Monthly Archives: November 2016

Autonomous Chrysler Minivans

the standalone venture that emerged from Google’s self-driving car project, on Monday unveiled a fleet of 100 Chrysler Pacifica hybrid minivans with the latest high-tech sensors, telematics, and other gear designed for fully autonomous operation.

Modifications were made to several parts of the Pacifica — including its electrical, powertrain, chassis and structural systems — to optimize it for fully autonomous driving.

With the additional computer equipment, the cars will undergo more challenging tests. They will be subjected to a broader variety of traffic and weather conditions, as well as other variables, with the goal of being ready for introduction by 2017.

“Waymo chose the Chrysler Pacifica Hybrid minivan, as its well-suited for Waymo’s self-driving systems,” said FCA spokesperson Berj M. Alexanian.

“As a plug-in hybrid electric vehicle, the Pacifica Hybrid is fuel-efficient, which is important to Waymo,” he told TechNewsWorld. “Pacifica Hybrid offers a highly refined and comfortable ride experience. Using Pacifica Hybrid also gives Waymo a chance to test a different kind of passenger vehicle.

 

The Waymo Brand

The announcement comes just days after Waymo unveiled new branding and a new team of executives, amid increasing competition to bring autonomous vehicles to the U.S. market.

The joint program team has worked to integrate the self-driving computers and other systems into the Chrysler Pacifica minivans to get them ready for use, noted Waymo CEO John Krafcik. The work has included more than 200 hours of extreme-weather testing since the companies originally announced the partnership in June.

Waymo and Fiat Chrysler have co-located part of their engineering teams to a new facility in southeastern Michigan to speed development. The companies also have conducted extensive testing at FCA’s Chelsea Proving Grounds in Chelsea, Michigan, and the Arizona Proving Grounds in Yucca, Arizona, as well as Waymo’s test track in California.

FCA sells cars under the Chrysler, Jeep, Dodge, Ram and SRT performance vehicle brands. The firm also distributes under the Alfa Romeo and Topar brands.

 

Improved Safety

The introduction of the fully equipped Pacifica minivan is a signal that Waymo may be focusing on autonomous vehicle technology as a means of making driving more efficient and safer for families, suggested Michael Harley, an analyst at Kelley Blue Book.

“This is something deep in the heart of what a family would purchase,” he told TechNewsWorld.

Waymo has emphasized its track record of operating test vehicles in a safe manner — Krafcik last week posted a copy of Google’s November self-driving report on Twitter.

During autonomous testing, 24 Lexus RX450 SUVs and 34 prototype vehicles navigated shared roads and successfully engaged in lane splitting — accommodating motorcyclists that bobbed and weaved, making multiple lane changes, the report shows.

The rollout of the Chrysler Pacifica minivans puts Google well ahead of its direct technology industry competitors in the race to get autonomous vehicles in the hands of the public, said Egil Juliussen, principal analyst for automotive technology at IHS Markit.

“Basically Google needs more vehicles to test,” he told TechNewsWorld. “They’ve advanced quite a lot.”

The testing of such a minivan offers Waymo a more flexible set of options when considering the kind of vehicles it wants to deploy when it makes its first commercial introduction of fully autonomous vehicles.

The Tech That Each Play Battle

Twitter earlier this year outlined its policy, which includes deactivating accounts linked to terrorism groups, cooperating with law enforcement entities when appropriate, and partnering with organizations working to counter extremist content online.

Facebook earlier this year began offering advertising credits to some users combating terrorism online, and it began collaborating with the U.S. State Department to develop antiterrorist messaging from college students.

YouTube’s content policies strictly prohibit terrorist recruitment and content intending to incite violence, the company said. YouTube terminates any account if it has reason to believe that the account holder is an agent of a foreign terrorist organization.

Google parent company Alphabet this summer partnered with Facebook and Twitter to sponsor three experiments using videos to combat the spread of terrorist propaganda on their sites.

Google think tank Jigsaw this summer launched Redirect, a pilot project that aims to redirect people searching for jihadist information online toward counterterrorism content. Project Redirect is not involved in YouTube’s partnership with Microsoft, Facebook and Twitter.

Microsoft this spring outlined its two-pronged approach to the online terrorism problem: addressing the appearance of related content on its services; and partnering with others to tackle the issue more broadly.

Stupid Thanksgiving Arguments

I’m writing this before Thanksgiving, which I used to hate and now don’t — largely because I no longer spend the day arguing with family. I’ve been listening to a lot of friends and relatives dread this year’s event because of political discussions that are likely to occur, and the equally annoying comments and critiques from those who supported both candidates.

I have no doubt that both sides will use fake news, quotes taken out of context, and false facts to make their points to the annoyance of those of us who just want to have a nice big meal and then drop into a food coma for a few happy hours afterward.

Perhaps my own most memorable Thanksgiving was going over to my then steady girlfriend’s house, having her compare herself to a Playboy playmate, and making the unfortunate comment “you wish,” to the glee of her brothers, and effectively ending the relationship. My defense of “trying to fit it,” I’m afraid, fell on deaf ears.

The week before Thanksgiving, Intel presented a fix that could be applied to this problem — an artificial intelligence tool that could prevent you from saying or tweeting something stupid. Hell, it likely could make more than a few politicians look a lot smarter than they currently do.

I’ll explain, and end with my product of the week — well, book of the week — which is an ex-Amazon employee’s take on how Amazon is going to take over the retail world. A lot of us catch up on our reading over the holidays, if only to avoid some of our more outspoken relatives and friends.

Tool Easily Breaks Into Locked PCs

Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer armed with only a US$5 Raspberry Pi.

The low-tech cookie-siphoning intrusion is one of Kamkar’s simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices, with MacGyver-like precision.

Kamkar’s latest hack, PoisonTap, uses a Raspberry Pi Zero, a micro SD card, and a micro USB cable or other device that emulates USB, including USB Armory or LAN Turtle.

Windows, OS X and Linux recognize PoisonTap as an Ethernet device, load it as a low-priority network device, and perform a DHCP request across it, even if the computer is locked or password-protected, Kamkar explained.

PoisonTap provides the computer with an IP address. However, the DHCP response tells the machine that the IPv4 space is part of PoisonTap’s local network, rather than a small subnet, he said.

If a Web browser is running in the background, one of the open pages will perform an HTTP request in the background, noted Kamkar. PoisonTap responds with a spoof, returning its own address, and the HTTP request hits the PoisonTap Web server.

When the node Web server gets the request, PoisonTap’s response is interpreted as HTML or JavaScript.

The attacker is able to hijack all Internet traffic from the machine and siphon and store HTTP cookies from the Web browser or the top 1,000,000 Alexa websites.

Robust Sales

Amazon Echo and Google Home were among the most buzzed-about items on Cyber Monday, according to Adobe Digital Insights spokesperson Melissa Chanslor.

In fact, Amazon on Tuesday reported a record-breaking Cyber Monday, with sales of the Echo family of devices up seven times compared with Cyber Monday 2015.

The company sold millions of Alexa-related devices over the Thanksgiving weekend, with the Echo Dot, the Amazon Fire TV Stick with Alexa Voice Remote, the Fire tablet and the Amazon Echo ranking as the best-selling products from any manufacturer across the site, said Dave Limp, senior vice president, Amazon devices and services.

Amazon sold more than 5.1 million Echo devices in the U.S. since the product was launched in 2014, according to a Consumer Intelligence Research Partners report released earlier this month. Approximately 2 million of the estimated 5.1 million devices sold in the first nine months of 2016 alone, with awareness of the device on the rise.

More than 40 percent of Echo users streamed music on the device, and one-third used it to ask Alexa questions, the report shows.

A touchscreen would be a strong addition to the Echo, which operates mainly through voice controls, noted Rob Enderle, principal analyst at the Enderle Group .

“There are times when having something respond visually rather than verbally is more useful,” he told TechNewsWorld. For example, checking news and weather at night, or looking for video, photos or lyrics to go with music, would make voice controlled devices more compelling.

Amazon is selling tablets in the US$30 range to lead into holiday sales, Enderle noted, so the addition of a touchscreen likely would not mean a significant cost increase for the home hub.

A visual option also would help Amazon link Alexa devices to the music store, the retail website and Amazon Fire TV, he added.

 

A Bigger Pie

A touchscreen addition for the Echo would serve to expand the audience of consumers to those who might want mobile device, suggested Michael Jude, a program manager at Stratecast/Frost & Sullivan.

“It will simply extend the Alexa options into the realm of a tablet,” he told TechNewsWorld. “It could be popular with a certain niche that is already hooked on the Alexa voice interface.”

A touchscreen might not be enough to hold back competitors for the digital assistant space, but “the more places Alexa is used, the better for Amazon,” said Jim McGregor, principal analyst at Tirias Research.

Lets Call for Public Systems

The San Francisco Municipal Transportation Authority, or SF MTA, was hacked on Friday.

“You Hacked, All Data Encrypted,” was the message reportedly displayed on computer screens at the authority’s stations throughout the city. “Contact for Key (cryptom27@yandex.com)ID:681 , Enter.”

Fare payment machines at underground stations were out of order, resulting in free rides on the subway and light rail system known locally as “SF Muni.”

Some SF MTA employees’ email systems did not work, The San Francisco Examiner reported.

The MTA locked its subway fare gates in an open position to enable free riding, according to the paper.

The agency was hit by a ransomware attack that disrupted some of its internal computer systems, including email, according to spokesperson Kristen Holland.

The attack didn’t affect transit service or buses, she noted. Neither customer privacy nor transaction information were compromised, and the situation was contained.

All About the DoughA person at the email address provided by the hacker, who identified himself as “Andy Saolis” to the Examiner, demanded 100 bitcoins — equal to about US$73,000 — to release data captured from the MTA.

The MTA payment system was inaccessible over the weekend, according to the Examiner, and employees were concerned that the personal data of the agency’s nearly 6,000 employees was at risk.

Saolis indicated the attack was “for money, nothing else.”

“Andy Saolis” is the name used by the attacker who launched a full disk encryption ransomware package that Morphus Labs discovered earlier this year and dubbed “Mamba.”

 

Open Muni

The MTA’s network was penetrated after an employee downloaded a torrented computer file that contained a software key code generator, Saolis reportedly said. That automatically launched an admin-level infection.

The SFMTA network was very open, he maintained.

Saolis threatened to close the email Monday if he hadn’t heard from the MTA, which would lock the agency’s infected computers out of its network permanently.

“It looks like the Muni scheduling and billing systems are running on the same machines as the employees’ email systems,” said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

“This implies that the Muni operations are exposed to external attack,” he told the E-Commerce Times.

Muni “should have critical operations and management systems running in a secured environment, ideally one not exposed to outside access,” Jude suggested.

 

The Very Real Public Threat

Penetrations of this sort “can easily escalate to life-threatening events,” Jude warned. “Simply messing with route scheduling could lead to confusion or, possibly, collisions.”

Mass transit and passenger rail systems, including buses, light rail and subways, are one of the seven key subsections in the United States Transportation Systems Sector.

The U.S. Department of Homeland Security, which oversees the sector jointly with the U.S. Department of Transportation, has issued a cybersecurity framework implementation guidance and a companion workbook for owners and operators in the sector to help reduce cyber risks.

 

Keeping Transit Systems Safe

“The threat environment warrants evaluating security controls for any organization that relies on computer systems for providing a service or running a business,” said Tim Erlin, senior director of IT and security at Tripwire.

Ransomware Infiltration

Facebook on Monday denied that its network and Messenger app were being used to spread ransomware to its users, contradicting the claims of Check Point researchers Roman Ziakin and Dikla Barda.

The two researchers last week reported they had discovered a new method for delivering malicious code to machines, which they dubbed “ImageGate.”

Threat actors had found a way to embed malicious code into an image, they said.

Due to a flaw in the social media infrastructure, infected images are downloaded to a user’s machine, Ziakin and Barda explained. Clicking on the file causes the user’s machine to become infected with a ransomware program known as “Locky,” which encrypts all the files on the infected machine. The user then must pay a ransom to the purveyor of the malicious software in order to decrypt the files.

“In the past week, the entire security industry is closely following the massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign” the researchers wrote in an online post. “Check Point researchers strongly believe the new ImageGate technique reveals how this campaign was made possible, a question which has been unanswered until now.”

Bad Chrome ExtensionFacebook has disputed Check Point’s findings.

“This analysis is incorrect,” Facebook said in a statement provided to TechNewsWorld by spokesperson Jay Nancarrow.

“There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook,” the company maintained.

“We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for nearly a week,” Facebook noted. “We also reported the bad browser extensions to the appropriate parties.”

Most social media sites, including Facebook, have protections in place to block spam and dangerous file types, said Marc Laliberte, an information security threat analyst with WatchGuard Technologies.

“This most recent attack bypassed Facebook’s protections by using a specific type of image file that supports interactivity via embedded scripts, like JavaScript,” he told TechNewsWorld. “Facebook has since added the image file type — SVG — used in this attack to their filter.”

 

Cloak of Legitimacy

What makes this attack so devious is that it’s cloaked in legitimacy.

“The JavaScript embedded in the image is not malicious,” explained Alexander Vukcevic, virus labs director at Avira. “It leads you to a website that looks like YouTube.”

At the website, you’re told you need to download a browser extension to watch video at the site.

“The browser extension then downloads the ransomware,” Vukcevic told TechNewsWorld.

Ransomware like Locky has become a big threat to consumers, observed Javvad Malik, a security advocate for Alien Vault.

“Most are not technically savvy to spot or defend against ransomware,” he told TechNewsWorld. “While a lot of effort is put into educating consumers around the dangers of clicking on links in emails or opening attachments, there is an inherent level of trust that people put in social media platforms, which is being abused by this current threat.”