Your Latest IT News Update

Licence Plate Recognition-A Million Mistakes a Day!

Concerns over the possible misreading of hundreds of thousands of vehicle licence plates each day have led to calls for statutory regulation of the UK’s automatic number plate recognition (ANPR) system.

<More>

Ford Doubles Investment in Electric Cars

The Ford Motor Co has announced its plans to more than double its previously announced target of $4.5 billion investment in electric cars to $11 billion by 2022, and the company is aiming to have 40 mainstream, hybrid and fully electric vehicles in its model line-up.

<More>

OnePlus Accused Of Credit Card Fraud

Chinese Android Phone company OnePlus is at the centre of a storm of complaints after many customers said that their credit cards had been used for fraudulent transactions after they purchased products from the OnePlus web store.

<More>

New macOS Too Secure?

The new security called ‘System ‘Integrity Protection’ (SIP) behind macOS High Sierra is proving so secure that it appears to be stopping users from being able to delete (third-party) apps with ease.

<More>

New Law Tackles Digital Ticket Touts

The UK Government has announced that cyber touts caught using specialised software called ‘bots’ to purchase tickets in bulk for re-sale at inflated prices on secondary websites, could soon face unlimited fines.

<More>

Tech Tip – Windows 10: “Print” Documents Straight To PDF

Windows 10 finally lets you “print” documents to PDF, which means that you no longer need to install a third-party app to save a web page or document for use offline.

<More>

Licence Plate Recognition -1 Million Mistakes a Day!

Concerns over the possible misreading of hundreds of thousands of vehicle licence plates each day have led to calls for statutory regulation of the UK’s automatic number plate recognition (ANPR) system.

Over 1 Million Mistakes Per Day!

The ANPR system uses 9,000 ANPR cameras, to record and store up to 30 million vehicle records each year. Unfortunately, it is also reported to be recording a staggering (up to) 1.2 million false readings of number plates every day! That’s the equivalent to over 400 million incorrect readings each year!

The implication is that innocent motorists may be wrongly accused and punished for a variety of motoring offences, and that real offenders may be escaping punishment. This has led to calls for statutory regulation of the camera system.

Police In the Dark

Not only does The National ANPR Data Centre (NADC) accept data from all police ANPR systems, without carrying out any checks on the effectiveness of those systems, but it is also believed that Police currently have no meaningful data on the accuracy of ANPR, or on the contribution surveillance cameras make to tackling crime.

Also Cyber Attack Risk

Not only is it unclear what contribution the camera system could be making to cutting crime, but it has also been revealed that some systems could be at risk from cyber attack, thereby possibly allowing data to be changed, making it impossible to use as evidence anyway.

A recent example in the U.S. left over half of the surveillance cameras covering the city of Washington’s public spaces unable to record footage for three days, until experts were able to remove ransomware from the recording devices.

Facial Recognition Camera Concerns

There are growing concerns too, particularly where data protection and privacy are concerned, about the increased use of facial recognition cameras to identify suspects by matching camera images against 19 million custody images held by police. For example, Leicestershire Constabulary faced criticism after using automatic facial recognition at the Download concert in 2015, in Donnington Park, and the Metropolitan Police used similar technology during last year’s Notting Hill Carnival to match images of people with photographs stored on its Electronic Wanted and Missing Systems (EWMS).

Surveillance Camera Commissioner Says…

The England and Wales Surveillance Camera Commissioner, Tony Porter, has said that he is yet to be convinced that an assertion that national ANPR meets performance standards holds water.

What Does This Mean For Your Business?

Although there may be valid concerns about inaccuracies in the ANPR system and the impact these could have on businesses and individuals, other surveillance cameras can play an important role for business security monitoring systems. Used responsibly and only for the intended purpose, they can add value, and provide a low cost, cost saving, and vital way to maintain security.

Camera surveillance generally is now an almost unnoticed part of daily life in what, according to Big Brother Watch, is now the most surveilled western democracy, where there is now an estimated 6 million+ surveillance cameras. The worry among some of those being watched is that privacy and security are at risk, the fact that we are being watched constantly by unknown parties (and our images potentially stored and shared) is sinister, mistakes can be made with the responsibility being placed on the victim to clear their name and prove inaccuracy, regulations are not adequate, and that many cameras are operated by businesses, and quasi-government organisations.

For many people, an argument that ‘if you’re doing nothing wrong you’ve got nothing to worry about’ is not a valid argument because it simply gives a green light to the further erosion of rights without considering the consequences, and occasionally we all do something wrong (but perhaps not intentionally) which is more likely to be caught on camera than ever before, and the punishment may not feel as though it fits the crime with the inflexibility of some camera-based systems and their operators.

The introduction of GDPR will also have implications for what images from surveillance cameras are stored, where and how securely they are stored. For example, GDPR could apply to stored facial images of individuals.

Ford Doubles Investment in Electric Cars

The Ford Motor Co has announced its plans to more than double its previously announced target of $4.5 billion investment in electric cars to $11 billion by 2022, and the company is aiming to have 40 mainstream, hybrid and fully electric vehicles in its model line-up.

Cost Cuts To Create Investment

Ford’s Chief Executive Jim Hackett is reported as saying that the capital investment for the major move to electric / hybrid car manufacture will be created by slashing a massive $14 billion in costs over the next five years.

Why?

The shift towards investment in electrification is being driven by pressure from regulators in China, Europe and California to cut carbon emissions from fossil fuels, and plans by China, India, France and the United Kingdom to phase out vehicles powered by combustion engines and fossil fuels between 2030 and 2040.

Ford’s move is also being driven by pressure from the success of Tesla in creating electric sedans and SUVs that resulted in a large number of orders, causing it to surpass Ford in terms of market capitalization, thereby positioning Tesla as the second-largest auto company in the U.S. after General Motors. Tesla also proved to other car manufacturers that large-scale demand exists in the market.

A large amount of the pressure driving Ford’s move, of course, also comes from the move by its bigger competitors into electrification. For example :

  • GM announced last year it would add 20 new battery electric and fuel cell vehicles to its global line-up by 2023.
  • Volkswagen said in November it would spend $40 billion on electric cars, autonomous driving and new mobility services by the end of 2022.
  • Toyota is working towards creating breakthrough battery technology in the first half of the 2020s with a view to cutting the potential cost of making electric cars.
  • Mercedes-Benz plans to electrify its entire portfolio by 2022 (50 electric and hybrid models).
  • Jaguar Land Rover plans to electrify its entire vehicle line-up by 2020.
  • Renault, Nissan, and Mitsubishi plan to release 12 all-electric models by 2022.
  • Volvo plans to electrify all its vehicles by 2019.

Thinking Big

Ford hopes that its ‘think big’ on electric cars strategy which arrived with its new chairman Jim Hackett (previously in charge self-driving car subsidiary Ford Smart Mobility) will enable it to accelerate global development of electric vehicles, make quicker decisions, and gain ground on the competition.

Which Cars?

Whereas motor show presentations currently indicate many other manufacturers appear to be currently focusing on electric trucks and SUVs, Ford has been clear that it plans to electrify all of its iconic and popular vehicles, 40 electric vehicles by 2022, with 16 fully electric vehicles and the rest plug-in hybrids.

What Does This Mean For Your Business?

The move to electrification by car manufacturers has been coming for some time, pushed by international pollution / emission targets, and pulled by consumer demand and the promise of new opportunities. For businesses, costs as well as performance and reliability are important, and as long as electric vehicles deliver on all three, then the move to electrification is good news.

Although the move to electrification will have implications for vehicle-related businesses e.g. fuel suppliers, garages and parts suppliers, it will also create new markets and new opportunities. For example, Ford’s own ‘Team Edison’ is looking for strategic partnerships with other companies, including suppliers, in some markets.

Electrification of vehicles on a large scale will also bring exciting and potentially cost-saving driverless vehicle opportunities for many businesses.

There are, of course, the obvious environmental benefits that we can all enjoy in the future with cleaner air.

OnePlus Accused Of Credit Card Fraud

Chinese Android Phone company OnePlus is at the centre of a storm of complaints after many customers said that their credit cards had been used for fraudulent transactions after they purchased products from the OnePlus web store.

What Happened?

After receiving multiple customer complaints on the OnePlus support forum, and on social media platform Reddit over the weekend linking purchases on its website oneplus.net to fraudulent activity customer accounts, OnePlus has issued a statement saying that it has launched an investigation into the claims.

Customers affected appear to be those who have purchased a phone directly through the company website with their credit card rather than using a third-party such as PayPal.

A poll on the OnePlus support forum indicates that as many as 200 people in different countries have seen fraudulent charges, ranging from $50 to $3,000, appear on the credit cards that they used on the OnePlus site.

Theories and Denial

Theories as to what may have happened include the fact that the company’s Oneplus.net e-website was initially built on the Magento eCommerce platform which was known to be vulnerable to cross-site scripting and remote code execution attack. OnePlus has said, however, that although it had used the platform originally, since 2014 it had been re-building the entire website with custom code, and credit that card payments were never implemented in Magento’s payment module.

Another theory, fuelled by a security audit by Fidus, focuses on the idea that OnePlus may have been conducting card transactions itself, rather than through an iFrame, thereby making credit card details (including security code) vulnerable to interception as they passed through the OnePlus site. OnePlus has denied this, saying that it hasn’t been processing cards itself, it doesn’t save any payment information surrendered when people purchased its phones, and that it merely passes all data to a partner who handles the payment process.

Problems In The Past

Some of the accusations are fuelled by the fact that, last year, OnePlus admitted that some of its phones had been sending data to Alibaba without the user’s knowledge or consent, thereby breaching data protection law in Europe. Also, the company admitted that an insecure, secret back-door diagnostic tool had been left on some phones.

What Does This Mean For Your Business?

Customer trust is paramount in business, and businesses have a responsibility to make sure that all customer data and privacy is protected. The introduction of GDPR this year should help to push this message even further towards to top of the business agenda. This story reminds us that, in a time where we are more confident than ever to buy online, basic security vulnerabilities still exist in some cases where credit card numbers are submitted through forms.

Sadly, as in so many cases, breaches and security vulnerabilities are not revealed first by the company themselves, but by affected customers and researchers / other third-parties. In the case of OnePlus, as in so many others, customers have accused the company of being slow to respond to the problem.

Companies need to test and audit their payment systems to make sure that they offer maximum security as well as convenience to customers.

This story should also be a reminder of how important it is to have a workable, well-communicated, and current Disaster Recovery Plan and Business Continuity Plan in place.

In the case of OnePlus, more information is yet to be revealed about exactly what happened and why. The company itself has advised customers who think they may have been affected to check their card statements, and contact their banks to resolve any suspicious charges and help to initiate a chargeback and prevent any financial loss.

New macOS Too Secure?

The new security called ‘System ‘Integrity Protection’ (SIP) behind macOS High Sierra is proving so secure that it appears to be stopping users from being able to delete (third-party) apps with ease.

What’s The Issue?

The process behind the SIP was first introduced to users during the ‘El Capitan’ version of macOS (10.11) in late 2015, and has a unique advantage in relation to macOS’s overall security infrastructure.

However, the SIP framework follows Apple Software Update processes that are so strict that it is impossible with the new macOS environment for runtime attachments or code injection infiltration to occur within an Apple Software Update setting.

All this means that not only will users find it less easy to delete certain third-party software / apps, but also that the past bugs may be made exempt by the ‘rootless’ SIP framework, and could, therefore, become a future risk.

Why?

Apple is essentially undertaking a simple bunkerisation / sandboxing of app behaviour within the macOS environment from a binary level in order to prevent third-party developers who have not sold their wares through the macOS App Store from being deleted with ease. Therefore, the only software affected by this security change is software developed outside of Apple.

Sealed

The ‘sealed’ nature of the software environment in iOS means that ‘permissionless’ app distribution on an iPad or iPhone can’t really happen and actually goes against the terms and conditions of use. The only way around it would be to ‘jailbreak’ the device, which would also wave the owner’s right to a legal warranty. However, the macOS App Store allows for permissionless app distribution in the context of online software distribution.

What Does This Mean For Your Business?

Security is a priority to businesses today, particularly with the proliferation of potentially devastating malware and phishing scams. With Android phones, for example, there have been some problems and scares recently with 36 fake, malicious apps turning up in Google Play, and with a fake version of WhatsApp being downloaded from Google Play by more than one million unsuspecting people. Apple systems have always been seen as a more secure option, a benefit that is very much valued by Apple users. Any move to protect the Apple environment is, therefore, something is likely to be valued and understood by many users, and any talk of potential ‘security’ problems causes alarm among the Apple community.

The problem, in this case, isn’t really that there is any kind of immediate security flaw as such, but that there is a more of a new user annoyance in relation to personal choice, as the High Sierra system allows third-party app installation but not its own singular removal. One possible potential security risk is that a user could be tricked into installing a virus or phishing app which is then protected by the sealed SIP framework.

It is, however, possible to restart the system in ‘recovery mode’ and delete any offending app because ‘recovery mode’ suspends any SIP framework protection during the ‘recovery’ boot-up mode sequence.

New Law Tackles Digital Ticket Touts

The UK Government has announced that cyber touts caught using specialised software called ‘bots’ to purchase tickets in bulk for re-sale at inflated prices on secondary websites, could soon face unlimited fines.

Bots Ban This Year

The UK Government stated at the end of December that it planned to make this year a great year for music and sports fans by passing new legislation to ban ticket tout bots. The proposed legislation will be designed to deter ticket touts from exploiting automated software to bulk-buy tickets thus bypassing ticket limits imposed by the management team behind the events.

The fact that the UK government has now notified the European Commission is further evidence that it now wants to press ahead with the bots ban as soon as possible.

Digital Economy Act

The UK already has the Digital Economy Act (2017) in place, and the new legislation will be added as a provision to this existing Act. The DEA (2017) already has additional requirements on ticket sellers to provide a bespoke ticket numbering system.

The changes will also mean a revision of the Consumer Rights Act in order to help clarify the restrictions imposed on secondary re-selling of tickets.

Examples

Recent examples of the reason why the government wants to push ahead with the legislation include concert tours by Adele and Ed Sheeran, where bots were used by touts to purchase large quantities of tickets before re-selling them at inflated prices, thereby leaving fans feeling let down and excluded. Also, for the Broadway hit show Hamilton in London’s West End, touts’ use of bots has led to tickets being sold for upward of £6,000.

Live Sport And Music At A Fair And Reasonable Price

The Rt Hon. Matt Hancock MP, the Minister of State for Digital, Culture, Media and Sport, believes this new statutory clampdown will help fans see live sport and music at a fair and reasonable price. He has stated that the government plans to work together with improvements by industry, to help make the market more transparent and improve Britain’s thriving live events scene.

Industry Collaboration – A Future Partnership?

The government hopes that industry can be more innovative to help deal with the ticket tout bot problem. The Department for Digital, Culture, Media & Sport (DCMS) cites pioneering examples from DICE, the UK software giant, using mobile technology to ‘lock-in’ tickets to user accounts to circumvent the possibility of touts acquiring digitally locked tickets.

Well-known musicians who have been hit by touts have also launched a partnership to sell tickets that cannot be sold on at a profit. For example, Twickets.co.uk has support from big names like Ed Sheeran and others.

Also, GUTS, a Dutch start-up is using Blockchain, the technology behind Bitcoin, to create a system that makes it impossible to sell on tickets for a profit. The hope is that a legislative drive, along with industry-based innovation, can help make fans experience of live music and sport more enjoyable and preferably a lot less expensive.

What Does This Mean For Your Business?

The buying-up and re-selling (at hugely inflated prices) of music and sport event tickets has only benefitted the touts and has had a serious downward effect on the profits of promoters, artists and sporting stars as fans have felt disillusioned, ripped-off and abandoned. The image of some major artists (and therefore, the value of their brands) and the loyalty of fans has also been affected because the activities of touts has a rub-off effect on the artists themselves.

This move by the government is an important and long-overdue move in the right direction for the live entertainment industry. Although introducing a change to law in itself will not stop the activity of technology-toting touts overnight, if used in partnership with innovations in the industry such as locked-in tickets and the use of Blockchain technology, and coupled with the very public support for systems where fans can buy tickets at fair prices e.g. Ed Sheeran’s public support for Twickets.co.uk, the activity of touts could be limited. In short, this will benefit the industry and the fans.

Tech Tip – Windows 10: “Print” Documents Straight To PDF

Windows 10 finally lets you “print” documents to PDF, which means that you no longer need to install a third-party app to save a web page or document for use offline. You can now simply select PDF as a printing output option.

To Print to PDF in Windows 10:

  1. Open up your document e.g. in a text editor like Microsoft Word (this actually works from any program that lets you print, not just Word, and not just with a text document).
  2. Click File > Print.
  3. Under Printer or Destination, choose Print as a PDF.

Your Latest IT News Update

Meltdown and Spectre … Urgent!

Two major security flaws which are present in nearly all modern processors / microchips mean that most computerised devices are potentially vulnerable to attack, including all iPhones, iPads and Macs.

<More>

‘Ripple’ Takes Second Place To Bitcoin

As investors look for alternatives to the volatile bitcoin bubble, crypto-currency Ripple has become the second most valuable virtual cash system, followed by ethereum and litecoin.

<More>

Abominable Apps At Google Play. (i.e. Malware)

Security researchers have discovered 36 fake and malicious apps for Android that can harvest your data and track your location, masquerading as security tools in the trusted Google Play Store.

<More>

Cloud Companies The Next Big Target For Ransomware

The latest Massachusetts Institute of Technology (MIT) Review has predicted that ransomware targeting cloud services will be one of the biggest cyber-crime threats of this year.

<More>

Are Screens Causing Short-Sightedness In Young People?

With increasing levels of short-sightedness among young people, some experts have concluded that a young life spent looking at small screens rather than in the great outdoors could be one explanation for it.

<More>

Tech Tip – Currency Converter In The Calculator

If you haven’t already spotted it, the Windows 10 Fall Creators update from last year means that a helpful currency converter is built into the calculator on a Windows 10 PC.

<More>

All iPhones, iPads and Macs Affected by 2 Major Bugs – Meltdown and Spectre

Two major security flaws which are present in nearly all modern processors / microchips mean that most computerised devices are potentially vulnerable to attack, including all iPhones, iPads and Macs.

What Security Flaws?

The 2 hardware bugs / flaws in nearly all computer processors made in the last 20 years are known as ‘Meltdown’ and ‘Spectre’. The 2 flaws could make it easier for something like a malicious program to steal data that is stored in the memory of other running programs.

Meltdown

Meltdown, discovered by researchers from Google’s Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, affects all Intel, ARM, and other processors that use ‘speculative execution’ to improve their performance (most of the modern global market). Speculative execution is when a computer performs a task that may not be actually needed in order to reduce overall delays for the task – a kind of optimisation.

Meltdown could, for example, leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.

Spectre

Spectre, which affects Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.

Apple Systems and Devices Affected

Apple is reported to have said that all Mac systems and iOS devices are affected, although the Apple Watch is not believed to be affected by it.

No Known Exploits Yet

It should be said that researchers have uncovered the existence of the flaws, and while the potential for exploitation is there, there have been no known exploits to date. In the light of the wide publicity that the existence of the flaws has received, this could change.

What’s Being Done?

Intel has announced that that it is working with AMD, ARM, other technology companies and some operating system vendors to find a fix. Intel and ARM are also planning to release patches for the flaws in upcoming software updates from them and operating system makers.

Google has said that the flaw didn’t exist in many of its products, and it has mitigated the issue in those products where it was present. Google has also said that an upcoming browser update (Chrome 64) will offer further protection when it is rolled out on 23 January.

Microsoft has released an emergency patch for all Windows 10 devices with other updates for other Windows versions scheduled for release within days. Amazon is reported to have said that its whole EC2 fleet is now protected.
Apple has issued a partial fix in macOS 10.13.2 and will continue to fix the issue in 10.3.3.

What Does This Mean For Your Business?

It is highly likely that your devices are affected by the flaws because they are hardware flaws at architectural level, more or less across the board for all devices that use processors. The best advice is to install all available patches without delay and make sure that you are receiving updates for all your systems, software and devices.

Although closing hardware flaws using software patches is a big job for manufacturers and software companies, it is the only quick answer to a large-scale problem that has been around but apparently ‘under the radar’ for a long time.

Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.

‘Ripple’ Takes Second Place To Bitcoin

As investors look for alternatives to the volatile bitcoin bubble, crypto-currency Ripple has become the second most valuable virtual cash system, followed by ethereum and litecoin.

Bitcoin Bubble Fear Means Ripple Looks Attractive

The media has been full of reports about the steep and rapid rise in the value of the blockchain-powered crypto-currency. From a value of £740 per bitcoin at the beginning of 2017, to in excess of £15,000 in December, falling (with a few bumpy troughs) to £11,000 this week, many investors, spooked by what many see as a bubble have been looking for alternatives.

It is likely to be no coincidence, therefore, that the value of crypto-currency Ripple has risen as bitcoin’s value fell to see it take second place to bitcoin at $2.34 (1.73) per XRP (the name for a single Ripple unit). Although this doesn’t seem to be a large amount, it is much higher than the $0.0065 (just over half a US cent) each unit was worth a year ago.

The crypto-currency of Ripple is now worth $142bn, second in value to bitcoin at $251.4bn, and ahead of ethereum at $100.6bn and litecoin at $13.2bn.

The Ripple

Unlike bitcoin which operates outside of the reach of the banks, Ripple was set up to help banks speed up and modernise how they pay each other. 100 banks, so far, have signed up to use Ripple’s payments system. These sign-ups include big hitters like Bank of America and UBS, Japan’s big credit card companies (for payments and settlement), and some South Korean and Japanese banks (through a pilot project to handle cross-border payments).

Ripple has no real assets or revenue streams to support the rate, and the market is calculated by multiplying the number of XRP coins in existence by the current dollar exchange rate. Also, Ripple XRP coins, unlike e.g. bitcoin, aren’t ‘mined’ by the members of the network that processes the transactions, but have been pre-mined and are slowly released as the network is used.

It is believed, therefore, that the recent adoption of the currency by these banks and credit card companies, and the search for alternatives to the uncertainty of the bitcoin bubble have been the main drivers of the value of Ripple.

Ethereum and Litecoin

Ethereum, the next highest value crypto-currency after Ripple has seen an increase in value of 9,240 % year over year. Litecoin meanwhile, has also seen a rapid and steep rise in value of 5,195 % year over year (Coinbase figures).

The rise in the value of these crypto-currencies also corresponds with the fall in value of bitcoin.

Crypto-Jacking Warning

With the rise in value and popularity of crypto-currencies, experts have warned that there are likely to be more incidents of ‘crypto-jacking’, where people’s devices are taken over by people trying to mine crypto-currencies. Earlier this month, for example, the Android phone-wrecking Trojan malware, dubbed ‘Loapi’, was discovered by Kaspersky researchers. In tests, after running it for several days mining the Minero crypto-currency, the android phone used in the test was overloaded with activity (trying to open about 28,000 unique URLs in 24 hours) to the point that the battery and phone cover were badly damaged and distorted by the resulting heat.

What Does This Mean For Your Business?

The rise of crypto-currencies, such as bitcoin, to the point where it was finally being taken up by investors, businesses and governments, has been filled with high profile ups and downs e.g. a fall in its value on the Tokyo-based Mt. Gox exchange following a hack in late 2013. Predictions of the value being a risky bubble, coupled with a hack of the NiceHash digital currency marketplace’s payment system resulting in the theft of bitcoin to an estimated value of $80m have sent the value of bitcoin downwards again in December. As investors look elsewhere for safer alternatives or the next big thing, and as they become more used to the concept of crypto-currencies, Ripple ethereum and litecoin have benefitted.

Bitcoin has many attractive advantages for businesses such as the speed and ease with which transactions can take place due to the lack of central bank and traditional currency control (Ripple is actually a product of the banks).

Crypto-currencies generally mean easier, faster and more convenient cross-border and global trading, but traditional currencies tend to have the backing of assets or promises of assets of some kind. Crypto-currencies, therefore, tend to be less trusted and more volatile in the markets, and it’s likely there will be many more ups and downs with many different crypto-currencies, although bitcoin has a head start and has weathered storms before. It’s a case of watch this space.