Today’s topics include Apple’s efforts to permanently fix battery defects in the iPhone 6 and 7, the news that security researchers have found a way to crack the Secure Hash Algorithm-1 cryptographic function, Google’s lawsuit against Uber claiming theft of self-driving vehicle trade secrets and how the Cloudflare online security service responded to reports of a critical flaw in its own systems.
The message on Twitter had the ominous overtones of recent Samsung problems, when Twitter user Bree posted a video of her heat-blistered iPhone 7 Plus with smoke seeping out around the edges.
This wasn’t the first time that an iPhone 7 fire had been reported, but this was the first video of the incident to show up on social media. Previously, scattered reports of burning and exploding iPhone 7 devices had been reported, but none seemed to have public evidence.
As you might expect, the viral nature of the Twitter posting caught Apple’s attention. The company replaced the iPhone and collected the burned one to investigate. The incident happened on Feb. 22 and Apple hasn’t had time to complete its investigation.
Security researchers at Google and the CWI Institute in Amsterdam have found a way to crack the Secure Hash Algorithm-1 cryptographic function.
The two organizations Thursday announced what they described as the first practical collision attack against SHA-1. In other words, what they have done is find a way to mathematically generate identical SHA-1 hashes for two entirely different sets of content, something that should typically never happen with a hash function.
A cryptographic hash is basically an alphanumeric representation of input data. A sentence or a word that goes through a cryptographic function comes out as a unique hash value or a fixed-length string of letters and numbers that bear no resemblance to the input data. With a strong hash function it is almost impossible to reverse the hash value to its original content.
Google parent Alphabet’s Waymo self-driving car subsidiary has sued ride-sharing giant Uber for allegedly stealing its trade secrets and using the information to build competing technology.
In a 28-page lawsuit filed in federal court in San Francisco this week, Waymo accused Uber of trade secret misappropriation, patent infringement, and unfair competition pertaining to LIDAR, a laser based technology designed to let self-driving vehicles “see” traffic, pedestrians and other obstacles.
Waymo’s complaint alleges that Anthony Levandowski, a former manager at the company, illegally downloaded some 14,000 proprietary and confidential files pertaining to LIDAR shortly before he left Waymo to establish a self-driving truck company of his own called Otto.
Google Project Zero security researcher Tavis Ormandy reported critical flaws on the Cloudflare cloud security service that could have potentially enabled the leakage of user passwords and data.
The flaws were initially reported by Ormandy on Feb. 18, though public disclosure of the issue was only made on Feb. 23. “It was clearly a serious issue and we formed a team immediately to work on it,” John Graham-Cumming, CTO of Cloudflare told eWEEK.
Cloudflare shutdown one of the capabilities that was at the root cause of the data leakage risk, within 90 minutes of getting the vulnerability details from Google.
However, the team discovered that simply patching the company’s own systems wasn’t enough, since Cloudflare discovered that Google as well as other search engines, had actually cached some of the leaked memory by way of regular crawling.
“The infosec team worked to identify URIs in search engine caches that had leaked memory and get them purged,” Graham-Cumming wrote in a blog post.