Author: peterjang73

Nothing’s ultra-cheap subbrand CMF is restricting users’ independent access to the $200 Phone 1’s depth sensor. It’s a mere 2 MP lens and one of only two sensors on the phone’s exterior, but some users claimed it gave them Superman-like X-ray vision to see through thin plastic or even some bedsheets. 

The CMF Phone 1 has proved popular with the budget-conscious and DIY crowd for the phone’s low price and easily customizable shell. It has a much more constrained look than Nothing’s other products; it features some of the same software featured on Nothing’s recent Phone (2a). It sports a 50 MP primary camera, though two sensors are on the phone’s screw-on chassis. The second is a depth sensor, though it’s not something users can physically access on their own. One YouTuber named Maxwell Lu posted a video purportedly showing how the sensor could see through the rear panel of his TV remote, a beanbag, and some bedsheets.

Nothing’s co-founder and head of marketing, Akis Evangelidis, took to Twitter to confirm the depth sensor’s see-through capabilities. He claimed the depth sensor normally works with the main sensor to create large depth-of-field effects when taking photos in Portrait Mode. Since this sensor doesn’t have an infrared light filter, it could see through some semi-transparent objects. This works best against thin black plastic, though it can see through some other synthetic materials.

Evangelidis said they were updating its phones to remove access to the depth sensor via third-party apps. That was supposed to come in an update sometime this week. Gizmodo reached out to Nothing to confirm if the update has hit users’ phones, and we’ll update this post if we learn more.

Gizmodo could not independently confirm whether this worked as shown. Lu claimed he managed to access the sensor by running a third-party camera app in developer mode. This is very, very similar to a similar controversy with the OnePlus 8 Pro phone back in 2020. That device also had an infrared camera filter feature similar to the CMF Phone 1’s secondary sensor. 

Accessing that camera filter through a third-party app enabled it to see through some thin plastic devices, such as TV remotes. However, it wasn’t possible to do X-ray vision to look through people’s clothes unless you held them very close and they were wearing very thin garments made with some truly off-brand materials.

So it’s not like anybody with a CMF Phone 1 was ever capable of using the depth sensor to become the next breed of public creep, but it was an unintended use for the phone. In that same Twitter thread, Evangelidis complained that “people are trying to come as us from every angle” because “they aren’t comfortable with our success.” 

A group calling itself “NullBulge” published a 1.1-TB trove of data late last week that it claims is a dump of Disney’s internal Slack archive. The data allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs.

The hackers claim they got access to the data from a Disney insider and named the alleged collaborator. A person with that name who lists Disney as their current employer did not return WIRED’s request for comment. Whether the hackers actually had inside help remains unconfirmed; they could also have plausibly used info-stealing malware to compromise an employee’s account. Disney did not confirm the breach or return multiple requests for comment about the legitimacy of the stolen data. A Disney spokesperson told the Wall Street Journal that the company “is investigating this matter.”

The data, which appears to have been first published on Thursday, was posted on BreachForums and later taken down, but it is still live on mirror sites.

Roei Sherman, field CTO at Mitiga Security, says he isn’t surprised that a giant like Disney could have a breach of this scale and significance. “Companies are getting breached all the time, especially data theft from the cloud and software-as-a-service platforms,” he says. “It is just easier for attackers and holds bigger rewards."

Sherman, who reviewed the data in the leak, added that “all of it looks legit—a lot of URLs, conversations of employees, some credentials, and other content.”

The NullBulge site says that it is a “hacktivist group protecting artists’ rights and ensuring fair compensation for their work.” The group claims it hacks only targets that violate one of three “sins.” First: “We do not condone any form of promoting crypto currencies or crypto related products/services.” Second: “We believe AI-generated artwork harms the creative industry and should be discouraged.” And third: “Any theft from Patreons, other supportive artist platforms, or artists in general.”

The group’s “wall of knowledge,” where it lists its data dumps, summarizes the philosophy: “What better way to punish someone than getting them in trouble eh?” Previously, the group targeted the Indian content creator Chief Shifter with a “first shaming.” Then in May, NullBulge posted a “second punch” and teased the Disney breach. “Here is one I never thought I would get this quickly … Disney. Yes, that Disney,” NullBuldge wrote, suggesting that the group may be a single person. “The attack has only just started, but we have some good shit. To show we are serious, here is 2 files from inside.”

In addition to the alleged Slack data, NullBulge posted what appears to be detailed information about the individual whom they claim provided the insider access and data. The leak includes medical records and other personally identifying information, plus the alleged contents of the alleged Disney employee’s 1Password password manager. NullBulge claims to have doxxed the individual in retaliation for cutting off communication and access, although whether the employee actually collaborated with the group in the first place remains unconfirmed.

Security researchers have long warned about corporate Slack accounts as a treasure trove for attackers if compromised. The popular team communication platform is owned by Salesforce and is used by an array of prominent organizations, including IBM, Capital One, Uber, and Disney rival Paramount.

“Disney will probably be targeted a lot more now by opportunistic threat actors,” Sherman warns.

I remember my college dorm’s basement had an elaborate recycling area with various trash cans. One was a slim, long, transparent container with a small opening at the top. It was a dedicated trash can for batteries. I never saw it filled up in the one year I lived there, which made me wonder just what my classmates were doing with all their old batteries. I assumed they just tossed their dead Duracells into the trash with little regard for the amount of e-waste already in the world.

This morning, I was very happy to see the announcement of an upcoming battery recycling program funded by the US Department of Energy. This $14 million program, introduced by the Biden Bipartisan Infrastructure Law, aims to install more than 1,000 consumer battery collection points across the US at Staples and Battery Plus stores.

The collection points will serve as drop-off sites where people can safely dump their consumer tech batteries or devices containing them. According to the Wired article, these devices include rechargeable batteries, cell phones, laptops, vacuums, and smartwatches. It specifically points out that EV batteries are not part of the list.

The announcement explains that these devices typically contain precious minerals like nickel, lithium, and graphite, generally sourced from China. This step aims to reuse those minerals, shift towards clean energy manufacturing, and limit imports from China.

Emily Mullin at Wired explains that the battery recycling plan goes beyond reusing its components. It becomes even more necessary when you realize that dumping lithium-ion in a trash can is far from safe anyway. With all that flammable chemicals inside, it’s like a ticking time bomb waiting to go off.

Interestingly, they also highlight that recycling them will still be a considerable challenge despite introducing battery collection points. It’s a task and a half to extract the precious minerals from these batteries. They go as far as to say that “processing these materials can be more expensive than mining them fresh.” Not only is the task difficult to undertake, but it’s also unsafe and very costly.

China is planning its first mission to impact an asteroid in the name of planetary defense. The mission will serve a dual purpose: One craft will impact the asteroid while its partner observes the space rock to learn more about the solar system and its formation.

The China National Space Administration (CNSA) mission may have already selected its target — the near-Earth object (NEO) 2015 XF261, a nearly 100-foot-wide (30 meters) asteroid.

According to the small-body database managed by NASA’s Jet Propulsion Laboratory (JPL), 2015 XF261 last came relatively close to Earth just this week, on Tuesday (July 9), when it passed within 31 million miles (50 million kilometers) of our planet. The space rock was traveling at around 26,000 mph (42,000 kph), roughly 30 times faster than the speed of sound.

The nonprofit Planetary Society reported that this is the latest development in asteroid impact mission planning for China, a country that has recently become increasingly interested in planetary defense.

Related: 2 asteroids just zipped by Earth, and NASA caught footage of the action

The Planetary Society pointed to a recent paper in the Journal of Deep Space Exploration that discussed the proposed 2015 XF261-targeting mission.

"For China’s first near-Earth asteroid defense on-orbit verification mission, a defensive disposal demonstration will be carried out on the potential risk of near-Earth asteroids impacting the Earth," the study states. 

"The scientific objectives of the on-orbit verification of asteroid defense and its specific scientific exploration mission will be designed and proposed," it adds. "A scientific payload demand analysis will be carried out, and payload configuration plans and exploration mission requirements will be proposed to provide a decision-making basis for the future implementation of asteroid defense missions."

Following the imapct of DART

The planned mission follows in the footsteps of a groundbreaking NASA planetary defense mission, the Double Asteroid Redirection Test (DART), which in September 2022 impacted the smaller body in the Didymos binary asteroid system.

The impact of the 1,260-pound (570 kilograms) DART spacecraft on the moonlet Dimorphos, which orbits a larger 2,560-foot (780 m) asteroid called Didymos, at 14,000 mph (22,500 kph) was deemed a success. The impact shifted the orbit of the two asteroids and demonstrated that, with enough lead time, a kinetic impactor could divert a smaller asteroid from an impending collision with Earth.

In October 2024, the European Space Agency (ESA) will launch the Hera spacecraft to the Didymos system to further assess the impact of the DART mission. Hera is expected to rendezvous with Dimorphos and Didymos in 2026.

China’s two-spacecraft 2015 XF261 mission will combine the work of DART and Hera, impacting the NEO and observing its target for between six months and a year after the collision. 

Asteroids like 2015 XF261 are thought to have been created from material left over after the formation of the planets around 4.6 billion years ago. As such, they offer the opportunity to study "unspoiled" material that was the building blocks of the solar system’s worlds, including Earth.

The CNSA mission is expected to launch before 2030, and the final choice of its NEO target will depend on its launch schedule. In April 2024, SINA Technology reported that Wu Weiren, director of China’s Deep Space Exploration Laboratory (DSEL), set a more firm date for the mission’s launch, stating it would blast off in or around 2027.

2015 XF261 is set to pass Earth in March and May 2027, but the asteroid will still be 20 million miles (32 million km) from our planet at the time, and the CNSA will need time to reach it. DART hit Dimorphos when its system was just 7 million miles from Earth, and that journey took 10 months to complete.

The CNSA could get another shot at punching 2015 XF261 in April 2028, when the asteroid will be around 13 million miles (21 million km) away. But the best opportunity for such a mission seems to come in April 2029, when the asteroid will come to within 4.2 million miles (6.8 million km) of Earth. Another good chance will come in April 2030, when 2015 XF261 approaches Earth within around 4.4 million miles (7.1 million km).

This isn’t the first asteroid impact mission proposed by CNSA. In 2023, the Chinese space agency seemed to be planning a planetary defense test to launch in 2025. 

This mission would have set its sights on a different asteroid, known as 2019 VL5. It’s not known why the CNSA seems to have switched from this NEO, which is also about 100 feet (30 m) wide, to 2015 XF261.