iPhones

clicks-is-a-$139-iphone-case-for-people-who-hate-touchscreen-typing

Clicks is a $139 iPhone case for people who hate touchscreen typing

IPhone, iPhones, Keyboards, Tech / /
Clicks keyboard

There’s an app for the keyboard promising new features, but it’s not mandatory for the keyboard to work.

Clicks Technology

I used to be a speed demon on phone keyboards. Similar to when I use a mechanical keyboard, I could type with so much ease that during their early days of text messaging, people in my household would ask me to write out their longer messages. Those days of carefree cell phone typing hit a rut when I got my first iPhone.

Now, I can’t start without first looking at my touchscreen keyboard. And I almost always make at least one typo when writing long texts, emails, or documents. That’s why I’m intrigued by the latest attempt to bring old-school physical keyboards to iPhones.

A snap-on keyboard for the iPhone

On Thursday, Clicks Technology unveiled Clicks, a keyboard available for the iPhone 14 Pro, iPhone 15 Pro, and iPhone 15 Pro Max that snaps to the phone like a case. But instead of adding protection, it adds a physical keyboard. Each key boasts 0.22 mm of travel, Jeff Gadway, SVP of product marketing at Clicks, told Ars via email. That seems like miles compared to the flat nature of touchscreens.

Clicks Technology has hinted at plans for releasing Clicks in additional colors beyond what's seen here.

Clicks Technology has hinted at plans for releasing Clicks in additional colors beyond what’s seen here.

Clicks Technology

The keyboard connects via the iPhone’s Lightning or USB-C port (whichever the iPhone has). It uses iOS’s support for external keyboards, leveraging the human interface devices (HID) protocol. According to Clicks’ FAQ page, the company decided to forego Bluetooth to avoid pairing complications and latency. Users are supposed to still be able to charge their phones, including with wireless chargers, with Clicks connected.

But if you’re hoping to pair a traditional-style phone keyboard with traditional wired headphones, you’re out of luck. The company’s website says Clicks Technology is “working on a solution” to allow the keyboard and wired headphones to work simultaneously, but you have to pick one or the other for now. Clicks also isn’t considered compatible with MagSafe accessories, though the makers hope to change that eventually.

One look at Clicks’ layout, and I already see appeal in there being a Tab key, which the standard integrated iPhone keyboard lacks. Further, the keyboard is also supposed to make it easier to leverage keyboard shortcuts using its Command (CMD) key. Clicks’ makers highlight shortcuts like launching search (CMD + Space), getting to the home screen (CMD + H), and scrolling through web pages with the space key. Clicks claims to support keyboard shortcuts across “many” third-party apps, according to Thursday’s announcement.

Should the keyboard prove to work well and feel good, it could be a clever way to add more screen real estate for some iPhones since users won’t have a touchscreen keyboard hogging screen space at times. However, I’m curious to see how hard it is to hold and navigate a Clicks-equipped iPhone, including going from the physical keyboard to touchscreen as needed, for longer periods.

But Clicks also impacts iPhone battery life, even though the startup claims the effect is minimal.

“When the backlight is turned off, even on a heavy use day, battery usage will typically be less than ~2 percent. If the backlight is on, usage may increase up to another ~2 percent,” Clicks’ FAQ page, which we’ll have to take with a grain of salt, reads. The keyboard’s backlight turns off automatically after 5 seconds of the keyboard not being used and can be disabled. The keyboard also has an off switch.

When asked for further information, Gadway said the keyboard uses about 4.4 mAh when on but not in use.

“The background Wh consumption when the backlight is off is approximately 0.01628 Wh. It’s important to note that Wh is dependent on the voltage the battery uses, therefore we take the average of 3.7V,” he added.

Some might also be disappointed to notice that Clicks lacks a key for emojis, which have become so prominent in today’s culture that some mechanical keyboards and mice have started including integrated emoji buttons. Clicks says the keyboard doesn’t have an emoji button because iOS external keyboards do not currently support the feature. But there are still ways for Clicks users to bring up the emoji menu, including by pressing multiple keys that the keyboard does have. 

Clicks is a $139 iPhone case for people who hate touchscreen typing Read More »

4-year-campaign-backdoored-iphones-using-possibly-the-most-advanced-exploit-ever

4-year campaign backdoored iPhones using possibly the most advanced exploit ever

0day, Apple, Biz & IT, iPhones, malware, operation triangulation, Security, spyware / /

NO ORDINARY VULNERABILITY —

“Triangulation” infected dozens of iPhones belonging to employees of Moscow-based Kaspersky.

iphone with text background

Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.

“The exploit’s sophistication and the feature’s obscurity suggest the attackers had advanced technical capabilities,” Kaspersky researcher Boris Larin wrote in an email. “Our analysis hasn’t revealed how they became aware of this feature, but we’re exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.”

Four zero-days exploited for years

Other questions remain unanswered, wrote Larin, even after about 12 months of intensive investigation. Besides how the attackers learned of the hardware feature, the researchers still don’t know what, precisely, its purpose is. Also unknown is if the feature is a native part of the iPhone or enabled by a third-party hardware component such as ARM’s CoreSight

The mass backdooring campaign, which according to Russian officials also infected the iPhones of thousands of people working inside diplomatic missions and embassies in Russia, according to Russian government officials, came to light in June. Over a span of at least four years, Kaspersky said, the infections were delivered in iMessage texts that installed malware through a complex exploit chain without requiring the receiver to take any action.

With that, the devices were infected with full-featured spyware that, among other things, transmitted microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers. Although infections didn’t survive a reboot, the unknown attackers kept their campaign alive simply by sending devices a new malicious iMessage text shortly after devices were restarted.

A fresh infusion of details disclosed Wednesday said that “Triangulation”—the name Kaspersky gave to both the malware and the campaign that installed it—exploited four critical zero-day vulnerabilities, meaning serious programming flaws that were known to the attackers before they were known to Apple. The company has since patched all four of the vulnerabilities, which are tracked as:

Besides affecting iPhones, these critical zero-days and the secret hardware function resided in Macs, iPods, iPads, Apple TVs, and Apple Watches. What’s more, the exploits Kaspersky recovered were intentionally developed to work on those devices as well. Apple has patched those platforms as well. Apple declined to comment for this article.

Detecting infections is extremely challenging, even for people with advanced forensic expertise. For those who want to try, a list of Internet addresses, files, and other indicators of compromise is here.

Mystery iPhone function proves pivotal to Triangulation’s success

The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign. A zero-day in the feature allowed the attackers to bypass advanced hardware-based memory protections designed to safeguard device system integrity even after an attacker gained the ability to tamper with memory of the underlying kernel. On most other platforms, once attackers successfully exploit a kernel vulnerability they have full control of the compromised system.

On Apple devices equipped with these protections, such attackers are still unable to perform key post-exploitation techniques such as injecting malicious code into other processes, or modifying kernel code or sensitive kernel data. This powerful protection was bypassed by exploiting a vulnerability in the secret function. The protection, which has rarely been defeated in exploits found to date, is also present in Apple’s M1 and M2 CPUs.

Kaspersky researchers learned of the secret hardware function only after months of extensive reverse engineering of devices that had been infected with Triangulation. In the course, the researchers’ attention was drawn to what are known as hardware registers, which provide memory addresses for CPUs to interact with peripheral components such as USBs, memory controllers, and GPUs. MMIOs, short for Memory-mapped Input/Outputs, allow the CPU to write to the specific hardware register of a specific peripheral device.

The researchers found that several of MMIO addresses the attackers used to bypass the memory protections weren’t identified in any so-called device tree, a machine-readable description of a particular set of hardware that can be helpful to reverse engineers. Even after the researchers further scoured source codes, kernel images, and firmware, they were still unable to find any mention of the MMIO addresses.

4-year campaign backdoored iPhones using possibly the most advanced exploit ever Read More »