What was 'The Big Hack', and how likely are Bloomberg's claims?

On October 4th, Bloomberg Businessweek published an alarming piece called the ‘The Big Hack‘ – claiming that a small processor – embedded in popular consumer electronic products by a Chinese hacking group – had compromised the security of devices from as many as 30 major US firms.

As the story’s strapline reads, “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.”

The story outlines that a Chinese military unit created microchips smaller than a sharpened pencil tip that were designed to look like signal conditioning couplers (as you might find them on a motherboard). Reportedly, the microchips were installed in Chinese factories and made their way into networking servers provided to the US by a firm called Supermicro. When a network server or computer would be turned on, the chip would apparently activate, allow its host to accept new modifications, and then reach out to other hijacked computers in search of ‘further instructions’.

As Businessweek alleged:

“Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community.

…During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”

 Sounds scary.

That goes without saying. Should Businessweek’s reporting prove both accurate and true, the bid would stand as one of the most sophisticated hacking attempts ever made, and could feasibly threaten the security of thousands of people around the world. In its report, Businessweek lists that companies from Apple to Amazon have been affected, and had made no significant attempts to alert its consumers that their devices might be compromised.

So, is there truth in these claims?

While the report has quickly been re-shared across the length and breadth of the internet, the allegations made within have largely been refuted by leading technology companies. On the same day as Businessweek ran the story, Apple, Amazon, and Supermicro all published statements denying that the purported chipsets were ever found or existed. Similarly, three of the leading mobile network providers in the US – AT&T, Sprint and Verizon – have denied the report as well.

In technological terms, such an attack is actually possible, and is referred to as a ‘supply chain attack’ – where the processes, items, or delivery of goods shipped in the manufacturing process to a seller is hijacked, altered, modified, or destroyed without the consent of the transacting parties. In some cases, re-sold goods can be subject to a ‘man in the middle attack’, where certain components of a device can be hijacked to intercept data or certain functions.

However, the purported size and scale of the ‘hack’ itself – coupled with the fact that leading technology companies have refuted the report’s accuracy – have created controversy. Presently, the claims of a hack are unverified, and have not been interpreted, analyzed, or otherwise investigated by an independent party.

Should I be worried?

Over the coming weeks, it is likely that federal agencies in the US will set up a form of commission of inquiry into Businessweek’s allegations given their seriousness. Given the response to Businessweek’s article and opinions from veteran security researchers, it remains unlikely that the ‘The Big Hack’ actually took place and furthermore remained unreported to the public at large – though that will be up to researchers and government agencies to determine.

Ultimately, there is little end-consumers can do, or should be worried about at this stage. Should such a commission find that any hardware devices were altered, US firms will likely have to issue a recall of products that were shipped to consumers – or in the event that sensitive business networks were compromised, supply chain processes will likely be changed as well. The story may have a positive outcome (regardless of its accuracy), in that supply chain processes may be managed with closer scrutiny in the months and years to come.


What is SIM-swap fraud, and how can I keep myself safe?

SIM-swaps might be well known to South Africans as the process where they exchange one size of SIM card for another, or where they change their mobile network entirely. However, a new form of SIM-swap scam has recently come to light in South Africa – a trend which new reports suggest is only increasing.

SIM-swap fraud (sometimes called SIM splitting) is a form of criminal activity in which parties steal the identity and ownership of someone’s mobile phone number through an illegal SIM-swap.

SIM-swap fraud typically involves a fraudster gathering information about their victim over a certain period of time or through certain channels – once done, they contact and pose as the victim to a mobile network, and request their victim’s cell phone number be ported to their own SIM.

If their bid is successful, the fraudster has complete control over the victim’s phone number, and the victim themselves will typically lose their connection to their mobile network shortly thereafter while using their original SIM. The newly-empowered fraudster, as a result, can accept any one-time passwords (OTPs) sent through an SMS or phone call, and can use that information to access social media networks, banking services, or other confidential or private online platforms.

How is SIM-swap fraud increasing in South Africa?

Earlier this month, the South African Banking Risk Information Centre (SABRIC) released its digital banking crime statistics report, which analyzed trends found across some 13,438 incidents recorded in 2017 through various banking apps. Among the total count of all incidents reported, SABRIC noted a 104% increase in SIM-swap fraud – amounting to some 4,040 incidents.

In a statement to the press, SABRIC CEO Kaylani Pillay offered that “Criminals are always looking for ways to exploit digital platforms to defraud victims, but the mitigation strategies deployed by Banks are very robust, so it is easier to target people, as they are the weakest link… Using technology, coupled with social engineering, criminals can gather sufficient information to impersonate victims, bypassing bank security protocols.”

How can I keep myself safe from SIM-swap fraud?

Unfortunately, the best way to protect yourself from SIM-swap fraud is to practice general vigilance.

It’s good practice to inform your bank when your mobile number changes, subscribe to SMS alerts for both activities related to both your mobile phone and banking account and memorize your PIN or passwords where applicable.

When answering the phone from solicitations (call centers or other third parties), avoid sharing specific information about yourself such as your personal address, ID number, or your other contact details. The less information a fraudster can gather, the harder it will be for them to assume control of your SIM.

If you need to contact your bank to report a case of SIM-swap fraud, the relevant contact details are:

  • Standard Bank – phishing@standardbank.co.za
  • ABSA– secmon@absa.co.za
  • Capitec – phishing@capitecbank.co.za
  • FNB – phishing@fnb.co.za
  • Nedbank – phishing@nedbank.co.za

 


Why haven't smartwatches caught on?

Though it (arguably) might come in last place at the Innovative Smartwatch Naming Awards, LG’s Watch W7 – announced earlier this week – did attempt to do something novel. By marrying physical fingers with a digital display, the Watch W7 was intended to be the power couple that ties together the best of the digital world and delivers it to the wrists of analogue enthusiasts.

Instead, the Watch W7 has been much maligned for its design – and for the fact that users would need to press a side-mounted button to level the fingers to see the display in the first place.

All that being said and done, I feel the Watch W7 is a punctuation point for the consumer technology industry – a note for future reference telling us that, well, perhaps we haven’t quite figured out what we want from smartwatches just yet.

Globally, smartwatch sales have ramped up over the past few years – and while Apple (unsurprisingly) might own the lion’s share of the market thanks to the Apple Watch Series 1 through 4, we’ve arguably yet to see a smartwatch product harness the same brand power that many major smartphones do.

That’s a surprising statement to make. Throwing it back to 2014, the stage seemed set for a massive showdown in the smartwatch world – with the likes of the Apple Watch set to tackle the Android hordes (perhaps most recognizably led by the Moto 360 at the time.)

While an estimated figure of 141 million smartwatch sales might sound like we’re heading north, comparing that against a reported 1536 million smartphone sales indicates that we haven’t yet seen a breakout product (or suite of products) that can do for our wrist what our phones do for our pockets.

A lack of utility

Personally, I don’t wear a watch – whether it be analog or smart. I’ve grown used to checking the time (when need be) on my phone, and I personally don’t have much need nor want for jewelry.

However, the fact that we don’t yet have a wrist-worn product that is indispensable is telling. Chiefly, smartwatches today focus on two major aspects – fitness tracking or serving up notifications – and those are two functions that have been best served by two completely different products.

Smartwatches exist in the awkward space of being an accessory, and not a necessity. While Google’s Wear OS and Apple’s watchOS have both introduced interesting features, neither has truly focused on delivering utility – that is, a slate of features that exist in isolation and can’t be replicated elsewhere.

The challenge here is that few have dared to re-envision just what a watch is.

Expense versus affordability

While some manufacturers have paired smartphones and smartwatches together at sale, in most cases smartwatches are just too expensive. In a luxury market where premium brands shift double digits on design and material value alone, the most notable failure in this space was (arguably) the original Apple Watch Edition – a gold behemoth that failed to tow its weight $10,000 USD price tag.

In emerging markets, the budget through mid-range is a major arena for even the biggest brands – and this is an area which we have yet to see smartwatches meaningfully compete in. While there are certainly affordable smartwatches, few exist with the backing of sizable brand-power and, at worst, offer a lackluster delivery of some basic features.

Smartwatches, chiefly, have been obliterated at the bottom end by another noteworthy challenger…

Fitness trackers

While many major consumer technology brands have committed to offering a smartwatch, few have been able to resist the allure of fitness trackers – which are far more affordable to produce, sell, and ultimately market.

The awkward factor is that consumers have flocked to purchase fitness trackers themselves at the expense of smartwatches – with global sales of the former edging closer to 200 million per year.

Given their affordability, smaller form factor, and the uptake in major insurance services leveraging them for monitoring purposes, fitness trackers have – for better or worse – become the backbone of the smartwatch realm. Unfortunately, in this case, that backbone fails to support a wider industry, and excels in capturing consumers for years before they’re ready to make a sizeable upgrade to a new product.

Design

It’s time to point out (perhaps) the biggest factor crippling the smartwatch industry – no one’s carved out a great design.

Sure, the likes of premium brands such as Tissot have cultivated connected offerings, and the Apple Watch Series 4 might be beautiful thanks to its larger screen – but have any of these products truly offered style and substance?

LG’s Watch W7 is perhaps a glaring declaration that, frankly, we haven’t quite figured out what we want from smartwatches. Should we adopt always-on displays? Are mechanical fingers needed? Can any smartwatch truly survive with a massive profile on anyone’s wrist?

Until smartwatches themselves are both slimmer and more svelte, we may struggle to surpass the sexy profile of a fitness tracker.

So, what do we really need for smartwatches to take off?

It might sound contrived, but smartwatches need their iPhone moment.

While smartphones existed before the iPhone, it wasn’t until Apple demoed its take that we developed, iterated, and proliferated a worldwide industry that is growing until this day – and while Apple may not be the company to do so, we await a firm that can radically envision what a smartwatch can do.

The game might be simple. A great smartwatch would need a simple focus, an elegant use case, a slim design, and an appealing price tag – and perhaps most bizzarely, it might have little to do with telling the time.

Some interesting projects linger on. Lenovo is pushing ahead with form-shifting wearable technology, while other firms such as LG continue to trial rollable OLED technology. The right product might lie on the horizon, but we arguably haven’t seen it just yet.


whatsapp fake news

How WhatsApp's newest changes are designed to fight fake news

If you keep your WhatsApp trimmed and up-to-date, you might have noticed several new features and small changes on the platform. Interestingly enough, several have debuted with the focus of diluting the impact of fake news on the platform.

Earlier this week, I caught up with Graeme Richards on SABC 3’s Expresso Show to discuss just what these new changes are, and why they matter.

Remind me – what is fake news, again?

News has been around for centuries – whether we’re simply catching up with a friend, catching the headlines in a daily newspaper, or even watching television – our daily lives are shaped by media, journalism, and (presumably) factual reporting of new developments.

Fake news (at least, in its current form) is a relatively new phenomenon which upends this process by crafting ‘news stories’ that are explicitly false, sensational, or misleading. Chiefly, these are designed to encourage virality – in media speak, the tendency for content to be circulated or shared both rapidly and widely.

While fake news can simply be used to discredit a person or idea, far more insidious goals can be afoot. For example, by clicking on a link to a fake news story, you might bring extra traffic to a website, help a publisher accrue revenue through that traffic, or – in the worst case – leave your personal or private information ready for plunder.

Why is WhatsApp experiencing a problem with fake news?

WhatsApp is presently one of the most major, widespread, and influential messaging platforms – month-to-month, WhatsApp is estimated to accommodate 1.5 billion monthly active users. Given that WhatsApp makes sharing web links easy and provides everyone with the means to communicate to people already in their address book (such as colleagues, friends, or family), it is tremendously easy to share or spread messages that have an air of credibility and might be reinforced by one’s personal relationships.

Though WhatsApp isn’t the only platform battling fake news, its struggles might be the hardest. The effects of fake news on the service are perhaps most keenly felt in India, where several fake news stories have prompted mobs to maim or murder several people.

What measures has WhatsApp introduced to solve this problem?

If you’ve used WhatsApp this past week, you may have noticed that messages you forward to another contact might bear a ‘Forwarded’ tag above them. This has been introduced as a bid to curb the association of a particular message with a trusted contact, and instead highlight that the said message originated elsewhere.

On a more technical front, WhatsApp has also limited the number of times a message can be forwarded to prevent users from batch-forwarding content to hundreds of users at a time. In the Indian market space, WhatsApp has even taken out full-page newspaper advertisements  highlighting ten easy steps to identify fake news.

Will any of this work?

Unfortunately, the problem of fake news extends far more widely beyond WhatsApp itself, and might require a variety of technical solutions to curb, if not prevent entirely.

However, WhatsApp’s early moves mean that can expect far more attention to be applied to the problem in the first instance – and given WhatsApp’s immense popularity, I feel we can count this as a positive first step.

If you’d like to sift fake news from real journalism, I’d recommend taking a look at popular fact-checking services such as Snopes.


Do we really need DeX, EMUI Desktop, and Microsoft's Continuum?

Mobile device manufacturers have been quick to offer smartphone-to-PC systems, but do we really need them? I weigh in!

When Microsoft first revealed its Continuum features aboard the Lumia 950 and 950 XL, I was quite smitten. Given the fact that Windows Mobile (RIP) was famous for running well on low-end hardware, I naturally presumed that Continuum would be an excellent way to deliver a PC-like experience to those of us with a limited budget for just (let’s say) one smartphone. After all, Continuum had (or has?) the backing of Microsoft’s Windows Store and some of the more ubiquitous features one might find on a low-end Windows laptop, making it an excellent candidate for a smartphone-to-PC system.

Unfortunately, Windows Mobile didn’t pan out well for Microsoft – and the Redmond firm instead elected to style Continuum as the mechanism wherein one could change a hybrid Windows device from tablet mode to a laptop and back again. Some devices such as the HP Elite X3 shipped with the intention to bring Continuum to the working world, yet such products haven’t typically been aimed at general consumers.

Then, in February this year, Samsung broke headlines for its own such take on Continuum – DeX. Similarly to Microsoft’s earlier efforts, DeX provided a docking system for owners of the Samsung Galaxy S8 to transition their mobile device from a smartphone into a hyper-portable PC. With access to many Android apps, the system looked like a logical way to bring PC functionality to smartphone owners everywhere.

However, the launch of DeX has – up until now – been confined to Samsung’s premium offerings such as the Galaxy S8 and Samsung Galaxy Note 8; meaning that anyone wanting to get onboard with this functionality would have to first break the price barrier to acquire either of Samsung’s flagship devices and then fork out the additional cash for a DeX dock – never mind a display, keyboard, nor mouse.

Huawei was the most recent entrant into this space with yesterday’s reveal of EMUI Desktop – a system which, similarly to DeX or Continuum, can transition one’s Huawei Mate 10 or Mate 10 Pro into a desktop Android PC.

Perhaps one factor Huawei took successful cognizance of is the fact that consumers may not be as willing to dole out cash for additional hardware, such as a dock – and to my personal relief, EMUI Desktop works through a single HDMI to USB Type-C cable rather than a docking station. Another – perhaps more rounded – idea debuts in the sense that Mate 10 owners can use their device as a mobile trackpad rather than leaving it to serve lip service on a workbench.

continuum smartphone-to-pc

Commonality

Continuum, DeX, and EMUI Desktop all echo the same tune, and one that is apparently needed in the consumer technology industry; a means to shatter some of the barriers that prevent smartphones from serving just as well as entry-level desktop PCs.

Android and Windows Mobile both have commonality in the sense that both operating systems are quite versatile, and are capable of providing both a great mobile platform and a fledgling desktop experience to boot. Yet, the cemented nature of the former and novelty factor of the latter tend to make both consumers wary of using such a system as their go-to, one-size-fits-all device. After all, one needn’t really spend more than R5000 ZAR on a good phone, nor R5000 on a decent laptop.

The arrival of each of these offerings – in addition to other miscellaneous products that have attempted to break the mobile and desktop barrier – signals something I feel more smart device manufacturers should take cognizance of; that in mobile-first economies such as South Africa, there can be a massive need for one’s smartphone to sport additional functionality that can bridge new divides.

Up until now, the logic behind Dex, Continuum, or EMUI Desktop seems to be the sense that if smartphones are both powerful and expensive, they needn’t just be smartphones. However, by appealing to a higher market demographic, I’m left to feel that manufacturers offer these young lambs up for slaughter by appealing to market forces that probably already have an equitable laptop or desktop PC and either don’t need a stymied experience, or might only purchase such a system for novelty value.

huawei emui desktop

Real potential?

That’s not to imply Dex, Continuum, nor EMUI Desktop are unusable or unwarranted – in fact, I would argue that as time has gone on each system shows more and more promise; and the fact that manufacturers are beginning to focus on the development of AI and digital assistants means that one may be able to get far more done in far less time.

To pivot back to home, one of the key frustrations I share with South Africans is the sense that the price tag of owning a mobile device along with a suitable data plan can often derail one’s objective of purchasing other smart devices – quite simply, one can often find oneself juggling between owning an equitable PC and mobile device; and many consumers in South Africa forego the former in entirety to live on the latter.

There remains massive potential for manufacturers to develop smartphone-to-PC systems, wherein one could have a smartphone take the form of a desktop PC through a dock or cable. Yet the sensitivity of these options remains lackluster in a country where one can all too easily drool over a flagship smartphone and then lower one’s expectations in line with one’s wallet.

Where cheap smartphones are getting better, good smartphones are getting cheaper – and it needn’t, nor shouldn’t be long until manufacturers realize that smartphone-to-PC systems need not be a feature locked to an unattainable realm of the market. Rather, by aiming such features at the mid-range of the market, manufacturers might be able to develop far more cunning offerings that sell in higher volumes.

google assistant chromebooks

Other predators exist

If smartphone manufacturers don’t attune their strategy in this regard, I feel it need be only a matter of time before other offerings present themselves. The arrival of Android app support on Google’s fledgling Chrome OS ecosystem (and a potential redesign, to boot) may put affordable PC access in the hands of many South Africans, if not consumers around the world.

Another contender is Microsoft, who has similarly released Windows 10 S – and while that offering may be limited to the expensive Surface Laptop for now, there remains potential for a fleet of well-priced Windows 10 S laptop to capture a good portion of the market. Just ask Americans what happened after Chrome OS took a swipe at Apple’s MacBooks.

In the end, smartphone-to-PC systems do – in my opinion – remain a frustrating novelty feature that could unlock real value on mobile-first countries.

Aimed at marketplaces where those who can afford high-end phones likely already have a desktop, and in other regions where purchasing a high-end phone might preclude spending even more on a still-developing PC experience, it’s perhaps evident to say we may not truly need DeX, Continuum, or EMUI Desktop in their present forms – yet greater potential lurks just around the corner.

Have your say!

I want to hear your thoughts – do you believe offerings such as Continuum, DeX, or EMUI Desktop should stay or go? Would you be willing to purchase docks and additional equipment to use a smartphone-to-PC system? Be sure to let me know your opinion on Twitter – @bryansmithSA!