The Linkielist

Linking ideas with the world

The Linkielist

Daily Archives: July 2, 2019

Turns out Apple’s Memoji is another product copy, this time from Xiaomi and Samsung. If you can’t create, duplicate.

Posted on by
@horwitz

Image Credit: Gizmochina

Apple’s Memoji may have become the more popular 3D avatar feature for smartphones, but Xiaomi wants people to know that its similarly named version — Mimoji — came first, despite increasingly confusing overlap between the apps’ names and features. Moreover, it’s apparently threatening legal action against writers who call it a copycat without providing proof.

In September 2017, Apple introduced Animoji as an iPhone X-exclusive component of Messages, enabling the high-end smartphone’s users to see their facial expressions rendered in augmented reality as one of 12 animated emoji glyphs, including pig, fox, rabbit, panda, and poop icons. On June 4, 2018, it added user-customizable Memoji faces to Animoji — notably without changing the Messages component’s name — which hit all iPhone X, XR, and XS models with a final public release in September 2018.

By contrast, Xiaomi notes that its own feature was originally called “Mi Meng” when it hit China in late May 2018, but had the English name Mimoji, as evidenced by the package name of its Android application. While the company’s Mimoji generally looked like second-rate Animoji — including a pig, fox, panda, and rabbit-ish mascot — there weren’t any human figures. Until now.

Above: Xiaomi’s initial Mimoji.

The new version of Mimoji is arriving with Xiaomi’s CC9 phones, adding user-customizable human faces complete with the same basic facial, hair, and clothing elements, albeit rendered with various small changes. Writers in China found the similarities similar enough to call Xiaomi’s version a clone, but after a day of “internal self-examination,” the company challenged that on the Weibo social network. As Gizmochina notes, PR head Xu Jieyun posted the app’s naming timeline, and said that the “functional logic difference between the two products is huge.” It also promised “the next phase of action” against people who said it was copying Apple’s Memoji without proof.

Neither Apple nor Xiaomi can reasonably claim to be first with either the 3D animal or 3D human avatar concept; the ideas have been found in third-party apps for years, and Samsung’s AR Emoji beat both companies to market with OS-integrated human avatars in February 2018. Even the Memoji name dates back to at least early 2017, and not from Apple.

But there’s no question that Apple’s specific implementation of Memoji, complete with TrueDepth face tracking, was something special, and now Mimoji offers something similar. Apple has already announced a host of new customizations for Memoji in iOS 13, and each company will likely iterate on its system — under whatever name — for years to come.

Source: Xiaomi threatens writers over Mimoji app’s overlap with Apple’s Memoji

We are shocked to learn that China, an oppressive surveillance state, injects spyware into visitors’ phones

Posted on by

The New York Times reported today that guards working the border with Krygyzstan in the Xinjiang region have insisted on putting an app called Fengcai on the Android devices of visitors – including tourists, journalists, and other foreigners.

The Android app is said to harvest details from the handset ranging from text messages and call records to contacts and calendar entries. It also apparently checks to see if the device contains any of 73,000 proscribed documents, including missives from terrorist groups, including ISIS recruitment fliers and bomb-making instructions. China being China, it also looks for information on the Dalai Lama and – bizarrely – mentions of a Japanese grindcore band.

Visitors using iPhones had their mobes connected to a different, hardware-based device that is believed to install similar spyware.

This is not the first report of Chinese authorities using spyware to keep tabs on people in the Xinjiang region, though it is the first time tourists are believed to have been the primary target. The app doesn’t appear to be used at any other border crossings into the Middle Kingdom.

In May, researchers with German security company Cure53 described how a similar app known as BXAG that was not only collecting data from Android phones, but also sending that harvested information via an insecure HTTP connection, putting visitors in even more danger from third parties who might be eavesdropping.

The remote region in northwest China has for decades seen conflict between the government and local Muslim and ethnic Uighur communities, with reports of massive reeducation camps beign set up in the area. Beijing has also become increasingly reliant on digital surveillance tools to maintain control over its population, and use of intrusive software in Xinjiang to monitor the locals has become more common.

Human Rights Watch also reported that those living in the region sometimes had their phones spied on by a police-installed app called IJOP, while in 2018 word emerged that a mandatory spyware tool called Jing Wang was being pushed to citizens in the region

Source: We are shocked to learn that China, an oppressive surveillance state, injects spyware into visitors’ phones • The Register

The Americans just force you to unlock the phone for them…

Cop a load of this: 1TB of police body camera videos found lounging around public databases

Posted on by

In yet another example of absent security controls, troves of police body camera footage were left open to the world for anyone to siphon off, according to an infosec biz.

Jasun Tate, CEO of Black Alchemy Solutions Group, told The Register on Monday he and his team had identified about a terabyte of officer body cam videos, stored in unprotected internet-facing databases, belonging to the Miami Police Department, and cops in other US cities as well as places aboard. The operators of these databases – Tate suggests there are five service providers involved – work with various police departments. The footage apparently dates from 2018 to present.

“Vendors that provide services to police departments are insecure,” said Tate, adding that he could not at present identify the specific vendors responsible for leaving the archive freely accessible to the public. Below is an example body-cam video from the internet-facing data silo Tate shared on Twitter.

Tate said he came across the files while doing online intelligence work for a client. While searching the internet, he said his firm came across a dark-web hacker forum thread that pointed out the body cam material sitting prone on the internet. Following the forum’s links led Tate to police video clips that had been stored insecurely in what he described as a few open MongoDB and mySQL databases.

For at least the past few days, the footage was publicly accessible, we’re told. Tate reckons the videos will have been copied from the databases by the hacker forum’s denizens, and potentially sold on by now.

According to Tate, the Miami Police Department was notified of the findings. A spokesperson for Miami PD said the department is still looking into these claims, and won’t comment until the review is completed.

Tate posted about his findings on Saturday via Twitter. The links to databases he provided to The Register as evidence of his findings now return errors, indicating the systems’ administrators have taken steps to remove the files from public view.

The incident echoes the hacking of video surveillance biz Perceptics in terms of the sensitivity of the exposed data. The Perceptics hack appears to be more severe because so much of its internal data was stolen and posted online. But that could change if it turns out that much of the once accessible Miami body cam footage was copied and posted on other servers.

Source: Cop a load of this: 1TB of police body camera videos found lounging around public databases • The Register