Sources say China used iPhone hacks to target Uyghur Muslims

A number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims, TechCrunch has learned.

Sources familiar with the matter said the websites were part of a state-backed attack — likely China — designed to target the Uyghur community in the country’s Xinjiang state.

It’s part of the latest effort by the Chinese government to crack down on the minority Muslim community in recent history. In the past year, Beijing has detained more than a million Uyghurs in internment camps, according to a United Nations human rights committee.

Google security researchers found and recently disclosed the malicious websites this week, but until now it wasn’t known who they were targeting.

The websites were part of a campaign to target the religious group by infecting an iPhone with malicious code simply by visiting a booby-trapped web page. In gaining unfettered access to the iPhone’s software, an attacker could read a victim’s messages, passwords, and track their location in near-real time.

Apple fixed the vulnerabilities in February in iOS 12.1.4, days after Google privately disclosed the flaws. News of the hacking campaign was first disclosed by this week.

These websites had “thousands of visitors” per week for at least two years, Google said.

After we published, Forbes confirmed our reporting and said the same websites targeting iPhones were also used to target Android and Windows users. That suggests the campaign targeting Uyghurs was far broader in scope than Google initially disclosed.

Victims were tricked into opening a link, which when opened would load one of the malicious websites used to infect the victim. It’s a common tactic to target phone owners with spyware.

One of the sources told TechCrunch that the websites also infected non-Uygurs who inadvertently accessed these domains because they were indexed in Google search, prompting the FBI to alert Google to ask for the site to be removed from its index to prevent infections.

A Google spokesperson would not comment beyond the published research. A FBI spokesperson said they could neither confirm nor deny any investigation, and did not comment further.

Google faced some criticism following its bombshell report for not releasing the websites used in the attacks. The researchers said the attacks were “indiscriminate watering hole attacks” with “no target discrimination,” noting that anyone visiting the site would have their iPhone hacked.

But the company would not say who was behind the attacks.

Apple did not comment. An email requesting comment to the Chinese consulate in New York was unreturned.

Updated with additional information from Forbes following our initial report. 


Source: Tech Crunch

Tesla’s Model 3 interior (even the steering wheel) is now 100% leather-free

Tesla said Saturday that its Model 3 interiors are now completely free of leather, fulfilling a promise made by CEO Elon Musk at this year’s annual shareholder meeting.

Tesla has been closing in on a leather-free interior for a couple of years now. But a sticking point was the steering wheel, which Musk made mention of at the company’s shareholder meeting in June in response to a request from PETA activist.

I believe we were close to having a non-heated steering wheel, that’s not leather,” Musk said at the time.There are some challenges when when heat the non-leather material and also how well it wears over time.”

Musk said Model Y and Model 3 would be vegan by 2020. He wasn’t sure if the company would be able to meet that same goal for the Model S and X.

 

 

Activist shareholders made a proposal in 2015 that Tesla no longer use animal-derived leather in the interiors of its electric vehicles by 2019. While stockholders rejected that proposal, Tesla did begin rolling out more “vegan” interior components in its cars.

The company began by offering leather-free seats as an option. Two years ago, Tesla made the synthetic material standard in its Model 3, Model X and Model S vehicles.


Source: Tech Crunch

Apple products under pricing pressure as new 15% tariffs drop Sunday

A new 15% tariff on Chinese imports will go in effect just after midnight Sunday, placing levies on hundreds of household goods and consumer tech, including a bevy of Apple products.

The tariffs, put in place by President Donald Trump as part of an escalating tit-for-tat trade war with China, were entered into the Federal Register on Friday.

Apple, the largest U.S. technology company by market cap, has its products assembled in China by Foxconn and then ships them to consumers all over the world. The Apple Airpods, Apple Watch and accompanying Apple Watch bands and the Apple Homepod are all products subject to the higher tariffs beginning Sunday. The iPhone doesn’t appear to be impacted this round, but could be subject to tariffs that begin Dec. 15.

Apple is hardly the only electronics company — most of which have final assembly in China — to be affected by the tariffs. TVs, speakers, digital cameras, lithium-ion batteries and flash drives are just a few of consumer electronics that will be subjected to a 15% tariff beginning Sunday. But the higher tariffs do threaten to give rival Samsung an edge.

The new higher tariffs come just a few weeks since Apple CEO Tim Cook met with Trump to argue that such a move would benefit its No. 1 competitor Samsung.

The 15% tariff will affect about $112 billion of Chinese goods, lower than the original list of $300 billion imports. Last week, the U.S. Trade Representative office modified the original list, either delaying tariffs on some products until December 15 or removing some goods altogether.

Despite the lower number, the impact is still expected to pinch companies importing products from China. The complete list of products affected by the 15% tariffs is 122 pages long. And eventually, that pain — aka higher prices — will be passed onto consumers.

Apple has not said whether it will increase prices of its products. Analysts from JP Morgan expect Apple to absorb the costs.

Tariffs have already had a cost, according to the Consumer Tech Association. Since July 2018, Section 301 tariffs on China have cost the consumer tech industry over $10 billion, including $1 billion on 5G-related products, the CTA said.

In total, American taxpayers have paid over $27 billion in extra import tariffs from the beginning of the trade war in 2018 through June of this year, most of which can be attributed to the U.S.-China trade war, according to U.S. Census information provided by the Information Technology Industry Council (ITI).

Another 30% tariff on about $250 billion of goods is expected to begin October 1.


Source: Tech Crunch

Apple still has work to do on privacy

There’s no doubt that Apple’s self-polished reputation for privacy and security has taken a bit of a battering recently.

On the security front, Google researchers just disclosed a major flaw in the iPhone, finding a number of malicious websites that could hack into a victim’s device by exploiting a set of previously undisclosed software bugs. When visited, the sites infected iPhones with an implant designed to harvest personal data — such as location, contacts and messages.

As flaws go, it looks like a very bad one. And when security fails so spectacularly, all those shiny privacy promises naturally go straight out the window.

And while that particular cold-sweat-inducing iPhone security snafu has now been patched, it does raise questions about what else might be lurking out there. More broadly, it also tests the generally held assumption that iPhones are superior to Android devices when it comes to security.

Are we really so sure that thesis holds?

But imagine for a second you could unlink security considerations and purely focus on privacy. Wouldn’t Apple have a robust claim there?

On the surface, the notion of Apple having a stronger claim to privacy versus Google — an adtech giant that makes its money by pervasively profiling internet users, whereas Apple sells premium hardware and services (including essentially now ‘privacy as a service‘) — seems a safe (or, well, safer) assumption. Or at least, until iOS security fails spectacularly and leaks users’ privacy anyway. Then of course affected iOS users can just kiss their privacy goodbye. That’s why this is a thought experiment.

But even directly on privacy, Apple is running into problems, too.

 

To wit: Siri, its nearly decade-old voice assistant technology, now sits under a penetrating spotlight — having been revealed to contain a not-so-private ‘mechanical turk’ layer of actual humans paid to listen to the stuff people tell it. (Or indeed the personal stuff Siri accidentally records.)


Source: Tech Crunch

Original Content podcast: Netflix’s new ‘Dark Crystal’ is a visual delight, no nostalgia needed

“The Dark Crystal: Age of Resistance” returns viewers to the world of Thra — a distant, magical planet ruled over by the sinister, long-lived Skeksis, who have lied their way into ownership of the titular crystal and dominance of the elf-like Gelflings.

The series is a prequel to Jim Henson and Frank Oz’s 1982 film “The Dark Crystal” — but two out of your three hosts at the Original Content podcast haven’t seen the original movie, so our opinions weren’t colored by nostalgia.

Like the Henson/Oz film, “Age of Resistance” relies on sophisticated puppetry to bring a complex fantasy world to life. It’s genuinely dazzling, with sprawling cities, steampunk machinery and all manner of fantasy creatures all fully realized, and often captured in fast-moving scenes of kinetic action.

On the other hand, for some of us, the puppetry wasn’t quite up to the task when the show got darker and more serious. It’s hard to care about family drama and romance when your lead characters have limited facial mobility, or to feel the weight of the show’s numerous death scenes (we’re not talking “Game of Thrones”-level here, but still) when the person dying is played by puppet.

To balance out our fantasy-heavy review, we kick things off by catching up on what Jordan and Darrell think of the latest season of “Bachelor in Paradise.”

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you want to skip ahead, here’s how the episode breaks down:
0:00 Intro
0:50 “Red Sea Diving Resort” listener reaction
6:01 “Bachelor in Paradise” recap
26:10 “The Dark Crystal: Age of Resistance” spoiler-free review


Source: Tech Crunch

Meet Olli 2.0, a 3D-printed autonomous shuttle

From afar, Olli resembles many of the “future is now!” electric autonomous shuttles that have popped up in recent years.

The tall rectangular pod, with its wide-set headlights and expansive windows nestled between a rounded frame, gives the shuttle a friendly countenance that screams, ever so gently, “come along, take a ride.”

But Olli is different in almost every way, from how it’s produced to its origin story. And now, its maker, Local Motors, has given Olli an upgrade in hopes of accelerating the adoption of its autonomous shuttles.

Meet Olli 2.0, a 3D-printed connected electric autonomous shuttle that Rogers says will hasten its ubiquity.

“The future is here; it’s just not evenly distributed,” Local Motors co-founder and CEO John B. Rogers Jr. said in a recent interview. “That’s something I say a lot. Because people often ask me, ‘Hey, when will I see this vehicle? 2023? What do you think?’ My response: It’s here now, it’s just not everywhere.”

Whether individuals will adopt Rogers’ vision of the future is another matter. But he argues that Olli 1.0 has already been a persuasive ambassador.

Olli 2.0 Left Door

Olli 1.0 made its debut in 2016 when it launched in National Harbor, Md., at a planned mixed-use development a few miles south of Washington, D.C. In the two years since, Olli has shown up at events such as LA Automobility, and been featured by various media outlets, including this one.  Heck, even James Cordon rode in it.

Local Motors, which was founded in 2007, and its Olli 1.0 shuttle are familiar figures in the fledgling autonomous vehicle industry. But they’re often overshadowed by the likes of Argo AI, Cruise, Uber and Waymo — bigger companies that are all pursuing robotaxis designed for cities.

Olli, meanwhile, is designed for campuses, low-speed environments that include hospitals, military bases and universities.

“The public isn’t going to see New York City with autonomous vehicles running around all the time (any time soon),” Rogers said. Campuses, on the other hand, are a sweet spot for companies like Local Motors that want to deploy now. These are places where mobility is needed and people are able to get up close and personal with a “friendly robot” like Olli, Rogers said. 

Olli 2.0

Olli and Olli 2.0 are clearly siblings. The low-speed vehicle has the same general shape, and a top speed of 25 miles per hour. And both have been crash tested by Local Motors and come with Level 4 autonomous capability, a designation by the SAE that means the vehicle can handle all aspects of driving in certain conditions without human intervention.

Olli 2.0 has a lot more range — up to 100 miles on a single charge, according to its spec sheet. The manufacturing process has been improved, and Olli 2.0 is now 80% 3D-printed and has hub motors versus the axle wheel motors in its predecessor. In addition, there are two more seats in Olli 2.0 and new programmable lighting.

But where Olli 2.0 really stands out is in the improved user interface and more choices for customers looking to customize the shuttle to suit specific needs. As Rogers recently put it, “We can pretty much make anything they ask for with the right partners.”

Local-Motors-Olli -2.0

The outside of Olli 2.0 is outfitted with a PA system and screens on the front and back to address pedestrians. The screen in the front can be shown as eyes, making Olli 2.0 more approachable and anthropomorphic.

Inside the shuttle, riders will find better speakers and microphones and touchscreens. Local Motors has an open API, which allows for an endless number of UI interfaces. For instance, LG is customizing media content for Olli based on the “5G future,” according to Rogers, who said he couldn’t provide more details just yet.

AR and VR can also be added, if a customer desires. The interior can be changed to suit different needs as well. For instance, a hospital might want fewer seats and more room to transport patients on beds. It’s this kind of customization that Rogers believes will give Local Motors an edge over autonomous shuttle competitors.

Local-Motors-Olli-2.0-Interior

Even the way Olli 2.0 communicates has been improved.

Olli 1.0 used IBM Watson, the AI platform from IBM, for its natural language and speech to text functions. Olli 2.0 has more options. Natural language voice can use Amazon’s deep learning chatbot service Lex and IBM Watson. Customers can choose one or even combine them. Both can be altered to make the system addressable to “Olli.”

The many people behind Olli

In the so-called race to deploy autonomous vehicles, Local Motors is a participant that is difficult to categorize or label largely due to how it makes its shuttles.

It’s not just that Local Motors’ two micro factories — at its Chandler, Ariz. headquarters and in Knoxville, Tenn. — are a diminutive 10,000 square feet. Or that these micro factories lack the tool and die and stamping equipment found in a traditional automaker’s factory. Or even that Olli is 3D-printed.

A striking and perhaps less obvious difference is how Olli and other creations from Local Motors, and its parent company Local Motors Industries, come to life. LMI has a co-creation and low-volume local production business model. The parent company’s Launch Forth unit manages a digital design community of tens of thousands of engineers and designers that co-creates products for customers. Some of those mobility creations go to Local Motors, which uses its low-volume 3D-printed micro factories to build Olli and Olli 2.0, as well as other products like the Rally Fighter.

This ability to tap into its community and its partnerships with research labs, combined with direct digital manufacturing and its micro factories, is what Rogers says allows it to go from design to mobile prototype in weeks, not months — or even years.

The company issues challenges to the community. The winner of a challenge gets a cash prize and is awarded royalties as the product is commercialized. In 2016, a Bogota, Colombia man named Edgar Sarmiento won the Local Motors challenge to design an urban public transportation system. His design eventually became Olli.

(Local Motors uses the challenges model to determine where Olli will be deployed, as well.)

New design challenges are constantly being launched to improve the UI and services of Olli, as well as other products. But even that doesn’t quite capture the scope of the co-creation. Local Motors partners with dozens of companies and research organizations. Its 3D-printing technology comes from Oak Ridge National Laboratory, and Olli itself involves a who’s who in the sensor, AV and supplier communities.

Startup Affectiva provides Olli’s cognition system, such as facial and mood tracking of its passengers and dynamic route optimization, while Velodyne, Delphi, Robotic Research and Axis Communications handle the perception stack of the self-driving shuttle, according to Local Motors. Nvidia and Sierra Wireless provide much of the Human Machine Interface. Other companies that supply the bits and pieces to Olli include Bosch, Goodyear, Protean and Eastman, to name just a few.

Where in the world is Olli?

Today, Olli 1.0 is deployed on nine campuses, the most recent ones at the Joint Base Myer – Henderson Hall, a joint base of the U.S. military located around Arlington, Va., which is made up of Fort Myer, Fort McNair and Henderson Hall. Olli was also introduced recently in Rancho Cordova, near Sacramento, Calif.

Production of Olli 2.0 began in July and deliveries will begin in the fourth quarter of this year. In the meantime, three more Olli shuttle deployments are coming up in the next six weeks or so, according to Local Motors, which didn’t provide further details.

Production of Olli 1.0 will phase out in the coming months as customer orders are completed. Olli will soon head to Europe, as well, with Local Motors planning to build its third micro factory in the region.


Source: Tech Crunch

Startups Weekly: Peloton’s 29 secret weapons

Hello and welcome back to Startups Weekly, a weekend newsletter that dives into the week’s noteworthy startups and venture capital news. Before I jump into today’s topic, let’s catch up a bit. Last week, I wrote about a new e-commerce startup, Pietra. Before that, I wrote about the flurry of IPO filings.

Remember, you can send me tips, suggestions and feedback to kate.clark@techcrunch.com or on Twitter @KateClarkTweets. If you don’t subscribe to Startups Weekly yet, you can do that here.

What’s new?

Peloton revealed its S-1 this week, taking a big step toward an IPO expected later this year. The filing was packed with interesting tidbits, including that the company, which manufacturers internet-connected stationary bikes and sells an affiliated subscription to its growing library of on-demand fitness content, is raking in more than $900 million in annual revenue. Sure, it’s not profitable, and it’s losing an increasing amount of money to sales and marketing efforts, but for a company that many people wrote off from the very beginning, it’s an impressive feat.

Despite being a hardware, media, interactive software, product design, social connection, apparel and logistics company, according to its S-1, the future of Peloton relies on its talent. Not the employees developing the bikes and software but the 29 instructors teaching its digital fitness courses. Ally Love, Alex Toussaint and the 27 other teachers have developed cult followings, fans who will happily pay Peloton’s steep $39 per month content subscription to get their daily dose of Ben or Christine.

“To create Peloton, we needed to build what we believed to be the best indoor bike on the market, recruit the best instructors in the world, and engineer a state-of-the-art software platform to tie it all together,” founder and CEO John Foley writes in the IPO prospectus. “Against prevailing conventional wisdom, and despite countless investor conference rooms full of very smart skeptics, we were determined for Peloton to build a vertically integrated platform to deliver a seamless end-to-end experience as physically rewarding and addictive as attending a live, in-studio class.”

Peloton succeeded in poaching the best of the best. The question is, can they keep them? Will competition in the fast-growing fitness technology sector swoop in and scoop Peloton’s stars?

In other news

Last week I published a long feature on the state of seed investing in the Bay Area. The TL;DR? Mega-funds are increasingly battling seed-stage investors for access to the hottest companies. As a result, seed investors are getting a little more creative about how they source deals. It’s a dog-eat-dog world out there, and everyone wants a stake in The Next Big Thing. Read the story here.

Rounds of the week

DISRUPT SF 530X350 V1 1

Time to Disrupt

Don’t miss out on our flagship Disrupt, which takes place October 2-4. It’s the quintessential tech conference for anyone focused on early-stage startups. Join more than 10,000 attendees — including over 1,200 exhibiting startups — for three jam-packed days of programming. We’re talking four different stages with interactive workshops, Q&A sessions and interviews with some of the industry’s top tech titans, founders, investors, movers and shakers. Check out our list of speakers and the Disrupt agenda. I will be there interviewing a bunch of tech leaders, including Bastian Lehmann and Charles Hudson. Buy tickets here.

Listen

This week on Equity, TechCrunch’s venture capital-focused podcast, we had Floodgate’s Iris Choi on to discuss Peloton’s upcoming IPO. You can listen to it here. Equity drops every Friday at 6:00 am PT, so subscribe to us on Apple PodcastsOvercast and Spotify.

Learn

We published a number of new deep dives on Extra Crunch, our paid subscription product, this week. Here’s a quick look at the top stories:


Source: Tech Crunch

Someone hacked Jack Dorsey’s own Twitter account

A hacker has infiltrated Jack Dorsey’s own Twitter account.

It’s not clear how it happened, but the hacker posted over a dozen tweets in quick succession, including racial slurs. Not only that, it means the unnamed hacker also has access to the Twitter chief executive’s private direct messages.

One of the tweets posted a Twitter handle for someone who purported to take credit for the account takeover. That account was quickly suspended.

Dorsey has over 4.21 million followers.

The rogue tweets were sent via Cloudhopper, a service Twitter bought to improve its SMS service, suggesting Dorsey’s account may have been compromised by an authorized third-party app rather than obtaining Dorsey’s account password.

It’s not the first time Twitter had to clean up after a high-profile account was hacked. Facebook boss Mark Zuckerberg once had his Twitter account hacked because his account didn’t use two-factor authentication. He also had a ridiculously easy-to-guess password.

It’s not known how Dorsey’s account was hacked. Often the cause is a password reuse attack, where hackers take breached usernames and passwords from one website and run them against another site. Accounts who share passwords from site to site are more likely to get hacked.

We’ve reached out to Twitter for more but did not immediately hear back.


Source: Tech Crunch

…or you can always buy a $40 wood case for your Apple Card

Apple really unleashed the spoofs and goofs when the care instructions were spotted online for its new Credit card. Of particular note were warnings against contact with denim and leather— common materials for people who own wallets and/or wear pants.

In the intervening week and change, I’m sure more than one entrepreneur had the thought of targeting those very specific parameters. Take Pittsburg-based KerfCase, which is offering this $39 wooden card case with a pop up feature for the card. It looks nice, I suppose. I mean, it’s the nicest wooden Apple Card case I’ve seen all afternoon (though I’m bound to get 50 more in my inbox after posting this).

slideup 1024x1024

Founder Benjamin Saks notes that the project started out a bit tongue-in-cheek, but eventually it became a real project and turned out pretty well. I understand that penicillin was discovered in similar fashion.


Source: Tech Crunch

Xbox Live is down for many

If you were trying to sneak in a quick game on Xbox Live during your Friday afternoon lunch break and found that you can’t get online: don’t worry, you’re not alone.

While Microsoft’s Xbox Live Status page still says all things are good to go (Update: Microsoft’s status page has now caught up with the outage, and says that it’s impacting sign-ins, account creations, and searches), reports are pouring in of an outage keeping many users from logging in.

Microsoft acknowledged the problem on Twitter, saying that they’re “looking into it now”

Story developing…


Source: Tech Crunch