Month: December 2022

Enlarge / Two examples of Stable Diffusion-generated artwork provided by Apple. (credit: Apple)

On Wednesday, Apple released optimizations that allow the Stable Diffusion AI image generator to run on Apple Silicon using Core ML, Apple's proprietary framework for machine learning models. The optimizations will allow app developers to use Apple Neural Engine hardware to run Stable Diffusion about twice as fast as previous Mac-based methods.

Stable Diffusion (SD), which launched in August, is an open source AI image synthesis model that generates novel images using text input. For example, typing "astronaut on a dragon" into SD will typically create an image of exactly that.

By releasing the new SD optimizations—available as conversion scripts on GitHub—Apple wants to unlock the full potential of image synthesis on its devices, which it notes on the Apple Research announcement page. "With the growing number of applications of Stable Diffusion, ensuring that developers can leverage this technology effectively is important for creating apps that creatives everywhere will be able to use."

(credit: Dsimic)

A developer's cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you're installing. The matching keys ensure the update actually comes from the company that originally made your app and isn't some malicious hijacking plot. If a developer's signing key got leaked, anyone could distribute malicious app updates and Android would happily install them, thinking they are legit.

On Android, the app-updating process isn't just for apps downloaded from an app store, you can also update bundled-in system apps made by Google, your device manufacturer, and any other bundled apps. While downloaded apps have a strict set of permissions and controls, bundled-in Android system apps have access to much more powerful and invasive permissions and aren't subject to the usual Play Store limitations (this is why Facebook always pays to be a bundled app). If a third-party developer ever lost their signing key, it would be bad. If an Android OEM ever lost their system app signing key, it would be really, really bad.

Guess what has happened! Łukasz Siewierski, a member of Google's Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. The post is just a list of the keys, but running each one through APKMirror or Google's VirusTotal site will put names to some of the compromised keys: Samsung, LG, and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart's Onn tablets.

Enlarge

Mayors' offices and courts in Russia are under attack by never-before-seen malware that poses as ransomware but is actually a wiper that permanently destroys data on an infected system, according to security company Kaspersky and the Izvestia news service.

Kaspersky researchers have named the wiper CryWiper, a nod to the extension .cry that gets appended to destroyed files. Kaspersky says its team has seen the malware launch “pinpoint attacks” on targets in Russia. Izvestia, meanwhile reported that the targets are Russian mayors' offices and courts. Additional details, including how many organizations have been hit and whether the malware successfully wiped data, wasn’t immediately known.

Wiper malware has grown increasingly common over the past decade. In 2012, a wiper known as Shamoon wreaked havoc on Saudi Arabia's Saudi Aramco and Qatar's RasGas. Four years later, a new variant of Shamoon returned and struck multiple organizations in Saudi Arabia. In 2017, self-replicating malware dubbed NotPetya spread across the globe in a matter of hours and caused an estimated $10 billion in damage. In the past year, a flurry of new wipers have appeared. They include DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, and RuRansom.

Enlarge / An early augmented reality demo by Apple, using a smartphone instead of a headset. (credit: Apple)

Apple's mixed-reality headset is still on track for an unveiling sometime next year, and its future operating system has a new name, according to a report published Thursday.

Bloomberg claims the name of the operating system has changed from the previously leaked "realityOS" to "xrOS." XR stands for extended reality—sometimes also called mixed reality—a commonly used catch-all term for both virtual reality (VR) and augmented reality (AR), as well as experiences that combine aspects of both.

In reports and leaks to date, Apple's next upcoming headset has been said to be an XR one, not strictly a VR or AR one—though there are also rumors of an AR-focused device that would launch later. The headset is set for a launch sometime next year, though it has been delayed many times before and may be yet again.

Enlarge / SpaceX Starlink satellite dish at Pelican Beach on Willard Bay Reservoir in Willard, Utah, in October 2022. (credit: Tony Webster (CC BY-SA 2.0))

Starlink Internet speeds are continuing to drop as more people use the service, new speed tests show. But SpaceX this week won approval to launch another 7,500 satellites, kicking off a second-generation deployment that will provide the broadband network more capacity in the long run.

SpaceX has been seeking permission to launch another 29,988 low-Earth orbit satellites, and the Federal Communications Commission partially granted the request in an authorization order released Thursday. "Specifically, we grant SpaceX authority to construct, deploy, and operate up to 7,500 satellites operating at altitudes of 525, 530, and 535 km and inclinations of 53, 43, and 33 degrees, respectively, using frequencies in the Ku- and Ka-band," the FCC said.

The FCC deferred action on the rest of the requested satellites. "To address concerns about orbital debris and space safety, we limit this grant to 7,500 satellites only, operating at certain altitudes," the FCC said. But the approval of 7,500 satellites "will allow SpaceX to begin deployment of Gen2 Starlink, which will bring next generation satellite broadband to Americans nationwide, including those living and working in areas traditionally unserved or underserved by terrestrial systems," the FCC said.

Enlarge / Artist's illustration of a quantum experiment that studies the physics of traversable wormholes.

Wormholes are a classic trope of science fiction in popular media, if only because they provide such a handy futuristic plot device to avoid the issue of violating relativity with faster-than-light travel. In reality, they are purely theoretical. Unlike black holes—also once thought to be purely theoretical—no evidence for an actual wormhole has ever been found, although they are fascinating from an abstract theoretical physics perceptive. You might be forgiven for thinking that undiscovered status had changed if you only read the headlines this week announcing that physicists had used a quantum computer to make a wormhole, reporting on a new paper published in Nature.

Let's set the record straight right away: This isn't a bona fide traversable wormhole—i.e., a bridge between two regions of spacetime connecting the mouth of one black hole to another, through which a physical object can pass—in any real, physical sense. "There's a difference between something being possible in principle and possible in reality," co-author Joseph Lykken of Fermilab said during a media briefing this week. "So don't hold your breath about sending your dog through a wormhole." But it's still a pretty clever, nifty experiment in its own right that provides a tantalizing proof of principle to the kinds of quantum-scale physics experiments that might be possible as quantum computers continue to improve.

"It’s not the real thing; it’s not even close to the real thing; it’s barely even a simulation of something-not-close-to-the-real-thing," physicist Matt Strassler wrote on his blog. "Could this method lead to a simulation of a real wormhole someday? Maybe in the distant future. Could it lead to making a real wormhole? Never. Don’t get me wrong. What they did is pretty cool! But the hype in the press? Wildly, spectacularly overblown."

A false color image of the measles virus. (credit: Arizona Department of Health)

A measles outbreak in the Columbus, Ohio, area has nearly tripled in the last two weeks as officials say they're struggling to identify the geographic spread of the outbreak and expect it to drag on for months.

Confirmed cases have risen from 18 in mid-November to the confirmed case count of 50, as of Friday morning. Twenty of the cases have required hospitalization. No deaths have been reported.

All of the sickened children are entirely unvaccinated. Nine of the cases are in babies under the age of 1 year, who are typically not yet eligible for vaccination. Twenty-six cases are in infants ages 1 to 2 years—who are eligible for their first dose. Ten cases are in toddlers ages 3 to 5—some of whom would have been eligible for their second dose—and there are five cases in children between the ages of 6 and 17.