Samsung T7 Touch review: portable, fast, and secure - The Verge

Samsung T7 Touch review: portable, fast, and secure - The Verge

Samsung T7 Touch review: portable, fast, and secure - The Verge

Posted: 23 Jan 2020 09:00 AM PST

A good portable SSD should be small, fast, and able to connect to devices through the almighty USB-C port. Samsung's new T7 Touch checks all of those boxes, plus another big one: it's more secure than your average SSD. There's a capacitive fingerprint reader built into the top of the drive, which works like the one you might have on your phone or laptop. After you've enrolled a fingerprint via the free companion app, it will require authentication before it mounts to your computer or phone. This feature — backed by AES 256-bit hardware encryption to lock down your biometric data and the drive's contents — makes it so that not just anyone can plug it in and see what you have stored. It works exactly like I thought it would.

Samsung's software for the SSD (compatible with Windows 10, macOS, and Android) is simple to use. The software even comes loaded onto the drive for easy installation, with the exception of the Android version, which is available from the Google Play Store. You'll need to create a password in the software to use the sensor, and you can enroll up to four fingerprints that can unlock it. The most obvious choice might be to log a few of your own fingers. But if you plan to share this with a classmate, your family, or colleagues at your company, the better move is to register other people's fingerprints with the drive, too. That way, it can be passed back and forth without much worrying.

As you probably expected, activating the T7 Touch's security settings in the app means that you'll need to authenticate your fingerprint each time you connect the drive to a phone or computer. The LEDs behind the sensor blink repeatedly while it waits for you to verify your identity, and until you do, it mounts as a mostly useless read-only drive that supplies a download of Samsung's SSD software.

It's a little more useless in this read-only state than I'd like. Samsung doesn't let you create a customized message that appears automatically, like one to point people in the right direction to return the drive should it get misplaced. Also, if you don't have a fingerprint logged and you forget the password for the drive, simply resetting it isn't an option. It will permanently stay in read-only mode, and you will have to contact Samsung to arrange a manual reset.

I tested the 500GB model that costs $129.99. Samsung also offers a 1TB version that costs $229.99 and a 2TB drive that costs $399.99. That's getting up there in price for a drive that doesn't support Thunderbolt 3's faster transfer speeds, though to the T7 Touch's credit, it's not far off what the previous generation T5 sold for. In addition to the new fingerprint security, the T7 is also considerably faster than the T5.

For those who aren't familiar with the T5, Samsung's 2017 portable SSD, the T7 Touch still looks and feels like a compact business cardholder. It's easy to pocket, and its slim design lets it slide easily into practically any bag. This new model is wrapped in aluminum that Samsung says makes it shockproof from a drop of up to six and a half feet in height. In the box, you'll find a USB-C to USB-C cable as well as a USB-C to USB Type-A cable in case you need to connect it to a device that doesn't have a USB-C port.

Similar as they might look, the T7 Touch's NVMe solid-state drive amounts to a huge boost in transfer speeds compared to the SATA drive used in the T5. We compared several USB-C drives last year to find out what kind of portable drive you should be spending your money on, and those with NVMe storage inside came away the clear winners — even though they cost a premium. This is the technology you want inside of your laptop, your next-gen gaming console, and definitely what you want inside of your next portable drive.

The T7 Touch is thinner than the T5, but it's also taller.

Of course, just how fast this (and any) drive transfers relies entirely on what kind of computer you're plugging it into. Samsung's T7 Touch uses the USB 3.2 Gen 2 interface with 10Gbps bandwidth (same bandwidth as USB 3.1 Gen 2, different name). Samsung claims up to 1,050MB/s read and 1,000MB/s write speeds, and it's possible to achieve something close to those marks if these criteria are met:

  • Your laptop or desktop has a USB Type-A or USB-C port that supports the USB 3.2 Gen 2 interface or faster
  • Your laptop or desktop has an NVMe drive inside, not a slower SATA drive. (Most SSDs on the market use SATA, though NVMe is lowering in cost, and therefore picking up in popularity.)

I tested this drive out with a 2019 MacBook Pro, which features two Thunderbolt 3 ports that can handle far more bandwidth than Samsung's T7 Touch is capable of piping through. Using Blackmagic Disk Speed Test, the T7 Touch boasted an average write speed of 807MB/s and read speed of 903MB/s. That's below what Samsung advertises above, but it's what I expected. It's possible that the larger-capacity models in this lineup could perform slightly better since large-capacity solid-state drives are allegedly faster, thanks to having more NAND layers to write to. But overall, these numbers are on par with performance from a 1TB Intel 660p NVMe SSD fitted in an enclosure.

Arbitrary read and write speeds are nice to have, but the most transparent kind of test is seeing how long it takes to transfer a large file from the drive to the laptop and from the laptop back to the drive. It took nine seconds on average to copy a 13GB file on the MacBook Pro, roughly a 40 percent improvement compared to the T5 SATA SSD doing the same test. To copy the file to the T7 Touch, it took 11 seconds on average, an approximate 35 percent increase in speed compared to the T5. I also ran this test with the aforementioned Intel 660p NVMe SSD mounted in an enclosure, and the results were within a second of what the T7 Touch managed.

At first, the takeaway here doesn't look great for Samsung; a large 1TB NVMe drive and an enclosure to pop it into costs just a bit more than this 500GB drive, yet performs just about the same — if not slightly better. Building your own drive will afford you more storage for less money, but so long as you're all right with taking a hit in storage capacity, Samsung's latest portable drive gets you added security and a more compact design.

Having a fingerprint sensor won't make this a must-have product for everyone. But if you're sold on the form factor and the speed improvements Samsung made here, you should know that a version of the T7 that won't support biometrics is coming in Q2 2020. It will likely be slightly more affordable (though Samsung hasn't yet confirmed the price) and will even out the value better compared to a DIY NVMe drive. Still, for the time being, Samsung's new model isn't much more expensive than its predecessor, and the added features and faster transfer speeds amount to a product you likely won't regret buying.

Vox Media has affiliate partnerships. These do not influence editorial content, though Vox Media may earn commissions for products purchased via affiliate links. For more information, see our ethics policy.

The Bezos WhatsApp hack linked to a Saudi prince could happen to anyone - Vox.com

Posted: 22 Jan 2020 05:00 PM PST

Open Sourced logo

A new investigation suggests that the hacking of Amazon CEO Jeff Bezos's phone stems from a WhatsApp account linked to Saudi Arabia's Crown Prince Mohammed bin Salman and one seemingly innocuous video file. The alleged hack shows that security online is never guaranteed, even on this very popular Facebook-owned encrypted messaging app. And that's something to keep in mind even if you aren't a billionaire.

How Jeff Bezos allegedly got hacked, explained

First reported by the Guardian and the Financial Times, the investigation found that an iPhone X belonging to Bezos was hacked after it received a video file in a WhatsApp message in May 2018. The business advisory firm FTI Consulting, which conducted the investigation, claims with "medium to high confidence" that the video file came from a WhatsApp account belonging to Mohammed bin Salman, also known as MBS.

According to a copy of the full report, compiled by FTI and obtained by Vice, the video itself could not be studied due to WhatsApp's encryption feature, so it remains unclear if it contained malware. Nevertheless, investigators observed that, shortly after the video was sent, abnormally large amounts of data were exfiltrated from the phone. (Data exfiltration occurs when a malicious actor transfers data off of a device, usually without the owner's knowledge.) This exfiltration continued at a high rate for several months.

The video was sent to Bezos, who owns the Washington Post, at the same time as the Saudi government was, according to the report, "very concerned" about Washington Post columnist Jamal Khashoggi. Khashoggi was murdered in October 2018. CIA officials later concluded that the killing took place with MBS's approval, an allegation the Saudi prince has denied.

Meanwhile, suspicions that the Saudi government had hacked Bezos's phone began in February 2019, after the National Enquirer reported that Bezos was having an extramarital affair. That report appeared to rely on information that could only have been obtained through Bezos's phone. Bezos's security team hired FTI Consulting to investigate his phone shortly after. (The National Enquirer claims its information came from Bezos's girlfriend's brother and that the Saudi government was not involved.)

Further adding to the evidence that MBS hacked Bezos's phone: A few days after Bezos was told on the phone that he may have been hacked by the Saudi government, MBS sent him a message over WhatsApp saying (all sic): "Jeff all what you hear or told to it's not true and it's matter of time tell you know the truth, there is nothing against you or amazon from me or Saudi Arabia."

The release of the FTI report also caught the attention of two United Nations Human rights experts, who called for further investigation into allegations that MBS hacked into Bezos's phone. Meanwhile, the potential link between the phone hacking and Khashoggi's murder does not appear to be lost on Bezos, who tweeted this the day after the FTI report emerged:

MBS allegedly uses WhatsApp to communicate with many high-profile figures, including Boris Johnson, Richard Branson, and President Trump's son-in-law Jared Kushner. One Silicon Valley executive told Recode that other leaders and executives in the tech industry are worried about undiscovered attacks. After all, MBS met with several of them — including Sergey Brin, Tim Cook, and Peter Thiel — when he visited the region in April 2018.

If it happened to Bezos, it could happen to you — so here's what you should keep in mind

It's easy to dismiss this maze of revelations involving Bezos and MBS as just another high-profile hack. What's notable here, however, is that the hacking happened within WhatsApp, a service that promotes itself as the safe option for people who are concerned that their messages will be intercepted by hackers. WhatsApp even says in its FAQ, "Privacy and security is in our DNA." (WhatsApp did not respond to a request for comment.)

Thanks in part to this promise of privacy and security, WhatsApp is one of the most popular apps in the world, with about 1.5 billion active users worldwide as of February 2018. Its primary security feature is end-to-end encryption, which means messages can only be seen by the sender and receiver while they're in transit — anyone who intercepts them will receive an unreadable encrypted file. Not even WhatsApp can read users' messages.

However, this added layer of protection should not be confused with absolute security, as the Bezos hack shows. Assuming the report's conclusions are correct, the end-to-end encryption worked just fine: FTI was unable to decrypt the file apparently sent by the account linked to MBS. But good encryption didn't prevent Bezos's phone from sending gigabytes worth of data to a malicious actor for weeks after the video file was sent.

It's worth pointing out that a default setting in WhatsApp allowed Bezos's phone to download the video file — and any malware therein — automatically. You can opt out of this feature to help protect against something like this happening to you.

As alarming as the Bezos hacking story seems, WhatsApp users concerned about security might not want to delete the app just yet. Even with WhatsApp's checkered history, several security experts told Recode they don't think the app is particularly problematic.

"This is not indicative of a vulnerability in WhatsApp," Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, said. "There is nothing they can do when a trusted contact sends you a carefully crafted malicious link."

Maya Levine, a security engineer at cybersecurity company Check Point, said it's not so much that WhatsApp is especially flawed. The Facebook-owned app is simply an attractive target, which makes its vulnerabilities much more likely to be exposed.

"It's encrypted messages, so you can get a lot of information if you are able to hack WhatsApp successfully," Levine said. "WhatsApp is probably the most popular encrypted messaging app worldwide and because of that, it's maybe targeted a little bit more by hackers. But I wouldn't say it's less secure."

The best takeaway for the average person is not to be lulled into a false sense of security and assume they'll be left alone because they aren't a typical hacker target, said Paul Ducklin, principal research scientist at cybersecurity firm Sophos. Even apps packed with privacy features, he added, aren't completely safe.

"Unfortunately, when it comes to cybercriminality these days, nobody's immune and no software that you use is likely to be 100 percent free of bugs," Ducklin said. "Sometimes people get a program like WhatsApp or any of its many competitors, and once they find out it's got all this encryption, they assume that encryption means that the message is secure forever hereafter, when the encryption is about securing the content while it's going between you and the other person. It's important not to hear about a technology and assume that it protects you more than it does."

And while nothing is foolproof, there are some things you can do to minimize your risk.

"Keep up to date on your updates," Levine said, "both on your phone's operating system itself and your apps." Updates will contain security patches that fix flaws and vulnerabilities, and often roll out soon after they are discovered.

Despite WhatsApp's security issues — and WhatsApp is hardly the only encrypted messaging app to have this problem — Galperin doesn't think users should abandon it. Last May, she wrote about a different WhatsApp vulnerability and recommended that people continue to use end-to-end encrypted messaging apps, which she said are one of "the most effective ways to protect the contents of your messages," at least for "most people most of the time."

Ducklin, meanwhile, said the best way to prevent sensitive information from being taken from your phone is the time-honored method of not putting it there in the first place. That, and thinking twice about what you're sharing and who you're sharing it with.

"Sometimes, the best way to avoid that problem is simply to go, 'Okay, I'm going to share less information,' or, 'I'm not going to share this particular photograph,' or, 'I'm not going to talk about secret personal stuff on this channel. Maybe I'll wait until I meet up with this person face to face,'" Ducklin said. "Modulating your own behavior a little bit is often a lot better than fretting about which of many potentially equal apps you're using to communicate."

Bezos may be a unique and desirable hacking target, but the dangers of putting all your trust in an app — even a reasonably secure one — apply to everyone.

"The app can't save you from yourself," Ducklin said.

Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

Jeff Bezos iPhone hacking: How to protect your phone from cyber hackers - Fox Business

Posted: 23 Jan 2020 09:29 AM PST

Amazon founder and CEO Jeff Bezos' cellphone was reportedly hacked after he opened a message in WhatsApp.

Some people are wondering how hackers tricked the founder of the most valuable brand in the world into watching a video on his iPhone that contained malware.

Continue Reading Below

Two U.N. experts called for an investigation by the U.S. into information they received suggesting Amazon founder Jeff Bezos opened a malware-containing video message on the Facebook-owned messenger WhatsApp that appeared to come from Saudi Crown Prince Mohammad Bin Salman's personal account in 2018.

Check Point, a software company, has conducted extensive research on WhatsApp since 2018 and exposed vulnerabilities in the app that led to scams like this one involving Bezos, as well as updates in the app that have helped fix those vulnerabilities.

"Instant messaging and social media – as we've seen in the last three years – these are the mains target today from a phishing attack perspective,"  Oded Vanunu, Check Point head of product vulnerabilities research, told FOX Business. "We are talking about billions of people using these apps; [they] are used on all types of devices all over the world."

The fiancee of murdered Saudi Arabian journalist Jamal Khashoggi, Hatice Cengiz (fourth from left) and Amazon CEO Jeff Bezos (third from left) attend the opening ceremony of Khashoggi's monument. (Arif Hudaverdi Yaman/Anadolu Agency via Getty Images)

"These apps have become like gates to bad actors," he said, adding there is "a big public market for cyber-offensive vulnerabilities weapons. There are big offensive companies all over the world paying money for these kinds of vulnerabilities."

The bad actors in this situation gained access to Bezos' phone using a method called "phishing." Phishing is a popular hacking technique that tricks people into opening links and sharing personal information to give hackers access to devices.

BEZOS RETAINS CROWN AS WORLD'S RICHEST IN 2019, DESPITE LOSING $38B IN DIVORCE

Sixty percent of Americans say they or a close family member has been a victim or a phishing attack, according to a 2019 report from phishing protection company Retruster. Additionally, there was a 200 percent increase in phishing attacks via social media in 2018, according to Phishlabs.

"Consumers need to recognize that the very value proposition that makes WhatsApp appealing -- privacy and secrecy of messaging -- is what makes it an extremely desirable target for the bad guys and people with bad intentions," Richard Bird, chief customer information officer at software company Ping Identity, told FOX Business. "Secrets are too valuable of an asset for the bad actors not to at least try."

So, if the founder of Amazon can fall victim to phone hacking through social media, how can regular people prevent bad actors from getting access to their phones and personal information? Here are some tips.

Keep your apps up to date

"The first thing is always to make sure your apps are up to date," Vanunu said. "Vendors are always issuing updates. With updates, there are also security backs. It's very important."

WHAT TYPES OF COMPANIES COULD BE TARGETTED BY AN IRANIAN CYBER ATTACK? 

Phone, computer and tablet systems should also be updated on a regular basis.

Be wary of potential phishing messages

If Bezos' hacking story has taught the public anything, it's that people should be cautious when they are opening emails and messages -- especially on social media apps -- that contain links, videos and other content that requires the user to click or open a new tab on a device.

Users should also pay attention to email and general message senders and ask themselves if certain names and addresses are familiar or unrecognizable.

"You can't tell people not to open videos and messages that are part of the application," Vanunu said. "But they should bear in mind that when they get messages from people they don't know or groups they don't trust, they should think twice."

Bird explained that even on an encrypted device or app, bad actors can still get access to sensitive information.

"Secrets are very hard to keep," he said. "Either someone wants them and hunts for them or we slip personally and disclose them. Even with encryption, a secret is still too tempting of a target to someone. WhatsApp is a good encrypted chat platform, but it doesn't change a single thing about the human desire to discover a secret."

Watch out for suspicious-looking calls and texts

Robocalls and scam text messages have unfortunately become the new norm in recent years. Most of these calls and texts are used to scam people into giving out personal information.

Do not pick up phone calls from unrecognizable numbers that look oddly familiar to your own phone number or come from the same area code. Voicemail is always an option for callers who are not scammers. Do not reply to or click on links in text messages that say anything about being the victim of a hacking attempt or being some kind of lucky winner.

Clear your cache

This is a phrase you may hear at work. "Clearing your cache" means regularly deleting browsing history, cookies and other information a device has been trained to immediately recognize when a user opens a particular app or website. This will minimize a user's "virtual footprint," or the amount of data visible to potential hackers.

Download a security app

There are phone security apps for Android and Apple smartphones that many people are unaware of, according to Vanunu.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

"Today on the market, there are some security products you can use that very few people know about and use," he said.

It is crucial, however, that users do their research before downloading and signing up for an app since apps themselves can have vulnerabilities that give bad actors access to personal information.

A Whatsapp App logo behind a Samsung Galaxy S4 phone that is logged on to Facebook in the central Bosnian town of Zenica, Feb. 20, 2014. (REUTERS/Dado Ruvic)

"Consumers need to ask themselves an important question for every app that they use," Bird said. "'Do I trust the solution more than I trust myself when it comes to my safety?' Don't assume the standard security settings in an app as 'safe'; if automatic downloads had been disabled in this case, it appears that this hack could have been avoided."

Understand the threat

Sometimes there is nothing that will stop a bad actor from accessing sensitive information on a device or through an app.

"There is a big public market for cyber-offensive vulnerabilities weapons. There are big offensive companies all over the world paying [millions] for these kinds of vulnerabilities," Vanunu explained.

"The reality of it is that these kinds of vulnerabilities that target Whatsapp and other apps are sophisticated. It's not fair to say you can prevent these. Usually, it's very hard to prevent it. They are seamless. This is why they are worth a lot of money in the market," he said.

CLICK HERE TO READ MORE ON FOX BUSINESS

BullGuard Internet Security 2020 review - TechRadar India

Posted: 23 Jan 2020 04:32 AM PST

London-based BullGuard is an experienced security company which has been developing consumer antivirus software since 2002.

The 2020 range starts with BullGuard Antivirus, a Windows-based product with real-time virus protection, malicious URL filtering, and, surprisingly, a performance booster for games and other demanding full-screen applications.
-

Comments

Post a Comment

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Image
Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
Read more

VPN browser extensions: Why you shouldn't use then - Tech Advisor

VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
Read more

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Image
Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Posted: 11 Mar 2021 12:00 AM PST Cybercrime , Encryption & Key Management , Endpoint Security Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Mathew J. Schwartz ( euroinfosec ) • March 11, 2021     Source: Sky ECC website Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations. See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via vari
Read more