WikiLeaks latest CIA dump focuses on malware for Windows

As WikiLeaks continues to extend the mileage from its “Vault 7 cache” of CIA information, its latest release focuses on tools it says the agency uses for hacking Windows computers. While its release didn’t include any source code, manuals described a “Grasshopper” tool used to create custom malware setups depending on the target intended. As CSO Magazine explains, it used some elements from the Carberp financial malware that leaked onto the internet in 2013. The CIA’s Advanced Engineering Division and Remote Development Branch allegedly modified that malware, while the Grasshopper setup allows them to customize its ability to persist on the victim’s computer, reinstall itself and evade antivirus scans.

Documents dated 2014 list what antivirus products and configurations Grasshopper could bypass on Windows XP, 7 and 8.1 systems, with varying levels of success. According to Ars Technica, however, this release isn’t as damaging as last week’s drop, which exposed some of the ways CIA developers hide any signs that could tie an attack to their agency.

Source: WikiLeaks

Adidas shows off the first 3D-printed sneakers it’ll mass produce by 2018

By next year, companies will stop prototyping with 3D printers and will finally start mass-producing.

Well, at least Adidas plans to, with a sneaker called Futurecraft 4D. The shoe-maker has been dabbling with 3D printing and manufacturing for a while, but it plans to ramp up efforts by 2018. Its new Futurecraft 4D shoe has a mid-sole that it designed using a process known as Continuous Liquid Interface Production. The sole is pulled out of a container of liquid polymer resin and molded using ultraviolet light.

• 3D printing: Everything you need to know and when it’ll be affordable
• McLaren F1 team will begin 3D printing parts trackside

Adidas

Silicon Valley-based Carbon created the method, which it claimed is faster and better than traditional additive printing, and it uses materials that are more flexible and stronger than injection moulded plastics. Check out the video below to see Carbon’s method in action. It will help make 3D-printing a reality for companies looking to mass-produce. Adidas will use it to make 5,000 pairs of Futurecraft trainers.

The shoes will go on sale sometime in 2017, and then by the end of next year, Adidas will 3D-print another 100,000 pairs. The cost of a single pair is unknown right now, but Adidas has suggested Futurecraft 4D will be a “premium” product with a high price tag.

CNC cutting machine slices through foam like a hot knife through butter

Why it matters to you

Looking for a desktop cutter that’s different? A new machine on Kickstarter allows users to create works using polystyrene instead of plastic or wood.

What does the overwhelming number of CNC (Computer Numerical Control) tools available on the market say to you? If your answer is that “there are clearly too many,” stop reading now. If, on the other hand, your response is “people obviously like them; let’s see some more,” then you’re in luck!

That’s because a new high-precision cutting machine has just arrived on Kickstarter — and it’s bound to be of interest to many of you would-be “makers” out there. Called P400, this is a high-precision desktop cutter with a difference, since the material it uses to slice and dice isn’t your usual wood or plastic, but rather cheap and normally disposable polystyrene.

More: This gigantic CNC router is 8 feet wide, 4 feet tall, and costs less than $500

“We are in a period in which 3D printing leads the market, but we strongly believe that there are a lot of applications in the CNC world that are equally interesting and useful,” co-creator Flavio Prattico told Digital Trends. “Polystyrene is a really poor material, but it is really easy to work, and with few post-processing, you can obtain awesome objects. This is why we love it! [By ‘poor’], I mean it is cheap, not nice as it is — like wood — and in people’s minds is a material just for packaging.”

As with other CNC machines, users create the shape they want to cut out on a computer. The P400 machine then goes to work with its tiny blade by cutting out the pattern exactly. It’s very fast, and impressively accurate — meaning that you’ll be able to not just cut straightforward shapes but also more detailed one such as puzzles, stencils, or even individual words and letters.

The advantage of polystyrene is that, while it’s far from the world’s most durable material, its cheapness means that you can create your works without spending much in the way of capital.

P400 is currently available to pre-order on Kickstarter, with prices set at 299 euros ($316). Shipping is set for September, and supplies are limited.

Google’s crackdown causes fake Maps listings to drop by 70 percent since 2015

Why it matters to you

Google Maps is a tool to get from point A to point B — but it could lead you astray if a fake listing gets through. Since 2015, the company has reduced such listings by 70 percent.

Google Maps is getting more accurate. The internet giant said it has taken a number of steps over the past few years to reduce fake results popping up in Google Maps — and they appear to be working. The number of fake listings has fallen by a whopping 85 percent, and those fake listings, Google says, are identified before they even appear on Google Maps.

Google has also reduced the number of fake live listings by 70 percent compared to the peak reached in June 2015.

More: Watch this astounding trip around the world, made entirely from Google Maps

The fake listings come largely from Google My Business, which itself extends over to Google Maps and even Google Search. Many of the fake listings are an attempt by people to defraud businesses or sometimes to extort customers.

Google also commissioned a study from the University of California, San Diego, to get a little more insight into abuse on Google Maps — so that it could continue to improve listings on Maps.

According to the study, roughly two out of five fake listings were bad actors posing as locksmiths, plumbers, electricians, and so on. Despite the fact that Google routinely discovered and disabled the fake listings, the perpetrators would still cycle through different addresses and VoIP phone numbers.

Around 10 percent of fake listings actually belonged to legitimate businesses — like hotels and restaurants — which scammers then claimed ownership of. These scams affected customers as well. Booking a hotel room online, for example, might seem exactly like the real thing, but the businesses were then being told to pay referral fees.

There are a number of ways that Google is reducing fake listings on Maps. For starters, the company is prohibiting bulk registrations at most addresses, and preventing companies from listing new addresses a long distance away without valid verification.

Google’s crackdown causes fake Maps listings to drop by 70 percent since 2015

Why it matters to you

Google Maps is a tool to get from point A to point B — but it could lead you astray if a fake listing gets through. Since 2015, the company has reduced such listings by 70 percent.

Google Maps is getting more accurate. The internet giant said it has taken a number of steps over the past few years to reduce fake results popping up in Google Maps — and they appear to be working. The number of fake listings has fallen by a whopping 85 percent, and those fake listings, Google says, are identified before they even appear on Google Maps.

Google has also reduced the number of fake live listings by 70 percent compared to the peak reached in June 2015.

More: Watch this astounding trip around the world, made entirely from Google Maps

The fake listings come largely from Google My Business, which itself extends over to Google Maps and even Google Search. Many of the fake listings are an attempt by people to defraud businesses or sometimes to extort customers.

Google also commissioned a study from the University of California, San Diego, to get a little more insight into abuse on Google Maps — so that it could continue to improve listings on Maps.

According to the study, roughly two out of five fake listings were bad actors posing as locksmiths, plumbers, electricians, and so on. Despite the fact that Google routinely discovered and disabled the fake listings, the perpetrators would still cycle through different addresses and VoIP phone numbers.

Around 10 percent of fake listings actually belonged to legitimate businesses — like hotels and restaurants — which scammers then claimed ownership of. These scams affected customers as well. Booking a hotel room online, for example, might seem exactly like the real thing, but the businesses were then being told to pay referral fees.

There are a number of ways that Google is reducing fake listings on Maps. For starters, the company is prohibiting bulk registrations at most addresses, and preventing companies from listing new addresses a long distance away without valid verification.

Latest WikiLeaks release involves ‘Grasshopper,’ a toolset for creating custom hacks

Why it matters to you

The leaked documents show that the agency has tools that make it easy to create custom attacks.

WikiLeaks has stirred up some serious controversy and concern with its various Vault7 leaks, which have uncovered numerous CIA hacking projects. The organization isn’t done yet, apparently, as it continues to release information on methods used by the U.S. intelligence agency to break into target computer systems.

The most recent release involves what’s called “Grasshopper,” specifically a collection of software tools used by the CIA to attack Microsoft’s Windows platform. The tools are essentially building blocks that CIA agents can use to snap together custom attacks, as Ars Technica reports.

More: Wikileaks’ ‘Vault 7’ proves Big Brother and criminal hackers use the same tricks

The WikiLeaks Grasshopper release includes a set of user guides that are not unlike those issued by commercial software developers. While not the tools themselves, the documents provide a solid overview of how the tools function and what potential targets might want to look for in determining if their own systems have been subject to CIA attack.

As one document describes:

“Grasshopper is a software tool used to build custom installers for target computers running the Microsoft Windows operating system. An operator uses the Grasshopper builder to construct a custom installation executable.

The operator configures an installation executable to install one or more payloads using a variety of techniques. Each payload installer is built from individually configured components that implement part of the installation procedure.

The operator may designate that installation is contingent on the evaluation of the target environment. Target conditions are described using a custom rule language. The operator may configure the tool to output a log file during execution for later exfiltration.”

Grasshopper includes a variety of tools and techniques for a wide range of hacking functions, including methods for evading antivirus software. The WikiLeaks release also highlights a few of the organizations that use tools like Grasshopper, such as the Advanced Engineering Division (AED) that develops the CIA’s implant code and the Remote Development Branch (RDB) that develops remote implants.

What’s perhaps most fascinating about Grasshopper is its apparent focus on being easy to use. The tools do a lot of the work for agents, such as evaluating systems to make sure the target system has the right configuration for the chosen attack.

It’s likely that WikiLeaks will continue to release this kind of information. Whether or not it makes hackers’ jobs easier by giving them hints as to what kinds of tools are most effective remains an open question. But there’s no doubt that the most recent information makes the CIA’s job more difficult, including the fact that it holds the agency up to some ridicule for allowing the information to leak in the first place.

LastPass users, here’s what to expect in Android O

The company details what using LastPass will be like in Android’s next tasty iteration.

Do you use LastPass? And do you plan to use Android O on your device? In a lengthy blog post, LastPass detailed what to expect from the password manager now that Android will offer auto-fill capabilities across the entire operating system.

From its blog:

Here at LastPass, the hands-down, most-exciting part of Android O is Autofill APIs. Users running Android O will save tons of typing time and stay more organized thanks to Autofill APIs.

Autofill More than Passwords

Using LastPass on Android makes you more secure, but it also saves you time. You don’t have to spend time typing lengthy passwords in your browser or your favorite apps. Autofill APIs are going to let us save you even more time on your Android device, because we’ll be able to help you fill in more than just passwords. The Autofill Framework lets apps like LastPass recognize credit card forms and addresses as you come across them. If you’ve got that information stored in your vault, we’ll be able to safely fill it for you. 

As an example, let’s say you’re treating yourself to a new pair of headphones. You open the Amazon app, and to sign in, you’ll just tap on the screen to unlock LastPass and we’ll show you the matching sites in your vault. You find the right headphones, put them in your cart, and go to checkout. Do you want to ship them to work, or to the house? Tap again, and we’ll present you with the addresses you’ve stored in LastPass. Which credit card do you want to use? Tap again, choose your Amazon Visa, and voila, you’re two days away from new headphones. As long as they’re in LastPass, you’ll never have to type an address or a credit card number again.

Performance and Security Improvements

In addition to the time savings, we anticipate other performance improvements as well. Today, LastPass relies on Android’s accessibility features to identify password fields we can help you fill. The accessibility approach has two drawbacks which we believe Autofill will address: (1) it’s more processor-intensive, counteracting the time we want to save our users, and (2) it requires that users grant us extra permissions. The Autofill Framework is purpose-built to allow apps like LastPass to fill eligible forms on a user’s behalf, and nothing else. We believe strongly in user privacy and security, and we’re happy to see Google introduce this method for safer, more efficient browsing.

Overall, you’ll be able to choose LastPass’s virtual vault to store your passwords, credit card information, and oft-used addresses. The service will extend its abilities to the entire operating system, as per Android O’s autofill mechanism.

It’s unclear yet just how it will work on Android O, but it sounds like you’ll be able to choose LastPass as the default password manager, which is nice if you’re particularly invested in an account with the company. 1Password recently announced it would do the same.

Android O

• Everything new in Android O
• Should you put Android O on your phone?
• How to install the Android O Developer Preview
• Android O isn’t in the Android Beta Program yet
• Join the Discussion

Amazon Alexa finally lets you control the colour of lights with your voice

Amazon’s Alexa AI has long been able to control smart lights with via voice commands, but oddly, not their colour.

Although you could turn off or on all sorts of smart lamps from the likes of Philips Hue or LIFX and so many others, you were otherwise limited. Sure, some bulbs let you dim them too, but one of the most fun aspects of smart-home control has been the idea that you could change the colour of your lights and change the mood of your home in an instant. For some reason, however, Alexa didn’t allow this capability.

• What Philips Hue smart bulbs are there and which should you buy?
• Eight lighting tips for your home: An expert shares her design secrets

Technically, Amazon Echo devices did let you select pre-programmed “scenes” in order to change colour or to dim light. But now, thanks to an update that’s gone live, Amazon has unveiled an Alexa-specific control so that all you have to say is “Alexa, set the bedroom light to purple” or “Alexa, make the living room warmer” in order to make your smart lamps switch to purple or go warmer, respectively.

Alexa will remember up to 100 shades and colours, Amazon said, so you can say things like “cool white” or “purple”. And these voice commands work across the Hue line, TP-Link Kasa, and LIFX bulbs. With this new skill, Amazon has brought Alexa up to speed with Google Home, which could change smart lamp colours since launch. Check out our versus guide to see how else Echo and Google Home differs.

This Ford smart crib simulates actual car rides to lull your baby to sleep

What is it about car rides that make kids pass out?

Is it the gentle vibrations, the glow of lights, the hum of the engine, or the closed-in environment? Ford has been asking itself all these questions, apparently, because it just debuted a smart crib for infants that essentially mimics a car ride. Called Max Motor Dreams, the crib features LED lights and bottom-mounted speakers, which seem to simulate street lights and muffled engine sounds, respectively.

• New Ford Mustang offers 12-inch all-digital display, smartphone unlocking
• Ford wants its electric self-driving delivery vans to launch drones

Ford

It’ll subtly vibrate and rock to simulate the movements of riding in a backseat. And because it’s smart, it comes with an app that parents can use to track their car’s route and actually reproduce the sound and feeling of that drive for their baby. This is one high-tech bassinet. Unfortunately, Roadshow said that Ford has only built one, but if there’s enough interest, the automaker could enter full production.

Ford’s Spanish arm is holding a sweepstakes right now so that a lucky set of parents out there can get Max Motor Dreams for their little one. They just have to sign up to test drive one of Ford’s Max vehicles.

DJI’s next drone basically looks like a much smaller Mavic Pro, leak reveals

DJI is probably coming out with a new drone, and it’s super tiny

Leaked images of a new device, supposedly called the Spark, have appeared on Chinese DJI forums, though the site is now down. It appears to have the same foldable design of the Mavic Pro, only smaller. A video of the drone shows that it can be hand-held and has a vertical-tilting camera. Already there’s a lot of speculation floating about whether it’s a low-cost “selfie” drone or one meant for racing.

• Best drone photos ever: Stunning images taken from up high
• The best GoPro photos in the world, prepare to lose your breath

To be clear, it’s unknown if Spark will definitely have foldable arms, considering it’s so mini. We also don’t know anything about the controller and whether it comes with a companion app or not. There’s a lot of unknowns right now. DJI hasn’t even confirmed the Spark or that it is working on a new drone, of course, but it did recently trademark the name “Spark”. So, that’s something at least.

The Mavic Pro was DJI’s smallest drone when it released. We imagine the Spark will be available at a cheaper price point for those unwilling to drop $1,000 on a Mavic Pro. Check out Pocket-lint’s Best Drones guide to see what else the Spark may go up against.