Thursday, September 07, 2017

These holes are designed in as “features.” Security is “not required?”
Alexa, Siri are easily hacked, you won’t even hear it coming
… Chinese researchers have demonstrated that Alexa, Siri, Cortana, and Google Assistant can be easily told to do things without the knowledge, much less permission, of their owners. All by saying commands that no human can actually hear.
Like any kind of wave, sound covers a wide range of frequencies, only a small part of which is actually audible to humans. Anything below 20 Hz and above 20 kHz is imperceptible to our ears that, for all intents and purposes, they might not as well be nonexistent. But the mics in our phones and smart speakers are completely capable of detecting sound beyond those ranges and, in fact, use them for some purposes. Sadly, that fact can be exploited to give them commands that will put users at risk.
The researchers were able to set up a device using nothing more than an off the shelf smartphone and around $3 worth of parts like an amp and a speaker. Within a certain distance, they were not only able to trigger the personal assistants, they were also able to get them to do actions. Imagine getting your phone to visit a malicious website or get your smart speaker to open the door.
There is one major caveat to this attack, nicknamed “DolphinAttack” that does minimize its effectivity. The attacker has to be within a certain distance from the phone or speaker for it to work, from a few inches to a few feet. Still, that might be far enough to do some damage.
Unfortunately, the companies developing these voice assistants can’t simply tell them to ignore any audio coming from outside the normal human range. These platforms use higher, imperceptible frequencies in order to better analyze audible voice commands. Some also use these “unused” frequencies for features like seemingly magical instant connectivity. It’s not an easy hole to plug, but considering how large a gaping hole it is, the developers should get scrambling to work on a fix.

Vocal theft on the horizon
Your voice is yours alone – as unique to you as your fingerprints, eyeballs and DNA.
Unfortunately, that doesn’t mean it can’t be spoofed. And that reality could undermine one of the promised security benefits of multi-factor authentication, which requires “something you are,” along with something you have or you know. In theory, even if attackers can steal passwords, they can’t turn into you.
But given the march of technology, that is no longer a sure thing. Fingerprints are no longer an entirely hack-proof method of authentication – they can be spoofed.
That will soon be true of your voice as well.
The risk goes well beyond recent warnings from the Federal Communications Commission (FCC) and Better Business Bureau (BBB) about spam callers trying to get a victim to say the word “yes,” which they record and then use to authorize fraudulent credit card or utility charges, or to “prove” that the victim owes them money for services never ordered.

Something for my students to consider (before they start applying for jobs)?
… there are several ways you can delete your social media accounts and history. You aren’t only limited to the traditional means, such as deleting your profile through Facebook. In fact, there are lots of online services and apps that can help you with this task.

And it wasn’t even Justin Bieber?
Joe Dahlke reports:
Five nurses at Denver Health Medical Center were suspended for three weeks after opening a bag to inappropriately view a deceased patient’s genitals, a hospital spokesman said Tuesday.
The incident was reported after a different nurse overheard one of the suspended nurses make a comment about it, according to a Denver Health spokesman.
Read more on KDVR.

(Related). What is our obsession with nudity?
ITV reports:
The Duke and Duchess of Cambridge have said they are “pleased” a French court found in their favour after topless pictures of Kate were published in French Closer.
A court court awarded the Duke and Duchess almost £95,000 in damages following the pictures being made public.
Read more on ITV.

So, they only did it once (on this flight) and the DoT only fines for multiple incidents of rule breaking?
Feds won’t fine United over dragging incident, despite finding rules violations
The federal government will not fine United Airlines in the violent dragging of a passenger off one of its airplanes after the man refused to give up his seat to a crew member in April, according to a letter obtained by an airline passengers’ rights group.
In the letter, dated May 12 and released Wednesday by nonprofit advocacy group Flyers Rights, the U.S. Department of Transportation explains that while United violated some rules concerning overbooking procedures, there was no evidence of race or nationality-based discrimination in the incident, and United hadn’t engaged in a pattern of rule-breaking that would warrant a fine.
… “The airlines really have only one regulator — and that’s the DOT,” Hudson said in an interview Wednesday. “In addition to the bumping rule, they’re supposed to enforce and prohibit any unfair or deceptive conduct by airlines.”
Hudson called Dao’s dragging off the airplane “egregious” and said the finding of no action reflected poorly on the DOT.
… In its letter, DOT argued that while United flouted certain regulations, the airline remedied the compensation error 10 days later, and Dao wasn’t properly given written notice of the federal rules because he needed immediate medical care for his injuries.

No, they haven’t suddenly become vegetarians. If the pesticide never touches the crop, can they call it “Organic?”
Why John Deere Just Spent $305 Million on a Lettuce-Farming Robot
Look out weeds. Tractor giant John Deere just spent $305 million to acquire a startup that makes robots capable of identifying unwanted plants, and shooting them with deadly, high-precision squirts of herbicide.
… Pesticides and other chemicals are traditionally applied blindly across a whole field or crop. Blue River’s systems are agricultural sharp shooters that direct chemicals only where they are needed.
The startup’s robots are towed behind a regular tractor like conventional spraying equipment. But they have cameras on board that use machine-learning software to distinguish between crops and weeds, and automated sprayers to target unwanted plants.
… Willy Pell, director of new technology at Blue River, says the system has shown it can reduce herbicide use by 90 percent.

Sharpen your spreadsheets! How much would it be worth to have Amazon here in Denver?
Amazon is looking for a 2nd headquarter city, a ‘full equal to Seattle’
Today the company announced that it is opening a search for a city in North America to make its second headquarters, envisioned as a “full equal” to Amazon’s existing home in Seattle, Washington.
At full-capacity, the site would be expected to be of similar, or even bigger, size to the Seattle operation, which today is a major cornerstone of Seattle’s business life, employing 40,000 people, covering 8.1 million square feet with 33 buildings including 24 restaurants. HQ2, as Amazon is calling the new headquarters, is expected to employ 50,000 and will get $5 billion in investment, the company said.
… “Amazon HQ2 will bring billions of dollars in up-front and ongoing investments, and tens of thousands of high-paying jobs.

I’m thinking about a “How to pass this class” infographic.

Robot overlords have an upside?

No comments: