WiseTech Global Denies Knowledge of Investigation Into Founder Richard White 
World Cup technology: from ref cams to AI analysts, cutting-edge research is changing the game 
US Raises Concerns Over Possible ASML EUV Machine Transfer to China 
Meta Seeks Legal Shield From Child-Harm Lawsuits Amid KOSA Talks 
Tencent Reviews Marvelous Stake as Gaming Giant Reassesses Global Investment Strategy 
US-Iran De-Escalation Shifts Washington’s Focus to AI Regulation and Crypto Legislation 
SK Hynix Moves Closer to New York ADR Listing Amid AI Chip Boom 
Trump’s Quantum Push Lifts IBM Stock as CEO Arvind Krishna Receives White House Praise 
Cerebras Revenue Forecast Tops Expectations, but Margin Concerns Weigh on Stock 
How AI prompting turned writerly description into an everyday skill 
Baseten Secures $1.5 Billion Funding at $13 Billion Valuation Amid AI Infrastructure Boom 
Chinese Social Media Giant Xiaohongshu Eyes Hong Kong IPO at Over $70 Billion Valuation 
Alphabet Stock Slides as AI Talent Exodus and SpaceX Losses Shake Investor Confidence 
Qualcomm Nears $4 Billion Acquisition of AI Chip Startup Modular 
Apple Signals Product Price Hikes Amid Rising Memory Chip Costs 
Samsung Electronics Stock Surges on Report of Massive $59 Billion Share Buyback Plan 
Tapplock is rolling out much-needed updates after it was learned that the padlock that uses fingerprint authentication can be hacked.
Security researchers at Pen Test Partners revealed on Wednesday that the Tapplock software can be hacked, thus allowing unauthorized people to open it to steal whatever valuable things it is supposed to be keeping safe.
Andrew Tierney of Pen Test Partners said in a blog post that the accompanying Tapplock app transmits data through an HTTP server, which simply means no encryption is applied. During the researchers’ test, they observed that each time the lock establishes a connection to the app through Bluetooth Low Energy (BLE), it sends “a string of ‘random’-looking data” necessary for the lock to respond to the app’s commands.
However, the researchers found that these strings of data do not change even at different times that the lock is accessed through the app. “A couple of lines of commands in gatttool and it was apparent that the lock was vulnerable to trivial replay attacks,” the researcher said.
It was also found that the lock and its app do not use factory reset options, meaning all data used can be recovered even when a user unlinks the lock from the app. Additionally, Pen Test Partners revealed that app lets the lock be used by someone else.
“I shared the lock with another user, and sniffed the BLE data. It was identical to the normal unlocking data. Even if you revoke permissions, you have already given the other user all the information they need to authenticate with the lock, in perpetuity,” Tierney wrote.
Shortly after Pen Test Partners’ discovery, Tapplock said it will be rolling out the necessary firmware update to address the serious flaw, according to CNET. The said patch will be automatically installed on the padlock once it is available.
The digital security issue was found just weeks after the widely followed YouTube channel JerryRigEverything demonstrated how easy it was to physically open a Tapplock by only using a suction cup and a GoPro mount. Tapplock responded to this by saying the YouTuber’s Tapplock units were just defective.
