Archive for Connectivity

No More Windows 10 Mobile Support – Microsoft Suggests Switching

Microsoft has formally announced on its support pages that, as of December 10th 2019, Windows 10 Mobile users can no longer expect security updates and support, and Microsoft recommends that customers then move to a supported Android or iOS device.

Windows 10 Mobile

Windows 10 Mobile is a mobile OS that was released in 2015 as the successor of Windows Phone 8.1 and is essentially an edition of Windows 10 running on devices that have less than a 9-inch screen.

The end of Windows 10 Mobile support comes just over four years after Microsoft’s failed acquisition of Nokia’s devices and services businesses, which led to Microsoft having to write off $7.6 billion in 2015.  At the time, tech commentators wondered why Microsoft had got into the low-margin, highly competitive phone business, and Microsoft shifted its strategy from the standalone phone business to a strategy to grow the Windows ecosystem.  This effectively put the writing on the wall for Windows 10 Mobile, and many tech commentators have been waiting over the years for the formal announcement for the end of support to come.

What Is Coming To An End?

In this announcement, Microsoft has said that new security updates, non-security hot-fixes, free assisted support options, or online technical content updates from Microsoft for free will end for users of Windows 10 Mobile as of December 10, 2019.

Microsoft has also stressed that, although third parties or paid support programs may still provide ongoing support, Microsoft support will not publicly provide updates or patches for Windows 10 Mobile after that date.

The announcement does not mean that Windows 10 Mobile devices will shut down with the cessation of support, but that continuing to use the devices afterwards will mean higher risks because of issues such as the lack of security updates and the phasing-out of backups.

Which Models?

Microsoft says that only device models that are eligible for Windows 10 Mobile, version 1709 are supported through the December 10th end date. Also, for Lumia 640 and 640 XL phone models, Window 10 Mobile version 1703 was the last supported OS version and will reach end of support on June 11th, 2019.

What Now?

The suggestion from Microsoft itself to Windows 10 Mobile customers is to move to a supported Android or iOS device.

Those customers who plan to keep using their Windows 10 Mobile device after the December 10th support cut-off date have been encouraged by Microsoft to manually create a backup before that date.  This can be done using Settings->Update & Security->Backup>More Options and then tapping on ‘Back up now’.

What Does This Mean For Your Business?

This announcement from Microsoft is certainly not unexpected.  Where commercial customers are concerned, they have the same cut-off dates as domestic customers, but Microsoft has said that it will be working with many commercial customers to ensure a successful migration to a supported platform prior to the end of support date.

This is an acceptance and acknowledgement by Microsoft that most of the partners and customers of businesses already use Android or iOS platforms and devices.

Some commentators have suggested that the move to end support for Windows 10 Mobile may also be a way for Microsoft to clear the decks ready for the introduction of a new folding smartphone, codenamed ‘Andromeda’.  This remains to be seen.

Concerns Over Huawei and ZTE Equipment and Software

A statement from the Czech National Cyber and Information Security Agency (NCISA) has warned network operators that using software or hardware made by Chinese telecom equipment suppliers Huawei and ZTE could represent a security threat.

Why?

Huawei, which the world’s biggest producer of telecoms equipment, is based in China, and according to the NCISA, private companies residing in China are required by law to cooperate with intelligence services.  This could mean that the products and services of those companies could, in theory, become part of the Chinese state security systems e.g. Huawei and ZTE could be used for spying on behalf of China.

Global Suspicion & Action

According to the Wall Street Journal, espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting in July this year to try to contain the global growth of Chinese telecom Huawei because of the threat that it could be spying for China.

The US, Australia and New Zealand have barred Huawei Technologies Ltd. as a supplier for fifth-generation networks, and Japan also looks set to ban government purchases of equipment from Huawei and ZTE.

The U.S. government is also reported to have been putting pressure on Deutsche Telekom, the majority owner of T-Mobile US, to stop using Huawei equipment, although the head of Germany’s Federal Office for Information Security (BSI) Arne Schoenbohm is reported to have told German news outlet Der Spiegel that proof is required to substantiate the accusations.

Detained

Meng Wanzhou, the chief financial officer of Huawei, was recently detained in Vancouver at the request of U.S. authorities for violating US sanctions on Iran. The arrest of Meng Wanzhou happened on the same night that President Trump was dining with Chinese President Xi Jinping during the G20 summit in Argentina.  China’s state-run media, and some other commentators have suggested that Meng’s detention appears to be politically or economically motivated.

Response

The response by a Huawei spokesperson to the NCISA warning has been to deny any suggestion that a national security threat is posed by Huawei to the Czech Republic, and to call for NCISA to provide proof of its claims.

What Does This Mean For Your Business?

If the ‘Five-Eyes’ are to be believed, Huawei’s products and network software could have backdoors built-in to them which could, in theory, allow covert surveillance or control, or destruction of phone networks (which are accessible via the internet).  The fear is that those acting for the Chinese state could gain access to the data stored / routed through Huawei devices, telecoms equipment and software, and could even, perhaps, monitor the conversations on mobile phones.

There does, however, appear to be a lack of clear proof for the allegations, and bearing in mind that Huawei is the world’s biggest producer of telecoms equipment, and that its products are popular (this year it overtook Apple in terms of the number of handsets it was shipping worldwide) and that UK stores are still stocking and selling its handsets, the warnings of various governments look unlikely to be heeded for now.  It is worth noting that BT uses Huawei systems as part of its network, but is now is removing Huawei systems from the core of the mobile network EE, which it purchased in 2016.

The advice as part of the recent Czech warning is that system administrators in critical information infrastructure should take ‘adequate measures’ against the threat.  This advice appears a little vague, and until conclusive proof can be produced, many people and businesses will feel that they can decide for themselves what, if any, action to take.

02 Outage – What Happened

After last week’s major O2 4G mobile network outage which left millions of customers with no network data access has been blamed on an expired software certificate that 3rd party supplier Ericsson had installed for some customers at business-critical part of the network.

What Happened?

On Thursday last week, O2 smartphone users were unable to use their mobile phone data for 24 hours.  O2, which is owned Spanish communications company Telefonica, has the UK’s second-largest mobile network, which is part of BT, and as well as having 25 million users, it provides services for the Sky, Tesco, Giffgaff and Lycamobile networks (whose networks were also affected).  It is estimated, therefore, that the outage affected around 35 million users in the UK and other parts of Europe (and even Japan’s SoftBank).

As well as the considerable disruption and inconvenience caused to individual customers, there were knock-on disruptive effects for organisations that run connectivity services on O2’s network, including Transport for London (TfL), Shropshire Council and a number of NHS trusts. In the case of TfL, bus information display boards, part of the Countdown Systems network, stopped working at approximately 5 am. Shropshire Council reported problems with its car park payment machines, which use O2 data connections.

£Millions In Damages + Compensation Expected

The scope, severity and duration of O2’s data network outage, and the impact on the company’s reputation as well as on its users have led to reports that 02 looks likely to seek up to £100 million in damages from Ericsson.

Also, O2 has already made announcements about how it plans to compensate customers.  For example, Pay As You Go customers look set to get 10% extra when they top up their phone in the new year or 10% off when they buy data for mobile broadband devices.

Both O2 and Ericsson have apologised.  It has been reported that Telefonica’s UK chief executive Mark Evans has promised a full audit of the problem across both organisations, and Marielle Lindgren, chief executive of Ericsson UK and Ireland has said that the software that caused the issues will be decommissioned.

What Does This Mean For Your Business?

Modern businesses now rely heavily on stable and reliable broadband connections and data network services.  Any disruption to these can be very disruptive and costly to businesses with potentially disastrous consequences.  In this case, a whole day was lost, and the true cost to UK businesses  (and their customers) may be difficult to calculate. For O2 and Ericsson, the incident appears to have caused some damage to their reputations.

As several tech commentators have since pointed out, the incident has illustrated how complex IT infrastructure has become and how, despite this complexity, organisations must stay on top of matters relating to software certificates, particularly those in business-critical systems. This incident also illustrates how problems with machine identities at critical nodes can have a wide-reaching impact on business and the economy.

Some commentators have also highlighted how operators picking up more IoT traffic and the introduction of 5G could mean that businesses are likely to experience more outages of this nature in the future.  The incident with O2 may also make some businesses take another look at their mobile strategies, feel less comfortable putting all their communications through a mobile operator, and take steps to reduce their dependence on any single external point of failure.