2018 March 10 | AIVAnet

Mar

Hackers could seize robots with ransomware, costing companies millions

Security consultants IOActive recently created a proof-of-concept attack that uses ransomware to disrupt big corporations. The attack didn’t land on corporate PCs to encrypt files for ransom. Instead, the researchers attacked robots, which are vital in many markets such as automobile manufacturing, healthcare, and more. Disrupting these robot-powered environments can cost businesses money every second they are offline.

One attack vector relies on how robots deal with data. Although they typically include internal storage, most of the data handled by robots remains “in transit,” meaning robots receive data, process the data, and then send the data back to be stored at the source. That data could contain high-definition video, captured audio, payments received by customers, instructions on how to perform the current task, and so on.

“Instead of encrypting data, an attacker could target key robot software components to make the robot non-operational until the ransom is paid,” the researchers state.

To prove their theory, the researchers focused their attack on NAO, a highly used robot in the research and education fields with a roster of 10,000 units in active duty across the globe. It has “nearly the same” operating system and vulnerabilities as SoftBank’s Pepper, a business-oriented robot with a massive roster of 20,000 units deployed in 2,000 businesses. Even Sprint is using Pepper to assist customers in its retail stores.

The attack starts off by exploiting an undocumented function that allows anyone to remotely execute commands. After that, they could disable administration features, change the robot’s default functions, and route all video and audio feeds to a remote server on the internet. Others steps include elevating user privileges, disrupting the factory reset mechanism, and infect all behavior files. In other words, they can make the robot very unpleasant, even physically harmful.

By hijacking robots, hackers could interrupt service altogether, causing corporations to lose money with each passing moment. They could even force the robots to show explicit porn to customers, curse at customers during one-on-one interaction, or perform violent movements. The only way to reverse the behavior is to succumb to hackers because, ultimately, paying the ransom could be cheaper than repairs.

That scenario even applies to sex robots given the privacy and intimacy aspects. Users will likely shell out money to hackers rather than call technical support, deal with customer care, and arrange for someone to get the unit for “repairs.” At least sex robots don’t have any moving parts … or rather, not yet.

“They aren’t cheap,” the report states. “It’s not easy to factory reset them or fix software and hardware problems. Usually, when a robot malfunctions, you have to return it to the factory or employ a technician to fix it. Either way, you may wait weeks for its return to operational status.”

The researchers compare disrupting robots in corporate environments to halting cryptocurrency mining farms. Interrupt those PCs with ransomware and miners lose money every second those devices aren’t online digging for digital coins.

Editors’ Recommendations

Spirit animals: 9 revolutionary robots inspired by real-world creatures
Online supermarket Ocado’s humanoid robot is the factory worker of the future
Smart home tech is booming, but we’re far from the age of The Jetsons
Robotic 3D printer uses augmented reality to fabricate designs as they’re created
Pepper is everywhere in Japan, and nobody cares. Should we feel bad for robots?

Mar

Kickstarter Patron aims to generate larger pledges for creators

Kickstarter is piloting a program that will match up companies, organizations and institutions with projects that need more substantial funding, TechCrunch reports. It’s called Kickstarter Patrons and the nonprofit and for-profit groups selected to take part will be required to provide multiple pledges each worth $1,000 or more. Kickstarter will select the Patrons and direct them towards projects that align with their interests. “While the program is simple, the opportunity to help independent creators hit their funding goals while building relationships with major institutions that can continue to follow and support their career is profound,” Kickstarter said.

This program comes a few months after Kickstarter relaunched Drip, its Patreon-like subscription crowdfunding platform. At launch, two groups are on board — American Documentary (AmDoc) and Pinewood Atlanta Studios. Both have Patron profiles on Kickstarter and AmDoc’s says it has $100,000 to put towards creator projects while Pinewood Atlanta Studios has $10,000.

AmDoc, a nonprofit, is working with the John S. and James L. Knight Foundation to provide funding and is looking to support projects from creators in the 26 communities the Knight Foundation regularly supports. Pinewood Atlanta Studios has a 700-acre studio facility in Georgia and its Patron fund will require projects to include at least one woman filmmaker living in Georgia.

Kickstarter will pilot the program over the next year.

Via: TechCrunch

Source: Kickstarter

Mar

Xiaomi is beating Samsung at its own game

Xiaomi is leveraging Samsung’s business model and adding a few unique touches of its own to get ahead in India.

xiaomi-mi-6-review-7.jpg?itok=y16-5eJf

At the end of last year, Xiaomi did what no other manufacturer has managed to do in India over the last six years: overtake Samsung to become the number one smartphone company in the country. It was a momentous occasion for the Chinese manufacturer, particularly more so considering Xiaomi started selling phones just three years ago.

Xiaomi started off slowly in India, and the company’s fortunes took a turn for the worse in 2016 as it lost ground to offline vendors like OPPO and Vivo. It undertook a course correction early last year where it started emulating Samsung’s business model, and in doing so managed to swiftly rise up the ranks. Here’s how Xiaomi became the largest smartphone brand in India.

Dominating the phone segment

xiaomi-redmi-note-5-pro-20.jpg?itok=EHd5

At any given time, Samsung has over ten models on sale in the budget segment. The company’s ability to flood the market with devices with minute variances between models allowed it to amass tens of millions of sales, and that’s the route Xiaomi is taking now.

Over the course of the last six months, we’ve seen the launch of the Android One-based Mi A1, the selfie-focused Redmi Y1 and Y1 Lite, the entry-level Redmi 5A, the Redmi Note 5 and the Redmi Note 5 Pro.

It doesn’t look like Xiaomi is taking its foot off the gas anytime soon, as we’re going to see the Redmi 5 later this month. Then there’s the Mi Mix 2S, which is slated for a global debut on March 27. The phone is likely to make its way to India as Xiaomi bolsters its efforts in the premium segment.

Xiaomi is flooding the market with phones, and the move is paying off.

As for the Redmi Note 5, the device is identical to its predecessor when it comes to the internal hardware, with the major change being the 18:9 panel at the front. The iterative model was used by Samsung to great effect over the course of the last four years in India, leading to a wave of models in the Galaxy J series that had little in the way of differentiation from their predecessors.

In spite of that, Samsung managed to sell tens of millions of Galaxy J phones — for years, the Galaxy J series was the South Korean manufacturer’s bestseller in India. Xiaomi’s now undertaking a similar route, but with a key difference: the Redmi Note phones are desirable, and not put together from parts in the leftover bin.

The Redmi Note 4, for instance, led the field last year in terms of value for money, and by pricing the Redmi Note 5 even lower, Xiaomi is ensuring that there’s a similar option available to those looking to pick up a budget phone for under ₹10,000 this year.

Meanwhile, Samsung is also sticking to its iterative model with its budget portfolio. The On7 Prime is the challenger to the Redmi Note 5, with the phone retailing for ₹12,999 on Amazon India. Although Samsung launched the phone two months ago, the specs are virtually unchanged from 2016, when the device was called the Galaxy J7 Prime. Samsung also launched an online-only variant of the same device dubbed the Galaxy On Nxt.

The On7 Prime comes with a 5.5-inch Full HD panel, Exynos 7870 chipset with eight Cortex A53 cores at 1.6GHz, 13MP rear camera, 64GB of internal storage, and a 3300mAh battery. What’s new for 2018 is a 13MP front shooter, 4GB of RAM, and a Samsung Mall feature that collates listings from several e-commerce stores in one location.

The J7 Prime wasn’t the fastest phone in the budget segment back when it launched in 2016, and the On7 Prime inherits all of its fallacies. The design is outdated, the phone is missing basics like the ambient light sensor and the gyroscope, and the TFT display is lackluster.

With the On7 Prime retailing for ₹1,000 more than the Redmi Note 5, it’s easy to see why Samsung is losing ground to Xiaomi in the budget segment.

But it’s not all smooth sailing

xiaomi-redmi-note-5-vs-redmi-note-5-pro-

For all of its momentum in India, Xiaomi is found to be lacking in a key ares: availability. The brand continues to sell phones via the flash sales model, meaning a majority of customers that have registered interest will not be able to get their hands on the device.

For instance, the first sale of the Redmi Note 5 Pro saw over 2 million registrations, but there were only 300,000 units on sale. Those were sold out in a matter of minutes, and subsequent sales have ended in a similar fashion. Xiaomi has stated that it will increase availability and make the phone available at offline markets, but it’s clear that there’s a lot of work to be done in this area.

Having a product that’s desired by millions is one thing; making sure it gets its way to those customers is an entirely different ball game, and Xiaomi needs to work doubly hard to ensure it can compete at this level.

Increasing local manufacturing efforts

xiaomi-redmi-note-5-hero.jpg?itok=mWVwXD

Another area where Xiaomi has focused on over the last two years is local manufacturing. With the Indian government levying taxes on phones being imported into the country, the onus is now on companies to set up local factories to effectively compete.

Xiaomi already has two factories in India, and all of its Redmi phones are assembled locally. The manufacturer is working on a third facility to increase production of phones, and has also invested in a standalone factory that produces powerbanks.

Samsung was the first to seriously consider local manufacturer, with the brand selling locally-made phones for some time now. Doing so gives it a distinct edge when it comes to pricing — the Galaxy S9+ has launched at the same price as last year’s Galaxy S8 at ₹57,900 ($890), or ₹32,000 ($500) less than the starting price of the iPhone X.

By focusing on local production, Xiaomi is making sure it maintains that advantage when it comes to pricing.

Venturing into new categories

xiaomi-mi-tv-4-3.jpg?itok=zHC_KJAR

Xiaomi is also diversifying its portfolio with the launch of the Mi TV series in India. Long-time Xiaomi fans have been waiting for the TV series to launch in India for several years now, and for good reason. The 55-inch Mi TV 4 with a 10-bit 4K panel and HDR10 costs a mere ₹39,999, significantly lower than the likes of Samsung, Sony, and LG.

For what it’s worth, Xiaomi isn’t targeting premium OLED TVs with its offerings. It is instead going after the likes of Vu, Micromax, and other budget players. That’s a smart move as Xiaomi’s TVs have better build quality and a recommendation engine that’s par none.

Paving the way for more products

xaiomi-mi-robot-2017-review-16.jpg?itok=

If the launch of Xiaomi’s latest Mi Home store in Chennai is any indication, the manufacturer is getting ready to bring its lifestyle products to India this year. The Mi Air Purifier was rolled out in the country last year, but Xiaomi sells a wide variety of smart home products in China, and like its phones, its lifestyle products offer a dizzying array of features at affordable prices.

With the introduction of the TV series and the upcoming arrival of the Mi Ecosystem products, Xiaomi is gearing up for a challenge across a variety of new categories. The brand has been heavily rumored for an IPO sometime later this year, so it stands to reason that it will look to increase its market share in as many areas as possible before going public.

Only time will tell whether Xiaomi can scale its efforts to compete effectively in the categories it is looking to make a foray into. If it’s anything like the phone segment, it shouldn’t have any issues.

Mar

‘Overwatch’ pro suspended for ‘racially disparaging’ emote

In January, Dallas Fuel pro Felix “xQc” Lengyel drew a suspension for violating the Overwatch League’s Code of Conduct while streaming for using an anti-gay slur, and now he has been suspended again. The League announced that this four-game suspension is because Lengyel “repeatedly used an emote in a racially disparaging manner on the league’s stream and on social media,” and used “disparaging language” toward casters and other players on his stream and social media.

Malik Forte and Xavier Woods

Lyngel posted a “Trihard” emote (it is the face of Mychal “Trihex” Jefferson, a black man who streams on Twitch) while League host Malik Forté was on screen. He claimed it was an accident. During his last suspension, the Fuel extended it and said they would devote additional support to help him reflect the team’s principles. This time the team has been quiet, but last night it also announced the signing of tank main (the position played by xQc) Son “OGE” Min-Seok.

Other players disciplined by the League include another Fuel tank player, Timo “Taimou” Kettunen who reportedly used anti-gay slurs during a personal stream and was fined $1,000. He apologized on Twitter, and said “I am sorry to the fans and supporters I let down and offended recently. I listen and read all the comments and I am utmost disappointed in myself that I said those things and all I can do is apologize and move forward.”

Houston Outlaws coach Tae-yeong “TaiRong” Kim received a formal warning due to posting an offensive meme that joked about the 1945 bombings of Hiroshima and Nagasaki. He also apologized and made a donation to the Hiroshima Peace Culture Foundation. Finally, LA Valiant player Ted “Silkthread” Wang, received a $1,000 fine for violating the Blizzard TOS regarding account sharing.

As Blizzard attempts to expand its eSports influence it is increasingly facing questions about dealing with player conduct, however, the internet’s focus is on pro gamers to an even higher degree than athletes in other sports, and in new ways. While we’ve seen leagues like the NBA fine or suspend players for using slurs or getting into trouble off the field, they don’t usually have to dig into emote usage and chat logs to make a determination about how to handle things. The connectedness of viewers is a factor also — during tonight’s Twitch stream of league play, the same “Trihard” meme has been spammed in the chat almost constantly.

Overwatch League:

It is unacceptable for members of the Overwatch League to use or distribute hateful, racist, or discriminatory speech or memes. It is important for all members to be aware of the impact their speech may have on others. The overwhelming majority of Overwatch League players and staff are taking full advantage of the opportunity to play in the first major global, city-based esports league, and are rising to meet the occasion as the public figures that they are. We are committed to building a community around the Overwatch League that is welcoming and inclusive for all players and fans, and we hope that these disciplinary actions demonstrate our seriousness in that endeavor.

Source: Overwatch League

Mar

Throwing some fish around the market [#acpodcast]

Andrew Martonik and Alex Dobie ditch the rest of the crew and recover after a busy week of fish mongering and phone testing in Seattle. They talk all about the Samsung Galaxy S9, and the hot features coming in Android P. They also have the scoop on OnePlus 6, which includes a now familiar notch and glass back.

Listen now

Subscribe in iTunes: Audio
Subscribe in RSS: Audio
Download directly: Audio

Show Notes and Links:

Samsung Galaxy S9 review
Samsung Galaxy S9+ video review
Samsung Galaxy S9: Everything you need to know
Android P: Top 6 things you need to know!
Android P will officially be released during Q3 2018
Google announces Android P Developer Preview, full images available for Pixel phones now
Exclusive: OnePlus 6 has 19:9 notched display, Snapdragon 845, top benchmarks
OnePlus 6 supposedly leaks with iPhone X notch and glass back

Sponsors:

Thrifter.com: All the best deals from Amazon, Best Buy, and more, fussily curated and constantly updated.
GameStash: Hundreds of awesome games on your Android phone. Try it free for 14 days!

Mar

Microsoft Pix can add business card info to your contacts

Microsoft’s AI-powered camera app Pix just got a new feature. Now you can use it to upload all of the information on a business card into your iPhone Contacts as well as check out the person’s LinkedIn account. All you have to do is open Pix and point your phone’s camera at the business card. Pix will automatically recognize that it’s a business card and ask you if you want to take action. If you do, you then have the option to add the information on the card to your contacts and find the person on LinkedIn. If you’re signed into the LinkedIn app, tapping the “Find on LinkedIn” button will take you to their profile, where you can then add them to your connections.

Last year, Microsoft introduced new Pix features that optimized camera settings for pictures taken of whiteboards, documents and business cards. And Microsoft has been integrating LinkedIn into its other products since purchasing the company in 2016. In October, Microsoft integrated LinkedIn with Outlook.com, bringing your contacts’ LinkedIn profile information into your inbox, and last month, the company released its LinkedIn-powered Resume Assistant for Office 365 subscribers.

“Pix is powered by AI to streamline and enhance the experience of taking a picture with a series of intelligent actions: recognizing the subject of a photo, inferring users’ intent and capturing the best quality picture,” Josh Weisberg, a Microsoft Research principal program manager, said in a statement. “It’s the combination of both understanding and intelligently acting on a users’ intent that sets Pix apart. Today’s update works with LinkedIn to add yet another intelligent dimension to Pix’s capabilities.”

Source: Microsoft

Mar

Cryptojacking turns your PC into a Bitcoin mine, but you won’t see a cent

(in)Secure is a weekly column that dives into the rapidly escalating topic of cyber security.

Cryptocurrency has fought for its reputation ever since its creation. Bitcoin fans have always had to defend against accusations that it’s only purpose is for illicit activities — that it’s a currency for criminals. Bill Gates even argued it has caused death in his recent Reddit AMA.

Now, cryptocurrency has yet another problem to deal with: cryptojacking. It’s the act of hacking a computer for use in cryptocurrency mining, usually without the owner knowing about it. It’s the newest evolution of malware — and it looks set to spread like wildfire.

A brave, new world

In February, Salon announced a new crowdfunding campaign that caught headlines across the internet. You can donate your computing power through cloud mining to help support the publication. It doesn’t require the installation of software, or even setting up an account.

Thousands of legitimate websites, even some government institutions, have been cryptojacked.

Just like that, an alternative to paid subscriptions and ad-based revenue has appeared. Cloud mining was already catching on, and now it’s finding new, interesting use cases.

Also in February, security researcher Scott Helme published his findings on the dark side of the technology. Without getting consent from either the owner of the website or visitors, cryptocurrency scripts can be hacked into websites, which then hack visitor’s CPU power. That’s cryptojacking.

The past year has witnessed several large-scale attacks on websites like the LA Times, Tesla, and Politifact, but recently the trend has escalated in an even more startling way. Research shows that thousands of legitimate websites, including some that belong to government institutions, have been cryptojacked.

How? Helme puts it this way: “If you want to load a cryptominer on 1,000+ websites, you don’t attack 1,000+ websites, you attack the one website that they all load content from.” In one case, an assistive technology called Text Help was compromised. Any website that used it then cryptojacked visitors, without either the website owners or visitors having a clue.

Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… ???? pic.twitter.com/xQhspR7A2f

— Scott Helme (@Scott_Helme) February 11, 2018

Another recent report claims 50,000 websites already have crypto-mining malware ready to steal your computer’s power without your knowledge. Seven thousand websites have been discovered to contain this strain of cryptojacking on the WordPress platform alone.

Both Salon and the hackers behind recent attacks use the same tool — a JavaScript miner called CoinHive. It can be embedded on a webpage and functions in the visitor’s browser window. Hackers have taken the script and implemented it to immediately force visitors to donate their CPU power toward mining Monero coins, or XMR. (What’s that, you ask? Read our guide to the best Bitcoin alternatives).

The internet could become one big, illicit crypto-mining operation.

That wasn’t CoinHive’s intent. Instead, its developers “dream about it as an alternative to micro payments, artificial wait time in online games, intrusive ads, and dubious marketing tactics.” It’s a rather clever idea, really. The average PC is much more powerful than needed to browse the web, so why not use a bit of that performance to pay for content? The creators of CoinHive told Motherboard recently that “their reputation couldn’t be worse,” lamenting that they didn’t see the potential of cryptojacking at the time.

To be clear, cryptojacking isn’t an easy way for hackers to get rich. If a site has 10–20 active miners all day, CoinHive claims “you can expect a monthly revenue of about 0.3 XMR (~$86).” It’s relatively easy for hackers to implement, however, and the anonymous nature of cryptocurrency makes the payoff hard to trace. Consider it low reward, but very low risk. So long as cryptocurrencies keep rising in value, cryptomining — and its dark side, cryptojacking — will continue to spread.

This is only the beginning

It’s not hard to imagine cryptojacking’s future. Today, ads are everywhere you look on the internet, and off. Ads appear everywhere from YouTube to free software. Cloud cryptomining could provide an alternative, letting you “donate” some processor power for free web content or software.

We could also see a future where cryptojacking is constantly in the news — and in much greater potency. The internet could become one big illicit crypto-mining operation, and the fight against that won’t be easy. Hackers will find efficient and more subtle ways of secretly contorting innocent CPUs to make a quick buck. Right now, it’s not yet possible to mine cryptocurrency in-browser using a visitor’s GPU, which would provide much more substantial hashing power. Such a thing can’t be too far away.

And it doesn’t stop with in-browser mining.

Imagine the way adware works today. You’re installing a piece of software, and you quickly click through a few checkboxes to complete the installation. Without being fully aware of it, you’ve installed a piece of software that generates revenue for a company by inserting ads into your browser. Because it’s invisible, cryptojacking malware tougher to deal with. You might not even notice it quietly humming along in the background as it slows your computer and fills someone’s crypto-wallet.

This is certain to happen in a future where cryptocurrency cements its position as an online currency. It’ll give developers and website owners a new way to make legitimate cash from their work — and profit-driven hackers another potent tool in their toolbox.