1010Computers | Computer Repair & IT Support

Google veteran Tony Wang joins 500 Startups as managing partner

San Francisco-based accelerator 500 Startups is expanding its executive team with the hiring of Tony Wang.

Wang is joining the early-stage firm from Color Genomics, a venture-backed developer of genetic testing kits where he had served as chief operating officer since 2014. Prior to Color, Wang was the vice president of global partnerships and development at Twitter and managing counsel for Google’s international operations.

“The venture capital world is undergoing a dramatic shift towards globalization where 500 Startups has been the leader and investing for the past decade,” Wang said in a statement. “There’s no question there are talented founders around the world, as proven by the number of unicorn companies in the 500 family.”

500 Startups, led by chief executive officer Christine Tsai, is an early investor in TalkDesk, Twilio, GitLab, Canva and several others.

Through its four-month seed program, the 500 Startups seed fund invests $150,000 in participating companies in exchange for 6% equity. Here’s a closer look at all the startups to finish 500 Startups’ latest program.

Powered by WPeMatico

Stealth startup Manticore Games raises $30M to launch a game-making platform for novices

Investors are betting on gaming platforms as an area of consumer tech with plenty of room left to grow.

Today, Manticore Games, a stealth gaming startup announced that it has raised $30 million in Series B funding from Benchmark, Correlation Ventures, BITKRAFT Esports Ventures, M Ventures, Arrive, Sapphire Sport, Tuesday Capital, and SV Angel. The gaming startup has now disclosed that they’re raised at least $45 million in financing, all before they’ve shipped a product.

They are announcing the name and some limited details of what it is that they’re building.

Their upcoming product is called CORE and it’s a way for gamers to build new, custom experiences. Users can build and monetize experiences that they create on the platform and it appears that they won’t need much of a technical background to be order to do so.

“The traditional game development pipeline is very rigid and very complex,” CEO Frederic Descamps told TechCrunch in an interview. “We’re really focused on bringing a new generation of game-makers to game-making.”

The startup is still in stealth so there’s a good deal about CORE that they say they’re not ready to talk about quite yet. It’s built on the Unreal Engine and doesn’t appear to be a game engine in itself and Manticore’s founders are comparing it more to a Twitch or YouTube in terms of how users will engage with creators’ game content, there’s all a good deal up in the air. They haven’t given a timeline for launch, but it sounds like something will be available soon.

In press materials, the company calls itself a “collaborative social ecosystem that supports a wide variety of shared online experiences.”

Manticore appears to be injecting itself into an arena that’s mostly represented by massively popular online games with “creator modes” like Fortnite, Roblox and Minecraft. Moving to the platform side before establishing a strong base via a popular title is obviously risky. The company declined to comment on whether they would be launching the platform alongside some of its own first-party experiences.

Descamps and his co-founder Jordan Maynard previously ran a game studio called “A Bit Lucky” that was acquired by Zynga in 2012. The co-founders both stayed on as executives at Zynga until launching Manticore.

 

Powered by WPeMatico

WeWork CEO Adam Neumann steps down

WeWork’s co-founder and chief executive officer Adam Neumann has stepped down as CEO and will serve as non-executive chairman of the board, the company confirmed in a press release Tuesday following a report from The Wall Street Journal. WeWork’s vice chairman Sebastian Gunningham and the company’s president and chief operating officer Artie Minson will serve as co-CEOs.

The eclectic executive has faced increasing pressure to relinquish his throne after another report from the WSJ highlighted his drug use and desires to become Israel’s prime minister, among other strange behaviors.

“As co-founder of WeWork, I am so proud of this team and the incredible company that we have built over the last decade,” Neumann said in a statement. “Our global platform now spans 111 cities in 29 countries, serving more than 527,000 members each day. While our business has never been stronger, in recent weeks, the scrutiny directed toward me has become a significant distraction, and I have decided that it is in the best interest of the company to step down as chief executive. Thank you to my colleagues, our members, our landlord partners, and our investors for continuing to believe in this great business.”

Neumann’s wife and WeWork co-founder Rebekah Neumann is said to have stepped down from her role as well. Rebekah has had several titles over the years, including chief impact officer, chief brand officer and most recently, co-founder and CEO of WeGrow, WeWork’s “conscious entrepreneurial school.”

SoftBank, the Japanese investor that has funneled billions into the star co-working business, is said to have encouraged — rather, enforced — Neumann’s reported transition out of the CEO role ahead of the company’s anticipated initial public offering. Per the WSJ, moving to the chairman seat would “allow [Neumann] to stay at the company he built into one of the country’s most valuable startups, but inject fresh leadership to pursue an IPO that would bring We the cash it needs to keep up its torrid growth.”

WeWork revealed its unusual IPO prospectus last month after raising more than $8 billion in equity and debt funding. The New York-based company had been valued at a whopping $47 billion, thanks largely to SoftBank’s repeated investments despite financials that show losses of nearly $1 billion in the six months ending June 30.

Wall Street investors were skeptical of the eye-popping valuation, leading to reports WeWork would seek a valuation of as low as $15 billion instead, a magnificent defeat for one of the most valuable private companies in the world. Ultimately, WeWork delayed its float altogether, claiming it planned to go public “by the end of the year.”

In additional efforts to appease Wall Street, WeWork amended its S-1 filing to include the appointment of an independent lead director and its first female board member, Frances Frei. On top of that, the company decreased the strength of Class B and Class C shares so Neumann would not have 20 times the voting power of other shareholders, and removed Neumann’s wife from succession planning at the company.

According to the latest news, Neumann’s voting shares will be reduced from 10:1 to 3:1.

Meanwhile, WeWork is working with bankers to reduce the cost of its money-losing operation, with a new report from The Information stating the business may cut as many as 5,000 roles, or one-third of its entire workforce.

The WeWork IPO saga draws many parallels to Uber’s pre-IPO struggles. Both companies were led, for years, by outspoken executives, Neumann and Travis Kalanick, respectively. Both men were ousted, in essence, by frustrated board members who were concerned at the potential outcome of multi-billion-dollar IPOs.

Given WeWork’s struggle to complete a public listing and Uber’s disappointing performance on the public markets, perhaps private market investors will realize Silicon Valley’s pixie dust doesn’t carry the same weight on Wall Street.

Powered by WPeMatico

Meme editor Kapwing grows 10X, raises $11M

Kapwing is a laymen’s Adobe Creative Suite built for what people actually do on the internet: make memes and remix media. Need to resize a video? Add text or subtitles to a video? Trim or crop or loop or frame or rotate or soundtrack or… then you need Kapwing. The free web and mobile tool is built for everyone, not just designers. No software download or tutorials to slog through. Just efficient creativity.

Kapwing Video Editor

In a year since coming out of stealth with 100,000 users, Kapwing has grown 10X, to more than 1 million. Now it going pro, building out its $20/month collaboration tools for social media managers and scrappy teams. But it won’t forget its roots with teens, so it has dropped its pay-$6-to-remove-watermarks tier while keeping its core features free.

Eager to capitalize on the meme and mobile content business, CRV has just led an $11 million Series A round for Kapwing. It’s joined by follow-on cash from Village Global, Sinai and Shasta Ventures, plus new investors Jane VC, Harry Stebbings, Vector and the Xoogler Syndicate. CRV partners “the venture twins” Justine and Olivia Moore actually met Kapwing co-founder and CEO Julia Enthoven while they all worked at The Stanford Daily newspaper in 2012.

Need to edit a meme or video? Kapwing has all the resizing, GIF, & subtitle tools you need https://t.co/FXDjShlUTq pic.twitter.com/1fEHxGoboz

— Josh Constine (@JoshConstine) September 24, 2019

“As a team, we love memes. We talk about internet fads almost every day at lunch and pay close attention to digital media trends,” says Enthoven, who started the company with fellow Googler Eric Lu. “One of our cultural tenets is to respect the importance of design, art and culture in the world, and another one is to not take ourselves too seriously.” But it is taking on serious clients.

As Kapwing’s toolset has grown, it has seen paying customers coming from Amazon, Sony, Netflix and Spotify. Now only 13% of what’s made with it are traditional text-plus-media memes. “Kapwing will always be designed for creators first: the students, artists, influencers, entrepreneurs, etc. who define and spread culture,” says Enthoven. “But we make money from the creative professionals, marketers, media teams and office workers who need to create content for work.”

Kapwing Tools

That’s why in addition to plenty of templates for employing the latest trending memes, Kapwing now helps Pro subscribers with permanent hosting, saving throughout the creation process and re-editing after export. Eventually it plans to sell enterprise licenses to let whole companies use Kapwing.

Kapwing Tools 1

Copycats are trying to chip away at its business, but Kapwing will use its new funding to keep up a breakneck pace of development. Pronounced “Ka-Pwing,” like a bullet ricochet, it’s trying to stay ahead of Imgflip, ILoveIMG, Imgur’s on-site tool and more robust apps like Canva.

If you’ve ever been stuck with a landscape video that won’t fit in an Instagram Story, a bunch of clips you want to stitch together or the need to subtitle something for accessibility, you’ll know the frustration of lacking a purpose-built tool. And if you’re on mobile, there are even fewer options. Unlike some software suites you have to install on a desktop, Kapwing works right from a browser.

Trending Memes Kapwing

” ‘Memes’ is such a broad category of media nowadays. It could refer to a compilation like the political singalong videos, animations like Shooting Star memes or a change in music like the AOC Dancing memes,” Enthoven explains. “Although they used to be edgy, memes have become more mainstream . . . Memes popularized new types of multimedia formats and made raw, authentic footage more acceptable on social media.”

As communication continues to shift from text to visual media, design can’t only be the domain of designers. Kapwing empowers anyone to storytell and entertain, whether out of whimsy or professional necessity. If big-name creative software from Adobe or Apple don’t simplify and offer easy paths through common use cases, they’ll see themselves usurped by the tools of the people.

Powered by WPeMatico

iOS, iPadOS and tvOS 13.1 updates are now available

Apple has just released iOS 13.1. This update brings everything new in iOS 13 in case you haven’t updated yet, as well as many bug fixes. I recommend updating to iOS 13.1 to get a more stable phone.

But that’s not all — iPadOS and tvOS are finally making the jump to version 13 with iPadOS 13.1 and tvOS 13.1, respectively, also available today.

The update is currently rolling out and is available in the Settings app on your device: iOS 13.1 is compatible with the iPhone 6s or later, the iPhone SE or the 7th-generation iPod touch; iPadOS is compatible with any iPad, iPad mini and iPad Pro that was released in 2014 or later; and tvOS 13.1 is compatible with any Apple TV that can run tvOS 12.

It’s also worth noting that today’s release of iPadOS and tvOS marks the launch of Apple Arcade on the iPad and Apple TV. For a $4.99 monthly subscription fee, you can access dozens of games across your Apple devices. You also can pair a PlayStation 4 or Xbox One controller with your Apple devices to play those games.

But first, backup your device. Make sure your iCloud backup is up to date by opening the Settings app on your iPhone or iPad and tapping on your account information at the top and then on your device name. Additionally, you can plug your iOS device into your computer to do a manual backup in iTunes (or do both, really).

Don’t forget to encrypt your backup in iTunes. It is much safer if somebody hacks your computer. And encrypted backups include saved passwords and health data. This way, you don’t have to reconnect to all your online accounts.

Once this is done, you should go to the Settings app as soon as possible to get in the queue. Navigate to “Settings,” then “General” and then “Software Update.” Then you should see “Update Requested…” It will then automatically start downloading once the download is available.

Here’s a quick rundown of what’s new in iOS 13. This year, in addition to dark mode, it feels like every single app has been improved with some quality-of-life updates. The Photos app features a brand new gallery view with autoplaying live photos and videos, smart curation and a more immersive design.

This version has a big emphasis on privacy as well, thanks to a new signup option called “Sign in with Apple” and a bunch of privacy popups for Bluetooth and Wi-Fi consent, and background location tracking. Apple Maps now features an impressive Google Street View-like feature called Look Around. It’s only available in a handful of cities, but I recommend… looking around, as everything is in 3D.

Many apps have been updated, such as Reminders, with a brand new version, Messages with the ability to set a profile picture shared with your contacts, Mail with better text formatting options, Health with menstrual cycle tracking, Files with desktop-like features, Safari with a new website settings menu, etc.

IMG 0077 1

Powered by WPeMatico

Spotify’s app for artists gets a big revamp, adds real-time stats for listeners

Spotify this morning is rolling out an updated version of its app for artists, across both iOS and Android. The new app includes a refreshed design, as well as new analytics like real-time stats on how many people are playing artists’ songs around the world, most notably. Educational materials are also for the first time available through the app’s new Home tab.

Launched two years ago, the Spotify app already offers a way to see real-time listening stats for new releases for the first week they go live. Now it’s expanding its listening stats so artists can see how many people are playing their songs right now.

It’s also now easier to track important milestones in the revamped app, Spotify says — like when a song gets added to a playlist or the artist gains new followers.

S4A 09092019 BlogImageMaster Home Tab

From the Home tab, Spotify will offer more recommendations on how to best use its tools and promote its Co.Lab events.

Here, artists will be able to read articles, watch videos and presentations, get advice from successful artists, learn about product updates and more.

S4A 09092019 BlogImageMaster Homecard Tab

The audience analytics and music sections have also gotten a visual refresh, designed to make it easier to see the latest stats related to who’s listening, where and similar artists these fans like.

S4A 09092019 BlogImageMaster Library Tab

And in a much-needed addition, artists or their managers can now update the artist’s profile in the app, including the ability to pick a new profile photo, rewrite the bio and update playlists and the Artist’s Pick directly from the Artists page in the app.

For those who are managing multiple artists, it’s now easier to switch between profiles.

S4A 09092019 BlogImageMaster Artist Profile

The update to the Spotify for Artists app is one of the more significant to arrive since the analytics dashboard moved to mobile back in 2017. And with the standout feature of real-time listening stats for listeners, the app is even more of a competitor to Apple’s artist dashboard, which just exited beta last month with the addition of Shazam data.

Spotify says the new app is rolling out this week across both iOS and Android.

Correction, 9/24/19 10:20 AM ET: The app offers real-time stats of current listeners for all songs overall, but not for any song. This was unclear. We’ve since corrected. Sorry for the confusion. 

Powered by WPeMatico

ClimateTech is the new hot space for investors in a warming planet

How do you attract the attention of a prince? Aside from being Meghan Markle, of course. One answer came recently in the form of Prince Harry’s backing of a new initiative designed to make offsetting the carbon from your airline flights a properly mainstream idea.

For Harry, the initiative had a double whammy. It might finally make carbon offsetting cool, especially if the royals and the celebs are doing it. And it had the added bonus of taking the heat off royals for jetting around the world (sorry!).

But the Travalyst initiative doesn’t stop at offsetting. It will also address conservation, environmental protection and expanding local community economic development by encouraging sustainable tourism practices across the travel industry. And it’s backed by Booking.com, Ctrip, Skyscanner, TripAdvisor and Visa.

The initiative hints at a range of future climate initiatives, now that the issue is firmly on the global agenda after a wave of public demonstrations such as the Climate Strikes started by schoolgirl Greta Thunberg.

The climate is now firmly on the global agenda, but is there really such as thing as “climate tech”?

After all we already have biotech, HealthTech, FinTech. InsurTech, AdTech and AgTech, so why not ClimateTech and what are its investment prospects? What would distinguish it from, say, CleanTech?

Powered by WPeMatico

Xiaomi’s 108MP Mi Mix Alpha has a display that wraps around the back

As Samsung and Huawei double down on their foldable smartphone lineups, and other handset vendors try to hide the notch, Chinese giant Xiaomi today chalked out a different path altogether. The company unveiled the Mi Mix Alpha, a smartphone with a front display that fully wraps around the back, save for a strip.

The Mi Mix Alpha’s body is made of a single piece of sapphire glass, with ceramics and aerospace-grade titanium alloy. So what does the extra display get you? Nothing much. The back display lights up and takes over the front screen’s duties when you flip the phone. Otherwise, it just sits there doing nothing.

Xiaomi says the Mix Alpha is a concept phone, so it is going to have a limited production run for the device. The smartphone will go on sale in China in December for 19,999 yuan (~$2,800).

This is #MiMIXAlpha, a surround display 5G concept smartphone. Challenge the impossible, to make the future possible. pic.twitter.com/ZqLfWydmJg

— Xiaomi #MiMIXAlpha (@Xiaomi) September 24, 2019

While the size of the display remains unknown, it boasts a 180.6% screen-to-body ratio, Xiaomi said at an event in China. The Mi Mix Alpha is powered by Qualcomm’s latest and greatest Snapdragon 855+, coupled with 12GB of RAM and 512GB UFS 3.0 storage. And it supports 5G connectivity.

The handset is housing a 4,050 mAh battery and supports 40W wired fast charging, the company said. The Mi Mix Alpha is running Android Pie-based MIUI 11 software.

Which brings us to the strip: The front side of the Mi Mix Alpha does not have any camera sensors. Instead the back side sports a three-camera system: a 108MP primary sensor it developed in collaboration with Samsung, a 20MP wide-angle sensor and a 12MP telephoto sensor.

At the sidelines of today’s event, Xiaomi also launched the Mi 9 Pro, the follow-up to the Mi 9 handset that the company unveiled earlier this year. The Mi 9 Pro, priced at roughly $520, now features support for 5G connectivity, becoming one of the low-cost handsets to support the networking technology. It also supports 40W fast charging, the company said.

Powered by WPeMatico

Samsung Galaxy Fold, take two

The Galaxy Fold comes in a nice box. It’s a thing I rarely, if ever, mention in product write-ups, because, if done right, shipping containers are generally the least interesting thing about a product. But Samsung, to its credit, has taken great care. That’s been one of the constants across this admittedly bungled product launch: presentation.

The first time I saw the device, it was well lit, in an elaborate display behind several layers of glass on the floor of Mobile World Congress. Samsung wasn’t letting anyone go past a literal velvet rope a few feet from the device.

When we finally got our hands on the Fold, Samsung had laid out several large boxes, which, when opened, had the effect of raising the device up, toward the viewer. It was a fun thing for a room full of journalists who had largely been engaging with the product through guarded curiosity, wondering aloud whether it would ever actually see the light of day.

Samsung Galaxy Fold

That skepticism was warranted, as it turned out. The Fold came back broken from several reviewers. After placing the blame at the feet of users, Samsung eventually changed tack, pushed back the April release date indefinitely and tried to get to the bottom of what was going on with the product.

This week, the Fold returns to North American store shelves — or, rather, it finally debuts, about five months after initially planned. And once again, Samsung’s delivering the device in a nice box. The purpose of this one, however, is as much about setting expectations as it is providing a splashy debut.

Really, it’s like the analog version of the “Caring for Your Fold” video the company debuted on YouTube last week. It was as flashy and well-produced as we’d expect from Samsung, right down to the dramatic piano music while instructing the viewer to “Just use a light touch.” That note arrived with its own (somewhat redundant) footnote: “Do not apply excessive pressure to it.”

Similarly, the Fold box comes with its fair share of paperwork. The first bit is an overview of Galaxy Fold “Premier Service,” the white-glove offering the company announced a while back. That was, it explained, the reason it canceled initial AT&T pre-orders. The 24/7 service comes free with the purchase of the $2,000 phone, offering users phone support, starting with setup. The company’s got a call center in North Carolina fielding the calls during U.S. business hours, and routes them abroad after that.

There are other elements to it, as well, including a $149 screen warranty. All of these pieces add up to a company confident enough to bring the product back to market, but not quite ready to ensure that the Fold’s screens might not crack under pressure for some. In fact, there’s a five-point warranty adhered to the screen that warns against:

  • Excessive pressure (It’s the terror of knowing what the world is about / Watching some good friends screaming / “Let me out!”)
  • Placing objects like keys on the screen before folding
  • Exposing the Fold to water or dust
  • Adding your own screen protector to the existing screen protector
  • Keeping the device next to easily deactivated objects like credit cards (or, in my experience, hotel key cards) and *gulp* implanted medical devices

Samsung Galaxy Fold

The product does, thankfully, ship with a case, which is a thin, two-piece snap-on covering. It won’t protect the front display from scratches, but it may help the product avoid dings if dropped. When closed, at least. I’m very much looking forward to someone purchasing the device for extensive drop testing while open.

Samsung does get some bonus points for also throwing in a pair of its very good Galaxy Buds Bluetooth earbuds for free. A nice gesture, to be sure.

As those who read the site with some regularity likely already know, we’ve actually spent a significant amount of time with the device. I was carrying the original version of the Fold around during our Robotics event back in April. Fitting, I suppose, that I’ll be sporting it next week at Disrupt. I do once again plan to hold onto the phone for a bit to get a better idea of day to day life with the foldable (though I likely won’t be doing daily dispatches this time).

Full disclosure: Samsung just gave us the revised version of the product yesterday afternoon. Hardly enough time to give you anything conclusive, so I’m not going to pretend to do so here. I will say that aesthetically, very little has changed. For better and worse. The one immediate thing that leaps out is the lack of a visible screen protector.

If you’ll recall, that was a major source of the problems last time out. The edges of the built-in screen protector were visible and, yes, it looked an awful lot like the removable screen protectors other Galaxy products ship with. Did I peel it off? No. Was I tempted? You better believe it.

Samsung Galaxy Fold

This time out, the laminate has been extended to under the outer edges to avoid that temptation altogether. The other big fixes include plugging the gaps in the hinges that previously allowed debris to fall behind the screen, damaging it when pressure is applied. There’s also a new, unseen layer of metal under the display designed to reinforce the screen. This gives the device a slightly more rigid feel.

Otherwise, the hardware is largely unchanged, including the small 4.6-inch window display up front and the large 7.3-inch foldable screen inside, which still has a visible seam when the light reflects it at an angle.

There’s a tacit understanding that the Fold is an imperfect device. The product builds upon a decade of experience creating Galaxy flagship smartphones, along with all of Samsung’s prior electronics knowledge, but the foldable category is still very much a kind of uncharted territory. Companies are going to fail plenty before they succeed here, and at very least, Samsung deserves some kudos for being among the first to try the thing, tumbling a bit and getting back up and trying again.

There remains the important question, however, of whether consumers are okay with what feels a little like an extended beta test — albeit one that costs $2,000 to join. Thankfully, Samsung got some of those unfortunate bungles out of the way before bringing the product to market. Along with a reinforced display, however, Samsung does appear to be girding itself for the possibility that consumers will find creative and new ways to mangle the display — accidentally and otherwise.

Suffice it to say, I’ve got a lot more thoughts on the matter, many of which I’ll be formulating over the coming days and weeks. So, stay tuned for those. Meantime, if you’d like to leap before you look, the Fold can be yours this Friday, starting at $1,980 U.S.

Powered by WPeMatico

Tibetans hit by the same mobile malware targeting Uyghurs

A recently revealed mobile malware campaign targeting Uyghur Muslims also ensnared a number of senior Tibetan officials and activists, according to new research.

Security researchers at the University of Toronto’s Citizen Lab say some of the Tibetan targets were sent specifically tailored malicious web links over WhatsApp, which, when opened, could have stealthily gained full access to their phone, installed spyware and silently stole private and sensitive information.

The exploits shared “technical overlaps” with a recently disclosed campaign targeting Uyghur Muslims, an oppressed minority in China’s Xinjiang state. Google last month disclosed the details of the campaign, which targeted iPhone users, but did not say who was targeted or who was behind the attack. Sources told TechCrunch that Beijing was to blame. Apple, which patched the vulnerabilities, later confirmed the exploits targeted Uyghurs.

Although Citizen Lab would not specify who was behind the latest round of attacks, the researchers said the same group targeting both Uyghurs and Tibetans also utilized Android exploits. Those exploits, recently disclosed and detailed by security firm Volexity, were used to steal text messages, contact lists and call logs, as well as watch and listen through the device’s camera and microphone.

It’s the latest move in a marked escalation of attacks on ethnic minority groups under surveillance and subjection by Beijing. China has long claimed rights to Tibet, but many Tibetans hold allegiance to the country’s spiritual leader, the Dalai Lama. Rights groups say China continues to oppress the Tibetan people, just as it does with Uyghurs.

A spokesperson for the Chinese consulate in New York did not return an email requesting comment, but China has long denied state-backed hacking efforts, despite a consistent stream of evidence to the contrary. Although China has recognized it has taken action against Uyghurs on the mainland, it instead categorizes its mass forced detentions of more than a million Chinese citizens as “re-education” efforts, a claim widely refuted by the west.

The hacking group, which Citizen Lab calls “Poison Carp,” uses the same exploits, spyware and infrastructure to target Tibetans as well as Uyghurs, including officials in the Dalai Lama’s office, parliamentarians and human rights groups.

Bill Marczak, a research fellow at Citizen Lab, said the campaign was a “major escalation” in efforts to access and sabotage these Tibetans groups.

In its new research out Tuesday and shared with TechCrunch, Citizen Lab said a number of Tibetan victims were targeted with malicious links sent in WhatsApp messages by individuals purporting to work for Amnesty International and The New York Times. The researchers obtained some of those WhatsApp messages from TibCERT, a Tibetan coalition for sharing threat intelligence, and found each message was designed to trick each target into clicking the link containing the exploit. The links were disguised using a link-shortening service, allowing the attackers to mask the full web address but also gain insight into how many people clicked on a link and when.

“The ruse was persuasive,” the researchers wrote. During a week-long period in November 2018, the targeted victims opened more than half of the attempted infections. Not all were infected, however; all of the targets were running non-vulnerable iPhone software.

One of the specific social engineering messages, pretending to be an Amnesty International aid worker, targeting Tibetan officials (Image: Citizen Lab/supplied)

The researchers said tapping on a malicious link targeting iPhones would trigger a chain of exploits designed to target a number of vulnerabilities, one after the other, in order to gain access to the underlying, typically off-limits, iPhone software.

The chain “ultimately executed a spyware payload designed to steal data from a range of applications and services,” said the report.

Once the exploitation had been achieved, a spyware implant would be installed, allowing the attackers to collect and send data to the attackers’ command and control server, including locations, contacts, call history, text messages and more. The implant also would exfiltrate data, like messages and content, from a hardcoded list of apps — most of which are popular with Asian users, like QQMail and Viber.

Apple had fixed the vulnerabilities months earlier (in July 2018); they were later confirmed as the same flaws found by Google earlier this month.

“Our customers’ data security is one of Apple’s highest priorities and we greatly value our collaboration with security researchers like Citizen Lab,” an Apple spokesperson told TechCrunch. “The iOS issue detailed in the report had already been discovered and patched by the security team at Apple. We always encourage customers to download the latest version of iOS for the best and most current security enhancements.”

Meanwhile, the researchers found that the Android-based attacks would detect which version of Chrome was running on the device and would serve a matching exploit. Those exploits had been disclosed and were “obviously copied” from previously released proof-of-concept code published by their finders on bug trackers, said Marczak. A successful exploitation would trick the device into opening Facebook’s in-app Chrome browser, which gives the spyware implant access to device data by taking advantage of Facebook’s vast number of device permissions.

The researchers said the code suggests the implant could be installed in a similar way using Facebook Messenger, and messaging apps WeChat and QQ, but failed to work in the researchers’ testing.

Once installed, the implant downloads plugins from the attacker’s server in order to collect contacts, messages, locations and access to the device’s camera and microphone.

When reached, Google did not comment. Facebook, which received Citizen Lab’s report on the exploit activity in November 2018, did not comment at the time of publication.

“From an adversary perspective what makes mobile an attractive spying target is obvious,” the researchers wrote. “It’s on mobile devices that we consolidate our online lives and for civil society that also means organizing and mobilizing social movements that a government may view as threatening.”

“A view inside a phone can give a view inside these movements,” they said.

The researchers also found another wave of links trying to trick a Tibetan parliamentarian into allowing a malicious app access to their Gmail account.

Citizen Lab said the threat from the mobile malware campaign was a “game changer.”

“These campaigns are the first documented cases of iOS exploits and spyware being used against these communities,” the researchers wrote. But attacks like Poison Carp show mobile threats “are not expected by the community,” as shown by the high click rates on the exploit links.

Gyatso Sither, TibCERT’s secretary, said the highly targeted nature of these attacks presents a “huge challenge” for the security of Tibetans.

“The only way to mitigate these threats is through collaborative sharing and awareness,” he said.

Powered by WPeMatico