Cyberwars: “Bigger than Heartbleed”

Shellshock-bash-header-664x374Just months after the Heartbleed bug made waves across the internet, a new security flaw has emerged which threatens to compromise everything from major servers to connected cameras. It is known as the Bash or Shellshock bug, a quarter-century old vulnerability that could put everything from major internet companies and small-scale web hosts to wi-fi connected devices at risk.

This  flaw allows malicious code execution within the bash shell – commonly accessed through Command Prompt on PC or Mac’s Terminal application – to take over an operating system and access confidential information. According to the open-source software company Red Hat, bash shells are run in the background of many programs, and the bug is triggered when extra code is added within the lines of Bash code.

heartbleed-iconBecause the bug interacts with a large percentage of software currently in use, and does in ways that are unexpected, Robert Graham – an internet security expert – claims that the Bash bug is bigger than Heartbleed. As he explained it:

We’ll never be able to catalogue all the software out there that is vulnerable to the Bash bug. While the known systems (like your Web server) are patched, unknown systems remain unpatched. We see that with the Heartbleed bug: six months later, hundreds of thousands of systems remain vulnerable.

According to a report filed by Ars Technica, the vulnerability could affect Unix and Linux devices, as well as hardware running Max OS X – particularly Mac OS X Mavericks (version 10.9.4). Graham warned that the Bash bug was also particularly dangerous for connected devices because their software is built using Bash scripts, which are less likely to be patched and more likely to expose the vulnerability to the outside world.

shellshock_bashAnd since the bug has existed for some two and a half decades, a great number of older devices will be vulnerable and need to be patched because of it. By contrast, The Heartbleed bug was introduced into OpenSSL more than two years ago, allowing random bits of memory to be retrieved from impacted servers. And according to security researcher Bruce Schneier, roughly half a million websites could be vulnerable.

For the time being, the administrative solution is to apply patches to your operating system. Tod Beardsley, an engineering manager at security firm Rapid7, claims that even though the vulnerability’s complexity is low, the level of danger it poses is severe. In addition, the wide range of devices affected by the bug make it essential that system administrators apply patches immediately.

cyber_virusAs Beardsley explained during an interview with CNET:

This vulnerability is potentially a very big deal. It’s rated a 10 for severity, meaning it has maximum impact, and ‘low’ for complexity of exploitation — meaning it’s pretty easy for attackers to use it… The affected software, Bash, is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and Web servers. Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes etc. Anybody with systems using bash needs to deploy the patch immediately.

Attackers can potentially take over the operating system, access confidential information, and make changes. After conducting a scan of the internet to test for the vulnerability, Graham reported that the bug “can easily worm past firewalls and infect lots of systems” which he says would be “‘game over’ for large networks”. Similar to Beardsley, Graham said the problem needed immediate attention.

cyber-hackIn the meantime, Graham advised people to do the following:

Scan your network for things like Telnet, FTP, and old versions of Apache (masscan is extremely useful for this). Anything that responds is probably an old device needing a Bash patch. And, since most of them can’t be patched, you are likely screwed.

How lovely! But then again, these sorts of exploitable vulnerabilities are likely to continue to pop up until we rethink how the internet is run. As the Heartbleed bug demonstrated, the problem at the heart (no pun!) of it all is that vast swaths of the internet run on open-source software that is created by only a handful of people who are paid very little (and sometimes, not at all) for performing this lucrative job.

In addition, there is a terrible lack of oversight and protection when it comes to the internet’s infrastructure. Rather than problems being addressed in an open-source manner after they emerge, there needs to be a responsible body of committed and qualified individuals who have the ability to predict problems in advance, propose possible solutions, and come up with a set of minimum standards and regulations.

cryptographyEnsuring that it is international body would also be advisable. For as the Snowden leaks demonstrated, so much of the internet is controlled the United States. And as always, people need to maintain a degree of vigilance, and seek out information – which is being updated on a regular basis – on how they might address any possible vulnerabilities in their own software.

I can remember reading not long ago that the growing amount of cyber-attacks would soon cause people to suffer from “alert fatigue”. Well, those words are ringing in my ears, as it seems that a growing awareness of our internet’s flaws is likely to lead to “bug fatique” as well. Hopefully, it will also urge people to action and lead to some significant reforms in how the internet is structured and administered.

Source: cnet.com, arstechnica.com, blog.erratasec.com, securityblog.redhat.com

The Future is Here: Google X’s Delivery Drones

google-x-project-wing-prototypesThere are drones for aerial reconnaissance, drones for domestic surveillance, and drones for raining hell, death and destruction down on enemy combatants. But drones for making personal deliveries? That’s a relatively new one. But it is a not-too-surprising part of an age where unmanned aerial vehicles are becoming more frequent and used for just about every commercial applications imaginable.

After working on secret for quite some time, Google’s secretive projects lab (Google X) recently unveiled its drone-based delivery system called Project Wing. On the surface, the project doesn’t look much different from Amazon’s Prime Air aut0nomous quadcopter delivery service. However, on closer inspection, Project Wing appears to be much more ambitious, and with more far-reaching goals.

Amazon-Google-780x400The original concept behind Project Wing — which has been in development for more than two years — was to deliver defibrillators to heart attack sufferers within two minutes. But after running into issues trying to integrate its tech with the US’s existing 911 and emergency services systems, the focus shifted to the much more general problem of same-day deliveries, disaster relief, and delivering to places that same- and next-day couriers might not reach.

For their first test flights, the Google team traveled to Australia to conduct deliveries of dog food to a farmer in Queensland. All 31 of Project Wing’s full-scale test flights have been conducted in Australia, which has a more permissive “remotely piloted aircraft” (i.e. domestic drones) policy than the US. There’s no word on when Project Wing might be commercialized, but it is estimated that it will be at least a couple of years.

google-drones-290814While most work in small-scale autonomous drones and remotely piloted aircraft generally revolves around quadcopters, Google X instead opted for a tail-sitter design. Basically, the Project Wing aircraft takes off and lands on its tail, but cruises horizontally like a normal plane. This method of vertical-takeoff-and-landing (VTOL) was trialed in some early aircraft designs, but thrust vectoring was ultimately deemed more practical for manned flight.

The Project Wing aircraft has four electric motors, a wingspan of around 1.5m (five feet), and weighs just under 8.6 kg (19 pounds). Fully loaded, the drones apparently weigh about 10 kg (22 pounds) and are outfitted with the usual set of radios and sensors to allow for autonomous flight. But there’s also a camera, which can be used by a remote pilot to ensure that the aircraft drops its package in a sensible location.

google-project-wing-delivery-drone-640x353As you can see from the video below, the packages are dropped from altitude, using a winch and fishing line. Early in the project, Google found that people wanted to collect packages directly from the drone, which was impractical when the engines were running. The air-drop solution is much more graceful, and also allows the drone to stay away from a large variety of low-altitude obstacles (humans, dogs, cars, telephone lines, trees…)

This is another major different with Amazon Prime Air’s drones, which carry their package on the drone’s undercarriage and land in order to make the delivery. And while their octocopters do have slightly better range – 1.6 km (1 mile), compared to Project Wing’s 800 meters (half a mile) – Google is confident its delivery system is safer. And they may be right, since its not quite clear how small children and animals will react to a landing object with spinning rotors!

Google-Wing-3For the moment, Google has no specific goal in mind, but the intent appears to be on the development for a full-scale same-day delivery service that can transport anything that meets the weight requirements. As Astro Teller, director of Google X labs, said in an interview with The Atlantic:

Throughout history there have been a series of innovations that have each taken a huge chunk out of the friction of moving things around. FedEx overnight delivery has absolutely changed the world again. We’re starting to see same-day service actually change the world. Why would we think that the next 10x — being able to get something in just a minute or two — wouldn’t change the world?

Nevertheless, both projects are still years away from realization, as both have to content with FAA regulations and all the red tape that come with it. Still, it would not be farfetched to assume that by the 2020’s, we could be living in a world where drones are a regular feature, performing everything from traffic monitoring and aerial reconnaissance to package delivery.

And be sure to check out these videos from CNET and Amazon, showing both Project Wing and Prime Air in action:

 

 


Sources:
extremetech.com
, zdnet.com, mashable.com

The Future of Smart Living: Smart Homes

Future-Home-Design-Dupli-CasaAt this year’s Consumer Electronics Show, one of the tech trends to watch was the concept of the Smart Home. Yes, in addition to 4K televisions, curved OLEDs, smart car technology and wearables, a new breed of in-home technology that extends far beyond the living room made some serious waves. And after numerous displays and presentations, it seems that future homes will involve connectivity and seamless automation.

To be fair, some smart home devices – such as connected light bulbs and thinking thermostats – have made their way into homes already. But by the end of 2014, a dizzying array of home devices are expected to appear, communicating across the Internet and your home network from every room in the house. It’s like the internet of things meets modern living, creating solutions that are right at your fingertips (via your smartphone)

smarthomeBut in many ways, the companies on the vanguard of this movement are still working on drawing the map and several questions still loom. For example, how will your connected refrigerator and your connected light bulbs talk to each other? Should the interface for the connected home always be the cell phone, or some other wirelessly connect device.

Such was the topic of debate at this year’s CES Smart Home Panel. The panel featured GE Home & Business Solutions Manager John Ouseph; Nest co-founder and VP of Engineering Matt Rogers; Revolv co-founder and Head of Marketing Mike Soucie; Philips’ Head of Technology, Connected Lighting George Yianni; Belkin Director of Product Management Ohad Zeira, and CNET Executive Editor Rich Brown.

samsunglumenSpecific technologies that were showcased this year that combined connectivity and smart living included the Samsung Lumen Smart Home Control Panel. This device is basically a way to control all the devices in your home, including the lighting, climate control, and sound and entertainment systems. It also networks with all your wireless devices (especially if their made by Samsung!) to run your home even when your not inside it.

Ultimately, Samsung hopes to release a souped-up version of this technology that can be integrated to any device in the home. Basically, it would be connected to everything from the washer and dryer to the refrigerator and even household robots, letting you know when the dishes are done, the clothes need to be flipped, the best before dates are about to expire, and the last time you house was vacuumed.


As already noted, intrinsic to the Smart Home concept is the idea of integration to smartphones and other devices. Hence, Samsung was sure to develop a Smart Home app that would allow people to connect to all the smart devices via WiFi, even when out of the home. For example, people who forget to turn off the lights and the appliances can do so even from the road or the office.

These features can be activated by voice, and several systems can be controlled at once through specific commands (i.e. “going to bed” turns the lights off and the temperature down). Cameras also monitor the home and give the user the ability to survey other rooms in the house, keeping a remote eye on things while away or in another room. And users can even answer the phone when in another room.

Check out the video of the Smart Home demonstration below:


Other companies made presentations as well. For instance, LG previewed their own software that would allow people to connect and communicate with their home. It’s known as HomeChat, an app based on Natural Language Processing (NLP) that lets users send texts to their compatible LG appliances. It works on Android, BlackBerry, iOS, Nokia Asha, and Windows Phone devices as well as OS X and Windows computers.

This represents a big improvement over last year’s Smart ThinQ, a set of similar application that were debuted at CES 2013. According to many tech reviewers, the biggest problem with these particular apps was the fact that each one was developed for a specific appliance. Not so with the HomeChat, which allows for wireless control over every integrated device in the home.

LGHomeChatAura, a re-imagined alarm clock that monitors your sleep patterns to promote rest and well-being. Unlike previous sleep monitoring devices, which monitor sleep but do not intervene to improve it, the Aura is fitted a mattress sensor that monitors your movements in the night, as well as a series of multi-colored LED light that “hack” your circadian rhythms.

In the morning, its light glows blue like daytime light, signaling you to wake up when it’s optimal, based upon your stirrings. At night, the LED glows orange and red like a sunset and turn itself off when you fall asleep. The designers hopes that this mix of cool and warm light can fill in where the seasons fall short, and coax your body into restful homeostasis.

aura_nightlightMeanwhile, the Aura will send your nightly sleep report to the cloud via Wi-Fi, and you can check in on your own rest via the accompanying smartphone app. The entire body is also touch-sensitive, its core LED – which are generally bright and piercing – is cleverly projected into an open air orb, diffusing the light while evoking the shape of the sun. And to deactivate the alarm, people need only trigger the sensor by getting out of bed.

Then there was Mother, a robotic wellness monitor produced by French inventor Rafi Haladjian. This small, Russian-doll shaped device is basically an internet base station with four sensors packs that track 15 different parts of your life. It is small enough to fit in your pocket to track your steps, affix to your door to act as a security alarm, and stick to your coffee maker to track how much you’re drinking and when you need more beans.

mother_robotAnd though the name may sound silly or tongue-in-cheek, it is central to Haladjian’s vision of what the “Internet of things” holds for us. More and more, smart and sensor-laden devices are manifesting as wellness accessories, ranging from fitness bands to wireless BP and heart rate monitors. But the problem is, all of these devices require their own app to operate. And the proliferation of devices is leading to a whole lot of digital clutter.

As Haladjian said in a recent interview with Co.Design:

Lots of things that were manageable when the number of smart devices was scarce, become unbearable when you push the limit past 10. You won’t be willing to change 50 batteries every couple of weeks. You won’t be willing to push the sync button every day. And you can’t bear to have 50 devices sending you notifications when something happens to them!

keekerAnd last, but not least, there was the Keecker – a robotic video projector that may just be the future of video entertainment. Not only is this robot able to wheel around the house like a Roomba, it can also sync with smartphones and display anything on your smart devices – from email, to photos, to videos. And it got a battery charge that lasts a week, so no cords are needed.

Designed by Pierre Lebeau, a former product manager at Google, the robot is programmed to follow its human owner from room to room like a little butler (via the smartphone app). It’s purpose is to create an immersive media environment by freeing the screen from its fixed spots and projecting them wherever their is enough surface space.


In this respect, its not unlike the Omnitouch or other projection smartscreens, which utilizes projectors and motion capture technology to allow people to turn any surface into a screen. The design even includes features found in other smart home devices – like the Nest smoke detector or the Spotter – which allow for the measuring of a home’s CO2 levels and temperature, or alerting users to unusual activity when they aren’t home.

Lebeau and his company will soon launching a Kickstarter campaign in order to finance bringing the technology to the open market. And though it has yet to launch, the cost of the robot is expected to be between $4000 and $5000.

Sources: cnet.com, (2), (3), (4), fastcodesign, (2), (3), (4)

The Future is Here: The Magic Forest LED Wall

magic_forest1In an attempt to address the sterile feel of lobbies and waiting rooms in hospitals and clinics, a London design studio recently unveiled a very cool concept. Essentially, it’s an interactive wallpaper that turns clinical corridor walls into a magical forest which engages and distracts kids as they journey toward their procedure. Known as Nature Trail, the installation is a 50 meter (165 feet) long corridor that walls part of the Mittal Children’s Medical Centre at London’s Great Ormond Street Hospital.

Jason Bruges, head of the Jason Bruges Studio and creator of the installation, claims that “the idea came from remembering walks in my childhood. I loved spotting and following things, those stolen glances and glimpses… I was trying to re-create this with the idea of digital lookout points along the corridor.” Relying on a series of 70 LED panels that house a total of 72,000 LEDs, the walls are triggered by motion sensors and reveal animated patterns in the shape of horses, deer, hedgehogs, birds, and frogs peeking through the foliage and trees.

magic_forestThe studio modeled the critters in 3D before translating them to low resolution to give the creatures an aesthetic similar to an old-fashioned video game character. The creators then placed the LED panels at various heights so kids of all ages, and to take into account being bedridden or in a wheelchair, can access the animals at eye level. The hospital says its young patients have been so entranced by the nature canvas that it will grow to fill more walls by 2017.

magic_forest2As it stands, doctor’s offices, dental clinics and medical centers rely on aesthetics to combat what can only be described as the “clinical feel”. But this concept just may offer them a high-tech option that will put patients at ease through the illusion of a natural setting that is dazzling the eyes. Some might accuse men like Bruges of using technology to anesthetize, but for anyone who has had sick children, its likely to be seen as a godsend!

Source: news.cnet.com