 2018 and your article titles are getting a little repetitive

    Just sayin'

    1. sabroni Silver badge

      Re: It's 2018 and your article titles are getting a little repetitive

      Whereas "just sayin'" never gets old......

  11. Anonymous Coward
    Anonymous Coward

    11.25 updated here

    and now my iPhone8 runs like total dog shite. I guess those spectre and meltdown patches don't play nicely with Apple's custom designs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like