Apple Pay day some ways off

A Reuters piece I wrote with two colleagues on Apple’s efforts to break the mobile payments logjam (and catch up with China and Africa). In the long run, of course, they’ll likely carve out a decent business, but it’s not as smooth as it might be, and the impression we got was that Apple was facing problems not only convincing partners to jump aboard, but to make sure the process was as Apple-like for consumers as possible.

It’s an interesting conundrum that Apple faces: pretty much everything they have to do now is about ensuring their gadgets interact with worlds they can’t control – from payments to cars.

Early days, but Apple Pay struggles outside U.S.

BY MATT SIEGEL, JEREMY WAGSTAFF AND ERIC AUCHARD

More than 18 months after Apple Pay took the United States by storm, the smartphone giant has made only a small dent in the global payments market, snagged by technical challenges, low consumer take-up and resistance from banks.

The service is available in six countries and among a limited range of banks, though in recent weeks Apple has added four banks to its sole Singapore partner American Express; Australia and New Zealand Banking Group in Australia; and Canada’s five big banks.

Apple Pay usage totaled $10.9 billion last year, the vast majority of that in the United States. That is less than the annual volume of transactions in Kenya, a mobile payments pioneer, according to research firm Timetric.

And its global turnover is a drop in the bucket in China, where Internet giants Alibaba and Tencent dominate the world’s biggest mobile payments market – with an estimated $1 trillion worth of mobile transactions last year, according to iResearch data.

Anecdotal evidence from Britain, China and Australia suggests Apple Pay is popular with core Apple followers, but the quality of service, and interest in it, varies significantly.

To use Apple Pay, consumers tap their iPhone over payment terminals to buy coffee, train tickets and other services. It can be also used at vending machines that accept contactless payments.

Apple Pay transactions were a fraction of the $84.5 billion in iPhone sales for the six months to March, which accounted for two-thirds of Apple’s total revenue.

TECH HITCHES

In Australia, where Apple Pay launched a month ago, payment machines supported by one mid-sized bank reported frequent failures.

“Bendigo Bank is experiencing some unforeseen technical issues in accepting Apple Pay payments at selected merchant terminals,” a spokeswoman for the bank told Reuters, adding that a lack of wider industry engagement in launching the service limited the lead time in testing the new technology.

Apple Vice President Jennifer Bailey said such experiences were premature and not representative. “Like any set of major technology changes, it takes time,” she said. “We want to move as quickly as possible, we push it as quickly as possible.”

Facing a slowing smartphone business, Apple has taken on the payments market hoping to add ways to make its devices more appealing, and more revenue streams. Apple takes a cut of up to 15 cents in the United States on every $100 spent.

While it has long mastered the supply chain for its mobile devices, the payments ecosystem has proved harder to control, and banks in other countries have reportedly negotiated lower transaction fees, contributing to its slow global roll-out.

Apple nearly doubled its R&D spending to more than $8 billion in 2013–15 as it pushed out a wave of new products including Apple Watch and Apple Pay, as well as upgrades to existing hardware devices and new services.

RESISTANCE

Apple has leveraged its huge U.S. user base to push Pay, but has met resistance in Australia, Britain and Canada where banks are building their own products.

“Payments in general is such a complicated system with so many incumbent providers that revolutionary change like this was not going to happen very quickly,” said Joshua Gilbert, an analyst at First Annapolis Consulting.

The upshot: Apple has rolled out Pay in a dribble, adding countries and partners where it can – Hong Kong is expected to be added next – resulting in an uneven banking landscape with users and retail staff not always sure what will work and how.

In Britain, for example, $14 billion was spent via contactless cards last year, according to Windsor Holden, a Juniper Research analyst. That makes it harder to persuade people to take the extra step on their smartphone for the same checkout convenience.

“You have over 86 million contactless cards in circulation, you have to persuade Britons to register their cards to the (Apple Pay) service when they can already use them to make a contactless payment,” Holden said.

In Australia, where more than 60 percent of all card transactions are through contactless cards, reception has also been muted. A spokesman for one large retailer said he had seen “very little uptake of the payment option” in his sector. He didn’t want to be named as he was not authorized to speak publicly about the matter.

Diego Machuca, 32, banks with Apple Pay-holdout Commonwealth Bank, has an iPhone and is already “largely cashless”. He says Apple Pay is appealing, but he wouldn’t switch banks just to access that one feature. “Not over that. There’s too much work involved just for tap-and-go,” he told Reuters.

Three months after the China launch, users on online forums complained that using Apple Pay, even at popular fast-food outlets, was not as seamless as local services such as WeChat, Tencent’s messaging and mobile commerce phenomenon.

Nonetheless, Apple’s approach has spurred development in several markets where the mobile payments industry had previously not taken hold – giving it the jump on rivals Google’s Android Pay and Samsung Pay.

Android Pay only launched in the United States in March and in Britain last month for use on the latest model Android phones. Samsung Pay is available in three markets; China, South Korea and the United States.

(Reporting by Matt Siegel in SYDNEY, Jeremy Wagstaff in SINGAPORE, Eric Auchard in LONDON and Beijing Newsroom; Editing by Ian Geoghegan)

The Bangladesh Bank Hack, Part XIV

Lots of attention at the moment on the implications of the Bangladesh Bank hack, now four months old. This is a piece I contributed last week. Quite a bit of water has gone under the bridge since then. We not only don’t know who was behind the hack – North Koreans have been put somewhere in the frame, but that’s by no means a certainty – but we still don’t really understand how all the pieces fit together. Meanwhile, the blame game continues.

Cyber firms say Bangladesh hackers have attacked other Asian banks

WASHINGTON/SINGAPORE | BY DUSTIN VOLZ AND JEREMY WAGSTAFF

Hackers who stole $81 million from Bangladesh’s central bank have been linked to an attack on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures, cybersecurity company Symantec Corp (SYMC.O) said in a blog post.

The U.S. Federal Bureau of Investigation has blamed North Korea for the attack on Sony’s Hollywood studio.

A senior executive at Mandiant, the cybersecurity company investigating the Bank Bangladesh heist, also told Reuters the hackers had recently penetrated banks in Southeast Asia.

In the blog post published on Thursday, Symantec did not name the Philippines bank or say whether any money was stolen, but said the attacks could be traced back to October last year. It did not identify the hackers.

The Philippines central bank’s deputy governor, Nestor Espenilla, told Reuters that no bank in the country had lost money to hackers, although he did not rule out the possibility of cyber attacks.

“We are checking if there are similar attacks on Philippine banks,” Espenilla said. “However, no reported losses so far.”

He added: “It is one thing to be attacked. It is another to lose money.”

Marshall Heilman, vice president for Mandiant, a part of U.S.-based FireEye (FEYE.O), said it was not known whether any money was lost in the other attacks he described or whether the hackers had been successfully blocked.

“There is a group operating in Southeast Asia that definitely understands the bank industry and is at more than one location,” he said.

Heilman declined to identify the country or countries, or the institutions attacked. He said it was the same group as the one involved in the Bank Bangladesh theft and that the attacks were recent, but declined to be more specific.

Central banks elsewhere in Southeast Asia – Singapore, Indonesia, Brunei, Myanmar, Laos, Cambodia, Vietnam, Thailand and East Timor – have declined comment or denied knowledge of any other breaches.

There have been at least four known cyber attacks against a bank involving fraudulent messages on the SWIFT payments network, one dating back to 2013. SWIFT, the Society for Worldwide Interbank Financial Telecommunication, urged banks this week to bolster their security, saying it was aware of multiple attacks.

Banks around the world use secure SWIFT messages for issuing payment instructions to each other.

“HARD CONNECTION”

SWIFT said earlier this week that February’s Bangladesh Bank hack was a “watershed event for the banking industry” and that it was “not an isolated incident.”

Spokeswoman Natasha de Teran said on Thursday that SWIFT was “actively looking into other possible instances of such fraud,” but would not comment on individual entities.

Symantec said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in Southeast Asia. (symc.ly/1sRNHc7)

One of the malicious programs has been previously associated with a hacking group known as Lazarus, which has been linked to the devastating attack on Sony’s Hollywood studio in 2014.

“There is a pretty hard connection now to the Sony attacks and the actor behind them” and the Bangladesh heist, Eric Chien, technical director at Symantec, said in an interview.

Another cybersecurity firm, BAE Systems, said this month that the distinctive computer code used to erase the tracks of hackers in the Bangladesh Bank heist was similar to code used to attack Sony.

Chien said that if North Korea was responsible for the hacks on banks via the SWIFT messaging network it would represent the first known episode of a nation-state stealing money in a cyber attack.

Policymakers, regulators and financial institutions around the world are stepping up scrutiny of the cyber security of the SWIFT payments system after hackers used it to make fraudulent transfers totaling $81 million out of Bank Bangladesh’s account at the Federal Reserve Bank of New York.

Symantec and other researchers have also linked the hack to a failed attempt to use fraudulent SWIFT messages to steal from a commercial bank in Vietnam.

In addition, Reuters reported last week that Ecuador’s Banco del Austro had more than $12 million stolen from a Wells Fargo account due to fraudulent transfers over the SWIFT network.

Bangladesh police are also reviewing a nearly-forgotten 2013 cyber heist at the nation’s largest commercial bank, Sonali Bank, for connections to the central bank heist, a senior law enforcement official told Reuters. The unsolved theft of $250,000 at Sonali Bank also involved fraudulent transfer requests sent over the SWIFT network.

(Additional reporting by Narottam Medhora in Bengaluru and Karen Lema in Manila; Editing by Siddharth Cavale, Leslie Adler and Raju Gopalakrishnan)

From pixels to pixies: the future of touch is sound

My piece on using sound and lasers to create 3-dimensional interfaces. It’s still some ways off, but it’s funky.

Screenshot 2015 10 01 10 49 33

Screenshot from Ultrahaptics video demo

From pixels to pixies: the future of touch is sound | Reuters:

SINGAPORE | BY JEREMY WAGSTAFF

(The video version: The next touchscreen is sound you can feel | Reuters.com)

Ultrasound – inaudible sound waves normally associated with cancer treatments and monitoring the unborn – may change the way we interact with our mobile devices.

Couple that with a different kind of wave – light, in the form of lasers – and we’re edging towards a world of 3D, holographic displays hovering in the air that we can touch, feel and control.

UK start-up Ultrahaptics, for example, is working with premium car maker Jaguar Land Rover [TAMOJL.UL] to create invisible air-based controls that drivers can feel and tweak. Instead of fumbling for the dashboard radio volume or temperature slider, and taking your eyes off the road, ultrasound waves would form the controls around your hand.

‘You don’t have to actually make it all the way to a surface, the controls find you in the middle of the air and let you operate them,’ says Tom Carter, co-founder and chief technology offjauiclinkeer of Ultrahaptics.

Such technologies, proponents argue, are an advance on devices we can control via gesture – like Nintendo’s Wii or Leap Motion’s sensor device that allows users to control computers with hand gestures. That’s because they mimic the tactile feel of real objects by firing pulses of inaudible sound to a spot in mid air.

They also move beyond the latest generation of tactile mobile interfaces, where companies such as Apple and Huawei [HWT.UL] are building more response into the cold glass of a mobile device screen.

Ultrasound promises to move interaction from the flat and physical to the three dimensional and air-bound. And that’s just for starters.

By applying similar theories about waves to light, some companies hope to not only reproduce the feel of a mid-air interface, but to make it visible, too.

Japanese start-up Pixie Dust Technologies, for example, wants to match mid-air haptics with tiny lasers that create visible holograms of those controls. This would allow users to interact, say, with large sets of data in a 3D aerial interface.

‘It would be like the movie ‘Iron Man’,’ says Takayuki Hoshi, a co-founder, referencing a sequence in the film where the lead character played by Robert Downey Jr. projects holographic images and data in mid-air from his computer, which he is then able to manipulate by hand.

BROKEN PROMISES

Japan has long been at the forefront of this technology. Hiroyuki Shinoda, considered the father of mid-air haptics, said he first had the idea of an ultrasound tactile display in the 1990s and filed his first patent in 2001.

His team at the University of Tokyo is using ultrasound technology to allow people to remotely see, touch and interact with things or each other. For now, the distance between the two is limited by the use of mirrors, but one of its inventors, Keisuke Hasegawa, says this could eventually be converted to a signal, making it possible to interact whatever the distance.

For sure, promises of sci-fi interfaces have been broken before. And even the more modest parts of this technology are some way off. Lee Skrypchuk, Jaguar Land Rovers’ Human Machine Interface Technical Specialist, said technology like Ultrahaptics’ was still 5-7 years away from being in their cars.

And Hoshi, whose Pixie Dust has made promotional videos of people touching tiny mid-air sylphs, says the cost of components needs to fall further to make this technology commercially viable. ‘Our task for now is to tell the world about this technology,’ he says.

Pixie Dust is in the meantime also using ultrasound to form particles into mid-air shapes, so-called acoustic levitation, and speakers that direct sound to some people in a space and not others – useful in museums or at road crossings, says Hoshi.

FROM KITCHEN TO CAR

But the holy grail remains a mid-air interface that combines touch and visuals.

Hoshi says touching his laser plasma sylphs feels like a tiny explosion on the fingertips, and would best be replaced by a more natural ultrasound technology.

And even laser technology itself is a work in progress.

Another Japanese company, Burton Inc, offers live outdoor demonstrations of mid-air laser displays fluttering like fireflies. But founder Hidei Kimura says he’s still trying to interest local governments in using it to project signs that float in the sky alongside the country’s usual loudspeaker alerts during a natural disaster.

Perhaps the biggest obstacle to commercializing mid-air interfaces is making a pitch that appeals not just to consumers’ fantasies but to the customer’s bottom line.

Norwegian start-up Elliptic Labs, for example, says the world’s biggest smartphone and appliance manufacturers are interested in its mid-air gesture interface because it requires no special chip and removes the need for a phone’s optical sensor.

Elliptic CEO Laila Danielsen says her ultrasound technology uses existing microphones and speakers, allowing users to take a selfie, say, by waving at the screen.

Gesture interfaces, she concedes, are nothing new. Samsung Electronics had infra-red gesture sensors in its phones, but says ‘people didn’t use it’.

Danielsen says her technology is better because it’s cheaper and broadens the field in which users can control their devices. Next stop, she says, is including touchless gestures into the kitchen, or cars.

(Reporting by Jeremy Wagstaff; Editing by Ian Geoghegan)

BBC – Cybercrime: One of the Biggest Ever

My contribution to the BBC World Service – Business Daily, Cybercrime: One of the Biggest Ever

Transcript below. Original Reuters story here

If you think that all this cybersecurity stuff doesn’t concern you, you’re probably right. If you don’t have any dealings with government, don’t work for an organisation or company, and you never use the Internet. Or an ATM. Or go to the doctor. Or have health insurance. Or a pension.

You get the picture. These reports of so-called data breaches — essentially when some bad guy gets into a computer network and steals information — are becoming more commonplace. And that’s your data they’re stealing, and it will end up in the hands of people you try hard not to let into your house, your car, your bank account, your passport drawer, your office, your safe. They may be thieves, or spies, or activists, or a combination of all three.

And chances are you won’t ever know they were there. They hide well, they spend a long time rooting around. And then when they’ve got what they want, they’re gone. Not leaving a trace.

In fact, a lot of the time we only know they were there when we stumble upon them looking for something else. It’s as if you were looking for a mouse in the cellar and instead stumbled across a SWAT team in between riffling through your boxes, cooking dinner and watching TV on a sofa and flat screen they’d smuggled in when you were out.

Take for example, the case uncovered by researchers at a cybersecurity company called RSA. RSA was called in by a technology company in early 2014 to look at an unrelated security problem. The RSA guys quickly realized there was a much bigger one at hand: hackers were inside the company’s network. And had been, unnoticed, for six months.

Indeed, as the RSA team went through all the files and pieced together what had happened, they realised the attack went back even further.

For months the hackers — almost certainly from China — had probed the company’s defenses with software, until they found a small hole.

On July 10, 2013, they set up a fake user account at an engineering website. They loaded what is called malware — a virus, basically — to another a site. The trap was set. Now for the bait. Forty minutes later, the fake account sent emails to company employees, hoping to fool one into clicking on a link which in turn would download the malware and open the door.

Once an employee fell for the email, the hackers were in, and within hours were wandering the company’s network. For the next 50 days they mapped the network, sending their findings back to their paymasters. It would be they who would have the technical knowledge, not about hacking, but about what documents they wanted to steal.

Then in early September they returned, with specific targets. For weeks they mined the company’s computers, copying gigabytes of data. They were still at it when the RSA team discovered them nearly five months later.

Having pieced it all together, now the RSA team needed to kick the hackers out. But that would take two months, painstakingly retracing their movements, noting where they had been in the networks and what they had stolen. Then they locked all the doors at once.

Even then, the hackers were back within days, launching hundreds of assaults through backdoors, malware and webshells. They’re still at it, months later. They’re probably still at it somewhere near you too.

Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters

My piece on what Deep Panda looks like in action: Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters:

Security researchers have many names for the hacking group that is one of the suspects for the cyberattack on the U.S. government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault — and eventually repulsed it.

Myers’ account of a months-long battle with the group illustrates the challenges governments and companies face in defending against hackers that researchers believe are linked to the Chinese government – a charge Beijing denies.

‘The Shell Crew is an extremely efficient and talented group,’ Myers said in an interview.Shell Crew, or Deep Panda, are one of several hacking groups that Western cybersecurity companies have accused of hacking into U.S. and other countries’ networks and stealing government, defense and industrial documents.The attack on the OPM computers, revealed this month, compromised the data of 4 million current and former federal employees, raising U.S. suspicions that Chinese hackers were building huge databases that could be used to recruit spies.

China has denied any connection with such attacks and little is known about the identities of those involved in them.  But cybersecurity experts are starting to learn more about their methods.

Researchers have connected the OPM breach to an earlier attack on U.S. healthcare insurer Anthem Inc (ANTM.N), which has been blamed on Deep Panda.

RSA’s Myers says his team has no evidence that Shell Crew were behind the OPM attack, but believes Shell Crew and Deep Panda are the same group.

And they are no newcomers to cyber-espionage.CrowdStrike, the cybersecurity company which gave Deep Panda its name due to its perceived Chinese links, traces its activities to 2011, when it launched attacks on defense, energy and chemical industries in the United States and Japan. But few have caught them in the act.

    SHELL CREW IN ACTION

In February 2014 a U.S. firm that designs and makes technology products called in RSA, a division of technology company EMC (EMC.N), to fix an unrelated problem. RSA realized there was a much bigger one at hand: hackers were inside the company’s network, stealing sensitive data. 

‘In fact,’ Myers recalls telling the company, ‘you have a problem right now.’Myers’ team could see hackers had been there for more than six months. But the attack went back further than that.

For months Shell Crew had probed the company’s defenses, using software code that makes use of known weaknesses in computer systems to try to unlock a door on its servers. Once Shell Crew found a way in, however, they moved quickly, aware this was the point when they were most likely to be spotted.        SPEARPHISHING

On July 10, 2013, they set up a fake user account at an engineering portal. A malware package was uploaded to a site, and then, 40 minutes later, the fake account sent emails to company employees, designed to fool one into clicking on a link which in turn would download the malware and open the door. 

‘It was very well timed, very well laid out,’ recalls Myers.

Once an employee fell for the email, the Shell Crew were in, and within hours were wandering the company’s network. Two days later the company, aware employees had fallen for the emails – known as spearphish – reset their passwords. But it was too late: the Shell Crew had already shipped in software to create backdoors and other ways in and out of the system. 

For the next 50 days the group moved freely, mapping the network and sending their findings back to base. This, Myers said, was because the hackers would be working in tandem with someone else, someone who knew what to steal.

‘They take out these huge lists of what is there and hand it over to another unit, someone who knows about this, what is important,’ he said. 

Then in early September 2013, they returned, with specific targets. For weeks they mined the company’s computers, copying gigabytes of data. They were still at it when the RSA team discovered them nearly five months later. 

Myers’ team painstakingly retraced Shell Crew’s movements, trying to catalogue where they had been in the networks and what they had stolen. They couldn’t move against them until they were sure they could kick them out for good. 

It took two months before they closed the door, locking the Shell Crew out.  But within days they were trying to get back in, launching hundreds of assaults through backdoors, malware and webshells.

Myers says they are still trying to gain access today, though all attempts have been unsuccessful.  

‘If they’re still trying to get back in, that lets you know you’re successful in keeping them out,’ he said.

(Additional reporting by Joseph Menn; Editing by Rachel Armstrong and Mark Bendeich)”

Spy in the Sky – are planes hacker-proof?

My take on aviation cybersecurity for Reuters: Plane safe? Hacker case points to deeper cyber issues:

“Plane safe? Hacker case points to deeper cyber issues

BY JEREMY WAGSTAFF

Security researcher Chris Roberts made headlines last month when he was hauled off a plane in New York by the FBI and accused of hacking into flight controls via his underseat entertainment unit.

Other security researchers say Roberts – who was quoted by the FBI as saying he once caused ‘a sideways movement of the plane during a flight’ – has helped draw attention to a wider issue: that the aviation industry has not kept pace with the threat hackers pose to increasingly computer-connected airplanes.

Through his lawyer, Roberts said his only interest had been to ‘improve aircraft security.’

‘This is going to drive change. It will force the hand of organizations (in the aviation industry),’ says Jonathan Butts, a former US Air Force researcher who now runs a company working on IT security issues in aviation and other industries.

As the aviation industry adopts communication protocols similar to those used on the Internet to connect cockpits, cabins and ground controls, it leaves itself open to the vulnerabilities bedevilling other industries – from finance to oil and gas to medicine.

‘There’s this huge issue staring us in the face,’ says Brad Haines, a friend of Roberts and a security researcher focused on aviation. ‘Are you going to shoot the messenger?’

More worrying than people like Roberts, said Mark Gazit, CEO of Israel-based security company ThetaRay, are the hackers probing aircraft systems on the quiet. His team found Internet forum users claiming to have hacked, for example, into cabin food menus, ordering free drinks and meals.

That may sound harmless enough, but Gazit has seen a similar pattern of trivial exploits evolve into more serious breaches in other industries. ‘It always starts this way,’ he says.

ANXIOUS AIRLINES

The red flags raised by Roberts’ case are already worrying some airlines, says Ralf Cabos, a Singapore-based specialist in inflight entertainment systems.

One airline official at a recent trade show, he said, feared the growing trend of offering inflight WiFi allowed hackers to gain remote access to the plane. Another senior executive demanded that before discussing any sale, vendors must prove their inflight entertainment systems do not connect to critical flight controls.

Panasonic Corp and Thales SA, whose inflight entertainment units Roberts allegedly compromised, declined to answer detailed questions on their systems, but both said they take security seriously and their devices were certified as secure.

Airplane maker Boeing Co says that while such systems do have communication links, ‘the design isolates them from other systems on planes performing critical and essential functions.’ European rival Airbus said its aircraft are designed to be protected from ‘any potential threats coming from the In-Flight-Entertainment System, be it from Wi-Fi or compromised seat electronic boxes.’

Steve Jackson, head of security at Qantas Airways Ltd, said the airline’s ‘extremely stringent security measures’ would be ‘more than enough to mitigate any attempt at remote interference with aircraft systems.’

CIRCUMVENTING

But experts question whether such systems can be completely isolated. An April report by the U.S. General Accountability Office quoted four cybersecurity experts as saying firewalls ‘could be hacked like any other software and circumvented,’ giving access to cockpit avionics – the machinery that pilots use to fly the plane.

That itself reflects doubts about how well an industry used to focusing on physical safety understands cybersecurity, where the threat is less clear and constantly changing.

The U.S. National Research Council this month issued a report on aviation communication systems saying that while the Federal Aviation Administration, the U.S. regulator, realized cybersecurity was an issue, it ‘has not been fully integrated into the agency’s thinking, planning and efforts.’

The chairman of the research team, Steven Bellovin of Columbia University, said the implications were worrying, not just for communication systems but for the computers running an aircraft. ‘The conclusion we came to was they just didn’t understand software security, so why would I think they understand software avionics?’ he said in an interview.

SLOW RESPONSE

This, security researchers say, can be seen in the slow response to their concerns.

The International Civil Aviation Organisation (ICAO) last year highlighted long-known vulnerabilities in a new aircraft positioning communication system, ADS-B, and called for a working group to be set up to tackle them.

Researchers like Haines have shown that ADS-B, a replacement for radar and other air traffic control systems, could allow a hacker to remotely give wrong or misleading information to pilots and air traffic controllers.

And that’s just the start. Aviation security consultant Butts said his company, QED Secure Solutions, had identified vulnerabilities in ADS-B components that could give an attacker access to critical parts of a plane.

But since presenting his findings to vendors, manufacturers and the industry’s security community six months ago he’s had little or no response.

‘This is just the tip of the iceberg,’ he says.

(Additional reporting by Siva Govindasamy; Editing by Ian Geoghegan)”

From balloons to shrimp-filled shallows, the future is wireless

From balloons to shrimp-filled shallows, the future is wireless

BY JEREMY WAGSTAFF

(Reuters) – The Internet may feel like it’s everywhere, but large pockets of sky, swathes of land and most of the oceans are still beyond a signal’s reach.

Three decades after the first cellphone went on sale – the $4,000 Motorola DynaTAC 8000X “Brick” – half the world remains unconnected. For some it costs too much, but up to a fifth of the population, or some 1.4 billion people, live where “the basic network infrastructure has yet to be built,” according to a Facebook white paper last month.

Even these figures, says Kurtis Heimerl, whose Berkeley-based start-up Endaga has helped build one of the world’s smallest telecoms networks in an eastern Indonesian village, ignore the many people who have a cellphone but have to travel hours to make a call or send a message. “Everyone in our community has a phone and a SIM card,” he says. “But they’re not covered.”

Heimerl reckons up to 2 billion people live most of their lives without easy access to cellular coverage. “It’s not getting better at the dramatic rate you think.”

The challenge is to find a way to connect those people, at an attractive cost.
And then there’s the frontier beyond that: the oceans.

Improving the range and speed of communications beneath the seas that cover more than two-thirds of the planet is a must for environmental monitoring – climate recording, pollution control, predicting natural disasters like tsunami, monitoring oil and gas fields, and protecting harbours.

There is also interest from oceanographers looking to map the sea bed, marine biologists, deep-sea archaeologists and those hunting for natural resources, or even searching for lost vessels or aircraft. Canadian miner Nautilus Minerals Inc said last week it came to an agreement with Papua New Guinea, allowing it to start work on the world’s first undersea metal mining project, digging for copper, gold and silver 1,500 metres (4,921 feet) beneath the Bismark Sea.

And there’s politics: China recently joined other major powers in deep-sea exploration, partly driven by a need to exploit oil, gas and mineral reserves. This year, Beijing plans to sink a 6-person ‘workstation’ to the sea bed, a potential precursor to a deep-sea ‘space station’ which, researchers say, could be inhabited.

“Our ability to communicate in water is limited,” says Jay Nagarajan, whose Singapore start-up Subnero builds underwater modems. “It’s a blue ocean space – if you’ll forgive the expression.”

BALLOONS, DRONES, SATELLITES
Back on land, the challenge is being taken up by a range of players – from high-minded academics wanting to help lift rural populations out of poverty to internet giants keen to add them to their social networks.

Google, for example, is buying Titan Aerospace, a maker of drones that can stay airborne for years, while Facebook has bought UK-based drone maker Ascenta.

CEO Mark Zuckerburg has said Facebook is working on drones and satellites to help bring the Internet to the nearly two thirds of the world that doesn’t yet have it. As part of its Project Loon, Google last year launched a balloon 20 km (12.4 miles) into the skies above New Zealand, providing wireless speeds of up to 3G quality to an area twice the size of New York City.

But these are experimental technologies, unlikely to be commercially viable for a decade, says Christian Patouraux, CEO of another Singapore start-up, Kacific. Its solution is a satellite network that aims to bring affordable internet to 40 million people in the so-called ‘Blue Continent’ – from eastern Indonesia to the Pacific islands.

A mix of technologies will prevail, says Patouraux – from fiber optic cables, 3G and LTE mobile technologies to satellites like his HTS Ku-band, which he hopes to launch by end-2016. “No single technology will ever solve everything,” he said.

Indeed, satellite technology – the main method of connectivity until submarine cables became faster and cheaper – is enjoying a comeback. While Kacific, O3b and others aim at hard-to-reach markets, satellite internet is having success even in some developed markets. Last year, ViaSat topped a benchmarking study of broadband speeds by the U.S. Federal Communications Commission.

And today’s airline passengers increasingly expect to be able to go online while flying, with around 40 percent of U.S. jetliners now offering some Wi-Fi. The number of commercial planes worldwide with wireless internet or cellphone service, or both, will triple in the next decade, says research firm IHS.

WHITE SPACE

Densely populated Singapore is experimenting with so-called ‘white space’, using those parts of the wireless spectrum previously set aside for television signals. This year, it has quietly started offering what it calls SuperWifi to deliver wireless signals over 5 km or more to beaches and tourist spots.

This is not just a first-world solution. Endaga”s Heimerl is working with co-founder Shaddi Hasan to use parts of the GSM spectrum to build his village-level telco in the hills of Papua.

That means an ordinary GSM cellphone can connect without any tweaks or hardware. Users can phone anyone on the same network and send SMS messages to the outside world through a deal with a Swedish operator.

Such communities, says Heimerl, will have to come up with such solutions because major telecoms firms just aren’t interested. “The problem is that these communities are small,” says Heimerl, “and even with the price of hardware falling the carriers would rather install 4G in cities than equipment in these communities.”

The notion of breaking free of telecoms companies isn’t just a pipe dream.

MESH

Part of the answer lies in mesh networks, where devices themselves serve as nodes connecting users – not unlike a trucker’s CB radio, says Paul Gardner-Stephen, Rural, Remote & Humanitarian Telecommunications Fellow at Flinders University in South Australia.

Gardner-Stephen has developed a mesh technology called Serval that has been used by activists lobbying against the demolition of slums in Nigeria, and is being tested by the New Zealand Red Cross.

Mesh networks aren’t necessarily small, rural and poor: Athens, Berlin and Vienna have them, too. And Google Chairman Eric Schmidt has called them “the most essential form of digital communication and the cheapest to deploy.”

Even without a balloon and Google’s heft, mesh networks offer a bright future, says Gardner-Stephen. If handset makers were to open up their chips to tweaks so their radios could communicate over long distances, it would be possible to relay messages more than a kilometre.

In any case, he says, the Internet is no longer about instantaneous communication. As long as we know our data will arrive at some point, the possibilities open up to thinking of our devices more as data couriers, storing messages on behalf of one community until they are carried by a villager to another node they can connect to, passing those messages on several times a day.

It’s not our present vision of a network where messages are transmitted in an instant, but more like a digital postal service, which might well be enough for some.

“Is the Internet going to be what it looks like today? The answer is no,” said Gardner-Stephen.

PISTOL SHRIMPS

As the Internet changes, so will its boundaries.

As more devices communicate with other devices – Cisco Systems Inc estimates there will be 2 billion such connections by 2018 – so is interest increasing in connecting those harder-to-reach devices, including those underwater, that are beyond the reach of satellites, balloons and base stations.

Using the same overground wireless methods for underwater communications isn’t possible, because light travels badly in water. Although technologies have improved greatly in recent years, underwater modems still rely on acoustic technologies that limit speeds to a fraction of what we’re now used to.

That’s partly because there are no agreed standards, says Subnero’s Nagarajan, who likens it to the early days of the Internet. Subnero offers underwater modems that look like small torpedoes which, he says, can incorporate competing standards and allow users to configure them.

This is a significant plus, says Mandar Chitre, an academic from the National University of Singapore, who said that off-the-shelf modems don’t work in the region’s shallow waters.

The problem: a crackling noise that sailors have variously attributed to rolling pebbles, surf, volcanoes, and, according to a U.S. submarine commander off Indonesia in 1942, the Japanese navy dropping some “newfangled gadget” into the water.

The actual culprit has since been identified – the so-called pistol shrimp, whose oversized claw snaps a bubble of hot air at its prey. Only recently has Chitre been able to filter out the shrimp’s noise from the sonic pulses an underwater modem sends. His technology is now licensed to Subnero.

There are still problems speeding up transmission and filtering out noise, he says. But the world is opening up to the idea that to understand the ocean means deploying permanent sensors and modems to communicate their data to shore.

And laying submarine cables would cost too much.

“The only way to do this is if you have communications technology. You can’t be wiring the whole ocean,” he told Reuters. “It’s got to be wireless.”

(Editing by Ian Geoghegan)

Awesomeness Fatigue

This is a commentary piece I’ve recorded for the BBC World Service.

I call it awesomeness fatigue – the exhaustion that comes from being bombarded with stories, videos and pictures designed to amaze you. The problem is not that they don’t work: it’s that they’re too good.

In the past week or so I’ve watched people fly off mountains, some figure skating guy and a kid who sued his school after being bullied. All are awesome.

No, the problem is that a sort of “awesome inflation” kicks in, meaning that as your Facebook page, or Twitter feed, or however you consume social media, fills up with these things, so each one needs to be a little more extraordinary than the last one to gain your attention.

And this is the problem. In the past year we’ve seen the rapid emergence of a number of services designed to do just that – to find amazing things on the net and then write a headline that you can’t resist.

Upworthy, one of the most successful, pays a team of freelancers to each unearth no more than seven videos a week. Then they get to work crafting headlines – at least 25 of them for each post, which are then tested rigorously on small focus groups to find the one which would be most viral.

A couple of recent headlines. Resist them if you can: Remember When Music Videos Used To Mean Something? Some Still Do. or Martin Luther King Jr.’s Badass Speech That Everyone Forgot About.

See? They sort of understand us. And so it has worked. Within 18 months, Upworthy has overtaken websites of the New York Times and Disney’s Go.com in the US.

According to Newswhip, a company which measures these things, upworthy got almost as many people to share its 246 items last October as the British newspaper the Daily Mail did with its more than 12,000.

In short, sites like Upworthy have fine-tuned what makes stuff irresistible to us, to click on, watch and then share.

An advertiser’s dream, of course, but this is not a sustainable model.

A few years ago we were quite happy watching a video of baby laughing (‘Baby laughing’, 2006, 21 million hits), or a 7-year old boy groggy from novocaine (‘David After Dentist’, 2009, 122 million hits. Or a guy combining mentos and cola (‘Diet Coke + Mentos’, 17 million hits) to make a fountain.

Now it’s got to be awesome, with a focus-group tested headline.

But it’s hard to envisage how we can keep coming up with amazing things that surprise us. And, more importantly, that we end up getting sick of looking at things that are awesome, and just start yearning for some normality. I am much more selective about which awesomeness I click on. Some of my friends, frankly, are a bit too easily amazed and have slipped in my estimation.

And this is the problem. Digital is making us so hyperefficient that it’s fast squeezing out of life the joys of surprise and serendipity. Surprise that we might define for ourselves the awesomeness – or not – of what we see. Serendipity in discovering something ourselves – rather than having it delivered on a focus-group tested platter.

That our social networks are now being filled with stuff that’s got virality baked deep in somewhat takes the joy out of what social media used to be: finding things ourselves and sharing them with others.

And that word awesome? Awesome as a word has lost most of its awesomeness through overuse– I was told I was awesome by an online magazine for subscribing, and I notice my three-year old daughter is informed by her iPad games that she’s awesome a tad too frequently. Me?

I’m back to being impressed if I can remember my wife’s birthday or to charge my phone before I go to bed. Wake up with a fully-charged phone? Now that’s awesome.

Myanmar’s mobile revolution too slow for many

A piece I wrote from Yangon on the state of mobile communications in Myanmar

Mobile revolution in Myanmar is on the cards, but too slow for many | Reuters:

Myanmar is on the cusp of a mobile revolution. Only it’s happening way too slowly for many locals.

Last week the government invited expressions of interest for two mobile phone licenses – a first step towards increasing mobile penetration from its current 5-10 percent to 80 percent in three years. That would lift it off the bottom of the world’s ladder of mobile use and put it on a par with neighbors like Bangladesh.

ZTE confirms security hole in U.S. phone

This is a piece I wrote with my colleague Lee Chyen Yee on the ZTE vulnerability. 

ZTE Corp, the world’s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device.

The hole affects ZTE’s Score model that runs on Google Inc’s Android operating system and was described by one researcher as “highly unusual.”

“I’ve never seen it before,” said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike. The hole, usually called a backdoor, allows anyone with the hardwired password to access the affected phone, he added.

Read the rest at ZTE confirms security hole in US phone