Tag Archives: Technology

Creepy? Maybe, but Employee Monitoring is Saving Companies Money

The practice of employee monitoring in the workplace has been evolving and is increasingly present in companies. As of this writing, 15% of companies on the prestigious Fortune 500 list have equipped their offices with tiny sensors created by the company Enlighted, which are used to find out how much time a worker spends at his or her desk, and also the time of first activity on their computers (used to determine when they begin the workday).

However, these aren’t the only companies to use this type of technology. Others have used biometric sensors manufactured by Humanyze to know exactly what their employees do in their working hours. The objective is to increase productivity and thereby achieve a more efficient use of resources. Hidden in the lights, walls, desks or even card readers, these sensors are installed with the intention of knowing as much as possible about what’s happening in the company.

One of benefits of this technology is knowing if the office space you use is inferior to its capacity. This would help companies decide whether or not it would be worth it to relocate to a smaller space. Other benefits include knowing when workers are most productive so as to readjust their schedules accordingly, knowing what time the office starts to fill up (and programming the power to turn on at that moment — some companies have already managed to save 25% on energy costs), or even having knowledge about which applications are being run on employee computers. On this last point, it could be possible to know if employees are accessing confidential data and whether, therefore, there is a potential risk to the company’s security.

Some companies have already managed to save 25% on energy costs with this technology.

Security and Confidentiality

When installing one of these employee monitoring systems, it is essential to have the best protection possible. For starters, any vulnerability in the new system could be exploited by cybercriminals to gain access to a great deal of information about the operation of your company, not to mention the possibility of manipulating said data.

Another major concern about having hidden sensors scattered throughout the office is the privacy of employees. Although in some countries it is allowed by law to install any type of sensor regardless of employee privacy, ideally employees will have given their consent. In fact, some companies and institutions, such as the British National Health Service, are already doing this with the consent of their workforce. Their employees are monitored voluntarily to measure, among other things, their movement or their location.

The post Creepy? Maybe, but Employee Monitoring is Saving Companies Money appeared first on Panda Security Mediacenter.

Mobile World Congress 2017: Are Future Technologies Safe?

“Technology is very hard to predict.”

So said Reed Hastings, Netflix CEO, during his keynote at this year’s Mobile World Congress when asked what his forecast was for future technologies over the next five to twenty years.

This year’s Mobile World Congress (MWC) was full of tech that gets us excited about the future though. From 5G, which could be up to a thousand times faster than 4G, to new real-world VR applications, the event over the years has become so much more than just a showcase for mobile devices.

We were able to check it out, and have put together a list of some of the technologies that got us most excited, and that we feel will form a big part of our future lives.

As Hervé Lambert, Global Consumer Operations Manager at Panda Security, was quick to point out though, there is a flipside. As he put it, as these new technologies advance, cyber criminals “will become more specialized with each type of attack and will go deeper into the system.” For every new exciting piece of tech, there is of course, the question of cyber security.

How will this tech shape our future and will it be one where we can feel safe in the physical and digital world?

Robots / AI

Driving home the MWC’s futurist appeal, as well as the fact that the event is more than a simple mobile device exhibition, was the amount of robots on display this year. PaPeRo, the human companion robot was demoed by various companies. Its impressive face recognition capabilities can be utilized for public safety, even being able to track lost children in shopping malls.

At the Ubuntu stall, meanwhile, REEM and REEM-C were both on display. REEM-C, which was designed by Barcelona-based PAL Robotics, is a flexible full-size humanoid biped robot that is used for different types of research, including AI.

Being connected to the Internet of Things (IoT) obviously poses potential risks.

REEM-C, for example, weighs 80 kg. In a future where robots are more widely available, a malicious attacker could cause real damage by taking control of such a heavy piece of machinery.

AI and big data analysis is actually being used today to make people safer though. During a keynote speech at the MWC, Takashi Niino, CEO and president of the NEC Corporation, described how real-time analysis with face recognition technology is being used in Tigre, Argentina to reduce crime. The highly accurate face recognition technology can be used to identify criminals, and even to detect suspicious behavior. Since the “urban surveillance system” was implemented, vehicle theft has gone down by 80 per cent in Tigre.

“AI will soon become a reality of most people’s daily lives”

As always, there’s another side to the coin though. Whilst high-speed data analysis allows law enforcement to act more efficiently, it also does the same for cybercriminals. “Cyber crime is increasingly becoming automated and the number of incidents are escalating exponentially”, said Hervé Lambert. “AI will soon become a reality of most people’s daily lives, so it is very important that its development is overseen responsibly by engineers that are specialized in intelligent security.

Virtual Reality (VR) / Augmented Reality (AR)

Virtual reality has been touted for a while as the next big thing in entertainment. We’ll be able to fully immerse ourselves in distant locations and invented realities. Arguably, its close relative, augmented reality (AR), is where the most life-changing innovation is going to take place though.

Several new VR/AR applications were on show at the MWC. Relúmĭno –which was on show at Samsung’s C-Lab VR projects stall– demonstrated an impressive practical application for VR. The Relúmĭno app, designed for Samsung’s Gear VR headset, acts as a smart visual aid for visually impaired people by remapping blindspots. The effect, when using the headset, can be described as seeing the world as a cartoon with edges and surfaces in your surroundings rendered as sharp black lines.

Other separate standalone projects, like Inflight VR, aim to enhance our inflight experience with VR entertainment. Flight notifications will appear at the bottom of the screen as you navigate the hand-tracking controlled system. LiveRoom, on the other hand, will allow people a more immersive retail experience with its AR capabilities, and can also be used to enhance the classroom experience.

What dangers do we face when it comes to VR/AR though?

VR and AR can be compared to social media, but on a whole other level. This means that when it comes to online privacy, the stakes will be much higher. An unfortunate example has already been seen of this in real life. Users have reported sexual harassment on VR, with inappropriate gestures by some gamers towards other players. Much like with social media, some users sadly see the anonymity afforded by their digital avatars as allowing them to act inappropriately in the digital world.

This type of problem could reverberate beyond just VR gaming though. It’s very likely that our digital avatars will become an even more important part of our lives in VR than they are now in the likes of Twitter and Facebook. If hackers can carry out ransomware attacks after retrieving information on social media, it’s possible that this type of attack will be an even bigger danger with VR in the future.

Connected and Autonomous Cars

One of the visions of the future presented at the MWC was one of people sitting back on their commute to work, in their driverless cars, as the vehicle safely takes control of everything.

Whilst this future may still be in the distance, some cars on display at the MWC are certainly taking us in that direction. Roborace showed off its “robocar” at the even, whilst Peugeot revealed its Instinct concept car, a futuristic and stylish vehicle that wouldn’t look out of place in a sci-fi movie. One of the Instinct’s capabilities is that it can change the ambience inside the vehicle, depending on the passenger’s mood. Stressed out after work? It’ll put you into a relaxed seating position and change the lighting to ‘ambient’.

As the car will connect to the IoT using Samsung’s Artik cloud platform, it will be able to seamlessly integrate your vehicle’s operating system with other devices. This could make your car remind you that a drive to the supermarket is in order, for example. Haven’t been keeping up with your fitness regime? Your car could encourage you to stop and jog the rest of your journey.

Potential risks

Of course there are potential risks when it comes to this technology. Though the technology doesn’t exist yet, there were many 5G demonstrations at the MWC. Most of these focused on reduced latency speeds, meaning that we’ll have a future where almost anything can be controlled in real-time. Could hackers take control of a vehicle that’s connected to the IoT and take it off course without the passenger realizing? It’s a scary prospect.

“Online security’s Achilles’ heel is the Internet of Things”

According to Panda Security’s Hervé Lambert, “online security’s Achilles’ heel is the Internet of Things”. It’s important for cyber security experts to keep up with tech innovations, as there’s no doubt that cyber criminals will too.

Lambert says that hackers aren’t the only worry though. It’s a possibility that in the future, “insurance companies could exploit driving data. This could include data about the way people drive and it could be used to increase insurance prices based on new criteria.” Insurers could have access to a huge amount of data, including where people drive and where they park.

Third-party data gathering could be taken to a whole new level. The IoT will massively benefit our lives, but sadly, it could also open a door to hackers and companies that are looking to financially exploit its users.

Honorable Mentions

“Smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.”

There was so much tech on show at this month’s Mobile World Congress that will undoubtedly shape our futures and improve our lives in many ways.

Just as autonomous cars look to be brining sci-fi predictions to real life, IIT’s grapheme electrode prosthetic is set to change people’s lives in a way that was previously only imaginable on the big screen. Think Luke Skywalker’s robot hand in The Empire Strikes Back. Graphene, a material that is invisible to the naked eye, will allow electrodes to be embedded comfortably into a robot-like prosthetic hand; a big advance in prostheses.

Drones were also a big draw at the MWC. Though they can be used for games as well as to record things from a distance, their most prominently discussed capacity at the MWC was for use in security systems. Whilst the flying machines will allow efficient surveillance, we also face the Orwellian prospect of drone surveillance as a means for law enforcement. Will they keep us safe or be used to control us? Only time will tell.

When pushed to give an answer for his forecast of the future, Reed Hastings said, “[at Netflix] we’re not sure if we’ll be entertaining you or AI.” While such advances in artificial intelligence are still a long way away, the Mobile World Congress has shown this year that technology will increasingly become a seamlessly integrated part of our very existence. Though future predictions are largely positive when it comes to new technologies, there’s a negative side that also merits attention.

As Hervé Lambert puts it, “smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.

Cyber security is undeniably a big part of the puzzle when it comes to a future of safe, smart, integrated cities.

The post Mobile World Congress 2017: Are Future Technologies Safe? appeared first on Panda Security Mediacenter.

Your Virtual Assistant Knows Quite a Lot about You

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/google-home-3-100×100.jpg

“OK, Google.” With this simple voice command, the Google Home smart speaker sprung to life in a recent Super Bowl ad for Mountain View’s virtual assistant. To the surprise of many viewers, so did the Google Home in their own living room. OK, indeed. Just one more reminder that virtual assistants, capable of turning on lights or putting together playlists or making purchases online, are also spies in our very own homes.

In fact, their gift for listening in on conversations and keeping them on file can make them a good helper for solving crimes as well. The local police in a US town asked Amazon if it would allow them to access the information of an Amazon Echo. The smart speaker may have stored information that could help clear up some points of their ongoing investigation. Ultimately, such a device will record anything that happens if prompted, and we’ve seen that sometimes its owner is not the only one to wake it up from its dormant state (OK, Google…). So, it begs the question: how can you wipe its memory?

Deleting the memory of Alexa and Google Assistant

Alexa, the virtual assistant that only speaks English (for now), is the brain of the Amazon Echo. She will be the brain behind other products, as well, it seems. In the last Consumer Electronic Show, Lenovo presented an affordable device that works with Alexa, and Huawei will integrate it into its Mate 9 smartphones. In order to protect our privacy, it will come in handy to know how to delete the information they keep squirrelled away on their servers.

For Alexa, you can do it either from the app itself, available for Android and iOS, or from the website. It’s as simple as going to Settings, History. From there, you can select the files you wish to delete permanently (or the, um, evidence you wish to destroy). From the website the process is slightly different, but just as simple. Just go to the menu that allows you to manage your content and devices. From there, select the Amazon Echo and request to delete recordings.

The procedure is similar for deleting data from Google Assistant, the virtual assistant that for now is only available for Google Home, Android Wear, Google Allo, and the Google Pixel. From My Activity, the page that allows you to see an overview of your activity on Google’s various services, you can filter results to only see the data kept by your virtual assistant, or Voice and Audio services. Once there, you can either delete all the files at once, or just start clicking away and have a field day deleting them one by one.

In culling as much information on us as possible, the obvious goal of these virtual assistants is to offer more personalized services. But it’s nice to know that the dirt they have on you can be swept under the rug without any hassle.

The post Your Virtual Assistant Knows Quite a Lot about You appeared first on Panda Security Mediacenter.

How to Hide Information with Ordinary Office Printers

The printer you have in your office may be less innocent than you thought. Some experts have already shown that they can even become a steganographic tool, the art, well-known in computer security, of hiding information from prying eyes.

A few years ago, the Electronic Frontier Foundation, an organization that defends civil liberties on the internet, reported that some laser printers included a code on the documents they printed that could be viewed with a certain light and a microscope. Manufacturers later had to admit that the US secret services had, apparently, reached an agreement with them so as to identify counterfeiters with that hidden code.

Researchers at the University of Utah have now shown that a conventional inkjet printer such as the one above your desktop can be used to print hidden images invisible to the human eye.

Messages hidden with silver and charcoal

Experts have used a silver and carbon ink to print an image formed by small rods of a millimeter in length and a few hundred microns in width. By varying the proportion of silver and coal, the conductivity of each bar also changes. The human eye is unable to perceive this modification. Using harmless terahertz radiation, which is located in the electromagnetic spectrum between infrared and microwave and is able to traverse opaque objects, the information encoded in the conductivity can be unveiled.

In a study published in the journal of the Optical Society (OSA), researchers demonstrated their new method by hiding QR codes in an image. At first glance, they looked just like an array of identical lines, but, thanks to terahertz radiation, the QR code was discovered. With this method, they have even camouflaged color QR codes.

“Our very easy-to-use method can print complex patterns of rods with varying conductivity,” explained Ajay Nahata, one of the authors of the study. “An added benefit to our technique is that it can be performed very inexpensively.”

Printers used for espionage?

Although they performed this test using relatively simple and small QR codes, they believe the technique could be used to conceal information in more detailed and complex images.

In World War I, the Germans used lemon juice in their letters as invisible ink to escape censorship. Now, the researchers at the University of Utah have shown that there are far more sophisticated ways of hiding information, and there is no need to dig too deep into your pockets to use it.

They also plan to develop inks that need to be heated or exposed to light at a given wavelength to uncover information. Will invisible inks for printers become a new way of hiding confidential information? We may never know.

The post How to Hide Information with Ordinary Office Printers appeared first on Panda Security Mediacenter.

What You Need To Know About The iMessage Security Flaw

With everything that’s gone down in 2016 it’s easy to forget Tim Cook’s and Apple’s battle with the FBI over data encryption laws. Apple took a strong stance though, and other tech giants followed suite leading to a victory of sorts for (the little guy in) online privacy. In this era of web exposure, it was a step in the right direction for those who feel our online identities are increasingly vulnerable on the web.

All of this stands for little though when a security flaw in your operating system allows carefully encrypted messages to be effectively decrypted offline. That’s what happened to Apple with its iOS 9.2 operating system. Though the patches that ensued largely fixed the problem, the whole issue has understandably left iOS users with questions. What really happened and are we at immediate risk?

What Is The iMessage Security Flaw?

A paper released in March by researchers at John Hopkins University exposed weaknesses in Apple’s iMessage encryption protocol. It was found that a determined hacker could intercept the encrypted messages between two iPhones and reveal the 64-digit key used to decrypt the messages.

As iMessage doesn’t use a Message Authentication Code (MAC) or authenticated encryption scheme, it’s possible for the raw encryption stream, or “ciphertext” to be tampered with. iMessage instead, uses an ECDSA signature which simulates the functionality. It’s still no easy feat exploiting the security flaw detailed by the researchers. The attacker would ultimately have to predict or know parts of the message they are decrypting in order to substitute these parts in the ciphertext.

Using this method, a hacker can gradually figure out the contents of a message by replacing words. If they figure out, for example, that they have successfully replaced the word “house” in the message for “flat” they know the message contains the word “house”. Knowing whether the substitution has been successful though, is a whole other process which may only be possible with attachment messages.

It may sound simple, but it really isn’t. The full details of the security flaw, and the complex way it can be exploited are detailed in the John Hopkins paper.
The paper includes the recommendation that, in the long run, “Apple should replace the entirety of iMessage with a messaging system that has been properly designed and formally verified.

Are iMessage Users At Immediate Risk?

Despite the recommendation, the answer is no. It is very unlikely. One thing that should be made clear is that these weaknesses were exposed as a result of months of investigation by an expert team of cryptologists. The type of hacker that would take advantage of these weaknesses would undeniably be a sophisticated attacker. That of course doesn’t mean that Apple shouldn’t take great measures to eradicate this vulnerability in their system.

Your messages, though, are not immediately at risk of being decrypted, and much less if you’ve installed the patches that came with iOS 9.3 and OS X 10.11.4 (though they don’t completely fix the problem). Tellingly, the flaws can’t be used to exploit numerous devices at the same time. As already mentioned, the process that was exposed by the John Hopskins paper is incredibly complex and relies on various steps that are by no means easy to complete successfully.

All of this means that it would take a very sophisticated attacker a complex and lengthy process (up to and beyond 70 hours) to decrypt one message. iMessage has a supported base of nearly one billion devices and handles more than 200,000 encrypted messages per second. We’ll let you do the math there but it seems highly unlikely that a hacker would try to exploit this weakness unless they’re trying to uncover very sensitive and important data.

A hacker would most likely carefully vet their target as someone who possesses valuable information that could then be contained within that person’s messages. If a hacker’s investing 70 hours of their time to uncover cat pics, the joke’s really on them.

Could this have any connection with the FBI encryption dispute?

Matthew D. Green, the well-known cryptographer and leader of the John Hopkins research team, has spoken with the Washington Post about the implications of his team’s research. “Even Apple, with all their skills -and they have terrific cryptographers- wasn’t able to quite get this right. So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.

So you’d probably need the resources of say, the FBI, to pull off an attack exploiting the vulnerability exposed in the John Hopkins paper. It seems very unlikely that individuals would be targeted en masse. 2016 has been such a surreal year though, who are we to say what is and isn’t possible?

The post What You Need To Know About The iMessage Security Flaw appeared first on Panda Security Mediacenter.