Archive for Mobile

Your Password Can Be Guessed By An App Listening To Your Keystrokes

Researchers from SMU’s (Southern Methodist University) Darwin Deason Institute for Cyber-security have found that the sound waves produced when we type on a computer keyboard can be picked up by a smartphone and a skilled hacker could decipher which keys were struck.

Why?

The research was carried out to test whether the ‘always-on’ sensors in devices such as smartphones could be used to eavesdrop on people who use laptops in public places (if the phones were on the same table as the laptop) e.g. coffee shops and libraries, and whether there was a way to successfully decipher what was being typed from just the acoustic signals.

Where?

The experiment took place in a simulated noisy Conference Room at SMU where the researchers arranged several people, talking to each other and taking notes on a laptop. As many as eight mobile phones were placed on the same table as the laptops or computers, anywhere from three inches to several feet away. The study participants were not given scripts of what to say when talking, could use shorthand or full sentences when typing and could either correct typewritten errors or leave them.

What Happened?

Eric C. Larson, one of the two lead authors and an assistant professor in SMU Lyle School’s Department of Computer Science reported that the researchers were able to pick up what people were typing at an amazing 41 per cent word accuracy rate and that that this could probably be extended above 41 per cent if what researchers figured out what the top 10 words might be.

Sensors In Smart Phones

The researchers highlighted the fact that there are several sensors in smartphones that are used for orientation and although some require permission to be switched on, some are always on.  It was the sensors that were always switched on that the researchers were able to develop a specialised app for which could process the sensor output and, therefore, predict the key that was pressed by a typist.

What Does This Mean For Your Business?

Most of us may be aware of the dangers of using public Wi-Fi and how to take precautions such as using a VPN.  It is much less well-known, however, that smartphones have sensors that are always on and could potentially be used (with a special app) to eavesdrop.

Mobile device manufacturers may want to take note of this research and how their products may need to be modified to prevent this kind of hack.

Also, users of laptops may wish to consider the benefits of using a password manager for auto-filling instead of typing in passwords and potentially giving those passwords away.

Robot Tuck Shops About To Hit U.S. College Campuses

San Francisco-based start-up, Starship Technologies, has announced that it will be putting food delivery robots that respond to phone app orders on 100 U.S. university campuses in the next 24 months.

The Bots

It has been reported that 25 to 50 of the (23Kg battery-powered, six-wheeled) Starship bots will be let loose on each campus, with the ability to roam around seven days a week, from 8 am to 2 am. The self-driving bots drive at 4 mph and use 10 cameras, radar, ultrasound sensors, GPS, computer vision and neural networks to process what they see in order to negotiate their way safely around a 4 km radius.

The bot’s cargo bay is mechanically locked during the journey and can only be opened by the customer with their smartphone app. The location of the robots is tracked, so that customer knows the exact location of their order and receives a notification at the time of arrival.

Food

The college campus robots will be delivering breakfast, snacks, and a variety of other food to students on campus.  Also, the app can take orders from local restaurants which the Starship bots will deliver to students on the campus for $1.99 per shipment, with Starship getting paid by the restaurant for making each delivery.

Benefits

The obvious benefits of the food delivery robots are that they can work whatever hours they are required all year round with no pay, no holiday and no need for breaks. Also, the Starship bots have an advantage over other local delivery services because the bots are small, manoeuvrable, know their way around the expansive campuses (thanks to pre-loaded, 3D maps), there are several bots working on one site, and they won’t need to be subject to any authorisation checks for being there.

Bigger Goals

Starship has bigger plans for the bots and is reported to have the goal of getting the bots onto college campuses across the US serving 1 million students.

Starship has also started a package delivery service in neighbourhoods and parts deliveries on business and industrial campuses using the bots.

What Does This Mean For Your Business?

Amazon has been making the news over the past couple of years with its delivery drones and ‘Scout’ delivery robots, and the well-funded start-up Starship ($40 million in new funding) has shown how it has been able to move quickly into a niche and join the growing delivery robot/drone industry.  For the robot and drone operating companies (Amazon, UPS, Google, Starship) these bots offer a way to reduce costs, avoid road congestion problems, avoid labour problems, and potentially deliver 24 hours a day all year round.  Users of bot and drone services can expect convenience, greater control over orders, and the novelty and fun of the delivery experience.

The benefits of drones and robots, however, may come at the expense of jobs, more of which are being taken away by the advance of technology-fuelled automation across many industries.

Apple Launches ‘Apple Card’

Apple has launched its ‘Apple Card’ in the US in partnership with Goldman Sachs and with processing by Mastercard.

Card

The Apple Card can now be applied for by customers in the US through the Wallet app on iPhone (iPhone 6 and later).  The physical laser-etched card, which is made of titanium and has a typically clean Apple design has no card number, no CVV security code, and no expiration date or signature on it.  Although you can buy using the card, the real Apple Card product is incorporated in the Wallet on the customer’s iPhone and works through Apple Pay. Apple says that the card can be used to make purchases in stores, in apps and on websites.

Advantages

Apple says that the Apple Card is built on simplicity, transparency and privacy and that it completely rethinks everything about the credit card. The main advantages of the Apple Card are:

  • There are no fees.
  • It gives instant cashback on purchases.  When you buy something on the Apple Card, you receive a percentage of your purchase back in Daily Cash every day, there’s no limit to how much you can get, and that cash goes right onto the Apple card it can be used it just like cash. Apple says that customers will get 2 per cent Daily Cash every time they use Apple Card with Apple Pay, and 3 per cent Daily Cash on all purchases made directly with Apple, including at Apple Stores, apple.com, the App Store, the iTunes Store and for Apple services.
  • It is secure.  There are no numbers on the card itself and using Apple Card through the iPhone means that it is covered by all the usual Apple Pay security features e.g. Face ID, Touch ID, unique transaction codes.
  • It offers much greater privacy.  Apple says that it doesn’t store the details of where you shop, what you bought, or how much you paid, and Goldman Sachs will not sell or share your spending data to any third-party. Also, Mastercard simply processes payments between parties on the global network.
  • The Apple Card shows you how to pay less interest.  For example, the Apple Card shows you a range of payment options and calculates the interest cost on different payment amounts in real-time.
  • The card can help you make more informed purchase choices.  For example, everything you buy gets a category (food, entertainment, shopping) and a colour-coded chart displays how much you’ve pending on each category.

Small Print Warning

This may all sound wonderful but some commentators have warned that when you sign up for the Apple Card you sign up to the standard agreement offered by Goldman Sachs.  Within this agreement is an arbitration clause that essentially means that you waive the right to make any claims, participate in a class action, or be heard in a court at trial for anything related to the agreement.

It is, however, possible to opt-out of the Goldman Sachs arbitration clause within 90 days after opening the account by contacting the company using messages, calling a toll-free number, or writing to a Philadelphia P.O. Box (Apple Card gives full instructions).

What Does This Mean For Your Business?

For other banks and credit companies that are still using traditional cards, this may represent a threat, as Apple, a trusted and globally known brand is offering something that appears to be more convenient, more secure, and has obvious instant cashback perks.

For Apple, this venture is a way that it can offer value and generate even deeper loyalty with and become more attached to the lives of its customers. This creates another important competitive advantage for the tech giant and allows it to gain a deeper understanding of its customers and their habits (even though it says it won’t share any information about those habits).

This also represents an opportunity for Apple to diversify at a time when its iPhone sales have been a bit flat and move towards the provision of services as well as hardware.

Tech Tip – Gallery Go

If you’ve been looking for a good gallery app for Android, Google has created an offline and compact, lite version of Google Photos that is uncluttered and easy to use.

The Gallery Go app works offline, so it doesn’t sync to a Google account (like Google Photos), but it only has two tabs at the bottom for pictures and folders, useful search tabs at the top, and very a user-friendly layout.

Gallery Go enables easy copying and moving photos between folders, you can create new folders, and it supports SD card.  The app also has automatic organisation so that each night, Gallery Go will automatically organise your photos to group by: People, Selfies, Nature, Animals, Documents, Videos and Movies.

Gallery Go is available from the Google Play Store.

$1 Million Bounty For Finding iPhone Security Flaws

Apple Inc recently announced at the annual Black Hat security conference in Las Vegas that it is offering security researchers rewards of up to $1 million if they can detect security flaws its iPhones.

Change

This move marks a change in Apple’s bug bounty programme.  Previously, for example, the highest sum offered by Apple was $200,000, and the bounties had only been offered to selected researchers.

The hope appears to be that widening the pool of researchers and offering a much bigger reward could maximise security for Apple mobile devices and protect them from the risk of governments breaking into them.

State-Sponsored Threats

In recent times, state-sponsored interference in the affairs of other countries has become more commonplace with dissidents, journalists and human rights advocates being targeted, and some private companies such as Israel’s NSO Group are even reported to have been selling hacking capabilities to governments. These kinds of threats are thought to be part of the motivation for Apple’s shift in its bug bounty position.

Big Prizes

The $1 million prize appears likely to only apply to remote access to the iPhone kernel without any action from the phone’s user, although it has been reported that government contractors and brokers have paid as much as $2 million for hacking techniques that can obtain information from devices.

Apple is also reported to be making things easier for researchers by offering a modified phone with some security measures disabled.

Updates

If flaws are found in Apple mobile devices by researchers, the plan appears to be that Apple will patch the holes using software updates.

Bug Bounties Not New

Many technology companies offer the promise of monetary rewards and permission to researchers and ethical (white hat) hackers / ethical security testers to penetrate their computer system, network or computing resource in order to find (and fix) security vulnerabilities before real hackers have the opportunity use those vulnerabilities as a way in.  Also, companies like HackerOne offers guidance as to the amounts to set as bug bounties e.g. anywhere from $150 to $1000 for low severity vulnerabilities, and anywhere from $2000 to $10,000 for critical severity vulnerabilities.

Examples of bug bounty schemes run by big tech companies include Google’s ongoing VRB program which offers varying rewards ranging from $100 to $31,337 and Facebook’s white hat program (running since 2011) offering a minimum reward of $500 with over $1 million paid out so far.

What Does This Mean For Your Business?

With the growing number of security threats, a greater reliance on mobile devices, more remote working via mobile devices, mobile security is a very important issue for businesses. A tech company such as Apple offering bigger bug bounties to a wider pool of security researchers could be well worth it when you consider the damage that is done to companies and the reputation of their products and services when a breach or a hack takes place, particularly if it involves a vulnerability that may be common to all models of a certain device.

Apple has made the news more than once in recent times due to faults and flaws in its products e.g. after a bug in group-calling of its FaceTime video-calling feature was found to allow eavesdropping of a call’s recipient to take place prior to the call being taken, and when it had to offer repairs/replacements for problems relating to screen touch issues on the iPhone X and data loss and storage drive failures in 13-inch MacBook Pro computers. Apple also made the news in May this year after it had to recall two different types of plug adapter because of a possible risk of electric shock.

This bug bounty announcement by Apple, therefore, is a proactive way that it can make some positive headlines and may help the company to stay ahead of the evolving risks in the mobile market, particularly at a time when the US President has focused on possible security flaws in the hardware of Apple’s big Chinese rival Huawei.

If the bug bounties lead to better security for Apple products, this can only be good news for businesses.

Goodbye Skype for Business, Hello Teams

Microsoft has announced that Skype for Business Online will be giving way to ‘Teams’, with support for Skype for Business already ended on 31 July 2021, and all new Microsoft 365 customers due to get Microsoft Teams by default from 1 September 2019.

What Is Teams?

Introduced back in November 2016, ‘Teams’ is a platform designed to help collaborative working and combines features such as workplace chat, meetings, notes, and attachments. Described by Microsoft as a “complete chat and online meetings solution”, it normally integrates with the company’s Office 365 subscription office productivity suite, and Teams is widely considered to be Microsoft’s answer to ‘Slack’.

Slack is a popular, multi-channel collaborative working hub that offers chat channels with companies and businesses you regularly work with, direct voice or video calls and screen-sharing, integrated drag-and-drop file sharing, and an App Directory with over 1,500 apps that can be integrated into Slack.

Back in July 2018, Microsoft introduced a free, basic features version of Teams which did not require an Office 365 account, in order to increase user numbers and tempt users away from Slack.

According to Microsoft figures announced in July, Teams now has 13 million users which are more than Slack’s 10 million users.  Microsoft is keen to promote Teams as a new communications tool rather than just an upgrade to Skype for Business.

End of Skype For Business
Microsoft originally announced at the end of 2017 that Teams was set to replace Skype for Business as Microsoft’s primary client for intelligent communications in Office 365.

With this in mind, Microsoft ended support for Skype for Business at the end of July, will be giving all new 365 customers Teams by default from 1 September and has said that current Skype for Business Online customers won’t notice any change in service in the meantime.

Migration and Interoperability

Microsoft has announced investment and interoperability that will ensure a painless migration to Teams for Skype for Business Online.  For example, from the first quarter of 2020 customers on both platforms will be able to communicate via calls and text chats, DynamicE911 will work in Teams, and Teams also includes contact centre integration and compliance recording solutions.

What Does This Mean For Your Business?

Microsoft is succeeding in challenging and overtaking its competitor Slack in the business collaborative working communications tools market.  Brand reach and power coupled with a free version, and now compulsory migration for existing and default for new users has seen Teams reach the point where, as planned by Microsoft more than two years ago, it can ably replace Skype for Business.

It appears that Microsoft is making efforts and investing to ensure that the migration is as smooth for (and attractive to) existing Skype business customers as possible and that the voice and video capabilities, cognitive and data services and insights that Teams offers should add value that could translate into advantages and extra efficiencies for users.

Tech Tip – Bouncer App

If you’re concerned about privacy on your phone, and if you’d like to stop power-hungry apps from abusing their permissions by running processor-heavy tasks in the background the ‘Bouncer’ app enables you to grant permissions for applications temporarily.

With the Bouncer app, you can grant permissions for apps for a temporary period and once permission is granted, the Bouncer app will automatically remove that permission either when you exit the app in question or when a certain amount of time has passed.

The Bouncer app is available (Beta) on the Google Play Store.

Vulnerability in Contactless Card Allows Bypassing of £30 Limit

Researchers from security company Positive Technologies have reported found a vulnerability in Visa contactless cards that could lead to your bank account being drained if your card fell into the wrong hands.

Device

The researchers developed a ‘skimming’ device which was able to intercept communications between a contactless card and payment terminal, thereby allowing the £30 spending limit per transaction to be bypassed without requiring the entry of a PIN number. The device was found to work with cards from five different UK banks. It has been reported that the hack would also work on cards and terminals outside the UK.

The device developed by the researchers, tells the card that verification is not required, even if the payment amount is greater than £30, and the device tells the terminal that verification has already been made, thereby allowing the user to potentially make purchases to an amount that could drain the victim’s bank account.

Visa

Visa is reported to have urged consumers to continue using their cards with confidence because the threat is not really scalable due to it coming from a device that has been made by researchers that is highly unlikely to be in real use anywhere by criminals at this point. Visa is also reported to have noted that although security threats are taken seriously, research tests of this kind have proven impractical for fraudsters to use in the real world, and Visa’s multi-layered security approach has kept rates at less than one-tenth of one per cent.

Contactless Fraud

Despite Visa’s views on this research, contactless fraud levels appear to be rising with (UK Finance figures) fraud on contactless cards and devices reported to have increased from £6.7 million in 2016 to £14 million in 2017, and with nearly £8.5 million was lost to contactless fraud in the first half of last year.

What Does This Mean For Your Business?

Even though this vulnerability was exploited by researchers who had developed a device and system that fraudsters are not known to be using, it still highlights the fact that it is possible to get around contactless card security and that Visa doesn’t appear to be asking issuers and acquirers to have any checks in place that could block payments without presenting the minimum verification.  Also, any of the random checks that terminals do carry out currently have to be set by the merchant. If fraudsters could get their hands on a similar device, banks and their customers could face damaging losses.

Some security commentators believe that bearing in mind the apparent rise in contactless fraud, issuing banks should also take more responsibility for security by adding their own security measures rather than simply relying on Visa’s protocol.

5G At No Extra Cost Says Three

Mobile operator Three has announced that new and existing customers with compatible handsets will be able to get 5G at no extra cost(s) when its 5G service is launched later this year.

5G Offer

Three says that when its 5G service goes live later this year, starting with 25 UK towns and cities, it will be able to offer unlimited data with no limit on speed for the same price it currently charges for its 4G tariffs (£22 per month). As well as offering 5G to existing customers at no extra costs Three will offer will include 5G as standard for new contracts.

Price War

In what looks likely to be an initial price war, Three’s price and unlimited data speed appears to stand up quite well against competition from Vodafone’s Sim-only tariff (£23 a month with a 2 Mbps limit, and £30 a month full-speed 5G), and EE’s sim-only 5G at £32 a month with a 20GB data download cap.

Criticised By Ofcom

Three has, however, recently been criticised by the regulator Ofcom over its practice of not automatically cutting its customers’ monthly charge at the end of their contract’s lock-in period.  According to Ofcom, this means that subscribers will effectively be overpaying rather than getting a great new deal unless they proactively change to another deal.

Three’s Advantage

Three has an advantage over its 3 big UK operator competitors because Three holds more “blocks” of 5G spectrum (3.4 to 3.8GHz band) than each of them, thereby getting potential speed, capacity, and performance benefits.  This apparently uneven split of the major blocks of the available 5G spectrum among the big operators is one of the issues that has been criticised recently by Telefónica UK boss Mark Evans.

Consultation

Mr Evans has called for a more balanced approach by Ofcom in order to help the sector to invest and meet the UK’s digital connectivity demands. In addition to criticising the uneven split of 5G spectrum, Mr Evans has also pointed out that other countries have already acted to reduce spectrum defragmentation whereas operators in the UK are still awaiting the results of the consultation.

Health Concerns

One other challenge that mobile operators face in the introduction of 5G is concern over possible health risks. 5G uses higher frequency (electromagnetic radiation) radio waves than earlier mobile networks so that more devices can access the internet at the same time with faster speeds. Part of the permitted 5G spectrum actually falls within the microwave band. These higher frequency waves (mmWave high-frequency spectrum), however, travel relatively short distances.  This means that, in order to achieve the right levels of speed and connectivity in urban areas, more transmitter masts closer to the ground will be needed.  This has led to concerns that 5G frequencies may have the potential to damage DNA and increase the risk of cancer.

What Does This Mean For Your Business?

5G represents a great opportunity for business.  Its increased speed and lower latency allow the downloading of films and games in seconds and watching them without any buffering, and this kind of speed will allow all kinds of new opportunities for presentation media e.g. in advertising, on social media and on websites.

Many different types of businesses could benefit from improved connectivity with remote workers or with salespeople in remote areas.

Also, the news from an O2 forecast is that 5G could deliver time savings that could bring £6 billion a year in productivity savings in the UK and that 5G-enabled tools and smart items could save UK householders £450 a year in food, council and fuel bills.

Safety, however, is a major concern for all businesses, but even though 5G will use a higher frequency, there is no compelling evidence to date to show that it would pose new health risks to users.  In the UK, it will be some time before 5G networks are up and running to any significant level, and this means that there should be time for research to be conducted in areas where 5G use is at a more advanced stage.

For UK industry mobile operators, there is also an issue still to sort out over the fragmentation of spectrum blocks and how this will affect the market, competitors, customers, and 5G connectivity across the country.  The results of the consultation may provide some guidance and help.

Tech Tip – Note-Taking Apps

There are often situations in business where it helps to take notes and keep them in a handy, tidy and easy to access place.  Google Keep and Apple Notes provide users with easy note-taking on the go.

Google Keep is a Web-based note-taking app for your computer or Android and iOS phone. It has a variety of tools for note-taking including texts, list, images, and reminders. Everything you add to Keep syncs across your devices (your phone, tablet and computer) so you’ve always got your important information to hand.  Google Keep – Notes and Lists are available from the Google Play Store and Apple’s App Store.

Apple Notes for iOS and macOS operating systems also offers helpful note-taking tools including text, video, images, scanning, note search and information from other apps.  Your (latest version) iPhone, iPad, or iPod touch should have Notes, and to use its latest features, make sure that you set up Notes with iCloud or have notes saved on your device.