Daily Archives: July 15, 2022

Ubisoft Teaches Customers They Don’t Own All That DLC They ‘Bought’

Posted on by

While we were just discussing how everyone occasionally gets reminded that for many digital goods these days you simply don’t actually own what you’ve bought, all thanks to Sony disappearing a bunch of purchased movies and shows from its PlayStation platform, this conversation has been going on for a long, long time. Whereas the expectation by many people is that buying a digital good carries similar ownership rights as it would a physical good, instead there are discussions of “licensing” buried in the Ts and Cs that almost nobody reads. The end result is a massive disconnect between what people think they’re paying for and what they actually are paying for.

Take Ubisoft DLC for instance. Lots of people bought DLC for titles like Assassin’s Creed 3 or Far Cry 3 for the PC versions of those games… and recently found out that all that purchased DLC is simply going away with Ubisoft shutting game servers down.

According to Ubisoft’s announcement, “the installation and access to downloadable content (DLC) will be unavailable” on the PC versions of the following games as of September 1, 2022:

Assassin’s Creed 3
Assassin’s Creed: Brotherhood
Driver San Francisco
Far Cry 3
Prince of Persia: The Forgotten Sands
Silent Hunter 5

DLC for the console versions of these games (which is verified through the console platform stores and not Ubisoft’s UPlay platform) will be unaffected, when applicable. Assassin’s Creed III and Far Cry 3 are also available on PC in remastered re-releases that will not be affected by this server shutdown (though the remastered “Classic Edition” of Far Cry 3 is currently unavailable for purchase from Ubisoft’s own website).

A notable addition to all of this is that the full version of Assassin’s Creed Liberation HD was on sale merely days ago on Steam’s Summer Sale, but that title is going to disappear from Steam entirely on September 1st as well. Read that again. The public bought a game title on Steam for 75% off, thinking it was a great deal, only to subsequently learn that they have 60 days to play the damned thing before it becomes unplayable.

This is not tenable. The consumer can only be jerked around so much before a clapback occurs and losing purchased assets based on the whim of the company that sold them isn’t going to be tolerated forever. And while I’m loathe to be one of the “there should be a law!” guys, well, there should be legal ramifications for this sort of thing. There are other options out there that would not remove purchased items from people, be it local installations, allowing fans in the public to host their own servers, etc.

Instead, Ubisoft appears to be joining a list of companies that believes it can sell you something and then take it away, all while including that same something in some bundled release afterwards.

Source: Ubisoft Teaches Customers They Don’t Own All That DLC They ‘Bought’ | Techdirt

Apple AirTags Hacked And Cloned With Voltage Glitching

Posted on by

[…]

researchers have shown that it’s possible to clone these devices, as reported by Hackster.io.

The research paper explains the cloning process, which requires physical access to the hardware. To achieve the hack, the Nordic nRF52832 inside the AirTag must be voltage glitched to enable its debug port. The researchers were able to achieve this with relatively simple tools, using a Pi Pico fitted with a few additional components.

With the debug interface enabled, it’s simple to extract the microcontroller’s firmware. It’s then possible to clone this firmware onto another tag. The team also experimented with other hacks, like having the AirTag regularly rotate its ID to avoid triggering anti-stalking warnings built into Apple’s tracing system.

As the researchers explain, it’s clear that AirTags can’t really be secure as long as they’re based on a microcontroller that is vulnerable to such attacks. It’s not the first AirTag cloning we’ve seen either. They’re an interesting device with some serious privacy and safety implications, so it pays to stay abreast of developments in this area.

[…]

Source: Apple AirTags Hacked And Cloned With Voltage Glitching | Hackaday

Lenovo fixes trio of UEFI vulnerabilities – fortunately not for Thinkpads though

Posted on by

[…]

“The vulnerabilities,” explained the ESET Research team, “can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features.”

“It’s a typical UEFI ‘double GetVariable’ vulnerability,” the team added, before giving a hat tip to efiXplorer.

Lenovo has published an advisory on the matter this week: the CVE identifiers are CVE-2022-1890, CVE-2022-1891, CVE-2022-1892. All are related to buffer overflows and carry the risk that an attacker with local privileges will be able to execute arbitrary code. Their severity was rated as medium.

As for mitigation, updating the firmware is pretty much all customers can do, although not all products are affected by all three vulnerabilities. All of the products, however, do seem to be hit by CVE-2022-1892, a buffer overflow in the SystemBootManagerDxe driver.

The disclosure follows another three vulnerabilities patched in April, also concerned with UEFI on Lenovo kit. UEFI, or Unified Extensible Firmware Interface, is the glue connecting a device’s firmware with the operating system on top. A vulnerability there could potentially be exploited before a device gets a chance to boot its operating system and fire up malware protections, allowing the computer to become deeply infected and compromised.

ESET research noted that the flaws were a result of “insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable.”

ThinkPad hardware is not affected, probably to the relief of harassed enterprise administrators around the world. Other Lenovo device users should check the list and perform a firmware update if needed.

[…]

Source: Lenovo fixes trio of UEFI vulnerabilities • The Register

Nokia Launches 8″ T10 Tablet

Posted on by
Nokia T10 tablet has been officially launched by the company via a press release. It is the second tablet by Nokia’s new home, HMD Global, on the market. The device is being touted as a sturdy and portable Android slate with multiple years of software upgrades. The Nokia T10 has arrived as a mid-range Android tablet for global markets.
Specifications, Features
The Nokia T10 tablet comes with an 8-inch HD display. The slate boots Android 12 out-of-the-box. It will be getting two years of major Android OS updates and at least three years of monthly security updates for Android. The slate is powered by the Unisoc T606 processor, which is accompanied by up to 4GB of RAM and 64GB of internal storage. There also are dual stereo speakers with OZO playback to provide an immersive media experience.
[…]
The device has an 8MP primary shooter and a 2MP selfie camera, which supports face unlock functionality. In the connectivity department, the Nokia T10 comes with 4G LTE, dual-band Wi-Fi, Bluetooth, GPS with GLONASS, and a built-in FM radio receiver.
Lastly, the slate is fuelled by a beefy 5,250 mAh battery, which supports 10W charging technology. Nokia T10
Price, Availability The Nokia T10 Android tablet’s base variant will be available from $159

Source: Nokia T10 Tablet With 8-Inch Screen Launched; Pricing & Features – Gizbot News

Unfortunately the screen for the T10 is only 1200 x 800. I really like the 8″ form  factor though.

The T20 has a 10″ display

Display Type IPS LCD, 400 nits (typ)
Size 10.4 inches, 307.9 cm2 (~78.9% screen-to-body ratio)
Resolution 1200 x 2000 pixels, 5:3 ratio (~224 ppi density)
Protection Scratch-resistant glass
Platform OS Android 11
Chipset Unisoc T610 (12 nm)
CPU Octa-core (2×1.8 GHz Cortex-A75 & 6×1.8 GHz Cortex-A55)
GPU Mali-G52 MP2

source: gsmarena