The FBI silently removed Russian malware to thwart global cyberattacks

Attorney General Merrick B. Garland has revealed that the United States secretly removed malware from computer networks around the world over the past few weeks to pre-empt Russian cyberattacks. As The New York Times reports, Garland’s announcement comes shortly after the White House warned companies that Russia could attack critical infrastructure in the country, such as financial institutions and the electric grid. Apparently, the malware the US removed enabled the intelligence arm of the Russian military called the GRU to create botnets out of the infected computer networks. 

According to the Justice Department, the malware was designed to infect firewalls and made the compromised networks part of a botnet called Cyclops Blink. It’s controlled by Sandworm, a notorious group that the US government had previously connected to the GRU. Cyclops Blink is Sandworm’s latest known botnet, and it only came to light back in February. It’s still unclear what Russia was planning to do with the hijacked computers, but botnets are typically used to perform large-scale Distributed Denial of Service (DDoS) attacks, as well as to send spam and to compromise sensitive information. 

In its press release, the DOJ said the FBI notified owners of infected devices in the US before Cyclops Blink was identified in February 23rd. It also notified companies outside the country through local law enforcement partners. However, US authorities didn’t want to wait to find out what the botnet would be used for. 

The Justice Department and the FBI obtained secret court orders in the US and secured the help of governments worldwide to quietly remove the malware from infected devices. Those court orders even gave them the power to remotely remove the malware from American companies’ networks without their knowledge. After the feds disinfected the compromised machines, they also closed the external management ports Sandworm was using for access.

Over the past months, the Biden administration has been exposing as much intelligence on Russia as possible without giving away its actions to catch Putin off guard. This disclosure is just its latest effort to send a message to the Russian president. The fact that Sandworm infiltrated networks around the world to create a botnet just shows, however, that there’s a cyber warfare going on that might end up affecting countries other than Ukraine. If you’ll recall, a major cyberattack took down Ukraine’s government websites before the Russian invasion of the country began. Ukraine’s government, as well as US and UK authorities, blamed the attacks on the GRU.

Volvo says all its new vehicles now support over-the-air updates

Volvo now offers over-the-air (OTA) software updates across its entire vehicle lineup, it announced. After first introducing it on all-electric models like the XC40, it’s bringing the feature over to all new XC90, S60 and V60 ICE and hybrid vehicles. 

The latest update (Volvo’s eighth so far) will roll out to over 190,000 vehicles this week. Owners will get the latest version of Android Automotive OS with Android 11 on their infotainment systems, with new app categories on Google Play ranging from navigation to charging and parking. Video streaming is expected to arrive later in the year. 

Volvo extends over-the-air software updates to all its vehicles
Volvo S60 interior
Volvo

It also brings feature improvements around energy management, climate timers and mobile app functionality. The energy management updates will help keep the battery temperatures stable in both warm and cold weather to boost range and lower charging times. You’ll also see more frequent charging percentage updates during sessions.

Tesla pioneered over-the-air software updates on its Model S, X, 3 and other vehicles, assuring buyers that their EVs would get features found on newer models. It not only updates the software for entertainment and other systems (SOTA), but also firmware controlling the hardware (FOTA). Most automakers now offer some form of OTA updates, but many (BMW, Audi, Fiat) only deliver SOTA updates to the infotainment systems. 

Others, including GM and Ford, offer more extensive updates to vehicle systems, allowing them to improve range, performance and other factors. Volvo appears to fall into that category, improving not just the navigation and entertainment systems but charging and other features as well. It also promised that the infotainment system, developed jointly with Google, will feature on all new models across its lineup. 

TAG Heuer’s latest golf smartwatch offers more help with your shots

TAG Heuer was virtually certain to follow up its Connected Calibre E4 smartwatch with a version for golf enthusiasts, and it’s now clear you didn’t have to wait long. The watchmaker has introduced a Calibre E4 Golf Edition that melds the updated wristwear with some matching upgrades to your experience on the fairway. Most notably, the brand has overhauled the on-watch map interface to show more of the course and your game, including the distances for the target and tracking shot.

You can also expect automatic shot tracking when you swing at the tee — the feature will eventually come to the Apple Watch app, but it’s worth noting if you’re determined to perfect your drive. If you pair with an iPhone, you can also use TAG Heuer’s iOS app to share 3D videos of your best shots. Like you’d expect, the Golf Edition E4 has its share of game-inspired faces and a strap that not-so-subtly mimics the dimples on your ball.

This is otherwise the titanium 45mm Calibre E4 introduced in February, although that’s plenty if you want a reasonably current Wear OS watch. You’ll find a Snapdragon Wear 4100+ chip that promises both faster performance and 30 percent more battery life than previous models. An altimeter will help with your hiking trips, and the brighter screen will help on sunny golfing days. TAG Heuer should upgrade the watch to Wear OS 3 when it’s available.

The Connected Calibre E4 Golf Edition will be available this month for $2,650 with three Titleist balls and a spare marker in the box. That’s more than the regular titanium E4 ($2,550) and well above the $1,800 ‘entry’ price for the watch range. But let’s be honest: if you’re even considering a TAG Heuer smartwatch and already devote your weekends to golf, you can likely afford to pay the premium for this variant.

Google pulls apps that may have harvested data from millions of Android devices

Google has pulled dozens of apps used by millions of users after finding that they covertly harvested data, The Wall Street Journal has reported. Researchers found weather apps, highway radar apps, QR scanners, prayer apps and others containing code that could harvest a user’s precise location, email, phone numbers and more. It was made by Measurement Systems, a company that’s reportedly linked to a Virginia defense contractor that does cyber-intelligence and more for US national-security agencies. It has denied the allegations.

The code was discovered by researchers Serge Egelman from UC Berkeley and the University of Calgary’s Joel Reardon, who disclosed their findings to federal regulators and Google. It can “without a doubt be described as malware,” Egelman told the WSJ

Measurement Systems reportedly paid developers to add their software development kits (SDKs) to apps. The developers would not only be paid, but receive detailed information about their user base. The SDK was present on apps downloaded to at least 60 million mobile devices. One app developer said it was told that the code was collecting data on behalf of ISPs along with financial service and energy companies. Measurement Systems also said it wanted data mainly from the Middle East, Central and Eastern Europe and Asia. 

“A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals,” Reardon said in the AppCensus research blog.

Though Google has pulled those apps from the Play Store, the researchers noted that they still exist on millions of devices. At the same time, they found that the SDK stopped collecting user data after their findings were revealed.

The Measurement Systems domain was registered by a company called Volstrom Holdings Inc., which deals with the federal government through a subsidiary called Packet Forensics LLC. A company called Measurement Systems S de R.L. “also listed two holding companies as officers, both of which share a Sterling, Va., address with people affiliated with Volstrom,” the WSJ noted. 

In a statement, Measurement Systems told the WSJ by email that “the allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors nor are we aware of… a company called Vostrom. We are also unclear about what Packet Forensics is or how it relates to our company.”

Lenovo 為台灣帶來 Tab P12 Pro、Tab P11 5G 及 Yoga Tab 11 三款新平板

Lenovo 今天在台灣發表了三款 Android 平板「新品」,不過雖然說是新品,其實好像都已經是去年的東西了,一直到現在才在台灣上市。這包括了 Tab P12 Pro、Tab P11 5G、以及 Yoga Tab 11。

Mark Zuckerberg thinks this looks like a home office

Meta CEO Mark Zuckerberg — a real, human man who works — understands the plight of those who work remotely. The 37-year-old founder of one of the world’s largest companies is actually working remotely as you read this. But unlike you or me, Zuckerberg’s home office is in the metaverse. Zuckerberg on Facebook today teased an upcoming software update to the Quest 2’s Horizon Home that includes a home office space. It looks kind of like a Blue Bottle Coffee, or maybe a dentist’s office. But it’s in VR, you see.

It’s becoming glaringly clear that Zuckerberg wants the future of work to look like the world’s most boring VR video game. It’s less boot stamping on a human face forever, and more expensive, inconvenient solution in search of a problem. According to Zuckerberg, workers can use the metaverse office to take “Messenger calls, read emails or work on your next big project.” It’s also true that most of us can do those tasks just fine on our computers. But imagine the productivity boost you’ll get doing all these mundane tasks while strapped to a Quest 2 headset!

Meta’s Horizon, for those who don’t know, is a group of three social VR apps that rolled out last December. It includes Horizon Worlds (user-created experiences), Horizon Venues (sports and concerts) and Horizon Workrooms (work). They resemble 3D social playplaces, where users create their own avatars and interact with each other (all the while keeping a four-foot personal boundary from each other.) As of February, Worlds and Venues had around 300,000 users, against an estimated 10 million Quest 2 headsets sold. Dismal numbers, some might say. A company spokesperson would not disclose many people — including Meta employees — currently use Workrooms in any capacity.

Working in VR is still a relatively novel concept, mostly because it’s been terrible so far. If you’re curious about what kind of work applications are available in VR for Quest 2, there are still only a handful — two of which are Facebook and Instagram (both in beta). There are also apps for spreadsheets (Smartsheet), visual collaboration (MURAL), email (Spike) and VR versions of Dropbox and Slack.

If you want to know what it feels like to read your emails in VR, Lifewire took one for the team. While reading emails can become grating in the real world, the Quest 2 speedruns the experience and gets “uncomfortable after half an hour.” Spike’s VR app also lacks the ability to attach files to an email, a feature that has been available outside the metaverse since 1998.

While Workplaces might seem to an outsider like a complicated, physically nauseating way to perform tasks most people already hate doing, what matters most is how the product is being received by Meta’s audience.

“I really don’t see the point of it? Why would you need to do office work in a virtual world? It looks great for sure, but that’s about it,” wrote one user in the comments to Zuckerberg’s post.

From another enthused user: “How primal and old-fashioned. It looks like the futuristic spaces of the 80’s lol. Who in their right mind will waste their time on this.”

As dubious as a VR-enabled workspace may be, there’s still more interest than ever in all that virtual reality entails. IDC reported that more than 11.2 million VR/AR headsets were sold in 2021, a 92.1 percent increase from the year prior. The newly rebranded Meta Quest 2 (formerly known as the Oculus Quest 2) hit stores this week. The Quest 2 is currently the world’s best-selling VR headset, but that could change when Sony, Apple and other tech giants enter the space.

While we can’t know for sure how much Meta has spent developing digital cubicles specifically, the company plans to sink at least $10 billion in metaverse projects this year alone. For reference, WeWork —essentially a mass subletter of actual, physical offices — went public on a valuation of $9 billion — although simply buying up companies may no longer be a viable growth strategy.