Friday, December 16, 2016

Just Pop To The Robot Shop.

Amazon look set to launch a new type of high tech grocery shop next year that allows customers to use an app to record (and pay for) their purchases rather than having to go through a checkout.

What’s So Different About The Amazon Store?

The new Amazon store uses a combination of a special app and in-store technology to allow customers to shop and then ‘just walk out’ without having to encounter a physical checkout.

Customers use as the ‘Go app’ to enter the store and a series of sensors, computer vision and deep learning are used to record the customer’s purchases. The total is totted up in a virtual shop and charged to the customer’s Amazon Prime account.

Tested in Seattle - Rollout Soon Nationwide.

The testing ground for the new stores has been an 1,800 square foot store near Amazon’s own headquarters in Seattle in the U.S.

Although the test store isn’t a full grocery store (mainly ready-to-eat meals & snacks), customers have been able to shop there in the ‘new’ way this year. Some media reports have suggested that Amazon now plans to open as many as 2,000 of the new high tech grocery stores for use by Amazon customers across the U.S.

Amazon ‘Physical’ Retail Experience.

Although many people will know Amazon as an online retailer rather than one with physical stores, this latest move may sound high risk, particularly in the highly competitive grocery sector where there are some powerful and experienced competitors.

Amazon does have physical retail experience in the form of its own bookstore ‘Amazon Books’ which opened in the U.S last year.

Amazon also has some considerable grocery retailing experience in the form of its grocery delivery service ‘AmazonFresh’ which has been operating in the U.S. since 2007. This business has gradually expanded through many U.S population centres including Seattle, New York, Washington, Boston, the northern part of New Jersey, Philadelphia, Connecticut, Baltimore and in many parts of California.

In the UK, Amazon launched a grocery delivery service in June this year for 69 post codes in north and east London. The service is open to Amazon Prime members and costs £6.99 a month.

What Does This Mean For Your Business?

Amazon is therefore an example of how an online business can learn and grow and then enter the physical marketplace. This is the reverse of what many (grocery) retailers have had to do. This could also herald the arrival of a new kind technology based shopping experience that may prove to be very popular with customers and could force competitors to follow suit to some extent, particularly perhaps when it comes to attracting younger shoppers.

The Amazon model also ties customers in to its own system i.e. customers have an Amazon Prime account and need the Amazon Go app to enter the stores and use the service, and this could bring some interesting developments for other businesses to learn from in terms of loyalty marketing.

Thursday, December 15, 2016

You Guessed It. (Er, Your Credit Card Number)

Researchers from the University of Newcastle have developed a credit card querying system that has exposed loopholes in online payment systems. The system could allow cyber thieves using a similar method to successfully ‘guess’ your credit card number.

What Kind of System?

One of the main goals of cyber thieves is of course to obtain credit card details, but what if there was a way to go in through the ‘front’ of online payment systems to get them rather than hacking?

The Newcastle University team led by PhD student Mohammed Aamir Ali have developed a system that simultaneously submits payment requests to multiple websites at the same time.

In tests, this system was able to start with the first 6 digits of the long card number, ‘guess’ the other numbers, and then try out different combinations of those numbers, expiry dates and security codes on other websites. The researchers were able to piece together this information because different sites ask for different credentials to verify a purchase, and it was therefore possible to piece the fragmented details from each of the many sites to get the full, correct credit card details.

The ‘distributed guessing attack’ software based system worked so quickly and so effectively that in tests (using only Visa an MasterCard) the researchers were able to obtain correct card details in less than 10 seconds.

Subverted.

The test showed in essence that the very purpose of payment validation in online payment systems can actually be subverted to help attackers to generate the security data fields require to make successful online transactions.

Alarms Not Triggered.

The researchers found that they were able to run multiple software bots with multiple queries on many hundreds of website payment systems without triggering any alarms or arousing any suspicion. The cards used in the experiment do not enforce centralised checks across transactions from different sites.

Information Shared.

As part of a responsible disclosure exercise, the researchers shared their findings with the top 36 (out of 342) vulnerable websites. Although 8 sites changed their security systems as a result the disclosure, the other 28 are reported to not have made any changes yet.

What Does This Mean For Your Business?

As the researchers pointed out in their paper about the experiment, online fraud is now the largest category of card fraud in the UK, representing 45% of the total value of the fraud committed against UK credit and debit cards.

Although there is no evidence that this ‘distributed guessing attack’ method is currently being used, the experiment has serious implications for all businesses that have an online payment system on their website, or indeed for anyone with a credit card. Visa for example is the most popular payment network in the world and the discovered vulnerabilities greatly affect the entire global online payments system.

If cyber thieves were to adopt this system, the broad outlines of which are now in the public domain, it could also be the case that parts of credit card numbers that have been stolen in previous cyber attacks around the world could be used to successfully obtain the rest of the numbers.

Wednesday, December 14, 2016

Robot Passenger Planes Now Taking Off

BAE Systems has announced that it will be carrying out 17 trial flights in UK airspace of an aircraft that has been specially converted to enable it to fly autonomously.

From Lancashire to Inverness.

The test flights will be made using a modified Jetstream 31 aircraft. The flights are scheduled to take place between BAE's base at Warton in Lancashire and Inverness in Scotland.

BAE have stated that the route will be through non-congested airspace at an altitude of approximately 15,000ft (4.6km). Each flight should take around 90 minutes to complete.

Human Pilots For Take-off and Landing.

Thankfully, the test flights will have pilots on board who will handle take-off and landing, and of course be available should there be any handling problems.

Why?

BAE systems have for some time been working to establish themselves as world leaders in the development and application of autonomous system design for unmanned aircraft e.g. through its advanced technology demonstration programmes such as like Mantis and Taranis.

These new tests represent another step towards the BAE’s vision of the next-generation of Unmanned Air Systems, and as BAE’s research and technology chief Maureen McCue has stated, the company is working towards the possibility of using their own unmanned systems in a highly controlled environment in the UK.

Uses Cameras.

Among the aircraft’s specially modified navigation equipment will be cameras to see other air users, and to survey weather conditions and cloud along the route. These will help the aircraft to fly the safest route.

Working With Air Traffic Control.

Those on the flight path will also be pleased to know that BAE will be working with UK's National Air Traffic Services to see how well and how safely the autonomous aircraft performs.

What Does This Mean For Your Business?

This test is part of a general move towards greater autonomy in transport, particularly public transport globally. Businesses could ultimately end up benefitting from much of the technology developed in these kinds of programmes, and it is likely that many businesses could benefit from the use of some autonomous elements in their operations / activities.

Successful autonomy should of course mean reduced labour costs, greater efficiency and consistency, and hopefully a high level of safety and predictability, all of which are attractive concepts to businesses.

Tuesday, December 13, 2016

Tech Tip


If you like using the Notification Centre on your smart phone, Windows 10’s new ‘Action Centre’ feature offers you something very similar for your computer.

To display it, click the icon to the right of the clock or press the Windows key + A. If you have a Windows phone, and you’re using he same Microsoft account for your PCs, your notifications can be synchronised between the two.

With the Anniversary update you can now customise the tiles and add Quick Action tiles. To make this happen, go to Start > Settings > Notifications & actions.

Don't Be (Unwittingly) Tracked By Uber.

Privacy campaigners have complained (on behalf of concerned customers) after it was revealed that an update to Uber’s app allows users’ GPS signals to be followed after they have left the vehicle at the end of their journey.
Continues To Run In The Background.
The change to taxi-style service provider Uber’s app in the U.S. means that it continues to run in the background on a user’s phone when they have left the vehicle. Prior to the update, the app would only be able to follow a user’s GPS signal while Uber was open on the user’s phone.
Why?
Uber has been reported as saying that the extra tracking ability is needed from the beginning of the customer’s request for a car up until 5 minutes after the journey so that pick-ups can be made more reliable and customer service and safety can be enhanced.
Complaints.
Whatever Uber’s stated reasons, the ‘improvement’ to the app, which was actually announced publicly a year ago, has caused upset amongst those concerned with privacy. When the change was originally announced, the Electronic Privacy Information Centre (EPIC) immediately lodged a complaint with the American Federal Trade Commission.
The Problem.
Those opposed to the app change clearly see it as something that has implications for privacy. The complaint by EPIC suggested that it represented an unfair and deceptive trade practice that misused location data, and threatened the privacy, rights and personal safety of American consumers.
As part of the complaint, EPIC stated that the change to the app ignores the FTC's prior decisions. EPIC points out that prior to the arrival of Uber whose app collects detailed personal information from its users, American consumers could routinely hire taxis without any disclosure of personal information or any tracking of their location.
EPIC also cites a concern that Uber may disclose sensitive personal information to third parties, unaffiliated with the provision of the services to the customer.
EPIC’s complaint also suggests that based on the fact that a ‘top Uber executive in New York City’ was investigated for tracking the location of journalists reporting on the company, some people may feel justified in assuming that the practice was specifically intended to identify and track critics of the company.
Uber - Seems Fair.
Uber however have been reported as saying that it’s app change seemed ‘fair’ in the context that location is at the heart of the ‘Uber experience’, and therefore more location data is needed to improve aspects of that service.
What Does This Mean For Your Business?
This story illustrates how more businesses are using apps and are using the data collected by those apps, and how they could possibly use them in ways that we may not approve of. The reaction to the change in the app in this case however shows what important issues data protection and privacy have become to consumers, particularly at a time where data breaches at large /well known companies appear to be fairly common.

In the UK, this should also be a reminder that GDPR is due to come into force in just over a year’s time, and that businesses need to become well acquainted with how they are able to collect and use customer data relating to EU citizens according to these regulations in order to be compliant, treat customers well, and to avoid bad publicity.

Monday, December 12, 2016

Beware The Car-Key Jammers

Police have issued a warning that some recent thefts from vehicles which have taken place in 3 Berkshire service stations have involved the use of radio jammers.

Remote Technology Used.

Thames Valley Police have said that thefts of items from vehicles at the Chieveley, Reading and Membury services on the M4 have involved the use of radio jamming devices. These devices can be bought cheaply online, the sales of which are likely to be difficult to trace due the fact that many sellers of these items are believed to be unscrupulous or have links to crime.

Although there appears to be no clear proof, police believe that this is the most likely explanation because, in 14 cases, there have been obvious signs of a break-in.

The fact that lorries, vans and cars have been successfully targeted also suggests that jammers rather than keys or similar methods were used.

At Chieveley Services for example, thieves took tools, a suitcase and a laptop. At Membury, it was luggage, wallets and cash were stolen while at Reading Services 3 high end vehicles were targeted. All attacks are thought to have involved the use of jammers.

How Could The Jammers Have Be Used?

As the name suggests, radio jammers interrupt and interfere with radio signals.

Modern vehicle key fobs use radio signals to lock / unlock the doors. Radio jammers can be used remotely and they can easily cover an area the size of a service station car park.

Police therefore believe that the thieves were able to take up a remote position in the car park, far enough away from their targets and other drivers to not be observed, but close enough to be able to operate the jammer as drivers were pressing the ‘lock’ button on their key fobs. A radio jamming signal can prevent the car doors from locking and without a manual check by the driver they are therefore left unlocked until the driver returns.

Service Station Car Parks Perfect Target

Service station car parks are thought to be particularly attractive to thieves using this method because they are busy and have a fast turnaround of transient users who are unlikely to know or to notice who is the owner of a specific vehicle. It is also the case that service station users are more likely to have more valuable items in their vehicles e.g. holiday and work-related items.

Problems With Insurance Claims Likely

There are concerns that because there was no forced entry, victims of these crimes may have difficulty with their insurance claims.

What Does This Mean For Your Business?

This news is of course very significant to business travellers using the M4, using any other UK motorways, or indeed using public car parks.

The advice is for all motorists to:

  • Listen carefully to ensure the locking mechanism has engaged.
  • Check that the door is actually locked before leaving your vehicle, even if you have pressed the lock button on your key fob as normal.
  • Don’t leave valuable items in the vehicle / in view in the vehicle if possible.
Additionally, if you use a laptop or mobile device with sensitive data (e.g. business data) consider encrypting the contents and of course always lock them with a robust password.