Huawei has blamed the U.S. for the chip crunch rocking the global tech industry, saying Washington's sanctions against Chinese companies have spurred panic buying of semiconductors and other supplies. From a report: "Because of the U.S. sanctions against Huawei, we have seen panic stockpiling among global companies, especially the Chinese ones. In the past, companies were barely stockpiling, but now they are building up three or six months' worth of inventory ... and that has disrupted the whole system," Rotating Chairman Eric Xu said at the company's 18th Huawei Analyst Summit. The U.S. has placed Huawei and other Chinese tech companies on trade blacklists that restrict their access to American technology, citing national security risks. "Clearly the unwarranted U.S. sanctions against Huawei and other [Chinese] companies are creating an industry-wide supply shortage, and this could even trigger a new global economic crisis," Xu added. Xu's remarks come hours before the White House plans to host a summit aimed at addressing the chip shortage, with an emphasis on its impact on the automotive industry. Dozens of executives from U.S., Asian and European tech companies and automakers -- including General Motors, Ford, Google, Intel, Taiwan Semiconductor Manufacturing Co., Samsung Electronics, and NXP -- are slated to attend the event. White House officials have already acknowledged that the chip shortage may be difficult to solve in the short term.

According to a new report from Light Reading, the three major U.S. carriers (four at the time) have reportedly abandoned their joint venture to launch a new Cross Carrier Messaging Initiative (CCMI), that promised interoperability for an RCS Universal Profile-based messaging standard. It was originally set to be launched in 2020. [For a detailed explanation of RCS Messaging, we recommend this article.] Android Police reports: Although the company handling the logistics behind the cross-carrier effort claims that it's still "continuing to move forward with preparations," a Verizon spokesperson told Light Reading that "the owners of the Cross Carrier Messaging Initiative decided to end the joint venture effort." [...] This may seem like bad news, but things have changed since 2019. In the time since the CCMI was announced, Google leapfrogged the carrier's selfish dithering and rolled out its own RCS messaging solution via the Messages app, all connected to its Jibe network (though it will use your carrier network if it's Universal Profile-compatible). It's a move that means customers don't have to wait on their carriers to start the work they should have done five years ago. More recently, T-Mobile has essentially handed the reins for its whole network messaging solution to Google by adopting Messages as the default SMS app for all T-Mobile phones, connecting all its customers to Google's RCS network.

Given what has and hasn't succeeded when it comes to RCS messaging, what we'd like to see is for Verizon and AT&T to follow T-Mobile, give up on their own stupid standards, and simply adopt Google's RCS Messaging -- either by connecting their chat apps to Google's Jibe network somehow or by adopting the Messages app as sanctioned solutions, as T-Mobile did. But in the meantime, there's nothing to prevent customers on either network from just installing the Messages app themselves and bypassing the carrier mess altogether -- especially since it sounds like the carriers have given up on fixing it.

An anonymous reader quotes a report from ZDNet: Good news, disabled Australians! You'll soon be getting an app that will implement a welfare compliance regime designed by the people who brought you robo-debt. But don't worry, it'll have blockchain. No, this isn't good news at all. What makes it worse is that it's clear the government wants to extend technology-driven compliance to all Australians, with an emphasis on cracking down on your mistakes, not theirs. Kathryn Campbell, Secretary of the Department of Social Services, says the long-term plan is to have one app for all Commonwealth government services. "One to rule the world," she said last month, apparently oblivious to how evil that sounds.

Senators are already worried that the disability app, intended to be used by participants in the National Disability Insurance Scheme (NDIS) to claim expenses against their support plan, will go the way of COVIDSafe: Millions of dollars spent on technology that doesn't really do the job. The intention was to fix a poor web experience, and allow claims to be made from a mobile device. But instead of simply creating a better website, in 2018, the Digital Transformation Agency (DTA) joined forces with CSIRO's Data61 and the Commonwealth Bank to trial blockchain-based smart money that would magically know whether the expense was legitimate or not. According to the CEO of the National Disability Insurance Agency (NDIA), Martin Hoffman, that pilot app has been "very popular and well-received," and the feedback has been "extremely positive." The app will be "fully available in the coming months, first on Google Play and then Apple's app store," he said. "Given the horrendously complex NDIS environment, defective processes and vulnerable people, there needs to be considerable caution in the application of blockchain technology," wrote former NDIS Technology Authority chief Marie Johnson in a submission [PDF] to the Parliamentary Joint Standing Committee on the NDIS. "Blockchain in itself -- as with other technology innovations -- does not address fundamental design and human rights issues. Ethics is paramount. The involvement of the Commonwealth Bank itself raises further ethics issues, given the value of participant data; the size of the market; and the yet to be realized emarket honey pot of data, funds and services."

You can view the detailed "Making Money Smart: Empowering NDIS participants with Blockchain technologies" report here (PDF).

An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave. From a report: The researcher, Rajvardhan Agarwal, told The Record today that the exploit code is for a Chromium bug that was used during the Pwn2Own hacking contest that took place last week. During the contest, security researchers Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security used a vulnerability to run malicious code inside Chrome and Edge, for which they received $100,000. Per contest rules, details about this bug were handed over to the Chrome security team so the bug could be patched as soon as possible. While details about the exact nature of the bug were never publicly disclosed, Agarwal told The Record he spotted the patches for this bug by looking at the source code commits to the V8 JavaScript engine, a component of the Chromium open-source browser project, which allowed him to recreate the Pwn2Own exploit, which he uploaded earlier today on GitHub, and shared on Twitter. However, while Chromium developers have patched the V8 bug last week, the patch has not yet been integrated into official releases of downstream Chromium-based browsers such as Chrome, Edge, and others, which are still vulnerable to attacks.

Google has announced that the Google Play Movies and TV app will no longer be available on any Roku set-top box or any Samsung, LG, Vizio or Roku smart TV starting July 15th. The Verge reports: If you have movies or TV shows purchased or rented through the service, you'll still be able to access them through the "Your movies and shows" section of the YouTube app on those devices. This change will also affect you if if you used the Movies and TV app to access Movies Anywhere, the service that allows you to redeem codes from DVDs and Blu-rays so you can access your media digitally. Google has confirmed to The Verge that users who relied on Play Movies and TV to access that content will be able to do so through YouTube.

There are a few other caveats to note in the transition to YouTube. Your Watchlist will no longer be viewable in the app (though it can still be seen on the web by Googling "my watchlist"), and while your family can still share the content you bought from the Movie and TV store, any purchases made in the YouTube app won't be shared with your family. [The Verge's article breaks down all the various ways you can access the content you purchased through the Play Store after July 15th.]

Apple has been a laggard in the smart-home space, but a versatile new device in early development could change that. From a Bloomberg report: The company is working on a product that would combine an Apple TV set-top box with a HomePod speaker and include a camera for video conferencing through a connected TV and other smart-home functions, according to people familiar with the matter, who asked not to be identified discussing internal matters. The device's other capabilities would include standard Apple TV box functions like watching video and gaming plus smart speaker uses such as playing music and using Apple's Siri digital assistant.

If launched, it would represent Apple's most ambitious smart-home hardware offering to date. The Cupertino, California-based technology giant is also mulling the launch of a high-end speaker with a touch screen to better compete with market leaders Google and Amazon.com, the people said. Such a device would combine an iPad with a HomePod speaker and also include a camera for video chat. Apple has explored connecting the iPad to the speaker with a robotic arm that can move to follow a user around a room, similar to Amazon's latest Echo Show gadget. Development of both Apple products is still in the early stages, and the company could decide to launch neither or change key features. The company often works on new concepts and devices without ultimately shipping them.

An anonymous reader writes: If you're a frequent user of WhatsApp, you may want to keep an eye on a disturbing hole discovered in its security this weekend. It's possible for an attacker to completely suspend your WhatsApp account, without any recourse for the individual user, and all they need is your phone number. At the time of writing there's no solution for this issue.

This newly-discovered flaw uses two separate vectors. The attacker installs WhatsApp on a new device and enters your number to activate the chat service. They can't verify it, because of course, the two-factor authentication system is sending the login prompts to your phone instead. After multiple repeated and failed attempts, your login is locked for 12 hours. Here's where the tricky part comes in: with your account locked, the attacker sends a support message to WhatsApp from their email address, claiming that their (your) phone has been lost or stolen, and that the account associated with your number needs to be deactivated. WhatsApp "verifies" this with a reply email, and suspends your account without any input on your end. The attacker can repeat the process several times in succession to create a semi-permanent lock on your account. The results are disturbing, but at the very least, this method can't be used to actually gain access to an account, merely to block access by its legitimate owner. Confidential text messages and contacts are not exposed. The proof-of-concept attack was first reported by Forbes from security researchers Luis Marquez Carpintero and Ernesto Canales Perena. There's no indication that it's being used in the wild.

An anonymous reader quotes a report from 9to5Google: A new Google Shopping experience that featured a personalized homepage launched in 2019. On Android, Google rebranded the existing Express app to Shopping, but it's now shutting down the mobile experience in favor of just the web. The [Android and iOS clients] will continue to work through June. It comes as Google has been expanding shopping functionality in Search, Image Search, and YouTube, while increasingly leveraging augmented reality: "Within the next few weeks, we'll no longer be supporting the Shopping app. All of the functionality the app offered users is available on the Shopping tab. We'll continue building features within the Shopping tab and other Google surfaces, including the Google app, that make it easy for people to discover and shop for the products they love."

The Federal Communications Commission has released a new speed test app to help measure internet speeds across the country, available on both Android and iOS. From a report: The FCC Speed Test App works similarly to existing speed-testing apps like Ookla's and Fast by Netflix, automatically collecting and displaying data once users press the "start testing" button. According to the FCC, the data collected through the app will inform the agency's efforts to collect more accurate broadband speed information and aid its broadband deployment efforts. "To close the gap between digital haves and have nots, we are working to build a comprehensive, user-friendly dataset on broadband availability," Acting Chair Jessica Rosenworcel said in a statement Monday. "Expanding the base of consumers who use the FCC Speed Test app will enable us to provide improved coverage information to the public and add to the measurement tools we're developing to show where broadband is truly available throughout the United States."

CIStud writes: The rumors have persisted for some time, and now Logitech has officially confirmed it has discontinued its once-vaunted Harmony remote controls, including the line of Logitech Harmony Pro programmable remotes for custom installers. Logitech plans to continue maintaining the Harmony database and software. The discontinuation does not affect the operation or the warranty on any Harmony remotes being used by integrators' clients already in the field. Logitech also plans to continue to offer service and support for Harmony remotes. The company also points out that the decision does not affect a customer's ability to interface with the Harmony universal remotes via their Amazon Alexa or Google Assistant voice controls.

An update to England and Wales's contact tracing app has been blocked for breaking the terms of an agreement made with Apple and Google. From a report: The plan had been to ask users to upload logs of venue check-ins - carried out via poster barcode scans -- if they tested positive for the virus. This could be used to warn others. The update had been timed to coincide with the relaxation of lockdown rules. But the two firms had explicitly banned such a function from the start. Under the terms that all health authorities signed up to in order to use Apple and Google's privacy-centric contact-tracing tech, they had to agree not to collect any location data via the software. As a result, Apple and Google refused to make the update available for download from their app stores last week, and have instead kept the old version live.

Google "has utilized a secret program to track bids on its ad-buying platform," writes the New York Post, "and has been accused of using the information to gain an unfair market advantage that raked in hundreds of millions of dollars annually, according to a report." The initiative — dubbed "Project Bernanke" in an apparent reference to former Federal Reserve chairman Ben Bernanke — was detailed in court filings in an ongoing Texas-led antitrust suit, which were initially uploaded to an online docket with incomplete redactions, The Wall Street Journal reported Saturday... Lawyers for the Lone Star State argue, however, that the program was tantamount to insider trading, particularly when combined with Google's complicated, multi-layered role in the online advertising marketplace.

The company operates simultaneously as the operator of a major ad exchange, a representative of both buyers and sellers on the exchange — and a buyer in its own right, according to the suit. By using Project Bernanke's inside information on what other ad buyers were willing to pay for space, Google could tailor its operations to beat out rivals and bid the bare minimum to secure ad inventory, the state reportedly alleges...

Separately, the filings reveal more details about Jedi Blue — an alleged hush-hush deal in which Google allegedly guaranteed that Facebook would win a fixed percentage of advertising deals in which the social media giant bid... Google also admitted that the deal required Facebook to spend $500 million or more in Google's Ad Manager or AdMob bids in the pact's fourth year, and that Facebook agreed to make efforts to win 10 percent of the auctions in which it competed, the WSJ said.

The arrangement appeared "to allow Facebook to bid and win more often in auctions," lawyers for Texas alleged in their filings.

"Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in," reports a new article in Forbes. "Even two-factor authentication will not stop this..."

The attacker triggers a 12-hour freeze on new verification codes being sent to your phone — then simply reports that same phone number as a lost/stolen phone needing deactivation. There are apparently no follow-up questions, and "an automated process has been triggered, without your knowledge, and your account will now be deactivated," Forbes writes.

The phone can't be reactivated without one of those verification codes blocked by that 12-hour freeze (which the attacker can renew for another 12-hour window, until the next day WhatsApp blocks those reactivating codes indefinitely). "There is no sophistication to this attack — that's the real issue here and WhatsApp should address it immediately..." Forbes complains. This shouldn't happen. It shouldn't be possible. Not with a platform used by 2 billion people. Not this easily. When researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, warned they could kill WhatsApp on my phone, blocking me from my own account using just my phone number, I was doubtful. But they were right...

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups. As the world's most popular messenger focuses on mandating new terms of service to enable Facebook's latest money-making schemes, these much-needed advancements remain "in development...."
Reached for comment, WhatsApp told Forbes that any victims of the attack should contact their support team — adding that such an attack would "violate our terms of service."

But Forbes adds "your other option would be to follow Mark Zuckerberg's reported example and start to use Signal..." Unfortunately, playing down the seriousness of security risks has become the in-house style at Facebook. Back in 2019, I reported on a vulnerability that allowed private user phone numbers to be pulled from Facebook databases at scale using automated bots. That hack was acknowledged by Facebook but dismissed as an "unlikely problem." Some 533 million users might now disagree.

Elon Musk's Boring Company showed off its 1.7 mile loop of tunnel underneath the Las Vegas Convention Center this week, and Electrek writes that "it proved to be, well, quite boring... The vehicles are not going faster than 35 mph, and they are not being driven autonomously."

CNET's headline even calls the tunnel "lame," complaining that the project "is quickly turning into Tesla cars driving people underground, rather than some sort of futuristic transport system."

"Detractors say that makes The Boring Company's projects little more than reinvented subways with significantly less passenger capacity," adds Business Insider: Critics also point out that The Boring Company's noble aim of building congestion-alleviating tunnels under cities worldwide ignores the phenomenon of induced demand, which says that more roadways — even underground ones — will give way to more cars.
But Jalopnik had probably the harshest reaction to the Vegas Loop, noting that the speed of the system is "about 10 mph less than the top speed of a 1908 Ford Model T," and calling it "about as exciting as a sheet of unpainted drywall discarded in a closed office park..." Musk's The Boring Company own the machines that dug the tunnels, and those machines, some of which were heavily modified by the company, are capable of using the excess dirt from the tunnel to turn into bricks, which is pretty cool, I guess. Raw, humid thrills of brick-making aside, all this really is are some Teslas driving in tunnels lined with LED lights.

Sure, it's a 45-minute walk (correction, more like 20 minutes, sorry) on the surface and only a few minutes ride underneath, but the system is still remarkably bad at moving large numbers of people per hour, the metric normally used to evaluate mass transit systems. While it was originally intended to move up to 4,400 people per hour, fire regulations will limit the system to moving between 800 and 1,200 people per hour. That said, it looks like the company still states the 4,400 number, when used with 62 cars in the tunnel, though based on the safety issues, this does not seem likely. That's in the same ballpark as normal vehicular street traffic for private cars (600 to 1,600 people per hour) and a lot less than a dedicated bus lane (4,000 to 8,000 per hour) — hell, normal 60-passenger buses can do about 1,800 per hour, if we have them going back and forth every two minutes or so.

A dumb old sidewalk can move 9,000 people an hour! But that's walking, which is what animals do, and it takes a while and has the potential to make you sweat. Proposed moving high-speed sidewalks, similar to the ThyssenKrupp ACCEL system used in the Toronto Pearson International airport, are expected to move about 7,000 people per hour, and such a system would be far cheaper and easier to build... As it stands now, we have a few Teslas driving around in long, narrow loops under the convention center, saving you a bit of walking but doing every other part of the job of moving people worse than almost any other solution.
Business Insider's report adds that the Boring Company "aims to expand the system to other Las Vegas destinations, including the airport and downtown" — and that the company also in talks with Miami officials about a similar project.

Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google's app store, contained malicious adware that flooded the victim's device with unwanted ads. From a report: Kaspersky Lab said that it alerted APKPure on Thursday that its most recent app version, 3.17.18, contained malicious code that siphoned off data from a victim's device without their knowledge, and pushed ads to the device's lock screen and in the background to generate fraudulent revenue for the adware operators. But the researchers said that the malicious code had the capacity to download other malware, potentially putting affected victims at further risk.

Jamie Dimon, JPMorgan Chase chairman and CEO, listed fintech as one of the "enormous competitive threats" to banks in his annual shareholder letter released this week. From a report: "Banks ... are facing extensive competition from Silicon Valley, both in the form of fintechs and Big Tech companies," like Amazon, Apple, Facebook, Google and Walmart, Dimon wrote, and "that is here to stay." Fintech companies, in particular, "are making great strides in building both digital and physical banking products and services," Dimon said. "From loans to payment systems to investing, they have done a great job in developing easy-to-use, intuitive, fast and smart products." This, in part, is why "banks are playing an increasingly smaller role in the financial system," he said.

Fintechs, like Stripe, Robinhood and PayPal, have seen a lot of growth and success in recent years, which may present challenges to traditional banks. While traditional banks have "significant strengths," like "brand, economies of scale, profitability and deep roots with their customers," Dimon also acknowledged their weaknesses. Things like "inflexible 'legacy systems'" along with "extensive regulations," can hinder innovation within banks, though they can arguably also make banks a "safer" option for consumers, too.

A Google proposal which enables a web browser to treat a group of domains as one for privacy and security reasons has been opposed by the W3C Technical Architecture Group (TAG). From a report: Google's First Party Sets (FPS) relates to the way web browsers determine whether a cookie or other resource comes from the same site to which the user has navigated or from another site. The browser is likely to treat these differently, an obvious example being the plan to block third-party cookies. The proposal suggests that where multiple domains owned by the same entity -- such as google.com, google.co.uk, and youtube.com -- they could be grouped into sets which "allow related domain names to declare themselves as the same first-party." The idea allows for sites to declare their own sets by means of a manifest in a known location. It also states that "the browser vendor could maintain a list of domains which meet its UA [User Agent] policy, and ship it in the browser."

In February 2019, Google software engineer Mike West requested a TAG review and feedback on the proposal was published yesterday. "It has been reviewed by the TAG and represents a consensus view," the document says. According to the TAG, "the architectural plank of the origin has remained relatively steady" over the last 10 years, despite major changes in web technology. It added: "We are concerned that this proposal weakens the concept of origin without considering the full implications of this action." The group identified some vagueness in the proposal, such as whether FPS applies to permissions such as access to microphone and camera. A Google Chrome engineering manager has stated: "No, we are not proposing to change the scope for permissions. The current scope for FPS is only to be treated as a privacy boundary where browsers impose cross-site tracking limitations." But the TAG reckons that the precise scope of FPS should be laid out in the proposal. A second concern is over the suggestion that browser vendors would ship their own lists. "This could lead to more application developers targeting specific browsers and writing web apps that only work (or are limited to) those browsers, which is not a desirable outcome," said the TAG.

Google is signaling to the White House that a lack of coordination on tech and trade policy across the Atlantic is hurting business. From a report: Google's head of global policy and government affairs, Karan Bhatia, is urging the Biden administration to accept an invitation from the European Commission to form an EU-U.S. Trade and Technology Council, according to a post shared exclusively with Axios. Around the world, different countries are proposing and enacting trade, tax, privacy and moderation rules impacting U.S. tech companies. On Thursday, the Biden administration proposed a tax agreement for very large multinational companies such as Google, Facebook and Amazon, the Wall Street Journal reports. Today's global regulatory patchquilt is a legacy of trade wars launched intermittently during the Trump administration plus aggressive moves aimed at U.S. tech companies from overseas. "Trans-Atlantic coordination has largely become an afterthought, if itâ(TM)s thought of at all," Bhatia wrote in a blog post. "These policy trends hurt both the U.S. and European economies, risking the 16 million jobs on both sides of the Atlantic linked to transatlantic trade and investment," he wrote. "They also make it harder for the U.S. and the EU to address new global technology challenges and partner with emerging economies in Asia." Bhatia says the Biden administration should opt to participate in the proposed Trade and Technology Council to avoid "unilateral approaches" on data flows between the U.S. and Europe and regulation of digital platforms.

Apple knows that iMessage's blue bubbles are a big barrier to people switching to Android, which is why the service has never appeared on Google's mobile operating system. From a report: That's according to depositions and emails from Apple employees, including some high-ranking executives, revealed in a court filing from Epic Games as part of its legal dispute with the iPhone manufacturer. Epic argues that Apple consciously tries to lock customers into its ecosystem of devices, and that iMessage is one of the key services helping it to do so. It cites comments made by Apple's senior vice president of Internet Software and Services Eddie Cue, senior vice president of software engineering Craig Federighi, and Apple Fellow Phil Schiller to support its argument.

"The #1 most difficult [reason] to leave the Apple universe app is iMessage ... iMessage amounts to serious lock-in," was how one unnamed former Apple employee put it in an email in 2016, prompting Schiller to respond that, "moving iMessage to Android will hurt us more than help us, this email illustrates why." "iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones," was Federighi's concern according to the Epic filing. Although workarounds to using iMessage on Android have emerged over the years, none have been particularly convenient or reliable.

Fallout from Texas' statewide power outages in February continues to spread. Today, the Texas House of Representatives is scheduled to debate a bill that would require power producers to bear the costs of services that help keep the electrical grid stable. From a report: If the bill passes, it would "unfairly shift the cost of ancillary electric services exclusively onto renewable generators rather than all the beneficiaries," according to a letter written by the Partnership for Renewable Energy Finance (PREF), an industry group, and signed by Amazon, Berkshire Hathaway Energy, Goldman Sachs, and a number of other firms. Amazon and other big tech firms have invested heavily in renewable power, seeking to spruce up their images while cutting their power bills. Costs for wind and solar have dropped precipitously in recent years, making investments in wind farms and solar plants attractive to power-hungry data center operators like Amazon, Facebook, and Google.

"It is important to note that these changes neither enhance electric reliability nor lower consumer costs," the letter states. "They appear to be premised on the assumption that renewable energy was disproportionately responsible for the state's February power outages, a thesis that has been unequivocally discredited." The bill would require the grid operator, the Electric Reliability Council of Texas (ERCOT), to "directly assign" ancillary service costs to wind and solar power, specifically. The PREF letter counters that not only do all generators utilize ancillary services, but costs for those services have remained flat over the last decade while wind and solar have grown by more than 250 percent.