SIM cards, the small slips of plastic that have held your mobile subscriber information since time immemorial, are on the verge of extinction. In an effort to save space for other components, device makers are finally dropping the SIM slot, and Google is the latest to move to embedded SIMs with the Pixel 10 series.
After long avoiding eSIM, I had no choice but to take the plunge when the time came to review Google’s new phones. And boy, do I regret it.
The Journey to eSIM
SIM cards have existed in some form since the 1990s. Back then, they were credit-card-sized chunks of plastic that occupied a lot of space inside the clunky phones of the era. They slimmed down over time, going through the miniSIM, microSIM, and finally nanoSIM eras. A modern nanoSIM is about the size of your pinky nail, but space is at a premium inside smartphones. So now there’s eSIM.
The eSIM standard was introduced in 2016, slowly gaining support as a secondary option in smartphones. Rather than holding your phone number on a removable card, an eSIM is a programmable, nonremovable component soldered to the circuit board. This allows you to store multiple SIMs and swap between them in software, and no one can swipe your SIM card from the phone. They also take up half as much space compared to a removable card, which is why OEMs have begun dropping the physical slot.
Apple was the first major smartphone maker to force the use of eSIM with the release of the iPhone 14, and it makes use of that space. The international iPhone 17 with a SIM card slot has a smaller battery than the eSIM-only version, but the difference is only about 8 percent. Google didn’t make the jump until this year with the Pixel 10 series—the US models are eSIM-only, but they unfortunately don’t have more of anything compared to the international versions.
In advance of the shift, Android got system-level support for downloading and transferring eSIMs. But whatever can go wrong will go wrong, and it’s extremely annoying when eSIM goes wrong.
Please Hold for Support
There have been times when I swapped between phones on an almost daily basis—such was the nature of reviewing phones back when there were a dozen of them coming out every month. Never once in all those countless device swaps did I have a problem with my SIM card. As such, I managed to avoid contacting carrier support for years at a time.
In the three months since Google forced me to give up my physical SIM card, I’ve needed to move my eSIM only occasionally. Still, my phone number has ended up stuck in limbo on two occasions. Android’s built-in tools work better than they used to, and I can’t say what is responsible for the eSIM corruption. However, carriers bear the responsibility for how annoying this is to fix.
The first time, I was logged in to the mobile app for my carrier (T-Mobile). After a few minutes of back-and-forth with support, I was able to use the app to authenticate and get a new eSIM pushed to the phone. It was annoying but relatively painless. The second time a SIM transfer went sideways, I was not logged in to the app, and that was a problem.
Setup was relatively quick and painless. You just have to unbox four speakers, a soundbar, and a subwoofer, attach their power cables, and plug in everything. Pairing happens through the LG ThinQ app, which allows you to set up the Sound Suite system and tune it to exactly where you’re sitting in the room using your cell phone’s microphone.
You can also set up each speaker to play music and group it with any other LG smart speakers you might have around your home, like the more affordable $250 M5 bookshelf speaker, to create a whole-home system.
Once all the components were synced, I plugged the soundbar into the C5 OLED via HDMI, and was able to easily control everything via the TV remote’s volume and mute buttons. More in-depth settings had to happen in the app, but if you’re anything like me, this won’t become a regular chore. You’ll set it how you like it once and move on. While the pairing functionality with the LG TV was nice, it’s not required–the eARC port lets the Sound Suite work perfectly with any modern TV.
The bar itself runs the show, with a black-and-white display on the far left that shows your mode and volume, among other settings. In the center of the bar and below each speaker, an LED light strip that also shows you the volume when you change it, which is a nice touch.
Getting Musical
Photograph: Parker Hall
The sound of the LG Sound Suite is full and cinematic, thanks in no small part to the extra dedicated speakers. Most competitors lack front left and right, simply opting to use the soundbar for these channels. As such, the width and breadth of the soundstage were bigger than most competitors I’ve tried, with only Samsung’s flagship HW-Q990F as a real contender. Even the Samsung lacked the lower-frequency audio quality that these LG speakers provide.
Over the four-day Easter weekend of 18 to 21 April 2025, customers of British high street fixture Marks & Spencer (M&S) took to social media in droves to lament an apparent outage that was causing disruption to in-store contactless payments.
At first glance, the disruption appeared to be the result of a run-of-the-mill IT glitch that happens from time to time, but by Tuesday 22 April, it was starting to become apparent that something far more sinister was going on. M&S shut down multiple public-facing services, such as online shopping and in-store click and collect, and CEO Stuart Machin made the rounds of the morning news studios to confirm that the retailer had been hit by a cyber attack.
The incident was the first in a series of damaging attacks against UK retailers – all orchestrated in similar fashion via the systems of an unwitting third-party tech supplier – to come to light.
As the likes of Co-op and even Harrods were drawn in, Scattered Spider – the English-speaking hacking collective behind the attack – and associated groups such as Lapsus$ and ShinyHunters became household names.
Over the summer of 2025, the teen hackers turned their attention to other targets, hitting organisations operating in multiple verticals all over the world. The cyber crime spree arguably hit its zenith – or nadir depending on your point of view – with the August 2025 attack on carmaker Jaguar Land Rover (JLR), the repercussions of which continue to reverberate around the UK economy nearly eight months on.
But the chaos kicked off at M&S, with shelves left empty as store managers struggled with downed ordering systems, and homes across the nation going without upmarket picky teas, pig-shaped gummy sweets and caterpillar-themed cakes.
Third-party vulnerabilities: it started with a phone call
“A year on from the M&S attack, the numbers tell a stark story. Retail cyber attacks grew around 34% last year, and the trajectory since then suggests that figure has only climbed further,” says Check Point UK and Ireland head of enterprise, Charlotte Wilson.
“What the incident made clear is how the nature of the attack itself should be understood. The initial entry point at M&S, and at others like Jaguar Land Rover … was a phone call. Someone convinced a helpdesk operative to hand over system access by impersonating an employee. That was the door in, and it opened onto hundreds of millions of pounds of damage. The most expensive cyber attack in British retail history began with a conversation.”
Muhammad Yahya Patel, Huntress virtual chief information security officer (vCISO) and EMEA cyber security adviser, says it is precisely this relatively unsophisticated origin story that marks the M&S breach as a case study that every security team – whether working in retail or not – should have printed out and stuck on the wall.
“The attackers didn’t find a zero-day. They didn’t bypass a next-gen firewall. They picked up the phone, pretended to be an M&S employee and asked a third-party service desk to reset a password. That was it,” says Patel.
“Everything that followed, the Active Directory database exfiltration, the credential cracking, the ransomware deployment across VMware hosts – all of it flowed from lack of service desk processes.
“Perhaps the most sobering detail [is] the four individuals arrested by the NCA in July were aged 17 to 20. These weren’t nation-state actors with deep pockets and government backing. They were young, English speaking and highly effective at finding the gap between an organisation’s technical controls, people and processes.”
The lasting effect on boardroom conversations
But significantly, says Check Point’s Wilson, the M&S attack seems to have served as a much-needed alarm call for the retail industry, and many of her customers have started scrutinising their supply chains as a result.
“The attack exposed a hard truth: your security posture is only as strong as the weakest link in your vendor ecosystem, and for many retailers, that link had never been seriously stress-tested. The supply chain conversations happening in boardrooms today simply weren’t happening 18 months ago,” she says.
“Cyber risk is now seen as a board-level issue in a way it simply wasn’t before. That cultural shift may prove to be the attack’s most important legacy.”
Dominic Mortimer, who leads the red team at Bulletproof from WorkNest, agrees that security leaders seem to be more alert to the dangers of social engineering.
“The M&S breach accounted for a massive and direct uptick in organisations wanting to include similar breach scenarios in their tests,” Mortimer tells Computer Weekly. “I think like 80% of the latest red teams we’ve done following that breach announcement have all included help desk [or] vishing simulation scenarios to ensure the organisation’s resilience and defences extend to these third-party areas.
“It very much shone a light on an area that had previously been neglected by organisations and many reconsidered or approached with greater scrutiny their reliance on outsourced third-party entities. So, it’s very much become a warning tale that organisations have taken to heart, which is a massive positive despite the bad times had by M&S.”
Post-breach lessons
This said, cyber security in retail remains an uphill battle, and Wilson highlights some structural factors that still make shops harder to protect than, for example, financial services companies, or business-to-business publishing houses.
These factors include – but are not limited to – more public-facing contact points that lead to significantly higher volumes of phishing attempts, frequent frontline staff turnover and historically lower average security maturity. This all adds up to a threat environment that is hard to harden. Furthermore, Wilson adds, retailers operate on such tight margins that cyber security faces chronic underinvestment
It is perhaps not much of a surprise then that Check Point’s most recent cyber attack statistics for March 2025 reveal that the consumer goods and services sector was one of the most heavily targeted in the UK.
Huntress’ Patel says he is now seeing a wave of multi-channel approaches by hackers using email, phone calls, SMS and even Microsoft Teams to build trust with employees before delivering the killer blow. This, he says, makes them hard to stop with any single method of control.
“It requires a culture of verification and education, not just a stack of tools,” he says. “The organisations that come out of this period strongest won’t necessarily be the ones who spent the most. They’ll be the ones who were honest about where their real gaps were and closed them.
“At Huntress, we continuously see attackers inside business as we step in to stop them in their tracks. We are witnessing a professionalised scaling of the identity theft ecosystem. Adversarial efficiency is at an all time high. By transforming unauthorised access into reliable, long-term footholds, attackers are treating networks like a marketplace.
Our collective ability to recognise and resist that kind of secondary exploitation simply hasn’t improved. The attackers know it, and they’re counting on it Charlotte Wilson, Check Point
“Organisations must pivot their strategy if you are only watching the ‘break-in’, you are missing the breach. The priority must shift to rigorous, post-authentication visibility and anomaly detection,” he says.
Wilson reflects that the M&S incident seems to have prompted the government to start to act with more urgency. She notes the National Cyber Security Centre (NCSC), in its most recent annual report, says it dealt with 204 “nationally significant” cyber attacks from September 2024 to September 2025, more than doubling the previous record of 89. She also points out the progress made on the Cyber Security and Resilience Bill (CSBR), and Westminster’s Cyber Action Plan and proposed £210m centralised cyber unit.
“We are finally starting to see government not just understand but actively communicate the societal and economic cost of cyber threats. That is progress,” she says. “What hasn’t changed, though, is individual behaviour. Consumers going about their daily lives aren’t taking meaningfully more care with their personal data.
“And there’s a chapter of this story that hasn’t been told nearly loudly enough: the wave of class-action scams that followed the breaches. They’re still out there on social media: deepfake videos asking whether you were affected, whether you might be entitled to compensation, harvesting the details of the very people who were already victims once.
“The original breach made the headlines, but the scams that fed on it didn’t. And from a societal perspective, our collective ability to recognise and resist that kind of secondary exploitation simply hasn’t improved. The attackers know it, and they’re counting on it,” she warns.
The online leak of a full version of Avatar: Aang, The Last Airbender—a highly anticipated animated film in a multimedia fantasy franchise—has divided passionate fans while upsetting those who spent years working on the film.
The leaks began on X late on Saturday night, about six months before Aang was scheduled to premiere on Paramount+. User @ImStillDissin posted two short clips from the film. “Nickelodeon accidentally emailed me the entire Avatar aang movie,” he claimed. He also threatened to stream the entire movie if Paramount didn’t release an official trailer, and he posted a still from the movie’s end credits, revealing previously undisclosed voice-over cast and roles. The media from @ImStillDissin’s posts were later hit with copyright strikes and removed.
But within 48 hours, links to download the full movie appeared on 4chan and X, where some users also directly streamed the film. Across the web, fans said they had successfully pirated and watched what appeared to be a nearly finished and “beautiful” animated film.
While some argued that Paramount deserved to be punished because of certain creative and marketing decisions around the movie, others noted what a blow the leak was to the animators and production crew. A number of those team members took to social media to convey their sadness and frustration.
“We worked on the aang movie for years with the expectation that’d [sic] we’d get to celebrate all of our hard work in theaters. Just to see people unceremoniously leak the film and pass our shots around on twitter like candy,” animator Julia Schoel wrote Tuesday on X.
The user behind @ImStillDissin, who would not reveal his real name due to fear of legal repercussions, tells WIRED that he obtained the movie almost by chance and did not expect his posts to set off such a crisis in the entertainment world. “When I posted those clips I was purely trolling,” he says. “I was expecting a day of clout farming at best, not for the whole thing to blow up like this.”
(While WIRED has done its due diligence in verifying that the person speaking to us was behind the @ImStillDissin X account, we acknowledge that the hacking community is known to troll.)
According to @ImStillDissin, a screen-grabbed version of Avatar: Aang, The Last Airbender was circulating among people he knew from his days in the hacking community, one of whom shared it with him. “Broadly speaking, the supply chain for movies and TV is rife with insecure companies and vendors and lax checks,” he claims. He notes that two different SpongeBob SquarePants movies leaked months before their release dates in 2024. “Someone on 4chan who wasn’t happy at me drip-feeding stuff posted a copy of a draft script [of the new Avatar film] from like two years back,” says @ImStillDissin.
Neither Nickelodeon nor its parent company Paramount have confirmed a hack had taken place, nor have they issued a statement on the matter. They also did not respond to requests for comment.
Originally announced in 2021, Avatar: Aang, The Last Airbender marked the first production for Avatar Studios, a division of Nickelodeon’s animation department.
Some people felt justified in pirating and sharing the movie due to the recasting of voice actors. Last year, during a Reddit AMA, casting director Jenny Jue wrote that the voice cast from the Avatar TV show that aired on Nickelodeon in the 2000s was not returning due to efforts to “match actors’ ethnic/racial background to the characters they’re portraying.”
Entertainment1 week ago
Tech1 week ago
Tech1 week ago
Fashion1 week ago
Tech1 week ago
Politics6 days ago
Fashion1 week ago
Politics6 days ago