Enlarge (credit: OpenAI)

On Wednesday, OpenAI announced the availability of developer APIs for its popular ChatGPT and Whisper AI models that will let developers integrate them into their apps. An API (application programming interface) is a set of protocols that allows different computer programs to communicate with each other. In this case, app developers can extend their apps' abilities with OpenAI technology for an ongoing fee based on usage.

Introduced in late November, ChatGPT generates coherent text in many styles. Whisper , a speech-to-text model that launched in September, can transcribe spoken audio into text.

In particular, demand for a ChatGPT API has been huge, which led to the creation of an unauthorized API late last year that violated OpenAI's terms of service. Now, OpenAI has introduced its own API offering to meet the demand. Compute for the APIs will happen off-device and in the cloud.

Enlarge / A volcano-themed tissue box designed with the help of AI-assisted image generation (credit: Juan Nougera (CC-BY-SA) )

Since the introduction of DALL-E 2 and ChatGPT, there has been a fair amount of hand-wringing about AI technology—some of it justified.

It’s true that the technology’s future is unclear. There is great debate about the ethics of using existing artwork, images and content to train these AI products, and concern about what industries it will displace or change . And it seems as if an AI arms race between companies like Microsoft and Google is already underway.

And yet as an industrial designer and professor , I’ve found AI image generation programs to be a fantastic way to improve the design process.

Enlarge (credit: Google)

On Tuesday, Google made client-side encryption available to a limited set of Gmail and Calendar users in a move designed to give them more control over who sees sensitive communications and schedules.

Client-side encryption is a generic term for any sort of encryption that’s applied to data before it’s sent from a user device to a server. With server-side encryption, by contrast, the client device sends the data to a central server, which then uses keys in its possession to encrypt it while it’s stored. This is what Google does today. (To be clear, the data is sent encrypted through HTTPS, but it's decrypted as soon as Google receives it.)

Google’s client-side encryption occupies a middle ground between the two. Data is encrypted on the client device before being sent (by HTTPS) to Google. The data can only be decrypted on an endpoint machine with the same key used by the sender. This provides an incremental benefit since the data will remain unreadable to any malicious Google insiders or hackers who manage to compromise Google servers.

Enlarge (credit: Microsoft)

Last week, Microsoft researchers announced an experimental framework to control robots and drones using the language abilities of ChatGPT , a popular AI language model created by OpenAI. Using natural language commands, ChatGPT can write special code that controls robot movements. A human then views the results and adjusts as necessary until the task gets completed successfully.

The research arrived in a paper titled " ChatGPT for Robotics: Design Principles and Model Abilities ," authored by Sai Vemprala, Rogerio Bonatti, Arthur Bucker, and Ashish Kapoor of the Microsoft Autonomous Systems and Robotics Group.

In a demonstration video , Microsoft shows robots—apparently controlled by code written by ChatGPT while following human instructions—using a robot arm to arrange blocks into a Microsoft logo, flying a drone to inspect the contents of a shelf, or finding objects using a robot with vision capabilities.

Enlarge / Jay Y. Lee, vice chairman of Samsung Electronics Co., leaves the Seoul Central District Court in Seoul, South Korea, on Friday. After a presidential pardon, Lee is poised to retake control of South Korea's largest commercial entity. (credit: Getty Images)

Samsung Electronics Vice-Chair Jay Y. Lee received a presidential pardon Friday for his role in a 2016 political scandal, a move the South Korean government says is necessary so the country's largest chaebol can help steady the national economy.

“In a bid to overcome the economic crisis by vitalizing the economy, Samsung Electronics Vice Chairman Lee Jae-yong… will be reinstated,” the Korean government stated in a joint press release from its ministries, according to Bloomberg News .

Lee, 54, known as Lee Jae-yong in Korea, was arrested in February 2017 on charges that he was complicit in Samsung paying millions in bribes to various organizations tied to a presidential advisor in order to win favor for an $8 billion merger of two Samsung Group units. In August 2017, Lee was convicted of perjury, embezzlement, hiding assets outside the country, and being one of five Samsung executives who paid $6.4 million in bribes to ex-South Korean President Park Geun-hye.

Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images )

There has been a recent flurry of phishing attacks so surgically precise and well-executed that they've managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication provider Twilio, content delivery network Cloudflare, and network equipment maker Cisco said phishers in possession of phone numbers belonging to employees and employee family members had tricked their employees into revealing their credentials. The phishers gained access to internal systems of Twilio and Cisco. Cloudflare's hardware-based 2FA keys prevented the phishers from accessing its systems.

The phishers were persistent, methodical and had clearly done their homework. In one minute, at least 76 Cloudflare employees received text messages that used various ruses to trick them into logging into what they believed was their work account. The phishing website used a domain (cloudflare-okta.com) that had been registered 40 minutes before the message flurry, thwarting a system Cloudflare uses to be alerted when the domains using its name are created (presumably because it takes time for new entries to populate). The phishers also had the means to defeat forms of 2FA that rely on one-time passwords generated by authenticator apps or sent through text messages.

Creating a sense of urgency

Like Cloudflare, both Twilio and Cisco received text messages or phone calls that were also sent under the premise that there were urgent circumstances—a sudden change in a schedule, a password expiring, or a call under the guise of a trusted organization—necessitating that the target takes action quickly.

Enlarge (credit: Getty Images)

Meta is ever so slowly expanding its trial of end-to-end encryption in a bid to protect users from snoops and law enforcement.

End-to-end encryption, often abbreviated as E2EE, uses strong cryptography to encrypt messages with a key that is unique to each user. Because the key is in the sole possession of each user, E2EE prevents everyone else—including the app maker, ISP or carrier, and three-letter agencies—from reading a message. Meta first rolled out E2EE in 2016 in its WhatsApp and Messenger apps, with the former providing it by default and the latter offering it as an opt-in feature. The company said it expects to make E2EE the default setting in Messenger by sometime next year. The Instagram messenger, meanwhile, doesn’t offer E2EE at all.

Starting this week, the social media behemoth will begin testing a secure online storage feature for Messenger communication. For now, it’s available only to select users who connect using either an iOS or Android device. Users who are selected will have the option of turning it on.

Enlarge (credit: Anton Petrus | Getty )

True 5G wireless data, with its ultrafast speeds and enhanced security protections , has been slow to roll out around the world. As the mobile technology proliferates—combining expanded speed and bandwidth with low-latency connections—one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures.

A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the Internet in places where Wi-Fi isn't practical or available. Individuals may even elect to trade their fiber-optic Internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage Internet-of-things data are riddled with security vulnerabilities, according to research presented this week at the Black Hat security conference in Las Vegas. And those vulnerabilities could dog the industry long-term.

After years of examining potential security and privacy issues in mobile-data radio frequency standards, Technical University of Berlin researcher Altaf Shaik says he was curious to investigate the application programming interfaces (APIs) that carriers are offering to make IoT data accessible to developers. These are the conduits that applications can use to pull, say, real-time bus-tracking data or information about stock in a warehouse. Such APIs are ubiquitous in web services, but Shaik points out that they haven't been widely used in core telecommunications offerings. Looking at the 5G IoT APIs of 10 mobile carriers around the world, Shaik and his colleague Shinjo Park found common but serious API vulnerabilities in all of them, and some could be exploited to gain authorized access to data or even direct access to IoT devices on the network.

Enlarge (credit: Getty Images | Kalief Browder)

Google Fiber says it will expand its fiber-to-the-home Internet service to several new states for the first time since it announced a pause in construction in October 2016. The Alphabet division said in a press release today that it is "talking to city leaders" in five states "with the objective of bringing Google Fiber's fiber-to-the-home service to their communities."

The new states are Arizona, Colorado, Nebraska, Nevada, and Idaho. Three of those were just announced, while projects in Colorado Springs, Colorado, and Mesa, Arizona, were announced in recent months.

"These states will be the main focus for our growth for the next several years, along with continued expansion in our current metro areas," Google Fiber CEO Dinni Jain wrote. "In addition, we'd also love to talk to communities that want to build their own fiber networks. We've seen this model work effectively in Huntsville and in West Des Moines, and we'll continue to look for ways to support similar efforts."