Daily Archives: June 1, 2023

US judge grants final approval to Apple’s $50m broken ‘butterfly’ keyboard settlement

Posted on by

A US federal court this week gave final approval to the $50 million class-action settlement Apple came to last July resolving claims the company knew about and concealed the unreliable nature of keyboards on MacBook, MacBook Air and MacBook Pro computers released between 2015 and 2019. Per Reuters (via 9to5Mac), Judge Edward Davila on Thursday called the settlement involving Apple’s infamous “butterfly” keyboards “fair, adequate and reasonable.” Under the agreement, MacBook users impacted by the saga will receive settlements between $50 and $395. More than 86,000 claims for class member payments were made before the application deadline last March, Judge Davila wrote in his ruling.

Apple debuted the butterfly keyboard in 2015 with the 12-inch MacBook. At the time, former design chief Jony Ive boasted that the mechanism would allow the company to build ever-slimmer laptops without compromising on stability or typing feel. As Apple re-engineered more of its computers to incorporate the butterfly keyboard, Mac users found the design was susceptible to dust and other debris. The company introduced multiple revisions to make the mechanism more resilient before eventually returning to a more conventional keyboard design with the 16-inch MacBook Pro in late 2019.

[…]

Source: US judge grants final approval to Apple’s $50 million ‘butterfly’ keyboard settlement | Engadget

Air New Zealand to weigh passengers before they board the airplane

Posted on by

That’s right: New Zealand’s Civil Aviation Authority is asking that its national airline weigh passengers departing on international flights from Auckland International Airport through July 2, 2023.

The program, which Air New Zealand calls a passenger weight survey, is a way to gather data on the weight load and distribution for planes, the airline said.

“We weigh everything that goes on the aircraft – from the cargo to the meals onboard, to the luggage in the hold,” Alastair James, the airline’s load control improvement specialist said in a statement. “For customers, crew and cabin bags, we use average weights, which we get from doing this survey.”

Still, weight is a personal thing that not everyone wishes to disclose. In order to protect individuals’ privacy, the airline says it has made the data anonymous.

Source: Air New Zealand to weigh passengers before they board the airplane | CNN

This is pretty relevant because the standard passenger weight is given in tables which are  slightly outdated. So if there are > adult 30 passengers, they are expected to weigh 84kg each including hand luggage. Holiday charters can calculate using 76kg. Baggage is expected to be 13kg within the EU. These figures seem extremely light to me.

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor for updates

Posted on by

[…] Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte,

[…]

the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.

[…]

In its blog post about the research, Eclypsium lists 271 models of Gigabyte motherboards that researchers say are affected.

[…]

Gigabyte’s updater alone might have raised concerns for users who don’t trust Gigabyte to silently install code on their machine with a nearly invisible tool—or who worry that Gigabyte’s mechanism could be exploited by hackers who compromise the motherboard manufacturer to exploit its hidden access in a software supply chain attack. But Eclypsium also found that the update mechanism was implemented with glaring vulnerabilities that could allow it to be hijacked: It downloads code to the user’s machine without properly authenticating it, sometimes even over an unprotected HTTP connection, rather than HTTPS. This would allow the installation source to be spoofed by a man-in-the-middle attack carried out by anyone who can intercept the user’s internet connection, such as a rogue Wi-Fi network.

In other cases, the updater installed by the mechanism in Gigabyte’s firmware is configured to be downloaded from a local network-attached storage device (NAS), a feature that appears to be designed for business networks to administer updates without all of their machines reaching out to the internet. But Eclypsium warns that in those cases, a malicious actor on the same network could spoof the location of the NAS to invisibly install their own malware instead.

[…]

Source: Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

Amazon’s Ring used to spy on customers, children, FTC says in privacy settlement

Posted on by

A former employee of Amazon.com’s Ring doorbell camera unit spied for months on female customers in 2017 with cameras placed in bedrooms and bathrooms, the Federal Trade Commission said in a court filing on Wednesday when it announced a $5.8 million settlement with the company over privacy violations.

Amazon also agreed to pay $25 million to settle allegations it violated children’s privacy rights when it failed to delete Alexa recordings at the request of parents and kept them longer than necessary, according to a court filing in federal court in Seattle that outlined a separate settlement.

The FTC settlements are the agency’s latest effort to hold Big Tech accountable for policies critics say place profits from data collection ahead of privacy.

The FTC is also probing Amazon.com’s $1.7 billion deal to buy iRobot Corp (IRBT.O), which was announced in August 2022 in Amazon’s latest push into smart home devices, and has a separate antitrust probe underway into Amazon.

[…]

The FTC said Ring gave employees unrestricted access to customers’ sensitive video data: “As a result of this dangerously overbroad access and lax attitude toward privacy and security, employees and third-party contractors were able to view, download, and transfer customers’ sensitive video data.”

In one instance in 2017, an employee of Ring viewed videos made by at least 81 female customers and Ring employees using Ring products. “Undetected by Ring, the employee continued spying for months,” the FTC said.

[…]

In May 2018, an employee gave information about a customer’s recordings to the person’s ex-husband without consent, the complaint said. In another instance, an employee was found to have given Ring devices to people and then watched their videos without their knowledge, the FTC said.

[…]

rules against deceiving consumers who used Alexa. For example, the FTC complaint says that Amazon told users it would delete voice transcripts and location information upon request, but then failed to do so.

“The unlawfully retained voice recordings provided Amazon with a valuable database for training the Alexa algorithm to understand children, benefiting its bottom line at the expense of children’s privacy,” the FTC said.

Source: Amazon’s Ring used to spy on customers, FTC says in privacy settlement

The total settlement of $30m is insanely low considering the scale of the violations and the continuing nature of them.