Connect with us

Biz & IT

The top smartphone trends to watch in 2019

Published

on

This was a bad year for the smartphone. For the first time, its seemingly unstoppable growth began to slow.

Things started off on a bad note in February, when Gartner recorded its first year-over-year decline since it began tracking the category. Not even the mighty Apple was immune from the trend. Last week, stocks took a hit as influential analyst Ming-Chi Kuo downgraded sales expectations for 2019.

People simply aren’t upgrading as fast as they used to. This is due in part to the fact that flagship phones are pretty good across the board. Manufacturers have painted themselves into a corner as they’ve battled it out over specs. There just aren’t as many compelling reasons to continually upgrade.

Of course, that’s not going to stop them from trying. Along with the standard upgrades to things like cameras, you can expect some radical rethinks of smartphone form factors, along with the first few pushes into 5G in the next calendar year.

If we’re lucky, there will be a few surprises along the way as well, but the following trends all look like no-brainers for 2019.

5G

GUANGZHOU, CHINA – DECEMBER 06: Attendees look at 5G mobile phones at the Qualcomm stand during China Mobile Global Partner Conference 2018 at Poly World Trade Center Exhibition Hall on December 6, 2018 in Guangzhou, Guangdong Province of China. The three-day conference opened on Thursday, with the theme of 5G network. (Photo by VCG/VCG via Getty Images)

Let’s get this one out of the way, shall we? It’s a bit tricky — after all, plenty of publications are going to claim 2019 as “The Year of 5G,” but they’re all jumping the gun. It’s true that we’re going to see the first wave of 5G handsets appearing next year.

OnePlus and LG have committed to a handset and Samsung, being Samsung, has since committed to two. We’ve also seen promises of a Verizon 5G MiFi and whatever the hell this thing is from HTC and Sprint.

Others, most notably Apple, are absent from the list. The company is not expected to release a 5G handset until 2020. While that’s going to put it behind the curve, the truth of the matter is that 5G will arrive into this world as a marketing gimmick. When it does fully roll out, 5G has the potential to be a great, gaming-changing technology for smartphones and beyond. And while carriers have promised to begin rolling out the technology in the States early next year (AT&T even got a jump start), the fact of the matter is that your handset will likely spend a lot more time using 4G.

That is to say, until 5G becomes more ubiquitous, you’re going to be paying a hefty premium for a feature you barely use. Of course, that’s not going to stop hardware makers, component manufacturers and their carrier partners from rushing these devices to market as quickly as possible. Just be aware of your chosen carrier’s coverage map before shelling out that extra cash.

Foldables

We’ve already seen two — well, one-and-a-half, really. And you can be sure we’ll see even more as smartphone manufacturers scramble to figure out the next big thing. After years of waiting, we’ve been pretty unimpressed with the foldable smartphone we’ve seen so far.

The Royole is fascinating, but its execution leaves something to be desired. Samsung’s prototype, meanwhile, is just that. The company made it the centerpiece of its recent developer conference, but didn’t really step out of the shadows with the product — almost certainly because they’re not ready to show off the full product.

Now that the long-promised technology is ready in consumer form, it’s a safe bet we’ll be seeing a number of companies exploring the form factor. That will no doubt be helped along by the fact that Google partnered with Samsung to create a version of Android tailored to the form factor — similar to its embrace of the top notch with Android Pie.

Of course, like 5G, these designs are going to come at a major premium. Once the initial novelty has worn off, the hardest task of all will be convincing consumers they need one in their life.

Pinholes

Bezels be damned. For better or worse, the notch has been a mainstay of flagship smartphones. Practically everyone (save for Samsung) has embraced the cutout in an attempt to go edge to edge. Even Google made it a part of Android (while giving the world a notch you can see from space with the Pixel 3 XL).

We’ve already seen (and will continue to see) a number of clever workarounds like Oppo’s pop-up. The pin hole/hole punch design found on the Huawei Nova 4 seems like a more reasonable route for a majority of camera manufacturers.

Embedded Fingerprint Readers

The flip side of the race to infinite displays is what to do with the fingerprint reader. Some moved it to the rear, while others, like Apple, did away with it in favor of face scanning. Of course, for those unable to register a full 3D face scan, that tech is pretty easy to spoof. For that reason, fingerprint scanners aren’t going away any time soon.

OnePlus’ 6T was among the first to bring the in-display fingerprint scanner to market, and it works like a charm. Here’s how the tech works (quoting from my own writeup from a few months ago):

When the screen is locked, a fingerprint icon pops up, showing you where to press. When the finger is in the right spot, the AMOLED display flashes a bright light to capture a scan of the surface from the reflected light. The company says it takes around a third of a second, though in my own testing, that number was closer to one second or sometimes longer as I negotiated my thumb into the right spot.

Samsung’s S10 is expected to bring that technology when it arrives around the February time frame, and I wouldn’t be surprised to see a lot of other manufacturers follow suit.

Cameras, cameras, cameras (also, cameras)

What’s the reasonable limit for rear-facing cameras? Two? Three? What about the five cameras on that leaked Nokia from a few months back? When does it stop being a phone back and start being a camera front? These are the sorts of existential crises we’ll have to grapple with as manufacturers continue to attempt differentiation through imagining.

Smartphone cameras are pretty good across the board these days, so one of the simple solutions has been simply adding more to the equation. LG’s latest offers a pretty reasonable example of how this will play out for many. The V40 ThinQ has two front and three rear-facing cameras. The three on the back are standard, super wide-angle and 2x optical zoom, offering a way to capture different types of images when a smartphone camera isn’t really capable of that kind of optical zoom in a thin form factor.

On the flip side, companies will also be investing a fair deal in software to help bring better shots to existing components. Apple and Google both demonstrated how a little AI and ML can go a long way toward improving image capture on their last handsets. Expect much of that to be focused on ultra-low light and zoom.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Pipeline attacker Darkside suddenly goes dark—here’s what we know

Published

on

Darkside—the ransomware group that disrupted gasoline distribution across a wide swath of the US this week—has gone dark, leaving it unclear if the group is ceasing, suspending, or altering its operations or is simply orchestrating an exit scam.

On Thursday, all eight of the dark web sites Darkside used to communicate with the public went down, and they remain down as of publication time. Overnight, a post attributed to Darkside claimed, without providing any evidence, that the group’s website and content distribution infrastructure had been seized by law enforcement, along with the cryptocurrency it had received from victims.

The dog ate our funds

“At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked,” the post stated, according to a translation of the Russian-language post published Friday by security firm Intel471. “The hosting support service doesn’t provide any information except ‘at the request of law enforcement authorities.’ In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.”

If true, the seizures would represent a big coup for law enforcement. According to newly released figures from cryptocurrency tracking firm Chainalysis, Darkside netted at least $60 million in its first seven months, with $46 million of it coming in the first three months of this year.

Identifying a Tor hidden service would also be a huge score, since it likely would mean that either the group made a major configuration error in setting the service up or law enforcement knows of a serious vulnerability in the way the dark web works. (Intel471 analysts say that some of Darkside’s infrastructure is public-facing—meaning the regular Internet—so malware can connect to it.)

But so far, there’s no evidence to publicly corroborate these extraordinary claims. Typically, when law enforcement from the US and Western European countries seize a website, they post a notice on the site’s front page that discloses the seizure. Below is an example of what people saw after trying to visit the site for the Netwalker group after the site was taken down:

So far, none of the Darkside sites display such a notice. Instead, most of them time out or show blank screens.

What’s even more doubtful is the claim that the group’s considerable cryptocurrency holdings have been taken. People who are experienced in using digital currency know not to store it in “hot wallets,” which are digital vaults connected to the Internet. Because hot wallets contain the private keys needed to transfer funds to new accounts, they’re vulnerable to hacks and the types of seizures claimed in the post.

For law enforcement to confiscate the digital currency, Darkside operators likely would have had to store it in a hot wallet, and the currency exchange used by Darkside would have had to cooperate with the law enforcement agency or been hacked.

It’s also feasible that close tracking by an organization like Chainalysis identified wallets that received funds from Darkside, and law enforcement subsequently confiscated the holdings. Such analyses take time, however.

Nonsense, hype, and noise.

Darkside’s post came as a prominent criminal underground forum called XSS announced that it was banning all ransomware activities, a major about-face from the past. The site was previously a significant resource for the ransomware groups REvil, Babuk, Darkside, LockBit, and Nefilim to recruit affiliates, who use the malware to infect victims and in exchange share a cut of the revenue generated. A few hours later, all Darkside posts made to XSS had come down.

In a Friday morning post, security firm Flashpoint wrote:

According to the administrator of XSS, the decision is partially based on ideological differences between the forum and ransomware operators. Furthermore, the media attention from high-profile incidents has resulted in a “critical mass of nonsense, hype, and noise.” The XSS statement offers some reasons for its decision, particularly that ransomware collectives and their accompanying attacks are generating “too much PR” and heightening the geopolitical and law enforcement risks to a “hazard[ous] level.”

The admin of XSS also claimed that when “Peskov [the Press Secretary for the President of Russia, Vladimir Putin] is forced to make excuses in front of our overseas ‘friends’—this is a bit too much.” They hyperlinked an article on the Russian News website Kommersant entitled “Russia has nothing to do with hacking attacks on a pipeline in the United States” as the basis for these claims.

Within hours, two other underground forums—Exploit and Raid Forums—had also banned ransomware-related posts, according to images circulating on Twitter.

REvil, meanwhile, said it was banning the use of its software against health care, educational, and governmental organizations, The Record reported.

Ransomware at a crossroads

The moves by XSS and REvil pose a major short-term disruption of the ransomware ecosystem since they remove a key recruiting tool and source of revenue. Long-term effects are less clear.

“In the long run, it’s hard to believe the ransomware ecosystem will completely fade out, given that operators are financially motivated and the schemes employed have been effective,” Intel471 analysts said in an email. They said it was more likely that ransomware groups will “go private,” meaning they will no longer publicly recruit affiliates on public forums, or will unwind their current operations and rebrand under a new name.

Ransomware groups could also alter their current practice of encrypting data so it’s unusable by the victim while also downloading the data and threatening to make it public. This double-extortion method aims to increase the pressure on victims to pay. The Babuk ransomware group recently started phasing out its use of malware that encrypts data while maintaining its blog that names and shames victims and publishes their data.

“This approach allows the ransomware operators to reap the benefits of a blackmail extortion event without having to deal with the public fallout of disrupting the business continuity of a hospital or critical infrastructure,” the Intel471 analysts wrote in the email.

For now, the only evidence that Darkside’s infrastructure and cryptocurrency have been seized is the words of admitted criminals, hardly enough to consider confirmation.

“I could be wrong, but I suspect this is simply an exit scam,” Brett Callow, a threat analyst with security firm Emsisoft told Ars. “Darkside get to sail off into the sunset—or, more likely rebrand—without needing to share the ill-gotten gains with their partners in crime.”

Continue Reading

Biz & IT

Ireland’s healthcare system taken down after ransomware attack

Published

on

Enlarge / St. Vincent’s University Hospital in Dublin, Ireland.

Bloomberg | Getty Images

Ireland has shut down most of the major IT systems running its national healthcare service, leaving doctors unable to access patient records and people unsure of whether they should show up for appointments, following a “very sophisticated” ransomware attack.

Paul Reid, chief executive of Ireland’s Health Service Executive, told a morning radio show that the decision to shut down the systems was a “precautionary” measure after a cyber attack that impacted national and local systems “involved in all of our core services.”

Some elements of the Irish health service remain operational, such as clinical systems and its Covid-19 vaccination program, which is powered by separate infrastructure. Covid tests already booked are also going ahead.

However the system for processing referrals from GPs and of close contacts is down, the HSE tweeted, adding that those in need of testing should go to walk-in centers which would prioritize symptomatic cases.

“This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the @AmbulanceNAS [National Ambulance Service],” health minister Stephen Donnelly wrote on Twitter.

No group has yet claimed responsibility for the attack, though Reid said on Friday morning that it involved “Conti, human-operated ransomware”, referring to the type of software used. He added that the HSE had not yet been served with a ransom demand.

“We are at the very early stages of fully understanding the threat, the impact and trying to contain it,” he said, adding that it was receiving assistance from the Irish police force, defence forces and third-party cyber support teams.

The master of Dublin’s Rotunda Maternity Hospital said it was advising patients who were less than 36 weeks pregnant not to present for appointments on Friday. In a statement, Cork University Hospital said patients should present for outpatient appointments, chemotherapy and surgery “unless you are contacted to cancel,” but that X-ray and radiotherapy appointments for Friday were cancelled.

Professor Donal O’Shea, consultant endocrinologist at St Vincent’s Hospital in Dublin, told RTE radio that there could be implications for patient care. “Clinical systems haven’t been targeted, but if you can’t access your computer, then getting results is impossible…  so before long, there are going to be clinical implications,” he said. In its statement, Cork University Hospital said “only emergency bloods” would be processed at this time.

Reid said that patients nationally “should still come forward until they hear something different” and that an update should be available later on Friday. A spokeswoman for the HSE was unable to provide a further update on patient care by mid-morning. “We apologize for the inconvenience to the public and will give further information as it becomes available,” she added.

Healthcare workers told the FT they were told to turn off their laptops, leaving staff at home offline and those working in hospitals reverting to pen and paper to manage patients’ information.

In a statement on its website, Ireland’s child and family agency Tusla said that its emails, internal systems and portal for child protection referrals was also offline because it was hosted by the HSE’s network.

The attack comes as actions by cyber criminals to disrupt public services have increased during the pandemic. Earlier this month, hackers believed to be from eastern Europe breached the IT systems of the Colonial Pipeline, a major fuel conduit that supplies much of the eastern US.

“Opportunistic cyber attackers targeting flooded healthcare organizations has been a common theme throughout the course of the pandemic,” said Charlie Smith, consulting solutions engineer at Barracuda Networks. “These scammers are aware of the huge significance of health services’ IT systems at this time, and so will stop at nothing to disrupt said systems or steal valuable data in exchange for ransom.”

© 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Biz & IT

Biden signs executive order to strengthen US cybersecurity

Published

on

Joe Biden signed an executive order on Wednesday in an attempt to bolster US cybersecurity defenses, after a number of devastating hacks including the Colonial pipeline attack revealed vulnerabilities across business and government.

“Recent cybersecurity incidents… are a sobering reminder that US public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals,” the White House said.

Under the order, federal agencies will be required to introduce multi-factor authentication to their systems and encrypt all data within six months in a bid to make it harder for hackers to penetrate their IT infrastructure.

The order also requires IT providers that contract with the government to meet higher security requirements and report to them if their systems have been breached. There would be strict timelines for disclosure on a sliding scale based on the severity of the incident, a senior administration official said.

A pilot of a new star rating system for software sold to the government will also be launched, so that the officials and the public can judge how secure it is.

The measures come in the wake of the SolarWinds hack, in which Russian hackers hijacked American-made software to conduct espionage campaigns that targeted dozens of businesses, plus agencies including the US commerce and Treasury departments.

Earlier this year, it emerged that Chinese state-backed hackers had also been conducting stealthy attacks on multiple targets by exploiting recently disclosed vulnerabilities in Microsoft software.

The order also comes after a ransomware attack by a group of cyber criminals crippled a key East Coast pipeline run by Colonial on May 7, causing a run on petrol and fuel shortages. The 5,500-mile pipeline system resumed operations on Wednesday.

“These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents,” the White House said.

In an effort to streamline government cyber defenses, the order seeks to introduce a “playbook” for how government agencies should respond to incidents, and improvements in logging and information-sharing following breaches.

It also sets up a private-public sector board, to be named the Cybersecurity Safety Review Board, tasked with analyzing large cyber incidents after they have occurred and making recommendations to prevent them happening again.

The board, which is modeled on the National Transportation Safety Board that investigates airplane and train crashes, would first be tasked with reviewing the SolarWinds hack, the senior administrative official said.

© 2021 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Trending