Archive for Hardware

Fingerprint Bank Card

RBS is reportedly about to hold trials of a new, more secure biometric bank card where customers can use their fingerprint instead of a PIN to verify purchases.

April

The trial, which will involve some 200 RBS and NatWest UK-based customers, is due to begin in April this year and will and last for three months. Although this is the first time this kind of advanced card technology has been trialled in the UK, a similar trial has already taken place in Cyprus.

Partners

RBS is working on the biometric fingerprint-verified card project in partnership with digital security company Gemalto, Visa, and Mastercard.

Advantages

The advantages of a biometric card of this kind include improved security, speed and convenience for customers with no need to worry (as with contactless) about the £30 limit because the biometric card will be able to verify payments of larger amounts.

Already Used For RBS App

RBS already offer their customers a mobile banking app that uses fingerprint log-in on iPhone, iPad or Android.

Fingerprint Sensor On The Card

Gemalto, one of the partners in the new RBS project explains that the fingerprint card works by using a fingerprint sensor on the card body.  When paying, a customer places the card next to the POS terminal (as with contactless) and places their finger on this part of the card.  This securely authenticates their fingerprint and enables the transaction to go through without the need for a PIN.  Gemalto says that the user’s biometric data never leaves the card, so is kept secure.

Enrolment

In order to activate and start using such a card, customers would have to record their fingerprint with an enrolment procedure.  This is likely to be possible from home a self-enrolment sleeve shipped with the card with activation which is then completed at the first transaction at the POS, or by going to a go bank branch and using a secure enrolment tablet or kiosk.

Own Research

Gemalto’s own research has found that 54% of UK cardholders who have evaluated the information about the card would get one today if it were available from their bank, and 82% said it would become their preferred payment card.

Security Concerns

Although biometrics are preferred over password verification systems in terms of security, there is still concern about where a person’s biometric data is stored, and how securely that data is stored.  Also, biometric voice-activated systems have already shown themselves to be vulnerable.  For example, back in May 2017, a BBC Click reporter was able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own.

What Does This Mean For Your Business?

Biometric authentication and verification systems appear to be much more secure than password and PIN systems, which is why banks and credit companies are already adopting and using them.  The popularity of contactless cards with businesses and users is clear, and introducing a more secure authentication method e.g. fingerprint, is a way of getting customers to feel more comfortable with spending over £30 amounts with a quick, contactless system.  This could bring benefits to a wider range of businesses, and contactless has mainly favoured those retail businesses with typically lower value transactions.

Many people are already getting used to mobile apps that use biometric authentication, so a card that uses a similar idea is not a big step, plus the unique nature of fingerprints would make card fraud less likely, which should please the banks and users.

Other types of biometric systems e.g. voice activated systems have run into problems and some opposition (e.g. privacy groups) challenging the lawfulness of HMRC’s Voice ID system which has collected and stored more than 7 million “audio signatures”.

This new type of fingerprint card is still awaiting its trial in the UK, but the signs are that it looks like it could be an acceptable next step for bank customers who want to use a more secure contactless card system that works for everything.

New 1TeraByte (Yes, TeraByte) MicroSD Cards Launched

Both Micron and Western Digital’s SanDisk brand have announced at the Mobile World Congress that they are launching the first 1TB microSD cards.

A First

Up until now, companies haven’t been able to produce anything above 128GB, so the jump to a 1TB capacity card is a big jump that could mean less reliance on the Cloud for storage, and better performance from smartphones and other devices.

Micron

Micron Technology, Inc., the US global corporation based in Idaho has announced the launch of the c200 1TB microSDXC UHS-I card, an innovative removable MicroSD Card that boats a terabyte of A2 grade storage with V30 certification.  This should mean that although it can seriously ramp-up the performance of a smartphone, it could suitable for any number of devices and gadgets.  The new card uses an (up to) 100MB/s read-write rate, which means that it can support and can store up to 40 hours of 4K HDR video, thousands of 40MP+ photos, and mobile.

Micron reports that the new card leverages 96-layer 3D quad-level cell (QLC) NAND technology, thereby providing cost-effective storage for consumer electronic devices.

The Micron website says that the new c200 1TB microSD card “gives consumers the freedom to capture, share, store and enjoy more content while supporting their mobile-centric lifestyles.”

When For Micron?

Micron can only say that the new MicroSD should be broadly available, sometime in Q2 2019.

SanDisk

Western Digital’s SanDisk Extreme “microSDXC™ UHS-I” MicroSD card is available in both 512GB and 1TB capacities, and can reach speeds up to 160mb/s with A2/V30.  It can be used in Android™ smartphones, action cameras and drones, and offers supports 4K UHD video recording, full HD video and high-resolution photos.

Also A2 rated, the card reads up to a reported 160MB/s, and writes up to 90MB/s, thereby providing fast app performance on smartphones.  Its fast read speeds should mean that users can save a lot of time e.g.when transferring high-resolution photos and video.

When For Sandisk?

Reports indicate that it will not be available until April, and as a guide, expect a price tag of $449.99 for the 1TB version, and $199.99 for the 512GB version.

What Does This Mean For Your Business?

The huge storage capacity and the speed of these new cards is, of course, good news in terms of versatility and flexibility, saving time, and requiring less reliance on moving and storing everything in the cloud. A card like this is, however, likely to set you back around £375 but you may decide that this is a price worth paying for the extra capacity, speed and convenience.

Although these two new cards are A2 standard, so are suitable for running applications, most microSD cards are slower in practice than stated in the tech spec, and most devices don’t try to run applications from SD cards.  Also, being removable cards, they can still be lost or stolen, and could, therefore, be a security/data security risk depending on what you have stored on them, not to mention the expense of having to buy another one. You may decide that a fast, standard microSD card is still good enough, and you’re prepared to still rely upon secure cloud storage for most things.

It is also worth remembering that a new, super-fast SD Express standard, part of the wider SD 7.1 strategy, could soon be introduced, and could deliver read speeds of up to 985MB/s (if there were products that lived up to the standard).

Discovery of Microphone in Google’s Nest Guard Prompts Backlash

The discovery of a microphone in Google’s Nest Guard product that was not listed in tech spec has been put down to an erroneous omission by Google, but it has also caused a backlash that escalated to the US Congress.

What Happened?

One of Google’s products is the Nest Secure product which is a home security system that operates using a phone app, alarm, keypad, and motion sensor with Google Assistant built in (which is the main hub), Nest Detect Sensors for doors and windows, and a tag which the homeowner taps on the main hub when they enter the house to disarm the system. Earlier this month, the addition of Google’s digital assistant to the product led to the surprise discovery that the main hub unit has always had a microphone installed in it, but the microphone was not mentioned on the technical specifications for the product.

The discovery of what appeared to be a “secret” microphone has, therefore, prompted anger and discussion among privacy and security advocates and commentators, concern from consumers, bad publicity for Google, and calls for action by a Senator, a Congressman, and many others.

Google Says 

Google’s response to the discovery was simply to apologise for what was an “error” and oversight on its part for not listing the microphone in the tech spec for the system, and to stress that the microphone was not intended to be ‘secret’ and had not been used until the addition of the Google Assistant.

It has also been reported that Google has said that one of the reasons for the microphone’s inclusion had originally been to allow future functionality, for example, to detect breaking glass in the home.

Criticism

Google has faced anger and criticism from many different angles over the discovery of the microphone including:

  • Maryland Congressman John Delaney calling for privacy legislation to now be applied to a broad range of tech products.  Mr Delaney also proposed that electronic tech products should have labelling on them like that on food products, so consumers can be quickly and easily alerted to any privacy and security implications.
  • Virginia Senator Mark Warner, chairman of the Senate Intelligence Committee, calling for hearings with federal agencies and the U.S. Congress about the digital economy, and the smart home ecosystem.
  • The Electronic Privacy Information Center (EPIC) calling on the Federal Trade Commission (FTC) to request via an enforcement action, that Google divests of its Nest hardware products, and that Google disgorges any data that it may wrongfully have obtained from Nest customers.

What Does This Mean For Your Business?

Smart electronic products and devices are now in homes and businesses everywhere, but consumers and business owners should have the right to be clearly informed about the security and privacy implications of those products so that they can make an informed choice about whether to buy and operate them.

As some commentators have noted, the arguments that it’s easier to ask for forgiveness than seek permission or that ‘it’s in the fine print’, shouldn’t be acceptable privacy policies from tech companies.  The idea of food packaging-style labelling on smart tech products to help inform about security and privacy implications may not be a bad one, and if the tech industry can’t regulate itself on this matter then more legislation to protect consumers and businesses seems likely.

This is a damaging story in terms of trust and reputation for Google, particularly in the US where the story has been given greater prominence and may cause consumers to think twice about the kinds of smart products that they let into their homes and businesses.

Scooter Hack Threat

An investigation by researchers at Zimperium® found a security flaw in the Xiaomi M365 electric scooter (the same model that is used by ridesharing companies) which could allow hackers to take control of the scooter’s acceleration and braking.

Xiaomi M365

The Xiaomi M365 is a folding, lightweight, stand-on ‘smart’ scooter with an electric motor that retails online for around £300 to £400. It is battery-powered, with a maximum speed of 15 mph, and features a “Smart App” that can track a user’s cycling habits, and riding speed, as well as the battery life, and more.

What Security Flaw?

The security flaw identified by the Zimperium® researchers is that the ‘smart’ scooter has a Bluetooth connection so that users can interact with the scooter’s features e.g. its Anti-Theft System or to update the scooter’s firmware, via an app. Each scooter is protected by a password, but the researchers discovered that the password is only needed for validation and authentication by the app, but commands can still be executed to the actual scooter without the password.

The researchers found that they could use the Bluetooth connection as a way in.  Using this kind of hack, it is estimated that an attacker only needs to be within 100 meters of the scooter to be able to launch a denial-of-service attack via Bluetooth which could enable them to install malicious firmware.  This firmware could be used by the attacker to take control of the scooter’s acceleration and braking capacities. This could mean that the rider could be in danger if an attacker chose to suddenly and remotely cause the scooter to brake or accelerate without warning.  Also, the researchers found that they could use this kind of attack to lock a scooter by using its anti-theft feature without authentication or the user’s consent.

Told The Company

The researchers made a video of their findings as proof, contacted Xiaomi and informed the company about the nature of the security flaw. It has been reported that Xiaomi confirmed that it is a known issue internally, but that no announcement has been made yet about a fix.  The researchers at Zimperium® have stated online that the scooter’s security can’t be fixed by the user and still needs to be updated by Xiaomi or any 3rd parties they work with.

Suggestion From The Researchers

The researchers have suggested that, in the absence of a fix to date, users can stop attackers from connecting to the scooter remotely by using Xiaomi’s app from their mobile before riding and connecting to the scooter.  Once the user’s mobile is connected and kept connected to the scooter an attacker can’t remotely flash malicious firmware or lock the scooter.

What Does This Mean For Your Business?

This is another example of how smart products/IoT products of all kinds can be vulnerable to attack via their Bluetooth or Internet connections, and particularly where there are password issues.  Usually, the risk comes from smart products from the same manufacturer all being given the same default password which the user doesn’t change.  In this case, the password works with the app, but in this case it appears as though the password isn’t being used properly to protect the product itself.

There have been many examples to date of smart products being vulnerable to attack.  For example, back in November 2017, German Telecoms regulator the Federal Network Agency banned the sale of smartwatches to children and asked parents to destroy any that they already have over fears that they could be hacked, and children could be spied-upon.  Also, back in 2016, cyber-criminals were able to take over many thousands of household IoT devices (white goods, CCTV cameras and printers), and use them together as a botnet to launch an online DDoS attack (Mirai) on the DNS service ‘Dyn’ with global consequences i.e. putting Twitter, Spotify, and Reddit temporarily out of action.

Manufacturers of smart products clearly need to take great care in the R&D process to make sure that the online security aspects have been thoroughly examined. Any company deploying IoT devices in any environment should also require the supply chain to provide evidence of adherence to a well-written set of procurement guidelines that relate to specific and measurable criteria.  In the mobile ecosystem and in adjacent industries, for example, the GSMA provides guidelines to help with IoT security.

As buyers of smart products, making sure that we change default passwords, and making sure that we stay up to date with any patches and fixes for smart products can be ways to reduce some of the risks.   Businesses may also want to conduct an audit and risk assessment for known IoT devices that are used in the business.

Kellogg’s Uses Virtual Reality To Sell More Cornflakes

Breakfast cereal manufacturer Kellogg’s has been working with third-party VR companies to help it determine the best way to display its new products in stores.

Who?

Kellogg’s is reported to have been working on a pilot scheme with Accenture and Qualcomm.  Accenture is a Dublin-based global management consulting and professional services firm with a strong digital skill-set, and Qualcomm Inc is a US-based world leader in 3G and next-generation mobile technologies.

What?

The pilot’s aim was to determine the best in-store placement for Kellogg’s new Pop Tart Bites.  This involved the use of Accenture’s Extended Reality (XR) software and Qualcomm’s VR headsets.  This combination gave test subjects an immersive and 360-degree experience of a simulated store environment in which they were able to ‘virtually’ pick products, place items in shopping trolleys and make purchases.

Monitoring

The VR headsets and XR software enabled Kellogg’s to closely and precisely monitor the user’s eye movements.  The analytics meant that this test was also able to yield data such as which new products the test subjects looked at and how long they looked at the products.

New Insights Reveal Surprising Result

Whereas traditional understanding of in-store product placement points towards eye-level (or close to it) as an ideal spot, the new insights that the technology provided in this pilot concluded that positioning the new product on a lower shelf could increase sales of the product by 18%.

Growing Trend

The use of a combination of VR, AR and analytics in retail environments has been a growing trend among big brands in recent times.

Brick-and-mortar retail chains have, however, been criticised for reacting slowly to the introduction of technology that could help them and have found themselves at a disadvantage to online retailers who have been able to use digital technology to hyper-personalise retail experiences for their customers. The brick-and-mortar retailers have also been faced with challenges caused by economic and cultural shifts, e.g. customers moving more towards online shopping.

Change In The Landscape

It’s not just manufacturer brands that are now able to take advantage of the technological change in the landscape to benefit sales.

Retailers now have access to many affordable and relatively easy-to-use AI development tools available, such as those offered by big tech vendors e.g.  Google, Microsoft and Amazon. This means that building an AI system/machine learning system has never been easier.  Retail chains, for example, also have the advantage of having access to massive amounts of data which can be used in a value-adding way with analytics and AI.

What Does This Mean For Your Business?

This story illustrates how the combination of new technologies such as VR, AI and advanced analytics have yielded new insights which could make a greater contribution to sales than more traditional methods.

The portable nature of the technology (and the AI aspect) mean that they are also able to deliver these value-adding insights more quickly and cheaply than before, thereby contributing to faster and more effective product launches and more successful product strategies.  The superior insights gained from combining new technologies such as these mean that it is now possible for business product placement decisions to be made that could positively impact total brand sales, versus only single product sales.

Apple Blames China In Revenue Warning To Investors

On 2nd January, Apple’s CEO, Tim Cook, issued a revenue warning for this quarter to investors, and pointed to challenges in China as being one of the main downward driving forces.

Letter

Bearing in mind that Apple is one of America’s (and the world’s) tech giants, and that it became the world’s first trillion-dollar public company back in August 2018, it has been somewhat of a surprise to hear that its share price has tumbled more than 20% since October, and that the company has now sent a revenue warning letter to its investors revising down its expected earnings for this quarter. In the letter, Mr Cook pointed to the unforeseen “magnitude of the economic deceleration, particularly in Greater China” as one key reason why a previously predicted rise in revenue had now turned into warnings of a fall in revenue.

What’s The Problem?

Tech market analysts and commentators have cited several reasons for Apple’s woes and the link to the Chinese market, including:

  • Apple needs new iPhone sales, but a lack of technological advances in the iPhone since iPhone 8, combined with a hike in the price of iPhones at a time of global economic pressures on consumers have meant a fall in sales.
  • Some competing Android phones may simply be more interesting and offer better value in terms of price / features e.g. Google Pixel, Oppo’s X, OnePlus 6, or the Huawei P20 Pro.
  • Apple relies heavily on phone sales in the Chinese market (Apple makes a massive 20% of its revenue in the Greater China region) but has faced very stiff competition there from the likes of Huawei, Xiaomi, and Oppo with their high value, lower priced phones.
  • Trade war talk and tensions between the U.S. and China have put more downward pressure on Apple phone sales in China.  For example, the detention of a senior Huawei executive caused a patriotism-fuelled backlash against Apple’s phones in China.
  • Apple investors are worried about iPhone sales generally, which have clearly been in decline since the iPhone 8.
  • Apple investors have concerns and questions about how other Apple services will be developed as revenue generators e.g. ApplePay, Apple Music, the App store, plans for television and movies, and goals for competing in the health industry.

What Does This Mean For Your Business?

Apple products and services are known for their quality, reliability, ease of use, and useful features, and many UK businesses / business people will continue to use them. It is difficult to deny, however, that many new Android phone models, such as those from Huawei or Samsung, offer UK buyers great value for money and useful features compared to Apple’s relatively high-priced alternative. This, combined with Apple’s reliance on getting a large part of its revenue in a country (China) where it is facing stiff competition and trade-war pressures are contributing to a challenging time for Apple.

It is, however, worth remembering that Apple is a trillion-dollar tech giant and is better placed than most to weather any storms and find ways to develop new opportunities and revenue streams.

Drone Laws Promised After Airport Chaos

The chaos caused to flights from Gatwick just before Christmas (and latterly, Heathrow) by drone sightings near the airports has prompted Transport Secretary, Chris Grayling, to announce new counter-drone measures to be taken to protect UK airports.

Increased Exclusion Zone

Mr Grayling, speaking in the House of Commons as the government published its response to its consultation on the future of drones in the UK, and in the wake of the three-day shutdown of Gatwick by unauthorised drone activity in December, announced that the UK government would increase drone exclusion zones around airports from 1km to 5km, and further from the ends of runways.

New Technology

Following the three-day Gatwick (1000+ flight cancellations) issue that caused a national outcry, disrupted the travel plans of 140,000 people, and may have cost the airport more than £120 million, it has reported that Gatwick has spent £5m on anti-drone equipment. The equipment, which uses advanced technology, is believed to be of the same level as was originally supplied for the armed forces.

Heathrow (the world’s busiest airport) is also reported to have invested in anti- drone technology, although it appears unlikely that this is fully operational as the north runway was forced to close for an hour on Tuesday 8th January after reports of possible (unconfirmed) drone sightings in the area.

New Laws Too

Part of the anti-drone measures will include new laws that could see drone users who break the rules being fined or jailed, and police being granted new powers e.g. to be able to ‘down’ drones in certain restricted areas.

Also, from November this year, operators of drones weighing between 250g and 20kg will have to register their drones and take an online safety test.

Big Problem

The problems caused by drones are not limited to just a few prominent incidents. In fact, 117 near misses between manned aircraft and drones were recorded up to November in 2018.

Gatwick was also the scene of a near miss with a drone last summer that put 130 lives at risk, and the airport was also closed for around 20 minutes back in 2017 due to drone activity nearby.

Other Countries – Drones Also A Problem

The UK is by no means the only country suffering problems caused by drones being flown near airports / in the path of aircraft.  For example, back in 2017 a remotely piloted drone struck a Skyjet turboprop passenger plane as it made its approach to land at Jean Lesage Airport in Quebec, Canada, flying at a height of about 450 metres / 1,500 feet and at an estimated 3,000 metres from the runway at the airport. Thankfully, only minor damage was caused to the aircraft which was carrying 8 passengers and was able to land safely.

What Does This Mean For Your Business?

Drones are part of a new industry where the technology and products have been developing before the law has had an opportunity to catch up. Drones clearly have many productive, value-adding, and innovative business uses, and they have been tested and tipped for wider use by brands such as Amazon for parcel deliveries. A move towards autonomous vehicles and new transport technologies means that drones currently have a bright future when used responsibly and professionally. The fact that drones are widely and easily available (with minimal restrictions) to individuals as well as companies, as shown by the many aircraft near misses, and the huge disruption and cost of incidents such as the one at Gatwick in December 2018, indicate that most people would now welcome the introduction of regulations and the investment in technology that contribute to public safety. It is important, however, that any new laws take account of the rights of the majority of responsible drone users, and don’t restrict the commercial potential of drones.

Concerns Over Huawei and ZTE Equipment and Software

A statement from the Czech National Cyber and Information Security Agency (NCISA) has warned network operators that using software or hardware made by Chinese telecom equipment suppliers Huawei and ZTE could represent a security threat.

Why?

Huawei, which the world’s biggest producer of telecoms equipment, is based in China, and according to the NCISA, private companies residing in China are required by law to cooperate with intelligence services.  This could mean that the products and services of those companies could, in theory, become part of the Chinese state security systems e.g. Huawei and ZTE could be used for spying on behalf of China.

Global Suspicion & Action

According to the Wall Street Journal, espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting in July this year to try to contain the global growth of Chinese telecom Huawei because of the threat that it could be spying for China.

The US, Australia and New Zealand have barred Huawei Technologies Ltd. as a supplier for fifth-generation networks, and Japan also looks set to ban government purchases of equipment from Huawei and ZTE.

The U.S. government is also reported to have been putting pressure on Deutsche Telekom, the majority owner of T-Mobile US, to stop using Huawei equipment, although the head of Germany’s Federal Office for Information Security (BSI) Arne Schoenbohm is reported to have told German news outlet Der Spiegel that proof is required to substantiate the accusations.

Detained

Meng Wanzhou, the chief financial officer of Huawei, was recently detained in Vancouver at the request of U.S. authorities for violating US sanctions on Iran. The arrest of Meng Wanzhou happened on the same night that President Trump was dining with Chinese President Xi Jinping during the G20 summit in Argentina.  China’s state-run media, and some other commentators have suggested that Meng’s detention appears to be politically or economically motivated.

Response

The response by a Huawei spokesperson to the NCISA warning has been to deny any suggestion that a national security threat is posed by Huawei to the Czech Republic, and to call for NCISA to provide proof of its claims.

What Does This Mean For Your Business?

If the ‘Five-Eyes’ are to be believed, Huawei’s products and network software could have backdoors built-in to them which could, in theory, allow covert surveillance or control, or destruction of phone networks (which are accessible via the internet).  The fear is that those acting for the Chinese state could gain access to the data stored / routed through Huawei devices, telecoms equipment and software, and could even, perhaps, monitor the conversations on mobile phones.

There does, however, appear to be a lack of clear proof for the allegations, and bearing in mind that Huawei is the world’s biggest producer of telecoms equipment, and that its products are popular (this year it overtook Apple in terms of the number of handsets it was shipping worldwide) and that UK stores are still stocking and selling its handsets, the warnings of various governments look unlikely to be heeded for now.  It is worth noting that BT uses Huawei systems as part of its network, but is now is removing Huawei systems from the core of the mobile network EE, which it purchased in 2016.

The advice as part of the recent Czech warning is that system administrators in critical information infrastructure should take ‘adequate measures’ against the threat.  This advice appears a little vague, and until conclusive proof can be produced, many people and businesses will feel that they can decide for themselves what, if any, action to take.

Warnings of Printer Chip-Frying

Swedish YouTube vlogger, PewDiePie, is reported to have inspired some of his 77 million followers to hack 50,000 printers to promote his YouTube channel, and to draw attention to vulnerabilities in their printer firmware that could even be exploited by hackers to ‘fry’ a printer chip.

Messages Sent Through Printers

The vlogger, PewDiePie, primarily wanted to make a point that popular printer firmware has vulnerabilities in it that could leave people open to hacks that could disable and even permanently damage their printer. Also, there is the risk that a printer hack could enable attackers to see and alter potentially sensitive information as it’s printed out.

Thankfully for printer owners, the chosen method of raising awareness by some followers of PewDiePie was to send messages through their printers.  The messages, in this case, asked people to subscribe to PewDiePie’s YouTube channel and asked them to unsubscribe from a rival channel called T-Series.

Could ‘Fry’ The Printer Chip

According to PewDiePie, one of the most alarming risks that people could face thanks to vulnerabilities in the printer firmware is hackers forcing a stream of data to be continuously written by the printer’s chips. Since the chips only have a limited lifespan of ‘writes’, keeping them on such a continuous loop for long enough could overload and ‘fry’ the printer chip, thereby stopping the printer from working altogether.  This would most likely require the victim to purchase a new printer.

Unsubstantiated

Although it has been claimed that followers of PewDiePie have caused 100,000 machines to print out the message, this figure has not been verified, and currently, there is only anecdotal evidence in the form of some Twitter posts from alleged victims in the UK, US, South America, Spain and Australia.  There have, thankfully, been no reports of any printer chips being fried as yet.

Example

One example of how printers can be compromised dates from early 2017 when a hacker named Stackoverflowin was able to take control of more than 150,000 printers manufactured by HP, Brother, Epson, Canon, Lexmark and Minolta, and ordered them to print out a message.

What Does This Mean For Your Business?

This may be a publicity stunt by a YouTube vlogger that is likely to expand the number of his followers, but it appears to have had a serious point about a security vulnerability that could affect your business or home printer. Back in August, for example, it was discovered that hundreds of HP inkjet printer models were in desperate need of firmware patches, and this latest stunt may help to prompt enough questions from printer owners to motivate printer manufacturers to take another look at their firmware, and for printer owners to seek out patches that may already be in existence.

SIM Swap Scam Warning

A recent investigation by BBC TV’s Watchdog Live revealed evidence that some mobile phone shop staff are not conducting proper ID checks for replacement SIM requests, thereby enabling some customers to become victims of SIM swap scams.

What is a SIM Swap Scam?

SIM swap scams are believed to have been in existence for the last four years in one form or another.  In its current form, the SIM swap scan happens when a fraudster goes into a mobile operator’s shop and claims a false identity i.e. the identity of one of that operator’s customers.  The fraudster knows that the person they are claiming to be is a customer of that operator because of personal details that have been stolen in previous malware or cyber-attacks, and those details have been posted or sold on the dark web.

In the shop, while pretending to be that customer, the fraudster claims that their phone has been lost or stolen and asks to be issued with a replacement SIM. Once the fraudster has the replacement SIM, the victim’s SIM no longer works, and the fraudster can then access any online service that requires security codes to be sent to the phone, as well as being able to access any other of the victim’s personal details that are stored on the SIM.

In the past (London 2016), a similar version of the scam worked when fraudsters used an intercepted bank statement from the victim (or information found on social media) to call the person’s mobile operator, pass security checks, and get a blank SIM card.  The fraudsters were then able to access the unique codes sent by the victim’s bank to log into their account and transfer funds.

What Should Happen When Someone Requests a Replacement SIM?

At the moment, mobile operators should conduct i.d. checks for replacement SIMs, but it is not compulsory.  Also, the Watchdog Live investigation revealed that checks for contract customers and Pay As You Go customers may differ.  For example, O2 said that it only asks for photo ID when replacing SIMs on monthly contracts, and that Pay As You Go customers will be sent an authorisation code if someone is trying to access the number.

What Happened in Reality?

In the investigation, which involved the secret filming of Watchdog Live’s own ‘King Con’ former fraudster in multiple EE, O2, Three and Vodafone stores, EE and Three staff conducted all the necessary checks, but Vodafone blamed rogue employees for not doing so.  Also, replacement SIMs were obtained from O2 stores and the authorisation codes that the company says it sends out were not received.

What Does This Mean For Your Business?

It appears that this relatively old fraud is still very much alive and is a reminder of how valuable our personal details can be to criminals. Bearing in mind how serious this fraud can be to the victims, it is shocking that photo ID checks for replacement SIMs are not made to be compulsory for all operators in all situations.  Mobile operators could help themselves and customers by introducing compulsory measures and by making sure through training and in-built systems that all staff conduct satisfactory checks.

It is also worrying that the investigation appears to have revealed a two-tiered security system, with Pay As You Go customers afforded less protection.

In the meantime, one way that we can help ourselves is to regularly check both our phone and bank statements, and if you have a contract with e.g. O2, contact them to confirm that no replacement SIMs have been issued in your name.