Today’s topics include Apple considering dropping Qualcomm parts in its next iPhones and iPads; Apple patching the KRACK vulnerability in iOS and macOS; Mobile Pwn2Own 2017 hackers exploiting fully patched mobile devices; and Google’s release of a private link service to its cloud services.
Apple reportedly is considering dropping Qualcomm modem parts in its next iPhones and iPads, instead buying the parts from Intel or MediaTek.
The reason, according to an Oct. 31 story by The Wall Street Journal, is because “Qualcomm has withheld software critical to testing its chips in iPhone and iPad prototypes.” About half of today’s iPhones use Qualcomm modem chips, while the other half use Intel chips.
A Qualcomm spokesperson claims that, despite Qualcomm filing lawsuits in China with the International Trade Commission recently to ban sales of the latest iPhones due to alleged patent infringement, the company’s partnership with Apple remains strong. “We are committed to supporting Apple’s new devices,” the spokesperson said, adding that, “Qualcomm’s wireless solutions remain the gold standard for premium tier smartphones.”
Apple released updated versions of its mobile iOS and desktop macOS operating systems on Oct. 31, patching a critical WiFi security vulnerability known as KRACK that was disclosed Oct. 16.
KRACK is an acronym for Key Reinstallation Attacks and was discovered by security researcher Mathy Vanhoef working at Belgian University KU Leuven. KRACK is a series of related vulnerabilities that could enable an attacker to reuse or replay WPA2 WiFi encryption handshake keys to gain access to an encrypted WiFi data stream.
A number of vendors, including Aruba, Cisco, Red Hat, Juniper Networks, ZyXEL, Samsung, Intel and Microsoft, had a patch for KRACK on or before Oct. 16. While Apple is one of the last major vendors to release a patch, to date there have been no major reports of any known attacks in the wild.
On Nov. 1, the first day of the Mobile Pwn2Own 2017 hacking competition in Tokyo, security researchers made a total of seven exploit attempts against fully patched mobile devices. Five attempts were successful, including ones on the fully patched Apple iPhone 7, Samsung Galaxy S8 and Huawei Mate9 Pro devices.
Three of the five successful exploits were made against Apple devices updated with the latest iOS 11.1 operating system, including two browser exploits against Safari and one WiFi exploit. Researchers also took aim at Android devices, with one researcher demonstrating a chain of flaws on the Samsung Galaxy S8 that led to arbitrary code execution.
Researchers who demonstrated the successful exploits were rewarded with a total of $350,000 in prize money from Trend Micro’s Zero Day Initiative, which runs the contest.
Also on Nov. 1, Google announced the general availability of its Dedicated Interconnect option that allows large enterprises to move a lot of data to Google’s cloud services via a fast, private connection, reducing cost while delivering high bandwidth and reliability.
Dedicated Interconnect provides a direct unencrypted circuit to Google’s network, reserved only for that specific organization’s traffic, to eliminate competition with traffic from Google’s other cloud customers.
Organizations using the direct interconnect will need to install their own routing equipment at one of Google’s four dozen colocation facilities around the world. Each interconnect will support a maximum of eight 10G-bps Ethernet connections or a total bandwidth of 80G bps per interconnect. Pricing for the Dedicated Interconnect service starts at $1,700 per month for a single 10G-bps link.