Issue No. 02 - Feb. (2014 vol. 47)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2014.41
Topics include the Target department store chain coping with the aftermath of a big security breach, companies joining forces to design a framework for the Internet of Things, a Yahoo advertising site serving malware to visitors, formation of a consortium trying to develop an Android-based computing platform for vehicles, businesses increasingly using open source software after years of resisting its use, 3D chips gaining popularity, new technology that converts images into 3D representations, prototype malware that uses audio signals to send data stolen from computers, a cap with sensors that tells coaches if athletes have suffered head injuries, and a high-tech tennis racket that collects data so that players could analyze their technique.
Target Deals with Aftershocks of Huge Security Breach
The Target retail chain has said that the recent massive cyberattack it experienced late last year may have affected 70 million to 110 million people, not the 40 million that the company originally estimated.
This makes the breach one of the biggest of its kind.
The newly identified victims may have been Target customers shopping before 27 November 2013, which the company initially said was when the attacks began. They ended 15 December.
According to Target, the hackers stole customers' mailing addresses, phone numbers, and email addresses, in addition to the customer names and card numbers, expiration dates, and security codes originally reported.
Meanwhile, large amounts of credit and debit card data taken in the attack are showing up in underground markets for cyberthieves, according to security experts. They say the number of high-value card numbers in such markets increased 10 to 20 times since the Target breach.
Criminals are reportedly paying up to $100 per account for the stolen information, which they could use to make fake cards containing real customer data for use in stores.
Target recently admitted that debit card PIN data was stolen in the attack, after earlier denials. Thieves that have the PINs for debit cards whose information was stolen could withdraw money from victims' bank accounts. However, Target says the PINs are safe because they were protected by strong encryption and because the decryption key wasn't stolen.
Target CEO Gregg Steinhafel said the company has identified and eliminated the problem that enabled hackers to infect point-of-sale terminals at stores with malware that stole data.
The US Secret Service and Department of Justice are investigating the incident.
Customers who purchased goods at one of Target's 1,800 stores in the US or 125 in Canada when the attacks occurred are advised to contact issuing banks to request a new card and PIN.
Target has offered a year of free credit monitoring and identity-theft protection for potentially affected cardholders, and it won't hold customers liable for fraudulent charges.
Security experts say the breach demonstrates serious problems with the huge computer systems used for billions of dollars of retail purchases every day. They speculate that similar attacks could affect other companies.
Three US senators have asked the Senate Committee on Banking, Housing, and Urban Affairs to hold hearings on the Target incident to determine whether the department-store chain and other businesses are adequately safeguarding consumer data. They also want to know if regulators have the resources they need to determine whether this is the case and if new security technologies are necessary.
Companies Will Develop Framework for the Internet of Things
Consumer-electronics companies have agreed to design a common software-based framework for use in building products that will work with the Internet of Things.
They hope this will enable interoperability between products from different manufacturers, and between older and newer devices. This will be important to the future of the Internet of Things, in which everyday objects connect to the Internet and then dynamically and seamlessly discover, send data to, and otherwise communicate and interact with one another.
This approach would enable, for example, an individual opening the front door to his house to automatically trigger communications that would turn on lights, activate the air conditioning, and turn on the stove.
Proponents say the Internet of Things would create smarter products and make the Internet more dynamic.
To enable such developments, the AllSeen Alliance—a consortium including companies such as LG, Panasonic, Qualcomm, and Sharp—and the Linux Foundation have agreed to work together to design an Internet of Things product framework.
Their initial effort will build on Qualcomm's open source, cross-platform, Linux-based AllJoyn project. AllJoyn includes a software framework and system services that enable interoperability among different manufacturers' Internet-connected objects and applications.
Alliance members will contribute software and engineering resources.
AllSeen software would run on various platforms such as Linux, Windows, and iOS. Products using it, regardless of vendor, would be able to communicate over multiple transport layers including Ethernet and Wi-Fi.
Experts say the AllSeen alliance will have to attract the support of many more manufacturers to accomplish its goals.
Yahoo Advertising Site Serves Malware to Visitors
A Yahoo European advertising website served malware to hundreds of thousands of visitors over the New Year's holiday period, it was recently reported.
Dutch security consultancy Fox-IT estimated that the site delivered malware to about 27,000 Windows PC users hourly between 31 December and 3 January. This is based on a typical malware infection rate of 9 percent of people who visit an infected site. About 300,000 people go the Yahoo European advertising site per hour.
Dutch security vendor Surfright said about 2 million computers were infected overall.
The hackers either compromised existing advertisements or posted malicious ads on Yahoo's site. Visitors to pages with those ads were redirected to hacker-operated sites with code that automatically exploited Java-related flaws in their computers.
The sites then uploaded various types of malware to the unsuspecting visitors' machines. Fox-IT says more people were affected in France, Romania, and the UK than in other countries.
According to Yahoo, it investigated the problem and removed the offending ads on 3 January.
Fox-IT said that the malware was hosted by servers with Dutch domain names but that it couldn't identify the hackers responsible.
MC10 Inc.'s CheckLight cap measures how hard athletes have been hit during a game or practice to help determine if they have suffered head injuries.
Consortium Wants to Make Android Run in Vehicles
Google, chipmaker Nvidia, and car manufacturers Audi, General Motors, Honda, and Hyundai have formed the Open Automotive Alliance (OAA, www.openautoalliance.net) to develop an Android-based computing and communications platform for vehicles.
The goal is to provide a common platform that automakers could build on to provide their own user experiences. The OAA says vehicles employing its approach will ship before the end of this year.
The platform would integrate users' cars and existing Android devices and also enable the vehicle itself to become a connected device.
On its website, the OAA says, "Drivers are already trying to access mobile services while they're on the road but in ways that aren't always seamless or safe. By working with automakers to deliver these experiences in ways that make sense for the automobile, drivers can get what they're looking for without disrupting their focus on the road."
Google would provide Android technology for the new platform, while Nvidia would supply the chips that run the system. Nvidia recently launched its Tegra K1, which includes 192 GPU cores and a multicore application processor. This chip could be powerful enough to generate quickly changing, high-quality images for use in vehicle displays and warning systems.
Some industry observers have expressed concern that mobile technology, like the OAA's, could distract drivers and that using open source software to control vehicles could be risky.
Businesses Flock to Open Source Software
A market analysis firm says that companies are adopting open source software in large numbers, after years of resisting its use.
According to a recent Forrester Research study, 76 percent of corporate application developers are now using open source technology to some extent, either as stand-alone programs or as building blocks for larger applications.
For years, businesses avoided open source software, saying, for example, that frequently there is no customer support for it and that the public visibility of its code made it vulnerable to hacking.
Now, according to Forrester, many companies have come to see open source software as being reliable because of the large number of people who work independently on its development.
These companies also like that open source applications are free. In addition, using such programs helps them avoid being locked in to one or two software vendors for all of their applications.
And, Forrester said, the software speeds up the development process, which gives companies the ability to respond quickly to their needs and market conditions.
Athlete's Cap Tells Coaches about Head Injuries
The threat posed by head injuries to athletes has drawn considerable attention in recent years, in news articles and elsewhere.
Identifying such injuries can be difficult for coaches and others who aren't trained in such matters. Moreover, many players don't report injuries to coaches or managers out of fear they will be pulled from a game.
To address this issue, an electronics firm has designed a cap that detects the intensity of a jolt to the head that an athlete has received and displays its severity via different-colored LED lights.
MC10 Inc. of Cambridge, Mass. developed the CheckLight cap, which is sold by athletic-wear vendor Reebok.
The system consists of sensors on the inside of a head cap, including an accelerometer to measure how fast a head has moved because of a hit and a gyroscope to measure its rotational acceleration. A processor uses this data to calculate the severity of the blow.
The cap has LEDs low enough on a player's neck to show below a helmet. A yellow light indicates a moderate hit, and a red light indicates a severe blow.
Prototype Malware Sends Stolen Data via Audio Signals, even from PCs not on a Network
Security researchers have designed prototype malware that uses high-frequency audio signals, rather than network connections, to transmit data between computers.
This would let the malware steal and then send out sensitive information from one machine not linked to a network to another device, which a hacker could then either physically take or access via a network.
The research challenges the common idea that computers are safe from data theft as long as they're not on a network.
Using only the embedded speakers and microphones in standard laptops, scientists from the Fraunhofer Institute for Communication, Information Processing, and Ergonomics transmitted audio signals containing passwords and other small amounts of information from one machine to another over distances up to 65 feet. And using a mesh network of devices that repeat the signals from one to another would let the malware transfer data even farther.
The approach offers a transmission rate of only 20 bits per second. However, the Fraunhofer scientists say this would be enough to send, for example, passwords and other login credentials collected by a keylogger, small encryption keys, or perhaps malicious commands.
3D Chips Gain Popularity
Traditionally, processors have been built in two dimensions, with transistors and wiring running within the same plane.
In 2011, Intel began building commercial chips in three dimensions. Now, this approach finally appears to be gaining steam.
Samsung Electronics manufactures the first 3D NAND flash memory chip, the Vertical NAND (V-NAND). 3D chips are growing in popularity.
Three manufacturers—Samsung Electronics, SK Hynix, and Micron Technology—expect to ship 3D NAND flash memory chips this year.
NAND memory, which retains stored information even when powered down, is becoming increasingly popular for use in mobile devices, laptops, and even some datacenter servers.
However, improving NAND flash performance by shrinking feature sizes—the traditional approach—is problematic because of issues such as signal interference and memory-cell leakage.
In response, chipmakers are building memory cells vertically, as well as horizontally, thereby avoiding the need to shrink feature sizes and, in the process, decreasing the cost per bit of memory.
Industry observers say this approach is fairly new and, therefore, carries some risks. Thus, flash vendors such as SanDisk and Toshiba have no plans to build 3D chips.
Nonetheless, experts expect the technique to become increasingly popular, first in high-performance chips and later in standard processors used in consumer products.
New Technology Converts 2D Online Images into 3D
Imagine a technology that lets a computer user in one location reach out of a display in another location and touch nearby objects.
The MIT Tangible Media Group's inFORM Dynamic Shape Display, in effect, provides such capabilities.
For example, a user on one end of a network transmission could sit in front of a monitor and move in various ways. On the other end, the system could manipulate white cubes on an inFORM table to form shapes representing the person's changing image.
Thus, if a remote user reaches out as if to grab something, the cubes form a set of arms and hands that actually grasp an object.
In tests, the system enabled a remote user to pass a ball on inFORM's tabletop from one virtual hand to another and also work with someone at the tabletop to sculpt a model car versions.
In addition, the system converts volumetric images—such as topographical maps, building schematics, or the results of medical scans—into 3D versions, which could help geographic-data analysts, urban planners, architects, doctors, and others.
Moreover, the MIT researchers say, it could enable videoconference participants to physically collaborate on projects.
inFORM uses a 3D sensor, like the one in the Microsoft Kinect game controller, to capture data about images of a remote user or object.
A circuit board with a microcontroller connected to a computer utilizes this information to operate motors that raise the white cubes to form physical representations of the images.
A ceiling-mounted projector shines colored light onto the blocks to make the resulting shape look more realistic or interesting, the researchers explained.
MIT researchers' inFORM Dynamic Shape Display receives images of people or objects over a network and converts them into 3D representations by using a computer system to mechanically raise white cubes on a specially equipped table. For example, if a person in one location reaches out as if to grasp an object, the cubes on the table form a set of arms and hands that can actually grab one.