HP issues urgent security update

Dozens of laptop models sold by HP contain built-in “keylogging” technology that stores everything users type, researchers have warned.

The records of what users type on the keyboard were stored in plain text on the computers, meaning anyone with access to them could read messages, passwords, web searches and credit card numbers if they knew where to look.

HP issued a fix for some of the affected models on Thursday night and promised another for the rest of the devices would be released today.

The bug affects 28 HP laptops sold in 2015 and 2016, including EliteBook, ProBook and ZBook models.

HP did not install the keylogging software deliberately, the researchers said, but it was included as part of a driver for Conexant, whose audio chips are included in the laptops.

The driver monitored keystrokes to look out for users pressing audio control keys to pause or change volume, but monitored and stored the entire keyboard activity. Modzero, the security company that discovered the flaw, said it could also feature on other laptop brands.

Keyloggers are seen as one of the most malicious forms of computer viruses, capable of tracking everything a user types and sending them to hackers remotely. Although there is no suggestion that the HP bug shared any of the data, if a computer was shared or someone got hold of it, a wealth of personal information would be at their disposal.

The file where users’ keystrokes are stored on the laptops is overwritten every time a computer reboots, but computer forensics experts are able to recover deleted files.

“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful,” Modzero’s researchers wrote.

It said it had revealed the flaw to HP and Conexant, but that neither had responded to contact requests.

“HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs,” a spokesman said.

“HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com.”

Advertisements

Apple Centers Health Data Strategy on iPhone

Apple quietly has been strategizing to expand its growing healthcare business to include the management of digital health records, with the iPhone operating as a central data hub, CNBC reported last week.

Apple has been in talks with numerous health industry groups that are involved in setting standards for the storage and sharing of electronic medical records, in a way that would help consumers gain more control over their private medical information, according to the network.

The plan appears to be a natural extension of Apple’s recent health industry strategy, which includes its Research Kit, CareKit and HealthKit — platforms that allow developers to create apps that help patients, hospitals and researchers find new ways to collect, manage and deliver health data efficiently and directly.

“This has been an interest point as part of Apple’s strategy in the healthcare vertical for some time,” said Daniel Ruppar, digital health global program director at Frost & Sullivan.

Apple last year acquired Gliimpse, a medical records startup that helped collect data from different platforms and organized the information for patients.

Thus far, Apple’s efforts largely have focused on fitness information, but in recent years it has moved into more focused healthcare delivery. For example, the company recently began work on developing sensors that could help diabetic patients manage blood glucose levels.

“They’ve shown on a number of fronts they’ve been tackling health and well being,” said Ian Fogg, senior director, mobile and telecoms at IHS Markit.

Google Increases Maximum Android Bug Bounties to $200,000

Android has a reputation for poor security, but that’s a result of past failings. Most security flaws you hear
about now affect old builds of the OS, or require clever social engineering to get the user to weaken device security.
The versions of Android being released now are vastly more secure than what Google was putting out years ago.
In fact, no one has managed to claim Google’s largest bug bounties for Android. So, the company is increasing the rewards to as much as $200,000.

Google started the bug bounty program for Android about two years ago. It works just like other bug bounties the
company has used for other products. Security researchers who can demonstrate an exploit get a cash prize,
the amount of which varies based on the severity of the hack. Then, Google gets to fix the bug and avoid future security issues.
Still, no one has submitted a working exploit for Android’s core components, even when such an exploit is worth $30,000-$50,000.
So, by increasing the reward, Google hopes it will attract more researchers and engineers to the bug bounty program.

The increases reward applies to two bounties; one for vulnerabilities in TrustZone or Verified Boot, and the other for a remote kernel exploit.
Android is based on the Linux kernel, which has given the platform great flexibility over the years. However, the Linux kernel also comes with baggage.
It has been the cause of several significant security breaches known as remote kernel exploits. An example of this would be the TowelRoot exploit,
which could be used by users to gain root on a device. Of course, hackers could also use remote kernel exploits like that to infiltrate devices and steal data.
The bounty for a new remote kernel exploit has gone up to $150,000 from $30,000.

Microsoft is now ‘paying’ UK users to ditch Google and search with Bing

Every second on the internet, thousands of tweets, Facebook posts, and web searches are completed. The majority of the latter are made on Google.
Microsoft wants to turn this tide. As part of its Rewards scheme, launching today in the UK, it will ‘pay’ you to use Bing instead of its competitors.
The incentives scheme launched in the US in August 2016. “It’s a rewards program for using Microsoft’s products and services,” Kevin Stagg, head of consumer marketing at Microsoft, tells WIRED. “In the UK we’re launching with Bing and the Microsoft Stores”.

The premise behind the rewards scheme is simple: people with a Microsoft account can sign-up for the rewards scheme and when a search is made on Bing, or an item is purchased from the Microsoft Store, points will be collected. These points can then be swapped for items.

“The points can be redeemed for a number of Microsoft offerings,” Stagg explains. “These might include free movies and music, or entry into larger prize sweepstakes”. At its UK launch, one of Microsoft’s larger prizes is the chance to win an appearance in Charli XCX’s new music video.

Essentially, the scheme from Microsoft is a loyalty card for its search engine. Stats from April 2017 show that those searching online in the UK use Google vastly more than Bing. The statistics claim Google usage is at 85.74 per cent, with Bing in second place with a 10.07 per cent market share and Yahoo trailing in third place with 3.16 per cent usage.

Microsoft is now paying UK users to ditch Google and search with Bing

Every second on the internet, thousands of tweets, Facebook posts, and web searches are completed. The majority of the latter are made on Google.
Microsoft wants to turn this tide. As part of its Rewards scheme, launching today in the UK, it will ‘pay’ you to use Bing instead of its competitors.
The incentives scheme launched in the US in August 2016. “It’s a rewards program for using Microsoft’s products and services,” Kevin Stagg, head of consumer marketing at Microsoft, tells WIRED. “In the UK we’re launching with Bing and the Microsoft Stores“.
The premise behind the rewards scheme is simple: people with a Microsoft account can sign-up for the rewards scheme and when a search is made on Bing, or an item is purchased from the Microsoft Store, points will be collected. These points can then be swapped for items.

“The points can be redeemed for a number of Microsoft offerings,” Stagg explains. “These might include free movies and music, or entry into larger prize sweepstakes”. At its UK launch, one of Microsoft’s larger prizes is the chance to win an appearance in Charli XCX’s new music video.

Essentially, the scheme from Microsoft is a loyalty card for its search engine. Stats from April 2017 show that those searching online in the UK use Google vastly more than Bing. The statistics claim Google usage is at 85.74 per cent, with Bing in second place with a 10.07 per cent market share and Yahoo trailing in third place with 3.16 per cent usage.

Stagg says the rewards scheme has been introduced to give something to Microsoft’s current users as well as helping to attract new customers to Bing and its online store. For Bing, there are two levels of points to redeem. Level 1 members can earn points for 10 searches per day while those at Level 2 can earn reward points for 50 searches per day. The number of searches used are refreshed each day.

Autonomous Cars Fly Like Birds

It is kind of amazing how much advancement is going on in the autonomous car space.
A year ago, we were mostly talking about cars that seemed comparatively boring, because
they just drove on the surface. How quaint — how 2016. Now when we mention “boring,”
we may be talking about Elon Musk’s new underground tunneling idea.

However, a little company called “Airbus” — yes, the one that likely made the plane you last few in — disagrees.
It plans to start testing its autonomous flying car this year in Silicon Valley — I expect so it can buzz Musk’s Tesla plant there.

That kind of explains why Ford just fired its CEO (who wasn’t planning to tunnel or fly),
and why Toyota is looking at blockchain for automotive security (because you sure as heck don’t want flying cars to have Hitchcock Birds).

Read on for more about the future of cars, er people-carrying drones, er automated sleds — ah, personal transportation this week!
I’ll close with my product of the week: a new drone using Intel’s Movidius Myriad 2 technology from DJI, the Spark.
(No, it won’t carry you to work, but it may become your favorite summer toy.)

Flying or Tunneling?

This is really both pretty amazing and pretty annoying. I mean, why the heck doesn’t someone just invent the Star Trek.
Transporter and call it a day? In one corner there’s Musk, who has been badmouthing flying cars and just bought an
automated tunnel-making machine, arguing that the future is underground.

At the same time, a ton more people — including Google’s founders (who are Musk’s neighbors) — a number of startups,
and at least one huge aerospace company are arguing for flying cars. Oh, and given that Amazon is developing
heavy-lift delivery drones that aren’t far removed from this, it’s no doubt working on something similar in secret.

Here’s how your smartphone usage can change the way you make decisions

LONDON: People using smartphones are more likely to make rational and unemotional decisions compared
to computer users, when presented with a moral dilemma on their device, according to a new study.

Researchers from City, University of London in the UK found that PC users were more likely to
favour action based on intuition and following established rules.

The research suggests that moral judgements depend on the digital context in which a dilemma
is presented and could have significant implications for how we interact with computers.

The researchers recruited 1,010 people and presented them with a classic moral dilemma known as the ‘Trolley Problem’.

In the trolley problem, participants are told that there is a runaway trolley travelling
quickly down the railway tracks.

Ahead, on the tracks, there are five people tied up and unable to move and the trolley is headed straight for them.
The participants are then told that they are standing some distance off in the train yard, next to
a lever and that if you pull this lever, the trolley will switch to a different set of tracks.
However, they are also told that there is one person on the side track.

As a result, participants are asked to either do nothing, and the trolley kills the five people on the main track or alternatively pull the lever, diverting the trolley onto the side track where it will kill one person.

In both scenarios participants are asked to sacrificing one life to save five other,
but the lever trolley dilemma is impersonal while the footbridge dilemma is personal.

When presented with different scenarios, the researchers found that participants in the
fat man dilemma were more likely to opt for sacrificing the fat man (utilitarian response)
to save five people when using a smartphone (33.5%) than when using a PC (22.3%).

In the lever condition, it was also found that slightly more participants decided to
sacrifice one man by pulling the switch than to do nothing and let five people die
(80.9% for the smartphone users; 76.9% for the PC users).

As a result, the study suggests that even under conditions of time pressure,
some digital contexts – such as using a smartphone – could trigger utilitarian decision- making.