Engadget Podcast: Reviewing the iPhone 14, 14 Pro and non-Ultra Apple Watches

So after all the hype last week, are the iPhone 14 and 14 Pro any good? And are the Apple Watch SE and Series 8 worth an upgrade? This week, Cherlynn chats with Devindra about her furious rush to review all of Apple’s latest gear. It turns out the iPhone 14 Pro is a pretty big step forward, but the same can’t be said for the plain 14. Also, they discuss the wider impact of removing SIM cards from this iPhone lineup, as well as the value of the Pro’s new 48MP camera.

Listen above, or subscribe on your podcast app of choice. If you’ve got suggestions or topics you’d like covered on the show, be sure to email us or drop a note in the comments! And be sure to check out our other podcasts, the Morning After and Engadget News!

Subscribe!

Topics

  • Review of the iPhone 14 Pro and iPhone 14 – 2:10

  • How does the iPhone 14 series stack up against this year’s other phones? – 45:07

  • Apple Watch SE and Series 8 reviews – 48:26

  • A few thoughts on iOS 16 – 54:25

  • Northeastern University VR lab targeted by mail bomb – 56:47

  • Period tracking app Flo gets anonymous mode – 59:22

  • We finally got a trailer for the Legend of Zelda: Tears of the Kingdom – 1:01:11

  • What we’re working on – 1:03:07

  • Pop culture picks – 1:07:31

Livestream

Credits
Hosts: Cherlynn Low and Devindra Hardawar
Producer: Ben Ellman
Music: Dale North and Terrence O’Brien
Livestream producers: Julio Barrientos
Graphic artists: Luke Brooks and Brian Oh

Google’s Pixel Buds Pro fall back to an all-time low at Amazon

If you missed the chance to grab Google’s Pixel Buds Pro when they went on sale in August, don’t worry: The tech giant is giving you another shot at buying the wireless earbuds at a discount. Google’s Pixel Buds Pro (in Charcoal and Lemongrass) are currently on sale for $175, or $25 less than their retail price. That’s the same price they were listed for the first time they went on sale, and that’s also a record low for the model on the website. Seeing as the earbuds only came out a couple of months ago — and they’re the first in the line with active noise cancellation (ANC) — that’s already a great deal if you’ve been thinking of getting them in the first place.

Buy Google Pixel Buds Pro at Amazon – $175

We gave the Pixel Buds Pro a score of 87 in our review, where we praised them for having reliable touch controls and a solid ANC. They use a six-core audio chip powered by Google’s algorithms for active noise cancellation, and they also have a feature called “Silent Seal” to ensure that they can keep as much ambient noise out as possible. This Silent Seal tool uses sensors to adapt the buds to your ear shape when ANC is on, thereby minimizing sound leaks, as well. 

We also praised the earbuds for delivering a pleasantly punchy bass. And if Volume EQ, which adapts tuning when you adjust loudness, is on, the bass stays punchy even in low volumes. Another thing we liked about the Pixel Buds Pro is that they support wireless charging unlike their predecessors, and they have a quick-charge feature that gives you an hour of ANC listening after just five minutes.

Bottom line, we found the Pixel Buds Pro to be Google’s best earbuds to date. They’re also the tech giant’s most expensive model to date, so you probably wouldn’t want to miss this chance to grab them at a lower price. 

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.

Microsoft Teams has been storing authentication tokens in plaintext

Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization, according to the security firm Vectra. The flaw affects the desktop app for Windows, Mac and Linux built using Microsoft’s Electron framework. Microsoft is aware of the issue but said it has no plans for a fix anytime soon, since an exploit would also require network access.

According to Vectra, a hacker with local or remote system access could steal the credentials for any Teams user currently online, then impersonate them even when they’re offline. They could also pretend to be the user through apps associated with Teams, like Skype or Outlook, while bypassing the multifactor authentication (MFA) usually required. 

“This enables attackers to modify SharePoint files, Outlook mail and calendars, and Teams chat files,” Vectra security architect Connor Peoples wrote. “Even more damaging, attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.”

Attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.

Vectra created a proof-of-concept exploit that allowed them to send a message to the account of the credential holder via an access token. “Assuming full control of critical seats–like a company’s Head of Engineering, CEO, or CFO — attackers can convince users to perform tasks damaging to the organization.”  

The problem is mainly limited to the desktop app, because the Electron framework (that essentially creates a web app port) has “no additional security controls to protect cookie data,” unlike modern web browsers. As such, Vectra recommends not using the desktop app until a patch is created, and using the web application instead.

When informed by cybersecurity news site Dark Reading of the vulnerability, Microsoft said it “does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network,” adding that it would consider addressing it in a future product release. 

However, threat hunter John Bambenek told Dark Reading it could provide a secondary means for “lateral movement” in the event of a network breach. He also noted that Microsoft is moving toward Progressive Web Apps that “would mitigate many of the concerns currently brought by Electron.”

US border forces are seizing Americans’ phone data and storing it for 15 years

If a traveler’s phone, tablet or computer ever gets searched at an airport, American border authorities could add data from their device to a massive database that can be accessed by thousands of government officials. US Customs and Border Protection (CBP) leaders have admitted to lawmakers in a briefing that its officials are adding information to a database from as many as 10,000 devices every year, The Washington Post reports. 

Further, 2,700 CBP officers can access the database without a warrant and without having to record the purpose of their search. These details were revealed in a letter Senator Ron Wyden wrote to CBP Commissioner Chris Magnus, where the lawmaker also said that CBP keeps any information it takes from people’s devices for 15 years. 

In the letter, Wyden urged the commissioner to update CBP’s practices so that device searches at borders are focused on suspected criminals and security threats instead of allowing “indiscriminate rifling through Americans’ private records without suspicion of a crime.” Wyden said CBP takes sensitive information from people’s devices, including text messages, call logs, contact lists and even photos and other private information in some cases. 

While law enforcement agencies are typically required to secure a warrant if they want to access the contents of a phone or any other electronic device, border authorities are exempted from having to do the same. Wyden also pointed out that travelers searched at airports, seaports and border crossings aren’t informed of their rights before their devices are searched. And if they refuse to unlock their electronics, authorities could confiscate and keep them for five days.

As The Post notes, a CBP official previously went on record to say that the agency’s directive gives its officers the authority to scroll through any traveler’s device in a “basic search.” If they find any “reasonable suspicion” that a traveler is breaking the law or doing something that poses a threat to national security, they can run a more advanced search. That’s when they can plug in the traveler’s phone, tablet or PC to a device that copies their information, which is then stored in the Automated Targeting System database.

CBP director of office of field operations Aaron Bowker told the publication that the agency only copies people’s data when “absolutely necessary.” Bowker didn’t deny that the agency’s officers can access the database, though — he even said that the number was bigger than what CBP officials told Wyden. Five percent of CBP’s 60,000 personnel have access to the database, he said, which translates to 3,000 officers and not 2,700.

Wyden wrote in his letter:

“Innocent Americans should not be tricked into unlocking their phones and laptops. CBP should not dump data obtained through thousands of warrantless phone searches into a central database, retain the data for fifteen years, and allow thousands of DHS employees to search through Americans’ personal data whenever they want.”

Two years ago, the Senator also called for an investigation into the CBP’s use of commercially available location data to track people’s phones without a warrant. CBP had admitted back then that it spent $500,000 to access a commercial database containing “location data mined from applications on millions of Americans’ mobile phones.”

TikTok experiment asks you to share BeReal-style daily posts with friends

Instagram isn’t the only one hoping to capitalize on the daily photo sharing trend. TikTok has unveiled an experimental Now feature that, much like BeReal, asks you to post either a photo (using front and back cameras) or 10-second video to tell friends what you’re doing each day. You’ll have a limited window to share content after you receive a randomly-timed prompt. Effectively, it’s a visual status update.

The test will run over the “coming weeks,” according to the social network. TikTok Now is available through the usual app in the US, but you may also find it as a dedicated app in other countries. Not surprisingly, the company is limiting some features for teens. Anyone under 16 who creates an account in the Now app will default to private viewing. Teens between 13 and 15 can only receive comments from friends, and everyone under 18 can’t share their content on Explore.

TikTok is more used to rivals duping its features than the other way around. However, it’s easy to see the reasons for borrowing BeReal’s core concept. Daily posts could keep you coming back to TikTok. They also elevate the importance of friends — you might want to add more people to your social circle if you know you’ll see frequent updates. In that sense, Now could change TikTok’s role as much as it could improve the company’s bottom line.