Archive for Mobile

Facial Recognition Glasses For Covert Surveillance

The “iFalcon Face Control” AR glasses that incorporate an 8-megapixel camera in the frame and NNTC facial recognition technology (are due to go on sale next year) are reported to have already been deployed into several security operations.

US / Dubai Manufactured

The facial recognition-enabled smart glasses are made by American company Vuzix and use facial recognition algorithms from Dubai-based company NNTC.  It has been reported that the NNTC facial recognition algorithms rank in the top three for accuracy in the US government’s Face Recognition Vendor Test and can detect up to 15 faces per frame per second, thereby enabling them to identify a specific individual in less than a second.

To date, only 50 pairs of the facial recognition-enabled glasses have been produced, all of which have been sold to security and law enforcement and are, according to NNTC, being used as part of security operations in the United Arab Emirates capital Abu Dhabi.

The iFalcon Glasses Won’t Need An Internet Connection

The iFalcon Face Control glasses that are due to go on sale next year will come with a portable base station.  This will mean that they will have a portable connection to a stored a database of targets, thereby giving the user greater mobility as they won’t need an Internet connection for the software to function.

Similar Used In China

Facial recognition glasses have already been used by police forces in China last year in order to keep blacklisted people e.g. certain journalists, political dissidents, and human rights activists away from the annual gathering of China’s National People’s Congress.

Other Deployments

Known use of facial recognition for law enforcement already happens in the US through its incorporation with body cameras and CCTV cameras, and in the UK it has been used in deliberately overt trials and deployments e.g. a two-day trial in Romford, London by the Metropolitan Police in December 2018 using use vehicle-mounted cameras, at the Champions League final at the Millennium Stadium in Cardiff 2017, and at the Notting Hill Carnival in 2016 and 2017.

Criticism and Problems

The use of facial recognition technology at events and trials in the UK has, however, come under fire over several issues including poor levels of accuracy, a lack of transparency in how it is used, the possible infringement of privacy and data security rights e.g. what happens to images, and value for money in terms of deployment costs versus arrests.

This led to ICO head Elizabeth Dunham launching a formal investigation into how police forces use facial recognition technology (FRT) in the UK.

Data security and privacy are such thorny subjects for agencies, organisations and businesses alike that even though using facial recognition to help organise photos has been a standard feature across the social media industry, Microsoft is now issuing an update to its Windows 10 Photos app that prompts users to perform the almost impossible task of confirming that all appropriate consents from the people in the user’s photos and videos have been obtained in order to use facial recognition to find photos of friends and loved ones.  This move shifts the burden of responsibility away from Microsoft to the user.

What Does This Mean For Your Business?

The covert and mobile nature of these new glasses not only seems to be somewhat dystopian and ‘big brother’ but could, in theory, provide a way for users to simply get around existing data protection and privacy laws e.g. GDPR.

As a society, we are to an extent, used to being under surveillance by CCTV systems, which most people recognise as having real value in helping to deter criminal activity, locate and catch perpetrators, and provide evidence for arrests and trials. The covert use of facial recognition glasses is, however, another step further on from this and from the deliberately overt and public trials of facial recognition in the UK to date.  As such, to be used in the UK, it will require faith to be put in the authorities that it is used responsibly, and that its accuracy is proven, and that rights groups are able to access facts, figures, and information about the technology, where and how it is used, and the results.  Presumably, the ICO may also have questions about the use of such glasses.

If there is no public transparency about their use, this could also result in suspicion, campaigning against their use and a possible backlash.

Tech Tip – Sleep App That Could Help You Work

We spend one-third of our lives asleep, and it has been estimated that around £30bn and 200,000 working days are lost in the UK each year through a lack of good sleep (gov.uk).  The Rise app shows you how to get better sleep, and keeps a record of your sleeping progress, thereby helping you to feel better and be more productive at work.

Rise offers 4 techniques to help users with sleep, provided by experts, 120 sleep relaxing guides, and sleep tracking tools to enable you to understand how your sleep is affected by the techniques. The app learns your sleep patterns and suggests the technique that may suit you best.  Rise claims that a massive 85% of app respondents reported better sleep after using the Sleep Better app.

You can find the Rise app in Google Play and Apple iTunes stores.

Serious Security Flaws Discovered In Popular GPS Tracker

Researchers at UK cyber-security company, Fidus Information Security, say that they have found security flaws in a popular Chinese-manufactured white-label location tracker that could be serious enough to warrant a recall.

Which Tracker?

The GPS tracker which is used as a panic alarm for elderly patients, to monitor children, and to track vehicles is white label manufactured but rebranded and sold by several different companies which reportedly include Pebbell (by HoIP Telecom), OwnFone Footprint and SureSafeGo. The tracker uses a SIM card to connect to the 2G/GPRS network.  According to Fidus at least 10,000+ of these trackers are currently used in the UK

What’s The Problem?

According to the researchers, simply sending the device a text message with a keyword can trick the tracker into revealing its real-time location. Also, other commands tried by the researchers can allow anyone to call the device and remotely listen in to its in-built microphone without the user knowing, and even remotely stop the signal from the tracker, thereby making the device effectively useless.  On its blog, Fidus lists several other things that its researchers were able to do to the device including change or completely remove all emergency contacts, disable the motion alarm, disable fall detection and remove any device PIN which had been set.

All these scenarios could pose significant risks to the (mainly vulnerable) users of the trackers.

According to Fidus, one of the main reasons why the device has so many security flaws is that it doesn’t appear that the manufacturers, nor the companies reselling the devices, have conducted any security testing or penetration testing of the device.

PIN Problem

The research by Fidus also uncovered the fact that even though the manufacturers built in PIN functionality to help lock the devices down, the PIN, by default, is disabled and users need to read the manual to find out about it, and when enabled, the PIN is required as a prefix to any commands to be accepted by the device, except for REBOOT or RESET functionality.  The problem with this is that the RESET functionality is the thing that really could provide any malicious user with the ability to gain remote control of the device.  This is because is the RESET command that wipes all stored contacts and emergency contacts, restores the device to factory defaults and means that a PIN is no longer needed.

What Does This Mean For Your Business?

What is particularly disturbing about this story is that the tracking devices are used for some of the most vulnerable members of society.  Even though they have been marketed as a way to make a person safer, the cruel irony is that it appears that if they are taken over by a malicious attacker, they could put a person at greater risk.

This story also illustrates the importance of security penetration testing in discovering and plugging security loopholes in devices before making them widely available.  This is another example of an IoT/smart device that has security loopholes related to default settings, and with an ever-growing number of IoT devices out there, many of them perhaps not tested as well as they could be, many buyers are unknowingly at risk from hackers.

Tech Tip – Lightbeam Screen-Sharing App

If you’d like an app that enables you to easily share mobile screens with a friend or colleague, for work or leisure, Lightbeam is a new, free, cross-platform app which does just that.

The social screen sharing app also makes it easy to book group itineraries and reservations for trips, and it also works as a video chat service.

To download the app find it on Apple’s iTunes, and on Google Play Store.

Surveillance Attack on WhatsApp

It has been reported that it was a surveillance attack on Facebook’s WhatsApp messaging app that caused the company to urge all of its 1.5bn users to update their apps as an extra precaution recently.

What Kind of Attack?

Technical commentators have identified the attack on WhatsApp as a ‘zero-day’ exploit that is used to load spyware onto the victim’s phone.  Once the victim’s WhatsApp has been hijacked and the spyware loaded onto the phone, it can, for example, access encrypted chats, access photos, contacts and other information, as well as being able to eavesdrop on calls, and even turn on the microphone and camera.  It has been reported that the exploit can also alter the call logs and hide the method of infection.

How?

The attack is reported to be able to use the WhatsApp’s voice calling function to ring a target’s device. Even if the target person doesn’t pick the call up the surveillance software can be installed, and the call can be wiped from the device’s call log.  The exploit can happen by using a buffer overflow weakness in the WhatsApp VOIP stack which enables an overwriting of other parts of the app’s memory.

It has been reported that the vulnerability is present in the Google Android, Apple iOS, and Microsoft Windows Phone builds of WhatsApp.

Who?

According to reports in the Financial Times which broke the story of the WhatsApp attack (which was first discovered earlier this month), Facebook had identified the likely attackers as a private Israeli company, The NSO Group, that is part-owned by the London-based private equity firm Novalpina Capital.  According to reports, The NSO Group are known to work with governments to deliver spyware, and one of their main products called Pegasus can collect intimate data from a targeted device.  This can include capturing data through the microphone and camera and also gathering location data.

Denial

The NSO Group have denied responsibility.  NSO has said that their technology is only licensed to authorised government intelligence and law enforcement agencies for the sole purpose of fighting crime and terror, and that NSO wouldn’t or couldn’t use the technology in its own right to target any person or organisation.

Past Problems

WhatsApp has been in the news before for less than positive reasons.  For example, back in November 2017, WhatsApp was used by ‘phishing’ fraudsters to circulate convincing links for supermarket vouchers in order to obtain bank details.

Fix?

As a result of the attack, as well as urging all of its 1.5bn users to update their apps, engineers at Facebook have created a patch for the vulnerability (CVE-2019-3568).

What Does This Mean For Your Business?

Many of us think of WhatsApp as being an encrypted message app, and therefore somehow more secure. This story shows that WhatsApp vulnerabilities are likely to have existed for some time.  Although it is not clear how many users have been affected by this attack, many tech and security commentators think that it may have been a focused attack, perhaps of a select group of people.

It is interesting that we are now hearing about the dangers of many attacks being perhaps linked in some way to states and state-sponsored groups rather than individual actors, and the pressure is now on big tech companies to be able to find ways to guard against these more sophisticated and evolving kinds of attacks and threats that are potentially on a large scale.  It is also interesting how individuals could be targeted by malware loaded in a call that the recipient doesn’t even pick up, and it perhaps opens up the potential for new kinds of industrial espionage and surveillance.

Tech Tip – Free Online Presentation App ‘Zoho Show’

If you’d like an app that enables you to create and collaborate, publish and broadcast presentations from any device, quickly and easily, Zoho Show free online presentation software may be for you.

It offers many different themes and has a contextual user-focused interface that guides you through authoring slides, and it has animations and transitions to help set the tone of your presentation for your particular audience.

Zoho Show is available for Apple and Android and is compatible with PowerPoint.  Find more information online here https://www.zoho.com/show/ or download Show from iTunes or the Google Play store.

UK Government Services Information Accessible Via Voice-Activated Smart Speakers

After a six-month trial by the Government Digital Service (GDS) with a view to future-proofing the delivery of online services for citizens, 12,000 items of government information can now be accessed via voice-activated smart speakers and virtual assistants, such as Amazon Alexa and Google Home.

Wider Plan

The GDS trial that has made the information available via voice-activated smart -speakers is part of a wider plan to employ the use of third-party (voice) apps, machine learning, and other new technologies in order to simplify interactions between citizens services going forward. The millions of smart speakers now in use in UK homes means that voice-activated technology has provided an important first step for the government’s plans.

What Kind of Information?

Examples of the kind of government services information that’s now available via Alexa and Google home includes the dates of UK bank holidays, the minimum wage level, information about how to apply for a passport or pension, as well as the answers to childcare and tax-related questions.

Started A Year Ago

The plans to future-proof government services in this way were first made public a year ago when Neil Williams, head of Gov.uk at the time, said that around 400 services had already been identified as potential use cases for voice technology.

Machine Learning Added To Gov.uk website

The idea of integrating machine learning with the Gov.uk website is reported to have led to the creation of an algorithm that helps to tag all the content and develop a taxonomy, thereby making it much easier for users of the website to quickly access relevant information.

The Gov.uk website, which came online back in 2012 is reported to have resulted in huge efficiency savings, as well as making it much easier for citizens to access government content.

Innovation Strategy

In a recent blog post, The Minister for Implementation, Oliver Dowden, highlighted the importance of the GovTech Catalyst initiative in matching innovative private sector solutions with public sector challenges. Mr Dowden also announced the publication of an Innovation Strategy later this year that will share the government’s vision of how GDS and wider Cabinet Office will lay the foundations for the government to use emerging technologies.

What Does This Mean For Your Business?

There are many services that businesses need to access information about and having the information available quickly via smart speakers and virtual assistants could save time and money and help businesses to comply with government rules and regulations.  It could also help businesses to discover opportunities and help that may be available via government services for both the business itself and employees and other stakeholders.

The Gov.uk website has also been a money-saving tool for the government, and making more information available via smart speaker and apps, while improving the website and its operation using machine learning could provide greater savings in the future, while demonstrating how the government is making efforts to embrace and utilise the strengths of new technologies, and simplify access for to information for citizens.

Samsung’s Folding Phone Faults Delay Release Date

The release date of Samsung’s new dual-screen Galaxy Fold mobile handset has been delayed after reviewers reported having removed the top layer of the display causing damage to the screen, problems with hinge areas, and debris getting trapped under the screen.

The Galaxy Fold

Announced as the Galaxy X last summer, the Galaxy Fold handset has two inside panels and one outside panel with the two inside panels folding out to form the 7.3-inch OLED screen, thereby giving the user a much larger screen area.  The fact that the flexible screen folds in on itself when closed also adds protection for the touchscreen when the phone is not in use.

Reviewers

A number of reviewers, including many journalists, were given Galaxy Fold handsets for trial use.  It appears that faults were discovered and were perhaps even caused by many of the reviewers who peeled off what they believed was just a protective layer (despite being warned against doing in the handset’s documentation) that was, apparently, an important part of the screen display’s protection.

Several Faults

Several faults were identified by reviewers and confirmed in a statement from Samsung, including:

  • Issues on the display associated with impact on the top and bottom exposed areas of the hinge.
  • Substances being found inside the device affecting the display performance.

It has also been reported that some reviewers saw creases on the fold and other display glitches which the folding robot really should have found.

Production Problems – Is The Technology Ready Yet?

Part of the delay in the production of a commercial version of Galaxy’s folding phone from the first sighting of its prototype 7 years ago is thought to be down to production problems in the complexity of developing durable but flexible plastic screens.

Also, the fact that competitors LG and Sony have many patents on foldable mobile displays but have not produced a foldable phone yet has led some commentators to suggest that the technology may simply not be fully ready for use in the current generation of phone handsets.

In Samsung’s own statement about the reported faults the company said that “how the device needs further improvements”.

Huawei

Another major phone market player (Huawei) also has a foldable phone in the development pipeline.  Huawei’s ‘Mate X’ version folds outwards, which some have speculated may leave the most vulnerable part of the device exposed all the time. The fact that Huawei has not yet gone to market with its foldable offering may also be a sign that it too is wrestling with similar screen problems i.e. screen creasing.

What Does This Mean For Your Business?

In the phone market, there has been a degree of stagnation as customers delay upgrades while waiting for more innovative models and new features.  A folding phone offers value in terms of its versatility as a kind of “2-in-1” tablet and phone, as well as the novelty value and kudos of having a device with the very latest folding screen.  As expected, however, the Samsung Folding (when is eventually launched), and competitor folding phone models will have a premium price tag (thought to be around £1,500), and although this would decrease as volumes increase, many businesses may decide to wait a bit longer before they buy one.

The fact that Samsung has called-off the launch and not given a future launch date for the Samsung Folding may indeed indicate that the technology is not quite ready, and that simply introducing a model with design faults just to be first to get a folding phone out there is not something they’re prepared to risk.

Fake Finger Fools Fool Proof Phone

A Reddit user claims to have used a 3D printer to clone a fingerprint and then use the fake fingerprint to beat the in-display fingerprint reader on a Samsung Galaxy S10.

Fingerprint Scanner

The Galaxy S10 and S10+ phone models have an Ultrasonic Fingerprint Scanner embedded into the screen that uses soundwaves to create a 3D map of the owner’s fingerprint, and the recognition sensor at the bottom centre of the screen can then be used by the owner to gain entry to the phone by placing their fingerprint on it.

Made Fake Finger

The Reddit user known only as ‘darkshark9’ claimed in a proof-of-concept uploaded to Imgur that they had been able to unlock their own Galaxy S10 phone using a fake finger that had been made using a photograph (taken using the Galaxy S10’s camera) of their own fingerprint on a wine glass.  The mystery ‘darkshark9’ claimed that they had used Adobe Photoshop and Autodesk 3ds Max to work on the photograph and had then used an AnyCubic Photon LCD resin 3D home printer (costing less than £400) to make a physical replica of the fingerprint.

It has been reported that it took ‘darkshark9’ less than 15 minutes to make the fake fingerprint that opened the phone.

Fingerprint Fear

This means that a person with same equipment who could obtain a photo of a fingerprint from an object such as a glass or phone at close distance, or using a higher-quality DSLR camera (from perhaps even across the room) could have the potential to quickly break into anyone’s biometric security protected phone and steal personal data, access apps etc.

What Does This Mean For Your Business?

Many security experts agree that using biometric security as a primary unlock method is less secure than a password or PIN, although it offers convenience and is liked by many users.  In the case of the Galaxy S10, although it was supposedly fooled with the fake finger model, its fingerprint scanner uses ultrasonic sound waves to map the user’s fingerprint in the first place which is more secure than the optical sensors used by some other phones that can be fooled by a paper printout of a fingerprint.

Having a fingerprint scanner / sensor on the phone is better than having nothing at all, as is the case with many people who leave their phones unlocked all the time rather than having to type in a PIN or password.

This is not the first time that phone biometric security measures have been defeated.  For example, it is also claimed that the S10’s facial recognition (because it uses cameras rather than infrared sensors) can be fooled by another phone playing a video of the S10’s owner face.

Also, in a Twitter thread, Manchun Wong claimed that she was able to fool her brother’s S10 facial recognition scanner using her own face, presumably because of the similarity of family and sibling resemblance. This is reminiscent of a case back in 2017 when BBC ‘Click’ reporter Dan Simmons reported that he had been able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own.

Biometric security on phones clearly has some way to go before the effectiveness lives up to the promise, and for the time being, although less convenient, password and PIN may be safer as the primary unlock method.

Tech Tip – Integrated Audio Recording and Note-Taking App

The ‘Noted’ app is a fully-integrated audio recording and note-taking app that can help you to keep track of meetings, interviews, lectures and more.  The app records audio, while also allowing you to type out notes which have rich text and image support.  These notes are automatically time-stamped with easily searchable “time tags”, and the recordings + accompanying notes can be synced through iCloud, organized into notebooks, and quickly searched through.

The basic Noted app free tier has core functionality and allows you to save five recordings. Premium plans e.g. Noted+ allow for more recordings + offer other features such as removing unwanted background noise and enhancing recordings for clearer playback and exporting notes to PDF.

The Noted app is available for Mac, iPhone/iPad, and now the Apple watch so you can capture spontaneous conversations.

To get Noted, go to the Mac Apple Store (itunes.apple.com) and download the basic version for free.  In-app upgrades can be purchased if you require more recordings and functionality. More details about an Android offering coming soon.