There was one GM dealership in the whole United States that was allowed to install a “phone-mirroring system” to allow Android Auto and Apple CarPlay back inside GM’s EVs, but now that has been defunct.

Nico Demattia from TheDrive:

For some frustrated owners of GM‘s new electric cars, White Automotive seemed like a lifesaver. After GM decided to drop Apple CarPlay and Android Auto support in its Ultium-platform EVs, and soon its entire lineup, White stepped up with an aftermarket setup that dealers could install to restore both phone-mirroring systems to those models for new buyers. But that effort has already met its predictable end, as GM recently pushed the only Chevy dealer in the country that was installing them to stop—thereby also forcing White Automotive to discontinue the kit.

A source within GM confirmed to The Drive that the automaker had investigated how the integration was being done and found that it could have adverse impacts on “critical” vehicle functions and stop working altogether with future software updates. Meanwhile, the dealer in question—LaFontaine Chevrolet in Plymouth, Michigan—told us that GM instructed them to stop offering and installing White’s kit. And without that distribution channel, or any chance of getting another dealer on board, White Automotive—who declined to comment directly for this story—had to shut down the project.

Considering this aftermarket system gave users full control of the entire dash including the gauge cluster, it is a high-risk and safety concern if something were to go wrong.

The kit supported both wired and wireless projection for Apple and Google’s smartphones and integrated them across the cars’ infotainment screens, digital gauge clusters, and heads-up displays. It was a comprehensive implementation; drivers could even summon Siri or Google Assistant just as they would if those features were integrated from the factory.

Quite frankly, I’m surprised GM even allowed this one dealership to perform these installations. If they have a hard stance against CarPlay and Android Auto, just stick to it and don’t give people false hope that there is a solution. Now these poor customers are out probably several grand with hardware that is obsolete overnight:

If you check the listing on the company’s page now, its title merely reads, “This product has been discontinued,” and the associated image is blank. Below, a statement addressed to “valued customers,” reads:

“We have made the difficult decision to discontinue this product. Rather than removing it from our website entirely, we wanted to leave this notice so customers are aware of its discontinuation. This was not a decision we made lightly, but due to a variety of factors, continuing to offer this product is no longer viable in the long term.”

Where is the EU when you need them?

Juli Clover from MacRumors:

The U.S. Department of Justice recently cracked down on an international crime ring that targeted expensive electronics like the iPhone, with the workings of the complex crime system detailed in a report from The Wall Street Journal.

Thirteen members of an international network worked to steal FedEx shipments of iPhones from people's porches, using automated scripts to scrape data from FedEx tracking systems and also bribing corrupt employees from AT&T. The employees took payments to share confidential customer information from a company order tracking system, snapping images of customer names, addresses, and tracking numbers.

Some members of the criminal network obtained and sold delivery information, while others, called runners, purchased that info and physically stole the ‌iPhone‌ packages from doorsteps just minutes after they were delivered.

I didn’t have a porch pirate steal my Apple Watch Ultra 2 that I had shipped from Best Buy, but it was already stolen when it was returned to Best Buy. I bought one in “Open Box Excellent” condition and when I unboxed it, there was no watch inside, even though it still had the pull tabs on it as if it was sealed. You can read about my full experience, but just know that even if your package does manage to make it to your hands, do yourself a huge favor and record your unboxing experiences so you can prove your innocence. Thankfully the Apple Watch band comes in a separate box from the watch, and I was able to record the band unboxing which proved I wasn’t the culprit.

In another instance just a few days later, I ordered a brand new iPhone SE from Apple directly and it came through FedEx. The packaging was suspect. If you order directly from Apple, you know that the shipping box is catered towards the product you’re receiving, and even the shipping box has pull tabs on it similar to the product packaging itself. You never need a knife or have to muscle your way into the box.

Never.

This package had regular clear tape on it, and the piece of tape with the pull tab was tucked underneath the flap, making it useless and showed either signs of tampering, or someone who didn’t apply the tape correctly and decided to put regular tape on it.

I wasn’t taking any chances and decided to record the unboxing experience. This time I wasn’t missing anything, but the question still remains: was someone trying to steal the iPhone and decided it was too risky and just sealed it back up with regular tape, or did someone just improperly put on the pull-tab tape and decide to fix it with some tape? Either way, take a look at what I’m talking about but please record your unboxings.

Arin Waichulis from 9to5Mac:

Security researchers at Mysk first discovered the flaw after noticing that their iPhone’s App Privacy Report showed Passwords had contacted a staggering 130 different websites over insecure HTTP traffic. This prompted the duo to investigate further, finding that not only was the app fetching account logos and icons over HTTP—it also defaulted to opening password reset pages using the unencrypted protocol. “This left the user vulnerable: an attacker with privileged network access could intercept the HTTP request and redirect the user to a phishing website,” Mysk told 9to5Mac.

“We were surprised that Apple didn’t enforce HTTPS by default for such a sensitive app,” Mysk states.

Most modern websites nowadays allow unencrypted HTTP connections but automatically redirect them to HTTPS using a 301 redirect. It’s important to note that while the Passwords app before iOS 18.2 would make a request over HTTP, it would redirected to the secure HTTPS version. Under normal circumstances, this would be totally fine, as the password changes occur on an encrypted page, ensuring that credentials are not sent in plaintext.

However, it becomes a problem when the attacker is connected to the same network as the user (i.e. Starbucks, airport, or hotel Wi-Fi) and intercepts the initial HTTP request before it redirects. From here they could manipulate the traffic in a few ways.

Mysk’s video is short but direct and to the point to help visualize how phishing works.

Perfect time for Apple to report this security bug, when all news outlets are focused on Apple Intelligence and Siri’s failures. Also a perfect time to remind your loved ones not to trust public Wi-Fi networks.

Update: 3/1/2025 - Got my refund from Best Buy, but no explanation or any details about the investigation. Probably something they won’t share with consumers.

I mentioned earlier how Best Buy was going to give me a refund simply because I told them I didn’t receive a watch inside the package. It turns out I was misinformed by the person who helped me with this case. This actually makes a ton of sense though because if it was as simple as calling Best Buy and telling them there was nothing in the package, what is there to stop anyone from simply abusing that policy? They do want to do an investigation, which makes perfect sense.

They got back to me via email and kindly requested pictures of the product packaging and the shipping box. I one-upped that request with detailed photos and a video of me unboxing the watch strap box, tearing the seals and finding even more overly engineered cardboard.

I do expect to get a full refund eventually, but in today’s day and age, it is worth your time to take photos of the shipping box, along with a video of you unboxing your expensive, high-value items. I personally believe that without the video I made, it would be hard for me to prove my innocence.

Stay tuned.

Update: changed title to current title from previous title - PSA: Record your unboxings so you can prove your innocence.

I bought an Apple Watch Ultra 2 from Best Buy Geek Squad Refurbished, and I had a “unique” unboxing experience. It was advertised as “Open Box Excellent,” and when I opened the outer packaging, I got excited because the inner box that holds the Apple Watch still had the white plastic seals on it, signifying a brand new, unopened watch.

I tore the tabs off, and inside the box was the charger…and no watch.

I was not disappointed as much as I should have been, but I was actually impressed. How did they seal this package back up and make it look like a brand new seal? I inspected the pull tabs on the seal and on the box, and nothing looked like it was put back together or jimmy-rigged in some way.

There was still the watch band to unbox, but this time I recorded it. The box felt suspiciously light, but the Alpine Loop is light too, so it was anybody’s guess if there was a band inside. When I pulled the sealed tab, there was an empty cardboard shell that holds the Alpine Loop.

Ouch.

The thieves have upped their game, but thankfully Best Buy is siding with the customer (me) and will be refunding me without even needing my video proving my innocence.

Not sure if other retailers/sellers will make it this easy to get a refund, but do yourself a favor and record your unboxings of any high-demand product, especially if it’s used.

An open letter from Watches of Espionage, letting JD Vance know of the obvious security risks for a Vice President to be wearing a smartwatch.

Not a politically charged piece, just one that makes sense.

Apple released Stolen Device Protection (SDP) in response to criminals successfully ruining people’s lives by using an iPhone’s password to reset the victim’s iCloud password.

In 2023 the New York Times did a report on this new tactic, summarized on TidBITS:

Watch the video, but in short, a ne’er-do-well gets someone in a bar to enter their iPhone passcode while they surreptitiously observe (or a partner does it for them). Then the thief steals the iPhone and dashes off. Within minutes, the thief has used the passcode to gain access to the iPhone and change the Apple ID password, which enables them to disable Find My, make purchases using Apple Pay, gain access to passwords stored in iCloud Keychain, and scan through Photos for pictures of documents that contain a Social Security number or other details that could be used for identity theft. After that, they may transfer money from bank accounts, apply for an Apple Card, and more, all while the user is completely locked out of their account.

And yes, they’ll wipe and resell the iPhone too. Almost no crimes like this have been reported by Android users, with a police officer speculating that it was because the resale value of Android phones is lower. In the video, Joanna Stern said a thief with the passcode to an Android phone could perform similar feats of identity and financial theft.

Apple’s response? Stolen Device Protection:

With Stolen Device Protection, some features and actions have additional security requirements when your iPhone is away from familiar locations such as home or work. These requirements help prevent someone who has stolen your device and knows your passcode from making critical changes to your account or device.

• Face ID or Touch ID biometric authentication: Some actions such as accessing stored passwords and credit cards require a single biometric authentication with Face ID or Touch ID — with no passcode alternative or fallback — so that only you can access these features.

• Security Delay: Some security actions such as changing your Apple Account password also require you to wait an hour and then perform a second Face ID or Touch ID authentication.

In the event that your iPhone is stolen, the security delay is designed to prevent a thief from performing critical operations so that you can mark your device as lost and make sure your Apple account is secure.

Thieves can still come after you if they see you entering your passcode because they’re hoping you don’t have this feature enabled, or they might not be aware of it themselves.

The goal shouldn’t be to prevent thieves from breaking into your accounts and your life, the goal is to prevent them from taking your iPhone in the first place. Even if you have all the safety measures in place and your phone gets swiped, you’re still without a phone, which will be expensive to replace and will take hours to get everything synced up again.

The best way to stop this is to hide your password when typing it in, but sometimes we might be in a hurry and forget to keep our guard up. Not to mention this type of attack is common in bars, so your guard is already lowered.

The next best thing? Change your password to an alphanumeric one.

You don’t have to actually change your password, but you do have to add something at the end of it. Like a period.

Say your passcode was “090708”. You can change your passcode and add a period, so your password is now “090708.” If the potential thief does see you entering your passcode, they will see the alphanumeric keyboard and will be more likely to skip past you because it’s almost impossible to really see what someone is typing. The keyboard is small enough, even on the Pro Max models, that your “fat finger” will obscure what you’re typing, compared to the huge numeric keypad.

It also helps to turn off haptics when typing in your code since people can’t hear how long your password is.

Over time, you’ll actually get faster at typing the alphanumeric code since it is all number based, but no one would know you would do such a thing…unless they read my blog.

I tried to be even slicker and just keep the exact same password even though I selected an alphanumeric option and keyboard, but the iPhone defaults back to a numeric keypad, so I had to add the period.

Tim Hardwick from MacRumors:

OpenAI has expanded the capabilities of its ChatGPT app for macOS, adding support for Apple Notes and a range of popular third-party apps. The update builds on last month's release that introduced the ability to read on-screen content from select Mac apps…

OpenAI says that users maintain full control over which apps ChatGPT can access, and all data handling follows the same OpenAI privacy protocols as the app's regular conversation history. The expanded app integration feature remains exclusive to paid subscribers, including ChatGPT Plus, Pro, Team, Enterprise, and Edu users.

You do have to give ChatGPT permission to use the app, but that’s a lot of sensitive data to give to a 3rd party application, especially one as controversial as ChatGPT. People store all kinds of data in their Notes, including passwords, personal reflections, Driver’s license, medical and financial information, you name it.

I’m a free user of ChatGPT, so I have nothing to worry about, for now.

You can easily screw yourself over if you don’t use the Water Lock feature on the Apple Watch.

Whether you are swimming or taking a shower, you need to turn it on or else your screen will do crazy things.

Water conducts electrons like our fingers and can register touches and gestures on the touch screen. If you’re in the shower, the overwhelming amount of water can cause unpredictable behavior on your watch. 

I have had the following two scenarios happen to me because I forgot to turn on Water Lock when jumping in the shower:

1. My mail app was open, and the watch had swiped left on an email to delete it. I noticed it just in time, but I could have unknowingly lost an important email I couldn't’ afford to lose.

2. In a separate incident, I was getting out of the shower and I heard voices coming to me. I glanced at my watch and realized that I was on an active call with my mom who was trying to talk to figure out what the heck was going on!

Do yourself a favor, and turn on Water Lock before jumping in the shower. That way you won’t have to worry about your watch accidentally opening apps, calling people, or deleting your emails.

I was reading about Microsoft’s AI based Recall feature, and I thought to myself, what if that feature was on the Mac? Would sensitive information be blurred out when screenshots were automatically being captured?

The most sensitive app on your iPhone, iPad, or Mac is the Passwords app, and if it were to be “screenshotted,” it should blur the passwords.

On iOS and iPadOS, the Passwords app blurs all passwords when you take a screenshot. Even if you want to display the password in large type, the whole screenshot is a giant white blank screen, which is awesome. Even if the password field is obscured with dots (•••••••••••), taking a screenshot makes that whole field completely blank so you don’t even know how long the password is.

Here are 4 screenshots on iOS, showing the completely blank password field:

Now compare that to what you actually see when you are in the Passwords app on iOS (or iPadOS):

In general, iOS and iPadOS do a great job of obscuring your password when taking a screenshot in their app.

On macOS, that is not the case.

I opened the Passwords app and started taking screenshots, and it faithfully captures everything your eyes can see:

• If your password is hidden with dots, you will see the dots.

• If you hover over your password revealing itself and then you take a screenshot, you will see the password.

• If you choose the option to display the password in large type and then take a screenshot, you will see the password.

This is the complete opposite of iOS and iPadOS, and something Apple should address.

This might not be a security risk, but it can be in certain scenarios:

1. You save your screenshots to the cloud by default, making your passwords exposed to other individuals who might share the same iCloud folders as you.

2. You have multiple monitors and your passwords app is on your secondary (or tertiary) monitor. Many people don’t know or forget that when you take a screenshot, all of your monitors are being captured.

3. You have a custom mouse that has hotkeys for screenshotting, and you accidentally capture screenshots without your knowledge.

If this Recall feature was on macOS today, would you even want to open your Passwords app, knowing that the computer is taking screenshots in the background and capturing your sensitive information?

Not to worry, because Microsoft has a beta feature called Recall. Here is what it does in a nutshell:

If you opt in to the feature, then as you use your PC, a snapshot of your active screen will be saved every few seconds and when the content of your active window changes. Snapshots are also protected with Windows Hello, so that you are the only signed in user can access Recall content. Recall allows you to search for content, including both images and text, using the clues you remember. Trying to remember the name of the sustainable restaurant you saw last week? Just ask Recall and it retrieves both text and visual matches for your search, automatically sorted by how closely the results match your search. Recall can even jump back into the content you saw.

How safe is it?

To use Recall you need to opt in to saving snapshots, which are screenshots of your activity. Snapshots and the contextual information derived from them are saved and encrypted to your local hard drive. Recall does not share snapshots or associated data with Microsoft or third parties, nor is it shared between different Windows users on the same device. Windows will ask for your permission before saving snapshots. You are always in control, and you can delete snapshots, pause or turn them off at any time. Any future options for the user to share data will require fully informed explicit action by the user.

Do we really need our computer to constantly take screenshots of our online activity? Sounds overboard, even if the information is encrypted locally. I know that if Apple were to do something like this for the Mac, I would keep it disabled. Thankfully this feature is an opt-in feature for Windows users.

Since it is still in beta, there are still lots of security risks since Recall has trouble discerning sensitive websites and screenshots sensitive information.

Rushil Agrawal from Android Authority:

Apple, the tech giant that has built its reputation on safeguarding customer privacy, is now facing a lawsuit that claims its own employees aren’t getting the same treatment. Amar Bhakta, an employee in Apple’s advertising technology division, has accused the company of prying into workers’ personal lives through iCloud accounts and non-work devices.

The main issue here is the blending of personal and work iCloud accounts, and Apple “actively discouraging” the use of separate iCloud accounts:

The heart of the issue seems to be Apple’s policy of requiring employees to use Apple devices for work, which, combined with restrictions on company-owned devices, often leads employees to use their personal iPhones and Macs. This, in turn, necessitates the use of personal iCloud accounts, allegedly exposing personal data to company scrutiny.

For employees who’d rather not have their personal lives exposed, the alternative isn’t much better. The suit claims Apple “actively discourages” setting up separate iCloud accounts for work purposes, making it nearly impossible to avoid this blending of work and personal data.

Active discouragement of employees to use separate iCloud accounts for work will be what the case will revolve around.

Could just be a controlling manager, or something much bigger.

Not a good look for Apple.

With iOS 16 and later, Apple has made it a lot easier to find your Wi-Fi password and other Wi-Fi passwords that you have connected to.

With iOS 18, it’s way easier since you can do it from the Passwords app. 

I didn’t even know you could look at a Wi-Fi password when someone shares it with you, until I looked at the Wi-Fi category in the Passwords app.

I went to a relative’s house recently who likes to keep a low profile, and they are always reluctant to share their Wi-Fi password. They don’t even keep bluetooth on, so they have to manually type their password into my phone or my kids’ devices whenever we come over. 

Once he entered the password on my iPhone, I just went into the Passwords app, went under the Wi-Fi category, and voila! There was the password. 

They were surprised to find out how I knew it, but it shows you why you need to make sure that password is not used anywhere else. A lot of people (around 78%) use the same password for multiple accounts, and if you’re using your Wi-Fi password for something else, now is a good time to change it.

The short answer is no, but the devil is in the details.

With iOS 18, Apple has introduced RCS messages, which is a new industry standard in messaging that allows you to send high quality videos and photos instead of those abysmally low-resolution photos and videos you currently send to your fellow Android users.

RCS also supports delivery and read message receipts just like iMessage.

In a nutshell, it makes your interaction with non-iPhone users more like iMessage, while still keeping the green bubble.

Not all carriers support RCS, but remember one thing.

One very important thing.

RCS is not end-to-end encrypted.

According to Apple’s site:

Apple’s implementation of RCS is based on the industry’s standard. RCS messages aren’t end-to-end encrypted, which means they're not protected from a third-party reading them while they're sent between devices.

Besides the messages themselves, What other sensitive information about you can be transmitted when using RCS? 

More than you think:

User identifiers are exchanged for your carrier and their partners to authenticate your device and provide a connection. These identifiers could include but are not limited to your IMEI, IMSI, current IP address, and phone number. Your current IP address might also be shared with other RCS users.

It’s funny how all the news around RCS focuses on high end photo and video transmission, but no one emphasizes that it is just as insecure as regular SMS/MMS.

If you really want to have secure group chats that allow high quality images and videos, stick with a more secure platform such as WhatsApp.

Or better yet, you could just convince your friends to get an iPhone and use iMessage, which is end-to-end encrypted.