QR Codes: Apple messed it up (again)

… For years I have been talking about the dangers of QR codes…. well here’s one of the convenient Apple preload functions, I assume, messing it up: The Hacker News — Online Cyber Security News & Analysis … :

You need to open the Camera app on your iPhone or iPad and point the device at a QR code. If the code contains any URL, it will give you a notification with the link address, asking you to tap to visit it in Safari browser. However, be careful — you may not be visiting the URL displayed to you, security researcher Roman Mueller discovered. According to Mueller, the URL parser of built-in QR code reader for iOS camera app fails to detect the hostname in the URL, which allows attackers to manipulate the displayed URL in the notification, tricking users to visit malicious websites instead.

Apple: Clean Cobalt – BMW: Certified Clean Cobalt with Blockchain!

The interesting thing about this story (thanks to Fefe!) is not that BMW is using Blockchain now. And it’s not that they go for Cobalt from Congo for their batteries. That all makes perfect sense, given that you want to prove with a probably unhackable certificate story that your Kobalt mining activities do not harm locals or the environment. No, the really interesting part of the story is: BMW and Apple are now competitors. Yep, read that again.

90+ % pure Cobalt

(Alchemist-hp (talk) (www.pse-mendelejew.de), Pure (99%+) Cobalt, Wikimedia)

They used to be alliance friends, partners and we may remember iDrive and similar naming stuff – and the fact that you could only attach your iPhone to the BMW in a reasonable way. Now there’s Samsung-only keyless features for BMWs and Apple cars out there. Since Apple is investigating its capabilities in the electric, autonomous driving market, they more and more become a competitor to BMW.

At least when it’s about batteries and the much needed Cobalt ressources. These are mostly available in Africa, in Congo (80% says the article), and customers are very well aware by now of the blood diamonds and similar painful stories of exploitation.

So only a few days after Apple announced “that it will be negotiating directly with miners“, BMW’s partner Circulor steps in and snarkily comments “We believe it makes economic sense to start with sources that aren’t a problem” and:

… the trial of their blockchain supply chain solution allows supplying of a barcode to what is known as clean cobalt”, ie. cobalt that has been ethically sourced, and adds the key destinations of its trip to a ledger on their blockchain solution. Apart from proving the source of the cobalt and providing a record for it, the solution will likely also bring down regulatory compliance costs.

Best voice recognition? No, it’s not Apple, Google or Microsoft – the NSA does the best job.

A recent Intercept post once more shows great insight into history and state of NSA technologies. This time it’s about voice recognition and recognizing “who’s speaking” within very little time. Things have changed since the cold war, but I was not aware of secret services creating so-called voiceprints of all of us – including and focusing on non-US citizens. There’s an NSA program called Voice RT (link), but also China and Europe are involved:

In November, a major international speaker recognition effort funded by the European Union passed its final test, according to an Interpol press release. More than 100 intelligence analysts, researchers, and law enforcement agents from over 50 countries — among them, Interpol, the U.K.’s Metropolitan Police Service, and the Portuguese Polícia Judiciária — attended the demonstration, in which researchers proved that their program could identify “unknown speakers talking in different languages … through social media or lawfully intercepted audios.”

The Intercept

NSA documents reviewed by The Intercept outline the contours of a similarly expansive system — one that, in the years following 9/11, grew to allow “language analysts to sift through hundreds of hours of voice cuts in a matter of seconds and selects items of potential interest based on keywords or speaker voice recognition.”

Last week the US senate agreed on extending these surveillance measures, and the NSA’s goal is clear, not only since the 2010 conference where its directors clarified:

“It is all about locating, tracking, and maintaining continuity on individuals across space and time. It’s not just the traditional communications we’re after — It’s taking a ‘full arsenal’ approach.”