Monday, January 29, 2018

HP Worldwide Recall of ‘Fire Hazard’ Laptop Batteries

HP has announced that it is launching a worldwide voluntary safety recall and replacement program for certain notebook computer and mobile workstation batteries over safety concerns.

Fire Hazard

The reason given for the recall is that the batteries, including those for the ProBook, ZBook, x360, Pavilion and Envy, is that HP says they have the potential to overheat, posing a fire and burn hazard to customers.

The fire hazard risk appears to have been reported by the Consumer Product Safety Commission (CPSC) which identified eight cases of the batteries overheating, melting, or charring. There has also been a report of one person suffering a first-degree burn from the battery, and three others suffering damage to property totalling $4,500.

How Big Is The Problem?

The CPSC estimates that as many as 50,000 units sold in the U.S. are at risk, and possibly, a further 3,000 more units sold in Canada.

Which Batteries?

HP says that the affected batteries were shipped with specific HP Probook 64x (G2 and G3), HP ProBook 65x (G2 and G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 notebook computers and HP ZBook (17 G3, 17 G4, and Studio G3) mobile workstations sold worldwide from December 2015 through December 2017. This includes those sold as accessories or provided as replacements through HP or an authorized HP Service Provider.

HP has provided a list of the notebook product names for batteries that may be affected at the foot of this page on its website: https://batteryprogram687.ext.hp.com/en-US/Home/ProgramSummary

How to Check Your Battery

On the same web page, HP has provided a downloadable HP Validation Utility which will check whether the battery is in your notebook is affected. The utility will also verify the battery as being one of HP’s, and this means that HP will be able to send a free replacement battery.

What If You Can’t Get To The Battery?

HP have stated that in cases where the battery is internal to the system (and isn’t customer replaceable), they will provide a “free battery replacement service” for each verified, affected battery validated on their HP Battery Recall website. This will mean that the battery will be replaced by an authorized technician at no cost to the customer.

Battery Safety Mode


In the light of the news about fire risk, if customers need to continue using their notebook, HP says that they can do so by enabling the Battery Safety Mode by connecting the notebook to an HP power adaptor.

What Does This Mean For Your Business?

The reports of people suffering burns and property being damaged are alarming, and the immediate advice for businesses with HP notebook computers and mobile workstations is to go to the HP Battery Recall website https://batteryprogram687.ext.hp.com/ to check if their battery is affected, learn about the BIOS update that contains the Battery Safety Mode feature, and to order a free battery and battery replacement services, if eligible.

In times where mobile devices are becoming ever more popular and powerful, and globalisation means that products can be widely shipped in large numbers before a problem is identified, stories such as these are becoming all-too-common. For example, there was the case of the Galaxy Note 7 phone recall due to explosive batteries, and last August, 10,000 Galaxy Note 4 batteries were recalled for risk of overheating. In the case of HP, they appear to have acted quickly, and to have provided adequate help and advice to customers. This story is also, therefore, a reminder of the importance of a having Disaster Recovery Plans in place.

Amazon’s ‘No Checkout’ Grocery Store Opens

Amazon has opened a revolutionary checkout-free, bricks-and-mortar
grocery store called ‘Amazon Go’ in Seattle, after more than a year of testing.

How Can It Have No Checkouts?

The Amazon Go store uses infra-red ceiling-mounted cameras and electronic sensors to track what shoppers remove from the shelves (which have weight sensors), and what they put back. Some items carry a visual dot code, which acts like a barcode, to help the cameras to identify them.

The system uses a deep learning element so that it can differentiate between customers as they move around the store and between similar looking items for sale. The items for sale are added to the customers’ Amazon Go account as they pick them up, and items are deleted from the account if they put back on the shelves. An electronic receipt is issued as the customer exits the store.

Cash is not needed as customers are billed to the card that Amazon has on file. The ‘grab and go’ concept of the Amazon Go “just walk out” store means that it has no checkout operators or self-service tills because the whole process is automated.

As yet, there is no information about how accurate the system is, and there have only been some reports of minor teething problems.

Super-Convenient

The fact that Amazon Go appears to have eradicated the challenges of long queues which can deter shoppers, and removed the challenge of human error and other messages and authorisation processes that can disrupt self-service tills, could mean that the new store concept poses a real challenge to other retailers.

Whole Foods

Amazon began challenging grocery retailers in the US such as Wal-Mart in the bricks-and-mortar world last summer when it bought Whole Foods Market Inc. for $13.7 Billion, with industry insiders saying that it would be a long and costly process for Amazon to revolutionize grocery delivery the way they revolutionized online retailing. Before groceries, Amazon moved into brick-and-mortar retailing with the opening of a bookshop in Seattle in 2015 – there are now 13 in the US, plus dozens of pop-up outlets.

Amazon launched its ‘Amazon Fresh’ grocery delivery service in the UK back in 2016, and reports indicate that it is 25% cheaper to use Amazon Fresh than shopping in traditional supermarkets.

What Does This Mean For Your Businesses?


The strengths and reach of Amazon has meant that it has spent the last 3 years diversifying and challenging more businesses in more markets. The scaling up of its parcel delivery, plus drone and robot deliveries, Amazon Fresh, its purchase of Whole Foods, and its opening of its Amazon Business online trade counter have seen more (small and large) businesses facing a tough new competitor. It is also worth noting that Amazon has a presence and therefore a potential instant grocery ordering system in many homes in the UK in the form of the Amazon Echo, thereby giving them a further advantage over the traditional big supermarkets.

For the big supermarkets here in the UK, although Amazon Go won’t challenge profits directly now (Amazon Go is one store in Seattle at the moment), the fact that it exists, it works, it appears to address key customer concerns (no queues), and its in the hands of a company with the scale, reach, and brand awareness to expand it is a worry and another challenge to the big grocery retailers.

On the plus side, if the technology could be replicated, it could serve as a blueprint for something that could be copied by the big supermarkets in some key locations.

Some commentators have pointed out that, while Amazon is not yet making large amounts of money (in big player terms) from its retail stores, they are helping to raise brand awareness and to promote Amazon’s Prime membership scheme.

WhatsApp For Business Launches in UK

The new business-focused version of WhatsApp for Android is now
available for download in the UK.

Small Business Needs

The new WhatsApp Business can be downloaded for free at Google Play, and is specifically aimed at the needs of small businesses, which account for 99.3% of all private sector businesses in the UK (FSB).

Facebook-owned WhatsApp has said that it wants people to use WhatsApp to connect with small businesses, and that the new ‘WhatsApp Business’ will make it easier for companies to connect with customers, and offers a more convenient way for the 1.3 billion WhatsApp users to chat with businesses.

Why Launch WhatsApp Business?

Since Facebook acquired WhatsApp in 2014 for $22 billion, the company has been looking for ways to monetize the app which, although was developed for use by individuals, is now being widely used by people in business, and in large and small organizations as a collaboration tool for staff.

This move by WhatsApp is also designed to gain a march on rivals in what has become a battle for the attention of consumers by messaging apps including Apple’s iMessage, Facebook’s Messenger, Kik, Slack for business, and others.

What Can It Do?

The launch in the UK (and the US, Indonesia, Italy and Mexico at the same time) is part of the wider worldwide rollout. According to WhatsApp, 80% of small businesses already using the App in India and Brazil say WhatsApp helps them both communicate with customers and grow their business (Morning Consult study figures).

Features

Features of the App include:
  • Business Profiles: to help companies to provide useful information to customers e.g. business description, email or store addresses, and website.
  • Smart Messaging Tools: to enable companies to respond quickly with answers to frequently asked questions, also greeting messages to introduce customers to the business, and away messages that let them know you’re busy.
  • Messaging Statistics: simple metrics like the number of messages read to see what’s working, and to give businesses a way of measuring and monitoring the effectiveness of the app.
  • WhatsApp Web: to enable the sending and receiving of messages with WhatsApp Business on the desktop.
  • Account Type: so that customers will know that they’re talking to a business because it is listed as a Business Account. This can become a Confirmed Account later (similar feature to Twitter’s verification process), and once confirmed, the account phone number will match the business phone number.
  • WhatsApp allows users to send photos, it has end-to-end encryption security (n important feature for businesses), allows for easy document sharing (up to 100 MB), and allows for seamless syncing of your chats to your computer so that you can chat on whatever device is most convenient.

What Does This Mean For Your Business?


Since many business people (and more importantly, their customers) were using WhatsApp for general communication anyway, it makes sense for Facebook to develop a version that is focused more specifically on small businesses. Clearly, this is a very large market in countries across the world, and it will, of course, present opportunities for monetisation and probably advertising using the Facebook-owned network in future.

From the perspective of businesses, WhatsApp provides a lot of powerful, useful, and cost saving features for a handy free app, and with speed and versatility of communications being an important factor in getting the business in today’s environment, WhatsApp Business is likely to prove popular.

WhatsApp Business offers businesses / brands the potential for building a relationship with their customers on a 1:1 level. The huge user base of the app, its speed and reliability, and the verification system of the business version could provide new opportunities for businesses that are able to harness it in a value-adding and engaging way.

There are many possible applications for WhatsApp Business e.g., KLM’s use of the app for flight confirmations and updates, brands using the app on competitions, and WhatsApp Business could work well in industries such as hospitality. WhatsApp could be a perfect way to enable customers to book a hotel room, get customer support, and even access an on-site member of staff such as a concierge. Retail brands could use the app for many purposes in addition to just shipping confirmations.

Many tech and business commentators are saying that 1:1 messaging is the future of personalized commerce and post-purchase customer service, and WhatsApp Business is well positioned enough, and widely used enough to provide opportunities for businesses worldwide to improve their communication and relationship marketing.

10% of Cryptocurrency ICOs Are Stolen

A report by Ernst & Young has highlighted the fact that 10% of all
funds raised through Initial Coin Offerings (ICOs) are stolen by hackers using techniques such as Phishing.

What Is An ICO?

An Initial Coin Offering (ICO) is a controversial way of start-up companies raising money / crowd funding to build new technology platforms or to fund businesses that use crypto currencies (also called tokens), and the underlying blockchain technology. The tokens only become functional units of currency if / when the ICO’s funding goal is met, and the project finally launches.

The controversy about ICOs centres around the fact that, although it is an innovative new source of venture funding, some commentators view ICO projects as unregulated securities that allow their founders to raise an unjustified amounts of capital, and that valuations of ICO tokens may be driven too much by the fear of missing out and, therefore, seem to result in investors rushing to put money into projects that ignore some important market fundamentals, such as project development.

$400 Million Stolen

After analysing more than 372 ICOs, Ernst & Young has reported that approximately $400 million of the total $3.7 billion funds raised to date has been stolen by hackers. The most widely used technique to steal the digital cryptocurrency funds was found to be Phishing, resulting in the theft of $1.5 million in ICO proceeds per month.

ICOs are an opportunity for scammers because they are able to take advantage of the promise of people making a huge return from a relatively low investment.

As well as scammers taking money, the study also found that underlying software code in some projects contains hidden investment terms that have not been disclosed, or that contradict previous disclosures e.g. saying there will be no further issuance of a cryptocurrency, while the code may leave that option open.

Challenges To Reaching Targets For ICOs

The Ernst & Young research shows that the volume of ICOs has been slowing since late 2017, with less than 25% reaching their target in November 2017, compared with 90% in June. Recent ICOs have faced challenges in reaching their targets, a drop in quality i.e. more low quality projects with higher fundraising goals are being presented, and issues from earlier projects are now being highlighted.

Crypto-based investment of choice is therefore waning, organizers and contributors are now facing increased regulatory scrutiny, and they are therefore now under more pressure to prove the longer-term potential of their product or service to an increasingly sceptical audience.

What Does This Mean For Your Business?

A drop in the value of popular cryptocurrency Bitcoin (its value has fallen 12% over 24 hours), added to warnings about investing in cryptocurrencies from the chairman of UBS and warnings by billionaire investor Warren Buffett (who said he would never invest in cryptocurrency), and news reports of scams such as a fake sale con for instant messenger service Telegram to unsuspecting would-be investors have all served as warnings about the risks of cryptocurrencies and of ICOs.

This latest Ernst & Young research has only served to cement that message to businesses and investors, and some commentators now think that ICOs could soon disappear altogether as a viable fundraising option, unless they can address the issue of security urgently and effectively.

Nominet To Walk Away From Own Charitable Trust

Questions about Nominet Trust’s direction and accountability have led to
Nominet announcing that it is withdrawing from its own charitable foundation that it set up over a decade ago.

What Is Nominet Trust?

Nominet Trust is the charitable foundation that was set up by Nominet, the UK’s domain-name registry, as a way of dealing with the excess revenue from registrations of .uk domain names.

What’s Gone Wrong?

An email sent by Nominet CEO Russell Haworth cites problems with the Trusts “grant-giving, single funder model” which was set up in 2008, as being at the heart of the reason for Nominet wanting to walk away from its own Trust.

It has been reported, however, that some members of the Trust became concerned that, rather than using the money from .uk to find good causes, money may have been used to fund unrelated business expansions, including loss-making ventures.

There was also concern after Nominet raised its prices by 50% for reasons that were unclear to many, and that contacts Nominet had signed to run dozens of new domain registries, may have been won by offering below-market rates.

The announcement of the move away from the Trust by Nominet was accompanied by the resignation of the chair of trustees Natalie Campbell, and by two of its directors, former Nominet board member Nora Nanayakkara, and Jemima Rellie.

Trouble At The Top?

There appears to have been a history of trouble at the top at Nominet with previous CEO, Lesley Cowley, reportedly giving the board members more power over the funds.

Some commentators have noted that the arrival of new Chief Executive Russell Haworth, a former acquisition and venture specialist with no experience of the domain name registry market, brought more of a shift from non-profit with a strong public benefit remit to a profit-seeking investment vehicle.

Mr Haworth’s arrival in 2015 also coincided with the resignation of the entire Nominet Trust team, including the chief executive, chair, several trustees, and most of its senior staff.

It has also been noted that under Haworth’s leadership, the organization appeared to ignore the recommendations of an independent study into its governance that would have given members a greater say in Nominet’s direction.

What Now?

Nominet’s CEO has stated that the Nominet Trust should now be free to attract other investors in order to fulfil its social tech ambitions, which means that the Trust will become a separate entity with a new name, and with different governance and funding structures. The Trust is reported to be in a healthy financial position and is continuing running its programmes.
Nominet is still willing to be involved as a member of the Trust during the transition period.

It is thought that the new version of the Nominet Trust will be led by new Chair Bill Liao, who joined the Board back in 2014. It is reported that Mr Liao has the full support of Trustees Sebastien Lahtinen, Beth Murray and Hannah Keartland.

What Does This Mean For Your Business?

It seems that a change in CEO, the focus way Nominet now does business, and most probably the culture (after resignations) and power shifts, and led to questions which, in turn led to the registry and its Trust going their separate ways.

Nominet was set up as a non-profit, public-interest, government-designed operator of the UK’s internet registry, and the Trust was set up to make use of money for good, charitable causes. It is important that organisational structures of this kind maintain accountability and transparency, and that the original charitable focus of Trusts is protected by members who have enough power.

Although businesses and charities need strong leadership, too much power at the top, and power and focus wasted on internal struggles can cause problems for the health of an organisation. As it stands, Nominet has a stable annual revenue of £30m, and the Trust (and the good causes it gives to) have benefitted from £44m since 2008. The hope is, therefore, that the change will mean stability restored to the Trust and that any problems with direction and accountability can be investigated and put right.

Monday, January 22, 2018

Licence Plate Recognition-1 Million Mistakes a Day!

Concerns over the possible misreading of hundreds of thousands of vehicle licence plates each day have led to calls for statutory regulation of the UK’s automatic number plate recognition (ANPR) system.

Over 1 Million Mistakes Per Day!


The ANPR system uses 9,000 ANPR cameras, to record and store up to 30 million vehicle records each year. Unfortunately, it is also reported to be recording a staggering (up to) 1.2 million false readings of number plates every day! That’s the equivalent to over 400 million incorrect readings each year!

The implication is that innocent motorists may be wrongly accused and punished for a variety of motoring offences, and that real offenders may be escaping punishment. This has led to calls for statutory regulation of the camera system.

Police In the Dark

Not only does The National ANPR Data Centre (NADC) accept data from all police ANPR systems, without carrying out any checks on the effectiveness of those systems, but it is also believed that Police currently have no meaningful data on the accuracy of ANPR, or on the contribution surveillance cameras make to tackling crime.

Also Cyber Attack Risk


Not only is it unclear what contribution the camera system could be making to cutting crime, but it has also been revealed that some systems could be at risk from cyber attack, thereby possibly allowing data to be changed, making it impossible to use as evidence anyway.

A recent example in the U.S. left over half of the surveillance cameras covering the city of Washington’s public spaces unable to record footage for three days, until experts were able to remove ransomware from the recording devices.

Facial Recognition Camera Concerns


There are growing concerns too, particularly where data protection and privacy are concerned, about the increased use of facial recognition cameras to identify suspects by matching camera images against 19 million custody images held by police. For example, Leicestershire Constabulary faced criticism after using automatic facial recognition at the Download concert in 2015, in Donnington Park, and the Metropolitan Police used similar technology during last year’s Notting Hill Carnival to match images of people with photographs stored on its Electronic Wanted and Missing Systems (EWMS).

Surveillance Camera Commissioner Says…

The England and Wales Surveillance Camera Commissioner, Tony Porter, has said that he is yet to be convinced that an assertion that national ANPR meets performance standards holds water.

What Does This Mean For Your Business?

Although there may be valid concerns about inaccuracies in the ANPR system and the impact these could have on businesses and individuals, other surveillance cameras can play an important role for business security monitoring systems. Used responsibly and only for the intended purpose, they can add value, and provide a low cost, cost saving, and vital way to maintain security.

Camera surveillance generally is now an almost unnoticed part of daily life in what, according to Big Brother Watch, is now the most surveilled western democracy, where there is now an estimated 6 million+ surveillance cameras. The worry among some of those being watched is that privacy and security are at risk, the fact that we are being watched constantly by unknown parties (and our images potentially stored and shared) is sinister, mistakes can be made with the responsibility being placed on the victim to clear their name and prove inaccuracy, regulations are not adequate, and that many cameras are operated by businesses, and quasi-government organisations.

For many people, an argument that ‘if you’re doing nothing wrong you’ve got nothing to worry about’ is not a valid argument because it simply gives a green light to the further erosion of rights without considering the consequences, and occasionally we all do something wrong (but perhaps not intentionally) which is more likely to be caught on camera than ever before, and the punishment may not feel as though it fits the crime with the inflexibility of some camera-based systems and their operators.

The introduction of GDPR will also have implications for what images from surveillance cameras are stored, where and how securely they are stored. For example, GDPR could apply to stored facial images of individuals.

Ford Doubles Investment in Electric Cars

The Ford Motor Co has announced its plans to more than double its
previously announced target of $4.5 billion investment in electric cars to $11 billion by 2022, and the company is aiming to have 40 mainstream, hybrid and fully electric vehicles in its model line-up.

Cost Cuts To Create Investment


Ford’s Chief Executive Jim Hackett is reported as saying that the capital investment for the major move to electric / hybrid car manufacture will be created by slashing a massive $14 billion in costs over the next five years.

Why?


The shift towards investment in electrification is being driven by pressure from regulators in China, Europe and California to cut carbon emissions from fossil fuels, and plans by China, India, France and the United Kingdom to phase out vehicles powered by combustion engines and fossil fuels between 2030 and 2040.

Ford’s move is also being driven by pressure from the success of Tesla in creating electric sedans and SUVs that resulted in a large number of orders, causing it to surpass Ford in terms of market capitalization, thereby positioning Tesla as the second-largest auto company in the U.S. after General Motors. Tesla also proved to other car manufacturers that large-scale demand exists in the market.

A large amount of the pressure driving Ford’s move, of course, also comes from the move by its bigger competitors into electrification. For example :
  • GM announced last year it would add 20 new battery electric and fuel cell vehicles to its global line-up by 2023.
  • Volkswagen said in November it would spend $40 billion on electric cars, autonomous driving and new mobility services by the end of 2022.
  • Toyota is working towards creating breakthrough battery technology in the first half of the 2020s with a view to cutting the potential cost of making electric cars.
  • Mercedes-Benz plans to electrify its entire portfolio by 2022 (50 electric and hybrid models).
  • Jaguar Land Rover plans to electrify its entire vehicle line-up by 2020.
  • Renault, Nissan, and Mitsubishi plan to release 12 all-electric models by 2022.
  • Volvo plans to electrify all its vehicles by 2019.

Thinking Big

Ford hopes that its ‘think big’ on electric cars strategy which arrived with its new chairman Jim Hackett (previously in charge self-driving car subsidiary Ford Smart Mobility) will enable it to accelerate global development of electric vehicles, make quicker decisions, and gain ground on the competition.

Which Cars?

Whereas motor show presentations currently indicate many other manufacturers appear to be currently focusing on electric trucks and SUVs, Ford has been clear that it plans to electrify all of its iconic and popular vehicles, 40 electric vehicles by 2022, with 16 fully electric vehicles and the rest plug-in hybrids.

What Does This Mean For Your Business?


The move to electrification by car manufacturers has been coming for some time, pushed by international pollution / emission targets, and pulled by consumer demand and the promise of new opportunities. For businesses, costs as well as performance and reliability are important, and as long as electric vehicles deliver on all three, then the move to electrification is good news.

Although the move to electrification will have implications for vehicle-related businesses e.g. fuel suppliers, garages and parts suppliers, it will also create new markets and new opportunities. For example, Ford’s own ‘Team Edison’ is looking for strategic partnerships with other companies, including suppliers, in some markets.

Electrification of vehicles on a large scale will also bring exciting and potentially cost-saving driverless vehicle opportunities for many businesses.

There are, of course, the obvious environmental benefits that we can all enjoy in the future with cleaner air.

OnePlus Accused Of Credit Card Fraud

Chinese Android Phone company OnePlus is at the centre of a storm of complaints after many customers said that their credit cards had been used for
fraudulent transactions after they purchased products from the OnePlus web store.

What Happened?


After receiving multiple customer complaints on the OnePlus support forum, and on social media platform Reddit over the weekend linking purchases on its website oneplus.net to fraudulent activity customer accounts, OnePlus has issued a statement saying that it has launched an investigation into the claims.

Customers affected appear to be those who have purchased a phone directly through the company website with their credit card rather than using a third-party such as PayPal.

A poll on the OnePlus support forum indicates that as many as 200 people in different countries have seen fraudulent charges, ranging from $50 to $3,000, appear on the credit cards that they used on the OnePlus site.

Theories and Denial

Theories as to what may have happened include the fact that the company’s Oneplus.net e-website was initially built on the Magento eCommerce platform which was known to be vulnerable to cross-site scripting and remote code execution attack. OnePlus has said, however, that although it had used the platform originally, since 2014 it had been re-building the entire website with custom code, and credit that card payments were never implemented in Magento's payment module.

Another theory, fuelled by a security audit by Fidus, focuses on the idea that OnePlus may have been conducting card transactions itself, rather than through an iFrame, thereby making credit card details (including security code) vulnerable to interception as they passed through the OnePlus site. OnePlus has denied this, saying that it hasn’t been processing cards itself, it doesn’t save any payment information surrendered when people purchased its phones, and that it merely passes all data to a partner who handles the payment process.

Problems In The Past

Some of the accusations are fuelled by the fact that, last year, OnePlus admitted that some of its phones had been sending data to Alibaba without the user's knowledge or consent, thereby breaching data protection law in Europe. Also, the company admitted that an insecure, secret back-door diagnostic tool had been left on some phones.

What Does This Mean For Your Business?


Customer trust is paramount in business, and businesses have a responsibility to make sure that all customer data and privacy is protected. The introduction of GDPR this year should help to push this message even further towards to top of the business agenda. This story reminds us that, in a time where we are more confident than ever to buy online, basic security vulnerabilities still exist in some cases where credit card numbers are submitted through forms.

Sadly, as in so many cases, breaches and security vulnerabilities are not revealed first by the company themselves, but by affected customers and researchers / other third-parties. In the case of OnePlus, as in so many others, customers have accused the company of being slow to respond to the problem.

Companies need to test and audit their payment systems to make sure that they offer maximum security as well as convenience to customers.

This story should also be a reminder of how important it is to have a workable, well-communicated, and current Disaster Recovery Plan and Business Continuity Plan in place.

In the case of OnePlus, more information is yet to be revealed about exactly what happened and why. The company itself has advised customers who think they may have been affected to check their card statements, and contact their banks to resolve any suspicious charges and help to initiate a chargeback and prevent any financial loss.

New macOS Too Secure?

The new security called 'System ‘Integrity Protection' (SIP)
behind macOS High Sierra is proving so secure that it appears to be stopping users from being able to delete (third-party) apps with ease.

What’s The Issue?

The process behind the SIP was first introduced to users during the ‘El Capitan’ version of macOS (10.11) in late 2015, and has a unique advantage in relation to macOS’s overall security infrastructure.

However, the SIP framework follows Apple Software Update processes that are so strict that it is impossible with the new macOS environment for runtime attachments or code injection infiltration to occur within an Apple Software Update setting.
All this means that not only will users find it less easy to delete certain third-party software / apps, but also that the past bugs may be made exempt by the ‘rootless’ SIP framework, and could, therefore, become a future risk.

Why?

Apple is essentially undertaking a simple bunkerisation / sandboxing of app behaviour within the macOS environment from a binary level in order to prevent third-party developers who have not sold their wares through the macOS App Store from being deleted with ease. Therefore, the only software affected by this security change is software developed outside of Apple.

Sealed


The ‘sealed’ nature of the software environment in iOS means that ‘permissionless’ app distribution on an iPad or iPhone can’t really happen and actually goes against the terms and conditions of use. The only way around it would be to ‘jailbreak’ the device, which would also wave the owner’s right to a legal warranty. However, the macOS App Store allows for permissionless app distribution in the context of online software distribution.

What Does This Mean For Your Business?

Security is a priority to businesses today, particularly with the proliferation of potentially devastating malware and phishing scams. With Android phones, for example, there have been some problems and scares recently with 36 fake, malicious apps turning up in Google Play, and with a fake version of WhatsApp being downloaded from Google Play by more than one million unsuspecting people. Apple systems have always been seen as a more secure option, a benefit that is very much valued by Apple users. Any move to protect the Apple environment is, therefore, something is likely to be valued and understood by many users, and any talk of potential ‘security’ problems causes alarm among the Apple community.

The problem, in this case, isn’t really that there is any kind of immediate security flaw as such, but that there is a more of a new user annoyance in relation to personal choice, as the High Sierra system allows third-party app installation but not its own singular removal. One possible potential security risk is that a user could be tricked into installing a virus or phishing app which is then protected by the sealed SIP framework.

It is, however, possible to restart the system in ‘recovery mode’ and delete any offending app because ‘recovery mode’ suspends any SIP framework protection during the ‘recovery’ boot-up mode sequence.

New Law Tackles Digital Ticket Touts

The UK Government has announced that cyber touts caught using specialised
software called ‘bots’ to purchase tickets in bulk for re-sale at inflated prices on secondary websites, could soon face unlimited fines.

Bots Ban This Year

The UK Government stated at the end of December that it planned to make this year a great year for music and sports fans by passing new legislation to ban ticket tout bots. The proposed legislation will be designed to deter ticket touts from exploiting automated software to bulk-buy tickets thus bypassing ticket limits imposed by the management team behind the events.

The fact that the UK government has now notified the European Commission is further evidence that it now wants to press ahead with the bots ban as soon as possible.

Digital Economy Act


The UK already has the Digital Economy Act (2017) in place, and the new legislation will be added as a provision to this existing Act. The DEA (2017) already has additional requirements on ticket sellers to provide a bespoke ticket numbering system.
The changes will also mean a revision of the Consumer Rights Act in order to help clarify the restrictions imposed on secondary re-selling of tickets.

Examples

Recent examples of the reason why the government wants to push ahead with the legislation include concert tours by Adele and Ed Sheeran, where bots were used by touts to purchase large quantities of tickets before re-selling them at inflated prices, thereby leaving fans feeling let down and excluded. Also, for the Broadway hit show Hamilton in London’s West End, touts’ use of bots has led to tickets being sold for upward of £6,000.

Live Sport And Music At A Fair And Reasonable Price

The Rt Hon. Matt Hancock MP, the Minister of State for Digital, Culture, Media and Sport, believes this new statutory clampdown will help fans see live sport and music at a fair and reasonable price. He has stated that the government plans to work together with improvements by industry, to help make the market more transparent and improve Britain’s thriving live events scene.

Industry Collaboration – A Future Partnership?

The government hopes that industry can be more innovative to help deal with the ticket tout bot problem. The Department for Digital, Culture, Media & Sport (DCMS) cites pioneering examples from DICE, the UK software giant, using mobile technology to ‘lock-in’ tickets to user accounts to circumvent the possibility of touts acquiring digitally locked tickets.

Well-known musicians who have been hit by touts have also launched a partnership to sell tickets that cannot be sold on at a profit. For example, Twickets.co.uk has support from big names like Ed Sheeran and others.

Also, GUTS, a Dutch start-up is using Blockchain, the technology behind Bitcoin, to create a system that makes it impossible to sell on tickets for a profit. The hope is that a legislative drive, along with industry-based innovation, can help make fans experience of live music and sport more enjoyable and preferably a lot less expensive.

What Does This Mean For Your Business?

The buying-up and re-selling (at hugely inflated prices) of music and sport event tickets has only benefitted the touts and has had a serious downward effect on the profits of promoters, artists and sporting stars as fans have felt disillusioned, ripped-off and abandoned. The image of some major artists (and therefore, the value of their brands) and the loyalty of fans has also been affected because the activities of touts has a rub-off effect on the artists themselves.

This move by the government is an important and long-overdue move in the right direction for the live entertainment industry. Although introducing a change to law in itself will not stop the activity of technology-toting touts overnight, if used in partnership with innovations in the industry such as locked-in tickets and the use of Blockchain technology, and coupled with the very public support for systems where fans can buy tickets at fair prices e.g. Ed Sheeran’s public support for Twickets.co.uk, the activity of touts could be limited. In short, this will benefit the industry and the fans.

Monday, January 15, 2018

Is Looking At Screens Causing More Short-Sightedness In Young People?

With increasing levels of short-sightedness among young people, some
experts have concluded that a young life spent looking at small screens rather than in the great outdoors could be one explanation.

90% Myopic

Studies in East Asia, have shown that a staggering 90% of 18-year-olds, a group that would normally be associated with relatively good eyesight, are suffering from short-sightedness, also known as Myopia.

Also, in Western Europe, studies have shown a rise from 20% to 30% of young (mid-20s) adults being short-sighted to levels of 40% to 50% today.

Natural Sunlight A Key Preventative Factor

Spending too much time in places / situations where there is a lack of natural daylight / direct sunlight is believed by eye experts to be a contributing factor to the development of conditions such as myopia / short-sightedness. This is one of the reasons why experts are focusing (no pun intended) on children’s use of computers, smartphones or tablet computers e.g. to study at home, may go some way to explain the rise in Myopia in young people in recent years.

This has also led some experts to compare the surprisingly high levels of Myopia in East Asian countries with the existence of intensive educational approaches involving technology e.g. very intensive education, spent indoors, out of direct sunlight, studying information close up on computerised devices.

Time Outdoors Is The Key

2008 Research from Sydney Australia, the Sydney Myopia Study (SMS), a population-based study of school-aged children in Sydney, Australia showed that Time spent outdoors was strongly and inversely related to myopia levels. The Sydney-based research showed that only 3% of Chinese-heritage children living in Sydney (who spent two hours a day outdoors) were short-sighted by the age of six. This compared to nearly 30% of six-year-olds in Singapore, and helped to add fuel to the growing body of research and supporters of the idea that the risk of myopia development can be seriously reduced by simply spending more time outdoors e.g. spending two hours per day outdoors, perhaps pursuing sport and leisure activities.

Symptoms of Myopia


Some common symptoms of Myopia to look out for in children include needing to sit near the front of the class to read the board, sitting too close to the television, regular rubbing of the eyes, and suffering from headaches or tired eyes.

Other Ways To Help


Experts suggest that other broad ways to help reduce the chances of children developing Myopia include having a healthy diet, particularly one that includes omega-3 essential fatty acids, and vitamins A, C and E and nutrients, which contribute to the good health of the back of the eye. Also, over-the-counter supplements e.g. those claiming to help brain function and health are good for the eyes too.

What Does This Mean For Your Business?


For businesses where staff use devices for work for many hours of the day, providing information about the risks of looking too long and too intensely at screens could be helpful, as could arranging for some breaks / activities to be spent outdoors in the natural light e.g. perhaps in a team situation / environment and / or with incentives to improve participation.

As parents will know, once a child / young person is used to using their iPad, tablet, it is likely to be very difficult (and potentially damaging to their current social life) to remove it / ban it / reduce its use. Again, informing them of the dangers on a regular basis is important, and / or encouraging and arranging regular outdoor activities e.g. sports clubs or family pursuits / outings may be a good option.

The requirement that young people are proficient at using computerised devices to connect with their peer group and compete effectively with others at school, college, university and work means that the amount of time spent on computerised devices indoors, and consequently the high levels of Myopia development are unlikely to decline soon.

Cloud Companies The Next Big Target For Ransomware

The latest Massachusetts Institute of Technology (MIT) Review has
predicted that ransomware targeting cloud services will be one of the biggest cyber-crime threats of this year.

What Is Ransomware?

Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.

Huge Data Sources

One of the main reasons why the MIT puts the ransomware aimed at cloud services in the top 6 cyber threats for 2018 is because attacking a single cloud services company can give criminals access to huge amounts of data being stored and handled for multiple companies and organisations.

The MIT predictions, however, point to smaller, more vulnerable cloud providers who are more likely to pay as being a more likely target than the apparently well-protected larger CSPs such as Google, Amazon, and IBM.

Other Big Threats For 2018

Other MIT predictions for more common cyber-crime in 2018 include the targeting of electrical grids, transportation systems and other types of national critical infrastructure, cyber-physical attacks to cause disruption and extort money, and the targeting of old systems in transport modes (planes, trains and ships).

Also, another prediction for increased activity is the hijacking of more computing to mine crypto-currencies, and the resulting (potentially devastating) collateral damage if computing resources at hospitals, airports and other similar locations are targeted.

Evolution of Crime and Protection

The last 3 years have seen a rapid evolution of the threat of things like ransomware. 2016 was a huge year for ransomware attacks globally. For example, Kaspersky Labs estimated that in the 3rd quarter of 2016 a ransomware infection occurred every 30 seconds. Intel Security also reported that infections rose by more than a quarter in the first 3 months of the year.

The massive WannaCry ransomware attack of spring 2017 infected the computers of an estimated 300,000 victims in 150 countries worldwide, many of them large, well-known businesses and organisations (including 16 health service organisations in the UK), and has been a massive Internet and data security wake-up call.

Last year also saw AI used by both attackers and defenders, and MIT predicts that 2018 will see greater machine learning models, neural networks and other AI technologies used on a more regular basis by cyber attackers.

What Does This Mean For Your Business?


Cyber attackers are becoming ever-more sophisticated in their attack methods, using the latest technologies, multi-layered attacks, and the use of social engineering. Ransomware is a popular tool because it is often relatively cheap to create and use, it can spread easily (like WannaCry), the attackers can remain anonymous, and it yields the main motivation for many attacks - financial gain. It stands to reason that CSPs would make an ideal target because of the huge amount of data from many companies that is stored with them.

For individual UK businesses and other organisations, it’s a case of always being on the lookout for suspicious emails and updates, keeping security software up to date and regularly backing up critical data. With GDPR due to come into force in May, there is an even greater motivation to pay attention to data and Internet security, and there is a danger and false economy of staying with old operating systems as long as possible.

In order to provide maximum protection against prevalent and varied threats this coming year, businesses should adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles ('vectors') as possible.

Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.

Dodgy Apps in Google Play

Security researchers have discovered 36 fake and malicious apps for Android that
can harvest your data and track your location, masquerading as security tools in the trusted Google Play Store.

Hidden

The 36 malicious apps were, on the surface, the kind of security apps that are commonly downloaded by (Android) smartphone users to protect their device and data from cyber attacks and hackers. Ironically, the apps, which had re-assuring names such as Security Defender and Security Keeper, and which performed some legitimate tasks on the surface, such as cleaning junk, saving battery, scanning, and CPU cooling, were found to be hiding malware, adware and even tracking software.

Once the apps were launched, researchers discovered that they would not appear on the device launcher's list of applications, and the shortcuts would also not be shown on the user’s phone screen.

The malicious app makers are thought to have known that the "hide" function would not work on some devices (e.g. Google Nexus 6P, LGE LG-H525n and ZTE N958St.) because the hide was designed not to run on them. They may also have done this to avoid attracting the attention of Google Play’s inspection / checking system.

False Notifications, Fake Alerts, and Adverts

The fake apps were even found to have been designed to deliver false, often convincing, but sometimes alarming security notifications, warnings and pop-up windows to the user. For example, users would be shown pop-ups to show them that fake security issues had been resolved. Also, if the user installed another app, then it would be reported as suspicious.

Users of these fake apps could also fall victim to an aggressive barrage of advertisements with each action, because the app may have been designed for display and click fraud.

Asked To Sign - But Collecting Data


In some cases, in an abuse of privacy, the malicious apps were found to ask users to sign and agree to an end-user licence agreement (EULA) relating to the information to be gathered and used by the app. In fact, the hidden aspects of these apps were found to be able to collect large amounts of device and user information, such as Android ID, model and brand of the device, screen size, language, location, and data on the other installed apps e.g. Facebook.

Removed

It has been reported that, since the researchers alerted Google to the presence and nature of the apps in December, they have now been removed from Google Play.

Not The First Time

Unfortunately, this isn’t the first time that fake apps have been found in the Google Play Store. Last November, a fake version of WhatsApp, the free, cross-platform instant messaging service for smartphones, was downloaded from the Google Play store by more than one million unsuspecting people before it was discovered to be fake.

What Does This Mean For Your Business?

What is a little shocking about this story is that Google Play is a trusted source for apps, and it is particularly ironic that in this case that users could have downloaded the apps as a security measure to protect them, only to find that they did the opposite.

Although the obvious advice is to always check what you are downloading and the source of the download, the difference between fake apps and real apps can be subtle, and even Google (in this case) didn’t spot the hidden aspects of the apps.
The fact that many of us now store most of our personal lives on our smartphones makes reports such as these all the more alarming. It also undermines our confidence in (and causes potentially costly damage to) the brands that are associated with such incidents e.g. the reputation of Google Play Store.

To minimise the risk of falling victim to damage caused by fake apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone's service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app.
It may also be time for Google Play Store to review its systems and procedures for checking the apps that it offers.

'Ripple' Takes Second Place To Bitcoin

As investors look for alternatives to the volatile bitcoin bubble, crypto-currency
Ripple has become the second most valuable virtual cash system, followed by ethereum and litecoin.

Bitcoin Bubble Fear Means Ripple Looks Attractive

The media has been full of reports about the steep and rapid rise in the value of the blockchain-powered crypto-currency. From a value of £740 per bitcoin at the beginning of 2017, to in excess of £15,000 in December, falling (with a few bumpy troughs) to £11,000 this week, many investors, spooked by what many see as a bubble have been looking for alternatives.

It is likely to be no coincidence, therefore, that the value of crypto-currency Ripple has risen as bitcoin’s value fell to see it take second place to bitcoin at $2.34 (1.73) per XRP (the name for a single Ripple unit). Although this doesn’t seem to be a large amount, it is much higher than the $0.0065 (just over half a US cent) each unit was worth a year ago.

The crypto-currency of Ripple is now worth $142bn, second in value to bitcoin at $251.4bn, and ahead of ethereum at $100.6bn and litecoin at $13.2bn.

The Ripple

Unlike bitcoin which operates outside of the reach of the banks, Ripple was set up to help banks speed up and modernise how they pay each other. 100 banks, so far, have signed up to use Ripple’s payments system. These sign-ups include big hitters like Bank of America and UBS, Japan's big credit card companies (for payments and settlement), and some South Korean and Japanese banks (through a pilot project to handle cross-border payments).

Ripple has no real assets or revenue streams to support the rate, and the market is calculated by multiplying the number of XRP coins in existence by the current dollar exchange rate. Also, Ripple XRP coins, unlike e.g. bitcoin, aren’t ‘mined’ by the members of the network that processes the transactions, but have been pre-mined and are slowly released as the network is used.

It is believed, therefore, that the recent adoption of the currency by these banks and credit card companies, and the search for alternatives to the uncertainty of the bitcoin bubble have been the main drivers of the value of Ripple.

Ethereum and Litecoin

Ethereum, the next highest value crypto-currency after Ripple has seen an increase in value of 9,240 % year over year. Litecoin meanwhile, has also seen a rapid and steep rise in value of 5,195 % year over year (Coinbase figures).
The rise in the value of these crypto-currencies also corresponds with the fall in value of bitcoin.

Crypto-Jacking Warning


With the rise in value and popularity of crypto-currencies, experts have warned that there are likely to be more incidents of ‘crypto-jacking', where people’s devices are taken over by people trying to mine crypto-currencies. Earlier this month, for example, the Android phone-wrecking Trojan malware, dubbed 'Loapi', was discovered by Kaspersky researchers. In tests, after running it for several days mining the Minero crypto-currency, the android phone used in the test was overloaded with activity (trying to open about 28,000 unique URLs in 24 hours) to the point that the battery and phone cover were badly damaged and distorted by the resulting heat.

What Does This Mean For Your Business?


The rise of crypto-currencies, such as bitcoin, to the point where it was finally being taken up by investors, businesses and governments, has been filled with high profile ups and downs e.g. a fall in its value on the Tokyo-based Mt. Gox exchange following a hack in late 2013. Predictions of the value being a risky bubble, coupled with a hack of the NiceHash digital currency marketplace’s payment system resulting in the theft of bitcoin to an estimated value of $80m have sent the value of bitcoin downwards again in December. As investors look elsewhere for safer alternatives or the next big thing, and as they become more used to the concept of crypto-currencies, Ripple ethereum and litecoin have benefitted.

Bitcoin has many attractive advantages for businesses such as the speed and ease with which transactions can take place due to the lack of central bank and traditional currency control (Ripple is actually a product of the banks).

Crypto-currencies generally mean easier, faster and more convenient cross-border and global trading, but traditional currencies tend to have the backing of assets or promises of assets of some kind. Crypto-currencies, therefore, tend to be less trusted and more volatile in the markets, and it’s likely there will be many more ups and downs with many different crypto-currencies, although bitcoin has a head start and has weathered storms before. It’s a case of watch this space.

All iPhones, iPads and Macs Affected by 2 Major Bugs

Two major security flaws which are present in nearly all modern processors /
microchips mean that most computerised devices are potentially vulnerable to attack, including all iPhones, iPads and Macs.

What Security Flaws?

The 2 hardware bugs / flaws in nearly all computer processors made in the last 20 years are known as ‘Meltdown’ and ‘Spectre’. The 2 flaws could make it easier for something like a malicious program to steal data that is stored in the memory of other running programs.

Meltdown

Meltdown, discovered by researchers from Google's Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, affects all Intel, ARM, and other processors that use ‘speculative execution’ to improve their performance (most of the modern global market). Speculative execution is when a computer performs a task that may not be actually needed in order to reduce overall delays for the task - a kind of optimisation.

Meltdown could, for example, leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.

Spectre


Spectre, which affects Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.

Apple Systems and Devices Affected


Apple is reported to have said that all Mac systems and iOS devices are affected, although the Apple Watch is not believed to be affected by it.

No Known Exploits Yet


It should be said that researchers have uncovered the existence of the flaws, and while the potential for exploitation is there, there have been no known exploits to date. In the light of the wide publicity that the existence of the flaws has received, this could change.

What’s Being Done?

Intel has announced that that it is working with AMD, ARM, other technology companies and some operating system vendors to find a fix. Intel and ARM are also planning to release patches for the flaws in upcoming software updates from them and operating system makers.

Google has said that the flaw didn’t exist in many of its products, and it has mitigated the issue in those products where it was present. Google has also said that an upcoming browser update (Chrome 64) will offer further protection when it is rolled out on 23 January.

Microsoft has released an emergency patch for all Windows 10 devices with other updates for other Windows versions scheduled for release within days. Amazon is reported to have said that its whole EC2 fleet is now protected.
Apple has issued a partial fix in macOS 10.13.2 and will continue to fix the issue in 10.3.3.

What Does This Mean For Your Business?


It is highly likely that your devices are affected by the flaws because they are hardware flaws at architectural level, more or less across the board for all devices that use processors. The best advice is to install all available patches without delay and make sure that you are receiving updates for all your systems, software and devices.

Although closing hardware flaws using software patches is a big job for manufacturers and software companies, it is the only quick answer to a large-scale problem that has been around but apparently ‘under the radar’ for a long time.

Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.

Lie Detector App

A UK company has developed a lie-detecting app that could be used interviews or other situations where high levels of honesty in (initially) completing forms is required.

Video Combined With Analytics

The London based company, called ‘Human’, founded by Yi Xu, a former investment banker and investment news TV presenter, has a team that includes a data scientist, a micro-expression coder and a psychologist. The company has developed a system that uses video from a mobile device (or CCTV camera) combined with analytics software that can examine a person’s face and thereby determine the most likely emotions being felt at that instant.

The company says that it is able to humanise technology to decipher emotion and characteristics and predict human behaviour. The machine learning aspect of the system is also thought to deliver a better and more accurate understanding of a human's feelings, emotions, characteristics and personality, with minimum human bias.

How?

The system is able to use a phone video (for example) to capture 172,000 tiny points of an individual's face, and to use those to read subliminal facial expressions live, and to convert them into a range of deeper emotions and specific characteristic traits in real time.

Why?


The obvious application is a kind of commercial lie-detection system and as a way of getting more from a person’s responses than what is actually said or written by them. The idea is that a person’s reactions to various questions could be more useful than what their answers are, particularly where understanding strengths, weaknesses, and true motivations are concerned. In short, the ‘Human’ system could help companies / organisations with anything from hiring staff to fraud detection to customer satisfaction analysis, and the technology can profile potential customers based on their personality, as analyzed by A.I.

According to ‘Human’, an app of this kind could have real-world applications in:
  • Recruiting and employee retention - finding out about a candidate’s personality, screening candidates by emotional intelligence, and increasing diversity with minimum human bias.
  • Financial fraud detection - insurance claims and loan applications fraud based on subliminal behaviour.
  • Customer satisfaction analysis - getting beyond any financial motivation to customer engagement and getting a better understanding of customer experiences.
  • Sales prediction - profiling customer characteristics and behaviour by personality, and predicting purchase behaviour.
  • Security detection - although facial recognition in crowds is already being used, the ‘Human’ system could identify a face in a crowd and detect concerned emotions.
  • Professional sports intelligence - detecting potential players' characteristics and personality and predicting mental and emotional status before games.
  • Dating EQ - quantify dating partner's emotional intelligence, and profiling characteristics and personality with empathy level.

Not Just ‘Human’

The 'Human' company is not the only company working on new kinds of combined technologies focused on learning more about people. For Example:
  • Utah-based company, Converus, has a product called EyeDetect, which monitors pupil dilation in the human eye to detect truths and lies. The system boasts 86% accuracy - better than a human expert.
  • Researchers at the U.S. National Center for Border Security and Immigration at the University of Arizona and the U.S. Department of Homeland Security are testing Automated Virtual Agent for Truth Assessments in Real-Time (AVATAR) which is a kiosk based system where a virtual agent asks security questions, then alerts human agents when the kiosk detects lying.
  • Back in July 2016, Toronto startup NuraLogix developed their Transdermal Optical Imaging app software which is able to read different blood flow patterns in the face to reveal different human emotions and thereby detect truth or lies.

AI -The Big Difference

The addition of AI into the technology mix is the element that could help these kinds of technologies to rapidly increase in capabilities and in real-world value e.g. lie detection connected to AI smart glasses or to a video-conferencing system, that can enable detection to take place without anyone but the user knowing about it.

Consent Issues

Capturingand using footage is however likely to present some potential issues based around consent e.g. with GDPR, as well as issues about how responsibly and legally they could be used and monitored in a commercial setting, not to mention issues around privacy and security (storage of profiling results and data used in the systems).

What Does This Mean For Your Business?


So much of the workings of business and the many relationships with all stakeholders is based around contracts (verbal and written), conversations and behaviour that have to rely upon a large element of trust and judgement, without having access to the full picture of true emotions, motivations, personalities, and likely outcomes. These new technologies, supercharged by AI could add value to many different areas of business that are based around decision-making and screening. The result of being able to use them in an affordable and convenient format e.g. apps and easy-to-operate systems, could deliver new insights that could translate into significant competitive advantages.

iPhone Deliberate Slowdown : Apple Apology

Tech giant Apple has apologised after it confirmed that long-held customer suspicions that it deliberately slowed down older iPhone models to encourage an upgrade turned to be true.

What Happened?

Some customers had been sharing their concerns online for some time that their iPhone’s performance had slowed with age but had sped up after a battery replacement. This led to a customer sharing comparative performance tests of different models of the iPhone 6S on Reddit, which appeared to support the customer suspicions.

Technology website Geeknebench also shared the results of its own tests of several iPhones running different versions of the iOS operating system where some showed slower performance than others.

After customers concerns mounted and received more press, Apple publicly admitted that it had made changes about a year ago in the iOS 10.2.1 software update that is likely to have been responsible for the slowdown that customers may have experienced in iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, and iPhone SE.

Motivation Good

Some reports of customer suspicions, comments and speculation had focused on the idea that Apple’s motivation for causing the iPhone slowdown was purely commercial as part of a built-in obsolescence and motivated by profit. Apple, however, has pointed out that its motivations were based on a desire to prolong the life of customer devices by managing their ageing lithium-ion batteries, and to prevent the inconvenience of a sudden and unexpected shutdown.

The Problem With Lithium-Ion Batteries

According to Apple, Lithium-ion batteries need to be managed because they are incapable of supplying peak current demands when in cold conditions, when they have a low battery charge or as they age. The discharging cycle of Lithium-ion batteries (the migration of lithium ions through the material forming the battery) means that they are known to degrade over time.

Regaining Trust


Apple’s admission that it has been slowing down some phones with ageing batteries, and its acknowledgement that customer trust may have been shaken by the episode have led to Apple announcing 3 measures to address customer concerns and regain trust, which are:

A reduction, from December 2017, in the price of out-of-warranty iPhone battery replacements by $50 from $79 to $29 for customers with an iPhone 6 or later whose battery needs to be replaced. N.B. the $29 battery out-of-warranty replacements have been available since 30th December.
An iOS software update, in early 2018, to allow customers to see how their iPhone’s battery is affecting performance.

A pledge that Apple is working on ways to improve how they manage performance and avoid unexpected shutdowns as batteries age.

Legal Action

The announcement that Apple does slow down older phones has, of course, led to legal action being taken against the company by disgruntled customers. For example, Apple has been hit by a class action lawsuit, led by Stefan Bogdanovich and Dakota Speas, which cites "Breach of implied contract" and "Trespass to chattel" as the two complaints. More lawsuits are expected to follow.

What Does This Mean For Your Business?


The idea that Apple may have chosen to keep quiet about something that could be viewed (without an explanation) as secretly taking away performance that somebody has paid for, and only appearing to explain it when challenged by enough customers and tech commentators is likely to have caused some damage to the brand and to customer loyalty.

Some commentators have suggested that greater transparency and an early explanation of the apparently legitimate reasons (helping to mitigate the problem of the diminishing battery) for Apple’s actions may have been a better approach.

Apple is renowned for being able to engender fan-like behaviour in some customers, and for being able to maintain a good a loyal relationship with its customers. This story illustrates how managing customer relationships in an age where information is shared quickly and widely by customers via the Internet involves making smart decisions about transparency and being seen to be up-front with loyal customers.

Amazon Accused In Birkenstock Misspelling Advert Row

German sandal maker Birkenstock has successfully brought an injunction against Amazon to prevent internet shoppers from being directed to the online marketplace with anything other than the correct spelling of the sandal brand name.

Why?

The reported motivation for the legal move by Birkenstock is to prevent unsuspecting shoppers from buying low-quality counterfeits through Amazon that would erode Birkenstock’s reputation.

The sandal company argued in a district court in Dusseldorf that Amazon booked variations of “Birkenstock” as keywords through Google AdWords, thereby potentially contributing to customers ending up with counterfeit versions of the sandals as a result of typing e.g. “Brikenstock”, “Birkenstok”, “Bierkenstock” or other variations into their Google searches for the product.

Ongoing

This move by Birkenstock appears to be part of an ongoing dispute with Amazon. A year ago, Birkenstock stopped dealing with Amazon in the United States, and has now said that it will end the sale of its products through Amazon in Europe after Amazon “failed to proactively prevent” the sale of counterfeit Birkenstock goods.

Misspelling Adverts Commonplace

One interesting aspect of this case is the fact that if the court’s final ruling (it’s still at a preliminary stage) goes in favour of the Birkenstock, this could have implications for all companies using the common practice of targeting PPC adverts at misspellings of brand / product names.

For example, in one widely publicised example from back in April 2013, confectionary brand Snickers based an online advertising campaign around misspellings of its brand name. The company worked with a London agency to build a list of the top 500 search terms, and by using an algorithm were able to generate a list of 25,381 different misspellings. The three-day campaign generated 558,589 ad impressions on those misspellings, and served as an example for what has now become a very widely used PPC tactic.

What Does This Mean For Your Business?

This case raises some interesting issues for online business advertising. Obviously, businesses would like to protect themselves from the actions of counterfeiters and those trying to circumvent trademark law and pass off fake goods as popular brands. In this case, however, some commentators have pointed out that Amazon’s role does not appear to be a parallel form of digital deception, and that the mainstream practice of targeting ads to misspelled search terms can actually help shoppers find what they’re looking for more easily.

Also, some commentators have made the point that counterfeit products sold on Amazon are unlikely to be using misspellings in their online or physical branding, but are more likely to simply be superficially exact copies that are listed as the real thing in Amazon’s network of third-party sellers. If, in this scenario, Amazon used misspellings to advertise Birkenstocks to shoppers, and those shoppers bought counterfeit products as a result, the problem is would be more likely to be Amazon’s supply-chain structure than its search tactics.

If the German court’s final ruling goes in favour of Birkenstock, it could have much wider effects for online advertisers, and may not be to the benefit of web users.

Extremism Tax

UK Minister of State for Security, Ben Wallace, has said that Britain may impose new taxes on tech giants like Google and Facebook unless they do more to combat online extremism by taking down any material aimed at radicalizing people or helping them to prepare terror attacks.

Lack Of Co-operation

In an interview with the Sunday Times, Security Secretary Wallace is reported as saying that tech giants appear to have been “less than co-operative”, and are placing too much of the responsibility and cost for tackling extremist material and influence on the UK government (i.e. the taxpayer).

Mr Wallace is reported as saying that although the tech firms appear to be happy to sell people’s data, they seem less happy to give that data to the UK government, thereby forcing it to spend large amounts of money on de-radicalisation programs, surveillance and other counter-terrorism measures.

Tax Threat

Mr Wallace is reported as saying in his interview with the Sunday Times that the government was prepared to look at things like tax as a way of incentivising or compensating the tech giants for their “inaction”.

Vulnerable

Mr Wallace made the point that the UK is “more vulnerable than at any point in the last 100 years.” He highlighted how social media and encrypted messaging services like WhatsApp may be making things easier for attackers, and how taking down online extremist more quickly than is currently happening could save the millions of pounds that are being spent on de-radicalising people (who have been radicalised) rather than preventing radicalisation in the first place.

Echoes of Amber Rudd

Mr Wallace’s reported comments appear to echo many of those of interior minister Amber Rudd, who, just weeks after the second bridge attack, headed a very public campaign to stop the complete end-to-end encryption model used by some social media platforms, and allow ‘back doors’ to be built-in to such systems to allow the government to access them in the name of intercepting communications by extremists / terrorists. Critics have pointed out that a building in back doors would make the platforms vulnerable to hackers.

Stereotyping

Mr Wallace’s reported comments also included a description of tech company staff that appeared to stereotype them as people who “sit on beanbags in T-shirts”. He was quick to create a contrast between this more passive perceived public image, and his perceived reality that the tech giants are in fact “ruthless profiteers” who will “sell our details to loans and soft-porn companies”.

What Does This Mean For Your Business?

This appears to be another effort by the government to put pressure on the tech giants through negative publicity, and this time through threats of new taxation, to highlight what the government sees as their responsibility in playing a role in reducing the terror threat from extremists. Businesses and individuals are obviously likely to be unanimous in their wish for increased national security, the reduction of a terror threat, and in closing avenues which lead to radicalisation and recruitment for extremist / terror activities.

There are, however, other influences and points of view at play here, including the powerful commercial interests and profits of the ‘tech giants’, the need to be seen to resist any forms of censorship and outside interference, and the need to be seen to protect users’ privacy and trust, diplomatic and trade interests and relationships e.g. with the U.S where the tech giants are mainly based, personal data and security implications (with stopping end-to-end encryption), and the influence of freedom and rights campaigners.

The comments of Mr Wallace are likely to be followed by many more from the government in the near future as they attempt to exert some influence over many wealthy, overseas-based but very popular tech companies that play such an important part in the daily lives of many UK citizens.

Justice Too Slow With Data Requests Says ICO

The UK’s Secretary of State for Justice has been hit with an Enforcement notice by the Information Commissioner’s Office over backlogs and poor handling of requests for personal records made under data protection laws.

Subject Access Requests

In the UK, under the Data Protection Act 1998, anyone can make a request to any organisation (termed the ‘data controllers’) for copies of both paper and computer records and related information that the organisation is holding, using, or sharing about them. This is known as a ‘subject access request’ (SAR), and organisations usually charge a fee for providing the information e.g. up to £10 in normal circumstances. Under the DPA, organisations are required to answer data access requests within 40 days

The Backlog

The issuing of the Enforcement Notice by the ICO to the UK Ministry of Justice (technically the ‘data controllers in this case) on 21st December 2017 relates to the fact that ICO has received a large number requests for assessment by people whose subject access requests had not been dealt with quickly enough by the Ministry of Justice.

The Enforcement Notice highlighted the fact that there is a backlog of 919 SARs from individuals, some of which dated back to 2012.

Two Main Problems Highlighted

The two main problems highlighted by the Notice are that that the Justice Secretary (data controller) has contravened section 7 of the Data Protection Act for failing to act “without undue delay” and that the “data controller's internal systems, procedures and policies for dealing with subject access requests made under the DPA were unlikely to achieve compliance with the provisions of the DPA”.

Plan To Clear Backlog

The ICO Enforcement Notice did, however, acknowledge that the Ministry of Justice has given the ICO a recovery plan which shows that it intends to clear the backlog by October 2018, and answer new requests without “undue delay” from January 2018.

According to the update and plan published in the Enforcement Notice, the Ministry of Justice believes that it has 793 requests that are over 40 days old, and that it planned to deal with 14 cases from 2O14 by 31 December 2017, 161 cases received from 2015 by 30 April 2018, 357 cases from 2016 by 31 August 2018, and 261 cases from 2O17 by 31 October 2018.

What Does This Mean For Your Business?


This is an embarrassment for the Ministry of Justice, and may be an indication of a wider problem faced by many businesses and organisations in the UK that are still not getting to grips with their responsibilities under the current Data Protection Act, let alone getting prepared for the introduction of the UK’s Data Protection Bill, and the EU’s GDPR will come into force on 25th May 2018.

Under GDPR for example, businesses and organisations will have to deal with requests even more quickly, may have to provide additional information, and won’t be able to charge a fee for complying with requests. There will also be the challenges of responding to an individual’s ‘right to be forgotten’, and the prospect of much greater penalties greater penalties for non-compliance than under the current Data Protection Act.

This story is a reminder that all businesses and organisations should take the opportunity now to ensure that their data practices are in order and likely to be compliant with GDPR, and also to consider that being GDPR compliant could actually provide commercial advantages as this will become a serious factor for consideration in trading relationships and alliances.

Tuesday, January 02, 2018

Miscarriage Risk From Wi-Fi And Smartphones

A U.S. study has found a link between high levels of magnetic field (MF)
non-ionizing radiation such as that emitted by Mobile phones and Wi-Fi transmitters, and a 2.72x higher risk of miscarriage.

What Is MF Magnetic Field Non-Ionizing Radiation?

Radiofrequency energy is a form of electromagnetic radiation, and this can be categorized as either ionizing (e.g., x-rays, radon, and cosmic rays) or non-ionizing (e.g. radiofrequency and extremely low frequency, or power frequency). The energy of electromagnetic radiation is determined by its frequency. Ionizing radiation is high frequency, and high energy, whereas non-ionizing radiation is low frequency and low energy.

Magnetic Field Non-Ionizing Radiation / MF radiation is widespread, and something that we are all exposed to from traditional sources that generate low frequency MFs / emit radio-frequency MF radiation e.g. power lines, and appliances, and from emerging sources that generate higher frequency MFs e.g. wireless networks, smart meter networks, mobile phone masts, and wireless devices such as smartphones. Even household appliances such as fridges and freezers emit MF radiation.

We are now generally exposed to more MF radiation than ever because we use more MF generating equipment / devices as part of modern life.

The Study Results

The results of the San Francisco-based study involving 913 pregnant women found that those women exposed to high levels of MF non-ionizing radiation had a 2.72x higher risk of miscarriage than those exposed to low MF levels.

The authors of the study say that these findings add to the evidence of at least 7 previous studies that MF non-ionizing radiation could have adverse biological impacts on human health.

The facts that this study showed an almost three-fold increased risk of miscarriage if a pregnant woman was exposed to higher MF levels, that the association was independent of any specific MF exposure sources or locations, and that a 2.5mG threshold level for health effects may have been discovered make the results appear significant, and have got the attention of the media.

Cancer Link Too

Another recent (multi-year) survey by the National Toxicology Program (NTP) found an increased risk of cancer associated with MF non-ionizing radiation exposure. In this case, it found that the cancer risk from MF radiation exposure in experimental animals matched the cancer cell types that had been reported in previous epidemiologic studies in human populations.

The UK National Cancer Institute acknowledges online that exposure to ionizing radiation, such as from x-rays, is known to increase the risk of cancer, but that there is currently no consistent evidence that non-ionizing radiation increases cancer risk.

What Does This Mean For Your Business?


The modern workplace, which could be a company / organisation office, an office at home, or a vehicle, is likely to have MF emitting equipment that is in regular or constant use. Add to this the amount of MF non-ionizing radiation exposure we receive when we go home, use or phones, go into shops and other buildings, or pass near e.g. phone masks, and it is easy to see why any evidence of negative effects on health is causing concern. Since pregnant women appear to be particularly at risk, it may be necessary for companies to at least make sure that any pregnant employees are informed of the existence of those kinds of risks on the premises, and of the potential danger according to prominent studies.

It is important to remember, however, that even though the results of this study are worrying, MF non-ionizing radiation is very difficult to avoid (particularly in built-up areas), that there is no consistent evidence of certain health risks, and that for many studies it is difficult to measure exactly how much MF radiation each individual research subject is exposed to. It is likely, therefore, that the results of this study will point the way for more research in future.

Beware Android Phone-Melting Malware

A type of crypto-currency mining malware has been found to overload
an android phone with so much constant traffic that its battery physically bulges and bends the phone cover.

Malware Causing Physical Damage

The Android phone-wrecking Trojan malware, dubbed “Loapi”, was discovered by Kaspersky researchers. In tests, after running it for several days mining the Minero crypto-currency, the android phone used in the test was overloaded with activity (trying to open about 28,000 unique URLs in 24 hours) to the point that the battery and phone cover were badly damaged and distorted by the resulting heat.

The Loapi malware is reported to have been found hiding in applications in the Android mobile operating system.

How It Works

Loapi reportedly works by hijacking a smartphone’s processor and using the computing power to mine crypto-currency.
‘Mining’ refers to the process of completing complex algorithms to get rewards of new crypto-currency units e.g. Bitcoin.
Loapi uses Javascript code execution hidden in web pages (usually via advertising campaigns) with WAP billing to subscribe the user to various services. This works in conjunction with the SMS module to send the subscription message.

What makes Loapi particularly dangerous is the amount of device-attacking techniques present in it, and the modular architecture of this Trojan which means that more functionality could be added to it at any time.

Part Of Trend For Mining Scams

It is likely, therefore, that Loapi is loaded onto an android OS when a user visits a web page website where mining software / mining code is running in the background, without the knowledge of the website owners or visitors.
For the scammer who plants the code, they can use the power of multiple computers / devices to join networks so that the combined computing power will enable them to solve mathematical problems first (before other scammers) and thereby claim / generate cash in the form of crypto-currency.

A report by ad blocking firm AdGuard in October this year showed that the devices of 500 million people may be inadvertently mining crypto-currencies as a result of visiting websites that run mining software in the background.

What Does This Mean For Your Business?

Unfortunately, many cyber criminals are now trying to leverage the processing power of computers, smartphones and other devices to generate revenue from mining crypto-currency. Mining software e.g. Coin Hive, has been found in popular websites, and crypto-currency mining scams are now being extended to target cloud-based computing services with the hope harnessing huge amounts of computing power and using multiple machines to try and generate more income.

The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses, and this new threat of actually having your phone melted by malware adds another level of risk, including that of fire.

There are some simple measures that your business can take to avoid being exploited as part of this popular scam, although it is unclear how well these will work with the newly discovered Loapi. For example, you can set your ad blocker (if you’re using one) to block one specific JavaScript URL, which could stop the miner from running without stopping you from using any of the websites that you normally visit.

Also, browser extensions are available e.g. the 'No Coin' extension for Chrome, Firefox and Opera (to stop Coin Hive mining code being used through your browser).

You can generally steer clear of dodgy Android apps by sticking to Google Play, by avoiding cloned apps from unknown developers within Google Play, by checking app permissions before you install them, by keeping Android apps up to date (and by deleting the ones you don’t use), and by installing an antivirus app.

Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current scams and what to do to prevent them, are just some of the ways that you could maintain a basic level of protection for your business.