Google is warning of a sophisticated new spyware campaign that has seen malicious actors steal sensitive data from Android and iOS users in Italy and Kazakhstan. On Thursday, the company’s Threat Analysis Group (TAG) shared its findings on RCS Labs, a commercial spyware vendor based out of Italy.
On June 16th, security researchers at Lookout linked the firm to Hermit, a spyware program believed to have been first deployed in 2019 by Italian authorities as part of an anti-corruption operation. Lookout describes RCS Labs as an NSO Group-like entity. The firm markets itself as a “lawful intercept” business and claims it only works with government agencies. However, commercial spyware vendors have come under intense scrutiny in recent years, largely thanks to governments using the Pegasus spyware to target activists and journalists.
According to Google, Hermit can infect both Android and iOS devices. In some instances, the company’s researchers observed malicious actors work with their target’s internet service provider to disable their data connection. They would then send the target an SMS message with a prompt to download the linked software to restore their internet connection. If that wasn’t an option, the bad actors attempted to disguise the spyware as a legitimate messaging app like WhatsApp or Instagram.
What makes Hermit particularly dangerous is that it can gain additional capabilities by downloading modules from a command and control server. Some of the addons Lookout observed allowed the program to steal data from the target’s calendar and address book apps, as well as take pictures with their phone’s camera. One module even gave the spyware the capability to root an Android device.
Google believes Hermit never made its way to the Play or App stores. However, the company found evidence that bad actors were able to distribute the spyware on iOS by enrolling in Apple’s Developer Enterprise Program. Apple told The Verge that it has since blocked any accounts or certificates associated with the threat. Meanwhile, Google has notified affected users and rolled out an update to Google Play Protect.
The company ends its post by noting the growth of the commercial spyware industry should concern everyone. “These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” the company said. “While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians.”
Apple plans to release a “deluge” of new products this fall and in the first half of 2023, according to Bloomberg’s Mark Gurman. And while many of the devices the company is reportedly working on won’t come won’t come as much of a surprise, one is interesting.
In his latest Power On newsletter, Gurman reports Apple is readying a new HomePod speaker that will look and sound similar to the original 2018 model. As you may recall, the company discontinued the HomePod in 2021 without announcing a direct replacement. If you want a smart speaker with Siri built-in, your only option at the moment is the $99 HomePod mini.
According to Gurman, the new model will feature Apple’s forthcoming S8 chip and an updated display on the top of the speaker that may include multi-touch functionality. For context, the HomePod mini features an S5 chip, suggesting the new model will come with more processing power. Presumably, Apple also plans to price the speaker more competitively than it did the 2018 model. At $349, the HomePod was one of the more expensive smart speakers you could buy at the time, and it never felt like it lived up to that price.
Outside of an updated HomePod, Gurman says Apple is working on at least four new Mac models and an AirPods Pro refresh, among other devices. You can find the full details of Apple’s near-term product roadmap, “one of the most ambitious” in the company’s recent history, on Bloomberg.
Abusive Valorant players could soon have their verbal tirades come back to haunt them.In a blog post published on Friday, Riot Games outlined a plan to begin monitoring in-game voice chat as part of a broader effort to combat disruptive behavior within its games.
On July 13th, the studio will begin collecting voice data from Valorant games played in North America. According to Riot, it will use the data to get its AI model “in a good enough place for a beta launch later this year.” During this initial stage, Riot says it won’t use voice evaluation for disruptive behavior reports.
“We know that before we can even think of expanding this tool, we’ll have to be confident it’s effective, and if mistakes happen, we have systems in place to make sure we can correct any false positives (or negatives for that matter),” the studio said.
Some players will likely bristle at the thought of Riot listening in on their voice comms, much like they did when the company introduced Vanguard, its kernel-level anti-cheat software. But Riot says it sees voice evaluation as a way for it to “collect clear evidence” against players who take to comms to abuse and harass their teammates. The tool will also give the studio something it can point to when it provides sanctioned players with feedback.
“This is brand new tech and there will for sure be growing pains,” Riot said. “But the promise of a safer and more inclusive environment for everyone who chooses to play is worth it.”
The skies overhead could soon be filled with constellations of commercial space stations occupying low earth orbit while human colonists settle the Moon with an eye on Mars, if today's robber barons have their way. But this won't result in the same freewheeling Wild West that we saw in the 19th century, unfortunately, as tomorrow's interplanetary settlers will be bringing their lawyers with them.
In their new book, The End of Astronauts: Why Robots Are the Future of Exploration, renowned astrophysicist and science editor, Donald Goldsmith, and Martin Rees, the UK's Astronomer Royal, argue in favor of sending robotic scouts — with their lack of weighty necessities like life support systems — out into the void ahead of human explorers. But what happens after these synthetic astronauts discover an exploitable resource or some rich dork declares himself Emperor of Mars? In the excerpt below, Goldsmith and Rees discuss the challenges facing our emerging exoplanetary legal system.
Almost all legal systems have grown organically, the result of long experience that comes from changes in the political, cultural, environmental, and other circumstances of a society. The first sprouts of space law deserve attention from those who may participate in the myriad activities envisioned for the coming decades, as well, perhaps, from those who care to imagine how a Justinian law code could arise in the realm of space.
Those who travel on spacecraft, and to some degree those who will live on another celestial object, occupy situations analogous to those aboard naval vessels, whose laws over precedents to deal with crimes or extreme antisocial behavior. These laws typically assign to a single officer or group of officers the power to judge and to inflict punishment, possibly awaiting review in the event of a return to a higher court. This model seems likely to reappear in the first long-distance journeys within the solar system and in the first settlements on other celestial objects, before the usual structure of court systems for larger societies appears on the scene.
As on Earth, however, most law is civil law, not criminal law. A far greater challenge than dealing with criminal acts lies in formulating an appropriate code of civil law that will apply to disputes, whether national or international, arising from spaceborne activities by nations, corporations, or individuals. For half a century, a small cadre of interested parties have developed the new specialty of “space law,” some of which already has the potential for immediate application. What happens if a piece of space debris launched by a particular country or corporation falls onto an unsuspecting group of people or onto their property? What happens if astronauts from different countries lay claim to parts of the moon or an asteroid? And most important in its potential importance, if not in its likelihood: who will speak for Earth if we should receive a message from another civilization?
Conferences on subjects such as these have generated more interest than answers. Human exploration of the moon brought related topics to more widespread attention and argument. During the 1980s, the United Nations seemed the natural arena in which to hash them out, and those discussions eventually produced the outcomes described in this chapter. Today, one suspects, almost no one knows the documents that the United Nations produced, let alone has plans to support countries that obey the guidelines in those documents.
Our hopes for achieving a rational means to define and limit activities beyond our home planet will require more extensive agreements, plus a means of enforcing them. Non-lawyers who read existing and proposed agreements about the use of space should remain aware that lawyers typically define words relating to specialized situations as “terms of art,” giving them meanings other than those that a plain reading would suggest.
For example, the word “recovery” in normal discourse refers to regaining the value of something that has been lost, such as the lost wages that arise from an injury. In more specialized usage, “resource recovery” refers to the act of recycling material that would otherwise go to waste. In the vocabulary of mining operations, however, “recovery” has nothing to do with losing what was once possessed; instead, it refers to the extraction of ore from the ground or the seabed. The word’s gentle nature contrasts with the more accurate term “exploitation,” which often implies disapproval, though in legal matters it often carries only a neutral meaning. For example, in 1982 the United Nations Convention on the Law of the Sea established an International Seabed Authority (ISA) to set rules for the large portion of the seabed that lies beyond the jurisdiction of any nation. By now, 168 countries have signed on to the convention, but the United States has not. According to the ISA’s website, its Mining Code “refers to the whole of the comprehensive set of rules, regulations and procedures issued by ISA to regulate prospecting, exploration and exploitation of marine minerals in the international seabed Area.” In mining circles, no one blinks at plans to exploit a particular location by extracting its mineral resources. Discussions of space law, however, tend to avoid the term “exploitation” in favor of “recovery.”
Meta has told employees not to discuss the Supreme Court’s recent ruling to overturn Roe v. Wade, according to The New York Times. Pointing to a May 12th memo it shared after a draft of Friday’s decision was leaked by Politico, the company has deleted messages on its internal communication tools that mention the topic. In the document, the social media giant reportedly said it “would not allow open discussion” about abortion within the workplace due to “a heightened risk of creating a hostile work environment.”
One employee took to LinkedIn to voice their frustration with the situation. “On our internal Workplace platform, moderators swiftly remove posts or comments mentioning abortion,” said software engineer Ambroos Vaes. “Limited discussion can only happen in groups of up to 20 employees who follow a set playbook, but not out in the open.” Meta did not immediately respond to Engadget’s request for comment.
On Friday, Meta also told employees it would reimburse the travel expenses of employees in need of access to out-of-state healthcare and reproductive services “to the extent permitted by law.” That’s a policy many tech companies, including Google, had in place before Friday’s decision and that they reiterated after the Supreme Court announced its ruling on Dobbs v. Jackson Women’s Health Organization.
Friday’s action wasn’t the first time Meta moved to prevent its employees from dicussing a contentious topic at the workplace. The company updated its Respectful Communication Policy following the murder of George Floyd in 2020. At the time, the company told employees they could no longer discuss political and social issues in company-wide Workplace channels.
FromSoftware fans may not have to wait years before they get the chance to play the company’s next game. In a recent Japanese-language interview translated by Gematsu, Elden Ringdirector and From president Hidetaka Miyazaki said his studio’s next game is in “the final stages” of development. Miyazaki shared the tidbit in response to a question about a previous interview he gave in 2018.
New interview with FROM Software's Hidetaka Miyazaki
- an unannounced project is in the final stages of development - Miyazaki intends to continue to focus on directing games and is already working on his next game - ER will receive more updateshttps://t.co/x07L4qlCpqpic.twitter.com/mUUmbSlNMS
At the time, he told 4Gamer.net thatFromSoftware was working on “three-and-a-half games.” Since then, the studio has released all but one of those projects. In 2018, we got Sekiro: Shadows Die Twice and PSVR exclusive Déraciné. This year, From came out with Elden Ring, leaving only one of the projects Miyazaki mentioned in 2018 unaccounted for. "Development is currently in the final stages," he told 4Gamer.net this week when asked about the state of that game.
Miyazaki didn’t go on to share any other details on the project. However, some fans, citing a Resetera leak from January, have speculated the unannounced game could be a new entry in From’s long-running Armored Core series. The studio hasn't released a new mainline entry in the franchise since 2012. In the same interview, Miyazaki also said he was already working on his next game as director, and that he would like to create a "more abstract fantasy" title in the future.
Google will allow employees to move between states in response to the Supreme Court’s decision to overturn Roe v. Wade. In an email obtained by The Verge, the company’s chief people officer, Fiona Cicconi, said workers could “apply for relocation without justification,” and that those managing the requests would be “aware of the situation.” We’ve reached out to Google to find out if the company amended its relocation policy in response to Friday’s decision. Cicconi also reminded workers Google’s employee benefits plan covers medical procedures that aren’t available in the state where they live and work.
“This is a profound change for the country that deeply affects so many of us, especially women. Everyone will respond in their own way, whether that’s wanting space and time to process, speaking up, volunteering outside of work, not wanting to discuss it at all, or something else entirely,” Cicconi says in the email. “Everyone will respond in their own way, whether that’s wanting space and time to process, speaking up, volunteering outside of work, not wanting to discuss it at all, or something else entirely.”
The Supreme Court’s decision to overturn Roe v. Wade as part of its ruling in Dobbs v. Jackson Women’s Health Organization eliminated the constitutional right to abortion. According to an analysis published by The New York Times in May, as many as 28 states could either ban or severely restrict access to abortions in the days and weeks ahead. Some states like Texas had so-called trigger laws in place that went into effect immediately following Friday’s decision.
The effects of such a monumental shift in American politics have been felt across tech. Mere hours after the Supreme Court announced its decision, Flo, one of the most widely used period tracking apps, said it would introduce a new “anonymous mode” in response to privacy concerns following the ruling. Some companies like Meta have also reportedly told employees not to openly discuss the ruling.
Apple will reportedly not challenge the recent vote by employees at its Towson Town Center retail location in Maryland to unionize. Citing a “person familiar with the company’s plans,” Reuters reports the tech giant will participate in the bargaining process “in good faith.” Apple declined to comment on the report.
On June 19th, workers at the Towson Town Center Apple Store voted overwhelmingly in favor of joining of International Association of Machinists and Aerospace Workers. Of the approximately 110 employees who were eligible to participate in the election, 65 voted yes. Towson Town Center was the first Apple retail location in the US to vote on unionization after organizers at a store in Georgia called off an election over intimidation claims.
If the reporting from Reuters is accurate and Apple does not plan to challenge the Towson vote, the company’s approach would put it at odds with much of corporate America. Amazon, for instance, quickly came out against the historic vote at its JFK8 facility in Staten Island, saying it would appeal the result over allegations the Amazon Labor Union had intimidated workers and committed “electioneering.” Even if their appeals are ultimately thrown out, companies will typically challenge union votes as a way to delay the bargaining process and pour water on other organizing efforts.
A group of Democratic senators is urging the Federal Trade Commission to investigate Apple and Google over their collection of mobile users' information. In a letter addressed to FTC Chair Lina Khan, the lawmakers — Senators Ron Wyden, Elizabeth Warren, Cory A. Booker and Sara Jacobs — accuse the tech giants of "engaging in unfair and deceptive practices by enabling the collection and sale of hundreds of millions of mobile phone users' personal data." They added that the companies "facilitated these harmful practices by building advertising-specific tracking IDs into their mobile operating systems."
The senators specifically mentioned in their letter how individuals seeking abortions will become particularly vulnerable if their data, especially their location information, is collected and shared. They wrote the letter shortly before the Supreme Court officially overturned Roe v. Wade, making abortion immediately illegal in states with trigger laws. They explained that data brokers are already selling location information of people visiting abortion providers. The senators also stressed how that information can now be used by private citizens incentivized by "bounty hunter" laws targeting individuals seeking an abortion.
Android and Google were built with tracking identifiers that are used for advertising purposes. While the identifiers are supposed to be anonymous, the senators said data brokers are selling databases linking them to consumer names, email addresses and telephone numbers. Apple rolled out an update for iOS last year to implement stricter app tracking privacy measures, requiring apps to ask for permission before collecting users' unique Identification for Advertisers device code.
Google, they said, still enables that tracking identifier by default. The company previously introduced features to make it harder to track users across apps, though, and it recently vowed to refine Privacy Sandbox on Android, "with the goal of introducing new, more private advertising solutions." The tech giant told Ars Technica: "Google never sells user data, and Google Play strictly prohibits the sale of user data by developers... Any claims that advertising ID was created to facilitate data sale are simply false."
Despite the solutions the companies had introduced, the lawmakers said they'd already caused harm. They're now asking the FTC to look into the role Apple and Google played in "transforming online advertising into an intense system of surveillance that incentivizes and facilitates the unrestrained collection and constant sale of Americans’ personal data."
Wyden and 41 other Democratic lawmakers also urged Google last month to stop collecting and keeping location data that could be used against people who've had or are seeking abortions. More recently, another group of lawmakers led by Sen. Mark Warner and Rep. Elissa Slotkin asked the company to "crack down on manipulative search results" that lead people seeking abortions to anti-abortion clinics" instead.
In this installment of Recommended Listening, Freakonomics Radio begins a three-part series on all things blockchain. The podcast will tackle everything from Bitcoin and cryptocurrencies to NFTs and the technology that powers it all.
Shaw takes us inside Spotify's big spending spree, from what was happening behind the scenes, the decision to hand Joe Rogan a mountain of money and a rift between the company and the Obamas over content. "All told, the Obamas recorded about 15 hours of audio for Spotify," he explains. "Technically, they fulfilled their deal, but their output was less than what Rogan releases in a couple of weeks."
The story behind the company that created the Good Grips handle and took over the kitchen "for customers of differing abilities and confidence levels," becoming the top culinary gadget maker in terms of market share.
