• chevron_right

    In win for Google, judge dismisses many claims in DOJ monopoly case / ArsTechnica · Monday, 7 August - 19:02

In win for Google, judge dismisses many claims in DOJ monopoly case

Enlarge (credit: NurPhoto / Contributor | NurPhoto )

Over the weekend, a US district court judge decided to narrow the scope of the federal government's massive years-long monopoly case against Google.

In his opinion unsealed Friday, Judge Amit Mehta dismissed one of the more significant claims raised in the case brought by the Justice Department and the attorneys general from 38 states that alleges that Google rigged search results to boost its own products over those of competitors like Amazon, OpenTable, Expedia, or eBay. Mehta said that these claims were "raised only by the Colorado plaintiffs" and failed to show evidence of anticompetitive effects, relying only on the "opinion and speculation" of antitrust legal expert Jonathan Baker, who proposed a theory of anticompetitive harm.

"Simply put, there is no record evidence of anticompetitive harm in the relevant markets" resulting from Google allegedly limiting competitors' visibility in search results, Mehta said.

Read 9 remaining paragraphs | Comments

  • chevron_right

    Android malware steals user credentials using optical character recognition / ArsTechnica · Friday, 28 July - 20:31 · 1 minute

Android malware steals user credentials using optical character recognition

Enlarge (credit: Getty Images)

Security researchers have unearthed a rare malware find: malicious Android apps that use optical character recognition to steal credentials displayed on phone screens.

The malware, dubbed CherryBlos by researchers from security firm Trend Micro, has been embedded into at least four Android apps available outside of Google Play, specifically on sites promoting money-making scams. One of the apps was available for close to a month on Google Play but didn’t contain the malicious CherryBlos payload. The researchers also discovered suspicious apps on Google Play that were created by the same developers, but they also didn’t contain the payload.

Advanced techniques

The apps took great care to conceal their malicious functionality. They used a paid version of commercial software known as Jiagubao to encrypt code and code strings to prevent analysis that can detect such functionality. They also featured techniques to ensure the app remained active on phones that had installed it. When users opened legitimate apps for Binance and other cryptocurrency services, CherryBlos overlaid windows that mimicked those of the legitimate apps. During withdrawals, CherryBlos replaced the wallet address the victim selected to receive the funds with an address controlled by the attacker.

Read 13 remaining paragraphs | Comments

  • chevron_right

    Pocket assistant: ChatGPT comes to Android / ArsTechnica · Wednesday, 26 July - 15:08

An OpenAI logo on top of an AI-generated background

Enlarge (credit: OpenAI)

On Tuesday, OpenAI released an official ChatGPT app for Android, now available in the Google Play Store in four countries: the US, India, Bangladesh, and Brazil, with more coming soon. As a client for OpenAI's language model family, the GPT-3.5 and GPT-4 models run on the cloud and provide results to your Android device. It also integrates OpenAI's Whisper model for speech recognition.

ChatGPT, launched in November, is a conversational AI language model interface. As an AI assistant, it can help with summarization, text composition, and analysis. OpenAI bills its use cases as a way to seek "instant answers," "tailored advice," "creative inspiration," "professional input," and "learning opportunities."

However, as we've noted in the past , ChatGPT is occasionally prone to confabulation (that is, making things up)—especially the GPT-3.5 model—so it's not entirely trustworthy as a factual reference. It can come in handy as a way to analyze data you provide yourself, though, so long as you're familiar with the subject matter and can validate the results.

Read 3 remaining paragraphs | Comments

  • chevron_right

    App with 50,000 Google Play installs sent attackers mic recordings every 15 minutes / ArsTechnica · Wednesday, 24 May - 17:49 · 1 minute

App with 50,000 Google Play installs sent attackers mic recordings every 15 minutes

Enlarge (credit: Getty Images)

An app that had more than 50,000 downloads from Google Play surreptitiously recorded nearby audio every 15 minutes and sent it to the app developer, a researcher from security firm ESET said.

The app, titled iRecorder Screen Recorder, started life on Google Play in September 2021 as a benign app that allowed users to record the screens of their Android devices, ESET researcher Lukas Stefanko said in a post published on Tuesday. Eleven months later, the legitimate app was updated to add entirely new functionality. It included the ability to remotely turn on the device mic and record sound, connect to an attacker-controlled server, and upload the audio and other sensitive files that were stored on the device.

Surreptitious recording every 15 minutes

The secret espionage functions were implemented using code from AhMyth , an open source RAT—short for remote access trojan—that has been incorporated into several other Android apps in recent years. Once the RAT was added to iRecorder, all users of the previously benign app received updates that allowed their phones to record nearby audio and send it to a developer-designated server through an encrypted channel. As time went on, code taken from AhMyth was heavily modified, an indication that the developer became more adept with the open source RAT. ESET named the newly modified RAT in iRecorder AhRat.

Read 15 remaining paragraphs | Comments

  • chevron_right

    Lawsuit accuses DoorDash of charging iPhone users more for identical orders / ArsTechnica · Monday, 22 May - 17:29

Bike rider delivery DoorDash in Manhattan

Enlarge / A class-action lawsuit claims that DoorDash makes it seem to customers like the distance and effort of a delivery change its fees, when the company's algorithm—and their phone choice—allegedly have more of an impact. (credit: Michael Nagle/Bloomberg via Getty)

A class-action lawsuit claims that DoorDash uses hard-to-pin-down delivery fees to systematically charge the delivery service's iPhone users more than others.

The lawsuit (PDF), filed May 5 in the District of Maryland, came in hot. Plaintiff Ross Hecox, in addition to his two children and a presumptive class of similarly situated iPhones, briefly defines DoorDash as an online marketplace with 32 million users and billions of dollars in annual revenue.

" Yet, DoorDash generates its revenues not only through heavy-handed tactics that take advantage of struggling merchants and a significant immigrant driver workforce, but also through deceptive, misleading, and fraudulent practices that illegally deprive consumers of millions, if not billions, of dollars annually," the suit adds. "This lawsuit details DoorDash’s illegal pricing scheme and seeks to hold DoorDash accountable for its massive fraud on consumers, including one of the most vulnerable segments of society, minor children."

Read 9 remaining paragraphs | Comments

  • chevron_right

    Musk calls out WhatsApp bug ahead of rolling out encrypted Twitter DMs / ArsTechnica · Wednesday, 10 May - 18:00

Musk calls out WhatsApp bug ahead of rolling out encrypted Twitter DMs

Enlarge (credit: Clive Mason - Formula 1 / Contributor | Formula 1 )

The new features on Twitter keep coming, as CEO Elon Musk has announced that today the platform will release an early version of encrypted direct messages that will "grow in sophistication rapidly." The move seemingly signaled Musk's intention to entice users to spend more time on the platform by maximizing the privacy of personal communications.

"The acid test is that I could not see your DMs even if there was a gun to my head," Musk tweeted.

In the same tweet, Musk said that voice and video chat from Twitter handles would be "coming soon," and he confirmed that any users with the latest version of the app "can DM reply to any message in the thread (not just most recent) and use any emoji reaction."

Read 14 remaining paragraphs | Comments

Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker

This data is sent without user consent, unencrypted, and even when using a Google-free #Android distribution. This is possible because of proprietary Qualcomm #software which provides hardware support also sends the #data. #USA