Author: Edward Lewis

There’s no doubt using Apple CarPlay and Android Auto in the car makes for a safer and more connected driving experience. Maybe your vehicle already supports it, or maybe not. However, you have access to either platform, there are very good adapters bringing added convenience for you every time you get behind the wheel.

The latest vehicles may offer both of these platforms with wireless connectivity, but most current and past models don’t. You might even be driving a car that never supported them to begin with. That’s where these devices come in. While a couple may require more professional installation, the majority won’t require much know-how to get things up and running.

CPLAY2air

For iPhone users looking to cut the cord, the CPLAY2air adapter is dedicated to CarPlay, working with both factory and aftermarket head units. It’s currently compatible with the iPhone 6 or later, and a pretty simple setup where you only need to plug it into the vehicle’s USB-A port to kick off the process.

There are a couple of caveats in that your phone needs to only connect to the Wi-Fi and Bluetooth connections coming from the adapter. That means you would have to disconnect from your vehicle’s head unit if connected to it via Bluetooth. Doing that should ensure CarPlay works without issue on your dash screen.

It is possible to use this with multiple iPhones in the same car, particularly if you’re sharing the car with someone. There’s no app, but there is a way to connect to the device’s IP address through a browser on your phone to update the firmware.

Order the CPLAY2air directly from the company for $134.95.

Motorola MA1

For Android users, the Motorola MA1 dongle may be among the most high-profile because of who makes it. The general idea is similar to others in this list, where you plug the device into the USB-A port to get things started. There’s no app here to run through the process, but the instructions are pretty straightforward and easy to follow. You just need to connect to the Bluetooth and Wi-Fi connections to get it working.

The one visual indicator is the LED light on the dongle itself, telling you when it’s in the process of connecting or successfully connected. The two-sided adhesive that comes in the box isn’t very good, so you may want to consider good two-sided tape if you prefer to mount this on the dash somehow.

Order the Motorola MA1 from Amazon for $99.99.

AAWireless

Another one for Android users, the AAWireless started out with a crowdfunding campaign, and is now readily available to everyone. Here, too, you have a dongle you plug in to the vehicle’s USB port, only this time you have the AAWireless app to help run through things. Once set up, Android Auto will run wirelessly each time you start the car, albeit with varying times to start up. Sometimes, it can be really quick, other times, it may take over a minute to get going. It’s not entirely clear why.

The benefit of the app is that it also offers firmware updates and a series of more advanced features. For instance, certain GM and Volkswagen models may have trouble working with the device, so the app presents workarounds for those situations. It’s not a super seamless transition if you try using the device with multiple phones, but works great if you’re on your own.

Order the AAWireless directly from Amazon for $89.99.

Carlinkit 4.0

The Carlinkit 4.0 works with both CarPlay and Android Auto, and is best if you are using either one with a factory head unit. It doesn’t work properly with aftermarket head units, so best to avoid it if you have one installed. You need to be running iPhone 6 or later (iOS 10 or later) or an Android phone running Android 10 or later to get the wireless connection working.

With the initial compatibility in place, it should be an easy setup and steady connection throughout. It shares a lot of functional similarities to the CPLAY2air, right down to the browser-based connection for firmware updates.

Order Carlinkit 4.0 from Amazon or buy it directly from the company.

Ottocast U2-X

Ottocast likes to call the U2-X a “2-in-1 adapter” and the main reason is because it works the same way for both CarPlay and Android Auto to establish a wireless connection. The one catch is that it won’t work with BMW and Mitsubishi vehicles, so best to look elsewhere on this list for something else that’s compatible with those makes and models.

Despite the terribly translated website, the device does what it’s supposed to do, and can do so regardless of whether you plug it into a factory or aftermarket head unit. You can also update the firmware through a web browser.

Order the Otttocast U2-X from Amazon for $179. or buy it directly from the company for $180.52.

Carsifi

Here’s another one that started out as a crowdfunding campaign and is still primarily available through Kickstarter and Indiegogo or the Carsifi site. It’s only for Android Auto, designed as a plug-and-play device that’s easy to set up and manage. Like others on the list, you plug in the dongle, go through the brief setup process, and then have a wireless connection to the platform thereafter.

The device comes with extensive compatibility with both phones and vehicles. Aftermarket head units aren’t a problem, either. Carsifi also developed a companion app to keep things accessible, including for firmware updates or resetting the device in case you want to start over with it.

Order a Carsifi adapter from Amazon for $119 or buy it directly from the company $89 USD (about $121.50 CAD).

Car and Driver Intellidash+

This is much more than just a dongle, given it comes with a 7-inch IPS display of its own and is a possible solution if you’re driving a car that doesn’t have CarPlay or Android Auto support. The Intellidash+ is essentially an all-in-one product that can run in any vehicle. It comes with all necessary cables, including to ensure audio runs through the car stereo system and voice assistants, like Siri and Google Assistant, work properly.

Note that there are multiple devices under the Intellidash moniker. The Plus version is the one that enables wireless connections, whereas the non-Plus one does not. There are various ports to really tinker with if you want to expand on what it can do, but the gist is that you’re setting up an external display somewhere on your dash rather than replacing your car’s existing head unit display.

Order the Car and Driver Intellidash+ from Amazon for $119.

MobileSyrup utilizes affiliate partnerships. These partnerships do not influence our editorial content, though MobileSyrup may earn a commission on purchases made via these links that helps fund the journalism provided free on our website.

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, December 9th, 2022. From Toronto, I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

In a few minutes Terry Cutler of Cyology Labs will join me to discuss some recent news. But first a roundup of some of what happened in the last seven days:

A suspected Chinese-based threat actor was in the IT system of Amnesty International Canada for 17 months before being detected. Terry and I will discuss how hard it is for agencies that rely on donations to have proper cybersecurity.

We’ll also look at the ransomware attack on U.S. hosting provider Rackspace Technologies, and a report from Accenture on the increasing use of malware to get around multifactor authentication.

Google admitted that digital certificates used by some makers of Android handsets were stolen — in some cases years ago — and are being used to validate malicious Android apps. As soon as this was learned Google and the manufacturers took protective action. Google Play Protect can detect the malware if and when users log into the Play store. However, the stolen certificates won’t expire for years. How these digital keys were stolen hasn’t yet been explained.

The free Fosshost service for hosting open-source projects is closing. In an online statement founder Thomas Markey said the volunteer-run service expanded too far and too fast. He admitted to failing to lead the project through some difficult times. The company is helping move customers to new providers.

More data-wiping malware is increasingly being used by threat actors. Researchers at Kaspersky earlier this month said they found one pretending to be ransomware they call CryWiper. Separately, researchers at ESET said they found a new wiper they call Fantasy. Fantasy is an evolution of a previous wiper. Both are believed to have been created by an Iranian-aligned group called Agrius. Organizations victimized so far have been in Israel, South Africa and Hong Kong.

When cyber crooks aren’t busy stealing from consumers, companies and governments they’re stealing from each other. That’s according to researchers at Sophos. They told the Black Hat Europe conference this week that some people on criminal forums fail to deliver promised and paid-for malware, or provide malware with a backdoor the developer can use. And once in a while they blackmail each other. Among the lessons: Arbitration threads on criminal forums can be a valuable source of intelligence to security teams.

December means cybersecurity companies start issuing look-backs at significant events from the past year. One of them is NordPass, which issued its list of worst passwords for 2022. Worst because they’re the most commonly used and therefore most easily guessed by hackers. Once again the leader is the word ‘password.’ Others in the top 10 are 123456, guest, qwerty and 1111111. These would be among the first tried by hackers. If they try to break them, these would only take one second to crumble before today’s computers. Please make your passwords are complex, use a password manager and enable multifactor authentication on any site that offers it.

(The following transcript has been edited for clarity)

Howard: Back with us again from Montreal is Terry Cutler. Good afternoon. We’ll start with the admission by the Canadian branch of Amnesty International that it was hacked by a suspected Chinese-backed group.

Amnesty International, which has 80 offices around the world, is a large human rights nonprofit headquarter in England. It’s Canadian branch is smaller. While the agency wouldn’t tell me how big the Canadian IT department is, we can assume it isn’t large. And like any organization that depends on donations it wouldn’t have a lot of money for cybersecurity. Human rights groups around the world are targets of certain governments who don’t like their advocacy. And among the countries that Amnesty Canada speaks out about is China. So it isn’t uprising that the company that did the forensic audit of the attack concluded it’s likely the threat actor came from China.

What struck me is that the attacker was in Amnesty Canada’s environment for 17 months before being detected.

Terry Cutler: A lot of people don’t realize that the average time that an attacker in your IT system is 286, so 17 months is a problem. Obviously Amnesty Canada didn’t have enough insider threat detection or a response plan to get the hacker out. But the fact that the attacker was in there for 17 months means that he probably made a mistake and set off an alarm. Clearly they [Amnesty Canada] need to look at more of a holistic approach where they’ll have a good look at their IT network, their endpoints and their cloud together. NGOs often work with outsourced IT groups, and the IT guys often say, ‘We’ve got you covered.’ But the IT guys are like your family doctor: You’re not going to ask them to perform laser eye surgery on you. That’s where a cybersecurity group is going to complement them. But as you know, cyber security experts are very expensive. So a lot of times firms don’t have the budget for them. Also, the management and in these organizations feel they don’t have a lot of sensitive information — even though they do — so one’s going to want to hack us. So they protect their IT networks like they protect their home with antivirus and a firewall. They just don’t have enough detection in place. Cybercriminals know this. That’s why they hack into a not-for-profit group and use them as a jump point to attack another company.

You know, had they [Amnesty Canada] done a simple audit they would have seen things like user accounts that still might be active in the IT system that haven’t signed in months or years, or poor patch management, or terrible passwords. They might even see weird logins coming in from unexpected locations or times of the day.

Howard: Amnesty Canada told me the reason they detected this attack was this past summer they started overhauling their IT system and installing some new things. That’s when ah they were able to discover evidence of this attack.

Terry: And that’s the problem: They just have to do the best with what they had at the time. Usually when you install a patch or set up some new security is when the attacker is going to be blocked.

Howard: I was told that there were no data exfiltration tools found in the Amnesty Canada IT system. Can we logically conclude for sure that no data was copied?

Terry: I don’t believe so, because if they just were starting to overhaul their systems there’s a good chance that they didn’t have enough event logs, so they probably would not have known that the attackers were exfiltrating data. Not only that, if the IT guys were receiving a ton of alerts a lot of times they may get alert fatigue. So a lot of times these logs or or event information is not monitored.

Howard: One thing that occurred to me is that the attack was aimed at the Canadian branch as a way to learn what Amnesty’s headquarters is doing. So just by monitoring email or documents the attacker could learn a lot. In other words, it’s like a supply chain attack, only in this case there’s no evidence the IT system of Amnesty’s headquarters was penetrated.

Terry: When we work with not-for-profits they usually have one I guy assigned to the company — and, again he’s an IT guy, not a cyber expert. They often think they just need an antivirus and a firewall and they’re done. Here’s where you should start looking at awareness training for employees because there are so many ways to get into a company: Through leaked passwords on the dark web, the lack of multifactor authentication. Employees need to learn how to spot a phishing email, what not to click on and the dangers of mishandling their information.

Howard: Amnesty Canada said that one of the reasons it went public about this attack is to warn other nonprofits about the importance of cybersecurity. Have you dealt with nonprofits and if so what is their level of security maturity?

Terry: Actually, we have them as clients. Before we brought them into a more holistic monitoring system they were dealing with a ton of problems like tight budgets, shortage of staff, IT guys saying, ‘We got you covered,’ and they deploy EDR (endpoint detection and response). But the thing is, EDR is not going to cover you holistically. There were attacks coming in from the cloud, there was password stuffing of their user accounts on Office 365 — EDR is not going to see that. There were some IoT devices that were infected and beaconing out through their network. Again, EDR is not going to find that. So you need to look at a more holistic solution — on a budget. There are a lot of problems [in nonprofits] but experts are needed to weed out the most common threats.

Howard: The second item we’re going to look at is the ransomware attack on American cloud hosting provider Rackspace. Rackspace cells a number of services including hosted Microsoft Exchange for organizations. Last week that service was knocked offline. We don’t know how the Exchange service was compromised, nor did Rackspace know at the time that we recorded this podcast whether any customer emails or data was copied. Rackspace is helping customers move to the cloud-based Microsoft 365 so their email can continue. But this wasn’t the only recent ransomware attack: A hospital outside of Paris had to shut its IT and phone systems after a ransomware attack over the weekend. Six patients had to be transferred to other hospitals. Terry, we talk a lot about ransomware. What more can you say after another successful ransomware attack?

Terry: We can clearly see that ransomware is not going away. We need better preparation for it, more holistic monitoring [of IT networks]. I keep hammering on this, but it’s true. There’s so many attack vectors that to worry about. And because most companies are short-staffed they need to start looking at partnering with a cybersecurity firm or hire more IT staff. That’s going to put a lot of defenses in place. But, again, will your IT guy be watching your system at 2 a.m. on a Saturday morning? You have to start looking at outsourcing partners. Now, a lot of times they’ll say you need to deploy EDR everywhere. But let me tell you what happened at a company that we dealt with that had EDR everywhere. They got hit with a ransomware attack and it stayed in their system. When you get with ransomware several steps have to happen: You have to disconnect from the internet and rebuild your entire network from scratch. We did that and migrated data from the old network to the new one. And they got ransomed again. So we rebuilt the network again and activated the bridge between the two networks, and got ransomed again. We found out on the third try that the machine that was doing the data migration didn’t have EDR on it. So it still had the ransomware. The other machines with ERD didn’t stop the ransomware attack because it didn’t execute from the box had EDR protection. So you need to make sure that EDR is deployed properly everywhere — and network monitoring as well.

Howard: Just for those who don’t know, EDR is a step up from antivirus EDR is short for endpoint detection and response. Can you give us a little synopsis of EDR technology?

Terry: Traditional antivirus is signature-based. meaning when a virus comes through it recognizes the virus signature and blocks it. But it also has to update its database every couple of hours to state current. EDR detects what’s abnormal [network behavior] and cut off the process.

Howard: One of the things that that one might take away from the Rackspace incident is IT departments shouldn’t recommend hosted third-party applications if the organization goes to the cloud. They should only subscribe to cloud applications that are offered by the original application maker. Is that a good conclusion?

Terry: I used to work for a software vendor called Novell. A third party wanted to host Novel services, versus our engineers were monitoring IT and updating the platform. So my biased approach is, yes, you should be working directly with the application maker. I’ll tell you a real story that happened last year, also, coincidentally, with a not-for-profit. They were using a hosted Office 365 with another hosting provider. It got hacked. The attacker was able to access all of their emails. The attacker also found a bank change form. They found out who the nonprofit’s funding provider, was and they [the attackers] started communicating with the funding agency, creating fake emails to look make it look like a conversation. They said, ‘We’ve been having problems with our Canadian account. Can you please use this form, change the bank information and wire the money to Hong Kong?’ And the financing company accepted it. That’s how the organization lost half a million dollars.

Howard: Ransomware is a problem, and I think not merely ransomware but any malware, if you don’t have end-to-end encryption of all your data. Then a determined hacker will get at it and you’re going to lose at least some of your data. So the best you can do is to limit the amount of data that an attacker can access — or am I wrong on that?

Terry: You’re absolutely right. But the problem is it could be very, very expensive to secure your environment and there’s still no guarantee [you won’t be hacked]. So the goal is to make it as hard as possible for an attacker to get in. Which is why security audits are important. It will show who may have too much data access or if a problem happened with this account. We see often where in small firms or not-for-profits everybody’s trustworthy, everybody gets administrator access. That’s horrible. That means if anybody gets hacked it’ll affect the entire company. You need to limit data access to only those who need it.

Howard: The final news item we’re going to look at is a report from Accenture on a type of malware called an information stealer. This malware goes after victim information like passwords, usernames, cookies and such stored in browsers or email clients, messaging platforms or cryptocurrency wallets. They may also steal logs from multifactor authentication apps. Why? Because employees are increasingly using multifactor authentication to protect their login credentials. So threat actors want this personal information to defeat MFA. One way is by bombarding the smartphones of target individuals with multifactor authentication requests. If the victim gives in and presses OK, under the right conditions the attacker gets control over the smartphone. With a crook authenticated they can launch deeper attacks into an IT environment. Common information stealers that IT departments should be looking out for are called Red Line, Raccoon, Vadar and Taurus. Terry are IT and security teams meeting the challenge of this type of malware?

Terry: It’s very, very difficult. These come in often from phishing attacks. We use the same tactics in a penetration test — we’ll send a phishing email to an employee and if he clicks on it and he has enough access on his computer we can become an insider threat. I could turn on his video camera, turn on the microphone, and extract the passwords from his browser. Or we can even do a pass-the-hash attack where we can log in as a person without ever knowing the password. The key here is really around employee awareness training, especially around MFA. fatigue. This is where you receive repeated messages on your phone asking if you logged in from Montreal. A victim clicks yes, and boom, the attacker is in. This is where IT departments need to start looking at authentication-based apps [instead of receiving SMS confirmation texts] where the user has to type in a password. Awareness training is going to be key.

Howard: The thing is threat actors can buy monthly access to information stealers or they can buy a lifetime licence — and it’s cheap. One information stealer can be had for US$150 a month or US$1,000 for a permanent license.

Terry: We’re also seeing there’s been more leakage of [victim’s stolen] logs on the dark web, which has the information of users and their passwords. This really comes down to awareness training. Also, [IT and security teams] should look at dark web monitoring for their companies. There are services that do it and give an alert the moment an employee’s password has leaked.

Howard: The report notes that in October the U.S. arrested a major player behind the Raccoon stealer and allegedly dismantled the malware’s IT infrastructure. However, someone claimed on an exploit forum that the project is still running.

Terry: We’ve talked about this in various podcasts before that groups are coming and going. But the background players are all usually the same.

Howard: What more should IT and security teams be doing to blunt the threat of information stealers?

Terry: Again, I think dark web monitoring is going to be key to help with some automation. IT also needs to need to start looking at how they set up their MFA authentication mechanisms. Use an authentication-based app instead of push notifications, includes biometrics [for logins] and also look at awareness training especially, around MFA fatigue and social engineering attacks. Users users need to understand how to spot email problems in the ‘From’ address, or it’s addressed to ‘Dear customer,’ and how to hover over a link to show the real domain it goes to. It’s hard to encourage users to learn about these things to protect themselves online … but we need to really keep hammering home on this.

The post Cyber Security Today, Week in Review for Friday Dec. 9, 2022 first appeared on IT World Canada.

Craving some McDonald’s? DoorDash is offering a free Spicy McCrispy chicken sandwich when you place a $25 or higher order.

According to an email sent out to DoorDash customers, until December 23rd, customers can claim the free sandwich by adding it to their cart once the order subtotal hits $25. At checkout, a discount will apply to the sandwich to make it free.

Moreover, when you navigate to McDonald’s in the DoorDash app, you should see a banner at the top of the page with the deal.

Earlier this week, DoorDash revealed what Canadians ordered through 2022, including a $2,761 order for kebabs and meat platters placed in Outremont, Quebec. You can check that out here.

Fortnite‘s long-awaited Chapter 4 is out now.

The chapter introduces new ways to get around the map, like riding on a dirt bike, rolling within a snowball or launching yourself with a Shockwave Hammer. There are several new locations around the map, including Frenzy Fields, The Citadel, Brutal Bastion, Anvil Square, and more, while new weapons like the Ex-Caliber rifle, Thunder shotgun, Maven auto shotgun, Red Eye assault rifle and more are here to refresh the combat feel in the game.

Despite all the in-game changes and improvements, one of the more important updates is an under-the-hood one. Fortnite now runs on Unreal Engine 5.1, which means the game can take advantage of several fancy new, innovative visual features that would make the cartoon-ish game more lifelike.

It’s worth noting that the following visual improvements brought about by Unreal Engine 5.1 are available on Xbox Series X/S, PlayStation 5, high-end PCs and cloud gaming.

“Unreal Engine 5 ushers in a generational leap in visual fidelity, bringing an unprecedented level of detail to game worlds like the Battle Royale Island,” reads Epic Games’ blog post about the updates. “Next-gen Unreal Engine 5 features such as Nanite, Lumen, Virtual Shadow Maps, and Temporal Super Resolution are now available in Fortnite Battle Royale on PlayStation 5, Xbox Series X|S, PC, and cloud gaming!”

What this means is that with features like ‘Nanite,’ each brick, stone, wood planks and other in-game architecture will be more detailed, while ‘Lumen’ would allow for “high-quality ray traced reflections on glossy materials and water.”

Similarly, with ‘Virtual Shadow Maps,’ each brick, leaf, and modeled detail will cast a shadow, while things like hats and other small details on characters will also cast shadows. Temporal Super Resolution (TSR) would allow for higher-quality graphics and visuals to be rendered when playing the title at a high framerate.

Check out the minimum and recommended PC specs to run the visual features here. Learn more about Fortnite Chapter 4 and the visual upgrades it brings along here.

Image credit: Epic Games

Source: Epic Games

Fans of the ultralight and simplistic DJI Mini 2 from 2020 were likely put off but the pricey Mini 3 ‘Pro’ from early 2022. However, the Chinese camera company is returning to form with the excellent new Mini 3.

The latest sub-250g drone from DJI strips out the subject tracking, and a few other features from its Pro version to bring more value to the table. It’s all most people need and a great upgrade for owners of previous DJI Mini drones.

There are a few other tradeoffs, but for most hobbyists who enjoy ariel pictures and videos, the Mini 3’s light frame and incredible optics make it the perfect drone. Pros may look further up the DJI line, but the company has packed a lot of power into the small Mini 3.

What can it do?

The best thing about the DJI Mini 3 is that it retains the same camera and gimbal design as the Mini 3 Pro. This gets you a usable dynamic range, sharp images and the ability to position the camera vertically or horizontally.

The 48-megapixel camera is impressive, and the RAW files offer a lot of latitude when editing in post. Even in low-light, the wide f/1.7 aperture and 1/1.3-inch camera sensor capture great images and videos. The noise can be a little much sometimes, but the dual native ISO system DJI uses does an admirable job of keeping things sharp and visible without too much grain.

You can see more camera samples in our Mini 3 Pro review since both Cameras are similar.

DJI calls it HDR, but the footage is still in the Rec.709 codec. If that means anything to you, then you’ll want to consider a more robust drone like a Mavic 3. That said, the dynamic range from the footage is very usable and a solid step up over the Mini 2.

Since it’s been able to strip out so much from the Mini 3 Pro, the new Mini 3 has an even longer flight time. If you use the denser Intelligent Flight Battery Plus, you can get a maximum flight time of 51 minutes which is four minutes longer than the Mini 3 Pro with the same battery. The standard battery gets you off the ground for 38 minutes, a four-minute improvement over the Pro version of the Mini 3.

Perhaps more notably, this is seven minutes longer than the Mini 2, and the overall hardware has better wind resistance. Therefore, it should last substantially longer than the Mini 2 in windy conditions. These battery stats are very impressive. This is the first time I’ve rarely used more than one battery per flight with a drone, which is great news for pilots looking to travel light.

What it’s missing?

Compared to the Mini 3 Pro, the new drone offers several of the same properties, but since it doesn’t feature forward and backward-facing sensors, it can’t do DJI’s ‘Active Track,’ a bummer for one-person crews.

Active Tracking is helpful, but this feature led to most of my crashes in my time reviewing the Mini 3 Pro. When I set up the drone to track me, it became harder to pay as much attention to it in the air, leading to unfortunate collisions. I’d also say that the Active Tracking feature is a more complex skill to use when filming, so it’s not something that most people will miss.

The new Mini 3 also features DJI’s older ‘O2’ transmission system, so it can only fly in a range of 10km around the pilot instead of 12km. It’s not that much of a difference, but the extra 2km of wireless range on the Pro version of the drone is convenient.

The company’s timelapse and MasterShot modes are also missing inside the new drone. These enabled the drone to fly independently to get various simple shots without the pilot needing to control the entire flight. You can still get the same types of shots with the Mini 3, but you need to do them manually.

That said, these extra features might not make or break the drone flying experience for most people. However, one small feature that’s not in the Mini 3 breaks my heart: 4k/60fps. For some reason, the Mini 3 tops out at 4K/30fps. This is fine for most circumstances, but being able to slow things down can help a shot look a lot more cinematic. Not having that option at 4K seems like a strange move.

Other camera software missing in the Mini 3 is the ability to shoot in D-Cinelike. I still find the standard clips nice enough to colour grade with, but having access to fewer colour profiles does make this drone less versatile for real video work since it’s much harder to match other cameras.

The final difference that got me was the lack of internal storage. The Mini 3 Pro features 1.3GB, which isn’t much, but it’s enough to get you a minute or so of 4K footage. As someone who forgets SD cards often, the fact that the new Mini 3 has no internal storage has screwed me over more than once. This sounds small, but drone flying often requires driving or hiking to semi-remote places. and getting somewhere hours away from home without a fast-enough MicroSD card to record with can be devastating.

Poncle’s time survival RPG title Vampire Survivors, which up until now, has been available on Windows, Mac, Xbox One and Xbox Series X, has released on iOS and Android, as announced during The Game Awards.

The title is available for free on the App Store and Play Store, in contrast to the $5 you have to pay to download the game on Steam and the Game Pass requirement for consoles.

The undead are coming to a new platform with our 2nd world premiere, it’s #VampireSurvivors! @poncule_vampire #TheGameAwards pic.twitter.com/R9qsYXhQNj

— The Game Awards (@thegameawards) December 9, 2022

The free-to-play game does, however, include ads on mobile. The auto shooter title allows movement controls, and the option to select a weapon and perks when you level up. There is no way to beat the survival game, and you’ll eventually die in-game. You can watch a video to receive an extra life when you die, and the same goes if you want to earn extra gold.

It’s currently unknown if Vampire Survivors will make its way to PlayStation consoles or the Nintendo Switch.

Notably, the title is also set to receive its first major expansion, called Legacy of the Moonspell, on December 15th. The DLC is set to cost $1.99, and will add new characters, weapons, and a new stage to the title.

For all of the major announcements from The Game Awards, follow this link.

Image credit: poncle

Source: @thegameawards