SMIC Allegedly Supplies Chipmaking Tools to Iran's Military, U.S. Officials Warn 
Microsoft Eyes $7B Texas Energy Deal to Power AI Data Centers 
Elliott Investment Management Takes Multibillion-Dollar Stake in Synopsys 
NASA Artemis II: First Crewed Moon Mission Since Apollo Takes Four Astronauts on 10-Day Lunar Journey 
Reflection AI Eyes $25 Billion Valuation in Massive $2.5 Billion Funding Round 
Golden Dome Missile Defense: Anduril and Palantir Join Forces on Trump's $185B Space Shield 
AWS Bahrain Region Disrupted by Drone Activity Amid Middle East Conflict 
Elon Musk Announces Terafab: SpaceX and Tesla to Build Dual AI Chip Factories in Austin, Texas 
Google's TurboQuant Algorithm Sends Memory Chip Stocks Tumbling 
TSMC Japan's Second Fab to Produce 3nm Chips by 2028 
Federal Judge Blocks Pentagon's Blacklisting of AI Company Anthropic 
Nanya Technology Shares Surge 10% After $2.5 Billion Private Placement from Sandisk and Cisco 
California's AI Executive Order Pushes Responsible Tech Use in State Contracts 
Palantir's Maven AI Earns Pentagon "Program of Record" Status, Reshaping Military AI Strategy 
Apple Turns 50: From Garage Startup to AI Crossroads 
NVIDIA's Feynman AI Chip May Face Redesign Amid TSMC Capacity Crunch 
SpaceX Eyes Historic IPO at $1.75 Trillion Valuation 
Tapplock is rolling out much-needed updates after it was learned that the padlock that uses fingerprint authentication can be hacked.
Security researchers at Pen Test Partners revealed on Wednesday that the Tapplock software can be hacked, thus allowing unauthorized people to open it to steal whatever valuable things it is supposed to be keeping safe.
Andrew Tierney of Pen Test Partners said in a blog post that the accompanying Tapplock app transmits data through an HTTP server, which simply means no encryption is applied. During the researchers’ test, they observed that each time the lock establishes a connection to the app through Bluetooth Low Energy (BLE), it sends “a string of ‘random’-looking data” necessary for the lock to respond to the app’s commands.
However, the researchers found that these strings of data do not change even at different times that the lock is accessed through the app. “A couple of lines of commands in gatttool and it was apparent that the lock was vulnerable to trivial replay attacks,” the researcher said.
It was also found that the lock and its app do not use factory reset options, meaning all data used can be recovered even when a user unlinks the lock from the app. Additionally, Pen Test Partners revealed that app lets the lock be used by someone else.
“I shared the lock with another user, and sniffed the BLE data. It was identical to the normal unlocking data. Even if you revoke permissions, you have already given the other user all the information they need to authenticate with the lock, in perpetuity,” Tierney wrote.
Shortly after Pen Test Partners’ discovery, Tapplock said it will be rolling out the necessary firmware update to address the serious flaw, according to CNET. The said patch will be automatically installed on the padlock once it is available.
The digital security issue was found just weeks after the widely followed YouTube channel JerryRigEverything demonstrated how easy it was to physically open a Tapplock by only using a suction cup and a GoPro mount. Tapplock responded to this by saying the YouTuber’s Tapplock units were just defective.
