Category: Tech

Given that the goal of developing a generative artificial intelligence (GenAI) model is to take human instructions and provide a helpful app, what happens if those human instructions are malicious? That was the question raised during a demonstration of AI vulnerabilities presented at the Centre for Emerging Technology and Security (CETaS) Showcase 2025 event in London.

“A language model is designed to summarise large amounts of information,” said Matthew Sutton, solution architect at Advai. “The aim is to give it as much test information as possible and let it handle that data.”

Sutton raised the question of what would happen if someone using a large language model (LLM) asked it to produce disinformation or harmful content, or reveal sensitive information. “What happens if you ask the model to produce malicious code, then go and execute it, or attempt to steal somebody’s data?” he said.

During the demo, Sutton discussed the inherent risk of using retrieval augmented generation (RAG) that has access to a corpus of corporate data. The general idea behind using a RAG system is to provide context that is then combined with external inference from an AI model.

“If you go to ChatGPT and ask it to summarise your emails, for example, it will have no idea what you’re talking about,” he said. “A RAG system takes external context as information, whether that be documents, external websites or your emails.”

According to Sutton, an attacker could use the fact that the AI system reads email messages and documents stored internally to place malicious instructions in an email message, document or website. He said these instructions are then picked up by the AI model, which enables the harmful instruction to be executed. 

“Large language models give you this ability to interact with things through natural language,” said Sutton. “It’s designed to be as easy as possible, and so from an adversary point of view, this means that it is easier and has a lower entry barrier to create logic instructions.”

This, according to Sutton, means anybody who wants to disrupt a corporate IT system could look at how they could use an indirect prompt injection attack to insert instructions hidden in normal business correspondence.

If an employee is interacting directly with the model and the harmful instructions have found their way into the corporate AI system, then the model may present harmful or misleading content to that person.

For example, he said people who submit bids for new project work could provide instructions hidden in their bid, knowing that large language model will be used to summarise the text of their submission, which could be used to influence their bid more positively than rival bids, or instruct the LLM to ignore other bids.

For Sutton, this means there is quite a broad range of people that have the means to influence an organisation’s tender process. “You don’t need to be a high-level programmer to put in things like that,” he said.

From an IT security perspective, Sutton said an indirect prompt injection attack means people need to be cognisant as to the information being provided to the AI system, since this data is not always reliable.

Generally, the output from an LLM is an answer to a query followed by additional contextual information, that shows the users how the information is referenced to output the answer. Sutton pointed out that people should question the reliability of this contextual information, but noted that it would be unrealistic and undermine the usefulness of an LLM if people had to check the context every single time it generated a response.

Source

While both the iPhone Fold and the iPhone 20 have been rumored for some time, it’s now clear that these are separate products. Initially, it seemed possible that the foldable iPhone could be the major redesign expected for the 20th anniversary of Apple’s iPhone. After all, what better way for Apple to deliver a repeat of Apple’s “iPhone X moment” than with a groundbreaking foldable device? But it appears Cupertino has a different plan. The iPhone Fold and the iPhone 20 will be separate products, if a report from one of the most prolific and accurate Apple analysts is to be believed.

According to analyst Ming-Chi Kuo (and several other analysts), Apple aims to launch its first iPhone Fold in the second half of 2026. A year later, the company plans to release the iPhone Fold 2. Kuo was the first to report on this device.

Still, the analyst suggests that the iPhone 20 will be something else entirely. Or at the very least, it won’t be a foldable. Here’s his timeline for the next two years:

• 2H25: iPhone 17 Pro Max, iPhone 17 Pro, iPhone 17 Slim, iPhone 17
• 1H26: iPhone 17e
• 2H26: iPhone Foldable, iPhone 18 Pro Max, iPhone 18 Pro, iPhone 18 Slim
• 1H27: iPhone 18, iPhone 18e
• 2H27: iPhone Foldable 2 (already in development), iPhone 19 Pro Max, iPhone 19 Pro, iPhone 19 Slim (with a larger display than the 18 Slim)

Note that “Slim” is Kuo’s name for what we’ve all been referring to as the new “Air” series.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

In addition to Kuo, The Information‘s Wayne Ma recently revealed the first rumored feature of the iPhone 20, which is a true all-screen design. According to Ma, Apple will be able to hide both the Face ID and front-facing camera sensors. For the iPhone 18 Pro, only the Face ID sensors will be hidden, but for the iPhone 20, everything will be concealed.

Interestingly, the first foldable iPhone might drop Face ID in favor of Touch ID, as Apple may not be able to integrate the facial recognition sensor into a folding display.

In short, Apple is gearing up to offer a wide range of iPhones in the coming years: an Air model, a budget-friendly “e” variant, a foldable phone, and a brand-new device to mark the iPhone’s 20th anniversary.

Source

Retail, insurance, legal and funeral care cooperative Co-op has confirmed it has shut off an unspecified number of back-office and communications systems to rebuff a series of ongoing attempts to hack into its IT systems.

In the wake of the still-developing incident affecting Marks and Spencer (M&S), which has been identified – although not confirmed – as the work of cyber crime collective Scattered Spider, Co-op now becomes the second UK retailer to face down a cyber attack in the space of a fortnight.

At this stage, no link between the two attacks has been established, and nor should one be implied.

A Co-op spokesperson told Computer Weekly: “We have recently experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back-office and call centre services.

“All our stores – including quick commerce operations – and funeral homes are trading as usual.  We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.

“We are not asking our members or customers to do anything differently at this point. We will continue to provide updates as necessary,” they said.

A good first step

Shutting off potentially affected systems can be a critical early step in incident management because by isolating compromised systems, attackers will find it significantly harder to move laterally through the target network in search of more critical infrastructure where they can cause more damage, such as data theft or encryption.

We have experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe Co-op spokesperson

It also gives the victim’s security teams and third-party responders – if involved – some wiggle room to analyse the impact, identify the cause of the incident, and start work on fixes without risking the attack spreading further.

Indeed, Co-op’s decision to pre-emptively disable access to affected systems has already won it praise from the cyber community.

“[This] swift action … reflects a mature, proactive incident response posture,” said Dray Agha, senior manager of security operations at Huntress. “Shutting down virtual desktops and limiting back-end functions, while disruptive, is often a necessary measure to contain threats before they escalate.”

Agha observed that the incident at Co-op, about which little else is currently known, aligned with a broader trend where attackers increasingly target retailers with initial access attempts before escalating to data theft or ransomware. This pattern appears to be at play in the M&S incident as well.

With two supermarkets now facing substantial disruption from cyber incidents, other exposed organisations, especially retailers, should be taking steps to plan and prepare for incidents, said Nick Dyer, cyber security expert at Arctic Wolf.

“Other retailers need to take stock and learn from both this and the M&S incident to apply them to their own cyber security incident response plans. Even as retailers like Co-op quickly recover from these kinds of attacks, cyber criminals are known to switch tactics, turning to data exfiltration and double extortion to increase leverage,” he said.

“What’s more, retail continues to face some of the highest initial ransomware demands out of any other industry. Preparing for these scenarios can allow retailers to better respond if they are targeted in the future, and mitigate the impact on their wider business.”

Source

Trump’s tariffs have rocked the US and global economies, and it’s still unclear if there’s anything to be gained from them. Tariffs are affecting the world economy and will likely continue to do so until the US strikes new deals with China and other markets hit by the tariffs.

The immediate result is higher prices for US consumers, whether it’s goods sold on Amazon, imports from Temu and Shein, or accessories for the upcoming Nintendo Switch 2. The Xbox is also getting more expensive, and Sony has announced PS5 price hikes in certain international markets.

I already expressed concern that the iPhone 17 series could see price increases, including the iPhone 17 Air. I said I might rethink my purchase plans if that happens.

Apple addressed tariffs during its earnings report for the March quarter. We learned that Apple expects to pay around $900 million in tariffs during the June quarter, a significant amount. While the company reported $95 billion in revenue for the March 2025 quarter, nearly $1 billion in extra taxes comes directly out of profits, which is clearly not ideal for Apple.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

Apple also assured investors and consumers that the iPhones imported into the US will come from India instead of China, implying prices shouldn’t change immediately.

Still, considering recent developments and the ongoing uncertainty around tariffs, I’m left wondering if Apple will raise iPhone prices to offset lost profits. I asked ChatGPT o3, one of OpenAI’s top models, to estimate how much Apple would need to raise iPhone prices to recover that $900 million in quarterly tariff costs.

iPhones and other Apple products currently aren’t subject to tariffs, according to CEO Tim Cook during the earnings call:

Also, for transparency and clarity, the vast majority of our products including iPhone, Mac, iPad, Apple Watch, and Vision Pro are currently not subject to the global reciprocal tariffs that were announced in April, as the Commerce Department has initiated a Section 232 investigation into imports of semiconductors, semiconductor manufacturing equipment, and downstream products that contain semiconductors.

So, the $900 million Apple referenced applies to other products. Cook also said this estimate assumes “the current global tariff rates, policies, and applications don’t change for the balance of the quarter.”

ChatGPT o3 uses reasoning to find out how many iPhones Apple sells each quarter. Image source: Chris Smith, BGR

So why even consider a price hike for the iPhone? For starters, the iPhone accounts for nearly half of Apple’s revenue. It’s Apple’s best-selling product and the one many smartphone buyers want most. Plus, most consumers go for the pricier Pro and Pro Max models. Some may not mind paying a bit more.

ChatGPT o3 reasoning iPhone 16 price hikes based on tariffs. Image source: Chris Smith, BGR

I also wanted to see how ChatGPT o3 would tackle the question, and how it would reason through it (see screenshots above).

The AI needed to estimate how many iPhones Apple sells each quarter and how many are sold in the US. Then, it had to figure out how much to raise the price to make up for the $900 million loss.

I gave the model two scenarios. First, I asked what a US-only price hike would look like. Many companies pass all or part of the tariff costs on to consumers, and Apple could do the same.

The iPhone price hike problem ChatGPT o3 had to solve. Image source: Chris Smith, BGR

Then I asked what would happen if Apple raised iPhone prices globally to recover the $900 million. That scenario would spread the cost more widely, resulting in a smaller increase per unit.

ChatGPT o3 got to work, spending over four minutes gathering data. It estimated that Apple sells about 55 million iPhones per quarter, with roughly 18 million going to US buyers. From there, it calculated how much Apple would need to raise prices.

The iPhone 16 price hike scenario for the US market. Image source: Chris Smith, BGR

ChatGPT came up with a $50 price hike for all iPhone models. I told it to use the iPhone 16 series for reference, since those are the current models of interest. Of course, Apple’s quarterly iPhone sales also include older devices, which would likely see the same price increase.

In that case, the $599 iPhone 16e would jump to $649.

If Apple spread the $900 million cost across all 55 million iPhones it sells worldwide, the price increase would drop to $16.36 per unit.

That would make the $599 iPhone 16e cost $615.36.

The iPhone 16 price hike scenario for the global market. Image source: Chris Smith, BGR

I realize my question doesn’t cover every variable. iPhone sales fluctuate from quarter to quarter, and exchange rates also influence prices in some regions. As for the $900 million figure, it could change. This latest phase of the US-China trade war is still evolving.

Apple could also spread the cost across all its products, not just the iPhone. That would reduce the iPhone-specific increase.

Finally, if Apple plans to raise prices, it might wait until new products launch. It makes more sense to introduce higher prices with the iPhone 17 than to increase iPhone 16 prices now.

For now, the good news is that the iPhone 17 lineup isn’t expected to see a price hike. Apple appears willing to absorb that $900 million tariff bill rather than pass it along to consumers. We’ll have a clearer picture as we approach the iPhone 17’s expected launch in mid-September.

Source

The widely accepted software-as-a-service (SaaS) delivery model contains significant flaws and is “quietly enabling cyber attackers”, introducing widespread vulnerabilities that could undermine the global economic system, according to a leading financial services chief information security officer (CISO).

In an open letter to third-party suppliers, JPMorgan Chase CISO Patrick Opet this week criticised software companies for making SaaS the default, and often the only, format in which software can now be delivered, trapping customers into relying on service providers and concentrating risk into these organisations.

He said that while this model can be efficient and innovative, it is now clear that it “magnifies the impact of any weakness … creating single points of failure with potentially catastrophic system-wide consequences”.

“At JPMorganChase, we’ve seen the warning signs first-hand. Over the past three years, our third-party providers experienced a number of incidents within their environments. These incidents across our supply chain required us to act swiftly and decisively, including isolating certain compromised providers and dedicating substantial resources to threat mitigation,” wrote Opet.

Although he did not point the finger at the suppliers involved in any of the many widespread supply chain incidents that have occurred in the past few years, Opet lamented that the problem seemed to be getting worse rather than better, with software suppliers failing on multiple other issues “intrinsic” to SaaS, such as not securing vulnerable authentication tokens, giving themselves privileged access to customer systems without appropriate consent or transparency, and inviting downstream fourth-party suppliers into their systems.

Automation and artificial intelligence (AI) are further compounding these problems, he added, and all of these weaknesses are well-known to adversaries, borne out by changes in tactics among Chinese threat actors, who increasingly favour targeting organisations with deep access into their customer bases.

Three-step plan

In his missive, Opet set out three core steps SaaS providers should be taking to address these issues before they become insurmountable.

He called on the industry to prioritise cyber during the design phase, building in or enabling security features by default; modernise security architectures to optimise SaaS integration in such a way that mitigates risk; and collaborate better to halt threat actor abuse of connected systems.

Mark Townsend, co-founder and chief technology officer at AcceleTrex, a startup specialising in tech marketing and referrals, said Opet’s letter spoke to wider frustrations among customers that IT suppliers are not doing enough to ensure the security of their products and services.

“The rush to stay ahead of the competition has led to several issues over the years. A balance needs to be made and demonstrated to the market,” said Townsend.

“When buying SaaS, you’re buying a system deployed by a vendor that you are trusting your data to. Many will provide an annual pen test report and demonstrate alignment with SOC2 and other standards, but as the author points out, a lot happens within these apps, and the infrastructure that enables them, over the course of a year.

“The security of these systems is fairly opaque and requires a bit more transparency between the vendor and the consumer as to how the data is secured.”

Townsend added: “You can’t be too prescriptive without giving the vendors an easy out. It inspires constructive conversations that I think are necessary and important to have.”

Reversec’s Donato Capitella and Nick Jones, principal consultant and head of research respectively, said Opet rightly highlighted critical challenges faced by the industry in regard to the adoption of SaaS, notably the concentration of risk in a few big providers and reduced visibility making proactive incident detection and response much harder for customers.

“At a practical level, there are two very common areas where SaaS applications fail to provide adequate security. The first is gating single sign-on functionality behind additional cost or the “enterprise” price plans, forcing users to make a trade-off between adequate identity security and cost,” they told Computer Weekly in emailed comments.

“The second is comprehensive, high-fidelity audit logging, which is often also gated behind expensive plans or add-ons, if available at all. These limitations hinder an organisation’s ability to prevent, detect and respond to attacks against their SaaS estate.”

Capitella and Jones added: “We hope that SaaS vendors see this open letter as a call to arms and work towards providing a hardened, secure-by-default experience to their consumers.”

Source

With so many leaks and reports about the iPhone 17, it almost feels like it’s time to move on to iPhone 18 leaks. Over the weekend, The Information shared several details about upcoming iPhone models, including the future iPhone 18 Pro.

It’s been known for a while that Apple plans to add under-display Face ID to the iPhone 18 Pro. While the company had to postpone this technology from the iPhone 17 Pro, it now seems everything is on track for a 2026 release.

Apple’s rumored approach is raising a few eyebrows. According to the report, the company plans to introduce under-display Face ID with the iPhone 18 Pro and iPhone 18 Pro Max but will still leave a small hole in the top-left corner of the screen for the front-facing camera, similar to Samsung’s Galaxy S10 lineup, just mirrored on the opposite side.

This could be a big shift in design, but it seems odd that Apple would move the front-facing camera to the top-left corner for one simple reason: the Dynamic Island functionality.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

In almost 20 years of iPhones, the only major feature Apple has removed from one generation to the next was 3D Touch (long gone, but never forgotten in our hearts). That said, after introducing Dynamic Island with the iPhone 14 Pro, it would be surprising for the company to eliminate it. It doesn’t seem likely that Apple would move Dynamic Island features to the top-left corner of the display.

Sure, the technology can change and the software can evolve. But after putting so much effort into adding Live Activities to the Dynamic Island and with developers embracing it, it doesn’t feel like the company is ready to abandon it.

In fact, I’d bet Apple would get rid of Camera Control before even thinking about ditching the Dynamic Island.

There are rumors that Apple plans to add a narrower Dynamic Island (and I’m all for it), but if the company is still including some kind of screen interference, whether it’s a hole-punch or something like the old notch, it should serve a purpose. In this case, Dynamic Island is a solid feature.

Wrap up

The Information‘s Wayne Ma is usually on point with his reports, and under-display Face ID is likely coming to the iPhone 18 Pro. Still, this might just be one of Apple’s prototypes for future iPhones. Even if the company doesn’t release a model like the one described, it doesn’t mean it hasn’t been tested.

With the iPhone 13, there was a rumor that Cupertino was still testing Touch ID. So, who knows?

Source

Connectivity now has an intrinsic place in the automobile industry, and while there is growing consumer willingness to pay for in-car digital subscriptions to take advantage of services such as predictive maintenance, safety features and autonomous driving, there are also increased consumer concerns regarding industry practices around data.

These sentiments were among the standout findings of research commissioned by software-defined vehicle (SDV) services firm Cubic3. The survey, Consumer and OEM attitudes to the software-defined vehicle, took the opinion of 8,000 participants in the US, UK, Germany and Japan, and 60 global original equipment manufacturer (OEM) executives. Two surveys were conducted concurrently to understand and compare automotive executive and consumer attitudes towards SDVs. OEM studies were conducted by Sapio Research between October and December 2024, and customer studies were conducted between September and October 2024.

The survey grouped digital services into three categories to reveal consumer willingness to pay for each, and the data is said to have shown a nuanced yet optimistic future for OEMs navigating a rapidly changing automotive landscape.

The study found a fundamental challenge for manufacturers was how to persuade and prove to drivers the benefits of paying for digital services, which constitute an integral part of SDVs, thereby turning this forecast into reality. The willingness to pay for digital services was seen to be increasing, particularly given the new generation of drivers that are digital natives and accustomed to connectivity.  

Overall, the study forecasts the SDV market will create over $650bn value potential by 2030. Automakers estimate drivers are willing to pay £8 a month for digital services, while drivers say it’s £5.82 – a 27% difference. However, in countries where car usage is higher, such as the US, the willingness to pay increases. UK respondents report they are willing to pay the least, at £4.89 a month. 

Nearly half (global: 51%; UK: 48%) of consumers are willing to pay for “vehicle-based services”, such as autonomous driving. Globally, 40% (UK: 42%) of consumers are willing to pay for “connected services”, such as video and music streaming; and 39% (UK 40%) are willing to pay for data services such as predictive maintenance. Over a quarter of global consumers and a fifth in the UK have paid for digital services for their vehicles, almost doubling (44%) for those in the global 18-24 age range. Only one in five consumers globally said they wouldn’t be willing to pay anything in monthly subscriptions.

OEMs were found to be closely monitoring potential targets by hackers, such as interfaces and application programming interfaces, digital sims, infotainment systems and telematics. All consumers showed concerns about industry practices around data, with half (global: 48%; UK: 46%) reporting they worry their car could be hacked.

Fortunately, OEMs hold automotive cyber security in high regard. Some 86% highlighted that cyber security of their digital services as important, and the same amount said connectivity was important for protecting vehicles throughout the vehicle’s whole lifecycle.

Going forward, the report suggested that automotive OEMs need to both monetise digital services and turn them into recurring revenue streams. Automakers saw predictive maintenance, enhanced safety features and autonomous driving as most likely to contribute the most to recurring revenue, and an industry opportunity is appearing for over-the-air updates to revolutionise consumer satisfaction, safety and convenience.

“Until recently, most consumers viewed buying a car as a ‘one-and-done’ affair,” said Cubic3 chief corporate officer David Kelly. “Although the concept of paying for in-car digital services is relatively new, we are already seeing significant adoption from consumers. It will take time for OEMs to persuade the public of the value of digital services, but it is encouraging to see younger drivers – so-called digital natives – happy to pay for these services.”

Source

According to a recent finding by a panel of five tribunal judges, the Investigatory Powers Tribunal (IPT) has no statutory powers to impose financial sanctions against government agencies. In practice, this means that the IPT, which primarily hears complaints about surveillance by law enforcement agencies and intelligence services, cannot impose sanctions against them should they not comply with IPT orders to disclose relevant evidence. 

This remarkable ruling follows an IPT finding that two police forces had unlawfully spied on two investigative journalists, Barry McCaffrey and Trevor Birney, who had investigated police corruption.

In particular, the tribunal found that the Police Service of Northern Ireland (PSNI) targeted McCaffrey and Birney, the producers of a 2017 film documentary No Stone Unturned, which exposed police collusion (by the Royal Ulster Constabulary – RUC) following the murder of six Catholics as they were watching the Republic of Ireland play in the 1994 World Cup on a pub television in the village of Loughinisland, County Down. In 2016, an Ombudsman report concluded that the RUC had protected informers by destroying evidence and failing to carry out a proper investigation.

As an independent public body that exercises judicial functions, the IPT was established in 2000. It occupies a unique role which is deemed to be vital in holding public authorities to account, particularly the security services, in their exercise of covert investigatory powers under the Regulation of Investigatory Powers Act 2000. Unlike most other courts and tribunals, the IPT has a UK-wide jurisdiction. It adopts a quasi-inquisitorial (rather than adversarial) process that includes the routine use of closed hearings. 

The IPT is part of the Home Office, although according to the gov.uk website, it operates entirely independently of ministers and Parliament. This recent judges’ ruling, concerning the tribunal’s inability to award costs against government bodies that fail to disclose evidence, raises significant questions about its ability to make decisions that are entirely independent from government.   

In recognising this deficiency, the tribunal have called for the Home Secretary to intervene in order to address the issue – either by introducing new appropriate rules or through the passing of primary legislation. Addressing the issue, the tribunal stated, “we do not regard the outcome as entirely satisfactory… the facts of the present case illustrate why it would be helpful at least in principle for this tribunal to have the power to award costs.”

It is therefore clear that the ITP has no capacity to penalise government agencies for their approach to disclosure by awarding costs – even if they have deliberately disobeyed the orders of the court. In the PSNI case, the tribunal confirmed that there were repeated failures to disclose crucial evidence, but simultaneously ruled that it had no power to award costs. This is a remarkable, almost farcical position: without the ability to impose financial sanctions, the IPT is effectively toothless.

So, what should happen next?

To prevent any further abuse of surveillance powers and the disclosure process, intervention by the Home Secretary is clearly necessary. Without any mechanism at their disposal to impose sanctions, it is imperative that new legislation or further powers are introduced quickly to ensure that the abuse of surveillance powers with impunity does not continue. 

More widely, the PSNI case has also raised significant and serious concerns about the integrity of our legal system. If the police and government agencies with powers to spy on individuals are effectively given free rein to deliberately withhold evidence, safe in the knowledge that they can walk away from court without sanction, then public confidence in the legal systems in place to regulate such powers will erode – very rapidly.

Source

Canadian businessman Thomas Herdman is awaiting trial in France for his alleged role in the distribution of modified smartphones installed with the Sky ECC app. 

The 63-year-old was arrested in June 2021, despite cooperating with US investigators over his involvement with the encrypted communications firm Sky ECC. He has spent 45 months in pre-trial detention since.

Computer Weekly spoke to Herdman’s daughter, Julie Kawai Herdman, 24, who says her father is innocent, citing inaccuracies in the evidence and flawed legal processes. 

“It’s been a tough four years in limbo, waiting endlessly to see what happens. I was really disappointed that his bail application failed,” she said. 

Herdman was the Sky ECC account manager for Vancouver-based startup LevUp Tech when Belgian and Dutch police infiltrated Sky ECC, then the world’s largest encrypted communications network with around 70,000 users. Authorities accessed over a billion messages exchanged between June 2019 and March 2021, Europol estimates.

The operation led to mass arrests of suspected criminals, drugs gangs and money laundering operations across France, Belgium and the Netherlands, and the conviction of corrupt government officials, judiciary and police in Montenegro. 

French prosecutors have indicted more than 30 individuals who owned or worked for four companies that distributed Sky ECC software. Sky Global’s founder and CEO, Jean-François Eap, is also named in the indictment. Herdman is the only individual in French custody.

The Sky ECC infiltration came during years of increasing tension between global law enforcement and providers of encrypted communication services, with companies such as Encrochat, Phantom Secure and Exclu being shut down by police.

Fascinated by blockchain

Before his involvement with Sky ECC, Herdman maintained a portfolio career, working for an oil field equipment manufacturer – run by Iranian-Canadian brothers – selling specialist engineering tools to Iran, alongside a handful of part-time tech roles.

According to Kawai Herdman, her father became fascinated with blockchain technology after reading about the work of Satoshi Nakamoto, who claims to have invented bitcoin.

“My father read Satoshi’s whitepaper in 2012, and saw financial freedom and privacy as a solution to the corruption underlying the 2008 financial crisis,” she said.

Herdman went on to study blockchain with the radical, artist-run group DCTRL Vancouver, whose members include technologists and developers in the city’s most prominent companies. He joined a firm named TGA Associates, developing chain analysis software for a Chinese veterinary project that used chips to detect farm animals’ vital statistics.

It was his role at TGA Associates that led him to cross paths with Sky Global’s Eap around February 2017.

“TGA was owned by former options trader Grant Persall, whose wife was the high school best friend of Jean’s fiancée,” explained Kawai Herdman.

In June 2017, Persall – who is also named on the French indictment – asked Herdman to launch his startup, LevUp Tech, to distribute Sky ECC software to resellers who would install it on smartphones.

Sky Global had 50 employees, including a communications team, an accounting department and a legal department. “It was hardly the appearance of a criminal organisation,” said Kawai Herdman.

By October of that year, the US had withdrawn from its nuclear agreement with Iran, ending cooperation between the two countries. Herdman’s business interests in selling completion equipment in the region came to an abrupt halt.

“My father figured he had nothing to lose by selling Sky’s software full-time,” said Kawai Herdman. “For my dad, like many tech guys, encryption was cool and exciting. But, sadly, he had no clue that danger was waiting, as global police were planning to spy on all the clients of these services.”

“For my dad, like many tech guys, encryption was cool and exciting. But, sadly, he had no clue that danger was waiting, as global police were planning to spy on all the clients of these services”

Julie Kawai Herdman

French prosecutors allege that Herdman oversaw 9,050 Sky ECC activations between June 2017 and September 2020, equivalent to 1.5% of the distribution.

Herdman worked long hours dealing with enquiries and tech support requests. He looked for business development opportunities among his international contacts, though – ironically – he had no resellers or users in France, where Sky ECC messages were routed through three servers and where he is now being prosecuted.

It seemed like a typical workplace call when, in June 2019, a “prospective client” contacted Sky Global, expressing interest in using Sky ECC. He was from the US, where the company had no distributors or resellers, so the enquiry was forwarded to Herdman, who emailed across a technical brochure.

“This guy, Oleg, requested a meeting in LA,” said Kawai Herdman. “It was strange, as everything was outlined in the brochure. But Grant was adamant that the US market was important, so my dad set up a meeting for October 2019.”

When Herdman met Oleg and his colleague, it became clear that they weren’t looking to become resellers. They simply wanted a few devices.

“My dad wasn’t keen on selling direct to users without a reseller for tech support, as the app often crashed, requiring specialist support,” said Kawai Herdman.

No business was done that day.

Oleg phoned Herdman in December 2019 to request three Sky ECC devices. At the time, Herdman was in Lisbon pitching an on-premise privacy solution to the Serbian Embassy, which was already testing 10 Sky ECC devices supplied by another distributor.

This distributor, also from Vancouver, joined Herdman at the meeting with the Serbian official in Lisbon.
 
“My father tried to talk Oleg out of the order. It was too much hassle to get three devices, load them and ship them to LA. But Oleg kept begging him.”

In the end, Persall sourced and paid for three iPhones, set them up and mailed them to California. Oleg paid in bitcoin.

Criminal investigation

Dutch and Belgian authorities infiltrated the Sky ECC network from 15 February 2021 to 9 March 2021, raiding 200 properties, arresting 48 people and seizing €1.2m in cash and 17 tonnes of cocaine.

On 12 March 2021, Herdman and Jean-François Eap were indicted – in the Southern District of California – under the RICO Act, which targets the “professional enablers” of organised crime. In the indictment, prosecutors argued that Herdman was a top Sky ECC executive and that he sold software to criminals.

“When he saw the indictment, my father guessed that the LA businessmen were undercover cops. He still didn’t think he did anything illegal though,” said Kawai Herdman. 

While my dad can only view the evidence against him in a secure part of the prison, after being strip-searched, 4,000 documents from his case were leaked to the media Julie Kawai Herdman

She said Herdman’s links to the Southern District of California, where he was indicted, were at best tenuous. “The only tie to Southern California was this meeting. He only made one sale in the US, and it was to those guys.”

Herdman cooperated with the US Department of Justice and San Diego prosecutors. He attended a three-day meeting in Madrid with defence lawyers – at a cost of over $100,000 to himself – and representatives from the US Marshals Office and Drug Enforcement Administration (DEA). 

US officials interrogated him about his involvement with Sky ECC. They confirmed his suspicions about the LA meeting. His sales pitch, where he claimed he was Eap’s “right-hand man”, had been audio-recorded and used as evidence.

“A vague conversation about my dad’s colleagues at well-known crypto exchanges was seen as an offer to help launder the proceeds of crime. US marshall John Shindledecker commented that every BTC [bitcoin] exchange is money laundering,” said Kawai Herdman.

In April 2021, Herdman was collaborating with US officials investigating Sky ECC. US prosecutor Meghan Heesch requested that Herdman relocate to Madrid to work with the DEA. They signed a proffer agreement stating that Herdman would provide information about Sky ECC, but it wouldn’t be used against him legally.

Herdman moved to the city. Yet in June 2021, Spanish police, acting on a French-European warrant, arrested him. He spent 14 days in Prisión de Estremera in Madrid, before being extradited to France and remanded in Maison d’arrêt de Fleury-Mérogis in Paris.

It wasn’t until 20 March 2025 that Herdman received an English copy of the evidence against him. “But the recording of this LA meeting – the main evidence against him – hasn’t been disclosed. Instead, the French cited a US letter stating that it exists,” said Kawai Herdman.

“While my dad can only view the evidence against him in a secure part of the prison, after being strip-searched, 4,000 documents from his case were leaked to the media.”

Serbian links

Organised Crime and Corruption Reporting Project (OCCRP) journalists revealed that Herdman was accused of using Miodrag Kostić, son of a late Serbian politician, as a reseller. Kostić was on the run in Spain, with partner Sanja Petkovic, after a 2010 bank robbery in Niš, Serbia. He was extradited to Serbia in 2020 and sentenced to five years in prison.

In January 2023, Serbian police, at the request of French prosecutors, searched the pair’s house in Niš and questioned Petkovic, asking her to give evidence against Herdman. She denied selling Sky ECC devices and refused to testify, while Kostić denied involvement when questioned three months later.

The couple remain uncharged.

Knowledge of criminality

In August 2017, WhatsApp messages between Herdman and Persall hinted that they knew that Sky ECC phones were used by criminals. Herdman complained about a competitor linked to “HA” – believed to be Hells Angels. He also mentioned “African mafia” clients and raised concerns that Serbian “gangs” could be tracked via IMEI.

“The mafia comment was a joke to describe some rude family friends,” said Kawai Herdman. “And it’s a bit of a stretch to say the Hells Angels are criminals. They’re a biker club. Harley-Davidson even did a brand partnership with them in the 1990s.”

She added: “Though OCCRP reported on the alleged conversation about Serbian gangs, prosecutors were unable to verify whether the messages were sent by my father, so they aren’t being used in the case against him.”

But for now, with the trial of Herdman and his co-defendants still pending, the case remains a contentious point in the global crackdown on encrypted communications.

Source

We’ve been able to translate foreign languages with relative ease long before generative AI products like ChatGPT did it for us. But genAI products like ChatGPT have helped companies enhance translation services across the board. It’s not just ChatGPT that can handle translation with ease. Competing models do it too. For example, Samsung made Live Translate a key feature of its Galaxy AI suite.

Google brought translation support to Circle to Search. More recently, Google’s NotebookLM model added support for dozens of new languages, allowing more users to access its podcast-style AI reports.

Translation services will keep improving. iOS 19 is rumored to bring live translation to AirPods, which would be a great new use for the wearables. But you don’t have to wait until later this year to try this kind of feature. BabelEar is a new iPhone app that already offers live in-ear translation in real time.

The app relies on ChatGPT to power translations, and it doesn’t collect any user data. That’s an important factor to consider when choosing AI-driven translation tools.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

BabelEar offers “instant In-Ear AI-powered translation,” letting you “hear near-zero latency, high-accuracy speech translation in over 100 languages and dialects.”

As shown in the screenshots, the app has a simple interface that lets you listen to people speaking in another language while the AI translates it live. The app also provides transcriptions, which can make following along easier.

BabelEar AI translation app. Image source: App Store

The App Privacy section notes that the app doesn’t collect any user data, which is rare for an AI app. Just compare that to how much data Meta AI tries to collect.

The developer has a more detailed privacy policy at this link, which outlines its data collection practices.

“At present, KapTable AI does not collect any usage data through this application,” the developer writes. “We will notify you of any changes to our data collection practices through app updates. Future versions may include optional analytics to improve the app’s functionality.”

The privacy policy also explains that “audio data is processed through OpenAI’s WebRTC service for real-time translation.”

So, can you get advanced AI-powered translation for free on your iPhone or Android via BabelEar? Not quite. There is no such thing as free when it comes to online services, especially AI. You will need access to OpenAI’s ChatGPT. Specifically, you need OpenAI API keys, which power the live in-ear translations.

As shown in the screenshots above, you must enter your API keys and then pay based on usage.

You only pay for the translations you perform with BabelEar through the ChatGPT API. For example, the default ChatGPT model, GPT-4o, costs $5 per 1 million tokens (input) and $20 per 1 million tokens (output) for text.

GPT-4o audio is more expensive, at $40 per 1 million input tokens and $80 per 1 million output tokens. You will likely use GPT-4o for translations, though the developer doesn’t specify the model.

These rates make translation relatively affordable. For instance, translating 10,000 words would cost under $2, according to a ChatGPT estimate. Again, you only pay for what you use.

Of course, you might not always need to use the BabelEar app. You may turn to other apps for translating written text or text in images, or use your regular AI subscription (if you have one) for audio translation. It doesn’t have to be ChatGPT. Most major AI tools can handle translation tasks.

When setting up your ChatGPT APIs, make sure to review your ChatGPT privacy settings to ensure your data is not used for training. By default, ChatGPT API data is not used to train OpenAI models.

You can download BabelEar at this link, with the app’s privacy policy available here. You will find your ChatGPT API keys on OpenAI’s website.

Source