Earlier this month, Oppo teased its upcoming under-screen camera tech with a quick and dirty video, and Xiaomi was quick to announce that it was working on something similar. Neither company explained how the tech worked back then, but today, our colleagues over at Engadget Chinese were able to give this new feature a spin at MWC Shanghai, and Oppo was also willing to shed some light on the how.
Just like in the earlier video demo, when the camera is idle, the screen works just as normal. However, when you look up close, the area above the camera appears to be more pixelated. According to Oppo, this zoned-out area features a highly-transparent material plus a redesigned pixel structure for improved light transmittance. In other words, this camera tech requires a customized display panel, because existing ones won't do the job -- their transparency properties are only good enough for in-display fingerprint readers, but not conventional cameras.
Oppo added that the under-screen camera itself also packs a larger sensor with bigger pixels, along with a larger aperture to get as much light as possible. This does mean a drop in resolution, and based on our quick comparison, there's certainly room for improvement in terms of clarity and color accuracy. This is a little worrying, considering Oppo has already applied its algorithm fix on haze removal, HDR plus white balance, and it'll have to put in extra effort here to meet its usual selfie standards.
There's still no update on when we can expect this under-screen camera technology to show up on a mass-production phone -- all we were told was this will be released "in the near future." Given that Xiaomi is also toying with this tech, chances are these two brands are not alone in this race. At least this will keep us entertained until someone finally figures out the foldable form factor, anyway.
Israeli security firms Check Point and CyberInt partnered up this week to find, exploit, and demonstrate a nasty security flaw that allows attackers to hijack player accounts in EA/Origin's online games. The exploit chains together several classic types of attack—phishing, session hijacking, and cross-site scripting—but the key flaw that makes the entire attack work is poorly maintained DNS.
This short video clip walks you through the entire process: phish a victim, steal their account token, access their account, and even buy in-game stuff with their saved credit card. (You might want to mute before you press play—the background music is loud and obnoxious.)
If you have a reasonably good eye for infosec, most of the video speaks for itself. The attacker phishes a victim over WhatsApp into clicking a dodgy link, the victim clicks the shiny and gets owned, and the stolen credentials are used to wreak havoc on the victim's account.
What makes this attack different—and considerably more dangerous—is the attacker's possession of a site hosted at a valid, working subdomain of ea.com. Without a real subdomain in their possession, the attack would have required the victim to log into a fake EA portal and harvested a password. This would have immensely increased the likelihood of the victim becoming alert to a scam. With the working subdomain, the attacker was able to harvest the authentication token from an existing, active EA session before exploiting it directly and in real time.
When I spoke to CyberInt's Alex Peleg and Check Point's Oded Vanunu in a conference call today, that was really all I wanted to know—how'd you guys get control of that EA subdomain in the first place? According to the two researchers, it's a pretty common screwup. A big company starts a new marketing campaign, sets up a devops team to do the coding work necessary, and gives the team a new subdomain—like eaplayinvite.ea.com—to run the campaign on. The devops team spins up new instances on AWS, Google Cloud, or a similar provider, then uses a CNAME record to connect the company subdomain to a provider-internal A record at the host. When the marketing campaign is over, the AWS or other cloud instance gets shut down... but nobody tells the team managing the company's main domain to get rid of the CNAME record. That's where things go sideways.
Enlarge/ You can use the DNS command-line tool dig to find out all sorts of interesting things about an FQDN.
Jim Salter
An attacker interested in the company can see that it launched a new subdomain and then use the tool dig to see how it's hosted. If the attacker sees that the company has used a CNAME record to redirect to a cloud provider's internal DNS, the next step is to wait for the marketing campaign to complete and the URLs involved in the campaign to stop working. Now we dig the subdomain name again—if the original CNAME is intact, we're in business. Next, the attacker uses an account of their own at the same cloud provider and requests the same provider-internal DNS name originally used by the campaign.
At this point, the original CNAME is now pointing to the attacker's website, not one controlled by the actual company. Armed with a working subdomain of the company's real domain, cookies belonging to the company's users can be captured (and embedded!). This makes instant attacks versus victims using that company's services possible.
In this case, Alex and Oded opened with a phishing attack over WhatsApp, but a more enterprising attacker might instead have begun with a watering-hole attack. Imagine a serious attacker had bought HTML-enabled ads from a banner farm, specifically targeting EA gamers—their ad might open an invisible iframe to their hijacked subdomain. Such an iframe could automatically harvest any logged-in gamers' auth tokens without any need for interaction from the users at all.
Scary possibilities abound.
According to Alex and Oded, the kind of oversight made here by EA/Origin is depressingly common in large companies. Devops teams don't talk to infosec teams, neither talks to more traditional ops teams that manage core services like company-wide DNS, and mistakes get made. The researchers—and their companies—hope that public demonstrations like this will wake large companies up, break down the silos, and ultimately make end-user accounts less vulnerable to hacking.
First came the loathed notch. Then Samsung (and Huawei) started drilling actual holes into the screens of their high-end (and even mid-range) devices to move one step closer to the bezelless dream. Pop-ups and sliders are also a thing nowadays, despite the inherent vulnerabilities of mechanical camera modules, but what most smartphone manufacturers might actually be working on is invisible selfie shooters.
Invisible to the unassuming eye of the user, that is, with Oppo becoming the world's first company today to showcase a (partially) functional prototype of a phone equipped with "Under-Screen Camera technology." Oppo and Xiaomi teased this breakthrough pretty much simultaneously a few weeks back, but we're guessing the latter is one or two steps behind the former when it comes to actually developing the technology.
Before you get too excited, though, you may want to remember handsets with under-display cameras are not expected to be commercially released this year. That's because there are a number of hurdles yet to be overcome, starting with the quality of pictures taken by these hidden shooters. Just like in-screen fingerprint readers, the display-embedded imaging sensors are simply not as accurate and capable as their conventional counterparts... yet.
LOADING
But Oppo seems pretty confident this challenge will soon be conquered through the implementation of haze removal, HDR, and white balance technologies resulting in a truly bezel-less phone with a selfie camera rivaling "current smartphones in the market today." In addition to a drool worthy promotional video and a series of live prototype pictures from the 2019 Mobile World Congress in Shanghai, Oppo has tweeted a short explanation of the Under-Screen Camera (USC) technology earlier today, describing it as a combination of a customized camera module, an enhanced translucent panel material, and advanced processing algorithms aimed at taking "vivid pictures without a notch or motorized camera."
Sounds like mass manufacturing will not exactly be a breeze, which is yet another key reason why we need to wait until next year (at the earliest) to see this innovation translated into a commercial product. Fingers crossed for better quality than the early performance of under-display fingerprint scanners.
Oppo has announced a new proprietary communications technology designed to let people call or chat across medium distances without using cellular networks, Wi-Fi, or Bluetooth. The protocol is called MeshTalk and is a decentralized, end-to-end system that Oppo says can cover up to 3 kilometers (1.86 miles) outdoors — or even further in more crowded environments when signal relay between devices can be used.
Basically, Oppo devices will be able to create ad hoc local area networks across a wide area and communicate directly to each other without the need for base stations. The company claims that MeshTalk doesn’t have a significant effect on battery life, and indeed plans for it to work with a 72-hour standby mode so that phones can still be reached in an emergency when they’re low on power.
Oppo envisages MeshTalk being used in situations where you don’t have internet access or when traditional networks are too congested, such as at a concert or after landing at a foreign airport. It’s not clear whether it’ll work with existing Oppo phones, or when Oppo plans to launch the feature, but it’s being demonstrated this week at MWC Shanghai.
Vivo's booth at Mobile World Congress in Shanghai, China is shown in this photo taken on June 26, 2019. Joel Guinto,ABS-CBN News
SHANGHAI -- Vivo unveiled Wednesday its new fast charging technology which it said could juice up a standard smartphone battery to 100 percent from 10 percent in 13 minutes alongside a host of 5G applications.
The company is among exhibitors at the Mobile World Congress here where China's tech behemoths showed off their next generation devices, some ahead of their commercial release.
Vivo's Super Flash Charge is rated at 120 watts, triple the capacity of the fastest that is commercially available, 40 watts on the Huawei P30 Pro. The company said it could charge to 50 percent from zero in 5 minutes.
Vivo's Super Fast Charge adds 6 points of charge, or from 22 percent to 26 percent in 20 seconds.
Alongisde the 5G capable IQOO, Vivo also announced Easy Share, which allows devices to swap files regardless of size or distance as long as there is a 5G connection and Screen Mirroring, which lets a user see the display on another person's screen in real time.
Vivo said this would solve "industrial problems" tied to file swapping and sharing in the age of wireless.
An external hard drive is accessed through a Vivo mobile phone and is shown on a giant TV screen. Joel Guinto, ABS-CBN News
An IQOO phone is on display at the Vivo booth in Shanghai, China's Mobile World Congress on June 26, 2019. Joel Guinto, ABS-CBN News
Vivo unveiled its AR glasses, allowing consumers to project productivity apps such as email right in front of their faces. The glasses can also be used for gaming.
Vivo's AR glasses pair with a smartphone that can function as a track pad. Photo taken June 26, 2019 at Mobile World Congress in Shanghai, China. Joel Guinto, ABS-CBN News
The company also offered enterprise solutions such as allowing employees to have two profiles on their phones to separate work from family correspondence.
Vivo said it just showed off its new charging tech at Mobile World Congress Shangai that can juice up your phone in just 13 minutes. The Chinese phone maker said that phones with this technology can support charging at 120W.
The new method, called Super FlashCharge 120W, uses Vivo‘s custom USB-C cable and travel charger. The company tested this method with a 4,000 mAh battery in the lab and was able to charge from 0 to 50 percent in just five minutes – and subsequently 100 percent in another eight minutes.
This technology beats Xiaomi’s previous record of charging a phone with 4,000 mAh battery with a 100W charger in 17 minutes.
While Xiaomi announced that its battery tech will soon go into mass production, there’s no word on when Vivo‘s technology will make it to phones we can buy. Nonetheless, it’s an exciting development, and we can’t wait to see this in action.
For more gear, gadget, and hardware news and reviews, follow Plugged on
Twitter and
Flipboard.
Starting this Friday, the Samsung Galaxy S10 5Gwill be available through another carrier. T-Mobile is adding the handset to its lineup, though for now you'll only be able to pick one up from certain stores in cities where its 5G network is switched on.
It's active in parts of Atlanta, Cleveland, Dallas, Las Vegas, Los Angeles and New York. In areas of town where you don't get a 5G signal, T-Mobile will switch you to its LTE network.
The carrier has published 5G coverage maps, which should prove useful in helping you figure out whether a 5G handset makes sense for you any time soon while it and other companies continue to build out their networks. T-Mobile is trying to merge with Sprint, and if the companies win approval, they'll combine their 5G spectrums for a more expansive network.
T-Mobile says it won't charge a premium for 5G, unlike some other carriers, and says it won't raise prices on plans for at least three years. It joins several other US carriers in offering the S10 5G, including Verizon (Engadget's parent company) and AT&T (albeit for business customers only for the time being in the latter case), while UK providers Vodafone and EE started offering it this month.
Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.
_by_Yosa_Buson.jpg){kind=link}