Sonos’ Move portable speaker gets a sequel

Yesterday marked four years since Sonos unveiled its long-awaited portable, Move. The $399 speaker got mostly good marks as the company’s first swipe at the category. There were, of course, some critiques for things like pricing, actual portability and battery. With today’s Move 2 news, Sonos is tackling some of those points, while delivering additional […]

Sony’s modular speaker system is a clever and portable take on the home theater

Here’s a dirty little secret: Consumer electronics can be boring sometimes. Hardware scaling is hard and people love the familiar, both things that have a tendency to disincentive adventurous product design. So it’s worth acknowledging when big companies try something a bit different.

From a purely design perspective, there’s a lot to love about the HT-AX7. Sony’s new modular wireless speaker system is clean but warm, symmetrical and generally pleasing to the eyes. The fabric-covered minimalism wouldn’t look out of place in most homes. The system also takes advantage of a handful of commonplace features to present an outside-the-box approach to Bluetooth audio.

Image Credits: Sony

Unless your place is decked out with Sonos speakers in every room, you likely understand the experience of dragging Bluetooth speakers around your home. HT-AX7 is effectively a trio of speakers. The oblong base serves as the front speaker, while the detachable circular pair up top are the left and right rear. Pair it with a tablet, and suddenly you’ve got an immersive surround sound experience.

Place the components around you, and the system goes to work, determining the optimal sound footprint based on positioning. These sorts of algorithms are generally a mixed bag, but Sony’s got a solid track record with this stuff.

“360 Spatial Sound Mapping, our unique 3D audio technology, synthesizes the wavefronts of sound from three speakers and generates multiple phantom speakers (virtual sound sources) to create a three-dimensional sound field that surrounds the viewer,” writes Sony. “You don’t have to do anything special, such as installing speakers on the ceiling, but you can enjoy 3D sound anywhere just by placing three speakers around you.”

Indeed, $499 isn’t cheap by any stretch, which means the product is likely to be something of a niche device. Surround sound is great and all, but that’s a significant premium over standard Bluetooth speakers. It’s more competitive with soundbar systems — take Sony’s own Sony HTA300, which you can currently pick up for the same price. For folks who prefer a little more freedom with their systems however, the HT-AX7 scratches an interesting itch.

The system starts shipping in a couple of weeks.

Sony’s modular speaker system is a clever and portable take on the home theater by Brian Heater originally published on TechCrunch

JBL’s new earbuds have a case with touchscreen, because we don’t have enough displays

Tired: JBL announced the Tour PRO 2 earbuds with active noise cancellation (ANC). Wired: The case has a touchscreen.

That’s right. In the off-chance you didn’t have enough screens in your life, the new earbuds’ case adds another 1.4-inch LED touch display. Users can flick through multiple screens like different watch faces that allow them to manage multimedia playback and shuffle through different noise cancellation modes.

Image Credits: JBL

Users can also receive notifications from social media apps, take a look at incoming messages and handle calls directly from the JBL Tour Pro 2 case’s screen. Sadly, there’s no keyboard on the screen, so you can’t really reply to any messages.

It’s hard to buy the argument that users can leave their phones in their pocket and use the case as a lot of people also just put them in their pockets. The idea sounds bizarre, but JBL might be trying to target users who don’t have a smartwatch. Notably, the JBL Tour Pro 2 case doesn’t have LTE connectivity. So unlike some smartwatch models that have telephony capabilities, the case doesn’t allow you to ditch your phone when you go out.

Apart from the bizarre screen, the earbuds aim to challenge the top-of-the-line ANC buds with 10mm dynamic drivers and support for Bluetooth 5.3. The company claims that these buds will have 10 hours of battery life, with the case providing 30 more hours on a single charge. What’s more, JBL’s new buds have six mics to handle calls — it’s not clear if this array is also used to handle noise cancellation.

The JBL Tour Pro 2 will be available next year at a price of €249 ($249.75). Unfortunately, the company didn’t share any detail about a potential U.S. launch. The company also announced its Tour ONE M2 headphones with 40mm dynamic drivers and up to 30 hours of battery life with ANC activated.

Image Credits: JBL

Honda key fob flaw lets hackers remotely unlock and start cars

The hackers demonstrating the radio replay attack using a vulnerable Honda keyfob. Honda said it could not determine if the attack was “credible.” Image Credits: Star-V Lab

Security researchers have revealed a vulnerability in Honda’s keyless entry system that could allow hackers to remotely unlock and start potentially “all Honda vehicles currently existing on the market.”

The “Rolling-Pwn” attack, uncovered by Star-V Lab security researchers Kevin2600 and Wesley Li, exploits a vulnerability in the way Honda’s keyless entry system transmits authentication codes between the car and the key fob. It works in a similar way to the recently discovered Bluetooth replay attack affecting some Tesla vehicles; using easily purchasable radio equipment, the researchers were able to eavesdrop and capture the codes, then broadcast them back to the car in order to gain access.

This allowed the researchers to remotely unlock and start the engines of cars affected by the vulnerability, which includes models from as far back as 2012 and as recent as 2022. But according to The Drive, which independently tested and verified the vulnerability on a Honda Accord 2021, the key fob flaw doesn’t allow an attacker to drive off with the vehicle.

As noted by the researchers, this kind of attack should be prevented by the vehicle’s rolling codes mechanism — a system introduced to prevent replay attacks by providing a new code for each authentication of a remote keyless entry. Vehicles have a counter that checks the chronology of the generated codes, increasing the count when it receives a new code.

Kevin2600 and Wesley Li found that the counter in Honda vehicles is resynchronized when the car vehicle gets lock and unlock commands in a consecutive sequence, causing the car to accept codes from previous sessions that should have been invalidated.

By sending the commands in a consecutive sequence to the Honda vehicles, it will be resynchronizing the counter,” the researchers write. “Once counter resynced, commands from the previous cycle of the counter worked again. Therefore, those commands can be used later to unlock the car at will.”

The researchers say they tested their attack on several Honda models, including the Honda Civic 2012, Honda Accord 2020, and Honda Fit 2022, but warn that the security vulnerability could affect “all Honda vehicles currently existing on the market” and may also affect other manufacturers’ cars.

The security researchers say they attempted to contact Honda about the vulnerability but found that the company “does not have a department to deal with security-related issues for their products.” As such, they reported the issue to Honda customer service but have not yet received a response.

TechCrunch also did not receive a response from Honda, but in a statement to The Drive, the company insisted that the technology in its key fobs “would not allow the vulnerability as represented in the report.”

“We’ve looked into past similar allegations and found them to lack substance,” a Honda spokesperson said. “While we don’t yet have enough information to determine if this report is credible, the key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report. In addition, the videos offered as evidence of the absence of rolling code do not include sufficient evidence to support the claims.”

As noted by the security researchers, if Honda was to acknowledge the flaw, fixing it would be difficult due to the fact that older vehicles don’t support over-the-air (OTA) updates. Worryingly, the researchers also warned there’s no way to guard against the hack and no way to determine if it happened to you.

JD Power: EVs and and plug-in hybrids have more problems than combustion engine cars

Battery-electric vehicles and plug-in hybrids have more problems than the average car, according to the annual J.D. Power U.S. Initial Quality Study (IQS) released Wednesday.

The 2022 survey found that EV owners cited 39% more problems with their new vehicles than did owners of new combustion-engine vehicles. Industry wide, problems per 100 vehicles rose 11% this year, for an average of 180 problems per 100 vehicles.

But EV and PHEV owners reported about 240 problems per 100 vehicles (PP100), compared with 175 PP 100 for gas-engine models. Tesla, making its J.D. Power survey debut, outpaced the electrified segment with 226 problems per 100 vehicles.

The reason behind this year’s plunge in vehicle quality is twofold, according to analysts.

Quality has declined industry wide, as the COVID-19 pandemic created supply chain issues, record-high vehicle prices, and personnel dislocations. The report marks a record high in vehicle problems since J.D. Power began tracking quality 36 years ago. And there are few signs of immediate improvement: Just nine of the 33 automotive brands surveyed improved in quality this year.

The 2022 J.D. Power U.S. Initial Quality Study is based on responses from 84,165 purchasers and lessees of new 2022 model-year vehicles between February and May 2022. They answered 223 questions organized into nine vehicle categories: infotainment, features, controls and displays; exterior, driving assistance, interior, powertrain, seats, driving experience and climate.

Still Buick, which took the top spot in overall initial quality this year, and others, managed to do better than EV brands. The additional problems reported by electric vehicle owners had more to do with infotainment and connectivity than driving performance, said David Amodeo, global director of automotive at J.D. Power.

“Infotainment issues do go up for PHEV and EVs,” Amodeo said. “A lot of OEMs are viewing EVs as the ‘vehicle’ that will transform us into the era of the smart cars, and all the extra content they are adding has a lot to do with this.”

Operating Android Auto, Apple CarPlay, touch screens, Bluetooth and Voice Recognition “continue to be problematic for owners,” he said.

The other reason for the quality gap is that EVs make heavier use of manufacturer-design apps that control certain functions of the car, from locking and unlocking the doors remotely to monitoring battery charge. First-time EV buyers especially may not yet be fluent in reading their vehicle’s range and connecting it to a charging station.

“The OEM app is used more in plug-ins and especially EVs,” Amodeo said, “and there is a lot of room for improvement.”

Clarification: JD Power updated one figure in its announcement from 173 to 175. TechCrunch has also updated this number to reflect the change.

In iOS 16, apps can trigger real-world actions hands-free

New functionality arriving in iOS 16 will enable apps to trigger real-world actions hands-free. That means users could do things like start playing music just by walking into a room or turning on an e-bike for a workout just by getting on it. Apple told developers today in a session hosted during the company’s Worldwide Developer Conference (WWDC) that these hands-free actions could also be triggered even if the iOS user isn’t actively using the app at the time.

The update, which leverages Apple’s Nearby Interaction framework, could lead to some interesting use cases where the iPhone becomes a way to interact with objects in the real world, if developers and accessory makers choose to adopt the technology.

During the session, Apple explained how apps today can connect to and exchange data with Bluetooth LE accessories even while running in the background. In iOS 16, however, apps will be able to start a Nearby Interaction session with a Bluetooth LE accessory that also supports Ultra Wideband in the background.

Related to this, Apple updated the specification for accessory manufacturers to support these new background sessions.

This paves the way for a future where the line between apps and the physical world blurs, but it remains to be seen if the third-party app and device makers choose to put the functionality to use.

The new feature is part of a broader update to Apple’s Nearby Interaction framework, which was the focus of the developer session.

Introduced at WWDC 2020 with iOS 14, this framework allows third-party app developers to tap into the U1 or Ultra Wideband (UWB) chip on iPhone 11 and later devices, Apple Watch, and other third-party accessories. It’s what today powers the Precision Finding capabilities offered by Apple’s AirTag which allows iPhone users to open the “Find My” app to be guided to their AirTag’s precise location using on-screen directional arrows alongside other guidance that lets you know how far away you are from the AirTag or if the AirTag might be located on a different floor.

With iOS 16, third-party developers will be able to build apps that do much of the same thing, thanks to a new capability that will allow them to integrate ARKit — Apple’s augmented reality developer toolkit — with the Nearby Interaction framework.

This will allow developers to tap into the device’s trajectory as computed from ARKit, so their devices can also smartly guide a user to a misplaced item or another object a user may want to interact with, depending on the app’s functionality. By leveraging ARKit, developers will gain more consistent distance and directional information than if they were using Nearby Interaction alone.

The functionality doesn’t have to be only used for AirTag-like accessories manufactured by third parties, however. Apple demoed another use case where a museum could use Ultra Wideband accessories to guide visitors through its exhibits, for example.

In addition, this feature can be used to overlay directional arrows or other AR objects on top of the camera’s view of the real world as it helps to guide users to the Ultra Wideband object or accessory. Continuing the demo, Apple briefly showed how red AR bubbles could appear on the app’s screen on top of the camera view to point the way to go.

Longer-term, this functionality lays the groundwork for Apple’s rumored mixed reality smartglasses, where presumably, AR-powered apps would be core to the experience.

The updated functionality is rolling out to beta testers of the iOS 16 software update which will reach the general public later this year.

Read more about WWDC 2022 on TechCrunch

Apple chooses Joy (Cons)

If you’re the particular kind of person who played “Pokémon Crystal” on your jailbroken iPhone 3 during your high school math class, then there’s even bigger news coming out of WWDC than the M2 MacBook. On iOS 16, Apple iPhones will support bluetooth pairing with Nintendo Switch Joy-Cons and Pro Controllers, giving you more control while playing mobile games.

 

According to Apple engineer Nat Brown, Joy-Cons can be paired as one controller using both the left and right sides, or a singular Joy-Con can be used as the controller. Some users have reported bugs when switching between combined and single controls, but some issues are to be expected in the brand new iOS 16 developer beta. Ideally, users are supposed to be able to split and re-combine individual Joy-Cons by holding the iPhone’s screenshot and home buttons for a few seconds.

Former GBA4iOS creator Riley Testut, who spotted the Joy-Con compatibility, is now developing Delta, another iOS game emulator. While the emulator isn’t on the App Store, you don’t have to jailbreak your phone to download it, unlike the old days. But if you’re looking to play games like the original “Super Smash Brothers” on your iPhone, remember that it’s illegal to download copyrighted ROMs online. Personally, at the very least, connecting a Switch controller to my iPhone is going to revolutionize my iOS Tetris gameplay.

 

New Bluetooth attack can remotely unlock Tesla vehicles and smart locks

Security researchers have demonstrated a new Bluetooth relay attack that can remotely unlock and operate some Tesla vehicles.

The vulnerability lies in Bluetooth Low Energy (BLE), the technology used by Tesla’s entry system that allows drivers with the app or key fob to unlock and operate their car from nearby. Most devices and vehicles that rely on this kind of proximity-based authentication are designed to protect against a range of relay attacks, which typically work by capturing the radio signal used for unlocking a vehicle, for example, and replaying it again as if it were an authentic request, by using encryption and introducing checks that can make relay attacks more difficult.

But researchers at U.K-based NCC Group say they have developed a tool for conducting a new type of BLE link-layer relay attack that bypasses existing mitigations, theoretically enabling attackers to remotely unlock and operate vehicles.

Sultan Qasim Khan, a senior security consultant at NCC Group, said in a blog post that it tested the attack against a 2020 Tesla Model 3 using an iPhone 13 mini running a recent but older version of the Tesla app. The iPhone was placed 25 meters away from the vehicle, according to the researchers, with two relaying devices between the iPhone and the car. Using the tool, the researchers were able to unlock the vehicle remotely. The experiment was also replicated successfully on a Tesla Model Y from 2021, which also uses “phone-as-a-key” technology.

While the attack was demonstrated against Tesla vehicles, Khan notes that any vehicle that uses BLE for its keyless entry system could be vulnerable to this attack. In a separate advisory, NCC Group warns that the attack could also be used against the Kwikset and Weiser Kevo line of smart locks, which support BLE passive entry through their “touch-to-open” functionality.

“Our research shows that systems that people rely on to guard their cars, homes, and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware,” said Khan.

The researchers disclosed their findings to Tesla and the Bluetooth Special Interest Group (SIG), an industry group that oversees the development of the Bluetooth standard, which acknowledged the issue but said that relay attacks were a known problem with Bluetooth. Tesla officials also said that relay attacks were a known limitation of the passive entry system. Tesla did not respond to TechCrunch’s request for comment. (Tesla scrapped its public relations team in 2020.)

“NCC Group recommends that the SIG proactively advise its members developing proximity authentication systems about the risks of BLE relay attacks,” Khan added. “Moreover, documentation should make clear that relay attacks are practical and must be included in threat models, and that neither link-layer encryption nor expectations of normal response timing are defenses against relay attacks.”

The researchers encourage Tesla owners to use the PIN to Drive feature, which requires a four-digit pin to be entered before the vehicle can be driven, and to disable the passive entry system in the mobile app.

Tesla is no stranger to security flaws. Earlier this year, a 19-year-old security researcher said he was able to remotely access dozens of Teslas around the world because security bugs found in an open source logging tool popular with Tesla owners exposed their cars directly to the internet.

Fire TV Cube becomes first-ever U.S. streaming media player to support audio streaming for hearing aids

Today, Amazon Fire TV announced the launch of Audio Streaming for Hearing Aids (ASHA) on Fire TV Cube (2nd gen) for compatible Bluetooth hearing aids from Starkey. This will be the first-ever streaming media player in the U.S. to support ASHA.

The National Institute on Deafness and Other Communication Disorders reports that 15% (37.5 million) of Americans over the age of 18 reports some hearing loss, and nearly 29 million American adults could benefit from using hearing aids. According to the World Health Organization, 1.5 billion people in the world experience hearing loss, and the number continues to rise.

According to Amazon, improving TV sound quality was one of the most requested features among hearing aid users.

Customers can connect compatible hearing aids directly to Fire TV Cube for private listening. This gives them the ability to enjoy audio from streaming services, apps, games, and even Alexa. ASHA on Fire TV Cube works by using data that encodes the sound straight to the hearing aid’s tiny antenna in digital form.

Compatible hearing aid models in the U.S. include Starkey, which manufactures the Audibel, NuEar, MicroTech and Audigy brands.

To pair the hearing aids, visit Fire TV Settings, Accessibility, then select Hearing Aids, and follow the instructions to connect them. The steps are somewhat similar to connecting Bluetooth headphones. Customers use the Fire TV remote to control volume and can disconnect by holding the ‘Home’ button and selecting ‘Disconnect Hearing Aids.’

One drawback is that customers need to sit within 10 feet and in line of sight to their Fire TV Cube in order to get the best connection. Amazon also recommends that customers connect over a 5Ghz wifi network, however, those with 2.4GHz wifi can use the feature “with range that varies depending on spectrum congestion.”

Achin Bhowmik, Chief Technology Officer and Executive Vice President of Engineering at Starkey, said,

“At Starkey, we are transforming hearing aids into multifunctional devices, enabling our patients to connect and communicate with the world via our technology. Through this strategic collaboration with Amazon, we are paving the way for cutting-edge products to connect with and stream audio to our state-of-the-art hearing devices.”

Later this year, Amazon will expand ASHA support to more devices.

Peter Korn, Amazon’s director of accessibility for devices told CNET that the additional devices include the Fire TV Stick and the Fire TV streaming device. The company is also apparently exploring connecting cochlear implants to Amazon Fire TV.

Image Credits: Amazon Fire TV

Although top competitor Roku has many accessibility features, such as a text-to-speech screen reader, closed captioning, and voice search, there are no signs on the site of the company supporting compatible hearing aids. Apple TV gives users the ability to adjust hearing controls and turn on closed captioning, however, nothing similar to Amazon’s Audio Streaming for Hearing Aids. Another rival, Google, has more or less the same accessibility features as Roku and Apple.

The Audio Streaming for Hearing Aids on Fire TV Cube is a step in the right direction for more accessibility across entertainment devices.