Archive for Connectivity

‘Runet’ Test – Russia Unplugs Itself From The Internet

A little later than its original planned date of April 1st 2019, a recent test-run has seen Russia successfully ‘unplug’ itself from the Internet and prove that it can create its own state-controlled Intranet.

Successfully Creating The ‘Runet’

The test, which was first announced back in February last year, is reported to have gone ahead without users noticing much difference and created what is effectively a giant, fully isolatable domestic intranet which has been dubbed the ‘Runet’.

Why?

Officially, the test to be able to pull up the drawbridge on the wider global internet is to ensure compliance with Russia’s new law called the Digital Economy National Program which came into force in November 2019.  This will require Russia’s ISPs to show that they can operate in the event of any foreign powers acting to isolate the country online with a “targeted large-scale external influence” i.e. a cyber-attack. For (state-owned) ISP’s, this will mean having to install deep packet inspection (DPI) network equipment which will allow Russia’s telecoms watchdog ‘Roskomnadzor’ to be able to identify traffic sources, filter content, and block certain sites. It has also been reported that, as part of the project to create and run the Runet, Russia is working on creating its own Internet address books.

Another official explanation for the value of the test to create the Runet is that it helped to show any vulnerabilities in the growing ‘Internet of Things’ (IoT).

Control

Although this is the official explanation, some western commentators see this as a move towards tighter control and authoritarian rule in a way that is similar to some other countries.  For example, China, which operates its own Great Firewall of China (GFW) for Internet censorship to block access to many foreign websites and to slow down and monitor cross-border internet traffic. Also, Iran operates its own National Information Network, run by the state-owned Telecommunication Company of Iran, which controls access to the web and polices content.

Difficult To Circumvent

Those thinking of circumventing the Runet and other censorship are likely to find it difficult as virtual private networks (VPNs) will not work with the Runet in place and many commentators think that it is likely that the Kremlin will try to stop access to end-to-end encrypted apps e.g. Telegram or WhatsApp.

Interfering

It is likely that one good reason for Russia to be able to cut itself off from the wider Internet is to protect itself from cyber threats in what now appears to be an ongoing war of interference, misinformation, and cyber-attacks between many states.  For example, Russia was shown to have interfered with the last U.S. presidential election and has itself been the subject of large-scale cyber-attacks. That said, the Chinese recently accused the U.S. of conducting “large-scale, organised and indiscriminate cyber theft” after it was revealed that since the 1970s, America’s CIA has been monitoring hundreds of countries via the Swiss cryptography firm Crypto AG.

What Does This Mean For Your Business?

For the Russian government, being able to exert tight control and conduct censorship on this scale, and to operate through a small number of state-owned suppliers not only guards against misinformation and cyber threats but also gives the government the opportunity to wield immense political power over its people. The move is, obviously, being greeted with suspicion and criticism from the west, with concern about the rights of Russian citizens.

Also, for non-Russian companies hoping to do business there, an inward-looking, state-controlled Intranet that favours Russian companies, particularly with tech and communications products and services would make trade there very difficult. Many western commentators are now worried that Russia may be going the same way as China in terms of censorship and access to the world by digital means.

Featured Article – Proposed New UK Law To Cover IoT Security

The UK government’s Department for Digital, Culture, Media and Sport (DCMS), has announced that it will soon be preparing new legislation to enforce new standards that will protect users of IoT devices from known hacking and spying risks.

IoT Household Gadgets

This commitment to legislate leads on from last year’s proposal by then Digital Minister Margot James and follows a seven-month consultation with GCHQ’s National Cyber Security Centre, and with stakeholders including manufacturers, retailers, and academics.

The proposed new legislation will improve digital protection for users of a growing number of smart household devices (devices with an Internet connection) that are broadly grouped together as the ‘Internet of Things’ (IoT).  These gadgets, of which there is an estimated 14 billion+ worldwide (Gartner), include kitchen appliances and gadgets, connected TVs, smart speakers, home security cameras, baby monitors and more.

In business settings, IoT devices can include elevators, doors, or whole heating and fire safety systems in office buildings.

What Are The Risks?

The risks are that the Internet connection in IoT devices can, if adequate security measures are not in place, provide a way in for hackers to steal personal data, spy on users in their own homes, or remotely take control of devices in order to misuse them.

Default Passwords and Link To Major Utilities

The main security issue of many of these devices is that they have pre-set, default unchangeable passwords, and once these passwords have been discovered by cyber-criminals, the IoT devices are wide open to being tampered with and misused.

Also, IoT devices are deployed in many systems that link to and are supplied by major utilities e.g. smart meters in homes. This means that a large-scale attack on these IoT systems could affect the economy.

Examples

Real-life examples of the kind of IoT hacking that the new legislation will seek to prevent include:

– Hackers talking to a young girl in her bedroom via a ‘Ring’ home security camera (Mississippi, December 2019).  In the same month, a Florida family were subjected to vocal, racial abuse in their own home and subjected to a loud alarm blast after a hacker took over their ‘Ring’ security system without permission.

– In May 2018, A US woman reported that a private home conversation had been recorded by her Amazon’s voice assistant, and then sent it to a random phone contact who happened to be her husband’s employee.

– Back in 2017, researchers discovered that a sex toy with an in-built camera could also be hacked.

– In October 2016, the ‘Mirai’ attack used thousands of household IoT devices as a botnet to launch an online distributed denial of service (DDoS) attack (on the DNS service ‘Dyn’) with global consequences.

New Legislation

The proposed new legislation will be intended to put pressure on manufacturers to ensure that:

– All internet-enabled devices have a unique password and not a default one.

– There is a public point of contact for the reporting of any vulnerabilities in IoT products.

– The minimum length of time that a device will receive security updates is clearly stated.

Challenges

Even though legislation could make manufacturers try harder to make IoT devices more secure, technical experts and commentators have pointed out that there are many challenges to making internet-enabled/smart devices secure because:

  • Adding security to household internet-enabled ‘commodity’ items costs money. This would have to be passed on to the customer in higher prices, but this would mean that the price would not be competitive. Therefore, it may be that security is being sacrificed to keep costs down-sell now and worry about security later.
  • Even if there is a security problem in a device, the firmware (the device’s software) is not always easy to update. There are also costs involved in doing so which manufacturers of lower-end devices may not be willing to incur.
  • With devices which are typically infrequent and long-lasting purchases e.g. white goods, we tend to keep them until they stop working, and we are unlikely to replace them because they have a security vulnerability that is not fully understood. As such, these devices are likely to remain available to be used by cyber-criminals for a long time.

Looking Ahead

Introducing legislation that only requires manufacturers to make relatively simple changes to make sure that smart devices come with unique passwords and are adequately labelled with safety and contact information sounds as though it shouldn’t be too costly or difficult.  The pressure of having to display a label, by law, that indicates how safe the item is, could provide that extra motivation for manufacturers to make the changes and could be very helpful for security-conscious consumers.

The motivation for manufacturers to make the changes to the IoT devices will be even greater if faced with the prospect of retailers eventually being barred from selling products that don’t have a label, as was originally planned for the proposed legislation.

The hope from cyber-security experts and commentators is that the proposed new legislation won’t be watered-down before it becomes law.

Want A Walkie-Talkie? Now You Can Use Your Phone and MS Teams

Microsoft has announced that it is introducing a “push-to-talk experience” to its ‘Teams’ collaborative platform that turns employee or company-owned smartphones and tablets into walkie-talkies.

No Crosstalk or Eavesdropping

The new ‘Walkie Talkie’ feature will offer clear, instant and secure voice communication over the cloud.  This means that it will not be at risk from traditional analogue (unsecured network) walkie-talkie problems such as crosstalk or eavesdropping, and Microsoft says that because Walkie Talkie works over Wi-Fi or cellular data, it can also be used across geographic locations.

Teams Mobile App

The Walkie Talkie feature can be accessed in private preview in Teams in the first half of this year and will be available in the Teams mobile app.  Microsoft says that Walkie Talkie will also integrate with Samsung’s new Galaxy XCover Pro enterprise-ready smartphone for business.

Benefits

The main benefits of Walkie Talkie are making it easier for firstline workers to communicate and manage tasks as well as reducing the number of devices employees must carry and lowering IT costs.

One Better Than Slack

Walkie Talkie also gives Teams another advantage over its increasingly distant rival Slack, which doesn’t currently have its own Walkie Talkie-style feature, although things like spontaneous voice chat can be added to Slack with Switchboard.

Last month, Microsoft announced that its Teams product had reached the 20 million daily active users (and growing) mark, thereby sending Slack’s share price downwards.

Slack, which has 12 million users (a number which has increased by 2 million since January 2019) appears to be falling well into second place in terms of user numbers to Teams in the $3.5 billion chat-based collaborative working software market.  However, some tech commentators have noted that Slack has stickiness and strong user engagement and that its main challenge is that although large companies in the US use it and like it, they currently have a free version, so Slack will have to convince them to upgrade to the paid-for version if it wants to start catching up with Teams

Apple Watch Walkie-Talkie App

Apple Watch users (Series 1 or later with watch OS 5.3 or later, not in all countries though) have been able to use a ‘Walkie-Talkie’ app since October last year.

What Does This Mean For Your Business?

For businesses using Microsoft Teams, the new Walkie Talkie feature could be a cost-saving and convenient tool for firstline workers, and the fact that it integrates Samsung’s new Galaxy XCover Pro will give it even more value for businesses.

For Microsoft, the new Walkie Talkie feature, along with 7 other recently announced new tools for Teams focused firmly on communication and task management for firstline workers are more ways that Teams can gain a competitive advantage over rival Slack, and increase the value of Office 365 to valuable business customers.

5G Mobile Network is 450% Faster Than 4G in Tests

Tests by Ookla, the developer of Speedtest.net, are reported to have shown that the new 5G mobile network is 450% faster than 4G.

Speed

According to the Speedtest.net website, the results of the testing of 5G in 29 UK cities during Q3 of 2019 generally show download speeds as being 450-475% faster than those on all mobile technologies combined, and that the 5G download speed in Northern Ireland showed a 618.3% improvement due to the fact that mean mobile download speeds on all technologies are slower in Northern Ireland than elsewhere in the U.K.

The tests also revealed that mean 5G download speeds are uniformly high across the U.K., with only 6 Mbps difference between the fastest country (England) and the slowest (Northern Ireland).

Availability

Speedtest.net says that mobile operators have embraced 5G across the UK this year.  For example, 5G is now commercially available in 22 English cities such as London, Birmingham, Bristol, Liverpool, Manchester and Wolverhampton.

5G is also now available in Edinburgh, Glasgow and Paisley in Scotland, in Belfast in Northern Ireland, and in Cardiff, Llandudno and Penarth in Wales.

Rankings

In terms of ranking operators in terms of their 5G download speed in the UK during Q3 2019, Speedtest.net put EE in first place, O2 in second and Vodafone in third place.

No Three

The Speedtest.net results and analysis didn’t include Three because they currently only offer 5G broadband in certain districts of London and their 5G has not yet been launched.

Three announced earlier this year, however, that new and existing customers with compatible handsets will be able to get 5G at no extra cost(s) when its 5G service is launched.

Upload Speeds Not As Impressive

The test results showed, however, that 5G upload speeds, although good, were not quite as impressive as the download speeds with percentage increases ranging from 38.5% to 110% faster.

Safety Concerns

One issue not covered by the testing was the safety fears surrounding 5G. For example, 5G uses 3 Spectrum bands, low-band spectrum (LTE), mid-band spectrum, and what some believe to be the potentially dangerous mmWave high-frequency spectrum.

The mmWave spectrum, however, is still not close to the kind of ionising wavelengths that can cause damage to DNA and mmWave will mostly be deployed in a spectrum that suffers from high reflection rates – 24 to 29GHz.  This should mean that any absorption by the body will be confined to the surface layers of the skin rather than the deeper tissue that is reached by lower frequency radiation.

What Does This Mean For Your Business?

Ofcom is due to auction additional spectrum for 5G in the 700 MHz and 3.6-3.8 GHz bands in spring 2020 and this should help fuel the further expansion of the 5G networks.  This is likely to be good news for businesses who have been waiting for the speed benefits that 5G can bring, for example in improving file sharing and other communication capabilities.

Although the rollout is currently only confined to major UK cities, which will, of course, favour businesses in those areas, it is good news that 5G has been achieving consistent speeds in its deployments around the world, thereby improving on one of the challenges of 4G.

Different operators look set to take different approaches to their 5G rollouts and offerings, and greater 5G availability will provide a boost to the sales of new generation mobile handsets in the UK where many people and businesses have been holding back on purchasing the latest 5G models until they could reap the benefits of having a much more established 5G network in place.

Amazon Echo and Google Home ‘Smart Spies’

Berlin-based Security Research Labs (SRL) discovered possible hacking flaws in Amazon Echo (Alexa) and Google Home speakers and installed their own voice applications to demonstrate hacks on both device platforms that turned the assistants into ‘Smart Spies’.

What Happened?

Research by SRL led to the discovery of two possible hacking scenarios that apply to both Amazon Alexa and Google Home which can enable a hacker to phish for sensitive information in voice content (vishing) and eavesdrop on users.

Knowing that some of the apps offered for use with Amazon Echo and Google Home devices are made by third parties with the intention of extending the capability of the speakers, SRL was then able to create its voice apps designed to demonstrate both hacks on both device platforms. Once approved by both device platforms, the apps were shown to successfully compromise the data privacy of users by using certain ‘Skills and actions’ to both request and collect personal data including user passwords by eavesdropping on users after they believed the smart speaker has stopped listening.

Amazon and Google Told

SRL’s results and the details of the vulnerabilities were then shared with Amazon and Google through a responsible disclosure process. Google has since announced that it has removed SRL’s actions and is putting in place mechanisms to stop something similar happening in future.  Amazon has also said that it has blocked the Skill inserted by SRL and has also put in preventative mechanisms of the future.

What Did SRL’s Apps Do?

The apps that enabled the ‘Smart Spy’ hacks took advantage of the “fallback intent”, in a voice app (the bit that says I’m sorry, I did not understand that. Can you please repeat it?”), the built-in stop intent which reacts to the user saying “stop” (by changing the functionality of that command after the apps were accepted), and leveraged a quirk in  Alexa’s and Google’s Text-to-Speech engine that allows inserting long pauses in the speech output.

Examples of how this was put to work included:

  • Requesting the user’s password through a simple back-end change by creating a password phishing Skill/Action. For example, a seemingly innocent application was created such as a horoscope.  When the user asked for it, they were given a false error message e.g. “it’s not available in your country”.  This triggered a minute’s silence which led to the user being told “An important security update is available for your device. Please say start update followed by your password.” Anything the user said after “start” was sent to the hacker, in this case, thankfully, SRL.
  • Faking the Stop Intent to allow eavesdropping on users. For example, when a user gave a ‘stop’ command and heard the ‘Goodbye’ message, the app was able to continue to secretly run and to pick up on certain trigger words like “I” or words indicating that personal information was about to follow, i.e. “email”, “password” or “address”. The subsequent recording was then transcribed and sent back to SRL.

Not The First Time

This is not the first time that concerns have been raised about the spying potential of home smart speakers.  For example, back in May 2018, A US woman reported that a private home conversation had been recorded by her Amazon’s voice assistant, and then sent it to a random phone contact who happened to be her husband’s employee. Also, as far back as 2016, US researchers found that they could hide commands in white noise played over loudspeakers and through YouTube videos in order to get smart devices to turn on flight mode or open a website. The researchers also found that they could embed commands directly into recordings of music or spoken text.

Manual Review Opt-Out

After the controversy over the manual, human reviewing of recordings and transcripts taken via the voice assistants of Google, Apple and Amazon, Google and Apple had to stop the practice and Amazon has now added an opt-out option for manual review of voice recordings and their associated transcripts taken through Alexa.

What Does This Mean For Your Business?

Digital Voice Assistants have become a popular feature in many home and home-business settings because they provide many value-adding functions in personal organisation, as an information point and for entertainment and leisure.  It is good news that SRL has discovered these possible hacking flaws before real hackers did (earning SRL some good PR in the process), but it also highlights a real risk to privacy and security that could be posed by these devices by determined hackers using relatively basic programming skills.

Users need to be aware of the listening potential of these devices, and of the possibility of malicious apps being operated through them.  Amazon and Google may also need to pay more attention to the reviewing of third party apps and of the Skills and Actions made available in their voice app stores in order to prevent this kind of thing from happening and to close all loopholes as soon as they are discovered.

New Law To Advance Fast Broadband Roll-Out Announced

Amendments to the UK’s Electronic Communications Code will give broadband operators compulsory rights to install their apparatus on another person’s property, thereby getting around the problem of landlords not responding to requests for access to blocks of flats and apartments.

The Challenge

The challenge that has prompted the government to seek changes to the current legislation has been a claim by broadband operators that 40% of their requests for access to blocks of flats and apartments have routinely received no response. This has been blamed for slowing down the UK government’s plans to deliver the target of national full-fibre coverage by 2025 and develop the kind of digital infrastructure that could boost growth and boost productivity.

The Law

Prior to 2017, the UK law that applied to relations between landlords and telecoms operators in respect installing and maintaining electronic communications apparatus on land and buildings was the Telecommunications Code in the Telecommunications Act 1984 (amended by the Communications Act 2003). This Telecommunications Code has now been replaced by the new Electronic Communications Code (as part of the Digital Economy Act 2017). The new code means that a broadband operator can now apply for compulsory rights to install apparatus on another person’s property.

It is thought this change to the law will mean that an extra 3,000 (estimated) residential buildings (flats and apartments) per year can now have modern broadband installed.

Rural Challenge

The government still faces a considerable challenge in getting more rural areas connected in order to meet its broadband and mobile network roll-out targets, and there is currently a digital divide between urban and rural areas of the UK.  The government has recently announced, however, that £5bn new funding will be made available to bring gigabit-capable broadband to harder-to-reach, rural parts of the UK as well as a change in planning rules to help the roll-out of 5G.

What Does This Mean For Your Business?

Now that operators don’t have to wait for responses from landlords, this could make the chance of the government meeting its broadband targets a little more likely and could help boost the economy.

Broadband is an essential service for business and despite this positive change in the law, many UK business owners still know that broadband services in the UK can sometimes be patchy and often expensive, while ‘Which?’ research shows that the UK ranks only 31st in the world for average broadband speeds. Those businesses in rural areas are also finding themselves facing the challenge of a growing digital divide between rural and urban that is adversely affecting their competitiveness.

Even with this change in the law, being able to meet the target of national full-fibre coverage by 2025 is a big ask and it is estimated that the UK may only have 7% full-fibre coverage by 2020.

Digital ‘Pressure’ For Accountants

A report by IT company Prism Solutions has highlighted how traditional accountancy firms are having to change rapidly to meet challenges such as Cloud computing, GDPR and HMRC pressing quickly ahead with ‘Making Tax Digital’ (MTD).

MTD

According to the report, the whole accountancy profession is now on the verge of an evolutionary change and accountancy firms will need to develop into digital practices in order to compete and survive.

One of the key change drivers and challenges for accountancy firms is HMRC’s ongoing ‘Making Tax Digital’(MTD) initiative which has been designed to eradicate paper from the tax filing process and to make the UK tax system more effective, efficient and easier for taxpayers to use.

The fact that an estimated 1.2 million businesses are subject to the MTD VAT rules (for VAT periods starting on or after 1 April 2019 or 1 October 2019 for organisations which are more complex), must now keep VAT records in a digital format and submit their VAT returns to HMRC using MTD compatible software (yet can’t do so using HMRC’s website) means that they are turning to accountancy firms to submit the returns on their behalf.  This leaves accountancy firms with new challenges such as having to adapt quickly to a different type of interaction with their clients who are looking for accountants to be experts on the digital process and to provide instant service and issue resolution. Accountancy firms are also facing possible problems if HMRC doesn’t do enough to communicate MTD to relevant businesses.

Always On

The Prism Solutions report highlights how accountancy clients now expect technology to be ‘always on’ 24/7 and that the ability of an accountancy firms’ productivity to be able to connect with their clients in real-time, and offer access to real-time data that’s always on is an important way in which they can deliver an exceptional client experience.

Other Challenges

The Prism report also notes that, just as Cloud computing, GDPR, and MTD are already having an impact on accountancy, other emerging challenges to the profession include the development of AI technologies, blockchain and crypto-currencies.

What Does This Mean For Your Business?

Having to digitise accounts is providing challenges to both businesses and accountancy firms and looks set to change aspects of the relationship between the two.  Accountancy firms are realising that embracing all forms of ‘digital’ is a key enabler to enhancing productivity, and that becoming part of the digital revolution with their clients will enable them to not just offer a better service, but also to grow as they take advantage of new revenue-generating opportunities and position themselves as the go-to adviser for their clients.

As well as expecting ‘always-on’ service and digital expertise from accountancy firms, business customers will still want to use their accountants as a source of business advice for business planning, strategy, and market development (for example), and getting better at using digitisation to do this could be another way in which accountants could keep delivering value to businesses.

Tech Tip – Telegram

Telegram describes itself as the fastest messaging app on the market, and uses a unique, distributed network of data centres around the globe so that’s it’s not only a simple, fast, secure messaging service that’s synced across all your devices, but also has added features and an ease of operation that many prefer to WhatsApp.

Everything on Telegram (chats, groups, media, etc.) is encrypted using a combination of 256-bit symmetric AES encryption.  Also, the app has a clean interface, there are no adverts, and Telegram offers powerful photo and video editing tools.

Telegram is available on the Google Play Store and Apple’s App Store.

Microsoft’s Phone App Challenge to iMessage and FaceTime

Reports from online tech commentators indicate that Microsoft will soon be enhancing its Your Phone app with the ability to make phone calls from a desktop PC, thereby making the app a serious challenger to Apple’s iMessage and FaceTime.

The Your Phone App

Microsoft’s Your Phone desktop App connects your phone to your PC thereby giving you access to your phone’s notifications, photos and texts while working on your PC. Giving the desktop Phone App the details of your phone (Android or Apple, phone number) means that you receive a download link to the ‘Phone Companion’ via SMS text.

Installing the Phone Companion on your mobile enables you to sync your phone with your PC e.g. an Android phone with Windows 10 PC.  This gives instant access to your phone on your PC so that you can reply to texts at your PC and instantly receive photos on your PC that have been taken on the phone.

Making Calls – Challenging Apple’s iCloud Integrations

The addition of being able to dial a number, search your phone contacts and make a call directly from your PC is an important enhancement that could make Microsoft’s Your Phone desktop App a serious challenger to Apple’s iCloud integrations on macOS.

Apple Mac users can currently use these to send messages from their desktop using iMessage and can also make voice and video calls using FaceTime.

‘Use Phone’ Button

The enhanced Your Phone App from Microsoft will include a ‘Use Phone’ button that can send a call back from the PC (microphone and speakers) to the handset,  thereby enabling more privacy and/or shutting out any distracting background noise e.g. keyboard noises and noises from home working.

Who?

A full-feature Your Phone App would most likely be of maximum value to those workers who need to be in front of the desktop for long periods of time with minimal distractions although, arguably, messages and notifications popping up on the screen could be less easy to ignore than if they’d been quietly arriving on the phone in corner.

The Your Phone app could also be of use to workers in a situation where too much obvious interaction with their handset in the workplace is frowned upon and where visual monitoring and supervision is particularly intense.

What Does This Mean For Your Business?

For Microsoft, this improvement to the Your Phone desktop App, which has been around for some time, gives it much greater potential value to users and gives Microsoft another way to seriously compete with its rival Apple.

For any business users who are typically tied to the PC for most of the time the ability to handle all phone matters on the desktop adds value in terms of convenience, possible time savings, and fewer distractions.

Tech Tip – WiFiAnalyzer

If you’d like to optimise your Wi-Fi signal by being able to quickly analyse Wi-Fi networks directly from your Android device, measure signal strength and identify crowded channels, Wi-Fi Analyzer may be the app for you.

This open-source, free app, which has no-adverts and claims not to collect any personal information, uses as few permissions as possible to perform the analysis and does not require access to the Internet.

WiFiAnalyzer is available from the Google Play store.