SoylentNews

upstart writes:

Earthquake-induced electricity offers answer to mystery of gold nugget formation:

The pressure created by earthquakes could trigger quartz veins to generate enough electricity to form large nuggets of gold, researchers in Australia have found.

Most gold nuggets originate in quartz veins when gold-bearing hydrothermal fluids from the earth's crust are transported along fracture networks by earthquakes. '[Quartz veins] form over the accumulation of thousands of earthquake events,' says Chris Voisey, a geologist at Monash University in Melbourne, Australia and lead researcher on the study. 'There's a fault that turns into a quartz vein and then it'll fracture open repeatedly during many, many earthquakes... And every time it fractures open, a gold-bearing fluid from deep in the crust flows through it.'

The overall mechanism behind the transport and deposition of gold are relatively well understood but the formation of large nuggets of gold in quartz veins has remained something of a mystery, particularly given the low concentration of gold in hydrothermal fluids and the chemical inertness of quartz. 'In this type of setting gold is transported in fluid as molecules in tiny amounts,' explains Laura Petrella, a geologist at the University of Western Australia, who was not involved in the study. 'So we struggle to understand how big nuggets can form, considering that we have only a little amount of gold in the fluid.'

Quartz veins are known to emit a measurable electric charge when put under mechanical stress, such as by an earthquake – a phenomenon known as piezoelectricity. To investigate whether earthquake-induced piezoelectric discharges from quartz could explain the formation of gold nuggets, the researchers conducted experiments using slabs of quartz. The slabs were placed within sealed chambers containing gold-rich solutions and the shaking of an earthquake was replicated mechanically.

'Using our model, you have a quartz vein, it breaks open during the "earthquake", gold rich fluid is rushing by, but the ground is shaking because it's an earthquake, so it's all rattling, and that rattling will stress the quartz crystals that are in the vein wall and generate a voltage,' Voisey explains. 'If that voltage is high enough ie higher than the redox potential of a gold-bearing ligand or gold-bearing molecule, that gold will get reduced, so it gets separated from the molecule – it'll precipitate as native gold.'

As expected, the rattled quartz created an electrical field and this resulted in the gold nanoparticles in the solution being drawn out and deposited as grains along the vein. However, this wasn't the end of the story.

'When [the gold] precipitates, it then becomes the focus for ongoing electron donation, because gold is a conductor and quartz is an insulator,' says Voisey. 'If you have gold on a piece of quartz and you deform the quartz, it will use that voltage to donate its own electrons, and when it does that, it becomes the focus for further gold reduction from the fluid and it'll grow and become a big gold nugget.'

Voisey says this work was a 'pure scientific endeavour'. 'The cool thing about it is that we're explaining something that we haven't been able to explain. We know a lot about how gold mineralises – people have been studying this forever, but this was just one of the little outstanding things.'

Petrella says it was a 'novel idea' to look at the electric properties of quartz. 'It's very interesting ... of course, this type of gold deposit forms as a result of fracturing in the crust so we already kind of know they form as a result of earthquakes ... but they actually show that the specific property of the quartz might be able to trigger the deposition of gold that is in the fluid originally.'

She says that one limitation of the work is that for the process to work the quartz would need to be crystalised already, which might not always be the case. 'This theory works really well for what we call remobilisation. Remobilisation is when you have a vein already formed with gold already in it, and then when you apply more stress on this vein, then you will move around, redissolve the gold, and then reprecipitate it. So in the case of remobilisation, this theory that they propose would work really well.'

She says that that the researchers' findings could have important applications in gold mining. 'Mining explorers would be really interested in knowing how you concentrate gold, because it would help in targeting high-grade gold deposits – obviously, it's more environmental friendly to mine a deposit where gold is concentrated.'

upstart writes:

A new study is shedding light on why solar radiation is more effective than other forms of energy at causing water to evaporate. The key factor turns out to be the oscillating electric field inherent to sunlight itself:

"It's well established that the sun is exceptionally good at causing water to evaporate – more efficient than heating water on the stove, for instance," says Saqlain Raza, first author of a paper on the work and a Ph.D. student at North Carolina State University. "However, it has not been clear exactly why. Our work highlights the role that electric fields play in this process."

"This is part of a larger effort in the research community to understand this phenomenon, which has applications such as engineering more efficient water-evaporation technologies," says Jun Liu, co-corresponding author of the paper and an associate professor of mechanical and aerospace engineering at NC State.

To explore questions related to sunlight's efficiency at evaporating water, the researchers turned to computational simulations. This allowed them to alter different parameters associated with sunlight to see how those characteristics influence evaporation.

"Light is an electromagnetic wave, which consists – in part – of an oscillating electric field," Liu says. "We found that if we removed the oscillating electric field from the equation, it takes longer for sunlight to evaporate water. But when the field is present, water evaporates very quickly. And the stronger the electric field, the faster the water evaporates. The presence of this electric field is what separates light from heat when it comes to evaporating water."

But what exactly is the oscillating electric field doing?

"During evaporation, one of two things is happening," Raza says. "Evaporation either frees individual water molecules, which drift away from the bulk of liquid water, or it frees water clusters. Water clusters are finite groups of water molecules which are connected to each other but can be broken away from the rest of the liquid water even though they are still interconnected. Usually both of these things happen to varying degrees."

"We found that the oscillating electric field is particularly good at breaking off water clusters," says Liu. "This is more efficient, because it doesn't take more energy to break off a water cluster (with lots of molecules) than it does to break off a single molecule."

[...] "This work substantially advances our understanding of what's taking place in this phenomenon, since we are the first to show the role of the water clusters via computational simulation," says Liu.

Journal Reference:
Saqlain Raza, Cong Yang, Xin Qian, et al. Oscillations in incident electric field enhances interfacial water evaporation [open], Materials Horizons (DOI: 10.1039/D5MH00353A)

Original Submission

Arthur T Knackerbracket has processed the following story:

Deutsche Bahn (DB) and Siemens Mobility have managed to get an ICE test train to 405 km/h (251 mph) on the Erfurt-Leipzig/Halle high-speed line.

While China, with a maglev train hitting 650 km/h (404 mph) in just seven seconds, might regard the achievement as cute, it is a milestone for Germany, where exceeding 300 km/h (186 mph) on the rail network is rare.

The UK had its own attempt at going beyond traditional rail in the 1960s and the early 1970s with the Hovertrain, but the project was cancelled in 1973.

France pushed a steel-wheeled TGV to a record 574.8 km/h (357 mph) in 2007, yet the German achievement will inject a dose of pride into the country's beleaguered network, once an icon of efficiency.

According to a report in the UK's Financial Times, Deutsche Bahn delivers "one of the least reliable services in central Europe," even when compared to the UK's rail system, which is hardly a performance benchmark.

The test ran on a high-speed line that had been in continuous operation for ten years. According to Dr Philipp Nagl, CEO of DB InfraGO AG, no adjustments were needed.

"It is confirmation that infrastructure investments are the foundation for reliable, sustainable, and efficient mobility and logistics over generations," he said.

[...] Thomas Graetz, Vice President High Speed and Intercity Trains, Siemens Mobility, said: "Our goal was to gain in-depth insights into acoustics, aerodynamics, and driving behavior at extreme speeds." Mission accomplished – though what counts as "extreme speeds" seems to vary by country.

Trains on the UK's HS2 railway (whenever it finally opens) are expected to reach speeds of 360 km/h.

An insight into the technology behind Germany's rail network came last year, with an advertisement for an IT professional willing to endure Windows 3.11.

Original Submission

Arthur T Knackerbracket has processed the following story:

Arm-based servers are rapidly gaining traction in the market with shipments tipped to jump 70 percent in 2025, however, this remains well short of the chip designer's ambitions to make up half of datacenter CPU sales worldwide by the end of the year.

Market watcher IDC says Arm servers are attracting mass interest thanks mainly to the launch of large rack-scale configurations, referring to systems such as Nvidia's DGX GB200 NVL72, designed for AI processing.

In its latest Worldwide Quarterly Server Tracker, IDC estimates that servers based on the Arm architecture will account for 21.1 percent of total global shipments this year - not the 50 percent touted by Arm infrastructure chief Mohamed Awad in April.

Servers with at least one GPU fitted, sometimes styled as AI-capable, are projected to grow 46.7 percent, representing almost half of the total market value for this year. The fast pace of adoption by hyperscale customers and cloud service providers is fueling the server market, which IDC says is set to triple in size over just three years.

[...] IDC's regional market projections anticipate the US having the highest expansion with a 59.7 percent jump over 2024, which would see it account for almost 62 percent of the total server revenue by the end of 2025.

China is the other region heating up in the sales stakes, with IDC forecasting growth of 39.5 percent to make up more than 21 percent of the quarterly revenue worldwide. EMEA and Latin America are in single-digit growth territory at 7 and 0.7 percent, respectively, while Canada is expected to decline 9.6 percent this year due to an unspecified "very large deal" that happened in 2024.

Original Submission

canopic jug writes:

Bruce Schneier, along with Ryan Shandler and Anthony J. DeMattee, has published a a blog post on the role that confidence has in elections and, specifically, the role that electronic voting systems have had in undermining that trust.

This technological leap has made voting more accessible and efficient, and sometimes more secure. But these new systems are also more complex. And that complexity plays into the hands of those looking to undermine democracy.

In recent years, authoritarian regimes have refined a chillingly effective strategy to chip away at Americans’ faith in democracy by relentlessly sowing doubt about the tools U.S. states use to conduct elections. It’s a sustained campaign to fracture civic faith and make Americans believe that democracy is rigged, especially when their side loses.

Previously:

(2022) A Scientist's Quest for an Accessible, Unhackable Voting Machine
(2020) U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling
(2020) HBO's 'Kill Chain' Documentary Highlights Flaws in US Election Machines
(2019) Researchers Assembled Over 100 Voting Machines. Hackers Broke Into Every Single One.
(2019) DARPA's $10 Million Voting Machine Couldn't be Hacked at DefCon (for the Wrong Reasons)
(2019) Top Voting Machine Maker Reverses Position on Election Security, Promises Paper Ballots
(2019) Amid Worries About Election Security, Microsoft Unveils Voting Machine Software
(2018) I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
(2018) Def Con 26 Voting Village Sees an 11-Year-Old Crack a Voting Machine
and many more ...

Original Submission

An Anonymous Coward writes:

As a followup to this SN story, we have a ruling!

decathorpe (Fabio Valentini) posted:

Given feedback in this thread (and to a lesser extent, also on the mailing list) I have decided to withdraw this proposal.

• It is clear that the Fedora 44 target for this Change was too early. To some degree, I expected this to be the case, and was prepared to move the proposed implementation of the Change to a later release. Fedora 44 was just the earliest "reasonable" target. However, I think this also shows an inherent conflict in the current Changes process - if a big Change (like this one) is submitted quite early (out of caution!), that also front-loads the discussion and decision process instead of giving things more time. For example, I don't think the discussion would have been meaningfully different if the targeted release had been Fedora 46 instead of 44 - which is one of the reasons why I decided to withdraw the change instead of just re-targeting it at a later Fedora release.
• I don't think the problem that was attempted to be addressed with this proposal will go away. With more and more projects dropping official support for building / running their software on 32-bit architectures, it's just going to get worse over the next few years. Dealing with widely used software falling out from under our feet won't be fun. To some degree, always pushing the latest and greatest :tm: software in Fedora is also working against us here - if we just stuck with foo 1.0 LTS for 10 years, we just wouldn't need to care that foo 3.0 dropped support for running on 32-bit systems ...
• I am disappointed in some of the reactions this :double_exclamation_mark: proposal :double_exclamation_mark: has received, with some people apparently reading it in the most uncharitable way. It was a proposal that tried to address technical problems package maintainers and release engineering is facing, not some conspiracy to break the "gaming use case". That said, I was expecting a lot of feedback feedback on this one, but not hundreds of people shouting "DON'T DO THIS WHY DON'T YOU CARE ABOUT YOUR USERS I WILL SWITCH DISTROS IMMEDIATELY levels of feedback (though to some degree, I also blame clickbait "tech press" or YouTubers for that ...)

I am now looking forward to seeing actual (and actionable) counter-proposals.

— Fabio

Original Submission

canopic jug writes:

Standards nerd and technology enthusiast, Terence Eden, has analyzed the Brother printers' default password scandal in light of the UK computer security legislation.

So, to recap. The law says an Internet-connected device (including printers) must have a password which is not "based on or derived from publicly available information". As I understand it, having a serial-number based password is OK as long as you don't publicise the serial number. I expect that if it were printed on a sticker that would be fine. But because the serial can be discovered remotely, it fails at this point.

The UK law in question is The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023. Brother might also have crossed the line in California which had already outlawed default passwords from 2020 onward.

Previously:
(2025) Massive Privacy Concern: Over 40,000 Security Cameras Are Streaming Unsecured Footage Worldwide
(2024) Secure Boot is Completely Broken on 200+ Models From 5 Big Device Makers
(2022) An Update to Raspberry Pi OS Bullseye
(2018) Weak Passwords to be Banned in California

Original Submission

upstart writes:

Mexican drug cartel hacker spied on FBI official's phone to track and kill informants, report says:

In 2018, a hacker hired by the Mexican Sinaloa drug cartel run by the infamous kingpin Joaquín "El Chapo" Guzmán spied on the U.S. Embassy in Mexico City with the goal of identifying "people of interest" for the cartel to target and kill, according to a new U.S. government watchdog report.

[...] The hacker "offered a menu of services related to exploiting mobile phones and other electronic devices," and was able to observe people going in and out of the U.S. Embassy in Mexico's capital, according to the report, including the FBI assistant legal attaché, a federal agent who works overseas along with local law enforcement authorities.

Somehow — the report does not detail exactly how — the hacker was "able to use" the official's mobile phone number to "obtain calls made and received, as well as geolocation data, associated with" the official's phone.

According to the FBI, the hacker also accessed Mexico City's camera system to follow the attaché through the city and "identify people" who the attaché met with, read the report.

"According to the case agent, the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses," the report added.

[...] For years, Mexico has been at the bleeding edge of surveillance and hacking capabilities, on both sides of the drug war.

upstart writes:

Genetic Study Reveals Humanity's Longest Migration:

Modern humans are thought to have walked out of Africa around 60,000 years ago, and they kept going until they reached every habitable part of the planet. Researchers have now revealed more about the longest migration in human history. Reporting in Science, a new study has indicated that early Asians embarked on the longest prehistory migration of humans in history. This trek was over 20,000 kilometers long (12,427 miles), and took multiple generations of people traveling over thousands of years, as they moved from North Asia to the southernmost part of South America, on foot. Ice bridges are thought to have made this route possible.

This study involved a genetic analysis of over 1,537 individuals who are meant to represent 139 diverse ethnic groups. Patterns of ancestry were analyzed, such as sequences that were shared among individuals, or variations that arose and accumulated over time. These differences and similarities showed how various groups moved, adapted, and split apart as they encountered new environments during their journey from Africa, to North Asia, and finally to Tierra del Fuego in what is now Argentina.

We have some good news to share. The Stripe donation system, which some of you may have noticed has been unavailable for a while, is now fully functional again.

It took a bit of digging, but after a thorough investigation, kolie was able to isolate the problem and has successfully deployed a fix. A huge thank you is owed to him for his persistence in resolving this.

As all of you know, SoylentNews is a user-supported, community-run project. We rely entirely on the generosity of our readers to cover the server costs and other expenses that keep this site operational. Now that the donation pipeline is open again, it's time to pass around the hat.

If you find value in this community and have the means, please consider making a one-time or recurring donation. Every contribution, no matter the size, is critical in ensuring that everyone's favorite place for news and discussion can continue to operate and remain independent.

You can find the donation link here.

Feedback is always welcome. If you encounter any problems at all with the donation process, please let us know in the comments below so we can look into it. Thank you for your continued support.

Original Submission

upstart writes:

New theory proposes time has three dimensions, with space as a secondary effect:

Time, not space plus time, might be the single fundamental property in which all physical phenomena occur, according to a new theory by a University of Alaska Fairbanks scientist.

The theory also argues that time comes in three dimensions rather than just the single one we experience as continual forward progression. Space emerges as a secondary manifestation.

"These three time dimensions are the primary fabric of everything, like the canvas of a painting," said associate research professor Gunther Kletetschka at the UAF Geophysical Institute. "Space still exists with its three dimensions, but it's more like the paint on the canvas rather than the canvas itself."

Those thoughts are a marked difference from generally accepted physics, which holds that a single dimension of time plus the three dimensions of space constitute reality. This is known as spacetime, the concept developed more than a century ago that views time and space as one entity.

Kletetschka's mathematical formula of six total dimensions—of time and space combined—could bring scientists closer to finding the single unifying explanation of the universe.

Kletetschka's work, published April 21 in Reports in Advances of Physical Science, adds to a long-running body of research by theoretical physicists on a subject outside of mainstream physics.

He writes that his mathematical framework for three-dimensional time improves on others' proposals by making testable reproductions of known particle masses and other physical properties.

"Earlier 3D time proposals were primarily mathematical constructs without these concrete experimental connections," he said. "My work transforms the concept from an interesting mathematical possibility into a physically testable theory with multiple independent verification channels."

Arthur T Knackerbracket has processed the following story:

"In the cyber world, there's no such thing as a ceasefire," he told The Register.

If we see something in cyberspace that can disrupt us, we're going to attack it first, and we have that under US Cyber Command's mission

Bolukbas is chief technology officer and founder of Black Kite, a cyber-risk intelligence firm that assesses businesses' third-party supplier risks. His company also shares and receives threat intel with and from the US National Security Agency (NSA), as do other private security firms.

Prior to founding Black Kite in 2016, Bolukbas worked for NATO as a part of its counter cyberterrorism task force, helping member and partner countries harden their network defenses by simulating offensive cyber attacks against government agencies.

His final mission with NATO involved red-teaming a critical power grid in Kiev, Ukraine. Most of the facilities' systems were airgapped, isolated from external networks, which made it more difficult to break into. 

"It wasn't easy to target, so I said, 'OK, let me find the suppliers for this organization'," Bolukbas recalled. "I found 20 of them, picked one that would be the easiest to find and target, and used that to access the grid control panel, literally one command away from taking down the grid."

Shortly after, in 2015, Russia's Sandworm did shut off part of Ukraine's electricity grid, resulting in power outages for tens of thousands of Ukraine residents for a number of hours.

Ten years later, Bolukbas says he's worried about one of Iran's cyber-arms doing something similar to Israeli or American critical infrastructure in retaliation for the air strikes earlier this month.

"My belief is that they're going to go after the supply chain, because that's our weak spot," Bolukbas said, adding that while it's really difficult to breach the Pentagon's networks directly, Iran is "going to go after the supply chains of Israel and US Department of Defense suppliers."

He pointed to Russia compromising Western logistics firms and tech companies, including email providers, as a means of collecting valuable intel about Ukrainian targets and military strategy in that ongoing conflict. Russian cyberspies also breached internet-connected cameras at Ukrainian border crossings to track aid shipments, and targeted at least one provider of industrial control system (ICS) components for railway management, according to a joint government advisory issued last month.

hubie writes:

As AI kills search traffic, Google launches Offerwall to boost publisher revenue:

Google's AI search features are killing traffic to publishers, so now the company is proposing a possible solution. On Thursday, the tech giant officially launched Offerwall, a new tool that allows publishers to generate revenue beyond the more traffic-dependent options, like ads.

Offerwall lets publishers give their sites' readers a variety of ways to access their content, including through options like micropayments, taking surveys, watching ads, and more. In addition, Google says that publishers can add their own options to the Offerwall, like signing up for newsletters.

[...] Google notes that it's also using AI to determine when to display the Offerwall to each site visitor to increase engagement and revenue. However, publishers can set their own thresholds before the Offerwall is displayed, if they prefer.

Many of the solutions Offerwall introduces have been tried by publishers before, across a range of products and services. Micropayments, for instance, have repeatedly failed to take off. The economics don't tend to work, and there's additional friction in having to pay per article that's not been worth the payoff for readers or publishers alike, given implementation and maintenance costs.

[...] In Google's case, it's working with a third party, Supertab, which allows site visitors to pay a small amount to access the online content for a period of time — like 24 hours, a few days, a week, etc. The option (currently in beta) also supports subscription sign-ups and integrates with Google Ad Manager.

Google notes that publishers can also configure Offerwall to include their own logo and introductory text, then customize the choices it presents. One option that's enabled by default has visitors watch a short ad to earn access to the publisher's content. This is the only option that has a revenue share, and, on that front, it works the same way all Ad Manager solutions do, Google notes.

Another option has visitors click to choose from a set of topics they're interested in, which is then saved and used for ads personalization.

[...] However, early reports during the testing period said that publishers saw an average revenue lift of 9% after 1 million messages on AdSense, for viewing rewarded ads. Google Ad Manager customers saw a 5% to 15% lift when using Offerwall as well. Google also confirmed to TechCrunch via email that publishers with Offerwall saw an average revenue uplift of 9% during its year-plus in testing.

If Google AI is taking all of their clicks away, it would seem the publishers are over a barrel here and don't have much choice.

Original Submission

hubie writes:

Facebook is starting to feed its AI with private, unpublished photos

Always read the terms and conditions, folks:

For years, Meta trained its AI programs using the billions of public images uploaded by users onto Facebook and Instagram's servers. Now, it's also hoping to access the billions of images that users haven't uploaded to those servers. Meta tells The Verge that it's not currently training its AI models on those photos, but it would not answer our questions about whether it might do so in future, or what rights it will hold over your camera roll images.

On Friday, TechCrunch reported that Facebook users trying to post something on the Story feature have encountered pop-up messages asking if they'd like to opt into "cloud processing", which would allow Facebook to "select media from your camera roll and upload it to our cloud on a regular basis", to generate "ideas like collages, recaps, AI restyling or themes like birthdays or graduations."

By allowing this feature, the message continues, users are agreeing to Meta AI terms, which allows their AI to analyze "media and facial features" of those unpublished photos, as well as the date said photos were taken, and the presence of other people or objects in them. You further grant Meta the right to "retain and use" that personal information.

Meta's public stance is that the feature is "very early," innocuous and entirely opt-in: "We're exploring ways to make content sharing easier for people on Facebook by testing suggestions of ready-to-share and curated content from a person's camera roll. These suggestions are opt-in only and only shown to you – unless you decide to share them – and can be turned off at any time. Camera roll media may be used to improve these suggestions, but are not used to improve AI models in this test," reads a statement from Meta comms manager Maria Cubeta.

[...] And while Daniels and Cubeta tell The Verge that opting in only gives Meta permission to retrieve 30 days worth of your unpublished camera roll at a time, it appears that Meta is retaining some data longer than that. "Camera roll suggestions based on themes, such as pets, weddings and graduations, may include media that is older than 30 days," Meta writes.

Thankfully, Facebook users do have an option to turn off camera roll cloud processing in their settings, which, once activated, will also start removing unpublished photos from the cloud after 30 days.

Facebook is asking to use Meta AI on photos in your camera roll you haven't yet shared:

Facebook is asking users for access to their phone's camera roll to automatically suggest AI-edited versions of their photos — including ones that haven't been uploaded to Facebook yet.

The feature is being suggested to Facebook users when they're creating a new Story on the social networking app. Here, a screen pops up and asks if the user will opt into "cloud processing" to allow creative suggestions.

As the pop-up message explains, by clicking "Allow," you'll let Facebook generate new ideas from your camera roll, like collages, recaps, AI restylings, or photo themes. To work, Facebook says it will upload media from your camera roll to its cloud (meaning its servers) on an "ongoing basis," based on information like time, location, or themes.

[...] The creative tool is another example of the slippery slope that comes with sharing our personal media with AI providers. Like other tech giants, Meta has grand AI ambitions. Being able to tap into the personal photos users haven't yet shared on Facebook's social network could give the company an advantage in the AI race.

Unfortunately for end users, in tech companies' rush to stay ahead, it's not always clear what they're agreeing to when features like this appear.

[...] So far, there hasn't been much backlash about this feature. A handful of Facebook users have stumbled across the AI-generated photo suggestions when creating a new story and raised questions about it. For instance, one user on Reddit found that Facebook had pulled up an old photo (in this case, one that had previously been shared to the social network) and automatically turned it into an anime using Meta AI.

When another user in an anti-AI Facebook group asked for help shutting this feature off, the search led to a section called camera roll sharing suggestions in the app's Settings.

[...] Reached for comment, Meta spokesperson Maria Cubeta confirmed the feature is a test, saying, "We're exploring ways to make content sharing easier for people on Facebook by testing suggestions of ready-to-share and curated content from a person's camera roll."

"These suggestions are opt-in only and only shown to you – unless you decide to share them – and can be turned off at any time," she continued. "Camera roll media may be used to improve these suggestions, but are not used to improve AI models in this test."

The company is currently testing suggestions in the U.S. and Canada.

Original Submission

An Anonymous Coward writes:

https://www.bleepingcomputer.com/news/security/bluetooth-flaws-could-let-hackers-spy-through-your-microphone/

Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information.

Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are affected.

The list of impacted products includes speakers, earbuds, headphones, and wireless microphones.

The security problems could be leveraged to take over a vulnerable product and on some phones, an attacker within connection range may be able to extract call history and contacts.
Snooping over a Bluetooth connection

At the TROOPERS security conference in Germany, researchers at cybersecurity company ERNW disclosed three vulnerabilities in the Airoha systems on a chip (SoCs), which are widely used in True Wireless Stereo (TWS) earbuds.

The issues are not critical and besides close physical proximity (Bluetooth range), their exploitation also requires "a high technical skill set." They received the following identifiers:

        CVE-2025-20700 (6.7, medium severity score) - missing authentication for GATT services
        CVE-2025-20701 (6.7, medium severity score) - missing authentication for Bluetooth BR/EDR
        CVE-2025-20702 (7.5, high severity score) - critical capabilities of a custom protocol

ERNW researchers say they created a proof-of-concept exploit code that allowed them to read the currently playing media from the targeted headphones.

[...] Although the ERNW researchers present serious attack scenarios, practical implementation at scale is constrained by certain limitations.

"Yes — the idea that someone could hijack your headphones, impersonate them towards your phone, and potentially make calls or spy on you, sounds pretty alarming."

"Yes — technically, it is serious," the researchers say, adding that "real attacks are complex to perform."

The necessity of both technical sophistication and physical proximity confines these attacks to high-value targets, such as those in diplomacy, journalism, activism, or sensitive industries.

Airoha has released an updated SDK incorporating necessary mitigations, and device manufacturers have started patch development and distribution.

Nevertheless, German publication Heise says that the most recent firmware updates for more than half of the affected devices are from May 27 or earlier, which is before Airoha delivered the updated SDK to its customers.

Original Submission