Tag Archives: security

Compound droughts risk destabilizing the global food supply if we keep burning fossil fuels

Climate change could severely impact our food and water security in the future by increasing the probability of droughts co-occurring in food-producing areas around the world, a new study says.

Image via Pixabay.

Research led by scientists at the Washington State University (WSU) warns that the future may hold less bountiful tables, and fewer meals, for us all. According to the findings, the probability of droughts co-occurring will increase by 40% by the mid 21st century, and by 60% by the end of the century, relative to the late 20th century (before the year 2000). All in all, this amounts to an almost-ninefold increase in the exposure of agricultural lands and human populations to severe, co-occurring droughts relative to today.

While modern technology and distribution systems insulate us from the effects of drought to a much larger extent than any time previously in history, co-occurring (or ‘compound’) droughts, if they affect key food-producing areas, can severely impact the global food and water availability. If such an event were to come to pass, millions of people would encounter some difficulty in accessing food in the same quantities and varieties as before.

Table troubles

“There could be around 120 million people across the globe simultaneously exposed to severe compound droughts each year by the end of the century,” said lead author Jitendra Singh, a former postdoctoral researcher at the WSU School of the Environment now at ETH Zurich, Switzerland. “Many of the regions our analysis shows will be most affected are already vulnerable and so the potential for droughts to become disasters is high.”

This increased risk of compound droughts is mainly the result of climate change, which itself is the product of greenhouse gas emissions associated with decades of reliance on fossil fuels. The other element factoring in is a projected 22% increase in the frequency of El Niño and La Niña events — the two opposite phases of the El Niño Southern Oscillation (ENSO) — caused by warmer average temperatures.

Roughly 75% of compound droughts in the future will occur during these irregular but recurring periods of variation in the world’s oceans, the team explains. The shifting phases of the ENSO have historically played a part in some of the greatest periods of environmental upheaval globally, as they influence precipitation patterns across a huge stretch of the planet. Compound droughts occurring across Asia, Brazil, and Africa during 1876-1878 were generated by these shifts. They led to massive crop failures and famines which killed in excess of 50 million people.

“While technology and other circumstances today are a lot different than they were in the late 19th century, crop failures in multiple breadbasket regions still have the potential to affect global food availability,” said study coauthor Deepti Singh, an assistant professor in the WSU School of the Environment. “This could in turn increase volatility in global food prices, affecting food access and exacerbating food insecurity, particularly in regions that are already vulnerable to environmental shocks such as droughts.”

The team focused their analysis on the ten areas of the world that receive most of their rainfall between June and September, have monthly summer precipitation showing great variability, and fall under the influence of ENSO variations — factors that leave them exposed to co-occurring droughts. Several of these are important agricultural areas on a global level, they add, and they also include countries that are already experiencing food and water insecurity.

Of the investigated areas, North and South America were among the most likely to experience compound droughts in the future. Certain regions of Asia are also at risk, however, large stretches of agricultural land here are projected to become wetter instead of drier, heavily mitigating the risk of crop failure and subsequent famine.

Still, that leaves us in quite a dire situation. The United States today is a major exporter of grains, including maize, for multiple countries around the world. In the event of a severe drought, reduced production here would impact food security around the world, with increases in the price of grains and a significant decrease in food security — grains are staple foods and lack of such foods heavily impacts the most vulnerable groups throughout communities.

“The potential for a food security crisis increases even if these droughts aren’t affecting major food producing regions but rather many regions that are already vulnerable to food insecurity,” said coauthor Weston Anderson, an assistant research scientist at the Earth System Science Interdisciplinary Center at the University of Maryland.

“Simultaneous droughts in food insecure regions could in turn amplify stresses on international agencies responsible for disaster relief by requiring the provision of humanitarian aid to a greater number of people simultaneously.”

Still, for what it’s worth, these estimates are assuming that the world maintains a high rate of fossil fuel usage. If carbon emissions continue to fall, the risk and intensity of co-occurring droughts would be greatly mitigated, the team explains. Knowing that nearly 75% of compound droughts occur alongside ENSO events also gives us the chance to predict where such droughts may occur and prepare for them in advance.

“This means that co-occurring droughts during ENSO events will likely affect the same geographical regions they do today albeit with greater severity,” said Deepti Singh. “Being able to predict where these droughts will occur and their potential impacts can help society develop plans and efforts to minimize economic losses and reduce human suffering from such climate-driven disasters.”

The paper “Enhanced risk of concurrent regional droughts with increased ENSO variability and warming” has been published in the journal Nature Climate Change.

Outdated WiFi routers may pose a huge security risk to millions of people

Routers have become essential in billions of homes. But how often do you think about their security?

Credit: Pixabay.

After plugging in a home router, most people don’t give it much second thought until it breaks down or the WiFi doesn’t work anymore for some reason. However, in a world where our devices are becoming increasingly connected with each other and where more of us are working from home, even seemingly benign WiFi routers could pose important security threats. According to a recent assessment by consumer watchdog Which?, it’s estimated that about six million people have not updated their router since 2018 or earlier — and that’s just in the UK.

Woefully ill-prepared

According to security experts, your typical home router is woefully ill-prepared in the face of a cyberattack. Most home routers have weak default passwords, lack critical firmware updates, and feature network vulnerabilities such as those involving EE’s Brightbox 2 (this could give a hacker complete control over the device).

The cybersecurity researchers examined 13 router models provided by EE, Sky, and Virgin Media. Two-thirds of these devices were found to be flawed, including the Sky SR101 and SR102; Virgin Media Super Hub and Super Hub 2; and the TalkTalk HG635, HG523a, and HG533.

The only routers that passed all security tests were those from BT, including the Home Hub 3B, 4A and 5B, and Plusnet’s Hub Zero 270N. However, BT had a critical vulnerability in its Brightbox 2 router supplied by EE, which is part of BT Group.

Fortunately, modern spectrum compatible routers have device-specific default passwords and automatically perform firmware updates. However, older models will suffer from the problems identified in this raport.

BT Group, Virgin Media, and TalkTalk denied the validity of the findings each claiming that old and outdated routers comprise only a small fraction of their userbase. However, other security research groups came to similar conclusions in the past.

“We have been trying to convince one of the ISPs in question to fix a critical security flaw that allows several million of their customer routers to be remotely hijacked and gain access to home networks,” Pen Test Partners security consultant Ken Munro told the BBC.

“We reported the issue over a year ago – but they have procrastinated multiple times.”

Around 7.5 million internet users in the UK were affected by the vulnerabilities, with no updates since 2018 and even 2016 in some cases, the report found. Six million British households used outdated equipment provided by the internet providers, the authors added.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks,” said Which? computing editor Kate Bevan.

In order to solve this problem, a topdown approach may prove the best. Most broadband consumers are not particularly tech-savvy, which is why the responsibility for ensuring their devices are secure must fall on the internet provider.

The UK government is currently drafting legislation that will broadly regulate smart devices, but which will also include rules such as banning default passwords from being preset on devices and requiring manufacturers to inform consumers of how long their devices will receive security software updates. Although the study focused on the UK alone, it’s hard to believe that other countries would fare much better.

Captcha.

New AI solves most Captcha codes, potentially causing a “huge security vulnerability”

The world’s most popular website security system may soon become obsolete.

Captcha.

Image credits intergalacticrobot.

Researchers at the Lancaster University, UK, Northwest University, and Peking University (both in China) have developed a new Ai that can defeat the majority of captcha systems in use today. The algorithm is not only very good at its job — it also requires minimal human effort or oversight to work.

The breakable code

“[The software] allows an adversary to launch an attack on services, such as Denial of Service attacks or spending spam or fishing messages, to steal personal data or even forge user identities,” says Mr Guixin Ye, the lead student author of the work. “Given the high success rate of our approach for most of the text captcha schemes, websites should be abandoning captchas.”

Text-based captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) do pretty much what it says on the tin. They’re systems that typically use a hodge-podge of letters or numbers, which they run through additional security features such as occluding lines. The end goal is to generate images that a human can distinguish as being text while confusing a computer. It relies on our much stronger pattern recognition abilities to weed out machines. All in all, it’s considered pretty effective.

Captcha.

Because it’s drenched in security features that make it a really annoying lecture.
Image credits Guixin Ye et al., 2018, CCS ’18.

The team, however, plans to change this. Their AI draws on a technique known as a ‘Generative Adversarial Network’, or GAN. In short, this approach uses a large number of (software-generated) captchas to train a neural network (known as the ‘solver’). After going through boot camp, this neural network is then further refined and pitted against real captcha codes.

In the end, what the team created is a solver that works much faster and with greater accuracy than any of its predecessors. The programme only needs about 0.05 seconds to crack a captcha when running on a desktop PC, the team reports. Furthermore, it has successfully attacked and cracked versions of captcha that were previously machine-proof.

The programme was tested on 33 captcha schemes, of which 11 are used by many of the world’s most popular websites — including eBay, Wikipedia, and Microsoft. The system had much more success relative to its counterparts, although it did have some difficulty breaking through certain “strong security features” used by Google. Still, even in this case, the system saw a success rate of 3% which sounds pitiful, but “is still above the 1% threshold for which a captcha is considered to be ineffective,” the team writes.

Test results.

Results with the base (only trained with synthetic images) and fine-tuned solver (also trained with real-life examples).
Image credits Guixin Ye et al., 2018, CCS ’18.

So the solver definitely delivers. But it’s also much easier to use than any of its competitors. Owing to the GAN-approach the team used, it takes much less effort and time to train the AI — which would involve manually deciphering, tagging, and feeding captcha examples to the network. The team says it only takes 500 or so genuine captcha codes to adequately train their programme. It would take millions of examples to manually train it without the GAN, they add.

One further advantage of this approach is that it makes the AI system-independent (it can attack any variation of captcha out there). This comes in stark contrast to previous machine-learning captcha breakers. These manually-trained systems were both laborious to build and easily thrown off by minor changes in security features within the codes.

All in all, this software is very good at breaking codes; so good, in fact, that the team believes they can no longer be considered a meaningful security measure.

“This is the first time a GAN-based approach has been used to construct solvers,” says Dr Zheng Wang, Senior Lecturer at Lancaster University’s School of Computing and Communications and co-author of the research. “Our work shows that the security features employed by the current text-based captcha schemes are particularly vulnerable under deep learning methods.”

“We show for the first time that an adversary can quickly launch an attack on a new text-based captcha scheme with very low effort. This is scary because it means that this first security defence of many websites is no longer reliable. This means captcha opens up a huge security vulnerability which can be exploited by an attack in many ways.”

The paper “Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach” has been published in the journal CCS ’18 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.

smartphone PIN

Security experts crack smartphone PIN using only the motion sensor data. By the third try, the algorithm was 94 percent accurate

smartphone PIN

Credit: YouTube.

Is your smartphone really a phone or just a tinier computer? It’s a question that’s getting increasingly harder to answer as the people engage with their handheld devices more in areas that were traditionally reserved for desktop or notebooks. To support a wealth of rich features and technologies like sharp graphics and tactile feedback, smartphones have grown to be very well equipped with all sorts of sensors. The more complex the machine, however, the greater the security risk.

Case in point: British researchers from Newcastle University showed that simply by monitoring and interpreting data recorded by a phone’s sensors like the accelerometer, gyroscope, or magnetometer, they could infer a person’s four-digit PIN. When people tap in their PIN, the phone has a distinct orientation and motion which can be used to guess the code.

The team led by Maryam Mehrnezhad developed an artificial neural network — algorithms loosely modeled after the neuronal structure of the human brain — to guess the PIN from input sensor data. The team proved last year that they could access it by attacking the phone through a javascript exploit delivered through the phone’s browser. A user only had to click on a link for an attacker to get hold of all the sensor data, and this worked even if the phone was locked after the link was clicked on for some browsers like Apple’s Safari.

The system was initially trained with sensor data sourced from controlled smartphones where the PIN was known. After a couple of rounds, the researchers were able to figure out a user’s PIN 74 percent of the time on the first try. On the third try, the number rose to 94 percent, the researchers reported in the International Journal of Information Security. Does that shock you? I’ve heard crazier things. Last year, researchers stole data from computers by using little more than the sound emitted by the cooling fans inside.

Mehrnezhad says they’ve informed all the browsers of the exploits and these have reportedly been fixed but that’s not to say there aren’t other loopholes.

“A combination of different approaches might help researchers devise a usable and secure solution. Having control on granting access before opening a website and during working with it, in combination with a smart notification feature in the browser would probably achieve a balance between security and usability,” the researchers recommended in their paper.

The study clearly shows smartphones are a lot more vulnerable than some people care to think. The fact that smartphone data is so tempting will make attacks even more common and sophisticated. Ten years ago, if your computer got hacked you risked a lot of damage like having your emails scrapped or credit card information stolen. When this happens to a smartphone today, you lose that and much more. That’s because our smartphones are far more intimate connoisseurs of our lives. We bring them with us everywhere, use them to instant message friends, buy things online, navigate surroundings, and so on. If someone knows what they’re doing they can learn more about you and your darkest secrets maybe even better than yourself.

It’s not only smartphone users that should be worried. Everything is getting ‘smarter’. All major cities, especially those that are designed from the ground-up today like some experiments in Dubai or Singapore, will be crowded with sensors that record everything from pollution, to the weather, to traffic. Then, there are networked driverless cars, thermostats, fridges, or even toasters collectively classed under the Internet of Things (IoT). This huge wealth of data will make our lives better but at the same time companies need to be aware of the rising security vulnerabilities.

Californian start-up designs drone guards to keep an eye out on your stuff

California-based drone start-up Aptonomy has developed a self-flying security drone that it hopes will prove to be the guards of tomorrow. The octocopter comes equipped with cameras, a loudspeaker and blazing lights to deter unwanted visitors.

Image credits Aptonomy.

If I’ve learned anything from watching TV is that guards are always terrible at doing their jobs. From the medieval watchman catching some shut-eye on patrol to the modern guard passing the time with game-shows, they’re always laughably easy to pass by. Maybe people just aren’t cut out to be guards.

Drone start-up Aptonomy has designed a ‘flying security guard’ that will not succumb to boredom or tiredness. The team modified a DJI Spreading Wings S100+ drone by adding computer systems and cameras to allow it to navigate its environment, avoid obstacles, and identify threats. In case it runs into anything suspicious within its designated perimeter, the team equipped it with warning, flashing red and blue lights and a powerful spotlight to shine on the target. A security guard working in the control center would receive an alert from the drone and take direct control over it — the platform also carries loudspeakers for the guard to speak through it.

“Drones, being machines, are perfect for routine security patrols. [They] can multiply the reach and speed of your existing solutions,” Aptonomy’s website reads.

Each eight-propeller craft is a bit over one meter across and comes equipped with conventional and night vision cameras to allow it to patrol around the clock. The addition of one thermal camera is planned in the future, to allow the drone to spot people farther away.

Currently, each unit needs about 15 to 20 minutes of dock-time to fully charge its batteries.

“The drone automatically returns to its dock to recharge its battery, as needed. For maximum security, you can deploy a team of drones — once an active drone’s battery gets low, another drone seamlessly takes its place.”

The perimeter to be patrolled can be set through a smartphone app, and the footage is fed to a screen in the building to be patrolled.

The main problem to getting the drones off the ground and into the marketplace right now is that US airspace rules forbid unmanned aircraft from flying at night or to operate autonomously without direct supervision by a controller. However, the firm says its drones will be available for lease sometime next year.

There’s only one thing the company needs to prepare their drones for by that time: highly-trained killer eagles.

People pick up and use discarded USB drives they find almost half the time

Connectivity has never been more pervasive than today. In a span of just two hundred years western civilization has gone from the electric telegraph to satellite communication. Access to the internet, which just thirty years ago was limited to land-line dial-up connections, has become ubiquitous — only a screen swipe away. Portable data storage, such as USB drives, might not be quite as useful or sought after as they once were but they remain an undeniably handy method to carry your data around.

Image via flirk user Custom USB.

So when you spot an USB drive lying abandoned on the floor or on the sidewalk, you’re faced with a very puzzling choice. Should you pick it up, or not? Surely a quick peek at the files it contains will help you return the drive to its rightful (and thankful) owner; it’s a civic duty and who better than you to see it through the end? Or maybe you’re more inclined to use it yourself, it’s finders keepers after all! Moral conundrums aside, one thing is sure — USB drives discarded in public places won’t go unnoticed for long, a new study has found.

An University of Illinois Urbana-Champaign team left 297 USB memory dropped seemingly by accident around the university grounds in places like parking lots, classrooms, cafeterias, libraries or hallways. Roughly 98% of them were removed from their original location, and almost half of them were snooped through.

The researchers wanted to know what people would do with the data on the drives after they found them, so they put HTML documents cunningly disguised with names such as “documents,” “math notes,” or “winter break pictures” on the USB sticks. If anyone tried to open these files on a computer connected to the internet, the researchers would receive a notification.

In the end, the team received 135 notifications of users opening the files, corresponding to 45% of the discarded drives. The actual number of accessed drives is most likely higher than this, as the researchers were only notified if the HTML files were opened (and even then, if an internet connection was established at the time of opening the file.)

The unknowing subjects were informed about the experiment when they opened the HTML files on the drive, and were invited to complete an anonymous survey to explain what had motivated them to pick up and use the drive in the first place. Only 43 percent of the participants chose to provide feedback. Most of them (68 percent) said that they were trying to return the drive to its owner. Part of the drives had been put on key rings with dummy house keys, and many of the participants listed this as one of the reasons behind their altruistic intentions. Another 18 percent reported that they were just curious to see what was in the files. Two very honest people admitted that they were simply planning on keeping the drive.

Ca-ching!.
Image via flirk user Custom USB.

Still, even those driven by good intentions snooped around the data, opening files like photos or texts on the drives. An argument could be made that they were trying to see how the owner looks like; but seeing as the drives had a “personal resume” file complete with contact details, I think it’s safe to say that they just let their curiosity get the better of them.

There’s nothing wrong with that. Curiosity can be a very powerful force; and when you combine that with the temptation of an USB drive, containing data only you have access to, it can become downright irresistible. But it’s also a huge security risk.

More than two-thirds of respondents had taken no precautions before connecting the drive to their computer. “I trust my Macbook to be a good defence against viruses,” said one report. Others admitted opening the files on university computers to protect their own systems.

“This evidence is a reminder to the security community that less technical attacks remain a real-world threat and that we have yet to understand how to successfully defend against them,” the authors write. “We need to better understand the dynamics of social engineering attacks, develop better technical defences against them, and learn how to effectively teach end users about these risks.”

Despite the ridiculousness of these kinds of experiments, the study shows that people aren’t cautious enough when it comes to opening unknown files on totally random drives.

“It’s easy to laugh at these attacks, but the scary thing is that they work,” said lead researcher Matt Tischer for Motherboard, “and that’s something that needs to be addressed.”

The findings, which are being presented next month at the 37th IEEE Symposium on Security and Privacy in California, also highlight just how unaware or unconcerned we can be about the potential security risks of opening unknown files on randomly found devices.

 

horsey-troubadour

Hard to crack and easy to remember password? Try a poem

“Please enter a strong password”, is now an ubiquitous greeting whenever we try to register online. Security experts advise we use long passwords at least 12 characters in length,  which should include numbers, symbols, capital letters, and lower-case letters. Most websites nowadays force you to enter a password under some or all of these conditions. Moreover, the password shouldn’t contain dictionary words and combinations of dictionary words. Common substitution like “h0use” instead of “house” are also not recommended – these naive attempts will fool no automated hacking algorithm. So, what we end up at the end is a very strong password, like the website kindly asked (or forced) us to do. At the same time, it’s damn difficult if not impossible to remember. People end up endlessly hitting “recover password” or, far worse, write down their passwords in email or other notes on their computer which can easily be recovered by any novice hacker.

A group of information security experts have found a workaround to make passwords both strong and easy to remember: using randomly generated poems. Marjan Ghazvininejad and Kevin Knight of the University of Southern California were oddly enough inspired by an internet comic written by the now famous and always witty Randall Munroe of Xkcd.

horsey-troubadour

Credit: XKCD

The premise of the comic is that today’s passwords are easy for computers to guess and hard for humans to remember, which sounds rightfully ludicrous. Munroe proposed an alternative: four random common words; in this case “correct horse battery staple”, which sounds a lot more manageable. You could build a story around them, like Munroe did, or use a mnemonic technique like the memory palace to make things even easier. The catch though isn’t to select words from the top of your head. Instead, you use a computer to generate a large random number, which is then broken into four pieces with each section amounting to a code that corresponds to a word in the dictionary. In the first situation of the unintelligible password, the information contained amounts to 28 bits. Munroe’s password is 44 bits, which is higher and thus better.

Ghazvininejad and Knight advanced this further. They analyzed several password generation techniques, including Munroe’s, and found that the safest, but also easiest to remember passwords are those made up of rhyming words. If you look back in history, this sounds like a no-brainer. In ancient times, society was mostly oral. A culture’s history, scientific knowledge and literature were all passed on to subsequent generations by word of mouth. Think of poems like Homer’s Odyssey or the Epic of Gilgamesh.

To create the poems, each word of 327,868 found in the dictionary is assigned a code. A random number is generated, broken into pieces then used to generate two phrases. Here are some examples:

“And many copycat supplies
offenders instrument surprise”

“The warnings nonetheless displayed
the legends undergo brocade”

“The homer ever celebrate
the Asia gator concentrate”

“Montero manages translates
the Dayton artist fluctuates”

“The market doesn’t escalate
or hiring purple tolerate”

“And Jenny licensed appetite
and civic fiscal oversight”

Some are pretty good, some are awful, but at least they’re hard to break. In their paper, the authors say these passwords could take up to 5 million years to crack. You can generate your own rhyming password using this online tool, but the authors caution you shouldn’t actually use them since a potential hacker can download all the list. Instead, enter your email here and an automated program will send you a rhyming password which will be immediately deleted from the record there after.

Today, however, you’ll find little use for this trick. Most password policies require a number and/or special character. These passwords are also a bit too long for current policies. Then, if this system becomes common, automated hack methods can be made to guess these too much faster. It’s really interesting though and a much more entertaining password than 2d1s0gus71ng!93.

network_security

Quantum physics used to make virtually uncrackable authentication system

Security experts have devised a novel authentication system that exploits quantum effects to make fraud-proof credit cards or IDs. Called Quantum-Secure Authentication (QSA), the technology relies on the quantum properties of single light beams, called photons, including their ability to be in multiple places at once.

Quantum physics keys

network_security

Credit: Dennis Pierce

“We experimentally demonstrate quantum-secure authentication (QSA) of a classical multiple-scattering key. The key is authenticated by illuminating it with a light pulse containing fewer photons than spatial degrees of freedom and verifying the spatial shape of the reflected light,” explained the researchers in journal Optica.

The researchers at University of Twente and Eindhoven University of Technology coated a credit card with a thin layer of white paint containing millions of nanoparticles. This wasn’t some rough paint job, though – the nanoparticles were carefully placed so that photons might scatter in a predictable manner. When light hits the nanoparticles, it bounces around until it escapes, creating a unique pattern that depends on the precise position of the particles in the paint. Each card has its own, signature way of reflecting light and this is how it’s enrolled in the system. When the card is inserted in an ATM, it’s flushed with a pulse of light that is unique to each transaction. Once the response matches that expected by the ATM machine, the user can freely make whatever financial transaction he may wish.

Quantum security

Credit: University of Twente

“Even if somebody has the full information of how the card is built, technology does not allow him to build a copy,” lead author Pepijn Pinkse of the University of Twente said via email. “The nanoparticles are too small and there are too many of them which need to be positioned with too high accuracy.”

The innovation lies in how the system makes the authentication key impossible to copy due to technological limitations (you’d need a lab like the one used by the researchers) and the fact that it can’t be digitally replicated. Because the system is based on quantum physics, hackers can’t discern the incident light pulse so that they cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known. That’s because  due to the characteristics of quantum physics, an attempt to observe the question and answer process between a reader and the card would destroy the information in the transmission. As such, QSA isn’t just another multi-factor verification. It goes beyond asking you “what’s your mother’s maiden name” or other trivial road blocks for hackers. It’s a veritable dead end.

Components and principle of operation for the QSA system. Credit: University of Twente

Components and principle of operation for the QSA system. Credit: University of Twente

“The problem is that even if the attacker were to obtain a correct challenge response, for a single challenge, it would be impossible for them to recreate that response in a way that would authenticate due to the properties of Quantum Physics,” said Malwarebytes’s head of malware intelligence, Adam Kujawa.

“In addition, they would need to know that the challenge response would be used again in a lock that has dynamically generated keyholes.”

In practice, the paint the researchers used for this demonstration won’t appear in the final mass-produced product because it’s too vulnerable to degradation. Instead, ceramics will be used and as far as price is concerned, a readout device wouldn’t cost more than a projector phone at about $1,000 since it has the necessary components. But will this be actually “unhackable”? Experience has thought us that there’s no such thing, but it sure got a heck of a lot harder that’s for sure!

 

 

The BIOSwimmer nautical robot takes its inspiration from the tuna. (c) Department of Homeland Security.

US waters have a new guardian – the tuna robot

The BIOSwimmer nautical robot takes its inspiration from the tuna. (c) Department of  Homeland Security.

The BIOSwimmer nautical robot takes its inspiration from the tuna. (c) Department of Homeland Security.

This might sound hilarious, but the Department of Homeland Security takes no humor when US waters are concerned. Collaborating with Boston Engineering Corporation’s Advanced Systems Group, the DHS science division have created a tuna inspired robot designed for versatile maneuvrability in harsh conditions, like tumultuous waters and crammed ship tanks.

Called the BIOSwimmer, the tuna robot can swim inside the interior voids of ships such as flooded bilges and tanks, and report back if something’s fishy. Of course, harbors and piers will also be fitted with this latest surveillance technology. I’m not sure if the US officials are counting on blending it with tuna banks, but even on its own, in all seriousness, the BIOSwimmer looks pretty capable.

Check out this video below, where the BIOSwimmer is featured and described in short. Good stuff starts from the 2:17 mark onwards.

“It’s all about distilling the science. It’s called ‘biomimetics.’ We’re using nature as a basis for design and engineering a system that works exceedingly well. Tuna have had millions of years to develop their ability to move in the water with astounding efficiency. Hopefully we won’t take that long,” said David Taylor, program manager for the BIOSwimmer for DHS S&T’s Borders and Maritime Security Division.

via Science, Space and Robots.

Fake ‘MacDefender’ antivirus infecting naive Apple users

MacDefender Apple Mac malware

Naive Apple users might find themselves in quite a predicament thanks to a new malware which tricks users into thinking their Macs are infected, automatically installs a interface that looks like a legitimate antivirus and then asks for more information to destroy the threat, including credit card information.

The trojan works fairly simple but ingeniously, by targeting users browsing Google Images via Safari, who receive a notice claiming their system is infected and they need to install a MacDefender application to remove viruses. MacDefender is able to bypass Safari’s protection system, which automatically accepts trusted software – Apple, you should really look into this exploit. MacDefender then relaunches every time a user logs in or restarts the computer. There are no terribly obvious effects: The virus doesn’t install anything to run in the background, but it does attempt to swindle users into buying the application via credit card.

The malware has been reported by security firm Intego on Monday.  The company notes that the application is visually well designed and doesn’t have numerous misspellings or other errors common to such malware on Windows,  which is maybe why the malware has managed to trick so many people so far. Malware can be look professional too, don’t be fooled by a scammer with a $1000 suit. Also, the software will periodically display Growl alerts that various fake malware has been detected, and also periodically opens porn websites in the default browser, leading the user to believe that he is indeed infected with a virus.

How to prevent MacDefender attack

While the MacDefender is fairly harmless, inexperieced Mac users might find themselves in a lot of trouble with fraud threats, so here’s how to get stay safe – simply uncheck the “open safe files after downloading” option by going to Safari, Preferences, and then General. You could also use an alternative browser. Another option is to defer to running in Standard of Managed mode, versus as an Administrator – this just keeps viruses from being able to access every nook and cranny of your system.

How to clean up MacDefender malware

If your system has already been infected, The Next Web explains how you can fairly easily get rid of MacDefender.

  1. Go to Applications, and then Utilities to check the Activity Monitor. Disable anything with “MacDefender” in the name.
  2. Go to Library, Startup Items, and in there look for in LaunchAgents and LaunchDaemons for anything with “MacDefender” in the name. Quit any running applications.
  3. Go back to the Applications folder and drag and drop MacDefender from there to the trash. Delete trash.
  4. Search for anything on your system with “MacDefender” in the name and delete anything returned.
Map displays a visualization of iPhone data collection. Credit: O’Reilly radar.

iPhone 4 and iPad records your every move!

Map displays a visualization of iPhone data collection. Credit: O’Reilly radar.

Map displays a visualization of iPhone data collection. Credit: O’Reilly radar.

In a recent event which is sure to produce a lot of controversial waves, a team of security researchers have come across  a frightning discovery which puts Apple next to Big Brother. It seems any iPhone or iPad that has been updated with iOS 4 records everywhere you have been to a secret file – the file is also copied to the owner’s computer whenever the two are synchronized.

This is something which I’ve found to be scandalous and outrageous, a violation of countless privacy laws. Any such Apple user will most likely have a “consolidated.db” file which logs in your daily position, and contain latitude and longitude coordinates along with a timestamp. The file can contain tens of thousands of data points since iOS 4’s release in June 2010.

Pete Warden and Alasdair Allan, founder of Data Science Toolkit, discovered the file and presented their findings today to the Where 2.0 conference in San Francisco.

When the security researchers browsed Google’s Android OS based phones far and wide, they couldn’t find a similar tracking code.

Why Apple is collecting this data I am unsure, but it’s pretty clear it’s all  intentional because the data is being restored across backups and phone migrations. Whatever their reasons might be, there are large stakes at hand and one can only wonder – was it really worth it, Apple? Law suits will arise soon, and although there is currently no evidence that anyone outside the user itself can view the positioning data, it’s still suffice to say that it can prove to be a huge breach of security and intimacy.

Apple’s Product Security team was contacted but no one has responded. In the below video you can find out how Pete Warden and Alasdair Allan discovered and examined the consolidated.db file.