Author: Andy Miller

Leaving Your Job? Don’t Take Personal Data With You Warns ICO

Posted on by Andy Miller

The Information Commissioner’s Office (ICO) has warned those retiring or taking a new job that under the Data Protection Act 2018, employees can face regulatory action if they are found to have retained information collected as part of their previous employment.

Old Investigation

The renewed warning was issued following the regulator concluding its dealings in an old investigation of two (former) police officers interviewed (by the media) about an historic case they’d worked on as serving officers involving an MP, and had been accused of disclosing details about the case to the media.

In this case, the investigation appears to have related to police handling of personal data such as notebooks and the fact that measures need to be put in place to ensure that these are not retained when officers leave the service.

The ICO investigation, brought about under the previous Data Protection Act 1998 legislation (because the alleged disclosure occurred before the DPA 2018 and GDPR’s introduction) may have resulted in no enforcement action being taken against the two officers, but prompted the ICO to issue a reminder that data protection laws have been toughened in this area.

“Knowingly or Recklessly Retaining Personal Data”

The warning in the ICO’s recent statement is that the Data Protection Act 1998 has since been strengthened through the Data Protection Act 2018, to include a new element of knowingly or recklessly retaining personal data without the consent of the data controller (see section 170 of the DPA 2018).

The only exceptions to this new part of the new Act are when it is necessary for the purposes of preventing or detecting crime, is required or authorised by an enactment, by a rule of law or by the order of a court or tribunal, or whether it is justified as being in the public interest.

Retiring or Taking a New Job

The ICO has warned that anyone who deals with the personal details of others in the course of their work, private or public sector, should take note of this update to the law, especially when employees are retiring or taking on a new job. Those leaving or retiring should also take note that they will be held responsible if the breach of personal data from their previous employer can be traced to their individual actions.

Examples

Examples of where the ICO has prosecuted for this type of breach of the law include a charity worker who, without the knowledge of the data controller, Rochdale Connections Trust, sent emails from his work email account (in February 2017) containing sensitive personal information of 183 people.  Also, a former Council schools admission department apprentice was found guilty of screen-shotting a spreadsheet that contained information about children and eligibility for free school meals and then sending it to a parent via Snapchat.

What Does This Mean For Your Business?

This latest statement from the ICO should remind all businesses and organisations, whether in the private or public sectors, that reasonable measures or procedures need to be put in place to ensure that anyone retiring or leaving for another job cannot take personal details with them that should be under the care of the data controller i.e. you and your company/organisation.

Failure to take this facet of current data law into account could result in fines from the regulator for those individuals responsible, potential legal action from the victims of any breach against your organisation, some bad and potentially damaging publicity, and costly and long-lasting damage to reputation.

Tech Tip – WiFiAnalyzer

Posted on by Andy Miller

If you’d like to optimise your Wi-Fi signal by being able to quickly analyse Wi-Fi networks directly from your Android device, measure signal strength and identify crowded channels, Wi-Fi Analyzer may be the app for you.

This open-source, free app, which has no-adverts and claims not to collect any personal information, uses as few permissions as possible to perform the analysis and does not require access to the Internet.

WiFiAnalyzer is available from the Google Play store.

Student Textbooks Malware Threat

Posted on by Andy Miller

Kaspersky’s blog is warning students who are about to go back after the summer holidays to beware of the risk of malware that’s masked as textbooks and essays online.

Students Targeted

According to Kaspersky, K-12 and college students who may want to save money on textbooks by seeking online essays and study materials may end up unwittingly downloading malware instead.

A study by the security company of school and student-related filenames over the past academic year has revealed that out of 356,000 attempted attacks on Kaspersky users, 233,000 cases involved malicious essays that were downloaded to computers owned by more than 74,000 people (which the company claims its software blocked).

Kaspersky’s figures indicate that 122,000 of those attacks were by malware disguised as textbooks which more than 30,000 users tried to open.

Targeted Popular and Less Popular Subjects

The study revealed that cybercriminals haven’t just been focusing on popular subjects for attacks. For example, even though English textbooks hiding malware had 2,080 attempted downloads and maths textbooks hiding malware had 1,213 downloads, malicious textbooks for natural sciences also manage to fool 18 users.

The Four Most Popular Types of Malware

Kaspersky lists the four most popular types of Malware attacks disguised as online study materials as:

1. School spamming using the Stalk worm

This has claimed the greatest number of victims and is the preferred method by which the Worm.Win32 Stalk.a worm is spread.  Once downloaded to a school computer Stalk penetrates all devices that are connected to it, will infect USB sticks used by students, will spread across the whole network, can spread to the email contacts of students, and can download other malicious applications to the infected device

2. Win32.Agent.ifdx malware downloader

This downloader program is disguised as textbooks or essays in DOC, DOCX or PDF formats. Once launched it opens a text file so that the victim does not realise that anything suspicious is going on, but it is designed to download many other bad things onto the victim’s computer which can be modified to become cryptominers, banking trojans (to steal; bank details) and ransomware.

3. The WinLNK.Agent.gen downloader

WinLNK.Agent.gen downloader is hidden in archives e.g. zip or rar files and uses a shortcut to a text file to open the document itself and launch the attached malware components. This can result in cryptominers, adware, and more damaging programs being loaded onto and slowing down the victim’s computer.

4. The MediaGet torrent application downloader

This is disguised by ‘Free Download’ buttons and will download a torrent client that the user does not need.

What Does This Mean For Your Business?

Colleges and schools are known to be popular targets for cybercriminals because they have large numbers of users spread across many different departments, and sometimes across different facilities, making admin and IT security very complicated.  Also, valuable intellectual property, student and staff personal data, and the chance to use the processing power of many computers within their systems can make schools and colleges tempting targets for cybercriminals.

Part of the prevention of the kinds of attacks identified by Kaspersky can be achieved by educating students (and staff) about threats, and how to spot them and deal with them, as well as making sure that antivirus protection and patches are all up to date across school and college systems.

Kaspersky’s advice to students for avoiding the malware threat includes searching for in books you need in physical or online libraries, paying attention to what type of site is hosting the textbook download, not using outdated versions of operating systems and other software, being wary of email attachments (even those sent from acquaintances), and paying attention to the download file extensions e.g. don’t open .exe files.

iPhone Attack Lasting More Than 2 Years Discovered

Posted on by Andy Miller

A Google security researcher has discovered a sustained and indiscriminate hacking attack on iPhones that is believed to have been going on for more than two years.

Google Project Zero

Details of the attack are outlined on Google’s ‘Project Zero’ blog (https://googleprojectzero.blogspot.com) by security researcher Ian Beer.

Using Hacked Websites For The Attack

On the blog, Mr Beer highlights how Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites that were being used in indiscriminate ‘watering hole’ attacks against their visitors, using iPhone 0-day.  Watering hole attacks are where the browsing patterns of particular groups are observed in order to lay a trap e.g. hack a website that the particular group visits and 0-day vulnerabilities in software are those that are either unknown or known and not patched.

Mr Beer’s TAG team noted that there has been no target discrimination for the attack but a simple visit to a hacked website appears to be enough for the exploit server to attack a person’s device, leading to the installation of a monitoring implant.

How Many iPhone Users Have Been Affected?

Mr Beer’s team estimate that the hacked websites receive thousands of visitors per week.  Also, given that the hack has been operating for more than two years, and that TAG was able to identify five separate, complete and unique iPhone exploit chains that cover almost every version from iOS 10 through to the latest version of iOS 12, large numbers of iPhone users could potentially be affected.

12 Security Flaws

Mr Beer’s team identified 12 separate security flaws (mostly bugs within the Safari default web browser on Apple products) that could be used to compromise the Apple devices.

Reported To Apple – Patch Released

The TAG researchers reported the issues to Apple with a 7-day deadline on 1 February 2019 and shared the complete details of the research with Apple.  This led to the release of the security update iOS 12.1.4 on 7 Feb 2019.

What Does This Mean For Your Business?

It is worrying to think that this kind of hack has been going on for years before it was discovered, and owners of Apple devices may be particularly surprised given the security features of their phones and Apple’s reputation for offering relative safety from concerns about viruses and hacking.

If you have an iPhone, the advice is to make sure that it is running the latest version of iOS. Go to ‘Settings’, tap ‘General’, and under ‘Software Update’ check that you are be running iOS 12.4.1. which has the fix.

Tesla Owners Locked Out

Posted on by Andy Miller

Some Tesla Model 3 car owners found themselves decidedly locked out in the cold due to a vital Phone Key app being down for maintenance.

Labor Day Dismay

On US Labor Day, some owners of Tesla Model 3 cars who tried to use their Phone Key app, the smartphone app that will open a Model 3 without the owner having to take the phone out of their pocket, found themselves locked out when the app didn’t work, and they hadn’t brought a physical key fob/card with them.

Net Fret

Some of the immobilized owners took to social media platforms to highlight their plight, voice their frustration and seek information.  For example, some Tesla owners on Twitter claimed to have been locked out of their cars for up to four hours whereas others reported being stranded at Supercharger stations and plugged in longer than was necessary.

No App Trapped

The reasons why some owners of Tesla Model 3 cars were locked out appears to be the fact that they had logged out of their app, may not have been able to get a phone signal, and that the app was undergoing maintenance at the other end.

Under normal circumstances, the Phone Key should be able to operate on Bluetooth Low Energy frequencies rather than a network connection in order to communicate with the Model 3 vehicle.

Pain Again

This is not the first time that Tesla owners have experienced a lack of mobility due to being locked out by apps.  Back in 2018, after media control unit replacements and a problem with digital certificate transferral, some owners found themselves in the same frustrating situation of being temporarily refused entry to their own cars.

Not Hard If You Bring Your Card

The Tesla Manual states that the Model 3 comes with two physical key cards for entry and operation that can be used when a phone is not accessible, out of battery, or if someone else needs temporary access to the Model 3 e.g. a valet. Those owners who were temporarily stranded by the app failure appear not to have brought either of their key cards with them.

Electric Blues

All this comes at a time when Tesla is facing competition from the likes of Harley-Davidson which has just announced that it’s taking pre-orders for its first all-electric motorcycle, the LiveWire.  The LiveWire can cover 110 miles on a single charge and can go from zero to 60 in just 3.5 seconds.

What Does This Mean For Your Business?

This is clearly an embarrassing incident for a company that has a technological focus for its vehicles, and where the price reflects the early-curve electronic vehicle development – Model 3s starting at around £37,000.

This story is also an example of the potential dangers of relying too much on technology and apps to run every aspect of our lives going forward.  Even though Tesla does provide physical key cards that could have helped those stranded drivers, human error (not reading the manual and / or forgetting to bring one) played a part, as it often does, in errors involving the human and technology combination.  Also, the use of interconnected technologies i.e. the reliance upon some kind of Internet/Bluetooth connection to enable the app to work correctly shows how today’s newest smart services still have a heavy reliance upon the existing communications infrastructure.

BBC to Launch Own ‘Beeb’ Digital Voice Assistant Next Year

Posted on by Andy Miller

The BBC has announced that it will be launching its own digital voice assistant ‘Beeb’ next year to work on all smart speakers, TVs, and mobile devices.

Accents

The new digital (AI) voice assistant, which is being developed by an in-house team, will be trained to have a good understanding of the many different UK regional accents.  This has meant that BBC staff from around the UK have been invited to record their voices to help train the programme.

Competing?

Even though the BBC has not said that ‘Beeb’ will be sold with its own hardware device (smart speaker), as an AI digital voice assistant it will essentially be in broad competition with Amazon, Google and Apple, all of which have already been in the market for some time with their own voice assistants.

That said, in addition to not being released in a bundle with a home smart speakers to compete on the shelves with other general smart speakers, Beeb is different because it has been designed, rather like the iPlayer, as a means to provide easier access to the BBC’s own content, programmes and services.  It is thought that ‘Beeb’, being a BBC product that’s specifically designed with the purpose of accessing BBC content, will mean that it is trusted and used by BBC customers.

Voice-Activated Future

As a public services broadcaster, the BBC sees ‘Beeb’ as an important step to keep up with the times in what it describes as a “voice-enabled future”.  For example, 20% of British households already use voice assistants (Guardian).

Criticism

Some critics have pointed out that having a single syllable word such as ‘Beeb’ as the wake-word could lead to mistakes being made by the assistant, but the BBC says that ‘Beeb’ is still just a working title.

No More BBC on TuneIn

From the end of September, the BBC’s radio stations will no longer be available through the TuneIn radio app (as used by Alexa) because it has been reported that Amazon will not share information about listeners of BBC stations.

What Does This Mean For Your Business?

The new digital voice assistant is a way in which the BBC can give its customers a more convenient and modern way to access its content, in the same way that some competitors are using  Netflix uses Amazon voice controls on Fire TVs, and at a time when people are used to using other voice assistants. Also, Beeb is a part of the BBC’s move to push users towards its own products, and crucially, to find out more information about its users.  This has been shown, for example, by the need to sign-up to view programmes on iPlayer, and by the impending removal of BBC stations from TuneIn app over a lack of information-sharing.  The BBC’s own digital assistant will mean that it can have information-gathering systems built-in.  This, in turn, helps the BBC to better target its services and to compete more effectively in the wider marketplace, while at the same time, help it to improve and add value to its public service broadcasting.

London Gets 10 Million New Landline Numbers

Posted on by Andy Miller

Telecoms regulator Ofcom has announced the introduction of 10 million new 0204 landline numbers for London in a move to keep up with a growing demand fuelled by Broadband connections.

Running Out

There are only 500,000 of the 30 million (020)3, (020)7 and (020)8 numbers left to be handed out and Ofcom says that these remaining numbers are being allocated at a rate of 30,000 each week!

Broadband

In addition to the fact that numbers from the existing groups will be used up within the year, the new numbers have been created to help feed demand for fixed-line broadband.

For example, an ISPreview survey from last year showed that only 14.5% of respondents still used a landline phone service for making most of their calls and 67.2% said they’d get rid of it if the service if it wasn’t still needed by ISPs for home broadband.

It is still very difficult in the UK to avoid paying for line rental as part of a broadband service. This is because most broadband connections are ADSL which requires the use of Openreach phone lines to transmit data.

Full fibre broadband, however, does not require a phone line but it is not widely available, and some providers will still ask you to take a landline as part of the package.

Data Usage

Landlines have been used more in recent times for data.  For example, Ofcom figures show that in 2018, the average household used 240GB of data through fixed broadband, compared to 23GB in 2012.

Landline Calls In Decline

Even though landline calls are in decline, Ofcom says that UK customers still spend 44 billion minutes making landline calls every year.

Growth

Allocating new numbers for London is not new.  For example, the 01 code for London, which lasted from 1958 to 1990 was replaced by 071 (inner London) and 081 (outer), which then became 0171 and 0181 five years later.  In 2000 the inner and outer codes for London were replaced by the number 020 for both.

What Does This Mean For Your Business?

London is the commercial centre, as well as the capital of the UK and its continuous growth coupled with the advance of communications technology, has necessitated the addition of several different codes over the years.  With the current speed of allocation of the existing number business and households need news codes soon, and the first blocks of ‘(020) 4’ numbers will be allocated to telecoms providers in the autumn, after which the new numbers will be issued to other customers by the end of next year.

Tech Tip – Office Lens

Posted on by Andy Miller

If you would like a handy way to make copies of work documents for future reference, the Office Lens app lets you turn your smartphone into a whiteboard and document scanner.

The Office Lens app means that you never need to lose a receipt or important document or lose any of the ideas sketched onto a whiteboard at meetings or courses.  Snap a picture of your chosen document with the app and Office Lens allows you to save the output as images, PDFs or Word documents, and save to OneNote, OneDrive, or to your local device.

Office Lens is available from the Google Play store.

Four-Year Lifespan For Self-Driving Cars

Posted on by Andy Miller

As large car manufacturers seek to reinvent themselves as ‘mobility companies’ in an effort to compete for global leadership in the growing autonomous driving sector, a Ford Executive has predicted that self-driving cars will only last four years.

Only Four Years?

The prediction of four-year lifespan for self-driving cars came from John Rich, the operations chief of Ford Autonomous Vehicles, in a recent interview with the Telegraph.

Why Four Years?

The idea that a driverless car will only last four years stems from the fact that these cars will be part of fleets that have continuous use and will, therefore, wear out more quickly.  Even though this may appear to indicate that car companies could make more money by selling new car replacements after only four years, this is not necessarily so because car manufacturers appear to envisage a future where they will become fleet operators that sell us fewer cars.

Mobility Company

Mr Rich’s prediction fits in with the idea that traditional car manufacturers such as Ford and Toyota say that they’re aiming to become ‘mobility companies’ that operate fleets of autonomous/driverless vehicles for other companies to use.  This could include the car manufacturers hiring the fleets out themselves, supplying the fleets for other companies to hire out, and getting involved in ventures with other operators.  For example, Toyota and Chinese autonomous driving company Pony.ai have recently teamed up in a US$600 million joint venture to explore mobility services and to help Toyota to become a major mobility company in China. Also, Pittsburgh start-up Argo AI is reported to be developing driverless cars for Ford and is testing the technology in five cities in the US.

The move by Ford and other manufacturers towards becoming mobility companies with autonomous fleets will see them compete directly with operators such as Uber.

Decline In Private Ownership

The prediction and vision from market analysts is that there will be a decline in private car ownership and the costs associated with that as consumers will prefer to use the widely available fleets of autonomous vehicles operated by the new mobility companies.

What Does This Mean For Your Business?

Traditional car manufacturers appear to see their future as mobility companies in a world where they and other businesses operate fleet services of widely available autonomous vehicles to business and individual users who will no longer need to own a car themselves. This is all part of today’s car manufacturers trying to get significant peace of global (in the developed world) market for autonomous transport.  If this future vision plays out as the car manufacturers and analysts predict, this will have a dramatic effect on businesses and markets along the car supply chain as well as the private hire and public transport markets.

No Leather, Jeans, Hard Surfaces, Other Cards or Magnets – Warning for Apple Card

Posted on by Andy Miller

Just as the new ‘Apple Card’ is launched in the US, Apple has listed several surfaces and materials that could damage and discolour the coated titanium card – including denim and leather.

Apple Card

The newly launched (in the US) no fees, instant cash-back Apple Card is a partnership between Apple and Goldman Sachs with processing by Mastercard.  The Apple Card is operated through the Wallet app on iPhone (iPhone 6 and later) and is accompanied by a physical laser-etched card, made of coated titanium and with no card number, no CVV security code, and no expiration date or signature on it.

Soft Materials Are Best

Unfortunately for Apple, just as the Card’s online blurb was unveiled to the world some of the media’s attention was diverted to Apple’s advice about how to “safely” store and carry the card rather than to its security features.

Some online commentators couldn’t fail to notice that for a sleek looking, titanium card, it appears to be vulnerable to damage and discolouration from some of the ways that customers may expect to carry and store a normal plastic credit card.

For example, according to Apple’s own card-care advice, the Apple Card may be vulnerable to discolouration and damage from:

  • Storing the card in the card in a slot in a wallet or billfold touching another credit card.
  • Coming into contact with fabrics, like leather and denim, which may cause permanent discolouration that will not wash off.
  • Placing the card in a pocket or bag that contains loose change, keys, or other potentially abrasive objects.
  • Placing the Apple Card near magnets (which could de-magnetize the strip).

The Coating

Apple says on its website that it is the multi-layered coating on the card that gives the card its white finish that could be damaged or discoloured, and not the titanium card beneath.  Although titanium is a very reactive metal, it is known for its strength and its corrosion resistance in oxidising acid environments.

What Does This Mean For Your Business?

Some commentators see this as a gaffe by Apple as the launch of something that sees Apple make a major move into services has been slightly tarnished itself by what appears to be either a problem with the coating of the Apple Card, or Apple giving out a bit too much information about the care of the card, or a bit of both.

Expecting customers to keep the Apple Card in its own separate bag made of only soft materials may be a little unrealistic and impractical, and it remains to be seen how the card fares in the real world and what stories come from the first users of the card, and whether the card is as susceptible to damage as the Apple website appears to indicate.

This story is also an example to businesses of how attempts to differentiate products and services and to add value should be carefully thought through and tested before public launches, and products that customers are familiar with need to be at least as convenient and practical to use as competing products.