Internet-Connected Cars a Magnet for Hackers, US Official Says

Internet-Connected Cars a Magnet for Hackers, US Official Says

Internet-connected and driverless cars will be targets for hackers including terrorists and hostile nations so the automotive industry must ensure vehicles have built-in cyber-security protection, a top US Justice Department official said.

“There is no Internet-connected system where you can build a wall that’s high enough or deep enough to keep a dedicated nation-state adversary or a sophisticated criminal group out of the system,” John Carlin, US assistant attorney general for national security, said Tuesday at an auto industry conference in Detroit.

The burgeoning market for cars connected to the Internet is expected to be valued at about $42 billion (roughly Rs. 2,78,715 crores) by 2025, with more than 220 million vehicles on the roads.

US agencies and regulators are trying to make the auto industry more aware of cyber threats and quicker in acting to plug security gaps, Carlin said, and agencies can share information about threats with companies.

“This will be the next battlefront,” Carlin told reporters after his keynote speech at the SAE 2016 World Congress. “Right now what we have is this combination of carrots and sticks, and there’s not a one-size-fits-all protocol that’s been mandated by statute.”

Questions about the auto industry’s responsiveness were raised last year when Fiat Chrysler Automobiles waited 18 months to tell federal safety regulators about a security flaw in radios being installed in more than a million vehicles that security researchers exploited in July, seizing control of a Jeep just to show it could be done. The episode led to the recall of almost 1.5 million vehicles the first auto recall prompted by cyber-security concerns.

Carlin said government agencies and companies across different industries are in the “early days” of dealing with rapid technological change and with laws and regulations on cyber-security that are “very unsettled.” For the most part, the government encourages companies to take steps voluntarily to secure their products and services.

Hackers of all varieties could try to do harm through connected cars, Carlin said.

“If you were able to do something that could affect a large scale of an industry like 100,000 cars you could see that being in the arsenal of a nation-state’s tool kit as a new form of warfare,” he said.

“We’ve seen rogue nation states try to assassinate those that do not share their beliefs,” Carlin said. “If they were able to do it remotely through a car, I don’t see why they consider that a safe zone.”

Google Wants to Help You Find Time for What You Love

Google Wants to Help You Find Time for What You Love

If you are unable to find time for the things you love with your hectic work life getting in the way, Google thinks it may have a solution. The search giant is introducing a new feature into its Calendar app called Goals that will help you find the right time to do these activities.

“One day it’s ‘I got called into a last-minute meeting.’ The next day it’s ‘I have a friend in town,'” Jyoti Ramnath, product manager for Google Calendar, wrote in an official blog post. “And before you know it, your goals are delayed or forgotten. In fact, with all the things you need to do in a given week, it’s probably harder than ever to find the time-even when your goal really matters to you.”

Goals works by locating gaps in your busy schedule, and then fits in your desired activity accordingly. And setting it up is easy enough: pick “Goal” after hitting the add button, and answer a couple of questions from what you plan to take up, how often you want to do it, for how long and what’s the best time for you during the day.

google-calendar-goals-01.gifSome apps such as the language-learning app Duolingo and activity tracker app Runkeeper have been helping users set reminders and make a schedule for future events for a while now, and even encourage sharing to social networks in a bid to crank up the social pressure which should help reinforce positive habits, they believe.

For now, Goals seems to be geared towards working with you, as it automatically reschedules the activity should something at work come up or you decide to postpone it in lieu of doing something else.

FBI Paid Hackers to Get Data From San Bernardino Shooter’s iPhone

FBI Paid Hackers to Get Data From San Bernardino Shooter's iPhone: Reports

The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.

The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the US government. They were paid a one-time flat fee for the solution.

Cracking the four-digit PIN, which the FBI had estimated would take 26 minutes, was not the hard part for the bureau. The challenge from the beginning was disabling a feature on the phone that wipes data stored on the device after 10 incorrect tries at guessing the code. A second feature also steadily increases the time allowed between attempts.

The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reportshad suggested, people familiar with the matter said.

The US government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.

The people who helped the US government come from the sometimes shadowy world of hackers and security researchers who profit from finding flaws in companies’ software or systems.

Some hackers, known as “white hats,” disclose the vulnerabilities to the firms responsible for the software or to the public so they can be fixed and are generally regarded as ethical. Others, called “black hats,” use the information to hack networks and steal people’s personal information.

At least one of the people who helped the FBI in the San Bernardino, California, case falls into a third category, often considered ethically murky: researchers who sell flaws to governments, companies that make surveillance tools or groups on the black market.

This last group, dubbed “gray hats,” can be controversial, because critics say they might be helping governments spy on their own citizens. Their tools, however, might also be used to track terrorists or hack an adversary spying on the United States. When selling exploits to governments or on the black market, these researchers do not disclose the flaws to the companies responsible for the software, as the exploits’ value depends on the software remaining vulnerable.

In the case of the San Bernardino iPhone, the solution brought to the bureau has limited shelf life.

FBI Director James B. Comey has said that the solution works only on iPhone 5c’s running the iOS 9 operating system – what he calls a “narrow slice” of phones.

Apple said last week that it would not sue the government to gain access to the San Bernardino solution.

Still, many security and privacy experts have been calling on the government to disclose the vulnerability data to Apple so that the firm can patch it.

If the government shares data on the flaws with Apple, “they’re going to fix it and then we’re back where we started from,” Comey said in a discussion at a privacy conference last week. Nonetheless, he said Monday in Miami, “we’re considering whether to make that disclosure or not.”

The White House has established a process in which federal officials weigh whether to disclose any security vulnerabilities they find. It could be weeks before the FBI’s case is reviewed, officials said.

“When we discover these vulnerabilities, there’s a very strong bias towards disclosure,” White Housecyber-security coordinator Michael Daniel said in an interview in October 2014, speaking generally and not about the Apple case. “That’s for a good reason. If you had to pick the economy and the government that is most dependent on a digital infrastructure, that would be the United States.”

But, he added, “we do have an intelligence and national security mission that we have to carry out. That is a factor that we weigh in making our decisions.”

The decision-makers, which include senior officials from the Justice Department, FBI, National Security Agency, CIA, State Department and Department of Homeland Security, consider how widely used the software in question is. They also look at the utility of the flaw that has been discovered. Can it be used to track members of a terrorist group, to prevent a cyberattack, to identify a nuclear weapons proliferator? Is there another way to obtain the information?

In the case of the phone used by the San Bernardino terrorist, “you could make the justification on both national security and on law enforcement grounds because of the potential use by terrorists and other national security concerns,” said a senior administration official, speaking on the condition of anonymity because of the matter’s sensitivity.

A decision also can be made to disclose the flaw – just not right away. An agency might say it needs the vulnerability for only a few months or that its utility will quickly diminish.

“A decision to withhold a vulnerability is not a forever decision,” Daniel said in the earlier interview. “We require periodic reviews. So if the conditions change, if what was originally a true [undiscovered flaw] suddenly becomes identified, we can make the decision to disclose it at that point.”

PoochO Carpool App Launched Ahead of Delhi’s Odd-Even Scheme

PoochO Carpool App Launched Ahead of Delhi's Odd-Even Scheme

Delhi Transport Minister Gopal Rai on Tuesday launched a app called “PoochO Carpool” to give people more options for carpooling during the second phase of the odd-even traffic scheme to be implemented in the national capital from April 15 to 30.

Launching the app, Rai said it would help users find carpool options within a radius of 1-5km.

“This app will help users a lot during the odd-even scheme. Fathers going to school to pick up their children in the afternoon can opt for carpooling with the help of this app,” he said.

Rai said the app would have a chat feature that will help users communicate with the car driver without even mentioning their numbers which would ensure safety to the women users.

“PoochO Carpool” has been developed by the Delhi Integrated Multi-Modal Transit System (DIMTS) and Android users can download it on the Google Play store.

Under the odd-even scheme, petrol and diesel driven vehicles with odd and even registration numbers will ply on alternate dates.

The scheme is not applicable to CNG vehicles, two-wheelers, women motorists, cars carrying school children in uniform and several kinds of VIPs. Violators will attract a penalty of Rs. 2,000.

Creo Mark 1 With 5.5-Inch QHD Display, Fuel OS Launched

Creo Mark 1 With 5.5-Inch QHD Display, Fuel OS Launched at Rs. 19,999

Creo, best known for its media-streaming stick Teewe, has launched its Mark 1 smartphone in India, priced at Rs. 19,999. The highlight of the smartphone is its proprietary Fuel OS that’s based on Android 5.1.1 Lollipop, with which Creo seeks to deliver new features to users every month in the form of over-the-air updates. The Mark 1 will be exclusively available via online marketplace Flipkart from the end of the week, as well as via the company site.

The other highlight of the smartphone at this price point is its 5.5-Inch Quad HD (1440×2560 pixels) resolution display with Corning Gorilla Glass 3 on both sides of the device. The Creo Mark 1 is a dual-SIM (Micro-SIM + Nano-SIM) smartphone that’s powered by a 1.95GHz octa-core MediaTek Helio X10 SoC, coupled with 3GB of LPDDR3 RAM.

The Creo Mark 1 bears a 21-megapixel rear autofocus camera with LED flash and 4K video recording, apart from an 8-megapixel front-facing camera with full-HD video recording. It comes with 32GB of inbuilt storage that’s expandable via microSD card (up to 128GB).

As for connectivity, the Creo Mark 1 offers 4G LTE, Wi-Fi 802.11 b/g/n/ac, Bluetooth 4.0, and GPS options. The smartphone is powered by a 3100mAh battery.

Users have the option to custom engrave their smartphones, letting consumers choose the text they want displayed on the side of their smartphones. The first 2,000 customers will get the engraving free.

Coming back the custom Fuel OS software, there are several customisations over and above Android 5.1.1 Lollipop. The camera app supports 3D, slow motion, and panorama modes; the phone’s capacitive buttons can be customised; security features will tell you if a new SIM card is inserted in your phone, and show you the location or let you wipe the phone remotely even without Internet access; Sense is an assistant that lets you find anything on your phone – buried settings, contacts, or downloaded files; Echo is a built in voicemail feature that is not Internet connected, all happens on your phone so it will work without data and is secure, a smart inbox that separates messages from people and messages from businesses so you don’t have a cluttered SMS inbox.

The company has promised its next update for the Creo Mark 1 is scheduled to rollout out a month from now, on May 13, and will bring features like a photo editor, customisable echo messages for different callers, and a selfie screen flash.

Sai Srinivas, CEO & Co-Founder, Creo said, “We’ve been working long and hard to put out a product that redefines the way we look at hardware. In our fearless endeavour to make a smartphone that is more than just the sum of its great specs, we’ve built Fuel – an operating system that’ll give a new phone experience every month, with features that deliver on both, performance and functionality.” He added, “What makes these features better every month, is the first-of-its-kind, community inclusive update system that stems from feedback and suggestions from users. With their invaluable input, we will be able to deliver on our promise of making Android better.”

Ben Affleck Will Direct Standalone Batman Film, Says Warner Bros. CEO

Ben Affleck Will Direct Standalone Batman Film, Says Warner Bros. CEO

Ben Affleck will direct a standalone “Batman” movie, says Warner Bros. chairman and CEO Kevin Tsujihara.

Affleck portrayed the caped crusader in this year’s “Batman v Superman: Dawn of Justice” and had been rumored to be the studio’s top choice to helm the film. Tsujihara confirmed they were moving forward with him in the director’s seat Tuesday at CinemaCon, an annual gathering of theater owners in Las Vegas.

The standalone Batman feature is part of Warner Bros. plans for an expanded DC Comics cinematic universe, similar to that of the Disney and Marvel collaboration. Warner Bros. has at least 10 features in the works, including “Suicide Squad,” ”Wonder Woman” and “Justice League.” Unsurprisingly, those films comprised a major portion of Warner Bros.’ presentation, signaling that the studio is moving forward energetically with its original plans despite reports that perhaps “Batman v Superman” is not performing as well at the box office as the studio would have liked.

Affleck, who is also directing “Live By Night” for the studio, made an appearance with Amy Adams, who plays Lois Lane. He confirmed that both would be joining Zack Snyder’s “Justice League,” which is currently in production in London.

“Suicide Squad” director David Ayer and stars Will Smith and Margot Robbie were on hand as well to hype the supervillains gone straight pic, which launches on August 5 with intense footage focusing heavily on Robbie’s Harley Quinn.

Warner Bros. also trotted out stars and footage from a number of their upcoming films including theHarry Potter spinoff “Fantastic Beasts and Where to Find Them,” ”The Lego Batman Movie,” the Russell Crowe and Ryan Gosling comedy “The Nice Guys,” and the Emilia Clarke romantic drama “Me Before You.”

But beyond the individual films, a big focus was the studio’s ongoing commitment to its filmmakers and the specialness of theatrical presentation.

The threat of The Screening Room, a proposed at-home viewing experience of first-run movies, has loomed large over the annual conference where theater owners come not just to check out the new studio slates and mingle with stars, but to see the latest technologies that promise to enhance the theatrical experience for audiences. Major filmmakers like Steven Spielberg and Peter Jackson have come out in support of the service, but the industry on the whole remains divided.

“I assure you we are not going to let a third party or middle man come between us,” Tsujihara told the audience of exhibitors. “When there are new technologies … we will explore them with each of you. We know the status quo is not an option.”

Not every studio has taken a hard stand. On Monday, “Star Wars: The Force Awakens” director J.J. Abrams – a Screening Room backer – urged the conference to be open-minded about innovations.

“Hangover” director Todd Phillips on Tuesday, however, came out strongly against the idea of the Screening Room without mentioning it directly while promoting his new Jonah Hill and Miles Teller comedy “War Dogs.”

“Why are we in such a rush to turn movies into television? It doesn’t make sense to me. Movies are special,” Phillips said. “We need to do everything we can to protect that part of the experience.”

South Korea Clears Oracle of Anti-Competitive Acts After Software Probe

South Korea Clears Oracle of Anti-Competitive Acts After Software Probe

South Korea’s Fair Trade Commission (FTC) said on Wednesday Oracle Corp did not engage in anti-competitive behaviour following a probe over its practice of packaging new software upgrades into database management service contracts.

South Korea’s antitrust regulator last year opened an investigation into the practice to determine whether it was using its dominant market position to shut out rivals. The US company controlled 58.5 percent of the domestic database management system market as of 2014, according to the FTC, marginally lower than 59.6 percent in 2011.

The regulator said on Wednesday that software upgrades and maintenance are key components of the overall service provided by Oracle, and packaging them together does not hinder competition. Such practice also did not result in any increase in prices or reduction in competition, the FTC said.

Oracle was also cleared of any wrongdoing over its practice of requiring a maintenance contract for all of the US firm’s software used by its customers. The FTC said such a requirement was necessary to protect its intellectual property, as various patches and upgrades offered through the agreements can be easily copied and applied.

Customers can also freely choose other vendors if they do not wish to sign such an agreement, the regulator said.

You’ll Soon Be Alerted If Your USB Type-C Cable Is Safe to Use

You'll Soon Be Alerted If Your USB Type-C Cable Is Safe to Use

Previously we have seen few reports stating how a third-party non-compatible USB Type-C cable can fry your smartphone. However, USB Implementers Forum or the USB-IF now plans to prevent such situations with the announcement of an authentication specification.

USB-IF during the Intel Developer Forum in Shenzhen, China announced a new set of software rules in the form of USB Type-C Authentication Specification. When you club any power adapter, cable, or accessory that supports these specifications with a host device such as a laptop or a smartphone, the host device will be able to verify if the connected accessory is compatible or not and if it has been certified by USB-IF.

This authentication information is transmitted using 128-bit encryption even before the accessory starts charging the device or transferring data. The specifications will also work if the charger and cable are being used only for charging the host device.

USB-IF added that the authentication specification not only lets you know if the third-party accessory is compatible or not, but also combats malware that use USB to affect other devices. It added that the authentication specification should be easy to implement in accessories as it “references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation.” As for the host devices, these specifications can be implemented in the form of a combination of software and firmware updates. However, this will depend on the OEMs.

Although the accessories that are already in the market cannot be updated with the authentication specifications, manufacturers can in future start making new ones that support the standard.

“USB is well-established as the favoured choice for connecting and charging devices,” said Brad Saunders, USB 3.0 Promoter Group Chairman during the event. “In support of the growing USB Type-C ecosystem, we anticipated the need for a solution extending the integrity of the USB interface. The new USB Type-C Authentication protocol equips product OEMs with the proper tools to defend against ‘bad’ USB cables, devices and non-compliant USB Chargers.”

Ransomware Hackers Are Borrowing Customer-Service Tactics

Ransomware Hackers Are Borrowing Customer-Service Tactics, Say Experts

When hackers set out to extort the town of Tewksbury, Massachusetts with “ransomware,” they followed up with an FAQ explaining the attack and easy instructions for online payment.

After baulking for several days, Tewksbury officials decided that paying the modest ransom of about $600 was better than struggling to unlock its own systems, said police chief Timothy Sheehan.

That case and others show how cybercriminals have professionalised ransomware schemes, borrowing tactics from customer service or marketing, law enforcement officials and security firms say. Some players in the booming underworld employ graphic artists, call centers and technical support to streamline payment and data recovery, according to security firms that advise businesses on hacking threats.

The advancements, along with modest ransom demands, make it easier to pay than fight.

“It’s a perfect business model, as long as you overlook the fact that they are doing something awful,” said James Trombly, president of Delphi Technology Solutions, a Lawrence, Massachusetts, computer services firm that helped three clients over the past year pay ransoms in Bitcoin, the virtual currency. He declined to identify the clients.

Ransomware victims reported total costs from such attacks of $209 million (roughly Rs. 1,386 crores) in the first three months of this year, the FBI said, citing a tally of complaints it has received. That’s up dramatically from $24 million (roughly Rs. 159 crores) for all of 2015.

(Also see:  New Generation of Ransomware Is Emerging)

Costs for victims, beyond ransom, can include large bills for technical support, consultants and security software.

In the December 2014 attack on Tewksbury, the pressure to pay took on a special urgency because hackers disabled emergency systems. That same is true of additional attacks on police departments and hospitals since then. But all sectors of government and business are targeted, along with individuals, security firms said.

Some operations hire underground call centers or email-response groups to walk victims through paying and restoring their data, said Lance James, chief scientist with the cyber-intelligence firm Flashpoint.

Graphic artists and translators craft clear ransom demands and instructions in multiple languages. They use geolocation to make sure that victims in Italy get the Italian version, said Alex Holden, chief information security officer with Hold Security.

While ransomware attacks have been around longer than a decade, security experts say they’ve become far more threatening and prevalent in recent years because of state-of-the-art encryption, modules that infect backup systems, and the ability to infect large numbers of computers over a single network.

Law enforcement officials have long advised victims against paying ransoms. Paying ransoms is “supporting the business model,” encouraging more criminals to become extortionists, said Will Bales, a supervisory special agent for the Federal Bureau of Investigation.

But Bales, who helps run ransomware investigations nationwide from the Washington, DC office, acknowledged that the payoffs make economic sense for many victims.

“It is a business decision for the victim to make,” he said.

Run-of-the-mill ransomware attacks typically seek 1 bitcoin, now worth about $420, which is about the same as the hourly rate that some security consultants charge to respond to such incidents, according to security firms who investigate ransomware cases.

Some attacks seek more, as when hackers forced Hollywood Presbyterian Hospital in Los Angeles to pay $17,000 to end an outage in February.

Such publicized incidents will breed more attacks, said California State Senator Robert Hertzberg, who in February introduced legislation to make a ransomware schemes punishable by up to four years in prison. The Senate’s public safety committee passed the bill on Tuesday and sent it to the appropriations committee for further review.

Some victims choose not to pay. The Pearland Independent School District near Houston refused to fork over about $1,600 in ransom demanded in two attacks this year, losing about three days of work from teachers and students. Instead, the district invested tens of thousands of dollars on security software, said Jonathan Block, the district’s desktop support services manager.

“This threat is real and something that needs to be dealt with,” Block said.

The town of Tewksbury has also upgraded its security technology, but Sheehan says he fears more attacks.

“We are so petrified we could be put into this position again,” he said. “Everybody is vulnerable.”

JBL Reflect Aware C Noise-Cancelling Headphones With USB Type-C Launched

JBL Reflect Aware C Noise-Cancelling Headphones With USB Type-C Launched

JBL has launched the Reflect Aware C in-ear noise-cancelling headphones, which have a USB Type-C connector to connect to smartphones. The headphones can receive both audio and power from the smartphone itself through the USB connection, and therefore do not need to be charged and rely on a built-in battery, as is the case with other noise-cancelling headphones.

Apart from this, the headphones are also sweat-proof and come with fin-style ear tips which keep them in place while running or exercising. Noise cancelling can be controlled through the in-line remote, which also has volume controls and a microphone for hands-free mobile use. The Reflect Aware C is powered by 14.8mm drivers.

JBL has not announced any details on availability or pricing for the Reflect Aware C, which was launched alongside the new HTC 10 smartphone. This phone, along with other popular models such as theNexus 5X, Nexus 6P, and Xiaomi Mi 5 all feature USB Type-C connectivity. It’s possible that apart from JBL, other headphone manufacturers will also be launching USB Type-C headphones in the coming months, as an increasing number of Android smartphone manufacturers adopt the Type-C connector and port.

This shows that Android devices may be following in the footsteps of Apple, which is rumoured to beaxing the 3.5mm headphone socket on the iPhone 7. This will mean that headphones designed to be used with the new iPhone will have to sport Lightning connector cables, similar to how the JBL Reflect Aware C will plug in to the all-purpose Type-C port. However, the HTC 10 and other Type-C Android smartphones also sport the industry standard 3.5mm socket, so you aren’t limited to using only USB Type-C compatible headphones.