Parcel Robots On Trial In London

Hermes, the courier company, is to operate a trial scheme of autonomous, parcel collection robots on the streets of Southwark in London.

Collection Nearby Using Secure Compartment

Each of the six-wheeled robots will collect a parcel of up to a maximum 10kg in weight from an address within a two-mile radius of the control centre, and will be allocated a 30 minute time slot to complete the collection in. The robots are able to negotiate urban paved areas at speeds of up to 4mph.

Secure Compartment

The robots each have a secure compartment that the parcel is stored in during the journey, and the parcel’s recipient at the other end can open the compartment by entering an access code that has been texted to their smart-phone.

Starship Robots Just The Beginning

The robots being used in the trial have been developed by Starship Technologies, who are the same company that supplied robots for a similar pilot scheme (only for Domino’s Pizza deliveries instead of parcel collections) in the city of Hamburg in Germany earlier this year.

Starship Technologies was launched in 2014 by Skype co-founders Ahti Heinla and Janus. The company is one of several new ‘professional service robotics’ companies, along with Marble and Boston Dynamics.

International Federation for Robotics (IFR) forecasts estimate that between 2016 and 2019, logistics businesses will have started using at least 175,000 robots to provide their services. This is a very big number and a bold forecast, particularly when you consider that UPS’s entire global fleet of trucks numbers 100,000.

What Are They Like?

The wheeled, ground-based robots taking part in the London trial are relatively small at only 55cm (22in) tall and 70cm (28in) long. They weigh 18kg (40lb).

Hazardous?

Although Hermes and Starship plan to keep each robot under close supervision by human operators using on-board cameras, the relatively small size of the robots, and the fact that they are unfamiliar and unexpected have prompted some people to point out the hazard that they could cause to pedestrians and road users.

If more companies opt for robot delivery and collection units and if (as Starship have reportedly said) that one operator could in future control up to 100 robots (to increase cost effectiveness), the pavements could become very busy with potential trip-hazards.

What Does This Mean For Your Business?

If your business operates regular deliveries and collections of small but relatively high-value products / items over short distances e.g. 2 miles, autonomous robots may (if the price was right) sound like a possible innovative logistics solution for the not-too-distant future. If, as the predictions state, there is wide-scale adoption of these robots by businesses and operators are able to safely control multiple robots, the cost of the technology, hardware and labour may fall over time to the point where they are a cost effective, relatively safe and environmentally friendly option.

Read More

Scammers Burgling Airbnb Users. Again.

Scammers have used the stolen account details of Airbnb users to target properties for burglaries.

What Is Airbnb?

Airbnb is an online marketplace that allows people to rent out their properties or spare rooms. Hosts can register on the site, set a price per night for their accommodation (which is typically lower than a hotel price), upload pictures of what’s on offer, and set house rules. Potential guests go to the Airbnb website, select their travel dates, and then pick from a list of options. Guests and hosts write reviews about each other.

Airbnb guests can verify their profiles by submitting identification (such as passport details) to Airbnb and ‘good’ guests with good ratings and reviews are preferred by property owners.

The Scam

The recent four-stage criminal process has meant that scammers have:

  1. Obtained the stolen account details of verified Airbnb customers who have good reviews. These account details are believed to have been obtained in the first place via password dumps from previous hacks as well as from online scams such as phishing and malware attacks.
  2. Accessed the customer accounts using the stolen details and changed some of the key personal details, such as the name, location and photograph.
  3. Targeted properties and made bookings using the altered accounts.
  4. Burgled the targeted properties.

Not The First Time

This is not the first time that Airbnb properties have been targeted by burglars. Last summer in the US, thieves were booking Airbnb properties and then cancelling the booking last-minute as soon as the property’s security codes (garage codes, key codes, alarm codes) had been given to them. The properties were then immediately burgled.

New Security Measures

In the light of the recent scams, Airbnb have announced that they introducing new measures to improve their scam detection and prevention methods. These improved security measures include sending text warnings if profiles are altered and requiring potential guests to use two-factor authentication when logging in to Airbnb on a device that has not previously been used to access their account. It has been reported that those property owners whose properties have been burgled as a result of the scam will be reimbursed by Airbnb, which offers hosts a $1 million insurance policy.

What Does This Mean For Your Business?

This story illustrates how vulnerable single stage, simple password verification systems are to attack, even if some form of ID verification has been carried out in the past. Businesses who collect, store, and use the personal data of customers (e.g. for booking / ordering) firstly need to make sure that the data is securely protected. Secondly, multi-stage / two-stage verification processes with each login should be used in place of simple password logins. Some organisations are now using biometric systems to make account access even more secure.

Read More

No More Vodfone Roaming Fees In Most of Europe

Vodafone have announced that they will be scrapping roaming fees for their new customers in most European countries.

What Are Roaming Fees?

Roaming fees / charges are the fees in addition to the usual phone plan charges that smart-phone users have to pay when they use an overseas network to get online while travelling abroad. These charges, enabled via international agreements between mobile operators (typically at higher rates than in the UK) and apply the moment that your phone is detected by the overseas network.

Calls and texts made / sent from your mobile while abroad are also typically more expensive. You can also be charged extra to receive a call or pick up a voicemail message while overseas and, if you pick up voicemail while your phone is registered overseas, you can be charged an overseas rate for the message being left, in addition to being charged to pick the message up.

What’s The Vodafone Deal?

The Roam Free deal from Vodafone, which applies only to new customers or those upgrading an existing pay monthly contract, means that roaming charges (for calls, texts and data) will be ditched for using your mobile abroad in 40 countries from 15th June this year.

The 40 countries are mainly European, and the list also includes some non-EU states e.g. Norway, Iceland and Turkey. The full list of countries can be found here: http://www.vodafone.co.uk/cs/groups/public/documents/webcontent/vfcon079682.pdf

Further Afield?

Roam Further means that Vodafone customers can use their monthly allowance in 60 countries outside the EU for an additional £5 per day and Vodafone will also be giving its customers access to 4G in 117 destinations worldwide. Existing Vodafone customers will have to pay £3 a day to use their phone in the EU or £5 a day to use it outside Europe.

EU Roaming Charges Dropped From June Anyway

The Vodafone deal sounds a little less special however when you consider that roaming charges will be dropped by mobile networks across Europe anyway from 15th June anyway (the same date as the offer to Vodafone’s new customers). This is as a result of a deal between networks whereby they will be cutting the roaming rates that they charge each other. As from 15th June, networks will pay each other 3.2 cents per minute for calls, 1 cent per text message and €7.70 per minute for data, which will drop in price again to €2.50 by 2021.

One good thing about the Vodafone deal (which essentially appears to be designed just to attract new customers and to encourage upgrades)  is that it may offer protection against phone charges rising again for UK customers when Britain leaves the EU (Brexit).

Many technical and communications commentators believe that mobile networks are likely to raise the base prices for their contacts from June to help make up for the lost revenue of no more roaming charges.

What Does This Mean For Your Business?

The dropping of roaming charges from the 15th June will, of course, mean a welcome cost-cut and one less worry for business phone users who need to travel to European destinations. The Vodafone deal may be good news for business customers looking to switch to a network that offers some insulation against the extra costs of Brexit.

Read More

Virgin Now Making Customer Hubs Into ‘Wi-Fi Hotspots’

After a successful trial last year (and following BT’s lead) Virgin Media is boosting its public Wi-Fi network by making customers’ SuperHub routers double as public Wi-Fi hotspots.

What Is A Wi-Fi Hotspot?

A Wi-Fi Hotspot is a location where wireless access to a network and / or the internet can be gained (via a wireless local area network / WLAN and a router) for mobile devices e.g. laptops, notebooks, and smart-phones. These hotspots are usually in public locations and usually work up to 30 feet or so from the router.

Up To The Customer To Opt Out

Virgin Media’s customers’ SuperHub v3s are automatically being converted to act as Wi-Fi hotspot beacons for the public network, in addition to their current primary job of providing a Wi-Fi connection for the customer.

The ‘public’ who will be able to access the network via the new hotspots will only be current, paying subscribers of Virgin’s TV, broadband or mobile phone services.

Virgin Media’s customers, whose SuperHubs are being used as hotspots, are currently being informed about the change via email, and have the choice to opt out of the scheme if they wish.

Virgin Media customers can start using the hotspots by downloading the Virgin Media Wi-Fi app for iOS and Android.

Why Create Hotspots?

Virgin Media needs to expand its public network and this is an ideal way to achieve it without having to invest heavily in new infrastructure.

A similar scheme worked for BT Wi-Fi. ‘FON’ used customer hubs as Wi-Fi hotspots to expand the public network and enable other BT customers to take advantage of it, free of charge. FON however, also allowed non-BT customers to use the Wi-Fi hotspots for a charge.

Customer Connection and Security Concerns

Virgin Media have stated that the new scheme will not adversely affect customers’ own broadband connections because these have their own separate connection on the Hub, and their own additional, separate bandwidth.

Customer concerns that the hotspots could represent a personal data security risk have also been addressed by Virgin Media, who have pointed out that data from the home network is completely separate and secure from Virgin Media Wi-Fi traffic, and Virgin Media Wi-Fi users and Virgin Media Broadband users (from the same Hub) will not be able to see or access anything of each other’s connections, activities or data.

What Does This Mean For Your Business?

If you are a business that uses Virgin Media as a broadband provider through a SuperHub, you may find it helpful that you will now soon have a Wi-Fi hotspot that your other devices can use.

You may decide however, that you are not comfortable with being automatically opted-in to allowing your business Hub to be retrospectively changed into part of a network that could be used by people not connected to your business. You may also, despite re-assurances, have your own concerns and reservations about the fact that your confidential customer and employee data is technically joined to the same box as a public network. You even may wish to seek your own reassurances or choose to opt-out.

Read More

Your Ad Blocker Be Helping Advertisers To Target You

A French study has shown that even though your ad blocker may be stopping unwanted adverts, it could also be identifying you to advertisers, thus making you more likely to be targeted in future!

The Study

A recent online study by French researchers Inrialpes, which builds upon previous EFF research from 2010, has shown that the Browser Extensions (including ad blocker extensions) you have, and “Login-Leak” i.e. details of the (social media) websites that you have logged-in to as identified by your browser, can mean that advertisers can piece together the information to identify you. This could mean that even though (and partly because) you have an ad blocker (extension) in place to protect you from unwanted adverts and slow page downloads, you can be easily and accurately identified by advertisers, which could lead to targeting by them.

How?

The research identified how several elements can be combined to create a clear, unique, identifiable online fingerprint of you to advertisers, even if you clear your cache or take other privacy-protecting measures. The suppliers of these elements were found to include:

  • Third party cookies that track you and can be identified when you arrive at other sites where the same advertiser’s cookies have been placed.
  • Information about your browser’s configuration e.g. version, language, timezone.
  • Data given via an estimated 13,000+ browser extensions. This could include ad blocker extensions. This data can be obtained by exploiting websites that can access browser extension resources.
  • Information gained about what kinds of plug-ins you are using.
  • Information gained using re-direction URL hijacking about websites that you are logged into e.g. social networks like Facebook, Instagram and Twitter, plus other websites such as Amazon, Gmail and Airbnb.
  • Information gained via the Content-Security-Policy (a security feature that limits what the browser can load for a website).

This kind of information and the web user identity profiles that it helps to create have a value to advertisers, and to those selling advertising space.

What Does This Mean For Your Business?

Business time, resources, and security are important and there are steps that you can take to preserve these by making yourself less likely to be identified via the methods described. Technical commentators suggest that you can use Mozilla’s Firefox browser because it is less “leaky”, make sure that you log out of your social networks and other websites e.g. Amazon when you’re not using them, and use “private browsing” / “browsing in incognito” mode.

Read More

Clever Drawing App from Google With “Auto-Correct”

Google has launched Auto Draw, an innovative AI ‘auto correct’ art app that uses predictive and shape recognition technology to help improve and complete drawings with a professional artistic flair.

Improves Your Doodles

Using the same technology as its earlier ‘Quick Draw’ experiment which employed AI to guess what a person was drawing, the new AI ‘Auto Draw’ online app allows you to create a doodle which is then improved upon by the app. You can then choose to replace your doodle with the app’s improved version. You can also choose to use your own version of the drawing, choose to use drawings submitted by other artists or even submit your own drawings to Auto Draw.

How To Use It

Auto Draw is a free online app that can be found at https://www.autodraw.com/. It can be used anywhere on any device – Chromebook, PC, desktop or phone.

Once at the website, click on the Auto Draw pen tool and draw your doodle / shape. Suggestions (better pictures) of what your shape is will then be displayed above the picture. Clicking on one will mean that your shape / doodle is replaced with the improved version. The size and colour of the shape can be changed, and text (with 15 different font style choices) can be added.

This new version of your image / annotated image can then be downloaded as a .png file or can be directly shared on Facebook, Twitter, and Google+ (because it’s a Google app).

AI Trained

Google’s Auto Draw uses Google’s neural network to power the predictive aspect of the app. Auto Draw’s AI learning was partly achieved by asking multiple web users to draw an object in under twenty seconds. The more people that drew shapes with the online app, the better the AI system got at interpreting what that drawing was and at suggesting (improved) relevant versions of it.

Poker Example

A recent high-profile example of how significant AI learning can be achieved was the Lengpudashi Poker program that learned how to play Poker and to bluff successfully to the point where it defeated 4 of the world’s leading human Poker masters. The program honed its skills by incorporating the lessons learned from playing 360,000 hands over a five-day period.

What Does This Mean For Your Business?

At the very least, Auto Draw is another free drawing app that your business can use for all kinds of digital needs e.g. websites and multiple document types. However, Auto Draw also offers you a fast way to produce high quality, tidy, basic sketches / doodles that can be used / shared by your business to help communicate plans and ideas e.g. as part of business projects and communications. It means that individual artistic ability or ability to use image programs like Photoshop needn’t be a barrier for anyone who needs to produce presentable doodles / sketches. The AI aspect of the app means that is likely to get even faster and better the more that it is used.

Read More

Robot Wins Poker Competition

In only the second triumph of its kind, an AI program has beaten expert human competitors to the prize money in a series of exhibition poker matches.

Team Dragon Vs AI Program

In a series of poker matches totalling 360,000 hands and hosted in Hainan island (China) over a five-day period, a group of engineers, computer scientists and investors called “Team Dragon” played an AI program for prize money.

Team Dragon, led by a venture capitalist and World Series of Poker veteran Alan Du, ended up being convincingly beaten out of the prize money of £230,000 by an AI program called Lengpudashi.

Winning Pedigree

The Lengpudashi program (the name means ‘cold poker master’), housed in a supercomputing centre near Carnegie Mellon University in Pittsburgh, is an updated version of the AI program called Libratus. That program famously won more than $1.5m (£1.2m) worth of chips when it defeated 4 human poker experts at the Rivers Casino in Pittsburgh in a 20-day tournament back in January.

The AI systems were developed by Tuomas Sandholm, a computer science professor at Carnegie Mellon University in the US and PhD student Noam Brown.

How Did It Win?

The AI program used algorithms based on the rules of the game and its ability to learn from each hand to develop winning strategies.

Learned to Bluff

One of the most exciting aspects of Lengpudashi’s victory is that poker is an “imperfect information game” i.e. unlike chess, all the pieces of the game are not visible. In order to win, the computer program not only has to learn complex strategies but must also learn how to bluff when it has a weak hand (in order to increase winnings). Up until now, this was an element of sophistication that people had thought computers could not learn.

One of the main reasons why AI programs are entered into these kinds of challenges is to hone their strategic decision-making and increase their abilities.

What About The Prize Money?

The AI program may know how to accumulate money but its intelligence has not yet extended to knowing how to spend it. The prize money from the program’s win is therefore going to be invested in a firm called Strategic Machine, a firm founded by Tuomas Sandholm and Noam Brown.

What Does This Mean For Your Business?

The fact that AI algorithms and program have now been developed that can use information and output a strategy in a range of scenarios means that they could have wider uses in the business world e.g. in negotiations, finance, medical treatment and cyber security.

This story also illustrates how important the investment has been in big data analysis for increasing the speed of development of AI, which in turn could benefit many businesses in the future.

The fact that the computing power on display over the poker competition could be had for under $20,000, also illustrates how affordable AI is becoming for businesses.

Read More

Your PIN Numbers Can Be Guessed When You Tilt Your Phone

Researchers from Newcastle University have discovered that how you tilt your smart-phone when you type in your secret PINs and passwords could increase the likelihood of them been obtained by hackers due to mobile browsers and phone sensor vulnerabilities.

Accessing Your Smartphone’s ‘Silent’ Sensors

The team from the university’s School of Computing Science believe that the many (typically 25+) silent sensors such as gyroscopes, rotation sensors, and accelerometers that are included in today’s smart-phones, tablets and wearables could provide a way for criminals to use malware-loaded web pages (viewed through your mobile browser) to spy on what we type in.

The fact that the sensors in one device are made by many different companies is also thought to increase the risk of being spied upon.

Mobile Browser Flaw Means No Permission Needed

The researchers found that a security deficiency in all major mobile browsers (including Safari, Chrome, Opera and Firefox) means that embedded JavaScript code in a web page is able to access the motion and orientation sensors on a mobile phone without requiring any user permission.

Tilting Danger

One very interesting aspect of the research is that it was possible to work out which part of a web page that a smart-phone user is clicking on, and what they are typing in by the way that their smart-phone is tilted at the time.

The researchers (who were able to obtain 4-digt Android pins with 70% accuracy on the first guess and 100% on the 5th) have said that this was made possible using a known web page loaded with spyware program, coupled with each person’s unique way of holding (and tilting) a smart phone. This unique, personal phone holding / tapping pattern could be obtained from the sensor information in the phone.

Sounds A Bit Complicated

It has been reported that the vulnerability identified by the researchers is something that phone manufacturers are aware of, but have not yet figured out how to fix (or deemed the risk pressing enough to commit significant resources to).

What Does This Mean For Your Business?

Even though the particular risk identified in this research appears to be one of the less obvious ones, and one for which there is no fix / patch as yet, taking general security precautions with your business mobile devices is important anyway. For example, keep security software current, delete the apps you no longer use, use strong passwords, use security and privacy settings on websites and apps, disable WiFi and Bluetooth when not in use, beware of fraudulent text messages / calls / voicemails, and be careful about what personal information you store on the device or give out  through apps and websites.

Read More

Microsoft Word Hack – Patch Available

Microsoft has moved to patch a vulnerability in its ‘Word’ program in order to stop hackers and scammers from exploiting it to spread bank account snooping malware.

What’s Been Happening?

Emails containing Microsoft RTF [Rich Text Format] attachments, loaded with the trojan malware associated with a £20m British bank account theft 2 years ago, have recently been sent to millions of recipients across numerous organisations (primarily in Australia).

The scam, which was discovered by cyber-security firm Proofpoint, relied upon human error to click on the attachment to trigger the malware, and upon a “zero day” vulnerability (a flaw / unknown exploit) that could allow the malware program to run.

The reports of this incident prompted Microsoft to release a patch to Word which should stop the same thing from happening again.

Arrived By Email

The malware-loaded Microsoft documents were sent to their targets by emails from “<[device]@[recipient’s domain]>”. The ‘device’ part of the sender’s address was “copier”, “documents”, “noreply”, “no-reply”, or “scanner”, and the subject line read “Scan Data”. The attachments were named “Scan_123456.doc” or “Scan_123456.pdf”, where “123456” was replaced with random digits.

What Kind of Vulnerability In Word?

The zero-day vulnerability in Microsoft Word (until the patch) meant that Microsoft RTF [Rich Text Format] Word documents laden with macros i.e. full of small malicious programs (rather than the normal customisable shortcut programs), could load malware onto the computer without users having to enable macros for the exploit to execute.

This means that, after clicking on an infected RTF Word document email attachment, and despite the presentation of a dialog box, the malware would load immediately onto the computer, and would fully exploit the recipient’s computer to achieve its ‘snooping’ aim.

The vulnerability affects Microsoft Office, including the latest Office 2016 edition running on Windows, but it is not clear whether Word for Mac is affected.

What Does The Malware Do?

The malware in this recent incident is reported to have been “Dridex”. This is a notoriously sneaky trojan program that snoops on the recipient’s bank account details and logins, and then sends them back to the attackers.

In past incidents, this has resulted in lots of small transaction amounts being taken from a victim’s bank account over time.

The Patch

As of Tuesday 11th April, Microsoft customers who have updates enabled should receive the patch automatically.

What Does This Mean For Your Business?

This is another example of how cyber-criminals are using a combination of social engineering, macros, and other elements to achieve their aims. The fact that this scam requires the human error of clicking on attachments means that businesses can help to protect themselves by educating staff not to open unknown files, and not to download content from untrusted sources.

In this case, as well as recommending that businesses apply the patch as soon as possible (provided that they have release version of Service Pack 2 for Office 2010 installed on the computer ), some security experts are also recommending the complete blocking of RTF documents in Microsoft Word via the File Block Settings in the Microsoft Office Trust Center.

Read More

Tougher US Border Checks Could Mean Divulging Passwords

It has been reported that President Trump’s administration may be about to introduce new measures that will require foreign travellers give up their phones / mobile devices and various passwords when entering the US.

Bon Voyage?

The new rules will even apply to those countries that are part of the visa waiver programme i.e. 38 countries including the UK, Ireland, and France. It has been reported that border checks may also require passengers to reveal their social media account passwords, mobile phone contacts, and even financial data in order to legally enter the country.

Where There Is Doubt?

Reports indicate that this kind of information may be required by the Department of Homeland Security where there is doubt about a person’s reason for entering the country.

Could Apply To Anyone But US Citizens

Although US citizens have established rights against being subjected to unlawful searches at the border, the current word from the US Customs and Border Protection agency to all international travellers arriving to the US is to be prepared for an inspection. This could include electronic devices e.g. computers, disks, drives, tapes, mobile phones / other communication devices, cameras, music / media players and any other electronic or digital devices.

Concerns

Human rights and civil liberties groups are reported to be concerned that proposals to gain access to social media accounts, emails, and devices could be a serious, excessive, and unnecessary invasion of privacy that could end up discouraging people from travelling to the US, thus damaging its economy.

Already Possible In The UK

Some commentators have noted that Schedule 7 of the Terrorism Act 2000 means that travellers to the UK can, in theory, already be asked for information such as passwords for electronic devices.

Not A New Idea

Requiring information linked to social media accounts for entry into the US is not a new idea. Back in July 2016, the Federal Register of the U.S. government published a proposed change to travel and entry forms which indicated that the studying of social media accounts of those travelling to the U.S. would be added to the vetting process for entry to the country.

It was suggested that the proposed change would apply to the I-94 travel form, and to the Electronic System for Travel Authorisation (ESTA) visa. The reason(s) given at the time was that the “social identifiers” would be: “used for vetting purposes, as well as applicant contact information.

What Does This Mean For Your Business?

If you are a business traveller to the US, you may now decide to take as few electronic devices as possible with you. You may also wish to make sure that your social media profile, email accounts, and devices don’t contain any material that could cast any doubt upon or create suspicion about your reasons for entering the US. (Or that of your staff)

Too many border rules that appear to be excessive and intrusive, could end up deterring some UK business travellers from making all but the most necessary business trips to the US, which may have an effect on UK / US business relationships.

Read More
Recent Comments
    Categories