It’s been a pretty quiet few weeks for the Samsung Galaxy Fold, as the company investigates several defects reported by reviewers. The Korean company has reportedly issued an update this week though.
In an email sent to pre-order customers (obtained by Droid-Life), Samsung noted that it was “making progress in enhancing” the foldable phone.
“This means that we cannot confirm the anticipated ship date yet,” the Korean firm explains. The lack of a shipping date suggests the company simply needs more time to carry out required changes, or that it’s still investigating defects.
The email also calls for customers to tap a button to ensure they keep their Galaxy Fold pre-order. “If we do not hear from you and we have not shipped by May 31st your order will be cancelled automatically,” reads an excerpt of the message.
We’re glad to see the firm providing an update of sorts to consumers, although the automatic pre-order opt-out is a little strange. After all, what if you don’t have access to your email for whatever reason? Samsung will simply assume you don’t want a device you’ve pre-ordered anyway. Users have roughly four weeks to respond to the email though, so that should be plenty of time to make a decision.
The delay comes after several reviewers reported issues with Galaxy Fold sample units. Several users accidentally peeled off an integral screen layer on the foldable phone, while a few others reported completely broken main screens.
Hopefully Samsung’s changes are enough to prevent any more serious issues with the Galaxy Fold. Are you still interested in the device? Let us know in the comments.
On of the most significant events in computer security came in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever.
On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed DoublePulsar backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.
Killing NOBUS
The revelation that the powerful NSA tools were being repurposed much earlier than previously thought is sure to touch off a new round of criticism about the agency’s inability to secure its arsenal.
“This definitely should bring additional criticism of the ability to protect their tools,” Jake Williams, a former NSA hacker who is now a cofounder of Rendition Infosec, told Ars. “If they didn't lose the tools from a direct compromise, then the exploits were intercepted in transit or they were independently discovered. All of this completely kills the NOBUS argument.”
“NOBUS” is shorthand for nobody but us, a mantra NSA officials use to justify their practice of privately stockpiling certain exploits, rather than reporting the underlying vulnerabilities so they can be fixed.
Symantec researchers said they didn’t know how the hacking group—known alternately as Buckeye, APT3, Gothic Panda, UPS Team, and TG-0110—obtained the tools. The researchers said the limited number of tools used suggested the hackers’ access wasn’t as broad as the access enjoyed by the Shadow Brokers. The researchers speculated that the hackers may have reverse engineered technical “artefacts” they captured from attacks the NSA carried out on it own targets. Other less likely possibilities, Symantec said, were Buckeye stealing the tools from an unsecured or poorly secured NSA server or a rogue NSA group member or associate leaking the tools to Buckeye.
The attack used to install Buckeye's DoublePulsar variant exploited a Windows vulnerability indexed as CVE-2017-0143. It was one of several Windows flaws exploited in Shadow Broker-leaked NSA tools with names that included Eternal Romance and Eternal Synergy. Microsoft patched the vulnerability in March 2017 after being tipped off by NSA officials that the exploits were likely to be published soon.
Symantec’s report means that by the time the NSA reported the vulnerabilities to Microsoft, they had already been exploited in the wild for months.
“The fact that another group (besides NSA) were able to successfully exploit the Eternal series of vulnerabilities successfully is very impressive,” Williams said. “It speaks to their technical abilities and resourcing. Even if they stole the vulnerabilities while they were being used on the network, that's not enough to recreate reliable exploitation without tons of extra research.”
Tale of two exploits
Security protections built into modern versions of Windows required two separate vulnerabilities be exploited to successfully install DoublePulsar. Both the NSA and Buckeye exploited CVE-2017-0143 to corrupt Windows memory. From there, attackers needed to exploit a separate vulnerability that would divulge the memory layout of the targeted computer. Buckeye relied on a different information-disclosure vulnerability than the NSA’s Eternal attacks used. The vulnerability used by Buckeye, CVE-2019-0703, received a patch in March, six months after Symantec privately reported it to Microsoft.
Symantec said the earliest known instance of Buckeye using the NSA variants came on March 31, 2016 in an attack on a target in Hong Kong. It came in a custom-designed trojan dubbed Bemstour that installed DoublePulsar, which runs only in memory. From there, DoublePulsar installed a secondary payload that gave the attackers persistent access to the computer, even if it was rebooted and DoublePulsar was no longer running. An hour after the Hong Kong attack, Buckeye used Bemstour against an educational institution in Belgium.
Six months later—sometime in September, 2016—Buckeye unleashed a significantly improved variant of Bemstour on an educational institution in Hong Kong. One improvement: unlike the original Bemstour, which ran only on 32-bit hardware, the updated version ran on 64-bit systems as well. Another advance in the updated Bestour was its ability to execute arbitrary shell commands on the infected computer. This allowed the malware to deliver custom payloads on 64-bit infected computers. The attackers typically used the capability to create new user accounts.
Bemstour was used again in June 2017 against a target in Luxembourg. From June to September of that year Bemstour infected targets in the Philippines and Vietnam. Development of the trojan continued into this year, with the most recent sample having a compilation date of March 23, 11 days after Microsoft patched the CVE-2019-0703 zeroday.
Symantec researchers were surprised to see Bemstour being actively used for so long. Previously, the researchers believed that APT3 had disbanded following the November 2017 indictment of three Chinese nationals on hacking charges. While the indictment didn’t identify the group the defendants allegedly worked for, some of the tools prosecutors identified implicated APT3.
Monday’s report said Bemstour’s use following the apparent disappearance of Buckeye remained a mystery.
“It may suggest that Buckeye retooled following its exposure in 2017, abandoning all tools publicly associated with the group,” company researchers wrote. “However, aside from the continued use of the tools, Symantec has found no other evidence suggesting Buckeye has retooled. Another possibility is that Buckeye passed on some of its tools to an associated group.”
The suddenly-cozy relationship between Linux and Windows is taking another step forward, as Microsoft announced in a blog post that it's going to ship a full Linux kernel in Windows 10. It will arrive first with Insider preview builds by the end of Jun, underpinning the new Windows Subsystem for Linux 2. The first release will be based on version 4.19, the latest stable Linux release, and will keep up with each stable release going forward. According to Microsoft this isn't its first release of a Linux kernel -- that came last year on Azure Sphere -- but it is the first time on Windows.
By making this switch as a "drop-in replacement" for the current emulator, it should speed up performance significantly, with faster bootup and more efficient use of memory. Users can interface with it either by installing a distribution from the Microsoft Store or sideloading.
Also, the kernel itself will be open source, with instructions available to create your own, and Microsoft has pledged to contribute changes it makes open for others to use. All of this news also came after Microsoft earlier announced a new version of its Windows Terminal command line app.
Catch up on all the latest news from Build 2019 here!
Android Auto — the in-car platform that brings the look and functions of a smartphone to the vehicle’s central screen — is getting a new look and improved navigation and communication features that will roll out this summer.
The improvements and new look were revealed Monday during Google I/O 2019, the annual developer conference.
The most noticeable change might be the overall look of Android Auto. It now has a dark theme, new fonts and color accents designed to make it easier for drivers to quickly and more easily see the content on the car’s central screen.
The new version of Android Auto has also improved its notifications. Drivers can choose to view, listen and respond to messages and calls more easily.
Engineers have updated the software to make it more seamless. The system, if properly enable, would pop up on the car’s screen once the vehicle was turned on. However, the user would still have to restart their media or navigation option. Now, Android Auto will continue playing the media and navigation app of the driver’s choice. Drivers can tap on a suggested location or say “Hey Google” to navigate to a new place.
The navigation bar on Android Auto has changed as well. Drivers will be able to see their turn-by-turn directions and control apps and phone on the same screen.
Finally, the platform has been adjusted so it will fit various sized-screens. Android Auto now maximizes the in-car display to show more information, like next-turn directions, playback controls and ongoing calls.
Android Auto is not an operating system. It’s a secondary interface — or HMI layer — that sits on top of an operating system. Google released Android Auto in 2015. Rival Apple introduced its own in-car platform, Apple CarPlay, that same year.
Automakers that wanted to give consumers a better in-car experience without giving Google or Apple total access quickly adopted the platform. Even some holdouts, such as Toyota, have come around. Today, Android Auto is available in more than 500 car models from 50 different brands, according to Android Auto product manager Rod Lopez.
Google has since developed an operating system called Android Automotive OS that’s modeled after its open-source mobile operating system that runs on Linux. Instead of running smartphones and tablets, Google modified it so it could be used in cars. Polestar, Volvo’s standalone performance electric car brand, is going to produce a new vehicle, the Polestar 2 that has an infotainment system powered by Android Automotive OS.
Google might not be done tightening privacy controls. Wall Street Journalcontacts claim that the search firm is poised to launch a "dashboard-like" element in Chrome that would not only show more detail about tracking cookies, but give you options to limit them. While the concept isn't novel (Mozilla practically builds Firefox around tracking protection), it would be a significant break for a company whose very business revolves around advertising and user data.
The tools could arrive "as soon as this week," the sources said.
While the tools would come as a relative surprise to users, they've apparently been six years in the making. In addition to technical concerns, Google reportedly talked to advertising executives to gauge their opinions on "hypothetical scenarios" due to the seriousness of the change. While tracking cookies aren't as heavily used as in the past (smartphone apps play a large role), many advertisers still use them for targeting. These marketers may have to rethink their strategies knowing that Chrome users can easily disable tracking.
Not that Google is likely to mind much. The company reportedly stepped up its anti-tracking efforts in the wake of Facebook's Cambridge Analytica scandal, and is overall more concerned about privacy than it has been in the past. The damage done to advertisers might be considered worth the trade-off if users put more trust in Google and stick to its software.
Microsoft first released its Edge Chromium browser as early Canary and Dev builds on Windows last month. While Windows 10 users can test the new browser, Mac owners have been waiting to hear more details about when Edge will be available on macOS. Microsoft doesn’t have any solid dates to announce just yet, but the company has started teasing what Edge will look like on macOS.
During the company’s Build 2019 developer conference, Microsoft is announcing new features for Edge on Windows and teasing the upcoming macOS release. We understand that the release will be available very soon, and Mac users should be able to access both the Canary and Dev builds of Edge just like Windows.
Microsoft’s implementation of Chromium on Edge has so far seen good performance improvements and reliability on Windows. It’s not clear if we’ll see similar improvements on the macOS side versus Chrome, but at least it gives Mac users another Chromium option with some Microsoft services and sync integration.
Satya Nadella, CEO of Microsoft, sits in the Volkswagen Digital Lab in Friedrichshain, Germany, for a joint press conference with the chairman of the board of management of Volkswagen on Feb. 27, 2019.
Bernd von Jutrczenka | picture alliance | Getty Images
Microsoft on Monday used the start of its Build developer conference in Seattle as an opportunity to unleash a slew of updates to its lineup of cloud services.
For instance, Microsoft is letting users of its GitHub code hosting service provide their login credentials in order to access Azure cloud tools. At the same time, the company is making GitHub's enterprise tier compatible with the Microsoft Azure Active Directory service, so administrators will be able to more easily manage employees' GitHub use.
These changes and other enhancements could lead to greater adoption of Microsoft's overall Azure public cloud for hosting applications and storing data. That's critical as Amazon continues to maintain a big lead in the market and Google, which is thought to be behind Microsoft, is doubling down on its cloud efforts under its new chief, Thomas Kurian. Amazon had 32% of cloud market share at the end of 2018, according to Canalys. Microsoft had 13.7% and Google had 7.6%.
Microsoft has talked about cloud at its Build shows in past years, but this year it seems to be at the very center of the company's appeal to developers. Executives onstage are spending less time this year talking about consumer products like Windows and Surface computers.
GitHub, which Microsoft bought last year for $7.5 billion, could represent an on-ramp of sorts for Microsoft public cloud services.
"As the companies [Microsoft and GitHub] work together even more, there is an opportunity to educate them on Azure and how they should think about developing apps on top of Azure. And so we will certainly be promoting Azure to the GitHub community, but for the GitHub developers, really it's whatever cloud they want to build on and we're going to support that," Dave O'Hara, chief financial officer of Microsoft's commercial business, said at the Morgan Stanley Technology, Media & Telecom Conference in February.
On Monday, Microsoft said it will release an Azure SQL Database tool that can handle computing in a "serverless" capacity. This means developers won't have to set up and manage underlying resources for databases. Amazon and Google have also come out with serverless database technologies.
For almost two years now Microsoft has worked with partners, including third-party software makers, to sell Azure to companies, benefiting both Microsoft and its partners. The so-called co-sell initiative has led to more than $5 million in partner annual contract value in the past year.
Now Microsoft is expanding the program to Microsoft 365 — a bundle that includes Windows 10, Office 365 and Enterprise Mobility & Security software — and the Dynamics suite of enterprise software, including the cloud-based sales management application that competes with Salesforce's core Sales Cloud.
In the first quarter, Amazon picked up $7.7 billion in revenue from AWS. Microsoft does not specify revenue from Azure, but analysts Alex Zukin and Scott Wilson of Piper Jaffray estimated that Azure produced around $3.6 billion in revenue in the quarter. Microsoft did say that Azure revenue rose 73% year over year.
