Connect with us

Gadgets

Google says Google should do a better job of patching Android phones

Published

on

Google’s “Project Zero” team of security analysts wants to rid the world of zero-day security vulnerabilities, and that means it spends time calling out slacking companies on its blog. The group’s latest post is a bit of friendly fire aimed at the Android and Pixel teams, which Project Zero says aren’t dealing with bugs in the ARM GPU driver quickly enough.

In June, Project Zero researcher Maddie Stone detailed an in-the-wild exploit for the Pixel 6, where bugs in the ARM GPU driver could let a non-privileged user get write access to read-only memory. Another Project Zero researcher, Jann Horn, spent the next three weeks finding related vulnerabilities in the driver. The post says these bugs could allow “an attacker with native code execution in an app context [to] gain full access to the system, bypassing Android’s permissions model and allowing broad access to user data.”

Project Zero says it reported these issues to ARM “between June and July 2022” and that ARM fixed the issues “promptly” in July and August, issuing a security bulletin (CVE-2022-36449) and publishing fixed source code. But these actively exploited vulnerabilities haven’t been patched for users. The groups dropping the ball are apparently Google and various Android OEMs, as Project Zero says that months after ARM fixed the vulnerabilities, “all of our test devices which used Mali are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins.”

The affected ARM GPUs include a long list of the past three generations of ARM GPU architectures (Midgard, Bifrost, and Valhall), ranging from currently shipping devices to phones from 2016. ARM’s GPUs aren’t used by Qualcomm chips, but Google’s Tensor SoC uses ARM GPUs in the Pixel 6, 6a, and 7, and Samsung’s Exynos SoC uses ARM GPUs for its midrange phones and older international flagships like the Galaxy S21 (just not the Galaxy S22). Mediatek’s SoCs are all ARM GPU users, too, so we’re talking about millions of vulnerable Android phones from just about every Android OEM.

In response to the Project Zero blog post, Google told Engadget, “The fix provided by Arm is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks. Android OEM partners will be required to take the patch to comply with future SPL requirements.”

The Project Zero analysts end their blog post with some advice for their colleagues, saying, “Just as users are recommended to patch as quickly as they can once a release containing security updates is available, so the same applies to vendors and companies. Minimizing the ‘patch gap’ as a vendor in these scenarios is arguably more important, as end users (or other vendors downstream) are blocking on this action before they can receive the security benefits of the patch. Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible.”

Continue Reading

Gadgets

Google will soon default to blurring explicit image search results

Published

on

Enlarge / Google’s new “Blur” setting for SafeSearch will soon be the default, blurring explicit images unless you’re logged in and over 18.

Aurich Lawson

Google has debuted a new default SafeSearch setting, somewhere between “on” and “off,” that automatically blurs explicit images in search results for most people.

In a blog post timed to Safer Internet Day, Google outlined a number of measures it plans to implement to “protect democracies worldwide,” secure high-risk individuals, improve password management, and protect credit card numbers. Tucked into a series of small-to-medium announcements is a notable change to search results, Google’s second core product after advertising.

A new setting, rolling out “in the coming months,” “will blur explicit imagery if it appears in Search results when SafeSearch filtering isn’t turned on,” writes Google’s Jen Fitzpatrick, senior vice president of Core Systems & Experiences. “This setting will be the new default for people who don’t already have the SafeSearch filter turned on, with the option to adjust settings at any time.”

Google’s explanatory image (seen above) shows someone logged in and searching for images of “Injury.” A notice shows that “Google turned on SafeSearch blurring,” which “blurs explicit images in your search results.” One of the example image results—”Dismounted Complex Blast Injury (DCBI)” from ResearchGate—is indeed quite explicit, as far as human viscera and musculature goes. Google provides one last check if you click on that blurred image: “This image may contain explicit content. SafeSearch blurring is on.”

Explicit images, such as the "blast injury" shown in Google's example, will be blurred by default in Google search images, unless a user is over 18, signs in, and turns it off.
Enlarge / Explicit images, such as the “blast injury” shown in Google’s example, will be blurred by default in Google search images, unless a user is over 18, signs in, and turns it off.

If you click “View image,” you see life’s frail nature. If you click “Manage setting,” you can choose between three settings: Filter (where explicit results don’t show up at all), Blur (where both blurring and are-you-sure clicks occur), and Off (where you see “all relevant results, even if they’re explicit”).

Signed-in users under the age of 18 automatically have SafeSearch enabled, blocking content including “pornography, violence, and gore.” With this change, Google will automatically be blurring explicit content for everybody using Google who doesn’t log in, stay logged in, and specifically ask to show it instead. It’s a way to prevent children from getting access to explicit images, but also, notably, a means of ensuring people are logged in to Google if they’re looking for something… very specific. An incognito window, it seems, just won’t do.

Google turned on SafeSearch as its default for under-18 users in August 2021, having been pressured by Congress to better protect children across its services, including search and YouTube.

Continue Reading

Gadgets

OnePlus takes on the iPad with the OnePlus Pad

Published

on

Android tablets are on their way back, and one of Android’s biggest manufacturers (we’re talking about OnePlus parent company BBK) is bringing an Android tablet to the US for the first time. Say hello to the OnePlus Pad, an 11.61-inch tablet with an optional keyboard and stylus. We don’t know how much it costs, so don’t ask. There’s also no hard release date, but preorders start in April.

What we do know are the specs. The 11.61-inch display is a 144 Hz LCD, with a resolution of 2800×2000. That’s an aspect ratio of 7:5, or a bit wider than a 4:3 display, which OnePlus claims is a “book-like” aspect ratio. The SoC is a MediaTek Dimensity 9000. That’s a rarity in the US, but it’s basically a generic ARM design for 2022 flagship phones, with one 3.05 GHz ARM Cortex X2 CPU, three A710 CPUs, and four A510 CPUs. It’s a 4 nm chip with an ARM Mali-G710 MC10. You also get 8GB of RAM (there’s an option for 12GB), 128GB of UFS 3.1 storage, and a 9510 mAh battery. This is not in the super-flagship tablet territory and should (hopefully) come with an affordable price tag.

As always, OnePlus’ trademark quick-charging is here, and it’s 67 W. On a tiny phone battery, that kind of charging will usually take a phone from 0-100 in around a half hour, but with a big tablet battery, a full charge still takes “just over 60 minutes.” In the fine print, OnePlus actually gives a warning against any repair attempts, saying, “The battery has been especially encrypted for safety purposes. Please go to an official OnePlus service center to repair your battery or get a genuine replacement battery.” I’ve never heard of a battery being “encrypted” before, but I think they mean there is a serial number check in the firmware somewhere and that it will presumably refuse to work if you replace it. As for the possibility of an “official OnePlus service center” actually existing, there is a business finder on the OnePlus India website, but not one in the US, so it’s looking like mail-in service only.

The tablet is made up of an aluminum unibody that weighs 555 g. The sides are rounded over, which should make it feel comfortable to hold. It comes with four speakers, a USB-C port on the right side, and a set of three pogo pins on the bottom for the keyboard. The back has a circular camera bump that makes it look like a close cousin of the OnePlus 11, and it holds a single 13 MP camera. We also hope you like green, because that appears to be the only color.

There’s no fingerprint sensor at all. There is a cutout that looks like it might be a fingerprint sensor, but we guess that’s just a radio signal window. There’s also no GPS listed on the spec sheet. We know next to nothing about the “OnePlus Magnetic Keyboard” and “OnePlus Stylo” pen. The keyboard has a small trackpad that supports swiping. The pen has a 2 ms response time, which sounds pretty good. That’s about it. Presumably we’ll know more in April.

Listing image by OnePlus

Continue Reading

Gadgets

Report: Sonos’ next flagship speaker will be the spatial audio-focused Era 300

Published

on

Enlarge / Sonos One smart speaker.

Sonos will release a new flagship speaker “in the coming months,” according to a report Monday from The Verge. The publication said this will be called the Era 300 and that Sonos is prioritizing the device’s spatial audio capabilities.

The Verge claimed that Sonos is aiming for the Era 300 to be its most accurate speaker yet. It pointed to a heightened focus on making Dolby Atmos content shine, as well as improving music using spatial audio. According to The Verge, the Era 300 will be a “multidirectional speaker built to get the most from spatial audio” by way of a “completely re-architected acoustic design.”

We don’t have deeper details, like specs or pricing. However, Wi-Fi 6 and a USB-C port are apparently “likely,” and Bluetooth support is also possible. According to The Verge, Sonos has at least looked into including all these features on the Era 300.

The Verge first started reporting about the Era 300, codenamed Optimo 2, in August. This week, it identified more evidence of the speaker’s development in the form of two recent documents from TV mount-maker Sanus that name the Era 300.

In August, The Verge, citing “early, work-in-progress images” it reportedly viewed, said that Sonos’ upcoming flagship speaker would include “an arsenal of drivers, including several that fire in different directions from beneath the shell between the front speaker grille and backplate.” It also suggested a more beefed-up product, with twice the RAM and eight times the flash memory as the highest-specced Sonos speaker today.

The Verge also claimed this week that Sonos is working on a lower-priced Era 100, suggesting that it could include Dolby Atmos support and serve as a follow-up to the Sonos One, which has a $179 MSRP as of writing.

Should the Era 300 truly debut soon, it will face competition from Apple’s recent $299, full-sized HomePod revival, which supports spatial audio with Dolby Atmos with Apple apps and Apple TV 4K. Besides superior audio quality, a new Sonos flagship could score points with shoppers by playing better with non-Apple devices, such as by including Bluetooth and by besting the Apple speaker’s Wi-Fi 4 support.

Continue Reading

Trending