This year's first bad news for OnePlus users—a large number of OnePlus customers are reporting of fraudulent credit card transactions after buying products from the Chinese smartphone manufacturer's official online store. The claim initially surfaced on the OnePlus support forum over the weekend from a customer who said that two of his credit cards used on the company's official website was suspected of fraudulent activities.

"The only place that both of those credit cards had been used in the last 6 months was on the Oneplus website," the customer wrote.

Later a good number of users posted similar complaints on OnePlus, Twitter and Reddit forums, saying they also became a victim of credit card fraud.

Many of the customers claimed that their credit cards had been compromised after they bought a new phone or some accessories directly from the OnePlus official website, indicating that the leak might have been through the company itself.

Cybersecurity firm Fidus also published a blog post detailing the alleged issue with the OnePlus website's on-site payment system. The firm suspected that the servers of the OnePlus website might have been compromised.

According to Fidus, OnePlus is currently conducting the transactions itself on-site, which means that all billing information along with all credit card details entered by its customers flow through the OnePlus official website and can be intercepted by attackers.

"Whilst the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted," Fidus wrote.

Fidus went on to clarify that their findings did not in any way confirm that the OnePlus website was breached; instead, they suggested the attacks might have come from the Magento eCommerce platform—which is used by OnePlus and is "a common platform in which credit card hacking takes place."

OnePlus has quickly responded to the issue on its forum, confirming that it does not store any credit card information on its website and all payment transactions are carried out through its PCI-DSS-compliant payment processing partner.

Only credit card-related information of users who have enabled the "save this card for future transactions"feature is stored on OnePlus' official servers, but even they are secured with a token mechanism.

"Our website is HTTPS encrypted, so it's very difficult to intercept traffic and inject malicious code, however we are conducting a complete audit," a company's staffer using the name 'Mingyu' wrote.

The Chinese smartphone maker also confirms that purchases involving third-party services like PayPal are not affected.

OnePlus does not reveal much information on the incident but confirms that its official website is not affected by any Magento vulnerability.

The company confirms that oneplus.net was indeed built on the Magento eCommerce, but said since 2014, it has entirely been re-built using custom code, adding that "credit card payments were never implemented in Magento's payment module at all."

There are almost 100 claims of fraudulent credit card transactions on the OnePlus support forums. OnePlus announces a formal investigation into the matter, and advises affected users to contact their bank to reverse the payment.

The New Year has just begun, but General Motors is already looking toward 2019, when it will take the next step for its self-driving cars. It plans to release the Cruise AV, a self-driving car without a steering wheel, pedals or any of the standard driver controls.

The news comes from a GM announcement about its safety petition to the US Department of Transportation for permission to put the Cruise AV on roads as early as next year.

GM acquired Cruise Automation in 2016, and since then Cruise has worked on its technology. Driverless vehicles powered by Cruise are already on the roads in California, Arizona and Michigan for testing, and these car may soon be in New York City.

The big difference between the existing Cruise vehicles and the upcoming Cruise AV is that this new version, the fourth generation, will be the first production-ready model purpose-built to drive itself.

GM envisions the Cruise AV reducing traffic accidents, giving back the time riders spend stuck in traffic, offering greater mobility for elderly or physically impaired passengers and making the hunt for parking a thing of the past.

Assuming the DOT approves GM's safety petition, we could all be driving alongside robots next year.

Once you’ve bought Bitcoins (BTC) or other cryptocurrencies via an exchange (like Bitstamp), if you plan to spend your cryptocurrency right away, you can do so directly from the exchange. If you prefer to hang on to your digital assets, you'll need a secure wallet to which you can transfer your virtual coins. In this guide, we'll explore five of the very best cryptocurrency applications available today for storing your digital wealth. Each of these programs allow you to generate private keys, which you can store safely, rather than trusting an online exchange which can be hacked or go out of business.

All of these clients are known as 'hot' wallets in that by default they're connected to the internet at all times. If you are moving large amounts of Bitcoin, consider creating a 'cold' offline wallet to store your assets.

1. Bitcoin Core

• Original Bitcoin client
• Provides better protection against fraud
• Requires large amounts of space and bandwidth

Bitcoin Core is the original BTC client and is available for Windows, Mac and Linux. Core is a 'full node' Bitcoin client, meaning that on first-run it will download the current version of the blockchain (currently around 160GB) by connecting to other nodes. It will then continue to download and process data about Bitcoin transactions.

One advantage of this is that it's much more difficult to link a specific BTC payment address to your identity as Core downloads data about all Bitcoin transactions everywhere. This also protects you against certain types of fraud such as someone trying to spend the same BTC twice, or fooling you into believing you’ve received funds you haven't actually got.

Core comes preconfigured to run through the Tor anonymizing network. This makes it very difficult for anyone to link sending or receiving BTC to your home IP address, ensuring your privacy. All this requires huge amounts of bandwidth – Core must be connected to the internet every day to stay in sync with the network.

On first launch, Core will create a wallet file (wallet.dat) containing your private keys. By default anyone can access it, but you can encrypt the wallet with a password if you wish.

• Download Bitcoin Core here

2. Electrum

•  Lightweight and easy to set up
• Recover your BTC using a wallet seed
• Relies on servers to verify transactions

Electrum has been around since 2011 and works with Windows, Mac and Linux. It's one of the most popular 'thin' wallet clients, in that instead of downloading the entire Bitcoin blockchain, it connects securely to other servers to verify your BTC balance and process payments. This means you can set it up in minutes and it takes up very little space on your hard drive.

Electrum uses a 'hierarchical deterministic wallet', in that when you first launch the program it generates a random 'seed' of 12 dictionary words, from which it derives the keys necessary to spend and receive BTC. Electrum displays the seed as you create your wallet and requires you to write it down. This means that if you lose access to this version of Electrum, you can easily reinstall it on another machine and use the seed to restore your BTC.

Unlike the Bitcoin Core client, Electrum offers you the option to encrypt your wallet file during setup, although you can choose to leave it unencrypted if you wish. You can also use Electrum in 'cold storage' mode to create a 'watching only' wallet. This allows you to receive Bitcoin payments and see your balance, but not spend the coins, which may be useful if you're buying BTC as a long-term investment.

As a 'thin’ client, Electrum relies on other servers for payment information, making it more vulnerable to certain types of hacking than 'full nodes' such as Bitcoin Core.

• Download Electrum here

3. Jaxx

• Very simple interface
• Supports multiple cryptocurrencies
• Potentially vulnerable

Jaxx was first developed in 2014 and serves not only as a Bitcoin wallet but an app which can store multiple cryptocurrencies such as Litecoin, Dash, Ethereum and Bitcoin Cash. Ripple is not currently supported but the Jaxx team have hinted they may support this feature in the future.

When first run, Jaxx displays a 12 word 'master seed' similar to Electrum which you can write down and use to restore your wallets if you lose access to the original program.

The interface is deceptively simple in that you can quickly and easily switch between wallet balances. Jaxx has also integrated Shapeshift support. This functions as a built-in currency exchange, allowing you to quickly exchange crypto balances, for instance to convert DASH to BTC. You can view your updated balances as soon as processing is complete.

Jaxx is available as a Chrome extension as well as for Windows, Mac and Linux. There's even a mobile app, so it's likely you can view all crypto balances from a single device.

The software is closed source, however, so cannot be reviewed by the community in order to hunt for security bugs. Note that one such bug was discovered in June 2017 which allows someone with access to your machine to extract your master seed and steal your coins. Until this is fixed we recommend using Jaxx only for storing and exchanging small amounts.

• Download Jaxx here

4. Rippex

• Cold storage option
• Not difficult to get going
• Beta software
• Fee of 20 XRP to activate wallet

Ripple is one of the top five cryptocurrencies in terms of capitalization and although it was designed to facilitate transactions between banks, many individuals also use it for speculation and to make payments.

Unlike more popular currencies like Bitcoin, the official desktop client is no longer maintained by the original creators. Fortunately the community has continued to maintain it in the form of Rippex.

Aside from being seemingly the only desktop client available for Ripple, Rippex is very easy to set up. On first-run it generates a 'secret key' which you can write down to restore your wallet in case anything happens to it. The client also requires you to encrypt your wallet file with a password, making your money harder to steal.

In order to activate your wallet you have to pay a fee of 20 XRP (around $43 at current exchange rates, which is about £32). Once you've done this, you can set up a 'cold' offline wallet if you prefer to store your secret keys offline for safety reasons.

If you want to store your XRP outside an exchange but don't want to pay the fee for Rippex, you can also generate a paper wallet instead from http://ripplepaperwallet.com. The website will load the necessary code into your web browser – be sure to disconnect from the internet before creating the wallet.

Rippex is available for Windows, Mac and Linux.

• Download Rippex here

5. Exodus

• Store and exchange multiple currencies
• Stunning visual interface
• Not open source

Exodus is a multi-currency wallet and can hold various types of coins and assets. The setup process is very simple. Like Jaxx, you create a 12 word 'master seed' which you can write down and use to restore your wallet if you're no longer able to access the original. (Incidentally, if you've previously created a master seed using Jaxx, Exodus can restore these too). Once setup is complete, Exodus will also prompt you to choose a password to protect your wallet.

Your digital assets are shown in a user-friendly pie chart. Unlike the other wallets we've discussed here, you can also choose different 'skins' to make your client easier on the eye. Use the localization settings to change the default currency (USD) to your home currency if necessary.

The wallet software also supports exchanging crypto-assets and currencies using Shapeshift, and even lists the percentages of assets you hold as part of your 'portfolio'. Sadly Dogecoin is no longer supported.

Exodus is also not 100% open source. The company claims on its website that doing so would give away trade secrets and make it easier for hackers to create bootleg versions of its wallets. In light of this, if you use Exodus you'll have to trust that there are no undisclosed security bugs or backdoors built into the software.

• Download Exodus here

The cyber security expert and former NSA hacker Patrick Wardle made the headline once again, this time the researcher has spotted a new strain of malware dubbed MaMi designed to hijack DNS settings on macOS devices. Wardle first obtained a sample of the MaMi malware after a user reported on the Malwarebytes forums that the Mac of its teacher was infected by a malware that set DNS servers to 82.163.143.135 and 82.163.142.137.

At the time of its discovery, it was undetected by all engines on VirusTotal. The OSX/MaMi isn’t particularly advanced, but the researcher remarked that it does alter infected systems in rather nasty and persistent ways.

“Since there are already several (IMHO unrelated) malware specimens that perform DNS hijackering (that are named ‘DNSChanger’, etc), I decided to call is OSX/MaMi due to a core class the malware named: ‘SBMaMiSettings’ ” wrote Wardle.

“Ok, that’s a wrap. OSX/MaMi isn’t particular advanced – but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads). “

The malicious code acts as a DNS hijacker, but it also implements other features for taking screenshots, simulating mouse events, downloading and uploading files, and executing commands.

The researcher discovered the malware on several websites, unfortunately, it was not able to determine the distribution channel. It is likely the MaMi malware has been delivered via email, fake security alerts and pop-ups on websites, or social engineering attacks.

Wardle noticed that the malware does not appear to execute any of implement feature, likely because it requires some attacker-supplied input or other preconditions that were not simulated in the virtualized test lab used by the expert.

Once MaMi has infected a mac system, it invokes the security tool and uses it to install a new certificate (dcdata.bin) it’s downloaded from the internet.

“By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).” explained Wardle.

How to discover is a macOS system is infected with the MaMi malware?

Users can check DNS settings, the malicious code set DNS servers to 82.163.143.135 and 82.163.142.137.

After 51 years, CES in Las Vegas still manages to pack some surprises. No, I'm not talking about the rain that caused crazy floods or the two-hour blackout in Central Hall of the Las Vegas Convention Center. I'm talking about 65-inch rollable OLED displays, robotic dogs, and $4,000 treadmills that deliver live workout classes on HD screens. There were far less phones and tablets than we saw a few years ago, but more and more companies are saving those big announcements for Mobile World Congress in Barcelona next month. Yet despite the fact that the Detroit Auto Show is just about to start, it can be argued that CES has become the greatest car tech show of the year.

Below we've gathered our favorite 21 new products and technologies from the show. Although they aren't all guaranteed to the make it to market in 2018—if ever—they represent the type of tech we hope to see in the year ahead.

Best Laptop

Acer Swift 7 Dubbed the world's thinnest notebook, the Swift 7 measures just 0.39-inch thick and weighs 2.48 pounds. With a sturdy aluminum build, it avoids feeling flimsy, a pitfall that many light systems fail at, and it looks as nice as it feels. When the Swift 7 drew audible excitement and instant comparisons to a MacBook Air from our photographer, I knew Acer had succeeded with its design. It will arrive this spring at $1,699, packing an HD touch display, an Intel Core i7 processor, and 4G LTE connectivity.

---

Best Convertible Hybrid Laptop

Dell XPS 15 2-in-1 The premium XPS line has been consistently lauded for its quality build and solid feature set, and Dell is now bringing that experience to a convertible 15-inch system. Convertibles this size often raise eyebrows, as the screen is arguably too large to be used comfortably in Tablet mode, but the XPS 15 is the slimmest on the market. This, along with the overall high build quality, helps mitigate the size. It's outfitted with eighth-generation Intel processors and discrete graphics, making it a viable professional's laptop for productivity in the office or on the road.

---

Best Windows Tablet

Lenovo Miix 630 With a starting price of $799, the Lenovo Miix 630 detachable tablet is on the less expensive end of a brand-new crop of PCs that run power-sipping Qualcomm Snapdragon processors originally designed for smartphones. It's got a 12.3-inch full HD touch screen that's fortified with Corning Gorilla Glass. There's a kickstand built into the back of the tablet to prop it up when the keyboard is attached, and the whole thing weighs just less than 3 pounds. The big draw here: Lenovo claims the Miix 630 will last up to 20 hours between battery charges. Even better, that estimate assumes you'll use it as you would a smartphone: rarely turning it off and accessing the internet both via Wi-Fi and the included LTE modem. Depending on the cost of wireless service plans and whether or not that battery claims ring true, this Windows tablet has the potential to be a road warrior's best friend when it goes on sale this spring.

---

Best Phone

Honor View 10 Honor's View 10 sets the bar for value. Huawei's low-cost spinoff brand is bringing a 6-inch phone with tons of RAM and storage, an AI-enhanced camera, and a flagship-level Kirin 970 processor to the US for less than $500—that undercuts the OnePlus 5T by at least $30, and it's about half the price of Huawei's own Mate 10 Pro. Honor has sold great $200 phones in the US for a few years now, and this device pushes its market up to people who aren't looking to make compromises.

---

Best Smartwatch

Misfit Path Similar to the Misfit Phase but designed with smaller wrists in mind, the Misfit Path is a beautiful smartwatch that looks more like an analog timepiece. It can track steps, calories burned, distance, and sleep, as well as receive your call, text, and app notifications from your phone. Swimmers will be happy to note it's safe for the pool and shower. It launches this spring, and at $150, the Path is not only stylish but also affordable.

---

Best Health and Fitness Device

Peloton Tread While a $4,000 treadmill is undoubtedly extravagant, Peloton's Tread sets itself apart with a 32-inch HD touch screen. And for $39 per month, you can stream more than 10 daily live classes, as well as guided workouts. You can view your stats at the bottom of the screen, and view a leaderboard of other Peloton users on the side. That should be enough to motivate you, if spending all that money on a treadmill doesn't do the trick.

---

Best Car

Fisker EMotion Fisker's founder, Henrik Fisker, cut his teeth working on sports cars for Aston Martin and BMW, and it shows in his latest design, the Fisker EMotion. This gorgeous sports sedan could have won on looks alone with great lines and butterfly doors, but it also runs an all-electric powertrain with a battery that'll carry the car up to 400 miles. Fisker promises a radical new battery design in less than five years that will increase range to 500 miles and require only 9 minutes of charge time. So smart power coupled with a host of luxury and connected car features (including advanced LiDAR-based autonomous driving capabilities being developed through a partnership with Quanergy) make this $129,000 sports car the belle of this year's CES ball.

Best Car Accessory

Raven New cars just keep getting smarter and more connected. And nowhere is that more obvious than at CES. But what if you're not ready to trade up your couple-of-years-old ride just yet? The $300 Raven sits on your dashboard and packs a Wi-Fi hotspot, GPS, security system, vehicle diagnostic system, and front- and cabin-facing video cameras in a box no bigger than your rearview mirror. It will even give you feedback on your driving skills.—Wendy Sheehan Donnell

---

Best Drone

Tello The Tello isn't a flashy pro drone. It's a $99 quadcopter, controlled by your phone or optional Bluetooth gamepad, with a modest 720p video camera. But the price is a big plus, especially when you consider that it's powered by Intel and DJI tech. It looks like a solid choice for people who want a drone, but don't want a high-powered pro model. It's also a teaching tool; it can be programmed with MIT's Scratch language, and anything that teaches you (or your kids) to code is a plus in our book.

---

Best Camera/Phone Accessory

DJI Osmo Mobile 2 The Osmo Mobile 2 is our pick for the best camera gear of CES, even though it doesn't have a lens or sensor. The handheld gimbal, priced at just $129, works with Android and iOS phones. It keeps handheld video silky smooth, can be mounted on a tripod, and has an app that adds time-lapse and other capabilities to your phone's camera. It's less expensive than its predecessor, and has three times the battery life—15 hours.

---

Best Smart Home Device

JBL Link View Smart Display We saw a ton of devices with integrated Amazon Alexa or Google Assistant at CES this year—cars, bathrooms, TiVos, you name it. But the most important category for Google was its four smart displays, which give Google Assistant a solid (and YouTube-enabled) competitor for the Amazon Echo Show. While we love the industrial design of Lenovo's model, JBL's—which appears to be based on its Link 300 speaker—looks like it will offer better audio, making it a flexible home entertainment and home control center.

---

Best Television

The Wall by Samsung We thought the TV size race was over, since manufacturing an LCD panel of more than 85 inches is prohibitively difficult and expensive. Samsung surprised us with a 140-inch monster that doesn't use LCD or OLED. The Wall by Samsung reaches its massive size by using MicroLEDs, millions of tiny light-emitting diodes arranged in an array. LED arrays are used for huge commercial signs and usually have giant pixels that are easily visible unless you're several dozen feet away, but the Wall's pixels are just 0.8 millimeters, which promises a viewing experience that's closer to a TV than a billboard.

---

Best Home Theater Gear

TCL Alto Roku announced its Roku Connect software to encourage the development of audio products that work with its media streamers and licensed Roku TVs. TCL is the first company to jump on the bandwagon with its Alto line of speakers, of which the Roku Smart Soundbar is the first and currently only model. It's simply a soundbar designed to work with TCL Roku TVs, or any other device that uses Roku OS. It enables voice control with the Roku Entertainment Assistant, wireless playback of music without using your TV, and basically brings audio-only options into the Roku ecosystem.

---

Best Audio Gear

Libratone Track+ Libratone is best known for its speakers, but has proven its chops at making earphones with the excellent Adapt Q Lightning. Now the company is combining noise cancellation technology and a workout-friendly design into an impressive set of wireless earphones. The $200 Libratone Track+ might not be completely wire-free like so many other new pairs, but they incorporate adjustable active noise cancellation and are resistant to splashes, all at a slightly friendlier price than the Bose QuietControl 30.

---

Best Networking Gear

Asus Lyra Voice In a world with way too many gadgets—especially in the living room—we savor devices that multitask well. The Asus Lyra Voice pulls triple duty as a tri-band AC2200 mesh Wi-Fi router, a speaker, and a digital assistant. With a built-in microphone, two eight-watt speakers, and Amazon Alexa on board, you can use the Lyra Voice to answer queries, play music, control your smart home devices, and take advantage of Alexa's many third-party skills. The Voice pairs with other Lyra routers to provide whole-home 802.11ac Wi-Fi, while the discrete speakers deliver "rich and powerful sound." We'll test those claims when we review the Lyra Voice, but we applaud Asus' ability to pack this much functionality into a slick and compact package.

---

Best Gaming PC

Digital Storm Spark I saw plenty of nice gaming systems at CES, but Digital Storm's Spark stood out for its small stature. It's only 12 inches tall and 4 inches wide, yet filled with enthusiast-level components as well as custom liquid-cooling piping. You can start a build at $1,299 with an Nvidia GeForce GTX 1060, but the same tiny body can handle up to a GTX 1080 and an Intel Core i7-8700K processor. It's an impressive feat of engineering, and the black aluminum body, interior window, and customizable lighting look super sleek. It was a better year for gaming desktops than laptops—I saw nice PCs from Origin, as well—but manufacturers are in a holding pattern as they wait for the next generation of Intel processors before releasing new notebooks later this year.

---

Best Gaming Gear

Razer Mamba HyperFlux The Mamba is one of Razer's high-end gaming mice, and the HyperFlux kicks things up a notch. It comes with a mousepad, the Firefly, that charges the mouse through a magnetic field. This technology allows Razer to remove the battery from the mouse, making it super light, and it stays powered for a few seconds off the pad so you can lift and adjust it while playing without disconnecting. The mouse has nine programmable buttons, mechnical switches, and Chroma lighting. The mousepad itself is rimmed with customizable lighting, and you can flip it over within the base for a hard or cloth surface. It's expensive at $249, but high-end gaming purchases tend to be luxury buys to begin with, and the innovation here just might be worth it.

---

Best AR/VR Headset

Lenovo Mirage Solo Lenovo's Mirage Solo pumps new life into Google's Daydream platform by freeing it from the phone. It's an entirely liberated VR headset, in fact: With no wires and six degrees of freedom, it promises VR experiences you can run, jump, and walk through without worrying about tripping over wires. It's far less kludgey to use than dropping your phone into a headset, and uses a superior processor to the upcoming Oculus Go. This is the future of mobile VR.

---

Best Robot

Sony Aibo Man's best robot friend is back. The new and improved Sony Aibo is more lovable than ever. With advanced sensors, better AI, and a friendlier design, Aibo can recognize your family, stream video through its nose, nuzzle your hand, and learn its environment. It's only available in Japan at the moment and costs a hefty 198,000 yen (nearly $1,800), but at least it won't pee on your carpet.

---

Best Concept/Prototype

LG Rollable OLED TV Paper-thin screens you can simply roll up have been futuristic fantasies for years. That won't likely change anytime soon, but LG Display is pushing the technology a bit closer to reality with its 65-inch rollable OLED screen. This OLED panel rolls up like a poster and can be unspooled into a very flat panel TV. At 65 inches of 4K resolution, it's the largest, most advanced rollable screen yet.

---

Best New Technology

Nvidia Big Format Gaming Display The Big Format Gaming Display (BFGD) looks like a TV, but it's really a 65-inch gaming monitor. Nvidia's new screen combines a 65-inch 4K LCD with HDR with G-Sync, the Tegra X1 processor, and the Nvidia Shield Android TV interface. It means a huge picture that can keep up with your gaming PC, and offers incredibly low latency. Instead of selling it directly, Nvidia is leaving the final design touches to Acer, Asus, and HP Omen, all of which will offer their own BFGD models.

Source: PC Mag