Can bad actors use your stolen phone PIN to change your Google account password? Sadly, yes, they can, and recent reports have explained how this is possible. Some people might be aware of this threat with iPhones already, but it extends beyond that ecosystem.
Cybersecurity experts are now letting netizens know that this threat is also present on Android devices. This calls for both iOS and Android users to find ways through which they can better protect their devices. These security threats can lead to the theft of user data and other vital information.
This isn’t an issue that should be overlooked by both the Android and iOS parties. But how can you protect your device from anyone getting access to your PIN? In this article, you will learn more about this threat and what you can do to protect your Google passwords from being stolen.
Protect your Google passwords by first protecting your phone PIN from getting stolen
If you have ever lost the password to your Google account, you notice that there is a second login option. This option is provided once you click on the forgot password link on the login page. Using this redirect link that helps users bypass and change their forgotten password.
To do this, the user is asked to unlock his device, since this is a way for Google to certify account ownership. For iPhone users, they move to input their phone PIN, hence unlocking their device. Android users, on the other hand, can unlock their devices using the fingerprint sensor instead of using their PIN, password, or pattern.
But, this password reset system gives bad actors an opening to access your Google accounts. All they need to do is steal your phone PIN or means of security unlock (password or pattern). Then they head over to your Google account page in settings and activate the password change process.
Once this is activated, Google will require you to unlock your device and they can do this with your stolen phone PIN, password, or pattern. They can then change your password and move to steal your vital information. With the new password, they can log their Google account into another device and gradually access other synced accounts.
To protect your Google account passwords, you need to protect your phone PIN. Don’t give everyone your phone PIN, and be sure to use a safe PIN combination. Google and Apple are yet to fix this security issue plaguing their users around the world.
The US Marshals Service (USMS), a federal law enforcement agency within the US Department of Justice (DoJ) has announced that it was the victim of a ransomware attack that compromised confidential information held by the agency.
The attack, which took place on February 17, saw “a ransomware and data exfiltration” attack launched against a “stand-alone USMS system”.
The system compromised in the attack held a number of sensitive documents, including “returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees”.
Chief of the USMS public affairs office, Drew Wade, told Reuters that the service had reported the data breach to the US Department of Justice, who then began a forensic investigation into the attack.
The DoJ has branded the cyber attack a “major incident”, which, according to the United States Computer Emergency Readiness Team (US-CERT), is an incident which is “likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties or public health and safety of the American people”.
Major incidents caused by ransomware
US-CERT also notes that cyber attacks classed as major incidents “demand unity of effort within the Federal Government and especially close coordination between the public and private sectors as appropriate”.
On January 11, a cyber attack against the UK postal service Royal Mail led to a request that customers stop sending mail abroad via its services. The attack was later linked to Russian hackers.
Royal Mail said the cyber attack caused “severe disruption” to the computerized systems used to send mail abroad. The company “immediately launched an investigation into the [cyber] incident” and utilized the help of the UK’s National Cyber Security Centre, Information Commissioner’s Office and National Crime Agency to halt further attacks.
Hackers targeting postal services
The system affected by the cyber attack was used at six Royal Mail sites to track and trace items sent abroad, as well as to prepare mail to be dispatched overseas.
On January 12, it was reported by multiple news sites that the incident was in fact a cyber attack against Royal Mail by Russian ransomware-as-a-service (RaaS) gang LockBit.
Printers at a Royal Mail distribution center in Belfast, Northern Ireland, began to print letters from the gang. The letters allegedly informed those in the office that LockBit black ransomware was responsible for the disruption and that “your data are [sic] stolen and encrypted.” A threat was issued to post it online if the ransom demands were not met.
YouTube Premium Family Plan prices are getting an increase, and that price change is coming sooner rather than later. It’d be understandable if you forgot all about YouTube reaching into your pockets for a little more money. The company announced the price change was coming all the way back in October of 2022. During the announcement last year, it said prices would be increasing in April of 2023. Well, April of 2023 is one month away.
And YouTube wants to remind you, and everyone else who has a YouTube Premium Family Plan, that the price increase is around the corner. If you did forget all about the change to the monthly fee, consider this your fair warning. YouTube Premium Family Plans will officially cost $22.99 a month as of April 3. Just one day longer than a full month away.
YouTube sends out emails about the Premium family plan price increase
While many likely don’t agree with the price change, it’s nice at least that YouTube is sending out email reminders to subscribers. You can also find more info about these changes on YouTube’s official support page. Still, $22.99 a month from $17.99 a month is a big jump. And it’s even more of an increase for anyone who was grandfathered in at the $14.99 a month plan. In case you missed it last year, yes, this price change impacts you as well. Shame, really. Because $14.99 was such a good price for what you were getting.
But say goodbye to those more reasonable plan costs. Because they’re on the way out. You do however have one more month to enjoy the family plan cost at whatever you’re currently paying before the change. Of course, you could always do what some subscribers did when Netflix recently raised its prices and just cancel.
And if you can live with ads, no background play for videos, and no offline play, then cancelling at least would save you $22.99 a month.
Using a virtual private network (VPN) to surf anonymously can be a great way to protect your privacy. VPNs keep your IP address from being tracked by tracking websites and services, and they can hide your search queries and browser history.
VPNs ensure that your search queries and browser history are truly anonymous
Using proxy services can keep your online identity secure. These proxies encrypt all your internet traffic and hide your location, as well as any PII.
Your IP address identifies you as a person and can reveal your location, home address, credit card numbers, and more. Your ISP may also have recorded websites you’ve visited. These tracking capabilities give snoopers access to your browsing history, but a VPN can help prevent third parties from seeing it.
Many websites and applications use cookies to remember your preferences. By deleting these cookies, you can protect your privacy. However, there are still other ways to leave a digital footprint.
Browser extensions and HTML5 APIs have been known to leak data. Hackers can also intercept data sent over public Wi-Fi networks. You can protect your PII by removing file references. You can even reroute your traffic.
VPNs also allow you to bypass geo-blocks, which means that you can access content that’s restricted to certain countries. This can save you money on online entertainment. Some examples are Netflix and BBC iPlayer.
They hide your IP address from tracking sites
Using a VPN to hide your IP address from tracking sites is a smart way to protect your privacy online. Unlike a normal IP address, a virtual private network (VPN) masks your location, encrypts all of your internet traffic, and prevents third parties from identifying you.
Using a VPN allows you to access geo-restricted streaming services and games without worrying about your personal information being leaked. It also helps you avoid online fraud by encrypting your web activity.
You can also use a VPN to change your location to avoid getting targeted by advertisers. Changing your location can help you find deals and discounts online. Similarly, you can use a VPN to change your country to ensure you have better internet coverage.
Lastly, you can protect your identity by blocking cookies. Cookie tracking is used by websites to remember your preferences. This data is sent from your computer to the website, but it’s not a permanent record. A good VPN service will allow you to choose what types of cookies are allowed.
They keep your personal information secure
Using a VPN to keep your personal information secure is a great way to stay anonymous online. It masks your IP address, prevents third parties from seeing your web traffic, and protects your personally identifiable information (PII).
A VPN is a software program that reroutes your Internet connection through a server in a network. The software assigns a new anonymous IP address. During this time, your internet traffic is encrypted. This means that it cannot be seen by the router. The server then sends your traffic to a website. The site will then know that you are coming from the remote VPN, which will make it difficult for them to identify you.
VPNs are also useful in unblocking geo-restricted services. This includes access to sites like Netflix, Youtube, Google, etc. In addition, using a VPN can help you avoid warning letters for illegally downloading copyrighted material.
A VPN can also block trackers. In fact, the Washington Post reported that U.S. intelligence has been mining data from nine U.S. internet companies. This data could reveal users’ online activities and habits.
They allow you to access blocked websites and services
Using a VPN is a great way to access blocked websites. This is because it allows you to hide your IP address, so you can access websites that are otherwise blocked in your country. Some institutions and governments block certain websites to prevent the spread of information or prevent uprisings. This can put a strain on productivity.
While some countries have more strict VPN laws than others, it is not illegal to unblock geo-restricted content. If you’re trying to access your favorite shows or games, you might need to use a VPN to bypass restrictions.
Another popular way to bypass blocks is to use a web proxy. This is a free online service that downloads the webpage you want to view. Then, you just need to click a button to visit the website.
Some websites are also blocked because they contain geo-restricted content. This means you might be unable to access your favorite shows, games, or apps.
The cybersecurity analysts at ESET recently reported that BlackLotus, a sneaky bootkit for UEFI (Unified Extensible Firmware Interface), has gained notoriety as the primary malware known to successfully evade Secure Boot defenses, creating it a formidable danger.
Even on the most current Windows 11 systems with UEFI Secure Boot activated, this bootkit has the capability to run seamlessly.
The implementation of UEFI bootkits in system firmware results in the provision of full control over the boot process of the operating system.
By exploiting this flaw, the operating system (OS)-level security mechanisms can be disabled and allow for the installation of arbitrary payloads with high privileges during the startup process.
Since October 2022, the UEFI bootkit has been available for purchase on hacking forums at a price of $5,000. Additionally, new versions of the bootkit are available at $200 each.
BlackLotus UEFI Bootkit
With a size of 80 kilobytes, this rugged and tenacious toolkit is programmed using Assembly and C. In addition, the program features geofencing capabilities to ensure that computers are not infected in the following places:-
Armenia
Belarus
Kazakhstan
Moldova
Romania
Russia
Ukraine
In October 2022, information regarding BlackLotus was first brought to light. During this time, Sergey Lozhkin, a Kaspersky security researcher, referred to it as a complex crimeware solution.
In essence, BlackLotus leverages a security vulnerability known as CVE-2022-21894 (also referred to as Baton Drop) to bypass UEFI Secure Boot safeguards and establish persistence.
Following successful exploitation of this vulnerability, during the early boot stages, arbitrary code is executable. Subsequently, this enables a malicious actor to execute harmful actions on a system enabled with UEFI Secure Boot without the necessity of physical access.
To date, this is the initial instance of the publicized abuse of this vulnerability in a real-world environment. It is still possible to exploit it as the affected and legitimately signed binaries are yet to be included in the revocation list of UEFI.
BlackLotus exploits this by introducing its versions of legitimate binaries that are susceptible to vulnerability into the system to take advantage of the flaw.
BlackLotus is also designed to install a kernel driver and an HTTP downloader besides having some exceptional capabilities to deactivate security mechanisms such as:-
BitLocker
Hypervisor-protected Code Integrity (HVCI)
Windows Defender
These components communicate with a command-and-control (C2) server to download additional malware in either:-
There is currently no clear understanding of the precise method used to implement the bootkit. However, it appears to commence with an installer component that takes on the responsibility of composing the files to the EFI system partition.
Following this, the installer component will disable HVCI and BitLocker, and subsequently initiate a reboot of the host. The attackers are also capable of exploiting CVE-2022-21894, exploiting it for persistence and installing the bootkit upon restarting the system.
There are a number of exploits that are implemented within this bootkit which allows the attacker to maintain control over the system by executing the kernel driver automatically upon the start-up of the system.
First, the kernel driver executes the HTTP downloader in user mode, and secondly, it executes the kernel-mode payloads in the second stage, which are all part of the next-stage HTTP download.
The actions performed by the malware are multifaceted and complex. These include downloading and executing various forms of malicious software, such as a kernel driver, DLL, or a standard executable.
Additionally, the malware has the ability to fetch bootkit updates and even uninstall the bootkit from the system that is infected.
Numerous critical vulnerabilities that have the potential to impact the security of UEFI systems have been identified in recent years.
However, due to the intricacies involved in the UEFI ecosystem and related supply-chain issues, many systems have remained vulnerable to these vulnerabilities long after they have been addressed, or at least after we have been informed of their resolution.
As computer systems with UEFI Secure Boot enabled have become increasingly common, it was inevitable that their vulnerabilities would be exploited by malicious actors.
Mitigations
Here below we have mentioned all the mitigations offered by the security analysts:-
You should always keep your system, as well as its security product, up-to-date.
Avoid the use of known vulnerable UEFI binaries by revoking them in the UEFI revocation database in order to bypass UEFI Secure Boot.
One of the challenges with revoking widely used Windows UEFI binaries is the potential for rendering a large number of systems, recovery images, and backups unbootable. Given the significant impact of such revocation, it is understandable that the process can often be slow, as it requires careful consideration and planning to minimize disruption and ensure that users are not left without access to their systems.
BlackLotus’ bootkit is installed over a revoked bootloader, so it can make the victim’s system inoperable if the applications are revoked. This can be remedied by reinstalling the operating system or by performing an ESP recovery.
As the bootkit uses a legitimate shim with a custom MOK key for persistent storage, if the revocation of the certificate would occur after BlackLotus persistence is set, then the bootkit should remain functional. To mitigate this attack, for protection purposes, it would be best to reinstall Windows as soon as possible and to make sure the attackers’ enrolled MOK key is removed using the mokutil program.
We take a look at a ransomware outbreak impacting multiple DISH Network services.
Satellite broadcast organisation DISH experienced a major system issue over the past week which affected multiple services. Websites and channels were unavailable, logins were non-functional, and some folks couldn’t even pay their bills as a result of the downtime.
There was a suspicion that something may have gone wrong behind the scenes. This suspicion has turned out to be correct, as DISH has reported to the US Securities and Exchange Commission that a ransomware attack is responsible.
A timeline of ransomware
DISH filed an 8-K form, used to inform shareholders of major events, to explain the situation. The timeline is as follows:
February 23: DISH announces on an earnings call that a network outage affected internal servers and IT telephony. Having already determined that the outage was due to a “cybersecurity incident”, law enforcement was informed and security experts were brought in to assess the situation.
February 27: DISH becomes aware that data was extracted from IT systems as a result of the ransomware attack. At this point, it’s not certain if personal information is included in the extracted data.
The filing continues:
The forensic investigation and assessment of the impact of this incident is ongoing. DISH, Sling and our wireless and data networks remain operational; however the Corporation’s internal communications, customer call centres and internet sites have been affected. The Corporation is actively engaged in restoring the affected systems and is making steady progress.
At this point, DISH still can’t confirm whether or not personal data has been compromised. A statement given to The Record states that customers will be contacted if this turns out to be the case.
Downtime and confusion
To give some idea of the scale of the outage, services impacted according to Silicon include some of the below::
Dish.com
The Dish Anywhere app
Boost Mobile
“Other websites and networks” operated and owned by DISH network.
The DISH call centre.
This is in addition to people not being able to pay bills or login. It’s not uncommon for a business to be rendered inoperable in the aftermath of a ransomware attack. However, it is somewhat unusual to see so many services fall over simultaneously. Perhaps the scale of the attack is something to behold, or maybe the attackers just got lucky. Either way, we won’t know for certain until the investigation is concluded and findings are published.
Bleeping Computer has been told by sources that the Black Blasta ransomware operation is allegedly behind the attack, “first breaching Boost Mobile and then the Dish corporate network”. It’s worth stressing that Bleeping Computer goes on to say that this information has not been independently, and DISH has not responded to multiple emails requesting more information. It’s possible we may be waiting some time for additional details to be made public.
Meanwhile, TechCrunch has been informed that employees have no information about the incident and have not been told when they can return to work. This is not a great situation for anyone involved, and really speaks to the scale of impact that a ransomware outbreak can have.
How bad is the current state of play?
Customers are without various services, and the Dish website is still sporting a “Thank you for your patience” message along with the link to a statement which includes the following message:
The security of our customers’ data is important to us, and if we learn that information was compromised, we’ll take the appropriate steps and let any impacted customers know.
As a result of this incident, many of our customers are having trouble reaching our service desks, accessing their accounts, and making payments. We’re making progress on the customer service front every day, including ramping up our call capacity, but it will take a little time before things are fully restored. DISH TV continues to operate and is up and running.
If you’re a DISH customer, you may have to wait a bit longer until things are something like approaching normal service.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.
Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.
The Xiaomi 13 Pro launched globally during the Mobile World Congress 2023. The phone has a truly great camera setup, while Xiaomi also packed truly powerful specs on the inside. Comparing it to the best of Samsung definitely makes sense, for a number of reasons. So, in this article, we’ll compare the Samsung Galaxy S23 Ultra vs Xiaomi 13 Pro. These are two of the most powerful phones Samsung and Xiaomi have to offer at the moment.
The two phones are quite different design-wise, while their software iterations also differ. They do share some of the specs, though, but utilize completely different camera setups. There’s a lot to talk about here, actually. We’ll first list their specifications, and will then move to compare their designs, displays, performance, battery life, and camera performance.
Specs
Samsung Galaxy S23 Ultra
Xiaomi 13 Pro
Screen size
6.8-inch QHD+ Dynamic AMOLED 2X display (curved, 120Hz adaptive refresh rate, LTPO, down to 1Hz, 1,750 nits peak brightness)
Both of these phones are made out of metal and glass, but they both look different, and feel different in the hand. The Galaxy S23 Ultra has flat top and bottom sides, while its sides are curved with a flattish feeling. It’s difficult to explain. The Xiaomi 13 Pro, on the other hand, has a more familiar design. It has two pieces of glass that curve towards the phone’s frame. Those glass panels on the front and back are only slightly curved towards the sides.
Both phones have a centered display camera hole, and very thin bezels. Both displays are curved, but only barely, neither company opted for a major curvature this time around. If we flip the two phones over, you’ll see entirely different-looking camera setups. The Galaxy S23 Ultra has four cameras on the back, each of which protrude from the backplate directly. The Xiaomi 13 Pro has a camera island in the top-left corner, which includes three cameras, covered by Leica lenses.
The Galaxy S23 Ultra is slightly taller, and considerably wider than the Xiaomi 13 Pro. It’s also slightly thicker. When it comes to thickness, they’re very close if you compare the Galaxy S23 Ultra with the ceramic variant of the Xiaomi 13 Pro, which is the only variant that got released globally. In China, there is a vegan leather model that is a bit lighter. Both phones feel truly premium in the hand, and both are IP68 certified for water and dust resistance. The in-hand feel is different, though, and the Galaxy S23 Ultra feels considerably larger when you hold it.
Samsung Galaxy S23 Ultra vs Xiaomi 13 Pro: Display
Both companies decided to include truly outstanding displays in their flagship devices. The Galaxy S23 Ultra includes a 6.8-inch QHD+ (3088 x 1440) Dynamic AMOLED 2X curved display. It has a 120Hz refresh rate, and supports HDR10+ content. This display gets up to 1,750 nits of peak brightness when needed. It is protected by the Gorilla Glass Victus 2, and it offers a pixel density of 500.
The Xiaomi 13 Pro, on the other hand, has a 6.73-inch QHD+ (3200 x 1440) LTPO AMOLED display. This panel is also curved, and it can project up to 1 billion colors. It has a 120Hz refresh rate and Dolby Vision support. It also supports HDR10+ content, and can get truly bright at 1,900 nits. This display is protected by the Gorilla Glass Victus, and it has a pixel density of 522, in case you were wondering.
These two displays are some of the best in the market, easily. Not only are they truly vivid and offer those deep blacks, but they’re also very sharp. The viewing angles are outstanding, and they are also very fluid. On top of that, they have proper HDR10+ support, and get truly bright. The Xiaomi 13 Pro does technically get slightly brighter, but both are more than enough, even in direct sunlight. You really can’t miss, both displays are outstanding.
Samsung Galaxy S23 Ultra vs Xiaomi 13 Pro: Performance
The Galaxy S23 Ultra is fueled by the Snapdragon 8 Gen 2 for Galaxy SoC, while the Xiaomi 13 Pro comes with the Snapdragon 8 Gen 2. Both phones essentially have the same SoC, but the one in the Samsung phone is clocked a bit higher. In any case, both phones also include LPDDR5X RAM and UFS 4.0 flash storage. The Galaxy S23 Ultra has up to 12GB, while the Xiaomi 13 Pro comes with 12GB of RAM only, globally. Samsung offers up to 1TB of storage, while Xiaomi offers up to 512GB of storage. Both phones also ship with Android 13 out of the box, with their respective skins.
Both of these phones are immensely powerful on paper, there’s no denying that. And yes, that does translate to real-life use as well. These two phones are blazing fast in every way, shape and form. It really doesn’t make a difference what you’re doing on the device, and that even includes gaming. They can play any game from the Play Store without a hitch, at least the ones we tried out were running very smoothly. That even goes for the most demanding titles out there, Genshin Impact ran perfectly fine. Qualcomm made an outstanding SoC, and One UI 5.1 and MIUI 14 are apparently running great on the platform. You really don’t have to worry about performance, at least as things stand at the moment.
Samsung Galaxy S23 Ultra vs Xiaomi 13 Pro: Battery
The Samsung Galaxy S23 Ultra comes with a 5,000mAh battery, while the Xiaomi 13 Pro has a 4,820mAh battery on the inside. That, combined with their software, and the Snapdragon 8 Gen 2, which is excellent in the power consumption segment… delivers great battery life on both phones. Now, in our testing, the Galaxy S23 Ultra can last a bit longer, but the Xiaomi 13 Pro offers excellent battery life as well.
We were able to get up to 9-10 hours of screen-on-time with the Galaxy S23 Ultra, more often than not. If you’re not doing anything power-demanding, it may even go a bit further than that. The Xiaomi 13 Pro, on the other hand, is also able to go the distance. I was ending my days with around 7 hours of screen-on-time during the review, but I had a lot of battery life left. I once pushed it past the 8-hour screen-on-time mark and it was still going. Do note that I don’t really play games on my phones, though, only for testing purposes. So, gaming, and other demanding tasks may show different results. There are also a number of other factors that may affect battery life differently for you, of course.
Now, when it comes to charging, the Xiaomi 13 Pro obliterates the Galaxy S23 Ultra, basically. Not only does it come with a charger unlike the Galaxy S23 Ultra, but it packs in a 120W charger. The Xiaomi 13 Pro supports 120W wired, 50W wireless, and 10W reverse wireless charging. The Galaxy S23 Ultra, on the other hand, offers 45W wired, 15W wireless, and 4.5W reverse wireless charging. The Xiaomi 13 Pro charges considerably faster in all three aspects.
Samsung Galaxy S23 Ultra vs Xiaomi 13 Pro: Cameras
These two devices have immensely different camera setups, and do produce different results too. The Galaxy S23 Ultra comes with a 200-megapixel main camera, a 12-megapixel ultrawide camera (120-degree FoV), a 10-megapixel telephoto unit (3x optical zoom), and a 10-megapixel periscope telephoto camera (10x optical zoom, 100x Space Zoom). The Xiaomi 13 Pro, on the flip side, has a 50.3-megapixel main camera (1-inch sensor), a 50-megapixel ultrawide camera (115-degree FoV), and a 50-megapixel telephoto camera (3.2x optical zoom). Leica lenses are also used on top of all three Xiaomi cameras.
Both phones do excel in the camera department, though neither is perfect. The Galaxy S23 Ultra can produce outstanding shots in all scenarios, when it nails a shot. Samsung still has to work on consistency a bit at this point, but the cameras here produce outstanding results. It is capable of balancing even the most demanding shots. Like the ones at night with plenty of lights and neon signs. It also offers great dynamic range, when it hits it right. The pictures are usually spot on, but at times it can tune up the saturation a bit too high.
The Xiaomi 13 Pro produces a bit moodier shots, which is especially noticeable in ‘Leica Authentic’ mode, and during the night. That’s not a bad thing, as the whole point is for the photos to be a bit more Leica-like. There are also a ton of Leica shooting styles you can choose from. The Xiaomi 13 Pro does a great job overall, except for some HDR situations, it still tends to miss those during both day and night, at times. Well, at least it did during our review, but that is easily fixable. The Xiaomi 13 Pro truly shins in portrait photography with its telephoto camera, it yields outstanding results. Its 1-inch camera produces great shots as well, with creamy bokeh, it really can capture a breathtaking image.
Ultrawide cameras on both phones are really good and keep up the pace with the main shooter. The video recording is also good on both phones, but the Galaxy S23 Ultra does stand out. It offers better stabilization, and the end results usually look a bit better. Both smartphones are truly great in the camera department, though, I cannot emphasize that enough.
Audio
Both smartphones have stereo speakers built-in, and both phones produce really good audio. The audio is more than loud enough, while there’s also some bass in there. The distortion is not noticeable, and they are overall well-balanced.
Having said that, neither of these two phones has an audio jack. You’ll have to use the Type-C ports in case you want to connect your headphones via a wire. If you prefer a wireless connection, there’s always Bluetooth 5.3, which is supported by both phones.
Over the past few years, TikTok has exploded in popularity, with children reportedly spending an average of 91 minutes on the platform. This has raised concerns among parents, who fear that excessive screen time may harm their children’s mental health and well-being. To address these concerns, TikTok has recently introduced new features aimed at reducing teenagers’ screen time and providing parents with more control over their children’s activities on the app.
Under this change, users under 18 years will have a daily screen time limit of 60 minutes. In case the user wants to extend the screen time limit, they will have to enter a passcode, thus “requiring them to make an active decision to extend that time,” says TikTok. Additionally, if a teenager disables the screen time limit, the company will prompt them to set a limit if they spend over 100 minutes on the app. TikTok will also send younger users an inbox notification each week recapping their screen time.
Although TikTok consulted with experts from the Digital Wellness Lab at Boston Children’s Hospital and reviewed academic research to determine the limits, there is no universally accepted standard for how much screen time is excessive. Therefore with these changes, the company hopes to provide teenagers with the extra support they need “as they start to explore the online world independently.”
Family Pairing
Besides the screen limit, TikTok is introducing a new Family Pairing feature aimed at giving parents the ability to monitor their child’s activity on TikTok. Under the new parental controls, parents can apply custom limits that adjust based on the day of the week or school holiday. They also get access to TikTok’s screen time dashboard, which summarizes a child’s app usage and provides a breakdown of how much time they spent during the day and night, and mute app notifications on their children’s accounts based on a schedule they set. Additionally, the company is also developing content controls, which allow parents to filter out specific videos based on certain hashtags or words.
Apart from the Family pairing feature, TikTok plans to roll out some of these changes to all users, allowing them to schedule mute notifications and set customized screen time limits for each day of the week. These changes will provide users with more control over their app usage and help them manage their time more effectively.
Privacy experts VPNOverview wanted to find out which popular apps Americans wanted to get rid of the most. So for each of the 50 states, it looked up regional search volume for “delete” and “deactivate” apps. With help from web analytics company Similarweb, VPNOverview also analyzed the number of active users and downloads for each Android app over the last year. The result? A list of the 10 most popular apps that Americans want to delete the most.
The app that had the most searches for deletion in the U.S. was Instagram with 900,120 searches coast-to-coast. The app has seen a 25% decline in installs over the last six months. Instagram’s stable-mate Facebook was next with 385,410 search requests related to finding out how one would get rid of the app on a phone or tablet. The number of downloads has decreased by 22% over the last six months.
With search volume of 217,400 queries asking how to 86 the app. Snapchat was third with users in New Mexico and Arizona the most eager to get rid of the app. Twitter was fourth on the list (92,490 deletion search requests). Those in California, Maryland, Nevada, and Washington are most interested in getting rid of the social media app.
With 24,810 searches looking for information on deleting the app, messaging service Telegram was fifth on the list with those in New Jersey especially anxious to get the app off of their devices.
The rest of the top 10 popular apps that America most wants to wipe off their mobile devices include:
6. Spotify (14,560 searches)
7. TikTok (14,120 searches)
8. LinkedIn (8,540 searches)
9. Tinder (7,980 searches)
Number 10 is a surprise as 6,720 searches were discovered by Americans looking to delete video streamer YouTube. With over 10 billion downloads on Android alone, the number of search requests seeking a way to remove YouTube from a phone or tablet is quite a small percentage.
These are the 10 popular apps that Americans most want to delete
Christopher Bluvshtein, a Privacy expert at VPNOverview, said, “Some people are also turning their backs on social media altogether. Whether due to politics, increasing cybersecurity issues, or even insecurity over those in a more fortunate position, there’s clearly been an increasing trend of people leaving these applications behind. People are burning out. Recently, an interesting term came about known as ‘’doom-scrolling’’ Essentially, this refers to spending excess time online reading negative news. There are a lot of problems in the world right now, and this kind of endless negativity can wear you down over time, so this could easily be contributing to the phenomenon.”
A researcher discovered a severe vulnerability in Chromium that allowed SameSite cookie bypass on Android browsers. Google patched the flaw following the bug report.
Chromium SameSite Cookie Bypass Vulnerability
Security researcher Axel Chong discovered and reported a SameSite cookie bypass vulnerability affecting Chromium Android browsers.
According to the bug report, Chong found that he could evade the SameSite cookie restriction on Android browsers using the Intent scheme for site navigation.
Possible to bypass SameSite cookie on Android by redirecting to Intent and continuing to stay in Chrome.
Chong also shared the steps for reproducing the vulnerability, demonstrating the bypass that could allow evading SameSite cookie restriction.
Commenting about his findings with The Daily Swig, the researcher explained that he noticed the vulnerability when working on Intents. He wondered how Intent URLs could allow security bypass while elaborating that this vulnerability could also lead to cross-site request forgery (CSRF).
The discussion on Chong’s bug report also highlighted that Chrome had previously fixed a similar issue, where normal redirects also passed SameSite cookies. However, he could still observe this behavior, which suggested that Chrome somehow disabled it at some point.
Google Fixed The Vulnerability
Chong reported this issue to Google in September 2022, triggering much discussion. It was difficult for the developers to address this problem since it required determining trusted apps since Android’s security model didn’t reveal the sender of an Intent.
The comments on the bug report indicate how trusting incoming Intents for all apps could allow SameSite restriction bypasses for all apps. Hence, after a thorough discussion, the developers eventually decided to disallow SameSite cookies for untrusted apps.
The researcher also tested and confirmed the fix deployed with 109.0.5397.0 Android Chrome Canary in November 2022. Afterward, the developers took some time to address the same issue for custom tabs before allowing bug disclosure.
Besides deploying the patch, Google rewarded the researcher with a $5000 bounty according to the Vulnerability Reward Program.
