Microsoft will pay you up to $250,000 to find Spectre-like flaws

If you know how to test hardware and software and how to identify vulnerabilities in them, then there’s some real money to be made. Some manufacturers and developers will pay tons of cash to anyone who can pick out defects in their products that can lead to system breaches — all it takes is some know-how and a little patience. Microsoft is one such company, and it’s now paying up to $250,000 for identifying vulnerabilities related to Meltdown and Spectre.

In case you’ve forgotten, these two vulnerabilities have been causing quite a stir over the last several months. They impact almost all CPUs in use today to one extent or another, including Intel, AMD, and ARM processors going back a decade or so. Fixing the bugs, which involve “speculative execution” that is used to speed up processing, has caused system crashes, reboots, and poor performance, and Intel in particular has struggled to create a stable solution.

Microsoft has now added those kinds of vulnerabilities to its bug bounty program. Phillip Misner, principal security group manager for Microsoft’s security response center, describes the new bounty:

“Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues. Tier 1 focuses on new categories of attacks involving speculative execution side channels.”

There are four tiers in the Speculative Execution Bounty Program, as follows:

• Tier 1: New categories of speculative execution attacks, up to $250,000
• Tier 2: Azure speculative execution mitigation bypass, up to $200,000
• Tier 3: Windows speculative execution mitigation bypass, up to $200,000
• Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary, up to $25,000

Microsoft will be sharing whatever research is uncovered by the bounty program. This will allow collaboration between all of the involved parties to create solutions to the vulnerabilities and create a more secure environment for users.

If you’re someone who knows how to dig into systems and find flaws, then you’ll want to take a look at Microsoft’s standard terms and conditions for its bug bounty programs. There’s some real money to be made, and so you can gain some financial benefit to go with the good feelings that come with bringing some better security to our computing lives.

Editors’ Recommendations

• Microsoft misses another Edge-related 90-day security disclosure deadline
• Intel opens bug hunt to all security researchers, offers possible $250K payout
• Looking back on 5 years of Surface with the product guru who brought it to life
• Microsoft’s latest Windows 10 patch will address Spectre Variant 2 CPU flaw
• Five years on, Microsoft’s Surface has made your PC better

Researchers exploit flaws in two browsers installed on MacOS devices

Researchers recently uncovered security flaws in two web browsers for MacOS enabling hackers to gain access to Mac devices. The first flaw reared its head in Safari during the first day of Pwn2Own 2018, giving the hacker full control of the Touch Bar. Meanwhile, Check Point Research stumbled across a nasty bug in Google Chrome granting access to the administrative or any other user account without the need for a password. 

First up, Samuel “5aelo” Gross from Phoenhex targeted Safari during his Pwn2Own hack attempt using a MacOS kernel Elevation of Privileges, meaning he found a way to get permission to use resources only reserved for the lowest level of MacOS that even administrators can’t access. He did this by exploiting a bug in Safari’s Java-based just-in-time (JIT) compiler optimization combined with a flaw in the MacOS platform. 

“He used a combination of a JIT optimization bug in the browser, a macOS logic bug to escape the sandbox, and finally a kernel overwrite to execute code with a kernel extension to successfully exploit Apple Safari,” Zero Day Initiative explains a bit more thoroughly. “He left a message for us on the touchbar once he was complete.” 

Meanwhile, Check Point Research’s discovery in Google Chrome has nothing to do with the Pwn2Own 2018 event. Instead, one of the firm’s security analysts noted “unexpected behavior” while examining the Remote Desktop component of Google’s Chrome browser for MacOS. He noticed that he could sign onto the remote Mac device as a guest user, but jump into another active session, even one used by the administrator, without entering a password. 

As the report explains, typically there is someone logged onto a MacOS device but locked with a password when not in use. In turn, guests don’t actually have an account: They can simply access the Mac device without a password and are typically restricted in some fashion by the administrator. All files created by the guest are stored in a temporary folder and deleted once they log off the device. 

That said, if guests access the Mac remotely using Chrome’s extension, they see a screen displaying the current user’s password entry field and an option to sign on as a guest. After clicking on the guest icon and proceeding to the home screen, the guest will see the current user’s desktop rather than the temporary sandboxed guest account. Meanwhile, the source MacOS device displays the guest account on its screen. 

The company said it reported the Chrome issue to Google on February 15, but the search engine giant believes the Remote Desktop login screen is not “a security boundary.” Regardless, Check Point Research felt the need to go public with the issue given many Mac owners provide guest access to their devices. 

Chrome’s Remote Desktop component is a handy way to troubleshoot a remote relative’s computer or grab files from home. At least two computers need Chrome installed, with one serving as the “source” machine providing an access code to the second machine.

Editors’ Recommendations

• Apple iOS 11.2.2 update offers a fix to the Spectre security vulnerability
• LG unveils two patents for foldable smartphones
• Two countries are now investigating Apple over iPhone planned obsolescence
• Not the dress again — illusion from two identical images confuses the internet
• Making a Spectacle: Snap may release two new versions of its smartglasses

Apple’s latest touchscreen keyboard patent suggests a squishy, keyless future

Apple has flirted with the idea of putting a touchscreen keyboard on its MacBook lineup for a while now. Most recently, a few patent filings have suggested that the idea could be coming to fruition, and a new filing made public gives us a sneak peek at how such a device could work — and why it could be revolutionary.

This latest patent filing describes a touchscreen keyboard with haptic feedback that actually deforms with each keystroke, so it could feel like an actual keyboard, despite being a glossy touchscreen display. The keyboard would achieve this by embedding an array of haptic actuators beneath the display itself.

A display with embedded haptic feedback would certainly make a new MacBook eye-catching, but there is quite a bit going on here. The patent filing goes on to describe haptic feedback zones arranged in such a way that you would be able to load up different keyboard configurations and still receive accurate haptic feedback.

As these drawings indicate, this isn’t just a touchscreen keyboard. It’s every keyboard, or at least it could be. You could load up an ergonomic layout if you’d prefer, you could move your touchpad to the center of your keyboard, or you could turn the whole thing into a giant play and pause button. For some reason. It doesn’t matter why, the point is: You could do it. And you would still get haptic feedback in all the right places.

Just think about how this could work, the options this could open up for graphic designers, for musicians, for programmers, for anyone who might need more than a typical keyboard could provide. This patent spells out how this custom haptic system could work, but the possible implementations are infinitely more interesting.

As we mentioned, this isn’t the first time we’ve seen Apple flirt with this idea. There are more than a few patent filings outlining how a touchscreen or dual-screen MacBook might look, but this patent does something else: It shows us how it could work, and what that could mean for MacBook — and even iOS users. That’s right, there is a version of this touchscreen keyboard fitted to an iPad Pro keyboard case in the patent filing. It could just be an example, or it could be a glimpse at the future of the iPad platform. Now, what remains to be seen is how this touchscreen keyboard will stack up to Microsoft’s long-rumored dual-screen phone.

Editors’ Recommendations

• Apple files patent for a crumb-resistant MacBook keyboard
• Razer Project Linda Preview
• Latest Microsoft patent hints at mobile device with hardware laptop mode
• Google’s idea for radar-based gesture control could change the remote forever
• Instead of stealing jobs, what if A.I. just tells us how to do them better?

Lyft is testing a subscription service for frequent riders

If you find yourself getting around town using multiple Lyft rides every day, or you use the service to commute to and from work, then how do you like the idea of paying a regular monthly fee for all the rides you take?

Lyft confirmed to The Verge that it’s currently conducting trials on variations of a subscription model to see which might work best for frequent riders.

A message sent to one of the riders in the trial describes an “all-access pass” with “no surprises.” Options currently being tested reportedly offer 30 rides costing anywhere between $199 and $300, and $399 for 60 rides. Any journey that costs up to $15 is included in the subscription, but it’s not known what riders are paying if the fare exceeds that amount.

A Lyft spokesperson told The Verge on Thursday, March 15 that it has been trying out its “All-Access Plan” for the past few months with select riders, but it hasn’t yet made a final decision on whether to proceed with the model.

The trial is aimed at finding a fee/ride combination that suits both the rider and the company, but if a suitable balance can’t be struck, Lyft could abandon the plan altogether and consider developing alternative payment models instead.

Lyft, like its main rival Uber, is constantly looking for ways to improve and expand its service. The San Francisco-based service is investing heavily in driverless-car technology, partnering with a large number of companies over the last few years to help advance its plans. Some of its autonomous cars are already motoring along the streets of American cities, albeit as part of a trial service and with an engineer in the driver’s seat to ensure everything runs smoothly.

Away from cars, the company is also experimenting with other modes of transport. In Baltimore, for example, it recently invested $270,000 in the city’s bike-sharing scheme as part of a three-year deal that puts its branding onto five of the city’s busiest bike-sharing stations that will also act as convenient pick-up and drop-off points for Lyft riders. The company hopes the setup will help feed more riders into its car-based service as it seeks to build what the company calls a “multimodal transportation future.”

Editors’ Recommendations

• Lyft follows Uber into bike sharing, beginning in Baltimore
• Your monthly Amazon Prime service is going to cost you more than before
• Bikesharing has existed for a century, but tech is making it massive
• Uber is getting into the bike-sharing game
• How SiriusXM is dominating in the Spotify era

Bali will switch off the island’s internet services for the whole of Saturday

It’s news that will likely cause smartphone addicts to break into a cold sweat, but as long as you steer clear of Bali this weekend, you’ll be just fine.

The Indonesian island is set to turn off mobile internet services for the whole of Saturday to mark the sacred Hindu holiday of Nyepi.

The local communications ministry told news outlets on the island that phone companies have agreed to comply with the request for Bali’s first-ever internet shutdown.

Nyepi marks the new year according to the ancient Balinese calendar and is known as the Day of Silence. As part of the celebrations, Bali’s largely Hindu population is encouraged to take some time for self-reflection. The idea was suggested by Balinese civil and religious groups, according to the Guardian, and was accepted after the issue was discussed by the central government in Indonesia’s capital, Jakarta.

“Many Hindu people are addicted to gadgets,” Hinduism Society head Gusti Ngurah Sudiana told the BBC. “I hope during Nyepi they can be introspective.”

During the pause for reflection, some people may end up contemplating how much time they spend on social media, how few books they tend to read nowadays, and if there might be a way to get back online once their period of introspection is over.

If the internet’s temporary disappearance becomes just too much for Bali’s residents or the thousands of tourists visiting the island, they can make a beeline for the nearest hotel where Wi-Fi connections will still be available, allowing them to fire up their apps and browse the web in the usual way. Home-based internet set-ups will also remain available should people still want to hop online to see what they’re missing.

Aware that a blanket internet shutdown could cause problems, the authorities are making sure that connections remain available for important services, among them the security forces, medical facilities, and disaster agencies.

Made Pastika, the governor of Bali, quipped that if people stop using the internet for the duration of a day, “people will not die.” adding that he intends to power down his own tech on Saturday for a spot of quiet reflection.

Editors’ Recommendations

• Just say the word to get some help from Alexa or Google Home this holiday season
• Obama’s cybersecurity commissioner offers advice on how to keep safe when shopping online
• For deals or just the latest designs, these are the best shopping apps out there
• The best gifts for skiers
• Santa Claus is coming to town: Get ready with these Christmas apps

Nowhere is safe now that AMD has suffered its own Meltdown

Bill Roberson/Digital Trends

(in)Secure is a weekly column that dives into the rapidly escalating topic of cyber security.

On Tuesday, March 13, security firm CTS Labs announced the discovery of 13 flaws in AMD’s Ryzen and Epyc processors. The issues span four classes of vulnerabilities that include several major issues, such as a hardware backdoor into Ryzen’s chipset, and flaws that can completely compromise AMD’s Secure Processor, a chip that’s supposed to act as a “secure world” where sensitive tasks can be kept out of malware’s reach.

The lack of agreement means there’s no way to know when the next flaw will be exposed, who it will come from, or how it will be reported.

This revelation comes just months after the reveal of the Meltdown and Spectre flaws that impacted chips from AMD, Intel, Qualcomm, and others. AMD, whose chips were compromised by some Spectre flaws, came out of the fiasco relatively unscathed. Enthusiasts focused their anger on Intel. Though a handful of class-action lawsuits were filed against AMD, they’re nothing compared to the hoard of lawyers set against Intel. Compared to Intel, AMD seemed the smart, safe choice.

That made Tuesday’s announcement of flaws in AMD hardware even more explosive. Twitter-storms erupted as security researchers and PC enthusiasts argued over the validity of the findings. Still, the information provided by CTS Labs was independently verified by another firm, Trail of Bits, founded in 2012. The severity of the issues can be argued, but they do exist, and they compromise what some PC users had come to view as the last safe harbor.

The wild west of disclosure

The content of CTS Labs’ research would’ve generated headlines in any event, but the reveal’s punch was amplified by its surprise. AMD was apparently given less than 24 hours to response before CTS Labs went public, and CTS Labs has not gone public with all technical details, instead choosing to share them only with AMD, Microsoft, HP, Dell, and several other large companies.

Many security researchers cried foul. Most flaws are disclosed to companies earlier, alongside a timeframe to respond. Meltdown and Spectre, for instance, was disclosed to Intel, AMD, and ARM on June 1 of 2017 by Google’s Project Zero team. An initial 90-day window to fix the problems was later extended to 180 days, but ended ahead of schedule when The Register published its initial story on Intel’s processor flaw. CTS Labs’ decision not to offer prior disclosure has caused speculation that it had another, more malicious motive.

CTS Labs defended itself in a letter from Ilia Luk-Zilberman, the company’s CTO, published on the AMDflaws.com website. Luk-Zilberman takes issue with concept of prior disclosure, saying “it’s up to the vendor if it wants to alert the customers that there is a problem.” That’s why you rarely hear of a security flaw until months after it was uncovered.

Worse, says Luk-Zilberman, it forces a game of brinkmanship between the researcher and the company. The company might not respond. If that happens, the researcher faces a grim choice; keep quiet and hope no one else finds the flaw, or go public with the details of a flaw that has no available patch. Cooperation is the goal, but the stakes for both researcher and company encourage defensiveness. The question of what’s proper, professional, and ethical often collapses into petty tribalism.

Where’s the bottom?

The industry standard for disclosing a flaw doesn’t exist and, in its absence, chaos reigns. Even those who believe in disclosure don’t agree on details, such as how long a company should be given to respond. The lack of agreement means there’s no way to know when the next major flaw will be exposed, who it will come from, or how it will be reported.

It’s like strapping on a life vest as a ship sinks into frigid waters. Sure, the vest is a good idea, but it’s not enough to save you anymore.

Cyber security is a mess, and it’s a mess that’s taken its toll on each of us. While alarming, the new flaws in AMD processors — like Meltdown, Spectre, Heartbleed, and so many others before — will be soon be forgotten. They must be forgotten.

After all, what other choice do we have? Computers and smartphones have become mandatory for participation in modern society. Even those who don’t own them must use services that rely on them.

Every piece of software and hardware we use is, apparently, riddled with critical flaws. Even so, unless you decide to abandon society and build a cabin in the woods, you must use them.

Normally, I’d like this column to end on practical advice. Use strong passwords. Don’t click on links that promise free iPads. That sort of thing. Such advice remains true, but it feels like strapping on a life vest as a ship sinks in frigid arctic waters. Sure. The life vest is a good idea. You’re safer with it than without — but it’s not enough to save you anymore.

Editors’ Recommendations

• Did I do that? Intel is going to make a killing fixing its own Meltdown
• Intel CEO reveals hardware plans for addressing Meltdown, Spectre exploits
• Updates addressing Meltdown security issue are causing a number of PC reboots
• New ‘Prime’ Meltdown, Spectre exploits outlined by Nvidia, Princeton University
• Microsoft’s latest Windows 10 patch will address Spectre Variant 2 CPU flaw

See how the Galaxy S9 Plus handles low-light against the competition

The Samsung Galaxy S9 and S9 Plus take great photos in low-light environments thanks to the variable aperture system on the main rear lens. We’ve shown off how the camera performs in our Galaxy S9 and S9 Plus reviews, but now’s the time to pit it against several flagship smartphones to find the best low-light snapper.

In this test, we used the Galaxy S9 Plus, the Google Pixel 2 XL, the Apple iPhone X, the HTC U11, the LG V30 (with a photo from the new V30S ThinQ), and the Huawei Mate 10 Pro. We took the photos as the average person would — simply tapping on a subject in the viewfinder and letting the camera do the rest. The subject matter? The streets of Barcelona at night.  Here’s how the phones performed.

Correos Y Telegrafos

Google Pixel 2 XL

LG V30

iPhone X

Huawei Mate 10 Pro

HTC U11

Samsung Galaxy S9 Plus

Choosing a winner for this photo is tough, and a lot of it may come down to personal preference. It’s easier to eliminate the poorer photos first, which come from the LG V30, the HTC U11, and the Huawei Mate 10 Pro from worst to best. The V30 photo has the worst detail and is very fuzzy, and the latter two are the darkest photos on the list (though with decent detail and solid color accuracy).

Our favorite photos come from the Galaxy S9 Plus, the iPhone X, and surprisingly, the LG V30S ThinQ. The V30S ThinQ’s Bright Mode automatically kicked in due to the poor lighting, and it easily is the most detailed photograph. It captures the mood very well, though we think it could do a better job with color accuracy.

LG V30S ThinQ

Next up is the Galaxy S9 Plus, which has solid detail, but impresses us more with its excellent noise reduction. Take a look at the sky and compare it with the rest of the photographs, and it’s easy to see how the S9 Plus’ photo feels more realistic. The colors also feel natural, though perhaps a little too on the yellow side.

The iPhone X took the photo with the best color accuracy, and it’s slightly more detailed than the S9 Plus. There’s a lot of noise, though, which is largely why we gave the S9 Plus the edge.

The Galaxy S9 Plus’
excellent noise
reduction is
impressive.

That leaves the Pixel 2 XL, which sits somewhere in the middle between the worst photos and the best. It’s a great photo, but it looks too sharpened, and we feel as though it doesn’t capture any particular mood about the setting at all. It has great detail, but the V30S ThinQ beats it, and we love the colors in the S9 Plus and iPhone X photos more.

Overall, these are great photographs, but the S9 Plus, iPhone X, and V30S ThinQ stand out the most. We’re giving the top pick to the S9 Plus for its impressive noise reduction, but the iPhone X is a close second for color accuracy. We love the detail on the V30S ThinQ, but it looks a little greenish, as though someone added an Instagram filter over it.

Arches at the Barcelona Cathedral

Google Pixel 2 XL

LG V30

iPhone X

Huawei Mate 10 Pro

HTC U11

Samsung Galaxy S9 Plus

The arches of the Barcelona Cathedral are the only lit up part of the building late at night. It’s a great way to test which phones can bring out the rest of the building, while not overexposing the archway.

We’re happy with all these photos, but since we’re picking winners we’d place the LG V30 and the HTC U11 at the bottom of the list. The U11 lights up the rest of the cathedral well, but the color is a little bland, and the archway is overexposed. The V30 has great detail (we didn’t test Bright Mode here), but the overall photo has a greenish tint. The areas outside of the arches are also too dark.

The Pixel 2 XL arguably has the best exposed photo with good detail on the cathedral and great lighting on the archway.

Our favorites this time are from the Galaxy S9 Plus, the iPhone X, the Pixel 2 XL, and the Mate 10 Pro. The Galaxy S9 Plus easily takes the win for best color accuracy, excellent noise reduction, and it manages to light up the rest of the cathedral.

The iPhone X is our second favorite, but it’s a little too warm for our tastes. It does have the best detail, but the statues at the bottom of the arches are a little overexposed.

The Pixel 2 XL arguably has the best exposed photo. You can see plenty of detail on the cathedral, while also maintaining great lighting on the archway. Its detail is second to the iPhone, but it loses points for color accuracy with its cooler tones.

The Mate 10 Pro impressed us here with beautiful colors and solid detail, but the areas outside of the arches are hardly visible.

We’re giving the S9 Plus the win, with the iPhone X taking second place again. The Pixel 2 XL gets third place.

Barcelona Cathedral

Google Pixel 2 XL

LG V30

iPhone X

Huawei Mate 10 Pro

HTC U11

Samsung Galaxy S9 Plus

All of these phones do a great job of capturing the old Barcelona Cathedral, which has been around since the 1300s. Perhaps unsurprisingly, our favorites again are the Galaxy S9 Plus, the Pixel 2 XL, and the iPhone X.

The S9 has excellent lighting overall, with a nice warm color that carries the mood of the Gothic Quarter, as well as solid detail. This photo has the best sky, thanks to very little noise.

Unsurprisingly, yet
again, our favorites
are the Galaxy S9
Plus, the Pixel 2 XL,
and the iPhone X.

The Pixel 2 XL is noticeably grainier, but it comes second because it also has great lighting all around. You can see the turrets of the cathedral far more than the rest of the photos (except the S9). It also has the least overexposed arches.

The iPhone X may have some of the best detail, but it’s a little too dark for our tastes. It does have great warm tones just like the S9 Plus, though.

The HTC U11 does a solid job here as well, though with a slightly yellow tone, but good detail. We’re not fans of the V30 and the Mate 10 Pro’s photos, as they both offer poorer detail than the rest, with muted and bland colors.

The S9 Plus gets the win here, followed by the Pixel 2 Xl, and the iPhone X.

Las Arenas

Google Pixel 2 XL

LG V30

iPhone X

Huawei Mate 10 Pro

Samsung Galaxy S9 Plus

We’re going to have to sit the HTC U11 out on this one, as we didn’t have the phone on hand for this comparison.

The easiest phone to eliminate here is the LG V30. Details are a little blurry, and overall the photo has an unusual green tint. Next comes the Galaxy S9 Plus. It doesn’t do as well with detail compared to the other phones, though we do like the colors it produced. It’s not a bad photo at all.

The Huawei Mate 10 Pro and the Pixel 2 XL tie for second place. The color in the Mate 10 Pro photo looks much more natural than the cooler tones on the Pixel 2 XL photo, but both are well-detailed, and the Pixel wins points for being one of the only phones to not overexpose the A symbol on the left side on the tower.

That means our favorite photo comes from the iPhone X. It offers the strongest detail, but it also has the best color accuracy. The photo looks very natural, and the color of the sky adds more depth. At the end of the day, we’d be happy sharing any of these photos, but we’re nitpicking and the iPhone X gets the win.

Food

Google Pixel 2 XL

LG V30

iPhone X

Huawei Mate 10 Pro

HTC U11

Samsung Galaxy S9 Plus

Right off the bat we have to note that the HTC U11 and the LG V30’s photos aren’t the same as the rest — the food at El Salon is so good, it made us forget to match up our photos. We can still comment about coloring and detail here, though. The LG V30 does a great job with the warm color and solid detail, but the U11 goes in the opposite direction for a colder color. It’s a good photo, but the lighting was nothing like the U11’s photo. It’s also not as sharp as the V30 photo.

The poorest photo of the lot comes from the Mate 10 Pro. It’s not nearly as detailed as the rest of the cameras, and the colors are over-saturated. The iPhone X photo is well-detailed, but like the U11, it surprisingly goes for a cooler tone — which is not representative of the warmer colors at the restaurant.

That leaves us with our two favorite photos, the Galaxy S9 Plus and the Pixel 2 XL. The latter phone’s photo is also cool instead of warm, but the level of detail is stunning. We’d love this photo even more if the camera could just get the colors right. The S9 Plus, however, manages to maintain a lot of detail, while capturing colors well. It’s the photo we’d share of the lot. The S9 gets the win again.

There seems to be a running theme here — the Galaxy S9 Plus has come out on top for almost all of these comparisons.

There seems to be a running theme here — the Galaxy S9 Plus has come out on top for almost all of these comparisons. That doesn’t mean the photos from the other cameras are bad; they’re all incredibly good, and it’s impressive how far smartphone camera technology has advanced. We should note, though, that the Galaxy S9 Plus is our pick for the best low-light camera. We still think certain phones like the Pixel 2 XL outperform it in daylight and other scenarios, such as Portrait Mode.

Not satisfied with our results? That’s OK. Photography is subjective, and if you show two people two photos from different cameras, they may not like the same photo. Let us know what you think of the S9’s camera in low-light in the comments below.

David Cogen, a regular contributor here at Digital Trends, runs TheUnlockr.com, a popular tech blog that focuses on tech news, tips and tricks, and the latest tech. You can also find him over at Twitter discussing the latest tech trends.

Editors’ Recommendations

• Flagship face-off: Samsung’s Galaxy S9 Plus vs. Google’s Pixel 2 XL
• We rounded up every hot smartphone for an ultimate camera showdown
• Sony Xperia XA2 vs. HTC U11 Life: Can Sony rule the midrange market?
• Sony Xperia XZ2 vs. Google Pixel 2 XL: Newest Sony flagship tackles Android king
• Portrait Mode test: Can any smartphone beat the iPhone X?

The Google Lens app is now available on Google Photos for iOS

As announced via the official Google Photos Twitter account on March 15, users of Google Photos for iOS can now use Google Lens to analyze and extract text, hyperlinks, and other information from photos.

Originally announced at Google’s I/O 2017 event, Google Lens uses machine learning to extract text and hyperlinks from images, along with its ability to identify various landmarks from around the world and a host of other promised abilities. It first launched on Google’s Pixel phones at the tail end of 2017, before being launched for all Android phones in March 2018. As of today, March 16, iOS users can also access the deep learning of the Google Lens by accessing it through the iOS Google Photos app.

Starting today and rolling out over the next week, those of you on iOS can try the preview of Google Lens to quickly take action from a photo or discover more about the world around you. Make sure you have the latest version (3.15) of the app.https://t.co/Ni6MwEh1bu pic.twitter.com/UyIkwAP3i9

— Google Photos (@googlephotos) March 15, 2018

Anyone looking to play with Google Lens should make sure that their Google Photos app is updated to the latest version (3.15). Then, open your Google Photos app, open a photo, then tap the Google Lens logo. If you’re struggling to find it, Google has posted a small guide on its support website. Some Twitter users have been complaining that they have not yet been able to access the functionality, and it seems that the update is in the process of rolling out worldwide. It’s also worth noting that Google Lens can only be used if your iOS device’s language is set to English, for the time being.

But what can you do with Google Lens? It’s capable of extracting text from your Google Photos, and while that may not sound impressive, it’s then able to use that text to find businesses, extract hyperlinks, find addresses, or identify books, movies, and games. If you take a picture of a business card, Google Lens will offer to save the information as a new contact, taking some of the fuss out of business networking. Landmarks can also be identified, and information on ratings, tours, and history will be offered as a result.

Use Google Lens to copy and take action on text you see. Visit a website, get directions, add an event to your calendar, call a number, copy and paste a recipe, and more. pic.twitter.com/E4ww2cxVUd

— Google Photos (@googlephotos) March 15, 2018

The Google Photos account has been sharing more than a few ways to make your Google Lens work for you, and while that fact that it’s currently restricted to the Google Photos app on iOS means it’s a bit harder to use in everyday circumstances, it’s a really cool addition, and a great indication of what the future has in store for us.

Editors’ Recommendations

• How to use Google Lens to identify objects on your Pixel smartphone
• Google Lens’ landmark, text recognition expands to all Android devices
• Get ready for more AR apps — Google brings ARCore to version 1.0
• Google adds wheelchair-accessible routes to Google Maps
• Google merges Android Pay and Google Wallet into Google Pay

The first 5 things to turn off in the Galaxy S9’s software

Clean up that software as soon as you get the phone.

Samsung’s software on the Galaxy S9 and S9+ is super-powerful and filled with features, but it needs a little tweaking to harness that power for good rather than annoyance. There are lots of things turned on by default on these phones that isn’t very useful or only appeals to a small set of users — and that’s why we have a list of the first things you should turn off as soon as you get your Galaxy S9 or S9+ out of its box.

Disable parts (or all) of Bixby

Look, Bixby has improved a lot since it was first announced. But it still has a long way to go before it’s going to be considered as something you use every day. Thankfully Samsung has realized this, and given you several options for disabling part, or all, of Bixby on your Galaxy S9.

The one thing most people will want to do is disable the Bixby button on the side of the phone, which is very easy to accidentally hit and is always distracting when you do. Open Bixby Home by swiping over to it on your home screen, tap the gear icon in the top-right corner and tap the toggle for “Bixby Key.” Now, pressing the Bixby button does nothing — but if you want, you can still press-and-hold it for Bixby Voice commands.

If you also want to disable Bixby Voice, you can stay in the Bixby Home settings and look for the toggle next to “Bixby Voice” — tap that, and now even long-pressing the Bixby button on your phone will do nothing.

If you don’t want anything to do with Bixby at all on your Galaxy S9, make the two above tweaks and then turn off Bixby Home entirely. To do this, long-press on an empty spot of your home screen, swipe to the right to reveal the Bixby Home panel and tap the toggle in the top-right corner. Now, Bixby is off for good.

How to completely disable Bixby

Replace Samsung’s keyboard

Samsung’s keyboard has prediction and swiping algorithms that just feel antiquated, which may lead to lots of mistakes when you first get your phone. Don’t worry, it’s not just you! Longtime Samsung keyboard users have undoubtedly gotten used to how its stock keyboard works, and maybe you will over time also. But that doesn’t mean you shouldn’t look at your other options, because there are great replacement keyboards out there.

Our short list of great keyboards includes Google’s own Gboard, another big-name player SwiftKey, and a couple of lesser-known choices from Chrooma and Fleksy — give one, or all four, a try and see if any work better for you than Samsung’s keyboard.

You can manage and switch keyboards by going into Settings, General management and Language and input. You can also quickly switch keyboards anytime you have a keyboard open in an app by tapping the small keyboard icon in the navigation bar.

Best Keyboard for Android

Turn off the Edge screen

Samsung’s curved displays are gorgeous and provide a functional benefit in that they make the phone narrower. But the “Edge screen” software is … questionably useful. It’s also turned on by default. If you like the utilities it offers, that’s great — but much of what it does is either a gimmick or easily duplicated somewhere else on the home screen. If you don’t find it all that useful, here’s how you turn it off:

Swipe in on the side of your phone where the Edge screen handle is located.

• You can recognize it as the small grey tab, roughly two-thirds up the side of the screen.

Tap the gear icon in the bottom-left corner.
Tap the blue toggle switch in the top-right corner, so it turns grey.

Press the home button and the Edge screen has been turned off.

To turn the Edge screen back on, enter your Settings, Display, Edge screen and tap the toggle for Edge panels.

Hide apps you don’t use but can’t uninstall

Going to call this “one” thing to turn off, but really it’s a lot of things. Samsung’s launcher lets you “hide” apps from view, which can help you manage the several duplicate and unwanted apps that Samsung bundles that you can’t uninstall or even disable in most cases. Even though they stay installed, you don’t have to look at them in your app drawer. This way you could hide Samsung’s Calendar, Email and Contacts apps, for example — leaving just whatever apps you installed to replace them instead. Here’s how it works:

Long-press on a blank area of your home screen.
Tap Home screen settings on the right side.
Scroll down and tap Hide apps.

Select the apps you want to hide from view and tap Apply in the top-right corner.

• Any time you want to bring an app back to view, repeat these steps and uncheck those hidden apps.

You’ll want to do this after you’ve fully set up your phone, selected default apps and made sure you’ve managed any settings you may need to change in the bundled apps. Otherwise you’ll have to load up your home screen settings again and un-hide an app just to open it and change something. This is really a system designed to hide apps you never want to use.

Remove all of the quick settings you won’t use

The quick settings toggles available in the notification shade are immensely useful, but that doesn’t mean you have to keep them the way Samsung has it set up out of the box. By default you have very odd options like NFC, sync and mobile data in there, which aren’t things that you’re likely to toggle all the time. Instead, rearrange these quick settings so that you have access to the ones you do want and none of the ones you don’t.

Lower your notification shade, then swipe again to expand the quick settings.
Tap the three dots in the upper-right corner and tap Button order.
On the top, you have your active icons; on the bottom are available icons.
Long-press icons to move them between the top and bottom sections, or to rearrange them.

• If you add more icons than can be held on one page, a second page will automatically be generated.
• Note that the first six icons in the list are the ones you can see with just a single swipe on the notification shade.

When you’re finished, just tap Done and your quick settings are set!

You can rearrange these icons at any time, and even set a different button grid if you want to see fewer or more icons in each panel. The choice is yours.

Samsung Galaxy S9 and S9+

• Galaxy S9 review: A great phone for the masses
• Galaxy S9 and S9+: Everything you need to know!
• Complete Galaxy S9 and S9+ specs
• Galaxy S9 vs. Google Pixel 2: Which should you buy?
• Galaxy S9 vs. Galaxy S8: Should you upgrade?
• Join our Galaxy S9 forums

Verizon
AT&T
T-Mobile
Sprint

Galaxy S8 and S8+ on Verizon get Android Oreo update

The February 2018 security patch also makes an appearance.

Android Oreo has been rolling out to unlocked models of the Galaxy S8 and S8+ since February 22 after Samsung fixed a bug with its initial build, but there’s been no word as to when U.S. carriers would begin updating their versions of the phone. Thankfully, Verizon’s finally ready to issue its Oreo update.

Verizon recently updated its official support page for the Galaxy S8, indicating that Oreo started being pushed to the phone on March 15, 2018. The build number for the S8 is G950USQU2CRB9, whereas the one for the S8+ is G955USQU2CRB9.

Similar to what we’ve seen for past updates, Oreo adds picture-in-picture, the Autofill API, and much more to the S8/S8+. This changes the Samsung Experience to v9.0, and it also adds the February 2018 security patch. I’m not sure why we didn’t get the more recent March patch, but I digress.

If you’ve got a Galaxy S8 or S8+ on Verizon, have you gotten the Oreo update yet?

Samsung Galaxy S8 and S8+

• Galaxy S8 and S8+ review!
• Galaxy S8 and S8+ specs
• Everything you need to know about the Galaxy S8’s cameras
• Get to know Samsung Bixby
• Join our Galaxy S8 forums

Verizon
AT&T
T-Mobile
Sprint
Unlocked