Meltdown & Spectre – Computer chip ‘flaw’ sparks security debate amid scramble for fix

Intel said it was working with AMD and ARM Holdings and with the makers of computer operating software “to develop an industry-wide approach to resolve this issue promptly and constructively.” — Reuters

WASHINGTON: A newly discovered vulnerability in computer chips raised concerns Jan 3 that hackers could access sensitive data on most modern systems, as technology firms sought to play down the security risks.

Chip giant Intel issued a statement responding to a flurry of warnings surfacing after researchers discovered the security hole which could allow privately stored data in computers and networks to be leaked.

Intel labelled as incorrect reports describing a “bug” or “flaw” unique to its products.

Intel chief executive Brian Krzanich told CNBC that “basically all modern processers across all applications” use this process known as “access memory,” which was discovered by researchers at Google and kept confidential as companies work on remedies.

Google, meanwhile, released findings from its security researchers who sparked the concerns, saying it made the results public days ahead of schedule because much of the information had been in the media.

The security team found “serious security flaws” in devices powered by Intel, AMD and ARM chips and the operating systems running them and noted that, if exploited, “an unauthorised party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.”

“As soon as we learned of this new class of attack, our security and product development teams mobilised to defend Google’s systems and our users’ data,” Google said in a security blog.

“We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web.”

Spectre and Meltdown

The Google team said the vulnerabilities, labelled “Spectre” and “Meltdown,” affected a number of chips from Intel as well as some from AMD and ARM, which specializes in processors for mobile devices.

Intel said it was working with AMD and ARM Holdings and with the makers of computer operating software “to develop an industry-wide approach to resolve this issue promptly and constructively.”

Jack Gold, an independent technology analyst, said he was briefed in a conference call with Intel, AMD and ARM on the issue and that the three companies suggested concerns were overblown.

“All the chips are designed that way,” Gold said.

The companies were working on remedies after “some researchers found a way to use existing architecture and get into protected areas of computer memory and read some of the data,” he added.

Microsoft said in a statement it had no information suggesting any compromised data but was “releasing security updates today to protect Windows customers against vulnerabilities.”

But an AMD spokesman said that because of the differences in AMD processor architecture, “we believe there is near zero risk to AMD products at this time.”

ARM meanwhile said it was “working together with Intel and AMD” to address potential issues “in certain high-end processors, including some of our Cortex-A processors.”

“We have informed our silicon partners and are encouraging them to implement the software mitigations developed if their chips are impacted,” the SoftBank-owned firm said.

Slowdown?

Earlier this week, some researchers said any fix – which would need to be handled by software – could slow down computer systems, possibly by 30% or more.

Intel’s statement said these concerns, too, were exaggerated.

“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” the company statement said.

Tatu Ylonen, security researcher at SSH Communications Security, said the patches “will be effective” but it will be critical to get all networks and cloud services upgraded, Ylonen said.

British security researcher Graham Cluley also expressed concern “that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer’s memory which may be storing sensitive information. Think passwords, private keys, credit card data.”

But he said in a blog post that it was “good news” that the problem had been kept under wraps to allow operating systems such as those from Microsoft and Apple to make security updates before the flaw is maliciously exploited. — AFP

Source: The Star Online

Apple plans to combine iPhone, iPad, Mac apps

Apple is reportedly planning to give people a way to use a single set of apps that work equally well across its family of devices: iPhones, iPads and Macs. — Bloomberg

Apple Inc’s iPhone and iPad introduced a novel way of interacting with computers: via easy-to-use applications, accessible in the highly curated App Store.

The same approach hasn’t worked nearly as well on Apple’s desktops and laptops. The Mac App Store is a ghost town of limited selection and rarely updated programs. Now Apple plans to change that by giving people a way to use a single set of apps that work equally well across its family of devices: iPhones, iPads and Macs.

Starting as early as next year, software developers will be able to design a single application that works with a touchscreen or mouse and trackpad depending on whether it’s running on the iPhone and iPad operating system or on Mac hardware, according to people familiar with the matter.

Developers currently must design two different apps – one for iOS, the operating system of Apple’s mobile devices, and one for macOS, the system that runs Macs. That’s a lot more work. What’s more, Apple customers have long complained that some Mac apps get short shrift.

For example, while the iPhone and iPad Twitter app is regularly updated with the social network’s latest features, the Mac version hasn’t been refreshed recently and is widely considered substandard. With a single app for all machines, Mac, iPad and iPhone users will get new features and updates at the same time.

Unifying the apps could help the iOS and macOS platforms “evolve and grow as one, and not one at the expense of the other,” says Steven Troughton-Smith, an app developer and longtime voice in the Apple community. “This would be the biggest change to Apple’s software platform since iOS was introduced.”

Apple is developing the strategy as part of the next major iOS and macOS updates, said the people, who requested anonymity to discuss an internal matter. Codenamed “Marzipan,” the secret project is planned as a multiyear effort that will start rolling out as early as next year and may be announced at the company’s annual developers conference in the summer. The plans are still fluid, the people said, so the implementation could change or the project could still be cancelled.

An Apple spokeswoman declined to comment.

Apple wouldn’t be first to bring mobile and desktop apps closer together. Before it discontinued Windows software for smartphones, Microsoft Corp pushed a technology called Universal Windows Platform that let developers create single applications that would run on all of its devices – tablets, phones, and full-fledged computers. Similarly, Google has brought the Play mobile app store to some laptops running its desktop Chrome OS, letting computer users run smartphone and tablet apps like Instagram and Snapchat.

It’s unclear if Apple plans to merge the separate Mac and iOS App Stores as well, but it is notable that the version of the store running on iPhones and iPads was redesigned this year while the Mac version has not been refreshed since 2014.

Apple’s apps initiative is part of a larger, longer-term push to make the underpinnings of its hardware and software more similar. Several years ago, the company began designing its own processors for iOS devices. It has started doing the same for the Mac, recently launching a T2 chip in the iMac Pro that offloads features like security and power management from the main Intel processor onto Apple-designed silicon. Much the way Apple plans to unify apps, it could also one day use the same main processor on Macs and iOS devices.

That would make it easier to create a single operating system for all Apple gadgets. Will Apple go there? Chief executive officer Tim Cook has resisted doing so, arguing that merging iOS and macOS would degrade the experience. “You can converge a toaster and a refrigerator, but those things are probably not going to be pleasing to the user,” Cook said in 2012. Apple software chief Craig Federighi has called the blending of iOS and macOS “a compromise.”

Maybe so. But Apple has a long history of insisting it would never do something – make a small iPad, say, or a big iPhone – and then doing it anyway. — Bloomberg

Source: The Star Online

Tencent valued over $500B

JIAXING, CHINA – NOVEMBER 16: A speech about WeChat Ecosystem Innovation by Tencent is delivered during the Release Ceremony for World Leading Internet Scientific and Technological Achievements as part of the 3rd World Internet Conference (WIC) at Wuzhen Internet International Conference and Exhibition Center on November 16, 2016 in Jiaxing, Zhejiang Province of China. The 3rd World Internet Conference (WIC) – Wuzhen Summit kicks off at Wuzhen township on Wednesday and will last to Nov 18, in Zhejiang Province. (Photo by VCG/VCG via Getty Images)

Tencent has become the first Chinese company to be valued at more than $500 billion.

Shares of the 19-year-old company, which is listed on the Hong Kong Stock Exchange, rallied to reach HK$418.80 to give it a market cap of HK$3.99 trillion which takes past the $500 billion mark. Close rival Alibaba is Asia’s second-highest-valued firm at $474 billion.

Entry to the half-a-trillion-dollar club — which includes Apple, Alphabet, Facebook, Microsoft and Amazon — comes a week after Tencent posted a profit of 18 billion RMB ($2.7 billion) on revenue of 65.2 billion RMB ($9.8 billion) for Q3 2017. Overall profit was up 69 percent year-on-year and revenue rose by 61 percent thanks to Tencent’s games business

As SCMP pointed out, a US$9,000 investment in the company’s 2004 IPO would now be worth US$1 million.

Just looking at the last twelve months alone, Tencent’s share price has doubled thanks to impressive earnings reports like Q3.

Tencent’s market cap has more than tripled since March 2014 when it reached $150 billion, surpassing Intel in the process. Writing then, The Wall Street Journal opined that the company “isn’t yet a household name in the U.S., but it should be” and that still applies today.

WeChat, its messaging app that is China’s top social service, is closing in on one billion users overall but it has not managed to replicate that success overseas. Tencent has instead focused on investing itself into global positions.

Its lucrative gaming business focuses on PC and mobile and is the heartbeat of revenue, accounting for $5 billion in the last quarter alone, thanks to smash hits like Honour Of Kings, 2017’s top grossing game, and the acquisition of the companies behind hit games Clash Of Clans (Supercell) and League Of Legends (Riot Games).

Tencent’s investment focus seems to have gone into overdrive over the last year. It has bought up stakes in public companies Tesla, Snap, invested in India-based unicorns Flipkart, messaging app Hike, health portal Practo and Uber rival Ola. Other earlier-stage deals include flying cars, lunar drones and asteroid mining, while longer-standing investments like Sogou (search) and China Literature (e-publishing) have gone public over the past month.

If the recent Snap and Tesla deals are anything to go by, Tencent is likely to commit considerable resources to developing a base among U.S. tech companies. Not only does it believe it can learn from their experiences to boost its business in China, but it can add fresh perspective too — particularly around messaging/WeChat.

Source: TechCrunch

Apple is looking into reports of iPhone 8 batteries swelling

Reports from a few iPhone 8 and iPhone 8 Plus buyers have suggested there could be an issue with the battery inside some of the devices swelling, causing the case of Apple’s new iPhone to split open and expose the smartphone’s internals.

Apple has now confirmed it is looking into it, although a spokeswoman declined to comment further when asked how many devices are affected.

From what we’ve heard the number of reports so far is very few.

Yesterday CNET rounded up the handful of reports that have emerged — saying there are at least six different reports in at least five countries of the iPhone 8 splitting along its seams.

Today Reuters also noted a report in Chinese state media of an iPhone buyer claiming a newly purchased iPhone 8 Plus arrived cracked open on October 5, though apparently without any signs of scorching or an explosion.

Apple rival Samsung had big problems with smartphone batteries in its Galaxy Note 7 smartphone. In that instance some Note 7 batteries caught fire, and the problem was extensive enough that it led Samsung to recall all Note 7 handsets — at great expense.

In the case of the iPhone 8 the issue appears to be limited to batteries bloating/swelling, rather than catching fire — at least as reported so far.

Although the phone only went on sale on September 22 so it’s still early days for the device.

Apple did not release figures for the first weekend sales of the iPhone 8 and 8 Plus, as it has in the past with new iPhones, so it’s also not yet clear how many of these handsets are in the hands of buyers at this point.

Some analysts have suggested consumers may be holding off on upgrading their iPhone to buy the top-of-the-range iPhone X, which Apple also announced at the same time, but with a later release date.

Pre-sales for the iPhone X are due to begin on October 27, with the handset slated to ship on November 3.

Source: TechCrunch

Say goodbye to gasoline – China’s going electric

China’s auto industry plan released in April envisages new energy vehicles – including electric and hybrids – making up all the future sales growth in the country. — Reuters

China, one-third of the world’s car market, is working on a timetable to end sales of fossil-fuel-based vehicles, the country’s vice minister of industry and information technology, Xin Guobin, told an industry forum in Tianjin on Saturday. That would probably see the country join Norway, France and the UK in switching to a wholly electric fleet within the lifetime of most current drivers.

The announcement is important because the most influential players in the global auto market have always been not companies, but governments. Diesel cars make up about half of the market in the European Union and less than a percentage point in the US, largely because of different fuel-taxation and emissions regimes. Carburetors have been regulated out of most developed markets because fuel injection – originally a more costly technology — results in less tailpipe pollution.

Moves toward electrification of the world’s cars have been tentative. Just 695,000 electric vehicles were sold in 2016, according to Bloomberg New Energy Finance, equivalent to about three days of sales in an 84 million-strong market. Including those already on the roads, the global car fleet is roughly a billion-strong.

At the same time, the direction of travel is unambiguous. China’s auto industry plan released in April envisages new energy vehicles – including electric and hybrids – making up all the future sales growth in the country. With conventional cars plateauing at current levels, new-energy vehicle sales will reach seven million annually in 2025. As many as 800,000 charging stations will be built this year alone, according to the official China Daily. Government mandates will require manufacturers to sell 8% of their vehicles with electric or hybrid powertrains from next year, or purchase credits to make up the difference, rising to 20% by 2025.

India, due to overtake Germany and then Japan as the world’s third-biggest auto market by 2020, is on a similar path. Prime Minister Narendra Modi’s think-tank Niti Aayog aims to get electric vehicles to 44 percent of the fleet by 2030, and is aggressively favoring them with tax rates 31 percentage points below those on hybrids and internal-combustion-engine cars under its new harmonised GST sales tax.

France and the UK, the world’s sixth- and seventh-biggest markets, are planning to phase out sales of non-electric cars by 2040, while tiny Norway aims to reach that line 10 years earlier. Neither of those targets looks especially ambitious, given the rapid drop in battery costs: In the US and EU, electric cars will reach price parity with conventional vehicles in terms of purchase and running costs around the mid-2020s, according to BNEF. The International Energy Agency believes the use of oil in passenger cars has already more or less peaked, with just 7% of demand growth by 2040 coming from the sector.

The pattern will accelerate as major automakers dedicate more of their research and development budgets – and, subsequently, lobbying funds – to the EV transition. Until the first Tesla Inc. Roadster went on sale just nine years ago, Mitsubishi Motors Corp. was the only major car company to take the prospect of fully electric vehicles seriously. Now, every large automaker is working on battery-powered cars, with even longstanding skeptics like Fiat Chrysler Automobiles NV’s Sergio Marchionne and Maruti Suzuki India Ltd’s RC Bhargava announcing plans in recent weeks.
ADVERTISING

For all the eye-catching symbolism of a ban, it’s unlikely that fossil fuel will soon be illegal on the roads. Gasoline and diesel cars will still be sold in 2040, and probably 2050 and 2100 as well. But with an increasing cost disadvantage and growing infrastructure issues, as gas stations close or go electric, internal-combustion engines will be sold only to enthusiasts – like high-performance sports cars, kit cars and vintage cars are today.

The conventional car isn’t quite dead yet – but its years are numbered. — Bloomberg

Source: The Star Online

Xiaomi is world’s top wearable maker for first time as Fitbit sales slide

Xiaomi’s good run has continued after a research firm found that the Chinese firm has ranked top for sales of wearable devices worldwide for the first. Sales of Fitbit devices, meanwhile, plunged by 40 percent

Coming off the back of Xiaomi’s reentry into the world’s top five smartphone sellers, a new Strategy Analytics report found that it leapfrogged Apple and Fitbit to become the top seller of wearables in Q2 2017 with 3.7 million units shipped. Fitbit logged 3.4 million shipments during the quarter with Apple coming in at 2.8 million — the U.S. firm actually posted higher sales growth than Xiaomi. The rest of the field was responsible for a further 11.7 million units, or 54 percent of all wearables shipped during the quarter.

Xiaomi and Apple both grew their marketshare year-on-year (from 15 percent to 17 percent, and nine percent to 13 percent, respectively), but Fitbit’s share cratered from 29 percent to 16 percent.

Both Xiaomi and Apple take very different approaches to wearables. Xiaomi has a wide range of products that are priced competitively and feature heart-rate monitors and alerts — the Mi Band is priced as low as $14.99 in the U.S. — while the Apple Watch, at upwards of $269, is a more premium approach that’s packed with a fuller set of features. While they both stand for something at different ends of the market, Fitbit’s position is less certain.

“Fitbit is at risk of being trapped in a pincer movement between the low-end fitness bands sold by Xiaomi and the fitness-led, high-end smartwatches sold by Apple,” Strategy Analytics’ Neil Mawston said in a statement.

As for the other two, Strategy Analytics said reports that the next Apple Watch may include extended health tracking capabilities could help Apple reclaim the top spot. But for now its lack of health band options is what the firm believes is keeping Xiaomi ahead, the firm concluded.

Xiaomi has had a resurgent 2017 so far, bouncing back from two disappointing years in which it struggled to maintain once-explosive growth and missed sales targets. A push into offline retail in China and progress in India, where the company cracked $1 billion in revenue last year, have contributed to a more optimistic outlook this year, with CEO Lei Jun claiming it has reached “a major inflection point in its growth.”

The company said its phone sales were up 70 percent quarter-on-quarter in Q2 with 23 million sold in Q2. Now it is pushing on with its offline retail strategy and furthering its global expansion plan thanks to a $1 billion loan that was secured last month.

Source: TechCrunch