Information Technology

Apple has warned owners of its new iPhone 13 model that they might not be able unlock their phone with an Apple Watch due to a software glitch. The good news is that Apple is lining up a software update that should resolve the problem, according to a new support document. 

Smartphones

“You might see “Unable to Communicate with Apple Watch” if you try to unlock your iPhone while wearing a face mask, or you might not be able to set up Unlock with Apple Watch,” Apple notes. It says this will be fixed in an upcoming software update. SEE: The 6 best hidden features in iOS 15 and iPadOS 15Until the update is available, users can turn off Unlock with Apple Watch and use a passcode to unlock an iPhone 13. Users need to go to Settings > Face ID & Passcode. Apple created the Watch unlock feature for the iPhone in response to Face ID being obstructed by people wearing face masks. Instead of glancing at the iPhone’s facial recognition camera sensors, a nearby Watch that’s being worn and unlocked, can unlock the iPhone. A similar feature is available for macOS devices. 

The feature is handy for users with an iPhone and Apple Watch but it has had problems before on older iPhones with Touch ID. This only affected enterprise users. Otherwise, the feature requires an iPhone that uses Face ID, including iPhone X or later, and is running iOS 14.5 or later. The person needs an Apple Watch Series 3 or later with watchOS 7.4 or later. The Watch also needs to be paired with an iPhone and both the iPhone and Apple Watch need to have Wi-Fi and Bluetooth on.Face ID fails when users have a mask that covers a person’s nose and mouth. The Watch side of the unlock requires wrist detection to be enabled. There is a security concern with the process as it can mean users accidentally unlock an iPhone. This can create an additional step if the phone is confirmed to have been accidentally unlocked by a Watch. “When your Apple Watch unlocks your iPhone successfully, your watch gives haptic feedback and shows an alert. If you didn’t mean to unlock your iPhone, tap the Lock iPhone button on your Apple Watch screen,” Apple notes. “Next time you unlock your iPhone after tapping this button, your iPhone will need you to enter your passcode.” SEE: Smartphone sales are riding out the global chip shortageIt’s not clear when Apple will release the update to fix the issue or what version of iOS it will come in. MacRumors notes that the first beta of iOS 15.1 was released last week, but Apple may release a minor iOS 15.0.1 update with bug fixes.Apple released the iPhone 13 earlier this month. It’s available with 128GB, 256GB or 512GB. Pricing starts at $699 for the iPhone 13 Mini or $799 for the iPhone 13.  More

If you are the proud (despite the bugs) owner of a new iPhone 13, then you better take care of it.Why?Because if you break the display, your only course for a repair will be Apple or an Apple-authorized repair center.Why is that?It seems that Apple has tied the display — yes, the display — is bound to the Face ID mechanism. This means that if you get a new display fitted, and the person fitting that display cannot carry out the proper pairing wizardry, then Face ID is dead.Don’t believe me, here’s iPhone Repair Guru with a couple of videos demonstrating the problem.

[embedded content]

[embedded content]

Now, not only are these videos impressive because we get to see someone so comfortably swapping parts inside a new iPhone, but we also get definitive proof that Apple has bound the display to the security system that deals with Face ID.

What this means is that if the display is swapped, the iPhone detects the change and disables Face ID.So, if you break your display, your only current option is to go to Apple or an Apple Authorized Service Provider, and outside of AppleCare+, your out of warranty costs will be as follows:iPhone 13 Pro Max: $329iPhone 13 Pro: $279iPhone 13: $279iPhone 13 Mini: $229Now, we’ve seen similar stuff from Apple in the past, and Apple released a iOS update to patch/fix/undo this issue.It remains to be seen whether we’ll see a similar reversal from Apple this time. More

ABS Census Collector toolkit in July 1981
Image: Getty Images
More than 130,000 malicious IP addresses were blocked to ensure no breaches or interruptions were experienced during what was deemed a successful Census 2021, according to Amazon Web Services (AWS).In a blog post, AWS Oceania technology and transformation director Simon Elisha explained that AWS, together with PwC Australia and the Australian Bureau of Statistics (ABS), undertook “extensive DDoS tests” prior to Census 2021 to ensure all data would be secured, in addition to building a web getaway so that each Census form was validated before it was passed along to the ABS processing environment. “This included an independent security and compliance assessment against the Australian Government’s Information Security Manual, through an Information Security Registered Assessors Program (IRAP) assessment,” he said. “All information collected in the digital 2021 Census service was securely stored in the AWS Sydney Region. It was also encrypted end-to-end, which means the information was scrambled and could not be read without the decryption keys, which were controlled solely by the ABS.”PwC Australia was contracted to build 2021 Census on AWS cloud to avoid any embarrassing repeat of what occurred during Census 2016, when the ABS experienced a series of small DDoS attacks, suffered a hardware router failure, and baulked at a false positive report of data being exfiltrated which resulted in the Census website being shut down and citizens unable to complete their online submissions.At the time, Census was running on-premises infrastructure procured from tech giant IBM. Other testing the service underwent included ensuring it could meet extreme user demand at more than 2,000 times the expected peak workload, Elisha said. He said this allowed the platform to manage the 2.5 million people who submitted their forms on 2021 Census day, including when it hit peak period online at 8:06pm and about 142 online submissions were received per second and there were 249 logins per second.

Elisha also boasted that by building a cloud-based contact centre for ABS, it saved over 394,000 people from calling the Census contact centre to request a paper form. Instead, people who called were prompted by an automated agent to enter details such as their Census ID number and their postcode to be verified.  “The Census Digital Service achieved high levels of security, reliability, and scale thanks to the serverless architecture built on AWS. The most important benefit of working with AWS is that ABS doesn’t have to worry about building and operating the underlying infrastructure, and ABS can focus on delivering a simple and easy experience for the people of Australia,” ABS CIO Steve Hamilton said.Related Coverage More

Image: Getty Images
The Quadrilateral Security Dialogue, better known as the Quad, has announced various non-military technology initiatives aimed at establishing global cooperation on critical and emerging technologies, such as AI, 5G, and semiconductors.The various technology initiatives were announced after the leaders of Quad countries — comprised of Australia, India, Japan, and the US — met on Friday, which marked the first time the group has come together in person.Among the initiatives announced by the security bloc was the intention to develop new global cybersecurity standards across various technology sectors.”With respect to the development of technical standards, we will establish sector-specific contact groups to promote an open, inclusive, private-sector-led, multi-stakeholder, and consensus-based approach,” the Quad said in a joint statement.As part of work to be undertaken towards establishing these global technology standards, the Quad said it would publish a Quad Statement of Principles, which will be a guide for implementing responsible, open, high-standards innovation.”We are working to make cyberspace and emerging and critical technologies trusted and secure, in open societies, solving problems, and addressing the supply chain challenges that in many ways hold the keys to our security and our prosperity and our environment in the 21st century,” Australian Prime Minister Scott Morrison said.A new Quad Senior Cyber Group will also be established. The group will consist of “leader-level experts” who will meet regularly to advance work between government and industry to drive the adoption and implementation of shared cyber standards; development of secure software; growth of the tech workforce; and promotion of scalability and cybersecurity of secure and trustworthy digital infrastructure.

The security bloc will also begin cooperation focused on space and combatting cyber threats, promoting resilience, and securing critical infrastructure together, the countries said.For space specifically, the Quad nations will identify new collaboration opportunities and share satellite data for peaceful purposes such as monitoring climate change, disaster response and preparedness, sustainable uses of oceans and marine resources, and on responding to challenges in shared domains.Other technology initiatives announced by the Quad over the weekend was a new fellowship that will be established together with industry. The fellowship will provide 100 graduate fellowships to science, technology, engineering, and mathematics graduate students across the four countries.New initiatives to improve semiconductor supply chains, 5G deployment and diversification, and monitor biotech scanning trends were also announced.In announcing these new initiatives, the Quad sledged China, although China was not named, by jointly saying: “We will continue to champion adherence to international law … to meet challenges to the maritime rules-based order, including in the East and South China Seas”.”We affirm our support to small island states, especially those in the Pacific, to enhance their economic and environmental resilience,” the Quad added.The movements from Quad countries follow various international pacts coming to the fore in recent weeks, with Quad members, Australia and the US, joining the UK to establish the AUKUS security pact.AUKUS, made public a fortnight ago, was established by the three governments to address defence and security concerns posed by China within the Indo-Pacific region. The trilateral security pact’s focus has so far been military-heavy unlike the Quad’s new initiatives, with AUKUS’ first initiative being to help Australia acquire nuclear-powered submarines. Meanwhile, both China and Taiwan have formally applied to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), one of the world’s largest trade pacts. RELATED COVERAGE More

Image: Shutterstock
Losses related to cryptocurrency investment scams made up over a quarter of the total scams reported to the Australian Competition and Consumer Commission (ACCC) from the start of the year to the end of August. In a response to a question on notice from the Senate Select Committee on Australia as a Technology and Financial Centre, the ACCC revealed it received 3,007 reports that totalled losses of AU$53.2 million. This represented 55% of all losses due to investment scams, and 48% of all investment scam reports. Broken down by state, New South Wales had 860 reports for AU$20.6 million in losses, Victoria had 563 reports for AU$12.6 million in losses, Queenslanders lost AU$8.2 million and made 485 reports, while Western Australia made 268 reports on AU$3.8 million in losses. By age, those in the 55-64 bracket lost over AU$12.6 million and made 365 reports, those over 65 accounted for AU$10.7 million in losses and filed 356 reports, while those aged 44-54 made 352 reports and lost AU$8.7 million. As age decreased, so did the losses, with those aged 35-44 making 627 reports for losses of AU$7.6 million. 25-34-year olds lost AU$7 million and made 570 reports. Beyond cryptoscams, those labelled “traditional scams” — such as pre-IPO, share, and foreign exchange scams — accounted for AU$21 million in losses from 411 reports, the other category had 2,590 reports for AU$11.7 million in losses, and ponzi schemes had 110 reports for only AU$239,000 lost. The grand total lost to all investment scams to August 31 was AU$96.6 million. Broken down by state, New South Wales had 1,864 reports for AU$33 million in losses, Victoria had 1,316 reports for just shy of AU$23 million in losses, Queenslanders lost AU$20 million and made 1,060 reports, with Western Australia making 580 reports on AU$7.7 million in losses. On Monday, the ACCC said from the start of 2021 to September 19, Australian losses to all scams had passed AU$175 million.

“While the proportion of reports involving a financial loss has dropped this year, the people who do lose money are losing bigger amounts. The average loss so far this year is about AU$11,000 compared to AU$7,000 for the same period in 2020,” ACCC deputy chair Delia Rickard said. The ACCC said it had seen a 261% increase in phishing scams, 144% involving remote access, and 234% in identity theft. The consumer watchdog said it had been passing scammer phone numbers onto Australian carriers, and working with banks to “raise awareness with their customers” who could have been hit by Android malware known as Flubot. Related Coverage More

Eftpos has become the first accredited non-government operator of a digital identity exchange under the federal government’s Trusted Digital Identity Framework (TDIF).By becoming an accredited operator, Eftpos connectID can now facilitate online transactions requiring a digital identity from Australians. Eftpos sent connectID live in June as a fully-owned subsidiary of the organisation and as a standalone fintech company. It’s been set up to act as “broker” between identity service providers and merchants or government agencies that require identity verification, such as proof of age, address details, or bank account information.It has been designed to work within the federal government’s Trusted Digital Identity Framework (TDIF) and the banking industry’s TrustID framework.Although the Australian government has its own digital identity solution with myGovID, Eftpos has previously said its solution could provide a “smoother, faster, and more secure onboarding experience, including for government services”.Eftpos has also assured that connectID does not store any identity data.”A safe, thriving digital economy is the best way we can grow the Australian economy. A safe, thriving digital economy is not possible without digital identity — that is, a safe, secure, and convenient way for Australians to prove their identity online,” Minister for Employment, Workforce, Skills, Small and Family Business Stuart Robert said.

“Through accreditation, we make sure Australians and Australian businesses can have trust and confidence that their personal information is safe and secure.”As an accredited provider, Eftpos has demonstrated that connectID is trustworthy, safe, and secure and has met strict usability and accessibility requirements. I congratulate Eftpos for being the first private identity exchange to be accredited under the TDIF.”Eftpos applied for accreditation in May. The federal government’s myGovID was the first to be granted a TDIF accreditation, followed by Australia Post’s Digital ID. Last month, OCR Labs became the first accredited non-government operator to provide digital identity services to the private sector.”TDIF accreditation is a big step forward for Eftpos and industry to help bring the benefits of digital identity to more sectors of the economy. It is a significant and tangible milestone in the rollout of Australia’s digital identity ecosystem and comes after months of rigorous assurance evaluations and privacy and security testing,” Eftpos CEO Stephen Benton said. Since last year, Eftpos has been piloting connectID with 20 “well-known” Australian brands, including Australia Post and Yoti.According to Eftpos digital identity managing director Andrew Black, the company is looking to use connectID to help businesses address issues in areas such as commerce onboarding, recruitment, responsible gaming, anti-money laundering and identity verification.The news follows Mastercard and the Digital Transformation Agency (DTA) announcing plans to scope out how the former’s digital identity service could enable Australians to digitally verify their age and identity.Mastercard is also seeking accreditation under the TDIF. If granted, Mastercard said it would enable consumers to create a reusable digital identity using official identity documents, such as passports, driving licences, as well as protect digital identity data using encryption and facial biometrics.In June, the Australian government published a consultation paper on digital identity that indicated legislation would enter Parliament later this year to allow non-government entities to provide digital identification services to Australians.Under the TDIF, the set of rules can only be applied to Australian government entities — it can’t be applied to states and territories, or to the private sector – which is why legislation is required.The Digital Identity Legislation is hoping to ensure privacy safeguards are in place, such as limiting access to biometric information, but it will include the ability for users to consent to their biometric information being accessed for fraud or security investigations.RELATED COVERAGE More

Image: Apple
For most of 2021, a security researcher going by the name of illusionofchaos has been engaged in an unfruitful conversation with Apple to fix a number of vulnerabilities that allow apps to make API calls to pull down user information that they should not be able to. On Friday, the researcher went public with their findings, which contained one vulnerability fixed in iOS 14.7 and three unpatched vulnerabilities. The fixed bugs involved Analyticsd and allowed apps to access logs containing medical information, device usage information, application crashes, and information on device accessories. The unpatched vulnerabilities included the gamed service not properly checking game-center permission and allowing access to the Core Duet database that contains all contacts from Mail, SMS, iMessages, and some attachments; Apple ID email, full name, and authentication tokens allowing access to access at least one apple.com endpoint; and read access to speed dial database and address book.  A vulnerability in Nehelper allowed for an app to check whether any other app was installed, and another Nehelper bug allowed for unauthorised access to Wi-Fi information. The researcher said when Apple fixed the Analyticsd issue, they were not credited, with Apple saying in July that credit was forthcoming. By September, the researcher was still waiting. For each vulnerability, the researcher published proof-of-concept code on GitHub.

On Saturday, the researcher received a response from Apple, which said it had seen the blog post and apologised for the delay. “We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance,” Apple said. ZDNet asked Apple for comment on Friday, but we are still awaiting a response. Over the weekend, a blind developer complained that Apple had labelled as spam an update to make an accessible version of Hangman run on iOS 15. “My app is made for the blind and that all the other hangman games I have seen on the app store are half playable and … this is a bugfix update and already existing users who have paid for the app are unable to play using iOS 15,” Oriol Gómez sentís wrote. “To my horror, they replied saying that yes, ‘we understand that your app has voiceover’, hello? My app has voiceover? But unfortunately the rejection is still in place.” By the early hours of Monday morning, the developer said Apple had approved the update, but the app remained in violation of App Store guidelines. Related Coverage More

AU$6.1 million worth of seized cash.
Image: Australian Federal Police
Australian Federal Police (AFP) has so far seized over AU$31 million of assets through Operation Ironside, the message decryption sting operation that was labelled as the country’s “most significant operation in policing history”.The update was provided as part of an AFP announcement that it made its first multi-million cash forfeiture as part of the sting operation, confiscating AU$6 million of cash from a Western Australian man. The man, who was a member of a criminal syndicate, has pleaded guilty to various criminal offences and will face five years of imprisonment.The AU$6 million in cash will be redistributed from the confiscated assets account by Home Affairs Minister Karen Andrews to support crime prevention, law enforcement, and related community initiatives, the AFP said.The operation, dubbed as Project TrojanShield by the Federal Bureau of Investigation (FBI), is a global sting operation that was commenced by the US agency after it recruited a confidential human source to provide access to the Anom platform, an encrypted communications product used by transnational criminal organisations. Read more: How the FBI and AFP accessed encrypted messages in TrojanShield investigationThe AFP contributes to the sting operation by providing its “technical capability” in decrypting those messages. In Australia, intelligence and law enforcement agencies can request or demand assistance from communications providers to access encrypted communications. Europol is also involved in the operation.

The AU$31 million figure only accounts for the assets confiscated by the AFP, and does not include those seized by law enforcement agencies outside of Australia.When the global investigation was first unveiled in June, the FBI, AFP, and Europol jointly said the operation at the time led to 525 search warrants, 224 individuals being charged, 525 charges in total, six clandestine labs being taken down, and 21 threats to kill being averted. It also said at the time that 3.7 tonnes of drugs, 104 firearms and weapons, and over AU$45 million in assets had been seized.RELATED COVERAGE More