Connect with us

Research

HOW APPLE MAKES BILLIONS OF DOLLARS SELLING SERVICES

Published

on

 focus is shifting. In recent years, iPhone sales have begun to plateau, and now Apple’s services business — which encompasses everything from the App Store to licensing deals — is being positioned as its next big frontier for revenue growth. More than ever, Apple wants to sell people constant, ongoing subscriptions for things they can do on their phones.

That new direction is going to be thrust into the spotlight next week at Apple’s “It’s Show Time” event, where the company is expected to unveil two big new subscription services: a TV service for original shows and movies, and an Apple News service that will bundle together premium news sources and magazines.

Apple’s services business brought in over $10.9 billion during the most recent quarter, setting records in “every geographic segment” in the process, according to Apple CEO Tim Cook. Cook also said that Apple is on track to double its services business from 2016 to 2020. Last quarter saw a 19 percent increase year over year.

It’s a substantial figure compared to Apple’s other business segments: services already brings in more per quarter than the Mac ($7.4 billion last quarter), iPad ($6.7 billion), or the collected “Wearables, Home, and Accessories” group of products ($7.3 billion). And that balance will likely only continue to shift as Apple starts to push services harder and introduces new services to which people can subscribe.

So what’s already bringing in all that services revenue, and how healthy are those businesses? Apple doesn’t break down how much money individual services make, so there’s a large extent to which we just can’t say. But we do know what businesses the segment is composed of, how much they charge, and whether they’re any good. With the services business entering a new era, here’s an overview of where it stands today.

Photo by Amelia Holowaty Krales / The Verge

APPLE MUSIC

 Music is arguably the highest-profile entry in Apple’s new services business, due to it being one of the most modern (it launched in 2015, after Apple bought and rebranded Beats Music) and one of the most interesting (sorry, extended warranty programs).

The music subscription service had 56 million customers as of December 2018, according to the Financial Times. For comparison, Spotify had 96 million paid customers as of February 2019.

It’s unclear how many of Apple Music’s customers are actively paying. The company offers free trials, and its service also comes bundled with some Verizon wireless plans.

Assuming all customers are paying $10 per month (with family plans, annual discounts, bundles, and student deals, they’re not, but this is ballpark numbers here), that puts Apple Music at a high-ball estimate of $6.7 billion per year brought in.

Cost: $10 per month ($5 per month for student plans, $15 per month for family plans)

How Apple makes money: Subscription fees, carrier partnerships.

APP STORE / MAC APP STORE

 one of the biggest contributors to Apple’s revenue is the massively popular App Store, which was estimated as of May 2018 to have seen upward of 170 billion downloads in its 10-year history.

Most of those aren’t straight-up paid purchases — a massive percentage of the App Store’s revenue comes from in-app purchases in free-to-play games like Fortniteand Candy Crush and subscription apps like Netflix, Tinder, and YouTube. According to App Annie’s latest estimates, every single one of the 50 top grossing apps on the platform is either a major service that relies on subscription fees or a free-to-play game. Even the most popular paid apps like Minecraft or Facetune just don’t make the same kind of money as free apps that rely on in-app purchases, even with in-app purchases to help bolster their numbers. And Apple takes a cut of each of those in-app purchases and subscriptions.

Those “free” apps have resulted in some pretty big sales: as of June 2018, Apple had paid out $100 billion to developers from the App Store. If you work off of Apple’s 70 / 30 revenue split (which is usually, but not always, the cut it takes from purchases), you get total sales of roughly $142 billion, with $42 billion of that going to Apple in the decade it’s been running the App Store.

That said, Apple has recently come under fire for the App Store model in the past few months: the Supreme Count is hearing an iOS App Store antitrust lawsuit that alleges Apple has an unfair monopoly on iPhone apps. And Spotify has filed another antitrust complaintover Apple’s 30 percent cut with the European Union, complaining that it gives Apple an unfair advantage when promoting its own streaming service, Apple Music.

Cost: Depends on content purchased.

How Apple makes money: in-app purchases in games, app sales, app subscriptions.

ICLOUD

 every single Apple customer who owns an iPhone, iPad, or Mac is an iCloud user, because Apple gives a paltry 5GB of storage to all customers for free. But for revenue, the important part here is the paid plans, which give users additional storage for a monthly cost.

iCloud may not have the same brand recognition as Dropbox or Google Drive when it comes to storing and sharing files, but it does have some big advantages in getting users to subscribe: it’s the only way to back up iPhones and iPads to the internet. And that storage pool counts toward nearly everything on your phone. Take too many pictures, for example, and your phone stops backing up, which creates a real incentive to shell out for more than the scant 5GB Apple gives for free.

Apple seems to know that, too: the cheapest iCloud plan is just 99 cents per month for 50GB of storage, making it an easy sell to users, but that $12 per customer per year starts to add up across the billion-plus iOS devices out in the world, even if only a fraction of them subscribe. A 2016 interview with Apple SVP Eddy Cue revealed that at the time, there were 782 million iCloud users, but Cue’s comments referred to all users — Apple has never broken out how many paid subscribers it has.

Cost: $0.99 per month (50GB), $2.99 per month (200GB), $9.99 per month (2TB). The 200GB and 2TB plans can be shared as a family plan.

How Apple makes money: subscription fees.

Mac-apps-report-verge-Amelia Krales-03

ITUNES / APPLE BOOKS

 iTunes store isn’t the juggernaut it once was — with streaming services like Spotify, Apple Music, Netflix, and Hulu, people just tend to buy fewer songs, TV shows, and movies nowadays. But it still does bring in money: it’s a one-stop-shop for a huge range of content, and like all of Apple’s other services, it’s front and center on all its devices. Want to rent a movie on your Apple TV for a movie night? iTunes is right there, ready and waiting. And with Apple expanding iTunes to other devices, like Samsung smart TVs, it seems like iTunes is still a big part of Apple’s revenue strategy going forward.

Also included here is Apple Books, which is basically iTunes, but for books. Apple Books has the issue of Amazon and its massive Kindle library as competition, which Apple infamously tried to solve in a price fixing scandal that cost the company $450 million. Even so, it’s still one of the biggest ebook stores around, and is another easy source of service revenue.

Lastly, iTunes also includes Apple’s less popular iTunes Match subscription service, which costs $25 per year and syncs users’ iTunes music across their devices, sort of like a private cloud music service where you have to buy all the music.

Cost: Depends on content purchased; $24.99 per year for iTunes Match (iTunes Match is included with Apple Music).

How Apple makes money: Purchased content, subscription fees.

APPLE PAY

 Pay is Apple’s overarching payments system — it includes using Apple Pay to make purchases on websites and inside apps, conducting contactless payments at retail stores, and sending money using Apple Pay Cash (Apple’s Venmo-style person-to-person payment system).

Apple says it doesn’t charge “users, merchants, or developers” to use Apple Pay, but reports indicate that it still receives a small fee from each transaction. That cut appears to come from the bank that issued the card with which Apple Pay is being used. Reports from 2014, when Apple Pay launched, said the fee for US banks was 0.15 percent, or 15 cents on every $100 spent.

Last quarter, Apple said there were 1.8 billion Apple Pay transactions, more than twice as many as the same quarter a year earlier. We don’t know how much those transactions are worth, and it’s likely that the vast majority of them happened outside the US, in countries where mobile payments are more popular. But that’s still a large volume of transactions where Apple takes a cut.

Apple also makes money off of Apple Pay Cash. The service is free to use when sending money with a debit card, but it charges a 3 percent fee for any funds sent using a credit card.

Cost: Three percent of any funds sent using Apple Pay Cash tied to a credit card.

How Apple makes money: Transaction fees from users, banks.

Photo by Chris Welch / The Verge

APPLECARE

 is Apple’s extended warranty service: it lets customers get longer and more comprehensive warranties for their Apple products, usually with things like discounted screen or device replacements, depending on the device.

AppleCare+ is also included as part of the monthly cost of Apple’s iPhone Upgrade Program. Like many of the other Apple services, the company hasn’t said how many users opt to buy the extended warranty.

Cost: Depends on product, ranges from $129 to $199 for iPhones, $249 to $369 for MacBook laptops, and $99 to $249 for iMac and Mac desktops.

How Apple makes money: Warranty fees.

LICENSING

 isn’t quite a consumer-facing service like everything else on this list, but it’s a big business. Apple sells licenses to companies to get their services built into iOS, like how Google is the default search engine or The Weather Channel provides weather data. That kind of front row real estate on all of Apple’s devices is worth a lot, and it provides a big chunk of Apple’s services revenue.

Licensing agreements are a particularly opaque area of Apple’s business. The last clear numbers we have are from 2014, when court documents revealed that Google paid Apple $1 billion to stay the default search bar on iOS as part of the company’s revenue sharing agreement. But recent estimates from analysts have put Apple’s fee at roughly $9 billion — a number that, if true, would make it one of the biggest parts of Apple’s entire service group all on its own.

Cost: Nothing, unless you prefer Bing for search.

How Apple makes money: Licensing payments from companies like Google to be featured on Apple products.

MAPS, SIRI, FREE ICLOUD

 is where things get weird: As of its most recent quarter, Apple now takes part of the sale price of every iPhone, iPad, and Mac and converts it into money for services, which it then spreads out across multiple quarters. Basically, Apple counts “free” services like Maps, Siri, and parts of iCloud (like iMessage), and considers them to be built into the cost of its devices.

It’s a meaningful shift, too: when Apple started factoring in payments for these free services, its total service revenue for Q1 2018 jumped 7.7 percent, from the originally reported $8.47 billion to $9.13 billion.

Cost: Free? But also you’re technically paying for it when you buy your iPhone.

How Apple makes money: Hardware purchases.

Correction: Only Samsung smart TVs will have the iTunes app, not LG TVs (although those will have AirPlay 2 and HomeKit).

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Research

New LRC Study Evaluates the Effectiveness of Apple’s iPad Night Shift Application

Published

on

By

The light emitted by portable electronic devices (PEDs), particularly when used at night, has drawn a great deal of interest among sleep researchers, healthcare professionals, and the media. Research shows that exposure to light at night (LAN) may be associated with poor sleep and may lead to diminished alertness and performance throughout the day. Exposure to LAN can also acutely suppress melatonin, a hormone produced at night and in darkness, which tells the body it is nighttime. The short-wavelength “blue” light emitted by electronics can be especially disruptive to melatonin production, and the proximity to the eye when PEDs are in use only aggravates the threat to getting a good night’s sleep.In an effort to address this problem, in 2016 Apple Inc. released the Night Shift application for its line of PEDs, notably including the iPad, which in the third quarter of 2017 was the world’s most popular computer tablet and accounted for 25% of the year’s global tablet sales. The Night Shift mode permits users to change the screen’s color to “more warm” (i.e., less blue light) or “less warm” (i.e., more blue light), without necessarily changing its brightness. A new study from the Lighting Research Center (LRC) at Rensselaer Polytechnic Institute investigated the effectiveness of Night Shift for lessening the impacts of nighttime iPad use on melatonin suppression, a marker of the circadian system. The study, to be published in 2018 by the peer-reviewed journal Lighting Research & Technology, is currently in press and is now available to subscribers online.In the study, LRC researchers Rohan Nagare, Barbara Plitnick, and Mariana G. Figueiro recruited 12 young adults to view iPads between 11:00 p.m. and 1:00 a.m. on four separate nights under four experimental conditions. One of the study’s conditions deliberately suppressed participants’ melatonin levels by delivering a blue light intervention to the participants’ eyes via light-emitting diode (LED) goggles designed by the LRC. A second condition occurred in dim light (< 5 lux), where participants wore orange goggles that filtered blue light, which served as the control for the baseline melatonin suppression calculations. The study also used two spectrally distinct lighting interventions for the iPad that were generated by adjusting the ‘color temperature’ slide control of the device’s Night Shift application to either extreme of its more warm (2837 K) or less warm (5997 K) range. LRC researchers independently measured the correlated color temperature (CCT) of each Night Shift setting as part of the study. Participants exposed to the Night Shift Low CCT (more warm) and Night Shift High CCT (less warm) interventions wore lensless eyeglasses frames fitted with an LRC-developed circadian light meter called a Dimesimeter, which measured eye-level light exposures. Data from the Dimesimeter was used to calculate the circadian stimulus (CS) received by participants during the experiment. Using the LRC’s free, downloadable CS Calculator, LRC researchers were able to closely predict the amount of melatonin suppression that was recorded for the participants.Results showed that all three lighting interventions significantly suppressed melatonin over the two hours of each study night. More importantly, there was no significant difference between the effectiveness of the two Night Shift settings. For a two-hour exposure to the iPad, the LRC measured: – 23% melatonin suppression on regular settings (not using Night Shift; from previous Wood et al. study) -19% melatonin suppression while using Night Shift High CCT -12% melatonin suppression while using Night Shift Low CCT  The study’s main takeaway is that changing screen color alone is insufficient for limiting the impact of PEDs on melatonin levels in the evening, and that screen brightness should also be reduced. Overall, the results of this LRC study may be useful for developers, manufacturers, and users of self-luminous electronic devices by emphasizing considerations other than light spectrum when designing and using display applications for health and wellbeing. In addition to spectral properties, LRC researchers recommend that users also consider lowering the amount of light emitted by PEDs by keeping light levels low, limiting the use of PEDs to one-hour sessions, and avoiding exposures starting at least two hours before bedtime. Better yet, LRC researchers recommend turning off PEDs at least two hours prior to desired bedtimes. Even if melatonin is not suppressed during this interval, these devices can be alerting to the brain and, as a result, can disrupt sleep.
About the Lighting Research Center
The Lighting Research Center (LRC) at Rensselaer Polytechnic Institute is the world’s leading center for lighting research and education. Established in 1988 by the New York State Energy Research and Development Authority (NYSERDA), the LRC conducts research in light and human health, transportation lighting and safety, solid-state lighting, energy efficiency, and plant health. LRC lighting scientists with multidisciplinary expertise in research, technology, design, and human factors, collaborate with a global network of leading manufacturers and government agencies, developing innovative lighting solutions for projects that range from the Boeing 787 Dreamliner to U.S. Navy submarines to hospital neonatal intensive-care units. In 1990, the LRC became the first university research center to offer graduate degrees in lighting and today, offers a M.S. in lighting and a Ph.D. to educate future leaders in lighting. Learn more at www.lrc.rpi.edu.About Rensselaer Polytechnic Institute
Founded in 1824, Rensselaer Polytechnic Institute is America’s first technological research university. Rensselaer encompasses five schools, 32 research centers, more than 145 academic programs, and a dynamic community made up of more than 7,900 students and more than 100,000 living alumni. Rensselaer faculty and alumni include more than 145 National Academy members, six members of the National Inventors Hall of Fame, six National Medal of Technology winners, five National Medal of Science winners, and a Nobel Prize winner in Physics. With nearly 200 years of experience advancing scientific and technological knowledge, Rensselaer remains focused on addressing global challenges with a spirit of ingenuity and collaboration.

Continue Reading

Reports

Would life be happier without Google? I spent a week finding out

Published

on

By

People had to get by without the search engine giant before it was launched in 1998. But is it possible to live your life – and do your job – without it these days?

‘There are still plenty of “now what”? moments.’
 ‘There are still plenty of “now what”? moments.’ Photograph: Graeme Robertson/The Guardian

Halfway through my week without Google, my wife mentions that she would like to go out to see a film that evening, and I agree to deal with the logistics. In what I initially think is an inspired move, I drop by the local cinema on the way home and scribble down all the film times in my notebook. Then my wife insists on going to a different cinema.

“Can I do this by phone?” I ask her. “Is 118 still a thing?”

Turns out it is, and an expensive one: £2.50 a call, plus 75p a minute, plus a 55p access charge from my mobile provider. But more than a million people a year still use the service, and it even offers a text facility that answers questions – although you’re essentially just asking someone to Google something for you and text you back, for £3.50 a go.Advertisement

Before I started this experiment, when I tried to imagine what it would be like to take a break from Google, what I was really trying to remember was how my life worked all those years before it started.

Google was founded in 1998. Thinking back to the mid-90s, I dimly recall visiting libraries in the course of my work as a journalist, and having fat envelopes of press cuttings delivered to my door. I remember tracking down Meat Loaf’s out-of-print autobiography in a secondhand bookshop the day before interviewing him. But often, I never found the answers I was looking for. Instead, I adjusted the questions.

I remember factual disputes in pubs and at dinner parties that simply never got settled. I remember finding my own way around town. I remember learning straightforward repairs from books instead of videos. I remember doing all of these things, but I don’t really remember how it felt.

To get Google out of your life is a big undertaking. Google Maps doesn’t just get you to places; it drives many of the other apps you use, including Uber. Google owns YouTube. Google controls my thermostat.

For the purposes of this experiment, I am simply avoiding the maps, the search engine, the browser and YouTube. I am going to keep using email. There are, of course, other browsers, search engines and map apps out there, but I am not trying to find substitutes. I am trying to do without.

My reasons have little to do with Google’s monopoly on searching, or its free and easy way with my data. I am worried it is doing something to my brain. Actually, I am worried that Google is my brain.Advertisement

In his book The Shallows, Nicholas Carr describes familiar symptoms while trying to absorb text of any length: “My concentration starts to drift after a page or two. I get fidgety, lose the thread and begin to look for something else to do.” The book’s main contention is that our highly plastic brains are being rewired by the demands of online existence: an increased knack for mental multitasking comes at the price of our ability to think deeply. Google, he says, is a huge part of this: “Google is, quite literally, in the business of distraction.”

The Shallows was published in 2010, and it is unlikely anything has improved since then. Carr maintains that the rise of the smartphone, along with social media, has magnified the problem considerably. “A decade ago, you could still make a distinction between ‘online’ and ‘offline’,” he tells me in an email. “We spent a lot of time on the internet, but we didn’t live there. Now, we do. Today, essentially, people are always online.”

Google receives 63,000 searches every second, about 2tn a year, accounting for more than 90% of the global search engine market. It is said that the average person performs three to four searches a day, but a glance through my browser history before shutting Google down shows I regularly exceed 20. Many of these are purposeful; many more are not. Two weeks ago, I found and ordered the precise replacement part I needed for my broken coffee machine. But I also searched for the name of someone I’d met the night before; a definition of China’s One Belt One Road development strategy; a catflap door; a list of Balkan cities (cheating at a crossword); the local recycling timetable; what toothwort is; and “Yul Brynner as robot with face plate removed”.

For my own sanity, I need a break.

Monday

When I moved house two years ago, I started to rely on Google for navigation. Now, I am utterly dependent. I don’t just want to know the way – I want to know the best way, as of this minute. I can’t remember the last time I gave a thought to where anything was.

“How do I buy an A-Z?” I ask my wife.

“I don’t even know that you can,” she says. I think: Google would know.

A-Zs are still widely available, as I discover after I take the bus to the closest bookshop on my severely depleted mental map. While I am there, I run across a book called Offline – which promises to help me “avoid the potentially disastrous side-effects of digital pollution”. I am reminded how big a role serendipitous discovery used to play in pre-Google research.

On the way home, I drop by my nearest library for the first time. It is a tiny branch, and the computing section is mostly dedicated to programming manuals, a fair number with the words “for Dummies” in the title. Everybody else in the room is looking at Google. I am sure this borough has a bigger central branch, but I have no idea where it is. An A-Z only works with an address. You can’t just look up “library”.

Later, I find my son in the kitchen, making tea. He was born in 1999, so he has never known a world without Google.

“So, it’s the first day of my week without Google,” I tell him.

“You’re switching search engines?” he asks.

“No, that’s not the point,” I say.

“What is the point?”

“The point is to remember what it was like before,” I say. “You have no idea how people used to find out stuff.”

“You just had to hope someone else knew,” he says.

“There were systems in place,” I say, “of which you know nothing.”

“Without Google, the issue was how to get the answer,” he says. “With Google, the issue is the answer.”

“Let’s say you wanted to know about brain surgery,” I say. “First, you would …” I stop there. I can’t remember.

‘I still have a basic printed reference library.’
 ‘I still have a basic printed reference library.’ Photograph: Graeme Robertson/The Guardian

Tuesday

I spend the morning in my home office, unsure about how to proceed with, well, anything. Once again, I ask myself: how did this work in 1997?

I remember that, back then, I bought three or more newspapers every day, and kept all the copies until the end of the week. I still have a basic printed reference library – dictionaries of biography, film, literature, etymology, quotations, etc – but nothing has been updated for 20 years. I once owned a handy encyclopedia on CD-Rom, but that went the way of the CD-Rom drive.

For reassurance, I return to the book I bought – Offline, by Imran Rashid and Soren Kenner – which explains that while Google may be great for finding facts and coffee machine parts, its primary purpose is to deliver me to advertisers, as part of a system designed to make sure I am never not shopping: “Think of it as a complete set of rails laid out in front of you and designed to keep you engaged by exposing you to a number of different approaches.”

I think about a jacket I searched for last week, which I decided was too expensive, and which haunted every webpage I visited afterwards, floating above the text I was reading as if to say: look what you forgot to buy.

As the authors point out, there is a reason I had this miraculous, free, search facility – and all the knowledge it could locate – at my fingertips. “The equation is actually very simple if you look at it as a reversal of the traditional vendor-consumer relationship,” they write. “Your attention is the commodity.” Competition for my attention is fierce, and the result is that I am inattentive to almost everything else. As the book reminds me, before the advent of smartphones “most of us could hold 20 or even 50 phone numbers in our head”. Today, I know precisely four: my parents’ home phone – unchanged for 55 years; my dad’s office number – not in use for 15; my wife’s mobile; and mine.

‘I ring the cinema … it refers me to the website.’
 ‘I ring the cinema … it refers me to the website.’ Photograph: Graeme Robertson/The Guardian

Wednesday

A Guardian photographer follows me while I navigate through London with my A-Z, but I can tell he is frustrated and wants to use his phone. I keep dropping things into the conversation such as: “I wonder how you go about getting a British Library card?”, hoping he might be able to tell me. I think about what my son said – “You just had to hope someone else knew” – and I realise my primary research tool was, and still is, the stupid question. When you ask Google, nobody has to hear.

It’s the day of my wife’s proposed cinema visit, and 118 connects me to the cinema chain’s recorded phone menu, which refers me to the website for film times and hangs up on me. I ring back and select the booking option. After a 10-minute wait, I am connected to a charming woman who seems to have nothing but time. She runs me through the whole film schedule twice, and describes the interior of the cinema in some detail so I can choose my seats. I have a little trouble making up my mind. “No worries at all,” she says. “Is there a card in your name we’ll be popping this on to?” I can’t figure out why she’s being so patient, until I realise she’s assuming I am very old. Otherwise, I would be doing this online.

That evening, following her precise instructions, I show my credit card to the man at the popcorn till. He looks up my name and prints out my tickets. “It’s like shopping by candlelight,” I say.

Thursday

At a small library I run across by accident, I make a random discovery: in a thick binder labelled “local info” is a book that contains the addresses of every library in the country. I take a picture of the listing for my local main branch – Ealing central library – and head off.

Navigating by A-Z again is an eye-opener. You need to keep your head up to read street signs and posted bus routes, and there are still plenty of “now what?” moments, not least when I get off the bus where the library is supposed to be, and there is nothing remotely library-shaped on the horizon.

It transpires Ealing central library is located inside the Ealing Broadway shopping centre. After a speculative wander, I find a sign, then another, directing me to the first floor. The library, it turns out, is closed – not for the afternoon, or the day, but since August, for renovations.

Friday

I don’t know what to do with myself. What is the point of having a computer if you can’t look things up on Google? Yes, I do have some work to do, but the days of deprivation have done nothing to restore my attention span. In the afternoon, a slim package arrives: my long-awaited coffee machine part, essentially a knob. Thanks to Google, it is the precise knob for my model, but it’s missing the small plastic insert that was the actual broken bit. Without it, the knob is useless.

At this point I feel very close to quitting the experiment because I really want that plastic sleeve. With a heavy heart, I pull the invoice from the bin, ring the number on it and listen to eight minutes of hold music. Eventually, a woman, Vivienne, picks up. I describe my problem.

“It’s a little plastic piece, like a sleeve,” I say.

“No idea what that would be,” she says. “Can you find a picture of it and give me the model number?”

“I can’t get online,” I say.

“That’s fine,” she says. “What about an email address?”

“Yes,” I say. “I’m allowed email.”

She sends me an exploded illustration of my coffee machine with all the parts numbered.

“I don’t see it there, Vivienne,” I say. “Unless it’s embedded in the knob.”

“I’m afraid you’ll have to call the manufacturer,” she says. “Do you want the number?”

The manufacturer answers with a recording telling me that the service department is closed on Friday afternoons.

Saturday

It’s probably fair to say that Google is inescapable, unless you resign yourself to getting nowhere without it. I spent so much of my week being either lost or bewildered, when the basic solution to my immediate problem might have been at my fingertips.

But it wasn’t a waste. I got almost nothing done, but, while I was out there, I did a lot of looking and I bought a lot of stuff. I even found a version of that jacket I liked in a shop, for a third of the price. Now when it hovers over the webpage I am on, saying: “Buy me!”, I’ll be wearing it. I briefly reclaimed the ability to walk through the world with maximum inefficiency, relying on random discoveries, luck, the kindness of strangers and the patience of phone operators.

I return to the email Carr sent me. “Constant connectivity has become so habitual (and so expected by society) that brief breaks just aren’t going to be sufficient to retrain the brain to relax, resist distraction and concentrate,” he writes. “At this point, the craving for the screen’s stimulations is pretty deeply engrained in most people’s psyches.”

‘It’s probably fair to say Google is inescapable.’
 ‘It’s probably fair to say Google is inescapable.’ Photograph: Graeme Robertson/The Guardian

This may be the main problem: Google and the other major platforms have got very good at keeping our attention. The price we pay is endless inattention to the world around us. And that’s not all Google’s fault. “Thanks to some combination of laziness, gullibility and vanity, we have proven ourselves all too eager to embrace a culture of distraction and dependency,” said Carr. “We could have said no.”

One of the great impositions of modern life is the obligation to go everywhere forewarned and forearmed, to access timetables, reviews and instructions ahead of even the simplest tasks, for the sake of a frictionless existence. Once, it was creepy to Google someone just before you knew you were going to meet them. Now it’s sort of required.

I am not nostalgic for an era of bank queues, closed shops and being lost. I am glad to be relieved of the obligation of social interaction just to access a bit of information, because people are not always helpful, patient or fun to talk to. But for all that Google has given us, we have paid a price: we’re well on our way to eliminating the element of surprise from our lives and, with it, joy.

I don’t think it is too late to reclaim some of our attention back. My brain responded pretty well to the time off. Even Carr is not wholly pessimistic about the future. “I wouldn’t rule out the emergence of a counterculture that rejects digital media entirely – a kind of echo of the ‘back to nature’ movement of the 60s,” he wrote. “That may be wishful thinking on my part, but you never know.”

Source: The Guardian

Continue Reading

Findings

MYSTERIOUS HACKERS HID THEIR SWISS ARMY SPYWARE FOR 5 YEARS

Published

on

By

IT’S NOT EVERY day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who’s kept those tricks under wraps for more than five years.

In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm’s discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it’s calling TajMahal. The TajMahal framework’s 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of “files of interest,” automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.

“Such a large set of modules tells us that this APT is extremely complex,” Shulmin wrote in an email interview ahead of his talk, using the industry jargon—short for advanced persistent threat—to refer to a sophisticated hackers who maintain long-term and stealthy access to victim networks. “TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing.”

It’s remarkable how long TajMahal remained undetected.

Kaspersky says it first detected the TajMahal spyware framework last fall, on only a single victim’s network: The embassy of a Central Asian country whose nationality and location Kaspersky declines to name. But given the software’s sophistication, Shulmin says TajMahal has likely been deployed elsewhere. “It seems highly unlikely that such a huge investment would be undertaken for only one victim,” he writes. “This suggests that there are either further victims not yet identified, or additional versions of this malware in the wild, or possibly both.”

Those initial findings may indicate a very cautious and discreet state-sponsored intelligence-gathering operation, says Jake Williams, a former member of the National Security Agency’s elite Tailored Access Operations hacking group. “The extensibility of it requires a large developer team,” Williams notes. He points out also that the ability to avoid detection and the single known victim suggest extreme care in targeting, stealth, and operation security. “There’s all kinds of stuff here that screams opsec and very regimented tasking.”

Shulmin says Kaspersky hasn’t yet been able to connect TajMahal, named for a file the spyware uses to move stolen data off a victim’s machine, to any known hacker groups with the usual methods of code-matching, shared infrastructure, or familiar techniques. Its Central Asian target doesn’t exactly provide any easy clues as to the hackers’ identities either, given the vagueness of that description and the countries with sophisticated hacker teams with Central Asian interests, including China, Iran, Russia and the US. Nor has Kaspersky determined how the hackers behind TajMahal gain initial access to a victim network. But they do note that the group plants an initial backdoor program on machines, which the hackers labelled Tokyo. That backdoor uses the tool PowerShell, often exploited by hackers, to allow the intruders to spread their compromise, connect to the a command-and-control server, and plant TajMahal’s much more multifunctional payload spyware, labelled by the hackers as Yokohama, with its dozens of distinct modules.1

Yokohama’s Swiss Army-style versatility is what stood out most to Kaspersky’s researchers. While it includes many of the usual, powerful capabilities of state-sponsored spies, it also has some more idiosyncratic features: When a USB drive is plugged into an infected PC, it scans its contents and uploads a list of them to the command-and-control server, where the spies behind TajMahal can decide which files they want to exfiltrate. If the USB drive has been removed by the time the hackers have made up their minds, TajMahal can automatically monitor the USB port for the same drive to pull off that file, and upload it the next time it appears. The spyware has other modules that allow it to flag files that have been burned to a CD, or put into a printer queue.

While none of those features are particularly flashy, they signal a careful adversary taking pains to discern which files among the vast and messy contents of a victim’s computer might be worth stealing. “One would not print information, save it to a USB stick, or burn it onto a CD if this information was not important in some way,” Shulmin says.

Considering its sophistication and eclectic features, it’s remarkable how long TajMahal remained undetected. The Central Asian embassy victim, Kaspersky says, had been compromised since at least 2014. But the compile times of various elements of TajMahal—the time stamps that indicate when a piece of it was programmed—indicate it was active both before and long after that date. Some modules dated back to 2013, while others dated as recently as 2018.

“Somehow, it has stayed under the radar for over five years. Whether this is due to relative inactivity or something else is another intriguing question,” Shulmin writes. “It is a reminder to the cybersecurity community that we never really have full visibility of everything that is going on in cyberspace.”

Continue Reading
Advertisement

Trending

%d bloggers like this: