Mobile

Microsoft’s Phone App Challenge to iMessage and FaceTime

Posted on by Andy Miller

Reports from online tech commentators indicate that Microsoft will soon be enhancing its Your Phone app with the ability to make phone calls from a desktop PC, thereby making the app a serious challenger to Apple’s iMessage and FaceTime.

The Your Phone App

Microsoft’s Your Phone desktop App connects your phone to your PC thereby giving you access to your phone’s notifications, photos and texts while working on your PC. Giving the desktop Phone App the details of your phone (Android or Apple, phone number) means that you receive a download link to the ‘Phone Companion’ via SMS text.

Installing the Phone Companion on your mobile enables you to sync your phone with your PC e.g. an Android phone with Windows 10 PC.  This gives instant access to your phone on your PC so that you can reply to texts at your PC and instantly receive photos on your PC that have been taken on the phone.

Making Calls – Challenging Apple’s iCloud Integrations

The addition of being able to dial a number, search your phone contacts and make a call directly from your PC is an important enhancement that could make Microsoft’s Your Phone desktop App a serious challenger to Apple’s iCloud integrations on macOS.

Apple Mac users can currently use these to send messages from their desktop using iMessage and can also make voice and video calls using FaceTime.

‘Use Phone’ Button

The enhanced Your Phone App from Microsoft will include a ‘Use Phone’ button that can send a call back from the PC (microphone and speakers) to the handset,  thereby enabling more privacy and/or shutting out any distracting background noise e.g. keyboard noises and noises from home working.

Who?

A full-feature Your Phone App would most likely be of maximum value to those workers who need to be in front of the desktop for long periods of time with minimal distractions although, arguably, messages and notifications popping up on the screen could be less easy to ignore than if they’d been quietly arriving on the phone in corner.

The Your Phone app could also be of use to workers in a situation where too much obvious interaction with their handset in the workplace is frowned upon and where visual monitoring and supervision is particularly intense.

What Does This Mean For Your Business?

For Microsoft, this improvement to the Your Phone desktop App, which has been around for some time, gives it much greater potential value to users and gives Microsoft another way to seriously compete with its rival Apple.

For any business users who are typically tied to the PC for most of the time the ability to handle all phone matters on the desktop adds value in terms of convenience, possible time savings, and fewer distractions.

Tech Tip – WiFiAnalyzer

Posted on by Andy Miller

If you’d like to optimise your Wi-Fi signal by being able to quickly analyse Wi-Fi networks directly from your Android device, measure signal strength and identify crowded channels, Wi-Fi Analyzer may be the app for you.

This open-source, free app, which has no-adverts and claims not to collect any personal information, uses as few permissions as possible to perform the analysis and does not require access to the Internet.

WiFiAnalyzer is available from the Google Play store.

iPhone Attack Lasting More Than 2 Years Discovered

Posted on by Andy Miller

A Google security researcher has discovered a sustained and indiscriminate hacking attack on iPhones that is believed to have been going on for more than two years.

Google Project Zero

Details of the attack are outlined on Google’s ‘Project Zero’ blog (https://googleprojectzero.blogspot.com) by security researcher Ian Beer.

Using Hacked Websites For The Attack

On the blog, Mr Beer highlights how Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites that were being used in indiscriminate ‘watering hole’ attacks against their visitors, using iPhone 0-day.  Watering hole attacks are where the browsing patterns of particular groups are observed in order to lay a trap e.g. hack a website that the particular group visits and 0-day vulnerabilities in software are those that are either unknown or known and not patched.

Mr Beer’s TAG team noted that there has been no target discrimination for the attack but a simple visit to a hacked website appears to be enough for the exploit server to attack a person’s device, leading to the installation of a monitoring implant.

How Many iPhone Users Have Been Affected?

Mr Beer’s team estimate that the hacked websites receive thousands of visitors per week.  Also, given that the hack has been operating for more than two years, and that TAG was able to identify five separate, complete and unique iPhone exploit chains that cover almost every version from iOS 10 through to the latest version of iOS 12, large numbers of iPhone users could potentially be affected.

12 Security Flaws

Mr Beer’s team identified 12 separate security flaws (mostly bugs within the Safari default web browser on Apple products) that could be used to compromise the Apple devices.

Reported To Apple – Patch Released

The TAG researchers reported the issues to Apple with a 7-day deadline on 1 February 2019 and shared the complete details of the research with Apple.  This led to the release of the security update iOS 12.1.4 on 7 Feb 2019.

What Does This Mean For Your Business?

It is worrying to think that this kind of hack has been going on for years before it was discovered, and owners of Apple devices may be particularly surprised given the security features of their phones and Apple’s reputation for offering relative safety from concerns about viruses and hacking.

If you have an iPhone, the advice is to make sure that it is running the latest version of iOS. Go to ‘Settings’, tap ‘General’, and under ‘Software Update’ check that you are be running iOS 12.4.1. which has the fix.

Tech Tip – Office Lens

Posted on by Andy Miller

If you would like a handy way to make copies of work documents for future reference, the Office Lens app lets you turn your smartphone into a whiteboard and document scanner.

The Office Lens app means that you never need to lose a receipt or important document or lose any of the ideas sketched onto a whiteboard at meetings or courses.  Snap a picture of your chosen document with the app and Office Lens allows you to save the output as images, PDFs or Word documents, and save to OneNote, OneDrive, or to your local device.

Office Lens is available from the Google Play store.

Four-Year Lifespan For Self-Driving Cars

Posted on by Andy Miller

As large car manufacturers seek to reinvent themselves as ‘mobility companies’ in an effort to compete for global leadership in the growing autonomous driving sector, a Ford Executive has predicted that self-driving cars will only last four years.

Only Four Years?

The prediction of four-year lifespan for self-driving cars came from John Rich, the operations chief of Ford Autonomous Vehicles, in a recent interview with the Telegraph.

Why Four Years?

The idea that a driverless car will only last four years stems from the fact that these cars will be part of fleets that have continuous use and will, therefore, wear out more quickly.  Even though this may appear to indicate that car companies could make more money by selling new car replacements after only four years, this is not necessarily so because car manufacturers appear to envisage a future where they will become fleet operators that sell us fewer cars.

Mobility Company

Mr Rich’s prediction fits in with the idea that traditional car manufacturers such as Ford and Toyota say that they’re aiming to become ‘mobility companies’ that operate fleets of autonomous/driverless vehicles for other companies to use.  This could include the car manufacturers hiring the fleets out themselves, supplying the fleets for other companies to hire out, and getting involved in ventures with other operators.  For example, Toyota and Chinese autonomous driving company Pony.ai have recently teamed up in a US$600 million joint venture to explore mobility services and to help Toyota to become a major mobility company in China. Also, Pittsburgh start-up Argo AI is reported to be developing driverless cars for Ford and is testing the technology in five cities in the US.

The move by Ford and other manufacturers towards becoming mobility companies with autonomous fleets will see them compete directly with operators such as Uber.

Decline In Private Ownership

The prediction and vision from market analysts is that there will be a decline in private car ownership and the costs associated with that as consumers will prefer to use the widely available fleets of autonomous vehicles operated by the new mobility companies.

What Does This Mean For Your Business?

Traditional car manufacturers appear to see their future as mobility companies in a world where they and other businesses operate fleet services of widely available autonomous vehicles to business and individual users who will no longer need to own a car themselves. This is all part of today’s car manufacturers trying to get significant peace of global (in the developed world) market for autonomous transport.  If this future vision plays out as the car manufacturers and analysts predict, this will have a dramatic effect on businesses and markets along the car supply chain as well as the private hire and public transport markets.

Tech Tip – Split

Posted on by Andy Miller

If you’d like to be even more productive and be able to multi-task while using your iPhone or iPad, the ‘Split’ web browser app allows you to run two browser tabs side by side.

The app works in portrait and landscape views, and for each website that’s split in the browser you have a back button, you can bookmark a page, and you can open one of the websites into full-screen mode and simply tap to go back to the split-screen.

The Split app is free from Apple’s App Store, and similar split browser apps are also available for Android.

Your Password Can Be Guessed By An App Listening To Your Keystrokes

Posted on by Andy Miller

Researchers from SMU’s (Southern Methodist University) Darwin Deason Institute for Cyber-security have found that the sound waves produced when we type on a computer keyboard can be picked up by a smartphone and a skilled hacker could decipher which keys were struck.

Why?

The research was carried out to test whether the ‘always-on’ sensors in devices such as smartphones could be used to eavesdrop on people who use laptops in public places (if the phones were on the same table as the laptop) e.g. coffee shops and libraries, and whether there was a way to successfully decipher what was being typed from just the acoustic signals.

Where?

The experiment took place in a simulated noisy Conference Room at SMU where the researchers arranged several people, talking to each other and taking notes on a laptop. As many as eight mobile phones were placed on the same table as the laptops or computers, anywhere from three inches to several feet away. The study participants were not given scripts of what to say when talking, could use shorthand or full sentences when typing and could either correct typewritten errors or leave them.

What Happened?

Eric C. Larson, one of the two lead authors and an assistant professor in SMU Lyle School’s Department of Computer Science reported that the researchers were able to pick up what people were typing at an amazing 41 per cent word accuracy rate and that that this could probably be extended above 41 per cent if what researchers figured out what the top 10 words might be.

Sensors In Smart Phones

The researchers highlighted the fact that there are several sensors in smartphones that are used for orientation and although some require permission to be switched on, some are always on.  It was the sensors that were always switched on that the researchers were able to develop a specialised app for which could process the sensor output and, therefore, predict the key that was pressed by a typist.

What Does This Mean For Your Business?

Most of us may be aware of the dangers of using public Wi-Fi and how to take precautions such as using a VPN.  It is much less well-known, however, that smartphones have sensors that are always on and could potentially be used (with a special app) to eavesdrop.

Mobile device manufacturers may want to take note of this research and how their products may need to be modified to prevent this kind of hack.

Also, users of laptops may wish to consider the benefits of using a password manager for auto-filling instead of typing in passwords and potentially giving those passwords away.

Tech Tip – Gallery Go

Posted on by Andy Miller

If you’ve been looking for a good gallery app for Android, Google has created an offline and compact, lite version of Google Photos that is uncluttered and easy to use.

The Gallery Go app works offline, so it doesn’t sync to a Google account (like Google Photos), but it only has two tabs at the bottom for pictures and folders, useful search tabs at the top, and very a user-friendly layout.

Gallery Go enables easy copying and moving photos between folders, you can create new folders, and it supports SD card.  The app also has automatic organisation so that each night, Gallery Go will automatically organise your photos to group by: People, Selfies, Nature, Animals, Documents, Videos and Movies.

Gallery Go is available from the Google Play Store.

$1 Million Bounty For Finding iPhone Security Flaws

Posted on by Andy Miller

Apple Inc recently announced at the annual Black Hat security conference in Las Vegas that it is offering security researchers rewards of up to $1 million if they can detect security flaws its iPhones.

Change

This move marks a change in Apple’s bug bounty programme.  Previously, for example, the highest sum offered by Apple was $200,000, and the bounties had only been offered to selected researchers.

The hope appears to be that widening the pool of researchers and offering a much bigger reward could maximise security for Apple mobile devices and protect them from the risk of governments breaking into them.

State-Sponsored Threats

In recent times, state-sponsored interference in the affairs of other countries has become more commonplace with dissidents, journalists and human rights advocates being targeted, and some private companies such as Israel’s NSO Group are even reported to have been selling hacking capabilities to governments. These kinds of threats are thought to be part of the motivation for Apple’s shift in its bug bounty position.

Big Prizes

The $1 million prize appears likely to only apply to remote access to the iPhone kernel without any action from the phone’s user, although it has been reported that government contractors and brokers have paid as much as $2 million for hacking techniques that can obtain information from devices.

Apple is also reported to be making things easier for researchers by offering a modified phone with some security measures disabled.

Updates

If flaws are found in Apple mobile devices by researchers, the plan appears to be that Apple will patch the holes using software updates.

Bug Bounties Not New

Many technology companies offer the promise of monetary rewards and permission to researchers and ethical (white hat) hackers / ethical security testers to penetrate their computer system, network or computing resource in order to find (and fix) security vulnerabilities before real hackers have the opportunity use those vulnerabilities as a way in.  Also, companies like HackerOne offers guidance as to the amounts to set as bug bounties e.g. anywhere from $150 to $1000 for low severity vulnerabilities, and anywhere from $2000 to $10,000 for critical severity vulnerabilities.

Examples of bug bounty schemes run by big tech companies include Google’s ongoing VRB program which offers varying rewards ranging from $100 to $31,337 and Facebook’s white hat program (running since 2011) offering a minimum reward of $500 with over $1 million paid out so far.

What Does This Mean For Your Business?

With the growing number of security threats, a greater reliance on mobile devices, more remote working via mobile devices, mobile security is a very important issue for businesses. A tech company such as Apple offering bigger bug bounties to a wider pool of security researchers could be well worth it when you consider the damage that is done to companies and the reputation of their products and services when a breach or a hack takes place, particularly if it involves a vulnerability that may be common to all models of a certain device.

Apple has made the news more than once in recent times due to faults and flaws in its products e.g. after a bug in group-calling of its FaceTime video-calling feature was found to allow eavesdropping of a call’s recipient to take place prior to the call being taken, and when it had to offer repairs/replacements for problems relating to screen touch issues on the iPhone X and data loss and storage drive failures in 13-inch MacBook Pro computers. Apple also made the news in May this year after it had to recall two different types of plug adapter because of a possible risk of electric shock.

This bug bounty announcement by Apple, therefore, is a proactive way that it can make some positive headlines and may help the company to stay ahead of the evolving risks in the mobile market, particularly at a time when the US President has focused on possible security flaws in the hardware of Apple’s big Chinese rival Huawei.

If the bug bounties lead to better security for Apple products, this can only be good news for businesses.

Tech Tip – Crono App

Posted on by Andy Miller

If you’d like to get better integration between your PC and phone, the Crono app enables you to get all your notifications straight from Chrome.

If you spend a lot of time using Chrome on your computer, the Crono app lets you see all your notifications and calendar events without looking at your phone i.e. you get mobile notifications on your browser and you can respond to those notifications through your browser.

The app, which requires a Chrome extension to work also allows clipboard sharing between your browser and device with a single click, and if you can’t find your phone you can ring it directly from your browser.

Crono is available for Android from the Google Play Store.