Anyone who’s watched a Hollywood thriller in the past three decades is familiar with biometric scanners, and along with it, the various means movie villains have used to subvert these systems, including methods that would be horrifying to consider when applied in real life. Now that the new iPhone 5s has a fingerprint scanner, those of us with more vivid imaginations have envisioned a new rash of thefts paired with bodily mutilations. Fortunately for everyone, the manufacturers of the fingerprint scanner on the new iPhone have stated quite clearly that the only way the scanner will register a proper fingerprint is if the finger is still attached to its living owner.
What this means for you:
It’s too soon to tell whether or not the technology in Apple’s latest smartphone is subject to the same hacks that rendered earlier incarnations useless for serious authentication. There are also concerns that Apple, or even the NSA could be gathering fingerprints for their super-surveillance database. Given all the attention the NSA has already been given regarding its privacy invasions, it’s a safe bet that they are going to steer clear of this particular minefield (at least for the time being) and Apple is also savvy enough to avoid alienating its passionate fanbase with such a heavy-handed misuse of their personal privacy.
Frankly, if the convenience of the fingerprint authentication gets you to secure your iPhone where before you did not, then I’m already a fan. For you Android users out there jealous of Apple’s spy gadget tech, have a look at Nymi, and watch for other biometric gadgets to arrive, especially now that Apple is trying to make them sexy again. You should always secure your mobile devices, especially if you use them to access email or work data. As we can all attest, passwords and pins are a big hassle, especially when you are on the go, but you should never let your phone out of the house without one.
Image courtesy of thawats / FreeDigitalPhotos.net
True to form, Apple announced at a press event today the arrival of the iPhone 5s and 5c. I’ll keep this one short, so you can get down to the business of deciding whether or not you are buying one!
What this means for you:
The 5c is Apple’s rumored budget phone. Priced (with 2 year contract) at $99 for a 16GB model, and $199 for the 32GB, this model replaces the metal with plastic, and comes in five bright colors. Aside from that and the fact that it ships with iOS 7, it’s functionally the same hardware as the iPhone 5 released last year. If you’ve been on the fence until now about buying an iPhone because of the price, this may hit your sweet spot, assuming you don’t mind the 2-year commitment.
The 5s features a faster processor; early tests show a 30% speed increase but Apple claims up to 2X faster performance. It also comes with a fingerprint scanner to unlock the device, and a new, low-power chip that is designed specifically to work with fitness apps (hinting at the imminent arrival of an “iWatch”), and an improved camera. This one is priced at the expected $199/$299 price point (with 2-year contract, of course!) and is available in Gold, Silver and “Space Gray”. This will be a tougher sale for a lot of people, especially since rumors are flying that the iPhone 6 may be released in early Spring 2014 as opposed to the usual timeframe of late Summer, early Fall. The 5s isn’t a huge leap forward from the 5 in terms of hardware specs, so don’t buy one expecting a big performance increase.
If you are holding on to an older model iPhone 3 or 4, the 5s would be a nice step up. If you are budget conscious, or considering a new phone for your pre-teen or teenager, the 5c may be a great choice to hook up your kids without breaking the bank.
Despite the advent of wifi technology which has made staying connected a much more elegant, wire-free affair, we are still tethered by the ever-present power cord. Just about everyone who has traveled with electronics has cursed the forgotten power cord, and probably thrice cursed the tangled knot of cords they did remember to bring. Induction charging has attempted to answer this nagging first-world issue, but adoption of the technology has been slow, and it hasn’t conquered the primary complaint: your devices are tethered not with physical wires this time, but by the need for contact with the induction surface.
Enter surprise start-up Ossia and their product, Cota. Making their debut at the TechCrunch Disrupt13 conference, Ossia founder and physicist Hatem Zeine has developed a technology dubbed “Cota” that can safely power devices wirelessly, at a distance and through walls. The technology is still in the prototype phase and is slowly making its way through the FCC approval process, but Zeine was able to provide a live, on-stage demonstration of an unmodified iPhone being charged wirelessly from the prototype at a distance of several feet. The company’s initial foray into production is aimed at industrial applications where wireless power delivery is a top priority, such as powering remote sensors in a refinery, where electrical sparks are a constant worry. Ossia aims to to have a consumer product by 2015, which is envisioned to consist of a charging station approximately the size of a desktop tower PC, and will be partnered with a variety of receiving platforms such as built-in electronics, battery replacements and add-on receivers for legacy devices.
What this means for you:
We’ve a bit of a wait until the Cota arrives for consumers, but given the world’s aggressive adoption of mobile electronics and fondness for wireless aesthetics, it’s likely that even if Ossia fails, other companies will rise to the challenge. According to Zeine, the technology is as safe as current Wifi technology probably permeating your house and office right now, as it works in the same frequency spectrum. Whether or not you believe that platform to have any health implications is probably moot if you live or work in any urban first-world environment, as you are “soaking in it” as we speak. Assuming the health question is resolved to everyone’s satisfaction, Zeine is predicting a complete paradigm shift in how we look at mobile technology, envisioning a world without batteries and the concept of “charging” made obsolete by an omnipresent power source. Are you ready to ditch the power cords? It may be coming sooner than you think!
If you’ve taken to heart any of the security advice or practices that I or many other technology professionals have been dispensing for the past few years, you’ve probably developed a healthy skepticism for any emails that land in your box that are unexpected and contain unfamiliar links. Even more so if your email provider marks the email as spam or a possible phishing attempt.
For example, I recently received an email with the subject “iPhone iPod touch Class Action Settlement” that was immediately marked as spam by Gmail. This email purportedly offered me a part of a class action settlement with Apple. Seeing how many people own iPhones and iPods, it seemed like good phishing bait so I assumed this was yet another scam. It had all the trappings of a well-made con:
- broad target demographic
- based on a recent, actual event
- contained lots of official-sounding text that didn’t read like a 4th grader wrote it
- no overt clues that the sender was an obvious bad agent (non-US domains, inappropriate reply-to addresses, spoofed mail headers, etc.)
It would probably lure people into clicking a link that would either load up their machines with malware, or entice them into giving up some personal information that would later be used in an identity theft attempt. I opened it up with the intent of warning my audience and clients about the potentially well-crafted fraud.
As it turns out, this is a legitimate email that Gmail incorrectly identified as spam, probably because the sender was flagged as a spammer by justifiably suspicious readers like you and me. A little research online reveals this is part of the original case that made headlines back in May of this year. Emboldened by this information, I used Chrome (bolstered by a variety of anti-scripting extensions) to visit the included link, and, lo and behold, it’s a legitimate website. Because of the relative newness of this initiative, there isn’t a lot out on the web about this yet, so unless you are an experienced internet researcher, your searches might have come up with little evidence that this was a legitimate email.
What this means for you:
Most cautious internet citizens might have trusted their email provider’s guidance on this and just deleted this email, potentially missing out on as much as $200 as a settlement award. False positives are an unfortunate side-effect of a proper security protocol, and in this case, even Google didn’t provide enough information to immediately assuage my suspicions, and a few search results actually led to conversations where people immediately labeled it as a scam. Sometimes the internet does not provide instantaneous answers, nor is it always right, and as always, you should always take your search results with a grain of salt, especially if there is money at stake. If your search results turns up a dearth of information, your best course of action is to wait a few days for the internet to catch up (it always does!) and research again, or to contact a tech expert like C2 Technology to get a second opinion.
Image courtesy of David Castillo Dominici / FreeDigitalPhotos.net
It must be another day ending in “Y” as hackers are making headlines again: Airplanes, cell-phone chargers and now your car might be the target of hackers. As you might have already guessed, auto manufacturers have been building computers and networks into cars for years now, and modern models can have as many as 70 different computerized systems that control every aspect of the car: braking, steering, acceleration, etc. Where there’s a computer, hackers are sure to follow, and security experts have successfully demonstrated hacks on late model cars that can take over just about any aspect of computerized systems including slamming on the brakes full the car is at full speed, jerking the steering wheel and shutting down the engine completely.
What this means for you:
Before you drive your shiny new ride over to the nearest Cars for Causes office and pack the family off to that bunker in Montana, you should know that the hackers in question worked for months to crack the auto systems on a specific model of car, and in most cases the hacks required physical access to the vehicle. However, according to past reports, ethical hackers from UCSD have managed to compromise at least one late-model GM vehicle via wireless methods, and it’s hard not to imagine that as automobiles become even more complex and automated (Google’s self-driving car, anyone?) as well as wirelessly connected to the internet, the unethical hackers won’t be far behind in tarnishing what otherwise might be a bright, self-driving future.
Image courtesy of Sura Nualpradid / FreeDigitalPhotos.net
In a move that surely caught Hollywood by surprise, Canadian company Bionym has announced the imminent arrival of a biometric authentication device dubbed “Nymi” that relies not on retinal scans or fingerprints or even handprints, but upon the beating of your heart. As with many things human and organic, the particular rhythm of your cardiac system is unique to you, and the mad scientists at Bionym are leveraging this fact as part of a 3-factor authentication system that will allow you to use the bracelet for a variety of applications, not the least of which will be unlocking your devices, accounts and just about anything that can be communicated to via bluetooth or NFC.
What this means for you:
Just about everyone, including yours truly, grumbles about how inconvenient password authentication really is, despite knowing just how bad it could be without them. Nymi has the potential to leverage biometric security measures in a way that doesn’t rely on easily defeated fingerprint readers or expensive and uncomfortable body part scanners. This type of 3-factor authentication puts a twist on traditional two-factor methods (password + device) and instead substitutes your cardiac signature plus physical contact with your skin for the password to unlock the Nymi, which is also tied to another device like your smartphone for a third verification. Absence of any one of the 3 factors make authentication impossible, and mere possession of the device doesn’t prove ownership as it does for current-gen proximity devices like the Skip.
It almost sounds too good to be true, and the demo video released by the company has a distinct sci-fi feel that will probably provide at least one eyebrow-raising moment for any first-world citizen. But when you stop to think about the various demonstrations, each one already has an existing, real-world corollary that while maybe not in widespread use yet, could easily become commonplace tomorrow, especially if Nymi takes off. I believed enough in the promise to pre-order mine (#1141). Heck, for $79, at minimum it will make for a great conversation piece at parties, and if all it does is keep my cell phone securely and safely unlocked while I’m near it, I’ll consider it money well spent.
An Islamist hacktivist going by the moniker “Mauritania Attacker” claims to have hacked and accessed the entire database of Twitter accounts. As proof of this exploit, he has published details on 15,000 accounts that included access tokens users have generated for other applications that use Twitter either as an authentication source, or as a means to publish data from or to the microblogging service. According to representatives from Twitter, no accounts have been compromised, and the account details released by the hacker did not contain passwords (hashed, encrypted or otherwise). Security analysts suspect that it may be possible to use the exposed security tokens to gain limited access to publish through the associated Twitter account via third party app (which is what the tokens are for in the first place) if a hacker could ascertain for which app a specific token was created.
What this means for you:
If you use Twitter, you should do two things:
- Enable login verification by going to your Twitter settings -> Account -> Login Verification. This basically sends out a confirmation to your mobile device that must be entered in order to log into your Twitter account.
- Revoke permissions to Twitter-enabled apps. You can do this by going to your Twitter settings -> Apps and clicking “Revoke Access” next to every app on the list, even the ones you might use frequently. Then, you can go back to your favorite apps and reauthenticate. This way, you can recreate the access tokens, and not have to worry about the possibility that your access tokens were among the ones shared by the Mauritania Attacker.
Motorola has recently announced a near-field communication (NFC) device called the “Skip” which can be paired with their new Moto X smartphone to allow for quick unlocking of a PIN-protected device. The small wearable device also comes with a handful of “Skip Dots” which are smaller versions of the Skip that can be placed at frequently visited locations like your car or desk, allowing the same, “tap to unlock” functionality offered by the Skip device. According to Motorola, the Skip will supposedly save the average user quite a bit of time, based upon a calculation that we spend on average 2.9 seconds punching in our PINs up to 40 times a day.
What this means for you:
This particular idea isn’t new. NFC dots/stickers have been around for awhile, and many Android phones feature the capability of using the presence or absence of NFC points to give Android phones locational awareness at a level much finer than afforded by GPS. Depending on how they are programmed, Android phones can automatically unlock themselves when near specific dots, or enable Bluetooth when near a dot placed in a car, etc. The problem, as you can imagine, is that it gives thieves and malicious actors the ability to unlock a stolen or misappropriated phone merely by possessing the “Skip” itself. Seeing as it’s attached via magnets, and likely to be near the phone itself, gaining both items gives the possessor the literal keys to your smartphone’s kingdom. The Skip Dots also add another easy vector for malicious actors who are familiar with the phone owner, such as a co-worker, fellow student or roommate, and take advantage of an unattended phone and a known Skip Dot location.
Smartphone PINs are there for a reason: to make it difficult to unlock your phone. What’s the point of putting a lock on your front door if you are going to leave the key sitting in plain view for anyone to use? My advice to you: don’t use devices like the Skip (or any NFC device) to bypass security. It’s there for a reason, and imagine how inconvenienced you would be if your phone (and everything on it) was compromised.




![logo[1].png Cota Logo](https://c2techs.net/wp-content/uploads/2013/09/logo[1]-460x260_c.png)






