8.18.2017

The Essential Phone is Dead on Arrival Because of the iPhone

iPhone 8 leaks tease similar design to Andy Rubin’s new Android flagship


So-called “bezeless” phones are all the rage this year. This newfound obsession with screen-to-body ratio started in South Korea with reveals of the LG G6 and Samsung Galaxy 8, respectively. Relatively obscure Chinese brands including DODGEE and UMIDIGI have also hopped on the bandwagon. The trend has since made its way westward, with Android founder Andy Rubin’s new company, Essential, debuting a ‘Droid-based smartphone with hardly any border around the display.

A mainstay in the upper tier of smartphones, the next iPhone (as usual) has been making headlines for months as leak after leak make their way to the press in spite of Apple’s secretive culture. In a vacuum, the leaked design of the iPhone 8 is a radical departure from the roughly 65% screen-to-body ratio of the past three iPhones. However, as mentioned, several bezeless Android smartphones from both household name companies and anonymous Shenzhen-based startups have come to market in recent months.

"Several bezeless Android smartphones have come to market in recent months."

This is what makes the inevitability of Apple being lauded for the iPhone 8’s design so hard to stomach. Like the MP3 player, smartphone, and tablet computer, Apple won’t be the first to market with this idea. Cupertino will be rewarded for its infamous “wait and see” approach, profiting off the ideas and hard work of others. If nothing else, I’m sure it’ll be a great phone.

The first wave of reviews are out and opinions of the Essential Phone are mostly positive. It’s basically a sleeker Google Pixel with a worse camera. But then again, so is the Galaxy S8. And while Samsung is a well-established brand, Essential is a newcomer that is leaning too heavily on the notoriety of its CEO and inventor of Android, Andy Rubin. Despite rumors of $300,000,000 in investment, Essential only managed to make a carrier deal with Sprint, the laggard of the US mobile big four.

Maybe this is the 2010s equivalent of the 2007 exclusive agreement between Apple and AT&T (then Cingular). The big difference is that AT&T was a rising star in those days and Sprint is a sinking ship. Essential may be mooring itself to that doomed vessel with a desperate out-of-the-gate $260 discount when activated on Sprint with an 18-month plan. The phone is unlocked, meaning it’ll work on the other national carriers and most MVNOs, but it’s a bad look for a new company (or any company).

8.17.2017

8 Chrome Browser Extensions Hijacked

Nearly 5 million users potentially affected



Cybersecurity firm Proofpoint has published a report naming 8 Chrome extensions which have been hacked. Over the course of four months, these extensions have been hijacked from their developers and used to serve malicious code and ads to their users. In previous cases, attackers used phishing techniques to steal login information.

The affected extensions are Copyfish, Web Developer, Chrometana, Infinity New Tab, Web Paint, Social Fixer, TouchVPN and Betternet VPN. Total installs for these apps comes to almost 4.8 million users. Tech site Bleeping Computer also reported about phishing attempts against the developer for two other Chrome extensions. Google has also been sending alert emails to developers warning them to expect a rise in phishing attempts.

Once attackers have stolen a developer’s login information, they take over the extension’s code repository, add malicious code, repackage the extension and push out an update with the corrupted code. These attacks started in May, but Proofpoint researcher Kafeine linked some of the infrastructure to another malicious extension using cookie content scripts back in June 2016.

Kafeine made several observations about the recently affected extensions. The extensions wait at least ten minutes after installing or updating, fetch a JavaScript file from a random DGA-generated domain and then harvest Cloudflare credentials from the browser. Next, they replace legitimate ads with malicious ones, show a popup alerting users about an error and redirect them to a new website (as part of a redirect affiliate program). Most ad replacements occurred on adult sites, and for 33 specific banner sizes. 

For now, users with the affected extensions should remove them from Chrome. Some of the developers are still trying to regain access to their accounts, so there could be no telling when these extensions will be safe again. Kafeine stated that although there is no direct proof linking all of these attacks, it is still possible that the same group is behind them. The researcher is more worried about the stolen Cloudflare credentials, believing that they could become a new platform for launching attacks.