What's new in watchOS 4.0 for coders?

List of new features and changes, that watchOS developers will face while working with version 4.0
28 September 2017   627

watchOS 4.0 was released recently, along with new iPhone, iOS 11 and MacOS High Sierra

Let's figure out, what new features and change are there in new version of watchOS, that are relared to the development itself.

App Services

  • New in watchOS 4.0- Support for machine learning models.
    • Added the Core ML framework for easily integrating machine learning models into apps.
  • New in watchOS 4.0 - SiriKit support for notes and to-do lists.
    • Added the Lists and Notes domain to SiriKit to support using Siri to add notes, interact with to-do lists, and interact with reminders.
  • Added intents to SiriKit domains.
    • Added ride canceling and feedback to the Ride Booking domain.
    • Added transferring money and searching for accounts to the Payments domain.
  • Enhanced triggers for HomeKit.
    • Enhanced time-based conditions for triggers. HMSignificantTimeEvent specifies an offset from sunrise and sunset. HMCalendarEvent specifies a date and time. HMDurationEvent specifies a time interval.
    • Added HMCharacteristicThresholdRangeEvent for representing devices that report their state as a number range, such as blinds that report a position from 0 to 1 (instead of open or closed.)
    • Added HMPresenceEvent for adding a condition based on the presence or absence of users.
    • Updated HMEventTrigger to enable multiple occurrences.
  • Added home:didUpdateHomeHubState: to support receiving updates of the home hub state.
    • Enhanced end user transaction flow in Apple Pay.
    • Added PKPaymentError to PassKit, a structure for detailed reporting of errors in a user's shipping and payment information, and for authorization errors. Developers can use the information to provide a customized error string.
    • Updated the handler methods in PKPaymentAuthorizationControllerDelegate to receive a PKPaymentError.
    • Updated PKPaymentRequest to use PKContactField for contact information.
    • Added supportedCountries to PKPaymentRequest for specifying supported countries for a transaction.
    • Addded support for presenting payment buttons even if there are no supported payment methods in Wallet. Apple Pay now handles payment without leaving your app, and then returns to checkout.
  • Added the authorizationStatus method to the CMAltimiterCMPedometerCMMotionActivityManager, and CMSensorRecorder classes of the Core Motion framework. The method is used to determine if an app is authorized to recieve data from a source.

System

  • Updated the APIs in the Core Bluetooth framework to match across iOS, tvOS, watchOS, and macOS, and marked the platform availability of each API.
  • APFS is now the default filesystem.
    • Added normalization-insensitive support for a case sensitive filesystem.

See official docs and release notes for more information.

All modern Wi-Fi routers are threatened

KRACK researchers: "The attack works against all modern protected Wi-Fi networks"
16 October 2017   990

On Sunday, 15.10.2017, a Wi-Fi security research results were published. This is reported by the Ars Technica. 

What research? 

The research is called KRACK (Key Reinstallation Attacks). The research has been a big secret for weeks ahead of a coordinated disclosure that is scheduled for 8 a.m. Monday, east coast time. US CERT described the KRACK:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
 

US CERT team

What had researchers found? 

According to official website of KRACK, they've discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.

Researchers says that if your device supports Wi-Fi, it is most likely affected. They've discovered that: 

  • Android 
  • Linux 
  • Apple 
  • Windows 
  • OpenBSD 
  • MediaTek 
  • Linksys
  • and others.

are in danger. 

Demo

As a proof-of-concept team executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. 

FAQ

KRACK team also released big FAQ list. We are publishing the most interesting.

  • Do we now need WPA3?
    • No, luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa.
  • Should I change my Wi-Fi password?
    • Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack.
  • Is my device vulnerable?
    • Probably. Any device that uses Wi-Fi is likely vulnerable. Contact your vendor for more information.
  • Should I temporarily use WEP until my devices are patched?
    • NO! Keep using WPA2.

Learn more at KRACK official website.