Issue No. 03 - March (2013 vol. 46)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2013.108
Security Experts: Disconnect Universal Plug and Play
A technology designed to make it easy to connect PCs to various devices leaves those machines vulnerable to attack, according to security researchers.
Because of this, security vendor Rapid7 is advising people to turn off universal plug and play on their IP cameras, printers, Wi-Fi access points, routers, and millions of other Internet-connected devices on which it has been enabled either by default or by the user.
UPnP uses protocols—such as TCP/IP, HTTP, XML, and SOAP—that let devices join an IP network, seamlessly discover one another, and establish the services necessary for peer-to-peer data sharing and communications.
However, in a report titled "Security Flaws in Universal Plug and Play: Unplug. Don't Play," Rapid7 researchers said that various UPnP security flaws also make it easier for hackers to use the technology to compromise computers or networks.
In a recent experiment, the researchers issued UPnP discovery requests to millions of routable IPv4 addresses once weekly for about six months. They say that 81 million unique addresses from multiple networks responded, even though the technology is only supposed to enable communications within a single local network.
Approximately 17 million machines broadcast UPnP services based on SOAP, which is a Web services messaging protocol. By advertising these services, the machines would let hackers gain access without worrying about security measures such as firewalls.
Rapid7 says it has found 6,900 products from 1,500 vendors with at least one UPnP vulnerability.
Among the technology's problems, according to the company, are the rare implementation of authentication by device manufacturers, the frequent exposure of privileged capabilities to untrusted networks, and programming flaws in many software implementations.
Software Recreates Ancient Languages from Modern Tongues
Academic researchers have developed software that helps reconstruct old languages from their modern versions. Scientists at the University of California, Berkeley, and University of British Columbia say this could help maintain languages that have very few native speakers left.
The new software analyzes today's languages and then automatically and rapidly produces vocabularies of their historical predecessors, known as protolanguages. Until now, linguists have had to accomplish this by manually comparing languages that appear to be based on the same ancestral tongue.
UC Berkeley associate professor Dan Klein said the new program uses ideas linguists have employed for years. It also utilizes a Markov chain Monte Carlo algorithm, a statistical approach that repeatedly samples probability distributions of possible protolanguage vocabulary words until it finds highly likely ones.
So far, the researchers have used the software to study today's Austronesian languages—such as Hawaiian, Tagalog, Ilokano, Malay, Samoan, and Tahitian—which are used in various Southeast Asian islands, the Pacific, and mainland Asia.
The scientists have examined about 140,000 modern words and reconstructed about 600 Austronesian protolanguages. They say that about 85 percent of the reconstructions are extremely close to those that linguists have produced.
Klein said that the software is designed not to replace linguists but to provide them with a helpful tool.
The researchers note that their application also might be able to predict how languages will change in the future.
US Military Software Turns Warplanes into Wireless Routers
The US armed forces have developed software that can turn its warplanes into flying wireless routers, making it easier for ground soldiers to communicate with one another.
The military could add the Net-T (network tactical) software to its LITENING and Sniper targeting systems, which are installed in pods on various US Air Force aircraft that carry cameras, sensors, and communications equipment.
Troops could send messages and data—including video, still images, or map coordinates—to one another via Net-T and the Remotely Operated Video Enhanced Receiver 5 system. ROVER-5 is a tablet that soldiers carry and that, until now, allowed communications only directly between ground troops and aircraft.
With Net-T, soldiers could send messages and data to a properly equipped aircraft, which would route them to other troops on the ground, without relying on the availability of traditional satellite or radio technology. To do so, each set of soldiers would need to have line of sight with the plane, explained US Air Force Capt. Joseph Rojas, the Net-T Project test engineer. The troops don't have to be able to see one another.
The 40th Flight Test Squadron at Eglin Air Force Base in Florida recently finished testing Net-T on aircraft such as the B-1B bomber, and the F-16 and F-15E fighters.
Pilots activate the system by pushing a single button. Then, said US Air Force Maj. Olivia Elliott, who helped test Net-T, "After that, the pilot must stay within the range of the ROVER's transmitter and stay within view of the users."
The Air Force plans to begin using Net-T operationally by 2014.
New Standard Enables Ultrahigh-Quality Video
Two standards groups have collaborated on a new compression technology that promises higher-quality video that could get even better in the future.
The International Organization for Standardization's (ISO's) and International Electrotechnical Commission's Moving Picture Experts Group (MPEG), along with the International Telecommunication Union-Telecommunication (ITU-T) Standardization Sector's Video Coding Experts Group (VCEG), have completed designing the High Efficiency Video Coding (HEVC) standard, also called H.265. It will succeed the popular Advanced Video Coding specification, also known as H.264.
HEVC will support 4K video, a high-definition format in the early stages of adoption in which the horizontal resolution is about 4,000 pixels. This is four times the resolution of typical high-definition 1080p video.
Proponents say HEVC could also support 8K video, which would have 16 times 1080p's resolution but hasn't been adopted yet. HEVC uses bandwidth more efficiently than its predecessors, enabling media players and networks to play higher-resolution video without bogging down in huge amounts of data.
Consequently, industry observers say, HEVC could become popular quickly. Numerous vendors have already announced support for the technology in their products.
By January 2014, MPEG expects to complete one set of HEVC extensions that would enable video with more color information and another that would support 3D and multiview video, which uses sequences captured simultaneously from multiple cameras.
Some HEVC technologies are covered by patents—from companies such as Intel, Microsoft, NTT DoCoMo, Qualcomm, and Research In Motion—which means users could have to pay royalties. The ISO and ITU say holders of patents that are part of their standards must let people who deploy the technologies use them either royalty-free or by paying a reasonable fee.
MPEG LA—a company that licenses patents used in MPEG and similar standards—says it is working with various companies to license some of their HEVC-related patents.
Google is working on VP9, an open, royalty-free HEVC competitor.
IBM Advances New Chipmaking Approach
IBM has developed a chip with carbon nanotube transistors at twice the density produced elsewhere, further advancing research on ways to replace silicon in future processors.
Chipmakers are concerned that they may be approaching the limit as to how much smaller they can make silicon transistors. This would restrict the amount of circuitry they could put on a chip to increase its performance.
To address this issue, IBM researchers recently built a hybrid chip with 10,000 working transistors made of carbon nanotubes on a silicon substrate. Carbon nanotubes can be grown very small, enabling their use in tiny transistors that could be packed onto processors. The IBM scientists say this approach could let them continue developing faster chips for at least another 10 years.
To build their chip, the researchers drew circuitry patterns on their silicon substrate. They then applied tiny pieces of carbon nanotubes that they had first soaked in a soapy liquid. Via chemical self-assembly, nanotubes stuck to the parts of the patterns where the circuitry was to go.
Ultimately, the researchers will have to perfect the process of building chips with such material. The IBM scientists say they hope to do so during the next decade.