Florida promises upcoming support for Apple Wallet’s ID feature


9to5Mac 14 October, 2021 - 11:40am

In the meantime, Florida will be offering a Smart ID app that residents can use to provide proof of identity or age. It will not replace a physical driver's license, which will still need to be carried when operating a vehicle, according to the state.

From the Florida Smart ID website:

After downloading and authenticating, Florida motorists will simply launch their Florida Smart ID app, select the type of verification needed, and display the QR/barcode on their smart device to be scanned for verification. The smart device does not need to leave the owner's hand when being verified by a retailer or by law enforcement, making Florida Smart ID a contact-free and convenient way to display proof of identity or age.

iOS 15 will gain support for digital IDs in the Wallet app in "late 2021," according to Apple, but the timeframe for each state adopting the feature is unclear. Last month, Apple confirmed it was in discussions with many more U.S. states as part of its plan to offer digital IDs in the Wallet app nationwide in the future, but no timeframe was provided.

Apple said select TSA security checkpoints in participating U.S. airports will be the first locations where customers can present their digital driver's license or state ID in the Wallet app. The company said participating states and the TSA will share more information at a later date in regards to when and where the feature will be supported.

Once a participating state begins offering this capability, residents will be able to tap the plus sign at the top of the Wallet app to begin adding their driver's license or ID to the app, and then simply tap their iPhone or Apple Watch on an identity reader at a TSA checkpoint, without needing to take out their physical card.

Apple said the feature is designed with privacy and security in mind. When adding a driver's license or state ID card to the Wallet app, customers will be required to take a photo of their face, which Apple said will be securely provided to the issuing state for verification. As an additional measure, Apple said users will be prompted to complete a series of facial and head movements during the setup process.

Upon tapping their iPhone or Apple Watch on an identity reader, customers will see a prompt on their device displaying the specific information being requested by the TSA. Only after authorizing with Face ID or Touch ID is the requested identity information released from their device, according to Apple. Users do not need to unlock, show, or hand over their device to a TSA security officer to present their ID, the company added.

Apple said its implementation supports the ISO 18013-5 standard, which sets clear privacy guidelines for presenting an ID through a mobile device.

Apple Watch 7 - is it time to upgrade from the Series 6?

Apple Watch SE or Apple Watch 7 - which one to get?

Don't like the new position of the iOS 15 Safari Address/Search bar? Here's how to move it back to the top.

New iPhones are out. Which one should you buy?

Larger displays, faster charging, and new colors.

Redesigned with flat edges, Apple silicon, more ports, improved display, no Touch Bar, and the return of MagSafe charging.

Rumored design changes include shorter stems like current AirPods Pro, but without advanced features like active noise cancellation.

Updates for Safari, FaceTime, and many other apps, Universal Control to let a single mouse or trackpad control multiple devices, new Shortcuts app, machine-learning Live Text detection and Visual Lookup, and more.

Read full article at 9to5Mac

Apple working with Florida to bring state digital ID support to Wallet

AppleInsider 14 October, 2021 - 06:00pm

You are using an outdated browser. Please upgrade your browser to improve your experience.

Copyright © 2021, Quiller Media, Inc.

Florida is working with Apple to introduce support for its upcoming digital driver's licenses to the iPhone's Wallet app.

The state is developing a Smart-ID app that will allow Floridians to provide a secure way to provide identification using a smartphone. According to Florida Politics, the app is currently live but not yet available to the public.

Starting in mid-November, the state will issue a smartphone app on the iOS App Store and Google Play Store. Although Wallet support won't be available initially, Apple is said to be working with the state to make the digital IDs available in Wallet.

Back in June, Apple announced that iOS 15 will bring support for digital identification cards and driver's licenses in the Wallet app. The first rollout will be focused on proving identity at TSA checkpoints, but the system could theoretically be used for other situations.

Florida was left off of a list of partner states that Apple is working with to bring digital ID support to Wallet. State officials said they were surprised that they didn't make the list, and subsequently exchanged information with Apple in the hopes of being added to the slate of partners.

According to the report, Florida's digital ID will allow users to prove their identity to law enforcement officers in a verifiable and secure manner. Businesses that require age verification will also be able to use the digital IDs, although they'll receive less personal information than law enforcement.

Florida Man will think that Smart-ID will steal his soul.

Apple has published a new research paper taking a deep dive into some of the security and privacy risks of side-loading, or obtaining apps outside of the App Store.

Beijing display manufacturer BOE is to become a main supplier of OLED screens for the iPhone 13 range, once final durability tests are completed.

A new report claims that Apple is cutting iPhone 13 production targets because some of its ancillary suppliers are having trouble meeting production quotas.

Apple has published a new research paper taking a deep dive into some of the security and privacy risks of side-loading, or obtaining apps outside of the App Store.

Beijing display manufacturer BOE is to become a main supplier of OLED screens for the iPhone 13 range, once final durability tests are completed.

A new report claims that Apple is cutting iPhone 13 production targets because some of its ancillary suppliers are having trouble meeting production quotas.

There are a slew of new features for AirPods Pro and AirPods Max in the Find My app, including left-behind alerts, community finding, and pairing lock. Here's how to use them all.

The Apple Watch lineup is as expansive as ever, with a multitude of models available for users, including the new Apple Watch Series 7. To make things easier, we'll tell you exactly which Apple Watch you should buy among all models of the Series 7, the still-available Series 3, and the Apple Watch SE.

Now that both the iPhone 12 lineup and the newly-released iPhone 13 lineup support MagSafe, in-car mounts using the technology have risen in popularity. We took four of the most popular ones and subjected them to an impact test to see which ones held our phones safe.

Apple's new iPad mini is striking because of its redesign and refined features, but there are still areas Apple could have worked on. Here's where Apple could have made even more improvements to the compact tablet.

Apple specifically mentioned pilots when it released the 2021 iPad mini, so we interviewed 35-year aviator Scott Oglesby to learn more about its usefulness in the cockpit.

Wireless CarPlay is clearly superior to needing to plug your phone in each and every time you enter the car, but most auto manufacturers have been slow on the uptake. This is where aftermarket solutions like the Intellidash Pro come into play.

Nomad has a new lineup of cases for iPhone 13 that includes new Sport Cases alongside the usual leather versions, but they all contain a cool feature that relies on NFC.

The 24-inch Apple Silicon iMac is an excellent machine, with a shortage of ports overall, and none on the front. Hyper has a solution to both problems with the HyperDrive iMac Hub.

This year's iPhone 13 isn't revolutionary, but it will wind up as the most popular iPhone 13 model.

Nomad's updated Base Station Mini now has a built in magnet array to allow iPhone 12 or iPhone 13 models to automatically align themselves for optimal charging performance.

Apple warns sideloading iOS apps will ruin everything

The Register 14 October, 2021 - 06:00pm

Analysis Apple, besieged by regulators and rivals challenging its exclusive control over its iOS App Store, has published a 31-page defense of its ostensibly benevolent monopoly that warns of disastrous consequences if Cupertino is forced to allow competition.

"[S]ome are demanding that Apple support the distribution of apps outside of the App Store, through direct downloads or third-party app stores, a process also referred to as 'sideloading,'" Apple says in its treatise, "Building a Trusted Ecosystem for Millions of Apps, A threat analysis of sideloading." [PDF]

"Supporting sideloading through direct downloads and third-party app stores would cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks."

This is the second time in the past few months that Apple has published a lengthy defense of its highly profitable business model [PDF]. In June, Apple CEO Tim Cook delivered a similar message remotely to the Viva Technology conference in Paris, France, out of concern that the EU's proposed Digital Marketers Act would force Apple to support third-party app stores and user-directed app installation.

The following week, Timothy Powderly, Apple senior director of government affairs for the Americas, sent a letter to US lawmakers [PDF] raising similar concerns about legislation that would require app store competition and mandate support for sideloading.

There's a major problem with Apple's argument, however: Apple uses the term "sideloading" to refer both to third-party app stores and to direct app installation, suggesting the equivalency of two scenarios that are not the same.

"Sideloading" is generally defined as apps installed by users on a device without the involvement of a trusted intermediary that performs some oversight function. As Microsoft puts it, "Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft store."

So downloading an iOS app from someone's website and installing it is not the same as downloading an iOS app from, say, an app store operated by Google, Epic Games, or Microsoft. By conflating the two scenarios, Apple implicitly denies the possibility that a third-party app store might offer better security and privacy than the App Store.

And that is a possibility, given that Apple only spends about 12 minutes on average reviewing each iOS app. Imagine, for example, a Mozilla-run iOS app store that conducted a more detailed app review, allowed for the possibility of a developer-paid security audit, and disallowed all third-party analytics and ad SDKs. Such apps might cost more. But if iOS users cared to pay for a stronger security process and some assurance their apps don't include data-grabbing libraries from ad companies, they could.

Ignore for a moment the fact that macOS allows sideloading and that Apple software EVP Craig Federighi sacrificed the security reputation of macOS to defend Apple's iOS walled garden against the recent legal attack from Epic Games. Consider instead sideloading on Android.

Apple suggests Android has poor security because it supports sideloading. "Over the past four years, Android devices were found to have 15 to 47 times more malware infections than iPhone," Apple's report says.

Yet Apple is known for not communicating openly about security and does not publish a Transparency Report as Google does for Android. It appears that Apple is cherry-picking third-party research from Nokia to support its claims without providing its own internal App Store data about the incidence of iOS malware. Security issues may be more visible on Android than iOS, but that should be expected when iOS is less accessible to researchers.

According to Google's Transparency Report only about 0.075 per cent of current Android devices (Android 11) during the April-June quarter contained a Potentially Harmful Application (PHA), which includes devices that sideloaded apps.

Many of the security issues on Android are the result of Google's inability to force operating system upgrades on devices sold by other vendors, so older Android versions with vulnerabilities remain in the market longer. That's a consequence of Android's multi-vendor ecosystem rather than the perils of sideloading.

Consider some of the dire consequences that Apple suggests would happen if it's forced to allow sideloading:

But if customers are happy with the App Store, they'd have no need to change their behavior and shop around. If they choose to look elsewhere for their iOS apps, they should have that freedom.

Not necessarily. There's no reason a third-party app store couldn't offer more information if it chose to do so. And users who choose to sideload iOS apps themselves have the opportunity to do as much research as they'd like and to make installation decisions based on their own risk tolerance.

Apple doesn't say what these initiatives might be but there's no reason any mandate to open the iOS ecosystem couldn't balance legitimate security concerns with competitive concerns.

Sort of the way Apple was forced to allow government-mandated apps in Russia? If users are being forced to install unwanted apps, the problem is not the operating system or distribution mechanism but the legal status or power dynamic of those being coerced.

When The Register asked security researcher Patrick Wardle, founder of free security project Objective See and director of research at security biz Synack about whether Apple's sideloading concerns were valid earlier this year, he allowed that some of Apple's concerns are legitimate while also being self-serving.

Sideloading, he said, does increase the attack surface in iOS to a debatable extent, even as he noted that the App Store still contains scammy and insecure apps. Ultimately, he argued that even if there's some added risk, most people would prefer that Apple is not the final authority on what we can install on our devices.

Likewise, Feross Aboukhadijeh, an open-source developer who runs Socket, told The Register in June that the security afforded by iOS has little to do with Apple's inconsistent App Store Review process. Rather, he said, iOS security is largely due to security features built into the operating system, like app sandboxing, memory safety, permission prompts, and the like.

Apple says, "Sideloading is not in the best interest of users." That's a convoluted way of saying you're not responsible enough to decide what gets loaded onto your iPhone. But undoubtedly sideloading is not in the best interest of Apple. ®

Security vendor Imperva’s research labs have found a browser extension that claims to block ads, but actually injects them into Chrome or Opera.

A post from Imperva staffers Johann Sillam and Ron Masas names an extension called AllBlock as the culprit.

The extension does block ads, they write. But it also runs a background script that injects a snippet of JavaScript code into every new tab that users open.

India's government yesterday announced a massive new wave of infrastructure investment, and a portal it says will ensure co-ordination among multiple government departments so that new builds avoid overlap with other plans and contribute to a national modernisation drive.

Launched yesterday by Prime Minister Narendra Modi, the new "GatiShakti" plan has noble aims.

"Infrastructure creation in India had suffered for decades from multiple issues," opens the statement announcing the plan. "There was lack of coordination between different Departments. For example, once a road was constructed, other agencies dug up the constructed road again for activities like laying of underground cables, gas pipelines etc.

A former head of artificial intelligence products at Intel has started a company to help companies cut overhead costs on AI systems.

Naveen Rao, CEO and co-founder of MosaicML, previously led Nervana Systems, which was acquired by Intel for $350m. But like many Intel acquisitions, the marriage didn't pan out, and Intel killed the Nervana AI chip last year, after which Rao left the company.

MosaicML's open source tools focus on implementing AI systems based on cost, training time, or speed-to-results. They do so by analyzing an AI problem relative to the neural net settings and hardware, which then paves an efficient path to generate optimal settings while reducing electric costs.

Apple may be short of hitting its annual iPhone 13 handset production target by ten million units due to current global chip shortages.

The initial plan was to build 90 million new smartphones over October to December, but the iGiant probably won’t be able to fulfill its goal as it scrambles to obtain vital components from its partners in time.

Broadcom and Texas Instruments, suffering from the effects of the ongoing chip crunch, are struggling to deliver the hardware needed to make the iPhone 13, Bloomberg first reported.

When asked in July, 2020, by US Representative Pramila Jayapal (D-WA) whether Amazon ever mined data from its third-party vendors to launch competing products, founder and then CEO Jeff Bezos said he couldn't answer "yes" or "no," but insisted Amazon had rules disallowing the practice.

"What I can tell you is we have a policy against using seller-specific data to aid our private label business but I can’t guarantee that policy has never been violated," Bezos said.

According to documents obtained by Reuters, Amazon's employees in India flouted that policy by copying the products of Amazon marketplace sellers for its in-house brands and then manipulating search results on Amazon's website to place its knockoffs at the top of search results lists.

Igor Seletskiy, the founder of the AlmaLinux distro created in December 2020 as an alternative to CentOS, has explained that he stepped down as chair of the AlmaLinux Foundation in an effort to strengthen its community status - though his company still dominates the board.

AlmaLinux is one of several distros to have sprung up, or demanded renewed attention, in the aftermath of Red Hat's decision to make CentOS a late preview of what will become Red Hat Enterprise Linux (RHEL) rather than a binary-compatible rebuild. Other contenders include Rocky Linux, founded by an original co-founder of CentOS, and Oracle Linux. AlmaLinux originated as a project of CloudLinux, a company and commercial distro which already tracked RHEL, and of which Seletskiy is CEO.

At the end of March an AlmaLinux Foundation was formed to own the trademarks and, in the words of its bylaws, "to develop and maintain a no registration, ad free, stable, open source Linux distribution for the benefit of and free use by the general public."

Four travelers successfully flew to the edge of space and back on Blue Origin’s second commercial spaceflight including William Shatner, making the 90-year-old Star Trek actor the oldest person to leave Earth yet.

The nonagenarian was joined by Audrey Powers, VP of Blue Origin’s New Shepard flight operations, Dr Chris Boshuizen, a former NASA engineer and co-founder of Earth-monitoring startup Planet Labs, and Glen de Vries, vice-chair of life Sciences & Healthcare, at Dassault Systèmes.

Blue Origin’s capsule atop the New Shepard rocket launched near Van Horn, Texas, on Wednesday at 1449 UTC. The four-person crew was taken to the Kármán line, 100 kilometers or 330,000 feet above Earth’s mean sea level, a region where space officially begins. By 1459 UTC, they returned safely back on solid ground again. All in all, the journey only took about 10 minutes and 17 seconds.

A judge in England has ruled that an Amazon Ring doorbell's functions broke the Data Protection Act after a neighbour dispute, over claims of a gang of armed robbers trying to steal an Audi, ended up in court.

Dr Mary Fairhurst took her neighbour Jon Woodard to court after alleging that his mass of CCTV cameras, including an Amazon Ring doorbell camera, amounted to harassment, a nuisance and a breach of the Data Protection Act (DPA) 2018*.

The case was sparked by audio-visual technician Woodard installing yet another camera on a neighbour's wall after falsely claiming an "armed criminal gang" tried to steal his car – putting a communal car park and its access road under full surveillance.

Car makers are electrifying fleets at such a pace that battery makers can't keep up. So Tesla, GM, Ford and others are investing in battery recycling to cut costs and mitigate risks posed by an erratic international supply chain.

Batteries are basically high-grade ore and a cheaper and more environmentally friendly way for materials to be extracted and reused, said Elon Musk, CEO of Tesla, during a shareholder meeting last week.

"It pays to do recycling of batteries," Musk said, adding: "You can either get your lithium and your nickel and various constituents from rocks, or from batteries. It's much better to get them from batteries."

Sponsored It is only natural the world’s top supercomputing sites in climate and weather modeling should be leading the charge for more efficient, sustainable, and green datacenter practices. With the right approaches, these centers can show that power and performance do not need to be a game of trade-offs and that systems can achieve radical performance with highly efficient cooling.

While power and cooling are concerns at the facility level, the leading provider of supercomputers in the TOP500, Lenovo, and the Korean Meteorological Administration (KMA) are proving what server-level liquid cooling can do for cutting-edge HPC efficiency.

KMA, South Korea’s national weather service, provides weather forecasting and issues warnings of adverse weather conditions across the region. The administration also conducts research on climate change to enable the Korean government to enact policies. To do this work, KMA operates the National Center for Metrological Supercomputer (NCMS), the largest supercomputer in Korea supporting vital weather and climate forecasting.

The multinational James Webb Space Telescope – named after a former NASA administrator – has arrived in French Guiana, home to Europe's Spaceport, with launch finally in sight.

An international collaboration (including contributions from NASA, ESA and the Canadian Space Agency), the long-in-gestation and eye-wateringly overbudget observatory is due for launch atop an Ariane 5 rocket on 18 December, just squeaking into 2021, if all goes well.

Aside from the 16-day, 5,800-mile trip at sea from California, it has been quite the journey for the space telescope, on which work began in 1996 ahead of a 2007 launch date. Back then the budget was around $500m. These days it's nearer $10bn after repeated delays and a redesign. To be fair, however, nothing quite like the James Webb Space Telescope (JWST) has ever been built before. Then again, that is still quite the overrun and delay.

The Register - Independent news and views for the tech community. Part of Situation Publishing

Biting the hand that feeds IT © 1998–2021

iPhone or Android phone a mess? Here's how to organize your phone apps

USA TODAY 14 October, 2021 - 06:00pm

Sign up or login to join the discussions!

This is the story of the mastermind behind one of the largest "fake news" operations in the US.

For two years, he ran websites and Facebook groups that spread bogus stories, conspiracy theories, and propaganda. Under him was a dedicated team of writers and editors paid to produce deceptive content—from outright hoaxes to political propaganda—with the supreme goal of tipping the 2016 election to Donald Trump.

Through extensive efforts, he built a secret network of self-reinforcing sites from the ground up. He devised a strategy that got prominent personalities—including Trump—to retweet misleading claims to their followers. And he fooled unwary American citizens, including the hacker's own father, into regarding fake news sources more highly than the mainstream media.

Pundits and governments just might have given Russia too much credit, he says, when a whole system of manipulating people's perception and psychology was engineered and operated from within the US.

"Russia played such a minor role that they weren't even a blip on the radar," the hacker told me recently. "This was normal for politicians, though… if you say a lie enough times, everyone will believe it."

Previously dubbed "Hacker X," he's now ready to reveal who he is—and how he did it.

The fake news impresario who has now decided to break his silence is "ethical hacker" Robert Willis.

Some in the information security community might know "Rob" today as an active member who speaks at conferences and works with the Sakura Samurai ethical hacking group. (The Sakura Samurai have, on many occasions, responsibly disclosed vulnerabilities in the computer systems of government and private entities. I have previously interacted with Rob on about two occasions, minimally, when I had questions regarding Sakura Samurai's vulnerability writeups.)

But back in 2015, Willis was just another hacker looking for an IT job. He had already received one job offer—but still had an interview scheduled at one final company.

"I was thinking of not showing up to the interview," he told me. "I had, after all, just committed to another company."

That final company was opaque—it would not reveal either its name or the actual job duties until Willis showed up in person. But the opacity was itself intriguing. Willis decided to do the interview.

"I showed up at the location, which was a large corporate building. I was given directions to wait downstairs until I was collected. The secretiveness was intriguing. It may have turned some people off, but I love an adventure. I had not been given any information on the job other than that they were very excited, because to find someone like me was very rare—I had tons of random, overlapping, highly technical skills from years of wearing multiple hats at smaller private companies."

Even before his ethical hacking days at Sakura Samurai, Willis had gained an extensive technical skill set in networking, web applications, hacking, security, search engine optimization (SEO), graphic design, entrepreneurship, and management. He knew how to take advantage of search engine algorithms, once, he said, getting a random phrase to the No. 1 spot on one engine within 24 hours. "Many will say this is/was impossible, but I have the receipts," he said, "and so do other credible people."

At the interview site, a man came down to get him, and they rode the elevator to a floor with a nearly empty office. Inside waited a woman beside three chairs. They all sat. His hosts finally revealed the name of their company: Koala Media. The moment felt like an orchestrated Big Reveal.

"I wasn't scared but excited at how crazy this was already turning out [to be]," Willis told me. "I listened. I was told that there were big plans for the office I was sitting in and that they had already hired the initial writers and editor for the new operation."

The interviewers at the company told Willis that "everything was to be built with security in mind—at extreme levels."

Should he get the job, his primary role would be to rapidly expand a single, popular website already owned by Koala Media. For this, they needed someone with Willis' diverse skill set.

Then the interview took a political turn. "They told me that they were against big companies and big government because they are basically the same thing," Willis said. They said they had readers on the right and the left. They said they were about "freedom." That sounded OK to Willis, who describes himself as a social liberal and fiscal conservative—"very punk rock, borderline anarchist."

Then the interviewers told him, "If you work for us, you can help stop Hillary Clinton."

"I hated the establishment, Republicans, and Democrats, and Hillary was the target because she was as establishment as it got and was the only candidate that was all but guaranteed to be running on the main ticket in the future 2016 cycle," said Willis. "If I were to choose a lesser evil at the time, it would have, without a doubt, been the Republican Party, since I had moved to the new city due to the Democrats literally destroying my previous home state. It felt like good revenge."

Willis says he had no indication that the company that was about to recruit him was extreme or would become so in the future. In his perception, the company was just "investigative" with regard to its journalism.

When Koala offered him the job, he took it.

You must login or create an account to comment.

Today "Quantum Leap" series creator Donald P. Bellisario joins Ars Technica to answer once and for all the lingering questions we have about his enduringly popular show. Was Dr. Sam Beckett really leaping between all those time periods and people or did he simply imagine it all? What do people in the waiting room do while Sam is in their bodies? What happens to Sam's loyal ally Al? 30 years following the series finale, answers to these mysteries and more await.

Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.

Technology Stories