spokesperson

Auto Added by WPeMatico

Malicious websites were used to secretly hack into iPhones for years, says Google

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.

Alibaba to help Salesforce localize and sell in China

Salesforce, the 20-year-old leader in customer relationship management (CRM) tools, is making a foray into Asia by working with one of the country’s largest tech firms, Alibaba.

Alibaba will be the exclusive provider of Salesforce to enterprise customers in mainland China, Hong Kong, Macau, and Taiwan, and Salesforce will become the exclusive enterprise CRM software suite sold by Alibaba, the companies announced on Thursday.

The Chinese internet has for years been dominated by consumer-facing services such as Tencent’s WeChat messenger and Alibaba’s Taobao marketplace, but enterprise software is starting to garner strong interest from businesses and investors. Workflow automation startup Laiye, for example, recently closed a $35 million funding round led by Cathay Innovation, a growth-stage fund that believes “enterprise software is about to grow rapidly” in China.

The partners have something to gain from each other. Alibaba does not have a Salesforce equivalent serving the raft of small-and-medium businesses selling through its e-commerce marketplaces or using its cloud computing services, so the alliance with the American cloud behemoth will fill that gap.

On the other hand, Salesforce will gain sales avenues in China through Alibaba, whose cloud infrastructure and data platform will help the American firm “offer localized solutions and better serve its multinational customers,” said Ken Shen, vice president of Alibaba Cloud Intelligence, in a statement.

“More and more of our multinational customers are asking us to support them wherever they do business around the world. That’s why today Salesforce announced a strategic partnership with Alibaba,” said Salesforce in a statement.

Overall, only about 10% of Salesforce revenues in the three months ended April 30 originated from Asia, compared to 20% from Europe and 70% from the Americas.

Besides gaining client acquisition channels, the tie-up also enables Salesforce to store its China-based data at Alibaba Cloud. China requires all overseas companies to work with a domestic firm in processing and storing data sourced from Chinese users.

“The partnership ensures that customers of Salesforce that have operations in the Greater China area will have exclusive access to a locally-hosted version of Salesforce from Alibaba Cloud, who understands local business, culture and regulations,” an Alibaba spokesperson told TechCrunch.

Cloud has been an important growth vertical at Alibaba and nabbing a heavyweight ally will only strengthen its foothold as China’s biggest cloud service provider. Salesforce made some headway in Asia last December when it set up a $100 million fund to invest in Japanese enterprise startups and the latest partnership with Alibaba will see the San Francisco-based firm actually go after customers in Asia.

Tesla drops request for restraining order against allegedly dangerous short seller

Tesla has withdrawn its request for a court-ordered restraining order against Randeep Hothi, documents submitted to the court where the complaint was filed revealed Friday. Hothi, an individual who is very vocal on social media about his short position in Tesla, had gone to extreme and potentially dangerous lengths in his avid attempts to collect materials to support his vocal criticism, according to the company.

The Alameda County Superior Court actually granted Tesla a temporary injunction in this matter back in April, after Tesla filed a complaint with supporting documents supporting its assertion that Hothi had injured a guard during a hit-and-run incident in February, and that he nearly caused an accident by driving dangerously in pursuit of a Tesla Model 3 undertaking a test driven on April 16.

After granting the temporary injunction based on Tesla’s description of events, supporting materials, and written affidavits submitted by employees, the court asked Tesla to produce both audio and video recordings related to these two incidents pursuant to a hearing. In withdrawing its complaint Friday, Tesla conveyed in documents filed with the court that it considered this requirement unnecessary in light of materials already provided, and an undue imposition on the privacy of their employees, since the recorded conversations regarding the incident contained “its employees’ private and personal conversations” as well as materials relating to the case.

Tesla maintains in its letter to the court that it still believes “a restraining order against Mr. Hothi is necessary and appropriate to protect its employees at their workplace,” it says that faced with the choice between said protection and exposing their employees’ private conversations to further public scrutiny, it will instead opt to pursue the protection of their safety “through other means.”

When contacted about the withdrawal, a Tesla spokesperson told TechCrunch that the company is now confident Hothi should be well aware at this stage that he’s not permitted to enter the company’s property, and that it will pursue legal action should he ever attempt to do so in future.

Singapore’s Credit Culture raises $29.5M for its soon-to-launch digital loan business

Singapore’s digital fintech companies are attracting investor attention and dollars in 2019. Fresh from Singapore Life — a digital-only insurer — raising $33 million across two recently closed rounds, so Credit Culture, a digital loan specialist — has banked SG$40 million ($29.5 million) ahead of its imminent launch.

Credit Culture has raised its capital from Malaysia’s RCE Capital Berhad in a deal that allows the investor to potentially take a stake of up 30 percent in the startup. Its investment is via five-year bonds that are secured with the loan receivables from Credit Culture and include granted call options for taking that stake — in other words: this isn’t your regular startup deal.

RCE Capital Berhad said in a filing that Credit Culture has already raised SG$4 million ($2.9 million) via a seed investment, and it appears that it is financially set ahead of its launch.

“We are currently well-positioned with the recent injection of funds. That being said, we are always open to exploring various options to grow especially for regional expansion,” Credit Culture a representative told TechCrunch in an emailed response.

Founded by former bankers, Credit Culture is set to become one of Singapore’s first digital financial service startups after its parent company, DEY, secured approval to operate a moneylending business as part of a pilot to test online fintech services.

Since it hasn’t launched yet, there’s not a huge amount to say about the business, but its goal is to offer personal loans to Singapore-based customers using digital channels, so its website and mobile apps. The company plans to vet applicants using a mixture of existing platforms for data, including government initiative like MyInfo, and its own credit-scoring engine for creditworthiness assessment. It will also require face-to-face verification for loans to be granted, it confirmed.

Like Singapore Life and other digital-only ventures, including Hong Kong’s Bowtie, the objective is to pass on cost savings from being a purely online player — i.e. not operating branches and other physical consumer-facing outlets — and make prices fully transparent to applicants.

As you’d expect, Singapore is the initial focus for the company but it is already eying potential market expansions.

“We do have plans to expand to other Southeast Asian countries like the Philippines and Indonesia,” a spokesperson told TechCrunch. “There is a large potential given the need for personal financing and the large unbanked population segments.”

Twitter puts Infowars’ Alex Jones in the ‘read-only’ sin bin for 7 days

Twitter has finally taken action against Infowars creator Alex Jones, but it isn’t what you might think.

While Apple, Facebook, Google/YouTube, Spotify and many others have removed Jones and his conspiracy-peddling organization Infowars from their platforms, Twitter has remained unmoved with its claim that Jones hasn’t violated rules on its platform.

That was helped in no small way by the mysterious removal of some tweets last week, but now Jones has been found to have violated Twitter’s rules, as CNET first noted.

Twitter is punishing Jones for a tweet that violates its community standards but it isn’t locking him out forever. Instead, a spokesperson for the company confirmed that Jones’ account is in “read-only mode” for up to seven days.

That means he will still be able to use the service and look up content via his account, but he’ll be unable to engage with it. That means no tweets, likes, retweets, comments, etc. He’s also been ordered to delete the offending tweet — more on that below — in order to qualify for a fully functioning account again.

That restoration doesn’t happen immediately, though. Twitter policy states that the read-only sin bin can last for up to seven days “depending on the nature of the violation.” We’re imagining Jones got the full one-week penalty, but we’re waiting on Twitter to confirm that.

The offending tweet in question is a link to a story claiming President “Trump must take action against web censorship.” It looks like the tweet has already been deleted, but not before Twitter judged that it violates its policy on abuse:

Abuse: You may not engage in the targeted harassment of someone, or incite other people to do so. We consider abusive behavior an attempt to harass, intimidate, or silence someone else’s voice.

When you consider the things Infowars and Jones have said or written — 9/11 conspiracies, harassment of Sandy Hook victim families and more — the content in question seems fairly innocuous. Indeed, you could look at President Trump’s tweets and find seemingly more punishable content without much difficulty.

But here we are.

The weirdest part of this Twitter caning is one of the reference points that the company gave to media. These days, it is common for the company to point reporters to specific tweets that it believes encapsulate its position on an issue, or provide additional color in certain situations.

In this case, Twitter pointed us — and presumably other reporters — to this tweet from Infowars’ Paul Joseph Watson:

Alex Jones has been suspended by Twitter for 7 days for a video talking about social media censorship. Truly, monumentally, beyond stupid. 😄

On the same day that the Infowars website was brought down by a cyber attack.

Will this madness ever end? pic.twitter.com/hXDzH2b7rT

— Paul Joseph Watson (@PrisonPlanet) August 14, 2018

WTF, Twitter…

Apple has removed Infowars podcasts from iTunes

Apple has followed the lead of Google and Facebook after it removed Infowars, the conspiracy theorist organization helmed by Alex Jones, from its iTunes and podcasts apps.

Unlike Google and Facebook, which removed four Infowars videos on the basis that the content violated its policies, Apple’s action is wider-reaching. The company has withdrawn all episodes of five of Infowars’ six podcasts from its directory of content, leaving just one left, a show called ‘Real News With David Knight.’

The removals were first spotted on Twitter. Later, Apple confirmed it took action on account of the use of hate speech which violates its content guidelines.

“Apple does not tolerate hate speech, and we have clear guidelines that creators and developers must follow to ensure we provide a safe environment for all of our users. Podcasts that violate these guidelines are removed from our directory making them no longer searchable or available for download or streaming. We believe in representing a wide range of views, so long as people are respectful to those with differing opinions,” a spokesperson told TechCrunch.

Apple’s action comes after fellow streaming services Spotify and Stitcher removed Infowars on account of its use of hate speech.

Jones has used Infowars, and by association the platforms of these media companies, to broadcast a range of conspiracy theories which have included claims 9/11 was an inside job and alternate theories to the San Bernardino shootings. In the case of another U.S. mass shooting, Sandy Hook, Jones and Infowars’ peddling of false information and hoax theories was so severe that some of the families of the deceased, who have been harassed online and faced death threats, have been forced to move multiple times. A group is suing Jones via a defamation suit.