Serbian Student’s Android Phone Compromised By Exploit From Cellebrite

An anonymous reader quotes a report from Ars Technica: Amnesty International on Friday said it determined that a zero-day exploit sold by controversial exploit vendor Cellebrite was used to compromise the phone of a Serbian student who had been critical of that country’s government. […] The chain exploited a series of vulnerabilities in device drivers the Linux kernel uses to support USB hardware. “This new case provides further evidence that the authorities in Serbia have continued their campaign of surveillance of civil society in the aftermath of our report, despite widespread calls for reform, from both inside Serbia and beyond, as well as an investigation into the misuse of its product, announced by Cellebrite,” authors of the report wrote.

Amnesty International first discovered evidence of the attack chain last year while investigating a separate incident outside of Serbia involving the same Android lockscreen bypass. […] The report said that one of the vulnerabilities, tracked as CVE-2024-53104, was patched earlier this month with the release of the February 2025 Android Security Bulletin. Two other vulnerabilities — CVE-2024-53197 and CVE-2024-50302 — have been patched upstream in the Linux kernel but have not yet been incorporated into Android. Forensic traces identified in Amnesty International’s analysis of the compromised phone showed that the Serbian authorities tried to install an unknown application after the device had been unlocked. The report authors said the installation of apps on Cellebrite-compromised devices was consistent with earlier cases the group has uncovered in which spyware tracked as NoviSpy spyware were installed.

As part of the attack, the USB port of the targeted phone was connected to various peripherals during the initial stages. In later stages, the peripherals repeatedly connected to the phone so they could “disclose kernel memory and groom kernel memory as part of the exploitation.” The people analyzing the phone said the peripherals were likely special-purpose devices that emulated video or sound devices connecting to the targeted device. The 23-year-old student who owned the phone regularly participates in the ongoing student protests in Belgrade. Any Android users who have yet to install the February patch batch should do so as soon as possible.

Read more of this story at Slashdot.

Google’s Taara Hopes To Usher in a New Era of Internet Powered by Light

Alphabet’s X division has developed a silicon photonic chip for its Taara project, which transmits internet via laser beams instead of fiber optic cables. The system delivers 20Gbps through “light bridges” that establish line-of-sight connections between transceiver units. The second-generation technology miniaturizes previous mechanical components — including gimbals, mirrors, and lenses — into solid-state circuitry the size of a fingernail.

This chip enables a single laser transmitter to potentially pair with multiple receptors, significantly reducing costs from the current ~$30,000 per bridge setup. Taara has already demonstrated real-world viability by connecting Brazzaville and Kinshasa across the Congo River, providing the latter with five-fold cheaper internet access, and supplementing bandwidth at Coachella 2024. Project leader Mahesh Krishnaswamy claims Taara can deliver “10, if not 100 times more bandwidth” than Starlink in dense areas. X’s Astro Teller suggests this technology could form the foundation for 7G networks as radio frequency bands become increasingly congested. Taara will soon “graduate” from X and seek external funding, with Alphabet maintaining a significant stake.

Further reading: Official blog post.

Read more of this story at Slashdot.

3D Software Company Autodesk Cuts 1,350 Jobs To Boost AI Investment

Autodesk said it would cut 1,350 employees, or about 9% of its workforce, as part of a pivot to the cloud and artificial intelligence. Fast Company reports: Companies across sectors such as architecture, engineering, construction, and product design are making extensive use of Autodesk’s 3D design solutions, with the software maker’s artificial intelligence and machine learning capabilities further driving spending on its products. Autodesk saw a 23% jump in total billings to $2.11 billion in the fourth quarter ended January 31.

The company’s international operations have particularly shown strength, while analysts have also noted that the company was outpacing peers in the manufacturing sector, driven by the performance of its “Fusion” design software.

Read more of this story at Slashdot.

SpaceX readies a redo of last month’s ill-fated Starship test flight

SpaceX plans to launch the eighth full-scale test flight of its enormous Starship rocket as soon as Monday after receiving regulatory approval from the Federal Aviation Administration.

The test flight will be a repeat of what SpaceX hoped to achieve on the previous Starship launch in January, when the rocket broke apart and showered debris over the Atlantic Ocean and Turks and Caicos Islands. The accident prevented SpaceX from completing many of the flight’s goals, such as testing Starship’s satellite deployment mechanism and new types of heat shield material.

Those things are high on the to-do list for Flight 8, set to lift off at 5:30 pm CST (6:30 pm EST; 23:30 UTC) Monday from SpaceX’s Starbase launch facility on the Texas Gulf Coast. Over the weekend, SpaceX plans to mount the rocket’s Starship upper stage atop the Super Heavy booster already in position on the launch pad.

Read full article

Comments

Apple Accused of Misleading Consumers With Apple Watch ‘Carbon Neutral’ Claims

Apple is facing a class action lawsuit alleging it misled consumers by falsely claiming certain Apple Watches were carbon neutral, as the carbon offset projects it relied on did not effectively reduce greenhouse gas emissions. The Verge reports: Apple said in 2023 that “select case and band combinations” of its Apple Watch Series 9, Apple Watch Ultra 2, and Apple Watch SE would be the company’s first carbon neutral devices. The suit was filed on behalf of anyone who bought those watches. It alleges that the products were not really carbon neutral because they relied on faulty offset projects that didn’t actually reduce the company’s greenhouse gas pollution. […]

The company’s carbon neutral claims were false, and the seven plaintiffs would not have purchased the Apple Watches or paid as much for them had they known that, the lawsuit alleges. “Apple’s false advertising may lead [consumers] to choose its products over genuinely sustainable alternatives,” the complaint (PDF) filed in a California federal court on Wednesday says.

Apple is standing by its assertions. “We are proud of our carbon neutral products, which are the result of industry-leading innovation in clean energy and low-carbon design,” Apple spokesperson Sean Redding said in an email. Redding says the company reduced Apple Watch emissions by more than 75 percent. The company focused on cutting pollution from materials, electricity, and transportation used to make the watches, in part by getting more of its suppliers to switch to clean energy. To deal with the remaining pollution, Redding says Apple invests in “nature-based projects to remove hundreds of thousands of metric tons of carbon from the air.” That’s where the new lawsuit finds problems.

To offset their emissions, many companies buy carbon credits from forestry projects that represent tons of planet-heating carbon dioxide that trees and soil naturally trap. Apple primarily purchased credits from the Chyulu Hills project in Kenya and the Guinan Project in China, the suit says. It alleges that neither of the projects met a basic standard for carbon offsets, which is that they capture additional CO2 that would not otherwise have been sequestered had Apple not paid to support the project.

Read more of this story at Slashdot.

Microsoft Begins Turning Off uBlock Origin, Other Extensions In Edge

Microsoft Edge is following Chrome’s lead by disabling uBlock Origin and other Manifest V2-based extensions in its browser. Neowin reports: The latest Edge Canary version started disabling Manifest V2-based extensions with the following message: “This extension is no longer supported. Microsoft Edge recommends that you remove it.” Although the browser turns off old extensions without asking, you can still make them work by clicking “Manage extension” and toggling it back (you will have to acknowledge another prompt).

Google started phasing out Manifest V2 extensions in June 2024, and it has a clear roadmap for the process. Microsoft’s documentation, however, still says “TBD,” so the exact dates are not known yet. This leads to some speculating about the situation being one of “unexpected changes” coming from Chromium. Either way, sooner or later, Microsoft will ditch MV2-based extensions, so get ready as we wait for Microsoft to shine some light on its plans.

Another thing worth noting is that the change does not appear to be affecting Edge’s stable release or Beta/Dev Channels. For now, only Canary versions disable uBlock Origin and other MV2 extensions, leaving users a way to toggle them back on. Also, the uBlock Origin is still available in the Edge Add-ons store, which recently received a big update.

Read more of this story at Slashdot.

Benioff Says Salesforce Won’t Hire Engineers This Year Due To AI

Salesforce CEO Marc Benioff said his firm, San Francisco’s largest private employer, does not plan to hire engineers this year because of the success of AI agents created and used by the company. From a report: “My message to CEOs right now is that we are the last generation to manage only humans,” Benioff said Wednesday on Salesforce’s earnings call, indicating that companies of the future will have hybrid human and digital workforces. Benioff added that Salesforce’s mission is to become “the No. 1 digital labor provider, period” to other companies.

Read more of this story at Slashdot.

OpenAI Plans To Integrate Sora’s Video Generator Into ChatGPT

An anonymous reader quotes a report from TechCrunch: OpenAI intends to eventually integrate its AI video generation tool, Sora, directly into its popular consumer chatbot app, ChatGPT, company leaders said during a Friday office hours session on Discord. Today, Sora is only available through a dedicated web app OpenAI launched in December, which lets users access the AI video model of the same name to generate up to twenty-second-long cinematic clips. However, OpenAI’s product lead for Sora, Rohan Sahai, said the company has plans to put Sora in more places, and expand what Sora can create.

[…] OpenAI may be trying to attract users to ChatGPT by letting them generate Sora videos from the chatbot. Putting Sora in ChatGPT could also incentivize users to upgrade to ChatGPT’s premium subscription tiers, which may offer higher video generation limits. One of the reasons OpenAI launched Sora as a separate web app was to maintain ChatGPT’s simplicity, Sahai explained during the office hours. Since its launch, OpenAI has expanded Sora’s web experience, creating more ways for users to browse Sora-generated videos from the community. Sahai also said OpenAI “would love to build” a standalone mobile app for Sora, noting that the Sora team is actively looking for mobile engineers. OpenAI also plans to expand Sora’s generation capabilities to images, letting users create more photorealistic images than what’s currently possible with OpenAI’s DALL-E3 model.

Read more of this story at Slashdot.

Android 0-day sold by Cellebrite exploited to hack Serbian student’s phone

Amnesty International on Friday said it determined that a zero-day exploit sold by controversial exploit vendor Cellebrite was used to compromise the phone of a Serbian student who had been critical of that country’s government.

The human rights organization first called out Serbian authorities in December for what it said was its “pervasive and routine use of spyware” as part of a campaign of “wider state control and repression directed against civil society.” That report said the authorities were deploying exploits sold by Cellebrite and NSO, a separate exploit seller whose practices have also been sharply criticized over the past decade. In response to the December report, Cellebrite said it had suspended sales to “relevant customers” in Serbia.

Campaign of surveillance

On Friday, Amnesty International said that it uncovered evidence of a new incident. It involves the sale by Cellebrite of an attack chain that could defeat the lock screen of fully patched Android devices. The exploits were used against a Serbian student who had been critical of Serbian officials. The chain exploited a series of vulnerabilities in device drivers the Linux kernel uses to support USB hardware.

Read full article

Comments

An Appeals Court May Kill a GNU GPL Software License

The Ninth Circuit Court of Appeals is set to review a California district court’s ruling in Neo4j v. PureThink, which upheld Neo4j’s right to modify the GNU AGPLv3 with additional binding terms. If the appellate court affirms this decision, it could set a precedent allowing licensors to impose unremovable restrictions on open-source software, potentially undermining the enforceability of GPL-based licenses and threatening the integrity of the open-source ecosystem. The Register reports: The GNU AGPLv3 is a free and open source software (FOSS) license largely based on the GNU GPLv3, both of which are published by the Free Software Foundation (FSF). Neo4j provided database software under the AGPLv3, then tweaked the license, leading to legal battles over forks of the software. The AGPLv3 includes language that says any added restrictions or requirements are removable, meaning someone could just file off Neo4j’s changes to the usage and distribution license, reverting it back to the standard AGPLv3, which the biz has argued and successfully fought against in that California district court.

Now the matter, the validity of that modified FOSS license, is before an appeals court in the USA. “I don’t think the community realizes that if the Ninth Circuit upholds the lower court’s ruling, it won’t just kill GPLv3,” PureThink’s John Mark Suhy told The Register. “It will create a dangerous legal precedent that could be used to undermine all open-source licenses, allowing licensors to impose unexpected restrictions and fundamentally eroding the trust that makes open source possible.”

Perhaps equally concerning is the fact that Suhy, founder and CTO of PureThink and iGov (the two firms sued by Neo4j), and presently CTO of IT consultancy Greystones Group, is defending GPL licenses on his own, pro se, without the help of the FSF, founded by Richard Stallman, creator of the GNU General Public License. “I’m actually doing everything pro se because I used up all my savings to fight it in the lower court,” said Suhy. “I’m surprised the Free Software Foundation didn’t care too much about it. They always had an excuse about not having the money for it. Luckily the Software Freedom Conservancy came in and helped out there.”

Read more of this story at Slashdot.

AMD’s RX 9070 & 9070 XT Graphics Cards Ship Next Week For $550 & $600

AMD’s latest graphics cards now have a release date and prices.

AMD first announced RX 9070 and RX 9070 XT at CES 2025 in January, seemingly in response to Nvidia launching its RTX 50 series, but didn’t reveal the price or any details beyond the VRAM: 16GB of GDDR6 VRAM on both cards.

Now, the company says the two cards will ship on March 6, next Friday, for $550 and $650 respectively.

Clock
(Boost)
VRAM Bus TDP MSRP
Nvidia
RTX 5070
2.16 GHz
(2.51 GHz)
12GB
GDDR7
192-bit 250W $550
AMD
RX 9070
2.1 GHz
(2.5 GHz)
16GB
GDDR6
256-bit 220W $550
AMD
RX 9070 XT
2.4 GHz
(3.0 GHz)
16GB
GDDR6
256-bit 304W $600

RX 9070 and RX 9070 XT are designed to compete with NVIDIA’s RTX 5070, rather than taking on its higher-end cards. For the same price it offers 4GB more VRAM with a 256-bit bus width, compared to 192-bit for NVIDIA. But the tradeoff is that this VRAM is the older GDDR6, not the newer faster GDDR7.

Both cards introduce AMD’s new RDNA 4 architecture and are built on a 4nm process, down from 5nm on the previous RX 7000 series. They also introduce AMD’s second-generation AI accelerators which power FidelityFX Super Resolution 4 (FSR 4), AMD’s answer to Nvidia’s DLSS 4. But like Nvidia’s DLSS, FSR 4 also isn’t supported by the majority of VR games.

For native PC VR headsets, the RX 9070 series also supports DisplayPort 2.1a, which could support future 4K per eye headsets with 120Hz refresh rate or above.

Do you plan to get an RX 9070, or are you more tempted by Nvidia’s RTX 5070? Let us know your graphics cards plans in the discussion below.