The UpStream

A new iPhone jailbreak is unpatchable on all affected devices

posted Friday Sep 27, 2019 by Scott Ertz

A new iPhone jailbreak is unpatchable on all affected devices

It is not unusual for companies to discover software vulnerabilities. The thing that makes software great is that it can be patched if an issue is discovered so that the issue can be mitigated. However, a hardware-level vulnerability is far less common and even harder to repair. This is the situation that Apple has found itself in, as a hardware-level vulnerability has been discovered and actively exploited in a wide range of iPhones.

Devices sporting the Apple A5 through A11 processors, meaning the iPhone 4S through the iPhone X and a variety of iPads, are vulnerable to this issue, dubbed checkm8. The issue involves the devices' bootloader, which is the mobile equivalent of a desktop computer's BIOS. Unlike a BIOS, an Apple bootloader is not able to be updated, which means that the exploit is permanent and unfixable. This means that it exists in the wild on these devices forever.

The issue was reported and exploited by Twitter user axi0mX, along with an open-source project to take advantage of the exploit. While the majority of the issues are simply going to annoy Apple, some of them are legitimate problems. On the casual side, iPhones are now able to run operating systems other than Apple's iOS, including Android. Through this new feature, d potentially breathe new life into older devices. For example, the iPhone 4S maxes out at iOS 9, but the hardware could potentially support far newer Android builds especially Android Go.

On the negative side, however, is the potential for security issues. With access to the bootloader, it is possible that some personal data on the device could be vulnerable. Of course, this means that the hacker would require physical access to the device, but it is still possible. The need to have access to the device could potentially reignite a mostly dead market of stolen phones.

TiVo is testing adding additional ads to DVR content before video

posted Saturday Sep 21, 2019 by Scott Ertz

TiVo is testing adding additional ads to DVR content before video

You've used your DVR to record a television program with the hopes of watching the show without commercials. You turn on your TV, fire up the DVR, and start your show. As the show starts, a pre-roll ad runs that isn't part of the original broadcast. You leave the show and come back, and a different ad is played before the episode. This is new behavior and one that is not in the spirit of the DVR that you are using.

This new behavior is a beta feature being tested by TiVo on a small number of users' devices. The existence of this new "feature" came to light thanks to a post on the TiVo forum, where a user described a similar experience to the one at the top of this article. Originally, the forum responded with confusion, as no one else had seen this behavior. Eventually, a few other members said that they had experienced the same thing and were as confused as the original poster.

This new move comes just days after a report that TiVo was working on a new offering called TiVo Plus, something mentioned by CEO Dave Shull in passing, without context or details beyond saying that it "better integrates new streaming services" into the company's other offerings. It is possible that this trial could be part of that new roll-out. With a name like Plus, it suggests that there is now a lower-level offering that Plus will make better. In the case of Hulu and Hulu Plus (before the former was retired and the Plus was removed), Hulu was a free, highly ad-supported offering with content being made available later than the Plus version. Those details could easily be applied to a DVR product, with a Standard TiVo offering hosting a pre-roll ad, and a Plus version removing that advertisement.

Facebook suspends tend of thousands of apps over privacy concerns

posted Saturday Sep 21, 2019 by Scott Ertz

Facebook suspends tend of thousands of apps over privacy concerns

No one could confuse Facebook with a company focused on privacy. In fact, over the past few years, the company has become the poster child for big tech violating the privacy of its users. Since the Cambridge Analytica controversy, the company has been forced to take a step back and reevaluate the way they do business. This has involved heavily researching the way their websites, apps, and APIs are used by third parties.

The first big move they made was against a company that was using an Instagram feature which showed photos based on location to track people's movements. When they found out what was happening, Instagram shut off access to the data. This was just the beginning, as the company has announced it has suspended tens of thousands of apps on the Facebook platform over privacy concerns.

All of this is part of Facebook's App Developer Investigation, which is a direct response to Cambridge Analytica. The program has analyzed millions of apps and "of those, tens of thousands have been suspended for a variety of reasons while we continue to investigate." It is important to note that the suspended apps do not mean that they are gone for god, or that the apps actually violated any privacy rules. Instead, the suspensions are temporary because the apps were suspicious and require further investigation. After that investigation completes, a permanent decision will be made.

While the majority of the connected apps have been suspended, some have gone farther, based on data acquired during the search. The company has banned a collection of high-profile apps, including one from a South Korean data collection firm similar to Cambridge Analytica. They have also filed suit against "two Ukranian men" for survey scraping, again similar to Cambridge Analytica.

The apps currently under investigation are ones that, like the apps that led to Cambridge Analytica, exist within the confines of the Facebook platform. Those include apps like Facebook games, survey apps, etc. External apps, like those which allow you to log in via Facebook, are not currently under the company's magnifying glass. That is because most of these apps ask for access to basic data, like name and email address. However, there is a realistic chance that they will be the next round of investigation.

French court rules that Steam violates EU law with resale ban

posted Saturday Sep 21, 2019 by Scott Ertz

French court rules that Steam violates EU law with resale ban

While the gaming industry has moved almost entirely to a digital distribution model, there is one clear advantage to physical media: resale. GameStop's business model may have created a bad taste in some people's mouths over the concept, but in reality, the ability to trade or sell a game with a friend or family members is a big selling point for buying games on a disc. Many of the digital distribution systems, Steam included, prevent the resale of games, but that may be about to change, thanks to a French court.

According to French site Numerama, a recent ruling says that Steam violates European Union law by outlawing digital game resales. According to the law that is cited, the EU requires "the free movement of goods within the Union." It prohibits a company from disallowing the resale of products and, with this ruling, it is now applied to digital goods as well as physical. The court has given Steam's parent company Value three months to resolve the issue or face an outright ban in the country, though a real-world solution will likely take longer to implement.

Obviously, Value will appeal the ruling. In a statement to Polygon, a spokesperson said,

We disagree with the decision of the Paris Court of First Instance and will appeal it. The decision will have no effect on Steam while the case is on appeal.

So, during the appeals process, Value will make no required changes to the Steam platform or company policies. However, if the appeals process fails, they will be required to offer a game resale option through their platform. If it comes to fruition, there would be little reason for them to limit the capability just to the EU, but Valve is not known for doing the rational thing. They prefer to be in charge and go out of their way to protect that stance, so we may never see the feature leave the EU if it happens at all.

AT&T claims that customers must arbitrate over sold location data

posted Saturday Sep 21, 2019 by Scott Ertz

AT&T claims that customers must arbitrate over sold location data

For many years, wireless carriers have included a clause in their wireless contracts that requires subscribers to waive their right to sue for damages and, instead, agree to arbitration. This option has not often been enforced, because the legal standing on force arbitration is sticky, to say the least. A case that landed in the California Supreme Court in 2017 ended with a ruling that stated,

an arbitration agreement that waives the right to seek the statutory remedy of public injunctive relief in any forum is contrary to California public policy and therefore unenforceable.

This situation has created a legal for AT&T, who is currently trying to enforce the arbitration clause in a case that surrounds location data. The company has been sued by a group of people who are upset that AT&T sold users' real-time location data. The case is a class-action, representing the whole of AT&T subscribers by a subset represented by Electronic Frontier Foundation (EFF) attorneys. The EFF argues that the forced arbitration clause is invalid because of the California Supreme Court ruling, while AT&T has filed a motion to compel arbitration, claiming that the ruling is invalid.

The issue at the heart of the case is an important on. AT&T sold location data for subscribers through two location data aggregators: LocationSmart and Zumigo. The company has ended the practice, but not before violating the privacy and potentially the safety of their subscribers. According to the lawsuit,

Despite vowing to its customers that it does not "sell [their" class="UpStreamLink"> Personal Information to anyone for any purpose," AT&T has been selling its customers' real-time location data to credit agencies, bail bondsmen, and countless other third parties without the required customer consent and any legal authority. AT&T's practice is an egregious and dangerous breach of Plaintiffs' and all AT&T customers' privacy, as well as a violation of state and federal law.

It seems that AT&T knows that the only way for them to avoid a major legal embarrassment is to avoid the lawsuit in the first place. Unfortunately for them, and luckily for customers, there is little chance the arbitration clause will be nullified.

California passes new law that could effectively end the gig economy

posted Saturday Sep 14, 2019 by Scott Ertz

California passes new law that could effectively end the gig economy

The gig economy is the basis for companies like Uber, Lyft, Instacart, Postmates, TaskRabbit, etc. The idea is that you can sign up to be a contractor for the company, setting your hours and working within your confines. You're never required to do a job, and your payment is entirely dependent on how much work you take on. Think of an Uber driver, who is allowed to work when is convenient for them and take or skip any ride that is offered to them. The gig economy has grown into a major player in the market over the past few years and shows no signs of slowing down. Unfortunately, one US state is making it more difficult for those companies to exist.

California has long been known for making it difficult for businesses to thrive. Over the past few years, even their main industry of entertainment has begun to head to better locations, including Georgia and Toronto. Silicon Valley has started to look for alternatives, as well, with some companies moving to other states, and other companies looking for homes abroad.

Continuing this tradition, California is working to pass a new law that risks the future of the gig economy in the state. The law would require companies that use contractors as a core part of their business to treat those contractors as employees. This would mean that companies would be required to abide by minimum wage standards, completely negating the concept of the gig economy.

While the law is still awaiting a signature from Governor Gavin Newsom, it is expected that he will sign it. If the bill becomes law, it could significantly change the way companies such as Uber and Lyft operate in the state. Rather than drivers getting to set their hours, their hours will be set by someone at the company. They won't be able to skip rides, and will likely be assigned rides. Drivers will also be assessed based on performance. All of this will be necessary to be able to pay for the increased costs of treating these contractors like employees.

Both Uber and Lyft have vowed to fight the legislation, both petitioning the Governor and preparing for a possible ballot initiative fight. If all is lost, it would not be a surprise to see these companies, and other gig-economy players, leave the state entirely.

We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats