Ah, WhatsApp! A staple of modern communication and an app that everyone — business or person — can take advantage of. The Meta-owned company has been on an intense update roll in the past months, but it seems like there is no end goal here.
With WhatsApp, it appears as if the aim itself is to offer continuous improvement of the service itself. And no wonder! It’s not like competitors don’t exist and each has their own fans that may have joined for specific needs. So what can one do in that sort of situation?
Why, copy a page of their book, of course! Voice chat is not a new concept at all, but is one that has grown ever popular thanks to services like Discord. As such, it only makes sense for a similar feature to become implemented in WhatsApp too.
Truth be told, this is not set in stone. The entire story stems from a discovery, made by WABetaInfo, whose team has yet again decompiled the latest WhatsApp beta version in search of hidden features. And in the code for the app, traces and UI elements hinting at a voice chat feature have been uncovered.
A screenshot of the voice chat feature as presented by WABetaInfo.
So how is this different from regular calls or voice messages? Well, voice chat basically allows you to drop in and out of a conversation through the tap of a button — in WhatsApp’s case, in the shape of a waveform and located on the top right. So basically, it’s like a group call, but without having to actually call or have the other party pick up. You just dive in to talk with anyone already on the voice chat and in some cases, the text-chat remains active too. Pretty neat, right?
Presumably, once you’ve joined a group chat, others will get a notification that someone has gone “live”, so that they can follow suit and join the conversation. Otherwise you may end up hanging around all on your lonesome for a while.
From the shared screenshots, we can see that the UI up top extends quite a bit while the voice chat is active, so the WhatsApp devs may intend for something to go up there. A live transcription or a simple waveform maybe?
It looks like the feature is still under development though, so we don’t have any concrete confirmation about when it may see roll out. If you are eager to be among the first users to try it out, you should consider joining the beta group, as it’s highly likely that those users will get to experience new features ahead of release.
ENISA released a report tackling the threat landscape of the transportation industry. And it has foreseen the targeting of OT systems in the future.
ENISA (the European Union Agency for Cybersecurity) has reason to believe that ransomware gangs will begin targeting transportation operational technology (OT) systems in the foreseeable future. This finding is further explored in the agency’s 50-page report entitled ENISA Threat Landscape: Transport Sector.
The transportation sector, which comprises the aviation, maritime, railway, and road industries, is a subgroup under the industrial sector, according to the Global Industry Classification Standard (GICS). It doesn’t only deal with the movement of people but also of products. An OT system ensures transport services are safe, reliable, and available.
An OT system refers to the hardware and software directly involved in detecting, monitoring, and controlling processes and equipment. It interfaces with the physical world and is often part of a nation’s critical infrastructure. Examples are Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS). These systems have been targeted and attacked by the WannaCry, Stuxnet, and Triton malware, respectively.
ENISA says the three dominant threats to the transportation sector are ransomware (38 percent), data-related threats (30 percent), and malware (17 percent). However, each subgroup has reported experiencing other attack types than ransomware.
The aviation industry, for example, has dealt with more data-related threats than others. Airline customer data and proprietary information of original equipment manufacturers (OEM)—companies that provide parts for another company’s finished product—are the primary targets of attackers in this subgroup.
ENISA notes that most threat actors target IT systems, which can cause operational disruption. However, reports of OT being targeted have been rare. The agency believes this will change soon because of many factors, including ongoing digitization efforts within the industry that increase IT and OT connectivity, the high probability of companies paying ransom demands to avoid critical business and social impacts, and the increasing number of identified vulnerabilities within OT environments.
The report also listed a number of observed cyberattack trends, such as the following, within the transportation industry:
Ransomware attacking industries within the transport sector has been on an uptick.
Fifty-four percent of the time, cybercriminals are responsible for attacks against the sector and its subgroups.
Hacktivist and DDoS (distributed denial of service) attacks will likely continue due to geopolitical tensions and ideological motives.
Hacktivists in the EU primarily targeted airports, railways, and transport authorities.
The top motivators for attacking the transport industry are financial gain (38 percent) and operational disruption (20 percent).
From the report:
“The transport sector is considered a lucrative business for cybercriminals, with customer data considered a commodity and with highly valuable proprietary information when transport supply chain is being targeted.” …
“While we have not observed notable attacks on global positioning systems [emphasis theirs], the potential effect of this type of threat to the transport sector remains a concern. Jamming and spoofing of geolocation data could affect their availability and integrity, affecting transport sector operations. This type of attack requires further analysis in the future.”
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
WhatsApp is an extremely popular messaging app, and that doesn’t only apply to text-based communication. People use the Meta-owned app for voice communication as well. According to WABInfo (via Android Police), it looks like WhatsApp is working on a new Open Audio Chat feature, and we don’t know what it is.
For starters, you’ll want to take this news with a grain of salt. WABInfo was able to dig into the beta version of the app (version 2.23.7.12) and activate the UI for this mysterious feature. Thus, the company could take the feature away or change it at any time. We’re not sure when/if WhatsApp plans on pushing this feature to the final build of the app.
WhatsApp is working on an Open Audio Chat feature
Right now, we don’t know what this feature could be used for, but the name could give us a hint. First off, in the screenshot below, we see a minor change in the UI. Typically, at the top of the group chat UI, you’ll see a phone icon next to the camera icon. This would start a group audio call. However, with the new UI, the phone icon was changed to a waveform icon.
Also, when you tap on that option, instead of jumping right to the call, you’ll see a dropdown menu with the Group call option and a new button. It says Open audio chat. At this point, we don’t know what this could be, but there’s speculation that it could allow anyone to join the conversation whether they’re in the group or not.
If this is the case, then it could resemble something like what we see with Twitter Space and Clubhouse. Maybe the people who are in the group could be the hosts of the conversation, and visitors could just listen. We wouldn’t be surprised if the company did something like this.
Several companies jumped on the Clubhouse train when it was the new thing. Facebook, Twitter, Discord, and Amazon are some examples (while Amazon didn’t launch a product yet). Only time will tell if this is what the company is planning on doing.
Are you in the market for a new phone, and want to get an iPhone? Well the good news is, there’s an iPhone for virtually every budget. And no, we’re not talking about renewed or used models. In fact our list here does not have a single used or renewed model. These are all new.
Today, we’re rounding up the best iPhones you can buy in 2023. This will include the iPhone 14 series, iPhone 13 series and even the iPhone SE. So without further ado, here’s the best iPhones you can buy in 2023.
Best iPhone to buy in 2023
Below, you’ll find links to all of the iPhones that are worth buying in 2023.
The regular iPhone 14 Pro is currently our pick for the best iPhone, because it has all of the “pro” features, without having a huge display and a lot of weight like the Pro Max. Not to mention, it is $100 less than the Pro Max.
With the iPhone 14 Pro you’re getting a 6.1-inch 120Hz display using ProMotion, along with the Dynamic Island. It also has the newest chipset from Apple, the A16 Bionic. That’s paired with 6GB of RAM. That might sound like not a lot of RAM, but remember that iOS is a lot more optimized than Android, since it runs on a handful of phones versus, thousands of phones.
It launched in September 2022, and it’ll likely get updated for at least 5 years or more.
Best big iPhone
Apple iPhone 14 Pro Max
Our choice for the best “big” iPhone is likely not a surprise. Though some might think we would go with the Plus over the Pro Max. But the upgrades on the Pro Max are to big to skip out on. The iPhone 14 Pro Max has all of the same features as the iPhone 14 Pro listed above, with the major difference here being that it has a larger 6.7-inch display. And therefore a larger battery.
The biggest reason to get the iPhone 14 Pro Max, or really any Pro Max iPhone is the battery life. I actually used the iPhone 13 Pro Max for a year, and legit I was only charging it every two to three days. And that was with heavy use too. So definitely a good option if you use your phone a lot.
Best iPhone for most people
Apple iPhone 14
The iPhone 14 is the best iPhone for most people. It does skip out on some “pro” features like the telephoto camera, as well as the ProMotion display. But keep in mind that this display is still very smooth. It doesn’t have the Dynamic Island either, which take that as you will.
With the iPhone 14, you’re getting a lot of the flagship features, in a $799 price tag. Which is not bad at all. It also comes in a ton of colors, including the new yellow that Apple introduced for the Spring.
Best value iPhone for under $700
Apple iPhone 13
Most of the time, we would not recommend the previous year’s iPhone right below the current model. But this year, Apple did very little to upgrade the iPhone 13 to the iPhone 14. It even has the same chipset. So for $100 less, you can get basically the same phone, but in some different colors.
If you’re worried about updates, don’t. Apple does really well with updates. In fact, it updated the iPhone 6S and 6S Plus for over 6 years before it finally gave up on it. So you’ll get plenty of updates with this phone.
Best iPhone with Touch ID
Apple iPhone SE (3rd Gen)
Apple really does offer an iPhone for every budget, including this iPhone SE (3rd Gen). This is the latest iPhone SE from the company, which does include 5G support. So that’s good to see. But because of that, the battery is not so great.
This is basically the iPhone 13, in an older iPhone body, complete with Touch ID. So if you’re not a fan of the Face ID for unlocking your device, you do get the fingerprint sensor back on the iPhone SE. It’s fairly cheap, but starting at 64GB should be a crime in 2023.
Best small iPhone
Apple iPhone 13 Mini
Now if you’re someone that wants a small iPhone, the iPhone 13 Mini is the one for you. This one comes with a 5.4-inch display, which is almost unheard of in 2023. Which is probably why Apple decided not to do another mini iPhone. This is likely the last “Mini” iPhone Apple will ever do, since it sold so poorly.
But in this small iPhone, you do get the Apple A15 Bionic chipset, 4GB of RAM, and up to 512GB of storage. There is also two 12-megapixel sensors here, with a main wide angle and then an ultrawide.
Developer platform GitHub has changed its RSA SSH key after it was accidentally exposed on a public repository.
Late last week, GitHub tweeted that it had replaced its RSA SSH “out of an abundance of caution,” after accidentally exposing the key on a publicly accessible repository.
How the accidental exposure managed to happen is unknown, but it means that anyone that happened to notice it and was able to copy the key could impersonate GitHub or eavesdrop on Git operations over SSH.
SSH (Secure Shell) keys are access credentials that are used in the SSH protocol and they are instrumental for the safe use of platforms such as GitHub, which is used for storing, tracking, and collaborating on software projects. The SSH protocol is widely used to login remotely from one system into another, and its strong encryption makes it ideal to carry out tasks such as issuing remote commands and remotely managing network infrastructure and other vital system components.
An RSA key pair includes a private and a public key. The RSA private key is used to generate digital signatures, and the RSA public key is used to verify digital signatures. GitHub.com’s RSA SSH private key was the one that was, briefly, exposed in a public GitHub repository.
What do GitHub users need to do?
If you are using GitHub’s ECDSA or Ed25519 keys, you won’t notice any change and no action is required. If you receive a warning that starts by saying that the remote host identification has changed, you’ll need to remove the old key by running this command:
$ ssh-keygen -R github.com
Then, you can manually add the following line to add the new RSA SSH public key entry to your ~/.ssh/known_hosts file:
For more information, please visit the official documentation on GitHub’s SSH public key fingerprints, or follow the more elaborate instructions in the article about the update.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The Google Pixel 7 Pro is finally, available for pre-order. The device goes up for pre-order today and will be in customers hands next week, on October 13. The Pixel 7 Pro is starting at the same price as the Pixel 6 Pro did last year, just $899. That’s still a lot of money, but far cheaper than most other flagships which start at $999. But what if we told you that you could get it for even less? Well you can, and that’s why we have this list of the best Pixel 7 Pro deals.
Google’s Pixel 7 Pro is largely the same as the Pixel 6 Pro. It has the same display, a 6.71-inch QHD+ AMOLED 120Hz display. It does also have the new Tensor Chip inside (this is the second generation one), with 23GB of RAM and 128GB of storage. There is also a 256GB and 512GB model. It’s powered by a pretty large 5003mAh capacity battery inside. So it’s a pretty solid smartphone for just $900. Not to mention the fact that it’s going to get updates quickly, and often from Google.
Best Google Pixel 7 Pro Deals
So, about those deals. Typically, carriers will have the best deals, as they offer trade-in deals for new phones. But if you don’t have or don’t want to trade in your phone, you can also save in other ways, which we’ll outline below. Google hasn’t always been as aggressive as Samsung and Apple with trade-in values. So it still might be cheaper to go ahead and buy the phone and then sell your old one later on.
Below, we’ll list all of the promos that each carrier is offering for the Google Pixel 7 Pro. As well as the retailers like the Google Store, Best Buy and Amazon. So you can take advantage of the deal that works best for you. As the best deal may not be the best for everyone.
So without further ado, here are the best deals for the Google Pixel 7 Pro.
It’s no secret that Elon Musk’s acquisition of Twitter has caused significant turmoil for the social media platform, with over 500 advertisers abandoning Twitter in response to Musk’s erratic changes. According to a report from The Information, Musk told his employees that the company is now worth just $20 billion, which is significantly lower than the $44 billion he paid last year. Musk shared this valuation in an internal Twitter memo, where he also announced a new stock compensation program that would allow employees to sell their stock every six months.
In the email, Musk warned employees that the company was still in a difficult financial position. However, at one point, Twitter was four months away from running out of cash, emphasizing the challenges that the company faces. Musk further described Twitter as an “inverse startup,” due to the significant changes he made to save the platform from bankruptcy.
Still a long way to go
This drop in valuation reflects the challenges Twitter has faced ever since Musk took over. Daily revenue has dropped by 40% compared to the previous year as over 500 of the company’s top advertising partners paused their spending on the platform following Elon’s decision to launch Blue with a verification subscription and the “general amnesty” policy, which brought some of Twitter’s worst users and a wave of fake accounts.
Despite the challenges, Musk remains optimistic about Twitter’s future. He sees a clear but difficult path to a $250 billion valuation, which would make the company’s current stock grants worth ten times as much in the future.
However, it remains to be seen whether Musk’s vision for Twitter will ultimately be successful. While the offer of stock grants may motivate employees and potentially increase the platform’s value, Twitter needs to address its challenges to be profitable.
A recent study reveals how attackers can trigger vulnerabilities in voice assistants for malicious purposes. As demonstrated, using inaudible sound trojans allows exploiting existing vulnerabilities in voice assistants to attack respective devices.
Inaudible Sound Can Attack Voice Assistants
A team of researchers from the University of Texas at San Antonio and the University of Colorado, Colorado Springs, devised an interesting attack strategy aimed at voice assistants.
Specifically, the researchers have developed NUIT (Near-Ultrasound Inaudible Trojan) attack that involves injecting malicious voice commands in the inaudible range to trigger voice assistants.
For this, the attacker may trick the victim into installing a malicious app that later meddles with the device’s voice assistants by playing audio files. Or, the attack may happen through a maliciously crafted website if and when the victim visits it, for instance, following a phishing attack.
Once done, the attacker exploits the device’s microphone with near-ultrasound waves inaudible to humans. And before performing any other action, it may even reduce the target device’s volume via a similar inaudible command so that the voice assistant’s response to the command won’t be heard. Thus, the victim user wouldn’t know the attack is happening while the adversary continues executing malicious commands.
The researchers have shared the following videos as demonstrations of the NUIT attack. In the first video, the attacker attacks an iPhone, triggering Siri to open the victim place’s main door with silent commands.
Likewise, in the following video, the attacker triggers Google Assistant (popular on Android devices) to do the same.
In both cases, the owner of the target device is sitting nearby the hacked device. Yet, the victim remains oblivious to its phone’s activities.
Limitations And Countermeasures
According to the researchers, NUIT attack isn’t as perfect as it seems. It mainly works for handsets bearing linear speaker and microphone. Since that’s now getting common, the researchers advise the device manufacturers to consider redesigning the placement so as to prevent inaudible sound transmission to the microphone.
While that’s a remedy for the future, for now, the researchers advise users to switch to using earphones instead of device speakers. That’s because earphones ensure a low transmission of sound, preventing direct commands to the microphone.
The researchers are going to present their study at the USENIX Security 2023 scheduled for August 9 and 11, 2023, at the Anaheim Marriott in Anaheim, CA, USA. Whereas details about the NUIT attack is also available on a dedicated webpage.
This week on Lock and Code, we speak with Anna Pobletts about the “death” of passwords, and how passkeys can become the non-compromising fix to authentication’s biggest problems.
How many passwords do you have? If you’re at all like our Lock and Code host David Ruiz, that number hovers around 200. But the important follow up question is: How many of those passwords can you actually remember on your own? Prior studies suggest a number that sounds nearly embarrassing—probably around six.
After decades of requiring it, it turns out that the password has problems, the biggest of which is that when users are forced to create a password for every online account, they resort to creating easy-to-remember passwords that are built around their pets’ names, their addresses, even the word “password.” Those same users then re-use those weak passwords across multiple accounts, opening them up to easy online attacks that rely on entering the compromised credentials from one online account to crack into an entirely separate online account.
As if that weren’t dangerous enough, passwords themselves are vulnerable to phishing attacks, where hackers can fraudulently pose as businesses that ask users to enter their login information on a website that looks legitimate, but isn’t.
Thankfully, the cybersecurity industry has built a few safeguards around password use, such as multifactor authentication, which requires a second form of approval from a user beyond just entering their username and password. But, according to 1Password Head of Passwordless Anna Pobletts, many attempts around improving and replacing passwords have put extra work into the hands of users themselves:
“There’s been so many different attempts in the last 10, 20 years to replace passwords or improve passwords and the security around. But all of these attempts have been at the expense of the user.”
For Pobletts, who is our latest guest on the Lock and Code podcast, there is a better option now available that does not trade security for ease-of-use. Instead, it ensures that the secure option for users is also the easy option. That latest option is the use of “passkeys.”
Resistant to phishing attacks, secured behind biometrics, and free from any requirement by users to create new ones on their own, passkeys could dramatically change our security for the better.
Today, we speak with Pobletts about whether we’ll ever truly live in a passwordless future, along with what passkeys are, how they work, and what industry could see huge benefit from implementation. Tune in now.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
It’s the time of year when we’re looking forward to a bunch of new updates in Android. While we’re excited about the next biggest changes, we can’t forget about the minor tweaks. According to Mishaal Rahman, the Android volume slider might change its height based on the device’s screen size.
Google introduced the vertical volume slider with Android 9 back in 2018. It was a change of pace from the slider that stretched horizontally across your screen. The position of the slider should coincide with the position of your hardware volume buttons.
This is a neat thought, but it can be a bit weird on taller devices. See, the volume slider only has one size. While it looks great on medium and smaller screens, it can look pretty tiny on larger screens.
The Android volume slider will change its height for larger displays
The smaller volume slider looks weird on larger displays, but it looks like that’s about to change. In a tweet from Mishaal Rahman, we get the news about what Google plans to do about this. There was a new commit added to the AOSP that hints at the volume slider being proportional to the device’s screen size.
So, depending on what size display you have, the volume slider will have a different height. It’s not the most significant update to Android, but it still adds a nice visual appeal.
This code was discovered in the Android 13 QPR Beta 1, but it’s not looking like the feature will come with the next feature drop. Instead, Google might opt to have this feature come with Android 14. This version of the operating system is in preview right now, and the beta is expected to launch in the coming months.
However, since this was discovered within the code of the software, you’ll want to take it with a grain of salt.
