SoylentNews

An Anonymous Coward writes:

[Ed note: Most of the headlines for this story uses the security vendor's description of this is a "backdoor", which is getting called out as deliberate clickbait and hype given the physical access needed to load malicious code --hubie]

Undocumented commands found in Bluetooth chip used by a billion devices

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

anubi writes:

Just how tiny can something be made...and still have it work?

https://www.earth.com/news/unexpected-find-inside-the-eye-of-a-tiny-wasp-megaphragma-viggianii/

Megaphragma wasps do more than just outsmart thrips. They also show how far miniaturization can go before basic features stop working.

Most insects rely on their eyes for movement and exploration. Ommatidia form the building blocks of these compound eyes and act like small detectors for incoming light.

In Megaphragma viggianii, researchers have counted a total of 29 ommatidia, which is extremely low compared to the number in the eyes of bigger insects.

Each tiny ommatidium uses a lens that measures around 8 micrometers, but that's still enough to focus light onto specialized structures below.

The rhabdom within each ommatidium (the optical units that make up the insect's compound eye) has stayed thick enough – about 2 micrometers – to catch adequate light and send signals to the brain.

This balance between lens size and rhabdom thickness seems to preserve clear vision during daylight hours.

Packed pigment granules line the sides of each ommatidium. They block stray light that might otherwise blur the wasp's vision.

Maintaining sight at such a small scale may demand a lot of energy. Some data hint at heavy loads of mitochondria in these photoreceptor cells, suggesting that vision comes with a metabolic price.

Roughly a third of the ommatidia cluster near the dorsal region of the eye. These specialized structures appear to detect polarized light, a feature known to help insects orientate under open skies.

In many insects, the dorsal rim area is essential for successful navigation and migration. It provides steady guidance, even when visual landmarks are absent.

In addition, a few unique photoreceptor cells hide behind the first row of ommatidia. They are positioned to receive light indirectly.

Original Submission

fliptop writes:

CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems:

While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it.

The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges.

Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.

The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices.

According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.

Originally spotted on Schneier on Security.

Original Submission

upstart writes:

Built by the Norwegian startup 1X, the Neo Gamma humanoid robot is designed to complete mundane household tasks:

A Norwegian robotics firm has unveiled a knitted-nylon-covered humanoid robot designed to complete household chores.

"Neo Gamma," built by robotics company 1X, is a bipedal android equipped to perform everyday tasks such as vacuuming, tidying clothes and making coffee.

In a promotional video released Feb 21. On YouTube, the machine is shown serving tea, fixing a wonky picture frame, carrying laundry, hoovering, wiping windows and collecting groceries, before taking a seat as its human owners eat.

Although the company has said the humanoid robot is not ready to go on sale to the public, they claim the new model has been made available for limited testing in some homes. This will enable engineers to test the robot's navigational, speech and body language artificial intelligence (AI) features. These capabilities are being developed in-house, although ChatGPT developer OpenAI was an early investor.

"There is a not-so-distant future where we all have our own robot helper at home, like Rosey the Robot or Baymax," Bernt Børnich, the CEO of 1X, said in a statement. "But for humanoid robots to truly integrate into everyday life, they must be developed alongside humans, not in isolation."

"The home provides real-world context and the diversity of data needed for humanoids to grow in intelligence and autonomy. It also teaches them the nuances of human life — how to open the door for the elderly, move carefully around pets, or adapt to the unpredictability of the surrounding world," Børnich said.

[...] Its multi-joined hands use elastic motors that mimic human tendons, and it has four microphones and a speaker system integrated into its body to communicate with humans. Its knitted exterior was designed to reduce the force of potential impacts with the exterior environment and increase its overall safety.

Original Submission

Arthur T Knackerbracket has processed the following story:

An international team of researchers has revealed evidence of bygone “vacation-style” sandy beaches on Mars: underground rock layers that testify to an ancient northern ocean with gently lapping waves, as detailed in a study published January 14 in the journal PNAS. Their work bolsters previous research suggesting that Mars once hosted large bodies of water and a potentially habitable environment.

“We’re finding places on Mars that used to look like ancient beaches and ancient river deltas,” Benjamin Cardenas, a geologist at Pennsylvania State University and a co-author of the study, said in a university statement. “We found evidence for wind, waves, no shortage of sand—a proper, vacation-style beach.”

Cardenas and his colleagues studied geological data collected by the Chinese Zhurong rover in 2021 in an area of Mars called Utopia Planitia. Zhurong comes equipped with ground-penetrating radar, a tool that “gives us a view of the subsurface of the planet, which allows us to do geology that we could have never done before,” said Michael Manga, a planetary scientist at the University of California, Berkeley, who also participated in the study.

The radar data revealed underground rock layers bearing a striking resemblance to geological structures on Earth called “foreshore deposits”—downward sloping formations shaped by water currents pulling sediments into oceans. The researchers confirmed the similarities by comparing the Mars data to radar images of Earthly coastal deposits—even the angles of the underground Martian slopes aligned with those on our planet.

“This stood out to us immediately because it suggests there were waves, which means there was a dynamic interface of air and water,” Cardenas explained. “When we look back at where the earliest life on Earth developed, it was in the interaction between oceans and land, so this is painting a picture of ancient habitable environments, capable of harboring conditions friendly toward microbial life.”

After making sure that the formation couldn’t be explained by other factors such as rivers, wind, or volcanic activity, the researchers suggest that the Martian formations, as well as the thickness of their sediments, imply the presence of a bygone oceanic coast.

[...] If Mars really had oceanfront property, its ancient shores might be some of the best places to hunt for signs of past life. Future missions could help settle the question: Did microbes once call these beaches home, or were they just waves rolling over an empty, lifeless world?

Original Submission

mrpg writes:

https://www.nature.com/articles/d41586-025-00554-w

A slimy barrier lining the brain's blood vessels could hold the key to shielding the organ from the harmful effects of ageing, according to a study in mice.

The study showed that this oozy barrier deteriorates with time, potentially allowing harmful molecules into brain tissue and sparking inflammatory responses. Gene therapy to restore the barrier reduced inflammation in the brain and improved learning and memory in aged mice. The work was published today in Nature1.

The finding shines a spotlight on a cast of poorly understood molecules called mucins that coat the interior of blood vessels throughout the body and give mucus its slippery texture, says Carolyn Bertozzi, a Nobel-prizewinning chemist at Stanford University in California and a lead author of the study. "Mucins play a lot of interesting roles in the body," she says. "But until recently, we didn't have the tools to study them. They were invisible."

Mucins are large proteins decorated with carbohydrates that form linkages with one another, creating a water-laden, gel-like substance. They are crucial constituents of the blood–brain barrier, a system that restricts the movement of some molecules from the blood into the brain.

Researchers have long sought ways to sneak medicines past this barrier to treat diseases of the brain. Previous work also showed that the integrity of the barrier erodes with age2, suggesting that it could be an important target for therapies to combat diseases associated with ageing, such as Alzheimer's disease.

But scientists knew little about the contribution of mucins to these changes, until Sophia Shi, a graduate student at Stanford, decided to focus on a mucin-rich layer called the glycocalyx, which lines blood vessels. Shi and her colleagues looked at what happens to the glycocalyx in the brain as mice age. "The mucins on the young blood vessels were thick and juicy and plump," says Bertozzi. "In the old mice, they were thin and lame and patchy."

[Ed's Note: Unable to access the full article. If you have full access please leave a link in the comments.--JR]

Journal Reference:
Ledford, Heidi. 'Slime' keeps the brain safe ― and could guard against ageing, (DOI: 10.1038/d41586-025-00554-w)

Original Submission

fliptop writes:

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying

At EFF we spend a lot of time thinking about Street Level Surveillance technologies—the technologies used by police and other authorities to spy on you while you are going about your everyday life—such as automated license plate readers, facial recognition, surveillance camera networks, and cell-site simulators (CSS). Rayhunter is a new open source tool we've created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out CSS around the world:

CSS operate by conducting a general search of all cell phones within the device's radius. Law enforcement use CSS to pinpoint the location of phones often with greater accuracy than other techniques such as cell site location information (CSLI) and without needing to involve the phone company at all. CSS can also log International Mobile Subscriber Identifiers (IMSI numbers) unique to each SIM card, or hardware serial numbers (IMEIs) of all of the mobile devices within a given area. Some CSS may have advanced features allowing law enforcement to intercept communications in some circumstances.

What makes CSS especially interesting, as compared to other street level surveillance, is that so little is known about how commercial CSS work. We don't fully know what capabilities they have or what exploits in the phone network they take advantage of to ensnare and spy on our phones, though we have some ideas.

We also know very little about how cell-site simulators are deployed in the US and around the world. There is no strong evidence either way about whether CSS are commonly being used in the US to spy on First Amendment protected activities such as protests, communication between journalists and sources, or religious gatherings. There is some evidence—much of it circumstantial—that CSS have been used in the US to spy on protests. There is also evidence that CSS are used somewhat extensively by US law enforcement, spyware operators, and scammers. We know even less about how CSS are being used in other countries, though it's a safe bet that in other countries CSS are also used by law enforcement.

CSS (also known as Stingrays or IMSI catchers) are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.

CSS operate by conducting a general search of all cell phones within the device's radius. Law enforcement use CSS to pinpoint the location of phones often with greater accuracy than other techniques such as cell site location information (CSLI) and without needing to involve the phone company at all. CSS can also log International Mobile Subscriber Identifiers (IMSI numbers) unique to each SIM card, or hardware serial numbers (IMEIs) of all of the mobile devices within a given area. Some CSS may have advanced features allowing law enforcement to intercept communications in some circumstances.

[...] Until now, to detect the presence of CSS, researchers and users have had to either rely on Android apps on rooted phones, or sophisticated and expensive software-defined radio rigs. Previous solutions have also focused on attacks on the legacy 2G cellular network, which is almost entirely shut down in the U.S. Seeking to learn from and improve on previous techniques for CSS detection we have developed a better, cheaper alternative that works natively on the modern 4G network.

[...] Rayhunter works by intercepting, storing, and analyzing the control traffic (but not user traffic, such as web requests) between the mobile hotspot Rayhunter runs on and the cell tower to which it's connected. Rayhunter analyzes the traffic in real-time and looks for suspicious events, which could include unusual requests like the base station (cell tower) trying to downgrade your connection to 2G which is vulnerable to further attacks, or the base station requesting your IMSI under suspicious circumstances.

Originally spotted on Schneier on Security.

Original Submission

upstart writes:

Asteroid Mining Startup Loses Its Spacecraft Somewhere Beyond the Moon:

A privately built spacecraft is tumbling aimlessly in deep space, with little hope of being able to contact its home planet. Odin is around 270,000 miles (434,522 kilometers) away from Earth, on a silent journey that's going nowhere fast.

California-based startup AstroForge launched its Odin spacecraft on February 26 on a SpaceX Falcon 9 rocket. The probe was headed toward a small asteroid to scan it for valuable metals, in service of the company's ambitious goal of mining asteroids for profit. AstroForge was also hoping to become the first company to launch a commercial mission to deep space with its in-house spacecraft, a dream that fell apart shortly after launch.

After Odin separated from the rocket, the company's primary ground station in Australia suffered major technical issues due to a power amplifier breaking, delaying AstroForge's first planned attempt to contact the spacecraft, the company revealed in an update on Thursday. The mission went downhill from there, as several attempts to communicate with Odin failed and the spacecraft's whereabouts were unknown. "I think we all know the hope is fading as we continue the mission," AstroForge founder Matt Gialich said in a video update shared on X.

AstroForge is working on developing technologies for mining precious metals from asteroids millions of miles away. The company launched its first mission in April 2023 to demonstrate its ability to refine asteroid material in orbit. Its initial task also did not go as planned, as the company struggled to communicate with its satellite.

For its second mission, AstroForge opted to build its spacecraft in-house to avoid some of the problems encountered during its first mission, Gialich told Gizmodo in an interview last year. AstroForge built the $3.5 million spacecraft in less than ten months. "We know how to build these craft. These have been built before. They just cost a billion fucking dollars. How do we do it for a fraction of the cost?" Gialich is quoted as saying in AstroForge's recent update. "At the end of the day, like, you got to fucking show up and take a shot, right? You have to try."

Amid a Growing Measles Outbreak, Doctors Worry RFK is Sending the Wrong Message

upstart writes:

Amid a growing measles outbreak, doctors worry RFK is sending the wrong message:

[...] Two people have now died in the growing measles outbreak in west Texas and New Mexico.

New Mexico Health officials on Thursday confirmed the death of an unvaccinated adult who tested positive for measles. The first death was a school-age child in Gaines County, Texas last week.

News of a second death comes as infectious disease doctors worry that the federal government's messaging about the outbreak is putting more emphasis on treatments like vitamin A than on vaccination, even as misinformation about some of these treatments is spreading online.

Those concerns come in the wake of recent comments made by Health and Human Services Secretary Robert F. Kennedy Jr. Kennedy addressed the growing measles outbreak in an editorial for FOX News published on Sunday, also posted on the HHS website.

While mentioning the value of vaccination for community immunity, Kennedy said "the decision to vaccinate is a personal one." He emphasized treatment for measles, saying that vitamin A can "dramatically" reduce deaths from the disease. In an interview with FOX News Tuesday, he said Texas doctors are giving steroids and cod liver oil to their measles patients and "getting very, very, good results."

In his editorial, he said good nutrition is "a best defense against most chronic and infectious illnesses." That emphasis on nutrition and vitamin A to treat measles is concerning some infectious disease doctors.

"Mentions of cod liver oil and vitamins [are] just distracting people away from what the single message should be, which is to increase the vaccination rate, " said Dr. Amesh Adalja, an infectious disease physician and senior scholar with the Johns Hopkins Center for Health Security.

While vitamin A can play a role in preventing severe disease, discussion of vitamins, "doesn't replace the fact that measles is a preventable disease. And really, the way to deal with a measles outbreak is to vaccinate people against measles," says Dr. Adam Ratner, a member of the infectious disease committee of the American Academy of Pediatrics.

Kennedy did acknowledge that measles is highly contagious and that it poses health risks, especially to people who are not vaccinated. He said vaccines not only protect individual children from measles, but also protect people who can't be vaccinated. But he didn't strongly encourage people to get their children vaccinated — which is usually a key part of the public health response during an outbreak.

In 2019, when a measles outbreak was raging in the U.S., then health secretary Alex Azar came out with a statement strongly supporting vaccination and warning of the risks of under-vaccination.

An Anonymous Coward writes:

https://www.wired.com/story/doge-government-salaries-elon-musk/

Engineers and executives at the so-called Department of Government Efficiency are drawing healthy taxpayer-funded salaries—sometimes from the very agencies they are cutting.

[...] Jeremy Lewin, one of the DOGE employees tasked with dismantling USAID, who has also played a role in DOGE's incursions into the National Institutes of Health and the Consumer Financial Protection Bureau, is listed as making just over $167,000 annually, WIRED has confirmed. Lewin is assigned to the Office of the Administrator within the General Services Administration.

Kyle Schutt, a software engineer at the Cybersecurity and Infrastructure Security Agency, is listed as drawing a salary of $195,200 through GSA, where he is assigned to the Office of the Deputy Administrator. That is the maximum amount that any "General Schedule" federal employee can make annually, including bonuses. "You cannot be offered more under any circumstances," the GSA compensation and benefits website reads.

Nate Cavanaugh, a 28-year-old tech entrepreneur who has taken a visible internal role interviewing GSA employees as part of DOGE's work at the agency, is listed as being paid just over $120,500 per year. According to DOGE's official website, the average GSA employee makes $128,565 and has worked at the agency for 13 years.

When Elon Musk started recruiting for DOGE in November, he described the work as "tedious" and noted that "compensation is zero." WIRED previously reported that the DOGE recruitment effort relied in part on a team of engineers associated with Peter Thiel and was carried out on platforms like Discord.

Since Trump took office in January, DOGE has overseen aggressive layoffs within the GSA, including the recent elimination of 18F, the agency's unit dedicated to technology efficiency. It also developed a plan to sell off more than 500 government buildings.

Although Musk has described DOGE as "maximum transparent," it has not made its spending or salary ranges publicly available. Funding for DOGE had grown to around $40 million as of February 20, according to a recent ProPublica report. The White House did not respond to questions about the salary ranges for DOGE employees or how the budget is allocated to pay them.

Arthur T Knackerbracket has processed the following story:

Alphabet has announced a new development for Taara's technology that could lead to low-cost, high-speed internet connectivity, even in far-flung locations. Taara's general manager, Mahesh Krishnaswamy, has introduced the Taara chip, a silicon photonic chip that uses light to transmit high-speed data through the air. The Taara chip is abut the size of a fingernail, far smaller than the technology the Alphabet division has been using. Taara Lightbridge, which is what its first-generation technology is called, is the size of a traffic light and uses a system of mirrors and sensors to physically steer light to where it needs to go. The new chip uses software instead.

Taara is a project under X, Alphabet's moonshot factory. The high speed wireless optical link technology underpinning the project was originally developed for X's Project Loon internet broadcasting balloons. Alphabet pulled the plug on Loon in 2021 and focused on Taara instead, using its technology to beam broadband across the Congo River and the streets of Nairobi. Even years before Loon shut down, Alphabet's X was already toying with the idea of using light to beam internet and tested the technology in India.

Taara's technology works by using a "very narrow, invisible light beam to transmit data at speeds as high as 20 gigabits per second, up to distances of 20 kilometers (12.1 miles)." It's like traditional fiber, in the sense that it uses light to carry data, except that light doesn't travel through cables. Instead, Taara's hardware emits beams of light. The beams from two units must be aligned with each other to be able to form a secure link that can transmit data, which is why Lightbridge was fitted with the parts needed to be able to physically steer the light. Taara's new chip doesn't need those components: It contains hundreds of tiny light emitters controlled by software with automatic steering

Krishnaswamy said Taara's light-beaming units will only take days to install instead of the months or years it can take to lay fiber. During tests in the lab, the Taara team was able to transmit data at speeds of 10 Gbps over a distance of one kilometer (0.62 miles) using two of the new chips. They're now looking to improve the chip's capacity and range by creating an "iteration with thousands of [light] emitters." The team expects the chip to be available in 2026.

Original Submission

Community members are experiencing a problem when trying to subscribe using Stripe. We have identified the probable cause but it will take at least a few days to rectify it.

For the moment I suggest that you either subscribe using Paypal or wait until the problem has been fixed. I will notify the community when the problem has been resolved.

If you cannot/will not use Paypal and you need to have a valid subscription to limit access to your journal then you can contact me (either as janrinok or admin (at) soylentnews (dot) org) via email and I can give you a short subscription grant of a few days to enable you to publish your journal.

upstart writes:

Hugging Face's chief science officer worries AI is becoming 'yes-men on servers':

AI company founders have a reputation for making bold claims about the technology's potential to reshape fields, particularly the sciences. But Thomas Wolf, Hugging Face's co-founder and chief science officer, has a more measured take.

In an essay published to X on Thursday, Wolf said that he feared AI becoming "yes-men on servers" absent a breakthrough in AI research. He elaborated that current AI development paradigms won't yield AI capable of outside-the-box, creative problem-solving — the kind of problem-solving that wins Nobel Prizes.

"The main mistake people usually make is thinking [people like] Newton or Einstein were just scaled-up good students, that a genius comes to life when you linearly extrapolate a top-10% student," Wolf wrote. "To create an Einstein in a data center, we don't just need a system that knows all the answers, but rather one that can ask questions nobody else has thought of or dared to ask."

Wolf's assertions stand in contrast to those from OpenAI CEO Sam Altman, who in an essay earlier this year said that "superintelligent" AI could "massively accelerate scientific discovery." Similarly, Anthropic CEO Dario Amodei has predicted AI could help formulate cures for most types of cancer.

Wolf's problem with AI today — and where he thinks the technology is heading — is that it doesn't generate any new knowledge by connecting previously unrelated facts. Even with most of the internet at its disposal, AI as we currently understand it mostly fills in the gaps between what humans already know, Wolf said.

Some AI experts, including ex-Google engineer François Chollet, have expressed similar views, arguing that while AI might be capable of memorizing reasoning patterns, it's unlikely it can generate "new reasoning" based on novel situations.

Wolf thinks that AI labs are building what are essentially "very obedient students" — not scientific revolutionaries in any sense of the phrase. AI today isn't incentivized to question and propose ideas that potentially go against its training data, he said, limiting it to answering known questions.

Freeman writes:

https://arstechnica.com/ai/2025/03/users-report-emotional-bonds-with-startlingly-realistic-ai-voice-demo/

In late 2013, the Spike Jonze film Her imagined a future where people would form emotional connections with AI voice assistants. Nearly 12 years later, that fictional premise has veered closer to reality with the release of a new conversational voice model from AI startup Sesame that has left many users both fascinated and unnerved.

"I tried the demo, and it was genuinely startling how human it felt," wrote one Hacker News user who tested the system.
[...]
In late February, Sesame released a demo for the company's new Conversational Speech Model (CSM) that appears to cross over what many consider the "uncanny valley" of AI-generated speech
[...]
"At Sesame, our goal is to achieve 'voice presence'—the magical quality that makes spoken interactions feel real, understood, and valued," writes the company in a blog post.
[...]
Sometimes the model tries too hard to sound like a real human. In one demo posted online by a Reddit user called MetaKnowing, the AI model talks about craving "peanut butter and pickle sandwiches."
[...]
"I've been into AI since I was a child, but this is the first time I've experienced something that made me definitively feel like we had arrived," wrote one Reddit user.
[...]
Many other Reddit threads express similar feelings of surprise, with commenters saying it's "jaw-dropping" or "mind-blowing."
[...]
Mark Hachman, a senior editor at PCWorld, wrote about being deeply unsettled by his interaction with the Sesame voice AI. "Fifteen minutes after 'hanging up' with Sesame's new 'lifelike' AI, and I'm still freaked out," Hachman reported.
[...]
Others have compared Sesame's voice model to OpenAI's Advanced Voice Mode for ChatGPT, saying that Sesame's CSM features more realistic voices, and others are pleased that the model in the demo will roleplay angry characters, which ChatGPT refuses to do.
[...]
Under the hood, Sesame's CSM achieves its realism by using two AI models working together (a backbone and a decoder) based on Meta's Llama architecture that processes interleaved text and audio. Sesame trained three AI model sizes, with the largest using 8.3 billion parameters (an 8 billion backbone model plus a 300 million parameter decoder) on approximately 1 million hours of primarily English audio.

upstart writes:

Apple appeal to Investigatory Powers Tribunal may be the first case of its type:

Apple reportedly filed an appeal in hopes of overturning a secret UK order requiring it to create a backdoor for government security officials to access encrypted data.

"The iPhone maker has made its appeal to the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the UK security services, according to people familiar with the matter," the Financial Times reported today. The case "is believed to be the first time that provisions in the 2016 Investigatory Powers Act allowing UK authorities to break encryption have been tested before the court," the article said.

A Washington Post report last month said UK security officials "demanded that Apple create a backdoor allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud," including "blanket capability to view fully encrypted material."

Apple has publicly criticized the law, warning last year that the UK government is claiming power to demand access to the data of users in any country, not just the UK.

Apple responded to the recent order by pulling its Advanced Data Protection (ADP) service from the UK. The optional level of encryption for iCloud prevents even Apple from seeing user data. "Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature," Apple said last month.

"As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will," Apple also said.

Backdoors demanded by governments have alarmed security and privacy advocates, who say the special access would be exploited by criminal hackers and other governments. Bad actors typically need to rely on vulnerabilities that aren't intentionally introduced and are patched when discovered. Creating backdoors for government access would necessarily involve tech firms making their products and services less secure.

The order being appealed by Apple is a Technical Capability Notice issued by the UK Home Office under the 2016 law, which is nicknamed the Snoopers' Charter and forbids unauthorized disclosure of the existence or contents of a warrant issued under the act.

[...] Under the law, Investigatory Powers Tribunal decisions can be challenged in an appellate court.

Original Submission