An anonymous reader quotes a report from Bloomberg: Facebook Inc. is working on a video chat device for the home -- the first major hardware product from its experimental Building 8 lab. Featuring a laptop-sized touchscreen, the device represents a new product category and could be announced as soon as next spring's F8 developer conference, according to people familiar with the matter. They say the large screen and smart camera technology could help farflung people feel like they're in the same room, which aligns with Chief Executive Officer Mark Zuckerberg's mission of bringing Facebook users closer together. The device is in the prototype phase but is already being tested in people's homes. Geared to the living room, the video chat device will feature a wide-angle camera lens, microphones and speakers that are all powered by artificial intelligence to boost performance, the people said. A version of the device in testing includes a thin, vertical stand that holds a large touchscreen measuring between 13 and 15 inches diagonally, the people said. Facebook has considered running a version of the Android operating system on its device instead of building its own core operating system, according to the people. Facebook is testing a feature that would allow the camera to automatically scan for people in its range and lock onto them, one of the people said. Facebook is also working on a standalone smart speaker to compete with the Amazon Echo and Google Home, reports Bloomberg. The social media giant is "hiring Apple veterans to help create a Siri-style voice assistant that would run on both devices."

Apple reported a 7.2% rise in quarterly revenue on Tuesday, thanks to better-than-expected sales of its iPhones. "The company said iPhone sales rose 1.6% to 41.03 million in the third quarter ended July 1, above analysts' average estimate of 40.7 million units," reports Fortune. "Apple sold 40.4 million iPhones a year earlier." From the report: Apple's shares rose 4% in after-hours trading on Tuesday to $ 156.00. Many customers wait for Apple to launch its new smartphones before deciding on upgrading or replacing their current devices, which usually results in iPhone demand tapering in the months before a release. The company forecast total revenue of between $49 billion and $52 billion for the current quarter, while analysts on average were expecting $49.21 billion, according to Thomson Reuters I/B/E/S. Analysts on average expect the company to sell 45.55 million iPhones in the current quarter, according to FactSet. Apple sold 45.51 million iPhones in the year-ago quarter.

Orome1 shares a report from Help Net Security: New research released by MWR InfoSecurity reveals how attackers can compromise the Amazon Echo and turn it into a covert listening device, without affecting its overall functionality. Found to be susceptible to a physical attack, which allows an attacker to gain a root shell on the Linux Operating Systems and install malware, the Amazon Echo would enable hackers to covertly monitor and listen in on users and steal private data without their permission or knowledge. By removing the rubber base at the bottom of the Amazon Echo, the research team could access the 18 debug pads and directly boot into the firmware of the device, via an external SD card, and install persistent malware without leaving any physical evidence of tampering. This gained them remote root shell access and enabled them to access the "always listening" microphones. Following a full examination of the process running on the device and the associated scripts, MWR's researchers investigated how the audio media was being passed and buffered between the processes and the tools used to do so. Then they developed scripts that leveraged tools embedded on the device to stream the microphone audio to a remote server without affecting the functionality of the device itself. The raw data was then sampled via a remote device, where a decision could then be made as to play it out of the speakers on the remote device or save the audio as a WAV file. The vulnerability has been confirmed to affect the 2015 and 2016 editions of the device. The 2017 edition of the Amazon Echo is not vulnerable to this physical attack. The smaller Amazon Dot model also does not carry the vulnerability. More technical details can be found here.

HomePod's firmware has revealed several new features coming to the upcoming iPhone, such as a tap to wake function, facial expression and attention detection, and virtual home button. "Apple accidentally released the firmware over the weekend resulting in a frenzy of analysis about previously unknown features," reports The Verge. From the report: Developers including Steve Troughton-Smith and Guilherme Rambo have been tweeting their findings, notably the discovery of the new iPhone's bezel-less screen design. They've also concluded that the resolution for the iPhone 8 could be as much of a visual leap forward from current-generation iPhones as the iPhone 4's Retina display was from the original iPhone. Apple is using codenames for both its face recognition feature and the bezel-less phone, called "Pearl ID" and "D22" respectively. A potential "attention detection" feature is also mentioned in the code, with some speculating that may mean the phone will remain silent for notifications if it knows you're looking at the screen already. Facial references such as "mouthstretch," "mouthsmile," and "mouthdimple" were also found, which are most likely a nod to Apple's rumored facial recognition feature that can even detect faces in the dark using infrared. A tap to wake feature has also been discovered, and should be similar to the Windows Phone function that allows users to double-tap the screen to wake the phone.

Former Google senior vice president of Social, Vic Gundotra, said that Android phones are years behind the iPhone when it comes to photography. In a Facebook post, Gundotra said: "The end of the DSLR for most people has already arrived. I left my professional camera at home and took these shots at dinner with my iPhone 7 using computational photography (portrait mode as Apple calls it). Hard not to call these results (in a restaurant, taken on a mobile phone with no flash) stunning. Great job Apple." 9to5Mac reports: In response to a comment suggesting that the Samsung S8 camera was even better, Business Insider spotted that Gundotra disagreed. He said that not only was Apple way ahead of Samsung, but Android was to blame. From Gundotra's Facebook post: "I would never use an Android phone for photos! Here is the problem: It's Android. Android is an open source (mostly) operating system that has to be neutral to all parties. This sounds good until you get into the details. Ever wonder why a Samsung phone has a confused and bewildering array of photo options? Should I use the Samsung Camera? Or the Android Camera? Samsung gallery or Google Photos? It's because when Samsung innovates with the underlying hardware (like a better camera) they have to convince Google to allow that innovation to be surfaced to other applications via the appropriate API. That can take YEARS. Also the greatest innovation isn't even happening at the hardware level -- it's happening at the computational photography level. (Google was crushing this 5 years ago -- they had had 'auto awesome' that used AI techniques to automatically remove wrinkles, whiten teeth, add vignetting, etc... but recently Google has fallen back). Apple doesn't have all these constraints. They innovate in the underlying hardware, and just simply update the software with their latest innovations (like portrait mode) and ship it. Bottom line: If you truly care about great photography, you own an iPhone. If you don't mind being a few years behind, buy an Android."

An anonymous reader quotes a report from The Daily Beast: Officials seized Trump protesters' cell phones, cracked their passwords, and are now attempting to use the contents to convict them of conspiracy to riot at the presidential inauguration. Prosecutors have indicted over 200 people on felony riot charges for protests in Washington, D.C. on January 20 that broke windows and damaged vehicles. Some defendants face up to 75 years in prison, despite little evidence against them. But a new court filing reveals that investigators have been able to crack into at least eight defendants' locked cell phones. Now prosecutors want to use the internet history, communications, and pictures they extracted from the phones as evidence against the defendants in court. [A] July 21 court document shows that investigators were successful in opening the locked phones. The July 21 filing moved to enter evidence from eight seized phones, six of which were "encrypted" and two of which were not encrypted. A Department of Justice representative confirmed that "encrypted" meant additional privacy settings beyond a lock screen. For the six encrypted phones, investigators were able to compile "a short data report which identifies the phone number associated with the cell phone and limited other information about the phone itself," the filing says. But investigators appear to have bypassed the lock on the two remaining phones to access the entirety of their contents.

randomErr shares a report from TechCrunch: Mobile chip maker Qualcomm wants to enable deep learning-based software development on all kinds of devices, which is why it created the Neural Processing Engine (NPE) for its Snapdragon-series mobile processors. The NPE software development kit is now available to all via the Qualcomm Developer Network, which marks the first public release of the SDK, and opens up a lot of potential for AI computing on a range of devices, including mobile phones, in-car platforms and more. The purpose of the framework is to make possible UX implementations like style transfers and filters (basically what Snapchat and Facebook do with their mobile app cameras) with more accurate applications on user photos, as well as other functions better handled by deep learning algorithms, like scene detection, facial recognition, object tracking and avoidance, as well as natural language processing. Basically anything you'd normally route to powerful cloud servers for advanced process, but done locally on device instead.

An anonymous reader quotes a report from Ars Technica: Aviation security officials will begin enhanced screening measures of passengers' electronics at US airports, the Transportation Security Administration announced Wednesday. Travelers must remove electronics larger than a mobile phone from their carry-on bags and "place them in a bin with nothing on top or below, similar to how laptops have been screened for years. This simple step helps TSA officers obtain a clearer X-ray image," the TSA announced amid growing fears that electronic devices can pose as homemade bombs. The TSA was quick to point out that the revised security measures do not apply to passengers enrolled in the TSA Precheck program.

"Whether you're flying to, from, or within the United States, TSA is committed to raising the baseline for aviation security by strengthening the overall security of our commercial aviation network to keep flying as a safe option for everyone," TSA Acting Administrator Huban A. Gowadia said. "It is critical for TSA to constantly enhance and adjust security screening procedures to stay ahead of evolving threats and keep passengers safe. By separating personal electronic items such as laptops, tablets, e-readers and handheld game consoles for screening, TSA officers can more closely focus on resolving alarms and stopping terror threats."

A new USB specification has been introduced today by the USB 3.0 Promoter Group, which is comprised of Apple, HP, Intel, Microsoft, and other companies. The new USB 3.2 specification will replace the existing 3.1 specification and will double data rates to 20Gbps using new wires available if your device embraces the newest USB hardware. Mac Rumors reports: An incremental update, USB 3.2 is designed to define multi-lane operation for USB 3.2 hosts and devices. USB Type-C cables already support multi-lane operation, and with USB 3.2, hosts and devices can be created as multi-lane solutions, allowing for either two lanes of 5Gb/s or two lanes of 10Gb/s operation. With support for two lanes of 10Gb/s transfer speeds, performance is essentially doubled over existing USB-C cables. As an example, the USB Promoter Group says a USB 3.2 host connected to a USB 3.2 storage device will be capable of 2GB/sec data transfer performance over a USB-C cable certified for USB SuperSpeed 10Gb/s USB 3.1, while also remaining backwards compatible with earlier USB devices. Along with two-lane operation, USB 3.2 continues to use SuperSpeed USB layer data rates and encoding techniques and will introduce a minor update to hub specifications for seamless transitions between single and two-lane operation.

According to an instructor at Stanford, eight universities in addition to Stanford will offer a Hacking for Defense class this year: Boise State, Columbia, Georgetown, James Madison, the University of California at San Diego, the University of Pittsburgh, the University of Southern California, and the University of Southern Mississippi. IEEE Spectrum reports: The class has spun out Hacking for Diplomacy, Hacking for Energy, and other targeted classes that use the same methodology. The snowballing effort is now poised to get a big push. This month, the U.S. House of Representatives passed an amendment originated by Rep. Dan Lipinski (D-Ill.) to support development of curriculum, best practices, and recruitment materials for the program to the tune of $15 million (a drop in the $700 billion defense budget but a big deal for a university program). In arguing for the amendment, Lipinski said, "Rapid, low-cost technological innovation is what makes Silicon Valley revolutionary, but the DOD hasn't historically had the mechanisms in place to harness this American advantage. Hacking for Defense creates ways for talented scientists and engineers to work alongside veterans, military leaders, and business mentors to innovate solutions that make America safer."

An anonymous reader quotes a report from Bleeping Computer: Chinese authorities in the province of Xinjiang are forcing locals of the Uyghur Muslim minority to install an app on their phones that will allow the government to scan their device for "terrorist propaganda," local media reports. In reality, the app creates MD5 hashes for the user's files and matches them against a database of known terrorist content. The app also makes copies of the user's Weibo and WeChat databases and uploads it to a government server, along with the user's IMEI, IMSI, and WiFi login information. The app is called Jingwang (Citizen Safety) and was developed by police forces from Urumqi, Xinjiang's capital. Authorities launched the app in April, and also included the ability to report suspicious activity to the police. At the start of July, Xinjiang officials started sending WeChat messages in Uyghur and Chinese to locals, asking them to install the app or face detainment of up to 10 days. Police have also stopped people on the street to check if they installed the app. Several were detained for refusing to install it. Locals are now sharing the locations of checkpoints online, so others can avoid getting arrested.

chicksdaddy shares a report from The Security Ledger: Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms, The Security Ledger reports. The "World Health Information Security Testing Labs (or "WHISTL") will adopt a model akin to the Underwriters Laboratory, which started out testing electrical devices, and focus on issues related to cyber security and privacy, helping medical device makers "address the public health challenges" created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium. "MDISS WHISTL facilities will dramatically improve access to medical device security know-how while protecting patient privacy and the intellectual property of our various stakeholders," said Dr. Nordenberg, MD, Executive Director of MDISS.

The labs will be one of the only independent, open and non-profit network of labs specifically designed for the needs of medical field, including medical device designers, hospital IT, and clinical engineering professionals. Experts will assess the security of medical devices using standards and specifications designed by testing organizations like Underwriters Labs. Evaluations will include application security testing like "fuzzing," static code analysis and penetration testing of devices. Any vulnerabilities found will be reported directly to manufacturers in accordance with best practices, and publicly disclosed to the international medical device vulnerability database (MDVIPER) which is maintained by MDISS and the National Health Information Sharing and Analysis Center (NH-ISAC). The group says it plans for 10 new device testing labs by the end of the year including in the U.S. in states like New York to Indiana, Tennessee and California and outside North America in the UK, Israel, Finland, and Singapore. The WHISTL facilities will work with Underwriters Labs as well as AAMI, the Association for the Advancement of Medical Instrumentation. Specifically, MDISS labs will base its work on the UL Cybersecurity Assurance Program specifications (UL CAP) and follow testing standards developed by both groups including the UL 2900 and AAMI 80001 standards.

The OnePlus 5, dubbed "the best sub-$500 phone you can buy" when it launched, is having a few problems. Earlier this month, some owners of the new device complained about a weird jelly-like effect that appears when scrolling through apps. OnePlus went on to claim that the effect is normal and not the result of any manufacturing issues. Now, a handful of users are reporting that the OnePlus 5 will reboot itself once 911 is called, preventing them from reaching emergency services. The Verge reports: Reddit user Nick Morrelli noticed the glitch after he tried to call 911 to report a building fire in Seattle, and other users have reported that the OnePlus 5 is unable to dial 911 (or 999 in the UK, as another user reported) without rebooting. While most users haven't reported having the issue, any percentage of devices not being able to reach emergency services is a major issue for OnePlus. In a statement to The Verge, OnePlus says it's looking into the problem. "We have contacted the customer and are currently looking into the issue. We ask anyone experiencing a similar situation to contact us at support@oneplus.net."

New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.

According to The Information, Amazon may give developers access to your private Alexa audio recordings. Until now, Amazon has not given third-party developers access to what you say to the voice assistant, while Google has with its Google Home speaker. Engadget reports: So far, Alexa developers can only see non-identifying information, like the number of times you use a specific skill, how many times you talk to your Echo device and your location data. The Information reports that some developers have heard from Amazon representatives about more access to actual transcripts, though how and how much wasn't discovered. If developers knew what exactly is being said to their skills, they could make adjustments based on specific information.

As we near the launch of the next iPhone, rumors are swirling about what it may feature. One of the most recent reports comes from developer and blogger John Gruber, who claims the iPhone 8 will have a starting price of around $1200. 9to5Mac reports: He last week said that he believed that what we've been referring to as the iPhone 8 would be called the iPhone Pro and that he actually hoped it would be really expensive: "I hope the iPhone Pro starts at $1500 or higher. I'd like to see what Apple can do in a phone with a higher price." As you might imagine, that generated quite a bit of discussion. Gruber has backed down somewhat from this position, and is now suggesting a starting point of around $1200: "$1,500 as a starting price is probably way too high. But I think $1,200 is quite likely as the starting price, with the high-end model at $1,300 or $1,400." His argument is effectively that Apple is constrained in what it can do in a phone because any technology included in the phone has to be available in huge volumes. If it were willing to sell fewer at a higher price, then it would have more options. There has been speculation that Gruber may have been tipped by Apple, and using his posts to prepare the ground for what would otherwise be a severe case of sticker shock. But Gruber denied this. If Apple does launch the iPhone 8 with a 4-figure price tag, would you buy it?

Fitbit has published the results of a study that uses their longitudinal sleep database to analyze millions of nights of Sleep Stages data to determine how age, gender, and duration affect sleep quality. (Sleep Stages is a relatively new Fitbit feature that "uses motion detection and heart rate variability to estimate the amount of time users spend awake in light, deep, and REM sleep each night.") Here are the findings: The average Fitbit user is in bed for 7 hours and 33 minutes but only gets 6 hours and 38 minutes of sleep. The remaining 55 minutes is spent restless or awake. That may seem like a lot, but it's actually pretty common. That said, 6 hours and 38 minutes is still shy of the 7+ hours the the CDC recommends adults get. For the second year in a row Fitbit data scientists found women get about 25 minutes more sleep on average each night compared to men. The percentage of time spent in each sleep stage was also similar -- until you factor in age. Fitbit data shows that men get a slightly higher percentage of deep sleep than women until around age 55 when women take the lead. Women win when it comes to REM, logging an average of 10 more minutes per night than men. Although women tend to average more REM than men over the course of their lifetime, the gap appears to widen around age 50.

WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a simple DLL file.
Step 2: CIA operative deploys ELSA implant on target's Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim's PC.
Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network.
Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information.
Step 5: The CIA operative connects to the target's computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools.
Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.

An anonymous reader quotes a report from The Verge: The United States will require foreign airports to implement stricter security practices and screenings for any passengers headed to the U.S. John Kelly, the U.S. secretary of Homeland Security, announced today that the new measures were being put in place. Though he didn't go into specifics, Kelly said the new requirements would include further screenings of electronics, more thorough vetting of passengers, and measures meant to stop "insider attacks." The U.S. is also encouraging the use of more bomb-detecting dogs, "advanced checkpoint screening technology," and the addition of "preclearance" locations, which station U.S. customs officers overseas, allowing them to screen passengers before boarding instead of after they land. One thing Kelly didn't announce was an expansion of the tablet and laptop ban, which is currently in effect on flights from 10 airports in the Middle East and North Africa. If airports don't comply with the new screening rules, Kelly said, they may be subject to additional electronics bans. But for the time being, it sounds like the ban will be kept to those 10 locations. According to Reuters, airlines have 21 days to comply with the new rules for explosives screenings and four months to comply with everything else.

Samsung Electronics has agreed to open a $380 million home appliance manufacturing plant in Newberry County, South Carolina. The new plant is expected to generate 954 local jobs by 2020. CNBC reports: The South Korean firm said this year it was in talks to build a home appliances plant in the United States amid worries about protectionist policies under U.S. President Donald Trump put pressure on global companies to generate jobs in the country. "With this investment, Samsung is reaffirming its commitment to expanding its U.S. operations and deepening our connection to the American consumers, engineers and innovators," Samsung Electronics America President and CEO Tim Baxter said.