 Coming up on DTNS, how to clone someone's security key. Roku buys some quibi and will Hyundai make the Apple cars? This is the Daily Tech News for Friday, January 8th, 2021 in Los Angeles. I'm Tom Merritt. And from Studio Redwood. I'm Sarah Lane from Studio Colorado. I'm Shannon Morse drawing the top tech stories from Cleveland. I'm Len Peralta. And I'm the show's producer, Roger Chen. We were just talking about a CES product that makes you ice cream in 90 seconds, whenever you want it and why Roger never cries. If you want that wider conversation, join our expanded show, Good Day Internet at patreon.com slash DTNS. Let's start with a few tech things you should know. Amazon has discontinued its Prime Pantry grocery and household item service. Products previously available in Pantry will now be available like any other product on Amazon. So it's not going away altogether, but the service itself. Prime Pantry launched in 2014, offering reduced shipping on up to 45 pounds of household goods for a monthly fee. Amazon node, hired Prime Pantry subscribers about the closure in December and then issued refunds. The UK's Competition and Markets Authority launched an investigation into Google's privacy sandbox that would block third party cookies in Chrome. The regulator received complaints from the marketers for an open web coalition, saying the plan would abuse Google's dominant position in online advertising. So the investigation is going to evaluate if the privacy sandbox changes would concentrate advertising spending market share with Google. Samsung launched the Galaxy Chromebook 2, a cheaper version of the Galaxy Chromebook it launched last year. So instead of 4K, it has a 1080p LCD screen with less storage, fewer cameras, less RAM. It's also heavier and thicker overall. But it also now starts at $549 instead of $1,000. It has a 13.3 inch 1920 by 1080 16 by 9 LCD touchscreen with the dual core Intel Celeron 525U upgradeable to an Intel Core i3 10, 10, 11, 10, 1, 1, 0 U. 8 gigs of RAM and 125 gigs of storage for $699. A shortage of semiconductors is affecting automakers. Volkswagen said last month that needed to adjust first quarter manufacturing plans around the globe because of the shortage. Now Honda says it will cut domestic output by about 4,000 cars this month at one of its factories in Japan. Nissan is adjusting production numbers for its note hatchback model. And Ford has moved up previously planned downtime at a Kentucky plant for its sport utility vehicle factory due to a shortage in chips. All right, while we're talking about cars, let's talk about the Apple car. Yeah, a lot of rumors as of late. Well, really over the last few years. But but but the rumors had resurfaced recently. And Hyundai is now talking to Apple about cars. So says the company. A Hyundai representative told CNBC, quote, we understand that Apple is in discussion with a variety of global automakers, including Hyundai motor. As the discussion is at its early stage, nothing has been decided. Korean Economic Daily said that Apple suggested the arrangement. And Hyundai was reviewing the terms that involved EV production and also battery development. Hyundai has had its own battery EV platform called EGMP going into production later this year. So Apple might be saying, you might know what you're doing. Reuters sources say that Apple would like to produce a passenger vehicle by 2024. However, it might not be the actual date. Bloomberg's Mark Gurman reports an autonomous EV from Apple is five to seven years away. And Ming-Chi Kuo recently said he wouldn't be surprised if it takes until 2028. Yes, what's probably going on here is Apple. And I think this the significant part has decided to start investigating how they would build whatever it is they're going to build, whether it's a whole car or an integrated platform. And they're going to different manufacturers and parts suppliers and folks like Magna, including Hyundai, and saying, what do you got? How can you help us with this? And Hyundai is a great company for this because they make parts, they make systems, they make full cars. There's all kinds of services in the Hyundai company that could play a part with Apple. So it may not be that Apple knows what they want from Hyundai. It may just be that they're going and saying, hey, let's talk. You do a lot of the kinds of things that we think we're going to need. I'm pretty excited about this. I just got my first Hyundai ever this year. And my first perception of this story was, wait, but Hyundai currently uses Android Auto in a lot of their cars. So I would love to see how Apple would integrate Hyundai's current technologies into something that is very useful for the Apple ecosystem. Not just looking at EV itself, but also the systems inside of it, the controls and how they would manage that for a driver and a passenger in the car. Yeah. I mean, I think that's one of the big questions that I have is, okay, let's just say, let's say it's Hyundai that, that Apple ends up working with. Clearly not set in stone, at least from what we know at this point. But let's just say it's that company. Just for kicks. Let's imagine that that's one. Yeah. Is it, is it an Apple car that Hyundai produces a lot of parts for? The way that Apple works with lots of other companies to produce other hardware for Apple? I mean, that, that's the loftiest kind of goal that we're looking at, and maybe that would take till 2028 at, you know, if, if, if Apple was lucky. I think it probably has more to do with, like you said, Shannon, not that, you know, Android auto wouldn't still be prevalent in a lot of passenger vehicles, but maybe it's some sort of, it's a special relationship. It's a, it's a special kind of OS inside a car that is supposed to, you know, I don't know, move some merch because what Apple is providing on the software side is, is, is that much more interesting? I really don't know. If you look at that Bloomberg article, Mark Gurman's sources are saying that all those Tesla people that Apple has hired are working on things like interior, exterior, drive train, uh, you know, stereo, assist, the kinds of things you need when you're building a car, not just providing a software platform. So then the question becomes, is it the Apple car period? Maybe Hyundai makes it, maybe somebody else makes it. And, you know, they'll figure out how to distribute it. Or is it the Apple car by Hyundai? And you go to a Hyundai dealership to buy it the way you went to an AT&T store to buy an Apple iPhone, but it's really Apple's car in cooperation with Hyundai. Are there multiple partners? I mean, that, that's all the kind of stuff we're waiting to see, but it really does feel like we have gotten to the point where this is no longer just, yeah, they're working on project Titan. They don't know what they're going to do too. They have an idea. It's more than just software and they're working out the details. Maybe they don't even know that yet. Yeah. Well, I'm interested to see what happens, but we also have some other news. Yay. Security among the systems impacted by the solar winds attack is the electronic filing system used by the US federal courts and investigation is underway to determine if confidentiality of documents filed with the courts was breached. And as a result, starting Wednesday, confidential documents filed with the courts will be stored on standalone systems, not uploaded. Big difference. So these are documents sealed from public access because they contain sensitive information like investigative techniques, identities of informants, and a lot more. Other US federal agencies affected included the justice department, the state treasury and energy departments as well. So solar winds has engaged the Krebs Stamos security consulting group to help deal with this attack. That firm was formed by Alex Stamos, the former chief security officer at Yahoo and Facebook, and Chris Krebs, the former director of the US cybersecurity and infrastructure security agency or CISA. So Krebs was fired last month by the president after finding no evidence of tampering with voting systems in the 2020 election. Yeah, Krebs Stamos, first of all, brilliant for those two to team up and smart for solar winds to engage them for what they say is helping with transparency with companies that are affected. But this, we are not done finding out how bad this is. There are reports that there may have been other ways that this, whoever is behind this, intruded beyond just solar winds. They're finding evidence of that. They have not been able to root out the people that got in through this vulnerability from all systems yet. They're still in there in a lot of cases. And this kind of confidential information is exactly the kind of thing you fear that someone would get by intruding into a government system, informants, investigative techniques that you can now learn from to evade being prosecuted or caught yourself. That's crown jewel type stuff. It's very interesting. In fact, Krebs spoke on record saying that it could potentially take years to figure out how deep the solar winds attack actually went and how many different kinds of infrastructure, you know, brands and everything that it might have affected. So this is not something that's going to die anytime soon. I'm glad that they are reaching out to Krebs and Stamos though, because that, yeah, I agree with you, Tom. It's an excellent, excellent team. Roku made a few interesting announcements. Roku says NPD data shows that the Roku SOS was the top selling smart TV operating system in the U.S. in Canada in 2020, 31% market share in Canada, 38% in the United States. That pushes Samsung's Tizen to number two at least. We don't actually know, but Samsung's Tizen was number one in 2019. Roku also announced a wireless soundbar reference design that uses Wi-Fi for its Roku TV ready program. Remember last year, Roku announced the program, which had a design for wired soundbars, uh, the program includes TCL, Poken Denon, and Element has just announced it'll join as well with 2.0 and 2.1 ready soundbars. Roku TV ready is going to expand internationally later this year as well. But here's the big Roku news. Roku has agreed to acquire exclusive global distribution rights to more than 75 Quibi shows and documentaries, some of which had not been released before Quibi shut down. So there'll be some new stuff that nobody's ever seen after their exclusivity deal expires. That'll happen in a bit more than a year, depending on the show. Roku will still have the rights to show the content just not exclusively until 2027. The content will have to be presented in original increments of 10 minutes or less. The deal doesn't let them stitch it all together. The content will be added to the more than 40,000 movies and TV shows already available in the Roku channel. Shows include from Quibi anyway, Punked, Murder House Flip, and Dummy, which stars Anna Kendrick. Oh, I never watched the new Punked. Uh, I heard it had its moments. The whole Quibi thing, it's really interesting to me because it was sort of like it crashed and burned so quickly. And there's a lot of shot and freighter around, you know, folks in the industry about it. And I think that's not because Quibi was doing things wrong. It was because the company had raised so much money ahead of time because, you know, they had Meg Whitman and Jeffrey Katzenberg, uh, who were, you know, heavy hitters. And there was a little bit of like, you are being too ambitious and therefore you shall fail. The company did fail. Uh, and the idea that some creators will have a new life on another platform, you know, shows that just nobody even saw, but people still worked on and maybe are really good. I think this, this makes a lot of sense. And, you know, good, good for Roku to get exclusivity for at least a few years. So does Roku have to wait at all in order to start showing this content or can it happen immediately? I, I don't know when the start date, whenever the deal is, you know, goes into effect, then they'll immediately be able to show it. So, you know, within a month or so, uh, it would be my guess anyway, but no, they, they don't have, once the deal is actually in effect, they don't have to wait. What's going on here is that the Quibi production companies own the rights to their own stuff, but they have a two year exclusive for each one of their shows with Quibi and those two year exclusives are now being transferred to Roku. So Roku will be able to have the exclusive for the remainder of whatever the period was with Quibi. That's why it's a year or more. Uh, and then once the two year exclusivity goes away, then they still have the right to show it until 2027, but the production companies that made it can now start shopping it around two other places as well. Uh, so the, the production companies do hold the content. And remember, this is just the content. Quibi is still in a lawsuit over its turnstile technology, which is holding it up from selling its technology. And I would expect once it resolves that lawsuit, should it resolve it in a way that they still hold their technology, they'll sell that too. So this isn't the last you're going to hear of Quibi selling off a part of it, I would imagine. Gotcha. Yeah. That whole, the whole technology part of Quibi was again, Quibi was an ambitious thing that was released at a very inopportune time, uh, in 2020 when, you know, everyone was like, we're just sitting at home. Like, we don't need this like, uh, mobile phone technology. It's like cool that you can shift it around, but you can't even cast it to anything. I mean, the company did fix that, you know, great when they're out and about. Oh wait, no one's allowed out and about. It was just, I mean, it's just, it just, the timing can be worse, but that technology, when you think of it in a variety of other form factors, such as monitors that swivel, talked about some of those yesterday. I don't know that, you know, Quibi or TikTok or Snapchat or, you know, all of the stuff where we're like, oh yeah, that's the, that's the portrait view rather than landscape view that works for certain apps is, is, is all that this is for, I think there's more to it. Um, so yeah, we'll see what happens. Yeah. And there's patents and things that are always valuable because you can use those to extract some concessions and money and stuff. So yeah, expect that all to come. Join in the conversation in our Discord, which you can join by linking to a Patreon account. Get in there and talk about your favorite Quibi shows with all the other Discord folks. Just link it to your Patreon account at patreon.com slash D T N S. All right, Shannon, how do you clone a security key? Well, first I will say, please do not stop using your security keys because of this story. I will explain it a bit. Researchers from Ninja Lab published a paper on Thursday showing how you could clone a Google Titan security key. This is a two factor authentication key, which is very similar to a Yubi key that you have to plug in or tap in order to access an account after putting in your username or your password credentials or both. So in order to pull off the clone, you would need physical access to the key for about 10 hours, sometimes a minimum of 10 hours. Just kind of depends on how good you are at this. About $12,000 worth of equipment, physical equipment and custom software and some advanced skills in electrical engineering and cryptography as well. So you have to remove the chip and then take measurements of it at being registered on each account that you want to attack. The measurements observe electromagnetic radiation as the chip generates digital signatures that let the attacker slowly deduce the private key. So measurements take about six hours per account. That's not including taking apart the original Titan security key, putting it back together. Then you need to seal the chip back into its case. You also need the target's password in order for this to work. So the reason it works is because of a vulnerability in the security hardware chip residing within the Google Titan key. And that is called an A700X by this company called NXP. If it's exploited, an attacker could grab the elliptic curve cryptographic private key for the account. And this same chip is actually found in other two-factor authentication physical tokens as well, like there's a Yubi key that it's found in, but chances of attack are very, very minimal given the scope of the attack. So if you do all of this without the target ever noticing, then they would never know you had duplicated the key. But again, given the scope, given how much it costs and everything behind the scenes, probably wouldn't happen to a normal user. Yeah. The point of these security keys being the best way to use for two-factor is that you can't even get at your private key, right? You, nobody is supposed to be able to get in there. Like the chip just doesn't make it available. So the fact that they were able to get in there and get it is huge, right? Yes. Practicality or no. The fact that they were able to do this is significant, but I mean, if you're not a target of an advanced persistent threat, you don't need to worry about this. No one's going to go to the trouble to do this. And even if you're a target, I would guess, Shannon, that most of them probably would be able to notice if someone took their key for 10 hours or more. You, you likely, likely would, especially since a lot of people with hardware tokens like the Google Titan will stick them on a, on their key chain, for example, like with their house keys or whatever, wherever they keep all those personal physical devices that they don't want lost or stolen. They keep them all on the key chain. So if somebody was to take one of these out of your purse, out of your gym locker, wherever it might be and remove it for like 10 hours straight minimum, you would likely know that this would have happened. The neat thing about these chips inside of these Google Titan security keys and any other cryptographic hardware tokens like these is that even the manufacturer doesn't know the private key. So the fact that they were able to find a vulnerability on these specific chip sets is really interesting. And I think that's the important bit of that is, is even though the Google Titan is like the end all be all of really excellent two factor authentication, there's always the potential that vulnerabilities can be found. So I'm happy that this research came out. It's so fascinating and it's so interesting. And this means that NXP and other security chipset manufacturers that sell these teeny tiny chips to Google, Ubico or whoever the company might be, they can build on this. They can research and figure out what the next version of their chipset needs to entail in order to not be vulnerable to this again in the future. Yeah, I mean, this is really a good security story, right? It says we finally figured out, because there's always a way, right? We finally figured out the way you could get the private key out of a security key. And guess what? It's really hard, takes a long time. And now that we know it, we can make it even harder and hopefully, you know, push that barrier out even farther. And even if somebody did have time to do this and you didn't notice, I was reading the paper because I'm a huge nerd. And they go as far as using fuming nitric acid in order to get, like, melt the epoxy off of the original Google Titan. How are you going to put that back together in order for somebody to not notice? Like, there's a lot of intricacies with this attack in order for it to actually be pulled off. So chances are very, very slim that somebody would be able to pull off. So again, as I said at the very beginning, don't stop using your Google Titan security key if you have one. Keep using it because chances are you would never be attacked with this. Just, just know if you haven't seen it in 10 hours. Looks glued together strangely. This is going to be in a movie, though. I'm calling that shot right now. We're going to, we're going to see this in a movie where like somebody goes into surgery and they take his key and they go out and they do all this and they slip it back in. Because 10 hours later, he wakes up from anesthesia. I just hope they talk to the researchers so they actually show it off, right? Yeah, yeah, me too. Sony made some TV and audio announcements, starting with details for its OLED TV lineup sticking with OLED, Bravia XR4K and 8K TVs will support 4K at 120 Hertz variable refresh rate VRR, as well as A-L-L-M auto low latency mode and E-ARC. These are all things that are important if you got a PS5. Now you got a Sony TV that can go with it. Sony also has an improved A-I chip that's going to improve the picture and can do some sound positioning so it aligns with what you see on the screen. Sony's Master Series TVs will come with a sensor that adjusts white balance to match your ambient color temp. You don't have to do anything. It'll just do it. Also an aluminum heat shield that'll make for brighter OLED. All the sets will support HDMI 2.1, another big one for PS5, Dolby Vision HDR and Google TV. Sony also announced its 360 reality audio platform. If you're not familiar, 360-degree audio places instruments and vocals in a virtual sound field around your head but using just the one speaker. So you can do this in an Amazon Echo or a Google Home. Sony will start streaming video with 360 audio later this year, starting with a concert from Zara Larson on January 11th and Sony's going to make its own speakers that support this. It'll be supported by other speakers as well. But Sony's going to put out the RA5000 and RA3000. They've got that dark cloth surface that all these speakers seem to have these days with either bronze or silver accents. Work with Google and Amazon assistance and can connect to select Sony Abravia TVs as well as supporting Wi-Fi, Bluetooth, Spotify Connect and Google Cast. The speakers do automatic calibration to the room they're in. Don't have to press a button for that either and will simulate 360-degree audio for stereo tracks as well. The RA5000's going to cost 500 pounds or 599 euros, no US price yet. And the 3000 will be 280 pounds, 359 euros. This seems this seems like it's shaping up to be one of the CES subtrends is this this sort of 360-degree audio while you're listening to your Blackpink. Yeah, and it's just one speaker or potentially a couple of speakers. Yeah, in a speaker you have even maybe. Yeah, yeah, some of the echoes already supported. Yeah, there's less of kind of like, oh, what do I have to do? Like 5.1 surround or at least do get a couple speakers and make them a stereo pair type thing. You know, I really haven't heard this and, you know, I don't know, I used to hang out at Magnolia at Best Buy all the time and just like geek out on stuff like this. Of course, this technology wasn't around at the time. But sometimes I'd be like, come on, come on, you know, let's let's turn on some stuff and see how we know what the speakers do. If it works well, then that's awesome. I mean, my first my first reaction because I got rid of my kind of fancy speakers some years ago because a friend of mine needed them more than I did and I didn't have room in my apartment. But I miss that. I'm also in an apartment now that's smaller and kind of has a lot of weird angles. And I find audio bounces off walls in ways that it wouldn't if it was more of a square box room. So I'm not sure that I'm the perfect target market for this. You're the test case. You're the one that puts this through its paces and sees if it really works. If it could actually work as advertised, you know, again, with some funny angles and a big old A-frame, then I'm I'm really into this. And I've always been, I don't have a Sony TV currently. Sorry, Sony. But I was a broad, broad via person for years and years. I think what the new broad via line is coming out with looks really nice. And I mean, not totally in the market for a new TV, but I like the fact that I might get a new Sony again. Yeah, paired up with a Sony speaker. You got 360 audio. Yeah, I already got all this sonos stuff. It's going to be a mess anyway. You slice it, but but I like that I like this 360 reality audio platform. Shannon, what what do you have set up in your house? I was straight up going to mention sonos because if if it doesn't have the connectivity to be able to work with all of my other platforms that I currently have invested in, then chances are I wouldn't buy it. So I do have sonos in my house and I do have some issues connecting those with other speakers in the household, too. Like like my Google hub, for example. So the fact that this works with Google and Amazon Assistant, these speakers, specifically, the audio speakers, I think that's pretty cool. I like that they are bringing that in. And I am interested because I do live in a household that has very high ceilings. How this would work in that kind of environment. So yeah, I'm very interested in the audio aspect. Well, you might also be interested in what Kohler has coming out. Oh, yes. The folks who make things like toilets and bathtubs and sinks and lots of appliances. However, been a real CES mainstay for the last few years for some cool innovations. And this year is no different, even though we're not in Vegas. Kohler has a new smart bathtub called the stillness bath that lets you use an app or use your voice using Google or Amazon's assistance to fill up the water or perhaps set the mood by changing the color of the lights around the tub or even add some fog, you know, you want to kind of pretend like you're in the fog, then you preset routines can also turn on features in a certain order. So if you want to get kind of creative, that's cool. You have a certain amount of limitations with the base model and the base model is not cheap. So temperature and depth control models alone will cost around eight thousand six hundred ninety eight dollars. That's right. It's almost a nine thousand dollar bathtub. If you want the experience tower that lets you activate fog and aromatherapy, that will run you just over ten thousand dollars. Both models are available in July. There are real things. And if you want the version with lights and floor grates for overflow, fifteen thousand nine hundred ninety eight dollars available this October. Sign me off. I won't be buying this. Nope. Not even a little bit. But we could have taken a bath at CES and the new in the demo bathtub. But in the in the pre-show, Roger was like, why would you want fog? It's like, I don't know. It's just cool. Why does anyone want anything? On beyonds. Yeah, right. This is going in the luxury suites in hotels, for sure, as well as which people's houses. Sure. Yeah. Something. Well, it's yeah, it's that like, hey, look at what my bath can do. And people go, wow, very fancy. And then, you know, 10 years from now, we'll be like, remember when we thought it was fancy to talk to your bathtub so that it would, you know, start filling up without you touching it. But yeah, it's it's somewhat silly because of the price. But I'm not really much of a bath person, but they do look very nice. All right, let's check out the mailbag. Let's do it. Nick wrote in with a pronunciation ramps. Oh, Nick, you are not alone. He says, Asus is wrong. It is an initialism because it's ROG like FBI or CIA. But people say it wrong. Yet they're lower end gaming brand tough, not initialism. It's an acronym like SCUBA or POTUS. T U F but pronounced tough. It's like aces can't make up their name. Mind. Then there's Strix, which is ROG sub brand. Strix is a word. It's a completely nonsensical made up word. But it's a word and you pronounce it as such. Nick says, honestly, as somebody that buys a lot of aces hardware because I rarely had a bad experience with them over the past 20 years, I am baffled by some of the branding decisions. The one that bugs me the most is the Strix sub brand. Sometimes aces makes the Strix products, the high end product in the product stack. Yet other times it's a mid range product. Would it be too much to ask for consistency in product branding in 2021? Yes. We feel your pain, Nick. I love that Nick was just like I just need to vent with you guys. Let me let me let me get this off my chest. We appreciate that. Yeah. I mean, I I'm with you, Nick. Every day is a fresh new hell when it comes to reading out some some model numbers. But you know what it is not is shouting out our patrons at our master and grandmaster levels today. They include Chris Smith, Martin James and Degrassia A. Daniels. And of course, Len Peralta is back and illustrating the show. What have you drawn for us today, Len? Well, you know, I'm really excited to say that we've have the first image of the Apple I car. The I car, which I'm that's what I'm calling it. I'm sure they're going to take my advice coming around 2027 ish or so maybe, you know, you may if you're a fan of Richard Scarry's busy world, you may be a very familiar with the look of this of the Apple I car. I think it'll be big hit with with fans of people who have kids. So check it out. It's this is called meet I car. And this is available right now on my Patreon, which, by the way, has two new levels. If let's me be your let me be your teacher, your mentor with your artwork, I can give you some help that way at patreon.com forward slash Len. Plus, I also just launched a new product called Flip Face Max, which is over at Len Peralta store dot com. And I I want to show you what that looks like. I did something special for for our friend Shannon for snubs. This is a this is what the flip face flip face Max looks like. This is it's a little bit higher, higher end than the normal flip faces you're used to. But those are on the front page of my store at Len Peralta store dot com. But this is for you, Shannon. Oh my gosh, Len. If people want to see that because most people are just listening to this, what should they do? Go to. Well, right now it's going to be on Twitter. It'll also be on Instagram later. But just go to Len Peralta store dot com. You'll see all the ones I've done over the past couple of weeks and including including Shannon's. It's so cute. It's really lovely. I mean, it's yeah, that's adorable. Speaking of Shannon Morse for show of twenty twenty one, certainly not the last. I know you're a busy lady. Where can people keep up with your work? Oh my gosh, I have been busy. YouTube dot com slash Shannon Morse, just like my name. I just did a tech predictions video and it was so cool. I got like 18 up and coming tech YouTubers to give me their twenty twenty one tech predictions for the year. And there's some names in there that you that you definitely know, Aunt Pruitt, Miriam Tank Girl, Renee Richie. So I had a whole bunch of people join in and kind of give me their thoughts and it was very, very optimistic and I was really happy to see that. So if you want to see that video and the rest of mine, check out my YouTube channel. Hey, folks, if you need just the headlines, it's OK to skip a DTS. We know you get busy. Check out our related show Daily Tech Headlines, all the essential tech news in about five minutes at Daily Tech headlines dot com. We're live on this show Monday through Friday at four thirty p.m. Eastern twenty one thirty UTC. And you can find out more at Daily Tech news show dot com slash live. We back Monday with Chris Ashley have a great weekend. All this show is part of the frog pants network. Get more at frog pants dot com. I hope you have enjoyed this program.