Search This Blog

Thursday, August 14, 2014

Internet of Things (IoT) and Autonomous Vehicles in the Hype(r)-Cycle

As reported by MemeBurn: Technology research house Gartner has released its annual hype cycle graph, which shows where various technologies are in terms of maturity, business benefit and future direction. This, the 201th edition of the hype cycle, shows that right now we’re really excited by technologies like autonomous motoring and data science and are becoming disillusioned with things like NFC and cloud computing.

Perhaps most intriguing though are the technologies that lie on the axes of inflated expectations and those heading up the slope of enlightenment toward the plateau of productivity.

In the case of the former, the trend that stands out is the Internet of Things. Over the past couple of years we've been told that this trend, which refers to the interconnection of uniquely identifiable embedded computing like devices within the existing Internet infrastructure, would massively improve the way we collect data and do business.

Its position on the graph does not however mean that it’s not doing those things, just that our expectations around the Internet of Things are way higher than the technology is currently capable of delivering. The same is true of natural language question answering. There can be no doubting the fact that it’s helped make things easier for some businesses but the fact that no seems to be in too much of a rush to replace their call centers suggests that we could soon start to become disillusioned with it.

The hope for these technologies is that they will eventually be able to overcome their over-hyped expectations and eventual disillusionment to hit what Gartner calls the plateau of productivity. In this stage, technologies may not seem as exciting as they once were but they do become an every day part of the way we do business.

The most familiar technology in this section of the graph is speech recognition, which has found its way onto our phones and is making increasingly prominent appearances in our cars. The same will likely happen to enterprise 3D printing and 3D scanning in the near future.

While Gartner says that it’s worth bearing the Hype Cycle’s trends in mind, the stages the various technologies represented on it are at are not universal. “Many early adopters have embraced quite advanced technologies, such as autonomous vehicles or smart advisors,” says Hung LeHong, vice president and Gartner fellow. “While they continue to improve nexus-related areas, such as mobile apps – so it’s important to look at the bigger picture.” 

FAA Advises Pilots on GPS Problems as Air Force Training Jams Signals

As reported by Alaska Public Media: The Air Force is jamming Global Positioning System signals periodically around military airfields in Alaska during Red Flag training exercises now under way in and around Eielson Air Force Base. Officials say the GPS interference testing could affect other devices that rely on GPS.

The Federal Aviation Administration is advising pilots flying around Eielson Air Force Base, Fort Greely and Joint Base Elmendorf-Richardson over the next few days to expect unreliable or unavailable signals for their aircraft’s GPS set.

Air Force Lt. Col. Allen Knapp says it’s being done to prepare Air Force pilots to operate in environments in which GPS is not available.

“In a modern contested environments, most of the modern battlefields that our will face, the reception of GPS is definitely not guaranteed,” Knapp said. “It’s something that is going to be up for grabs. And it helps to have our airmen experience GPS being denied here in a training environment, like Red Flag, prior to an actual engagement where they lose their GPS reception.”


The FAA has issued several advisories in recent days informing pilots about the periodic GPS interference testing around the military airfields over the next 10 days, during Red Flag.

The agency says pilots may experience GPS problems at different times and at different altitudes. But the F-A-A says pilots should expect anomalies anywhere within 365 nautical miles from Fort Greely, up to 40,000 feet. Knapp says pilots should also expect GPS anomalies today through Friday within 150 nautical miles of Eielson, at 40,000 feet; and within 120 miles of JBER, at 40,000.

This week’s GPS interference testing around Eielson and Greely is being conducted from mid-morning to around 12:30 p.m. and again from 4:15 to 5:15 p.m. daily. The schedule will vary beginning this weekend, with once-a-day testing scheduled for some days.

FAA officials ask pilots to report all GPS anomalies they encounter during the testing to the agency’s Anchorage Center to help them measure the extent of the problem.

Knapp says the Air Force jamming should not affect cellphones or other mobile devices. But he says motorists will encounter problems with their vehicle’s GPS sets is they’re near any of the three military air bases during the tests.

He says members of the public may also notice problems when using devices that rely on GPS for time calibration.

“I can’t tell you that we categorically we will not affect anything else,” Knapp said. “More and more, technologies are drawing upon that (GPS) and using that for the services they provide.”

The FAA says additional Notices to Airmen will be issued throughout the testing period to keep pilots apprised of any changes in plans for the testing.

Wednesday, August 13, 2014

WorldView-3 Satellite Will Upgrade Google's Earth Images

As reported by NBC NewsDigitalGlobe's WorldView-3 satellite, due for launch today from California's Vandenberg Air Force Base atop an Atlas 5 rocket, should provide pictures of Earth that are twice as sharp as the current standard — and that could generate a new round of buzz about pictures of the planet. Google, Microsoft and other online mapmakers are among DigitalGlobe's best-known clients for Earth imagery. The RV-sized WorldView-3 satellite is capable of 30-centimeter (1-foot) black-and-white resolution, which beats the 50-centimeter resolution for pictures fromWorldView-2. DigitalGlobe had to get clearance from the federal government to sell the sharper images to civilians.
The pictures won't be good enough to reveal license plates, but "we can tell you whether it's a truck, or an SUV or a regular car," Kumar Navulur, DigitalGlobe's director of next-generation products, told NBC News. Other applications include multispectral imaging for agricultural or urban planning, and cloud-piercing infrared views for tracking fires. You can watch the launch online at 2:30 p.m. ET, courtesy of United Launch Alliance, but you'll have to wait until 2015 for the best satellite images.

Tuesday, August 12, 2014

The FCC Wants to Protect Citizens from Stingray-style Cell Phone Trackers

As reported by GigaOM: Devices known as Stingrays, which can secretly track and record phone users by mimicking cell phone towers, have been a hot topic in law enforcement and civil liberties circles for some time. Now, the FCC is set to take a closer look at who is using them.

In a letter reported Monday by the Washington Post, FCC Chairman Tom Wheeler stated that the agency would create a task force to examine the threats posed by Stingrays, which is the trade name for a technology known as “ISMI catchers.”

The devices, which are manufactured by Florida-based Harris Corporation, work by tricking nearby cell phones into thinking they are part of the relay tower system that makes up a cell phone network. Here is a picture of a Stingray from the Wall Street Journal, which has been among the first news outlets to call attention to the technology:



The Stingray makes it possible to track the location of a cell phone user and, as Ars Technica reported, Harris Corporation also offers add-on technologies in the form of software known as “Fishhawk” and “Porpoise” that lets the Stingray operator listen to phone calls or capture text messages.

Wheeler’s decision to create the task force appears to have been prompted by a letter from Rep. Alan D. Grayson (D-Fla), who expressed concern that foreign governments and criminal gangs can use the tools to spy on Americans. Wheeler stated that the task force’s mission is to “protect the cellular network systemically from similar unlawful intrusions and interceptions.”

While Grayson’s letter to the FCC highlighted potential foreign threats, the use of Stingray technology by domestic law enforcement is also a growing source of concern. The ACLU and others have called attention to how the U.S. Marshall’s Service has been lending Stingray technology to local law enforcement troops, who in turn have been concealing from judges the use of the technology.

In his letter, Wheeler states that the FCC has the mandate to protect the national communications infrastructure, and that he will work with wireless carriers to ensure their networks are using up-to-date cryptographic standards — a measure that could make it harder to use Stingrays to capture cell phone information.

Here’s the pair of letters, which includes Grayson’s questions to the FCC, and Wheeler’s response:  Grayson – Wheeler Letter

How to Hack Nearly Any Wireless Device

As reported by Tom's GUIDE: Nearly a century ago, the advent of commercial radio broadcasts gave birth to the first generation of hackers.

Today, the proliferation of wireless communications, from Wi-Fi and cellular networking to Zigbee machine-to-machine communications, has led to an explosion of research into vulnerabilities of radio-based systems.

Keyless car remotes, home alarm systems, restaurant diner pagers, traffic alert systems, toll-collection transponders, TV satellites, airliner communications, medical pagers and even space probes can all be disrupted, thanks to software-defined radio (SDR) devices, two Australian researchers demonstrated in separate presentations at the BlackHat security conference here last week.

Radio unlock
Silvio Cesare, whose day job is at information-security firm Qualys, showed that anyone with a laptop, a device such as a USB TV tuner and software such as GNU Radio can "capture" transmissions between a wireless key fob that disables a home alarm system as the homeowner arrives.  

With a device that transmits as well as receives signals, an attacker can "replay" the unlocking signal and disable the alarm when the owner's away.

Wireless car-entry key fobs can be a bit harder, Cesare said, because they often transmit coded messages that change every time. However, Cesare determined that the key fob for his (actually his girlfriend's) test vehicle had less than a million possible codes — and that there was no impediment to "brute force" the code by simply trying one possibility after another.

Cesare wrote a script so that his laptop could cycle through and transmit all possible codes within two hours. He found instead that he could actually unlock the car within five minutes.
It seemed that some codes in the brute-force list worked every time, despite the carmaker's policy of changing the remote code with every usage, Cesare said. Once those "backdoor" codes were discovered, they would work for about a week. He found that the backdoor codes were unique to each remote.  

Cesare wouldn't disclose the make or model of the vehicle he researched, but said it was sold between 2000 and 2005 in Australia, was still built and sold in Malaysia and that a variant had been sold in North America.

Planes, medicine and satellites
Balint Seeber of Santa Clara, Calif.-based Ettus Research similarly started out small, showing how to intercept the signals sent to and from pagers that restaurants hand to waiting customers. He played video clips of himself pranking co-working waiting for their food, then setting off all the pagers in a restaurant at once.

Next Seeber showed how he decoded and learned to use FM-radio digital subchannels, which newer cars use to display both radio-station information and traffic alerts. Seeber said that if he ignored the law, as a malicious hacker would, he'd have been able to supersede an FM station's ID and information and broadcast false traffic alerts.

He briefly touched upon intercepting signals used by toll-collection systems such as FasTrak or E-Z Pass, a subject explored in greater detail in presentation slides posted to the BlackHat website. One could use SDR equipment to avoid paying tolls by masquerading as someone else, Seeber explained, or even disrupt traffic-management systems by transmitting hundreds of valid transponder IDs at once.  

Like other presenters at this year's BlackHat conference, Seeber showed it was possible to transmit false messages to modern airliners, which use protocols that are unencrypted by design. "Phantom" aircraft could be made to "appear" in the air or on landing runways, or course changes could be transmitted to an airliner cockpit in mid-flight. 

(Two pilots who spoke at the DEF CON hacker conference later in the week said any deviation from normal flight patterns would need to be confirmed with a voice query to air-traffic controllers.)


More serious still is the possibility that medical-pager systems can be disrupted, Seeber showed in his slides. Individual doctors or nurses could be sent on pointless errands throughout a hospital, bogus system-wide alerts could be broadcast to distract all medical staff, or doctors could be sent false last-minute surgery instructions just before cutting open a patient.

Radio-signal disruptions needn't be confined to planet Earth, Seeber showed. With sufficiently powerful hardware, a prankster could drown out uplink transmissions to a television-broadcast satellite, replacing regular programming with his or her own video feed.

Many of these activities are illegal, which is why Seeber didn't try them. However, he was on the team of amateurs who recently worked with NASA to revive the ISEE-3, a 36-year-old space probe that is currently passing close to the Earth.  

Using software-defined radio, Seeber and his fellow team members were able to "wake up" the probe in May and resume communications with its computers, although they discovered later that there was not enough fuel left in the thrusters to make a course correction that would have put the probe into a stable near-Earth orbit.

Tech's Fiercest Rivalry: Uber vs. Lyft



As reported by The Wall Street JournalForget Apple vs. GoogleThe fiercest battle in the tech capital may well be between two heavily financed upstarts plotting the demise of the taxi industry—and each other.

Uber Technologies Inc. and Lyft Inc. operate just blocks from each other in San Francisco, yet their bitter war has spilled into dozens of cities where they are racing to provide the default app for summoning a ride within minutes.
The two rivals are undercutting each other's prices, poaching drivers and co-opting innovations, increasingly blurring the lines between the two services.
But this is more than two tech darlings duking it out. It's a battle for a key role in the future of urban transportation. Many commuters now rely on Uber and Lyft to get around rather than taking cabs, buses or trains and, in some cases, their own cars.
The loudest opposition to the ride-sharing apps comes from regulators, taxi drivers and local taxi commissions, which have moved to ban the companies from operating, offering proof that a multibillion-dollar transportation industry has entered a phase of rapid transformation.
Meanwhile, the potential market for these companies may stretch beyond rides. Investors who bid up the value of Uber to $18.2 billion in June are betting it can expand into being the backbone of a logistics and delivery network for various services—a kind of FedEx for cities.
For now, the battle is lopsided. Uber, led by sharp-tongued technologist Travis Kalanick, operates in nearly three times as many markets as Lyft, whose co-founders Logan Green and John Zimmer have crafted a friendlier image by attaching fuzzy pink mustaches to cars and encouraging passengers to greet each other with fist bumps. Uber also has four times as many employees and five times the amount of funding from investors.
But a market-share lead doesn't assure success. By dreaming up new ways to move passengers from point A to point B, Lyft and other ride-sharing startups have created new arenas of competition.  
The rivalry extends to the recruitment of new drivers, the lifeblood for the services as they attempt to build the biggest networks with the the fastest pickup times. A Lyft spokeswoman said Monday that representatives from Uber have abused its service in the past several months with the goal of poaching drivers and slowing down its network. Passengers who identify themselves as working for Uber frequently order a Lyft and then ride for only a few blocks, sometimes repeating this process dozens of times a day, she said.
Many of these representatives may actually be Uber drivers motivated to get a bounty by referring a new driver. According to an email Uber sent to drivers in May that was reviewed by The Wall Street Journal, the company offers $250 for referring a new driver to its service; $500 for referring a Lyft driver; and $1,000 for signing up a Lyft "mentor," an experienced Lyft contractor who helps train new drivers.
A spokeswoman for Uber denied the company is intentionally ordering Lyft rides to add congestion to its competitor's service, but confirmed the company does offer recruitment incentives. "We recently ran a program where thousands of riders recruited drivers from other platforms, earning hundreds of dollars in Uber credits for each driver who tries Uber," she said.
Another salvo in their battle occurred last week, when both companies unveiled similar carpooling services within hours of each other. The two offerings, Lyft Line and Uber Pool, will both let passengers ride with strangers and split the bill, lowering the cost of regular commutes.
Uber operates in nearly three times more markets than Lyft. Pictured, an UberX driver in Washington, D.C.The Washington Post/Getty Images
Pooling customers may mean fewer rides and less revenue for ridesharing companies at first. But over time, the appeal of cheaper commutes could entice new customers to sign up and boost usage by existing riders, said Mr. Zimmer, Lyft's president.
Lyft has been developing a carpooling model for several years and acquired a team to lead the effort months ago, Mr. Zimmer said, adding, "I think it's flattering when other companies look at how we're innovating and want to do similar things."
An Uber spokeswoman said that company has been working on UberPool for several months and filed patents involving carpooling late last year.
Regarding the competition, the Uber spokeswoman said: "Uber was first to market by years, back in 2010 when nobody believed any of this was possible. We now have competitive clones on each of the five continents where we operate, and that competitive spirit is good for consumers and for the marketplace."
Lisa Gansky, an investor in smaller ride-sharing startup Sidecar, said that new features can gain popularity so quickly that it makes sense for Uber and Lyft to match one another in case something becomes a big hit. Last week, Sidecar also said it has been testing a carpool feature for several months.
Given all the money Uber has raised, it could afford to buy Lyft and end the rivalry. The smaller startup was valued at $700 million in a round of funding in April, and Uber just banked $1.2 billion from investors in June. But Mr. Kalanick has been dismissive of other startups, instead pursuing a strategy of building the most popular features in the marketplace.
The most successful clone in ride-sharing is UberX, which Uber launched in 2012 to pair amateur drivers with passengers. Up until then, Uber was a high-end car service offering Lincoln Town Cars and white-glove treatment. But just months after Lyft launched and began to popularize the concept of ride-sharing, Uber introduced its own service, becoming in the process a more affordable transportation network for a wider variety of customers.
For its part, Lyft has borrowed heavily from Uber. Uber originated a real-time map showing nearby drivers, and the design of Lyft's app is similar. In addition, Lyft's "prime time" prices for peak-demand times are a variation of Uber's surge pricing.
The startups also compete in lockstep on pricing. Both companies have squeezed their profit margins to reduce prices and add more customers. Lyft earlier this year went so far as to forgo its 20% commission on rides.
On Monday, Lyft said it is reintroducing commissions but will base them on how many hours its drivers work per week. A driver who logs 50 hours or more won't have to share any fees with Lyft, for instance. At the other end, one who drives fewer than 15 hours will share the full 20%.
The company also said it will begin keeping 20% of "prime time" pricing, a policy change that could rattle Lyft drivers who are used to keeping all of those extra fees for themselves.
Mohan Lama, a former yellow cab driver in San Francisco who now drives for Uber, believes more drivers will stop using Lyft when the company begins taking commissions again. "The day Lyft will start commissions, their drivers will stop working," he said. "Lyft is in a trap."
Courting drivers has also meant offering them an array of benefits, from insurance to new-car financing. This past March, Lyft and Uber each announced in the same week they would add insurance between rides, rather than just covering the time a passenger is in the car. Those moves helped placate regulators, who have raised questions about the culpability of ridesharing startups when accidents occur as drivers are on their way to pick up passengers.
At times, the fight between Uber and Lyft has gotten nasty. In March 2013, Mr. Kalanick challenged Mr. Zimmer on Twitter about Lyft's offer of an insurance policy. The back-and-forth ended with Mr. Zimmer asking Mr. Kalanick to stop by his office. The Uber CEO responded by tweeting, "you've got a lot of catching up to do... #clone."
The ease with which Uber and Lyft can imitate each other's features highlights the ride-sharing industry's low barriers to entry, said Thilo Koslowski, an analyst for Gartner Inc. Because Uber and Lyft don't own cars or employ chauffeurs, they are essentially matchmakers between drivers and passengers, he said.
But investors who have poured a total of nearly $2 billion into the two companies are betting the apps will have staying power. Millions of people are now used to riding with Uber, and the app is still one of the most popular programs in Apple's App Store.
"Organizing demand is remarkably hard and extremely powerful," said Bill Gurley, a partner at Benchmark and a member of Uber's board. "Being installed on someone's iPhone on the home page is a pretty sticky place to be."

Monday, August 11, 2014

Hackers Demand Automakers Get Serious About Security

As reported by Security WeekA group of security researchers called upon automobile manufacturers to build cyber-security safeguards inside the software systems powering various features in modern cars.  

In an open letter to “Automotive CEOs” posted (PDF) on the I am the Cavalry website, a group of security researchers called on automobile industry executives to implement five security programs to improve car safety and safeguard them from cyberattacks. As car automation systems become more sophisticated, they need to be locked down to prevent tampering or unauthorized access. The Five Star Automotive Cyber Safety Program outlined in the letter asked industry executives for safety by design, third-party collaboration, evidence capture, security updates, and segmentation and isolation.

Hacking Cars“The once distinct world of automobiles and cybersecurity have collided,” read the letter. “Now is the time for the automotive industry and the security community to connect and collaborate..”

Vehicles are “computers on wheels,” Josh Corman, CTO of Sonatype and a co-founder of I am the Cavalry, the group who penned the open letter. The group aims to bring security researchers together with representatives from non-security fields, such as home automation and consumer electronics, medical devices, transportation, and critical infrastructure, to improve security.

Computers manage engines, brakes, navigation, air-conditioning, windshield wipers, entertainment systems, and other critical and non-critical components in modern cars. Security experts have warned that unless the systems are built with better security features, cyberattacks against cars could result in a physical injury to the driver and possible passengers. The five star plan can conceivably be used by consumers, ala Consumer Reports style, to understand which automakers are thinking about security, Corman said.

The first “star,” safety by design, simply means automakers should design and build automation features with security in mind. Engineers should be stopping to think about how the systems could be tampered with and then build in blocks to prevent such an attack. Automakers should also implement a secure software development program within their companies to encourage better coding and design.

Third party collaboration asks automakers to establish a formal vulnerability disclosure program, to clearly state what its policies are and who to contact. This doesn't mean bug bounties—where companies would pay for bugs—but rather designing a process that ensures bug reports and other information from third-party researchers reach the right engineers.

Automotive Security Vulnerabilities
“Tesla already gets a star,” Corman said, noting the electronic car maker recently established such a policy.

Evidence capture is the first technical piece in the Five Star program, and asks for forensics capabilities such as events logging in car systems.

“We have black boxes in airplanes,” Corman said, noting it's currently impossible to collect any information on why something failed in car systems. Security updates mean the issues found and reported which have been fixed actually get pushed out to individual cars in a timely and effective manner. And the final star—and the last technical piece—is segmentation and isolation, referring to keeping critical systems separate from the rest of the car's network.
"With segmentation and isolation, we want to make sure you contain failures, so a hack to the entertainment system never disables the brakes," said Corman.

Vehicles, transportation systems, industrial control systems, and medical devices represent some of the hottest areas of cyber research. At Black Hat this year, Charlie Miller, an engineer at Twitter, and Chris Valasek, director of vehicle security research at IOActive, demonstrated how they could remotely control vehicles by compromising non-critical systems. The panel built on last year's research, which showed how they could take over the breaks and the car's steering from the back seat of the car. There were sessions discussing medical device security, and a DEF CON presentation looked at how traffic control systems were not secure.

The security industry reaching out directly to the automobile industry was a good idea, said Andrew Ruffin, a former staffer for Sen. Jay Rockefeller (D-WV), a member of the Senate Commerce Committee. Ruffin attended the press conference at DEF CON 22 on Friday. "I'm encouraged by the letter and hope there's a quick response," said Ruffin. "I think this has some legs."

Considering how technology has permeated practically all parts of modern life, the group wants manufacturers to think about security and start implementing security features in their designs and business processes. The goal is to start thinking about security and implementing safeguards before the major cyberattack happens, said Corman. To people who say these things take time and would require a lot of work, Corman had two words: “We know.” The time to start is now, so that in a few years, these efforts would actually show results, he said.

Along with releasing the open letter, the group participated in a closed-door session with automobile and medical device representatives in a private meeting in Las Vegas on Tuesday and plan to discuss automotive hacking at DEF CON on Sunday. There is also a change.org petition demanding automakers pay attention car safety and cybersecurity.

“When the technology we depend on affects public safety and human life, it commands our utmost attention and diligence. Our cars command this level of care. Each and every day, we entrust our lives and the lives of those we love to our automobiles,” the letter said.
Signatures and instructions for signing  the petition can be found online