Trump seeks to backtrack on 2017 comments on Comey firing

U.S. President Donald Trump sought to backtrack on comments last year in which he tied his decision to fire FBI Director James Comey to a probe into Russian election meddling, accusing NBC News on Thursday of “fudging” their interview, but offering no supporting evidence.

Philips Hue to Implement Support for Siri Shortcuts Later This Year

Philips is planning to introduce support for Apple’s Shortcuts feature in its Hue app in iOS 12, Philips announced today at the IFA electronics trade show in Berlin (via iCulture).

With the integration, Hue owners will be able to add lighting recipes to various Siri Shortcuts, such as shifting the lights in the dining room to a certain color with a Siri voice command like “Dinner Time,” as demoed by Philips.

Siri Shortcuts is a Siri feature designed to allow users to create multi-step shortcuts using first and third-party apps that can be activated by Siri voice command.

Shortcuts are deeply customizable, and third party apps like the Hue app are able to develop quick actions for Siri that can be incorporated into Shortcuts recipes. When Hue integration launches, Hue options will be available in the dedicated Shortcuts app.

The Hue shortcuts will be compatible with other shortcuts, so you can have a whole “Dinner Time” setup that not only changes the lights, but also does things like turn on music and text family members that the food is ready.

Siri is able to suggest frequently used Shortcuts right on the iPhone’s lock screen and Apple Watch, so if there are Hue-related lighting shortcuts that are often used, these options will be able to be implemented with a simple tap.

Right now, the Shortcuts app, which is what’s used to create these Siri Shortcuts, is available to developers in a beta capacity, but it will be released when iOS 12 is released. Sometime after that, Philips will presumably implement Shortcuts support.

Philips today also announced a new power feature that’s designed to allow Hue lights to retain their color and brightness settings after a power outage or after a lamp has been manually turned off, and the company is partnering with new lighting companies that include Makris, Kichler, Busch-Jaegar, Illumra, Koizumi, and John Lewis for its Friends of Hue program.
Discuss this article in our forums

John McAfee’s ‘unhackable’ Bitfi wallet got hacked — again

If the security community could tell you just one thing, it’s that “nothing is unhackable.” Except John McAfee’s cryptocurrency wallet, which was only unhackable until it wasn’t — twice.

Security researchers have now developed a second attack, which they say can obtain all the stored funds from an unmodified Bitfi wallet. The Android-powered $120 wallet relies on a user-generated secret phrase and a “salt” value — like a phone number — to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure.

But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen.

Using this “cold boot attack,” it’s possible to steal funds even when a Bitfi wallet is switched off. There’s a video below.

The researchers, Saleem Rashid and Ryan Castellucci, uncovered and built the exploits as part of a team of several security researchers calling themselves “THCMKACGASSCO” (after their initials). The two researchers shared them with TechCrunch prior to its release. In the video, Rashid is shown setting a secret phrase and salt, and running a local exploit to extract the keys from the device.

Rashid told TechCrunch that the keys are stored in the memory longer than Bitfi claims, allowing their combined exploits to run code on the hardware without erasing the memory. From there, an attacker can extract the memory and find the keys. The exploit takes less than two minutes to run, Rashid said.

“This attack is both reliable and practical, requiring no specialist hardware,” said Andrew Tierney, a security researcher with Pen Test Partners, who verified the attack.

Tierney was one of the hackers behind the first Bitfi attack. The McAfee-backed company offered a $250,000 bounty for anyone who could carry out what its makers consider a “successful attack.” But Bitfi declined to pay out, arguing that the hack was outside the scope of the bounty, and instead resorted to posting threats on Twitter.

This new attack, Tierney says, “meets the requirements of the bounty in spirit, even if it does not meet the specific terms that Bitfi have set.”

McAfee earlier this month said, “the wallet is hacked when someone gets the coins.”

Bill Powel, vice president of operations at Bitfi, told TechCrunch in an email that the company defines a hack “as anything that would allow an attacker to access funds held by the wallet.”

“Because the device does not store private keys, that is what prompted the unhackable claim,” he said.

When pressed, Powel did not address the specific claims of the cold boot attack. McAfee, who was copied on the email to Bitfi, did not respond.

Within an hour of the researchers posting the video, Bitfi said in a tweeted statement that it has “hired an experienced security manager, who is confirming vulnerabilities that have been identified by researchers.”

“Effective immediately, we are closing the current bounty programs which have caused understandable anger and frustration among researchers,” it added.

The statement also said it will no longer use the “unhackable” claim on its website.

Rashid said he has no immediate plans to release the exploit code so as to prevent the estimated few thousand Bitfi users from being put at risk.

Just last month, Bitfi won the Pwnie Award for Lamest Vendor Response, a traditional award given out at the Black Hat conference for companies that react the worst in response to security issues.

Mophie Unveils New Wireless Charging Options

Mophie today announced the launch of four new wireless charging products designed for the iPhone and other Qi-based smartphones, debuting the Charge Stream Vent Mount, the Charge Stream Desk Stand, and the Charge Stream Powerstation Wireless in standard and XL configurations.

The Charge Stream Vent Mount ($69.95) is designed to fit in most vehicles with a four-prong mount that slips over the air vent. It’s meant to accommodate one-handed smartphone insertion and removal, and should work with most smartphones regardless of size. Rubberized arms hold a device in place while charging, and for iPhones, it supports faster 7.5W charging speeds.

Mophie’s new Charge Stream Desk Stand ($69.95) , which is coming this fall, looks similar to its existing charging pad for iPhones. It offers 7.5W charging speeds while holding an iPhone or other smartphone upright in portrait or landscape mode. The charging pad can be removed from its steel frame and used as a traditional wireless charging pad if desired.

The Charge Stream Powerstation Wireless ($79.95) and the Charge Stream Powerstation Wireless XL ($99.95) work as a traditional wireless charging pad when near a wall outlet and as a 5W wireless charging battery pack when on the go. The Powerstation Wireless features a 6,040mAh capacity, while the Powerstation Wireless XL features a 10,000mAh capacity. An included USB-A port can also charge a second device.

With the exception of the Desk Stand, which is not yet available, all of the new wireless charging options can be purchased from the Mophie website starting today.
Discuss this article in our forums