Discus Systems PLC - IT Support Company in Birmingham West midlands
0800 880 3360
 


Posted by Damien Biddulph on Mon 15th Jan 2018

 

  • Sen. John Thune, who chairs the Commerce, Science and Transportation Committee, asked for answers from Apple in a letter released Wednesday.
  • Apple is supposed to respond by Jan. 23.
  • Thune said he isn't "ruling anything out" should the tech giant fail to adequately answer his questions.

@saracsalinas

Published 12:01 PM ET Wed, 10 Jan 2018  Updated 12:51 PM ET Wed, 10 Jan 2018CNBC.com

     
     
     
     
     

Sen. John Thune (R-SD)

Sen. John Thune: We want more transparency from Apple  12:42 PM ET Wed, 10 Jan 2018 | 03:30

Republican Sen. John Thune said Wednesday on CNBC that he wants to know why Apple hasn't been more "transparent" about why the company chose to deliberately slow the performance of batteries in some older iPhones.

Thune, who chairs the Commerce, Science and Transportation Committee, requested answers from the company in a letter released Wednesday. Apple is supposed to respond by Jan. 23.

The South Dakota Republican said he isn't "ruling anything out" should Apple fail to adequately answer his questions.

"We could have a hearing at some point and elevate this further," Thune told CNBC's "Squawk Alley" on Wednesday.

Apple disclosed in December that it had been slowing down batteries in older iPhones to save components from overuse without notifying users. It apologized to customers and dropped the price of a battery replacement to $29.

Source: cnbc.com
 
corner spacer corner
 


Posted by Damien Biddulph on Mon 15th Jan 2018

Millions of people trust WhatsApp's end-to-end encryption. But security researchers say a flaw could put some group chats at risk of infiltration.

HOTLITTLEPOTATO

When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide. But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator. And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app's group chats much easier than ought to be possible.

At the Real World Crypto security conference Wednesday in Zurich, Switzerland, a group of researchers from the Ruhr University Bochum in Germany plan to describe a series of flaws in encrypted messaging apps including WhatsApp, Signal, and Threema. The team argues their findings undermine each app's security claims for multi-person group conversations to varying degrees.

But while the Signal and Threema flaws they found were relatively harmless, the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.

'It's just a total screwup. There's no excuse.'

MATTHEW GREEN, JOHNS HOPKINS UNIVERSITY

"The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them," says Paul Rösler, one of the Ruhr University researchers who co-authored a paper on the group messaging vulnerabilities. "If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little."

That any would-be eavesdropper would have to control the WhatsApp server limits the spying method to sophisticated hackers who could compromise those servers, WhatsApp staffers, or governments who legally coerce WhatsApp to give them access. But the premise of so-called end-to-end encryption has always been that even a compromised server shouldn't expose secrets. Only people in a conversation should be able to read WhatsApp's messages, not the servers themselves.

"If you build a system where everything comes down to trusting the server, you might as well dispense with all the complexity and forget about end-to-end encryption," says Matthew Green, a cryptography professor at Johns Hopkins University who reviewed the Ruhr University researchers' work. "It's just a total screwup. There's no excuse."

Group Threat

The German researchers say their WhatsApp attack takes advantage of a simple bug. Only an administrator of a WhatsApp group can invite new members, but WhatsApp doesn't use any authentication mechanism for that invitation that its own servers can't spoof. So the server can simply add a new member to a group with no interaction on the part of the administrator, and the phone of every participant in the group then automatically shares secret keys with that new member, giving him or her full access to any future messages. (Messages sent prior to an illicit invitation, fortunately, still can't be decrypted.)

Everyone in the group would see a message that a new member had joined, seemingly at the invitation of the unwitting administrator. If the administrator is watching closely, he or she could warn the group's intended members about the interloper and the spoofed invitation message.

 

But the Ruhr University researchers and Johns Hopkins' Green point out several tricks that could be used to delay detection. Once an attacker with control of the WhatsApp server had access to the conversation, he or she could also use the server to selectively block any messages in the group, including those that ask questions, or provide warnings about the new entrant.

"He can cache all the message and then decide which get sent to whom and which not," says Rösler. And in groups with multiple administrators, the hijacked server could spoof different messages to each administrator, making it appear that another one had invited the eavesdropper, so that none raises an alarm. It could even prevent any administrator's attempt to remove the eavesdropper from the group if discovered.

Some Limits

In a phone call with WIRED, a WhatsApp spokesperson confirmed the researchers' findings, but emphasized that no one can secretly add a new member to a group—a notification does go through that a new, unknown member has joined the group. The staffer added that if an administrator spots a fishy new addition to a group, they can always tell other users via another group, or in one-to-one messages. And the WhatsApp spokesperson also noted that preventing the Ruhr University researchers' attack would likely break a popular WhatsApp feature known as a "group invite link" that allows anyone to join a group simply by clicking on a URL.

“We've looked at this issue carefully," a WhatsApp spokesperson wrote in an email. "Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted.”

To be fair, this technique wouldn't be a very stealthy strategy in the long run for government spying. Sooner or later, users would likely notice that unexpected strangers were showing up in their chats. But that possibility of detection isn't an adequate solution to WhatsApp's underlying problem, argues John Hopkins' Green. "That's like leaving the front door of a bank unlocked and then saying no one will rob it because there’s a security camera," Green says. "It's dumb."

The Ruhr University researchers say they alerted WhatsApp to the problem with group messaging security last July. In response to their report, WhatsApp's staff say they fixed one problem with a feature of their encryption that made it harder to crack future messages even after an attacker obtained one decryption key. But they told the researchers the group invitation bug they'd found was merely "theoretical" and didn't even qualify for the so-called bug bounty program run by Facebook, WhatsApp's corporate owner, in which security researchers are paid for reporting hackable flaws in the company's software.

'If I hear there's end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against.'

PAUL RÖSLER, RUHR UNIVERSITY

For some of WhatsApp's users, the stakes of the app's security could be high. WhatsApp's convenient group messaging system, in combination with its encryption promises, have made it a popular tool for "whisper networks" of grassroots organizing around sensitive or dangerous topics. Victims of sexual abuse and harassment have used it to organize the campaign against abusers, for instance. So have political insiders and Syria's embattled White Helmets, volunteer rescue brigades in Syria who are often targeted by the ruling regime.

But the shoddy security around WhatsApp's group chats should make its most sensitive users wary of interlopers, Rösler argues. If WhatsApp were to comply with a government request—in the US or abroad—agents could join any private group and listen along.

Smaller Problems

The researchers dug up less serious flaws in the more specialized secure messaging apps Signal and Threema, too. They warn that Signal allows the same group chat attack as WhatsApp, letting uninvited eavesdroppers join groups. But in Signal's case, that eavesdropper would have to not only control the Signal server, but also know a virtually unguessable number called the Group ID. That essentially blocks the attack, unless the Group ID can be obtained from one of the group member's phones—in which case the group is likely already compromised. The researchers say that Open Whisper Systems, the non-profit that runs and maintains Signal, nonetheless responded to their work, saying that it's currently redesigning how Signal handles group messaging. Open Whisper Systems declined to comment on the record to WIRED about the Ruhr researchers' findings.

For Threema, the researchers found even smaller bugs: An attacker who controls the server can replay messages or add users back into a group who have been removed. The researchers say Threema responded to their findings with a fix in an earlier version of its software.

As for WhatsApp, the researchers write that the company could fix its more egregious group chat flaw by adding an authentication mechanism for new group invitations. Using a secret key only the administrator possesses to sign those invitations could let the admin prove his or her identity and prevent the spoofed invites, locking out uninvited guests. WhatsApp has yet to take their advice.

Until they do, WhatsApp's most sensitive users should consider sticking with one-to-one conversations, or switching to a more secure group messaging app like Signal. Otherwise, they'd be wise to keep a vigilant eye out for any new entrants sliding into their private conversations. Until an administrator actively vouches for that newcomer, there's a small chance he or she might just be something other than a new friend.

Updated 10:00 pm EST with more information from WhatsApp.

Source: wired.com
 
corner spacer corner
 


Posted by Damien Biddulph on Mon 15th Jan 2018

If you have received the error "Can not create folder C:/Users/Username/AppData/Local/RoboForm/_mirrors_/rf-home-root: Access is denied. (error 5)'

This is related to the Windows Fall Creator update.

Follow the steps below to fix the issue............

1. Restart in Safe Mode with Networking on the Windows account in question. If you are not familiar with starting your pc in Safe Mode please use this link for the steps. https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode
2. Navigate to C:/Users/Your Windows Username/AppData/Local/RoboForm/ then from here delete the mirrors folder.
3. Launch the Taskbar Icon from the Start Menu
4. Login to RoboForm with the Master Password
5. Select the RoboForm icon>>Sync>>Sync Now
(RoboForm will sync successfully and recreate the folder with the appropriate permissions.)
6. Restart in normal/standard Windows mode
7. Select RoboForm>>Sync>>Sync Now.
This should resolve the Windows Error 5 issue.

 

 
corner spacer corner
 


Posted by Damien Biddulph on Tue 9th Jan 2018

Last act of outgoing Chairman Sir Patrick McLoughlin?

Conservatives forget to renew website security certificate -

The Conservative Party doesn't have the best of reputations on matters of IT security...

While Prime Minister Theresa May spends Monday reshuffling her cabinet, her party has embarrassed itself after failing to renew the security certificate of the Conservative Party website. 

People took to the internet to report the issue after being greeted with warnings when they tried to visit the Conservatives.com website. 

The problem has now been resolved, but at one point, visitors were warned by their browsers: "Your connection is not private. Attackers might be trying to steal your information from www.conservatives.com (for example, passwords, messages or credit cards)."

 

Many users thought that the incident was ironic considering that the government is currently undergoing a cabinet reshuffle. One user wrote: "Conservative website is down because they forgot to do an IT update. Because they didn't update, the Conservative Party can't communicate."

Your connection is not private. Attackers might be trying to steal your information from www.conservatives.com

Another also found the situation funny, saying: "In the most appropriate possible metaphor for the party's failure to grasp 21st-century campaigning, the Conservative website is down, apparently because they've failed to upgrade to HTTPS."

One user pointed out several things that have gone wrong for the government, writing: "So far on #cabinetreshuffle day the Conservative Party website has gone down and the official Tory Twitter feed has announced the wrong person as new Party Chairman. Not the best of starts.

As part of the reshuffle, Conservative Party chairman Sir Patrick McLoughlin has stepped down.

McLoughlin has been widely criticised for being ineffective and will be replaced by Brandon Lewis, Conservative MP for Great Yarmouth, who'll be joined by Twitter user and MP for Braintree, Essex James Cleverly

Hopefully, Lewis or Cleverly will do something about that auto-playing video on the party website home page. 

Source: v3.co.uk
 
corner spacer corner
 


Posted by Damien Biddulph on Tue 9th Jan 2018

People don't want to appear stupid in front of so-called smart assistants, suggest researchers

People don't want to appear stupid in front of so-called smart assistants, suggest researchers

 

Smart device users will avoid using human-like virtual assistants for fear of looking "dumb" for asking stupid questions, according to research by psychologists. 

In recent years, virtual assistants such as Apple's Siri and Amazon's Alexa have boomed in popularity with the tools pre-loaded onto smartphones and other devices.

But pyschologists have suggested that some people may be intimidated, rather than helped, by them. They suggest that the more human they are made, the less likely people will use them to ask questions. 

 

The technologies are intended to improve the simplicity of apps and help users with everyday tasks. However, Daeun Park of Chungbuk National University claims that the more human assistants may deter people from using them.

They may end up asking themselves questions such as "Will I look dumb?" for asking this, according to the researcher. People, according to Park, are conscious about apps that measure achievement. These findings were published in the journal Psychological Science.

"We demonstrate that anthropomorphic features may not prove beneficial in online learning settings, especially among individuals who believe their abilities are fixed and who thus worry about presenting themselves as incompetent to others," said Park.

"Our results reveal that participants who saw intelligence as fixed were less likely to seek help, even at the cost of lower performance."

In the past, research has suggested that people view virtual assistants as "social beings", and this can make them "seem less intimidating and more user-friendly". 

But Park and co-authors Sara Kim and Ke Zhang disagree with this claim, believing that people may feel like systems are trying to compete with their knowledge. This is particularly true when performance is concerned, they suggested.

"Online learning is an increasingly popular tool across most levels of education and most computer-based learning environments offer various forms of help, such as a tutoring system that provides context-specific help," said the researcher.

"Often, these help systems adopt human-like features. However, the effects of these kinds of help systems have never been tested."

It may, though, also be related to the knowledge or fear that the virtual assistants are slurping up data every time they are used, while the research might also only be exposing the embarrassment of looking ignorant in front of the research team. 

The test involved exposing 187 people to a task that supposedly measured their intelligence. They were given three words and had to come up with a fourth one related to them all.

If they ended up running into difficulty, they could use an on-screen computer icon or a so-called helper. The research indicated that participants were "embarrassed" if they had to use the AI rather than the icon.

"Educators and program designers should pay special attention to unintended meanings that arise from humanlike features embedded online learning features," concluded Park.

"Furthermore, when purchasing educational software, we recommend parents review not only the contents but also the way the content is delivered."

Source: v3.co.uk
 
corner spacer corner
 


Posted by Damien Biddulph on Mon 8th Jan 2018

Boy trying iPhone XImage copyrightGETTY IMAGES

Image captionMany parents are worried about the amount of time their children spend on their phones

Big investors have called on Apple to develop software that limits how long children can use its smartphones.

The call came from two investment groups that hold $2bn (£1.48bn) of Apple stock between them.

A letter calling for the digital locks, signed by Jana Partners and a California teachers' pension fund, was sent to the iPhone maker this weekend.

The call for better controls was welcomed by academics studying youngsters' use of technology.

Design conflict

Jana Partners and the California State Teachers' Retirement System (CalSTRS) called on Apple to consider the impact excessive use of smartphones had on the mental health of young people.

The two are worried that if Apple does not address growing concerns about smartphone use, its stock market value and general reputation could be damaged.

According to a Reuters report, half of US teenagers believe they are addicted to their mobile phones and feel the need to respond immediately to messages.

Sonia Livingstone, professor of social psychology at the London School of Economics, said it was good to hear the call from the investors.

She added there needed to be one voice between device manufacturers, social media companies and internet service providers (ISPs) on the issue of smartphone use.

"For a long time the concern has been to not do anything that would impact a friction-free experience," Prof Livingstone told the BBC.

"Everyone would like to have a well balanced life, but the way that devices are designed currently causes a lot of conflict with parents."

She called on Apple and other device manufacturers to have all notifications on smartphones switched off by default and for the creation of occasional reminders that urged youngsters to take a break from their phone after long periods of use.

Prof Livingstone, who also runs a parenting blog, did question the use of the term "addiction" for those who spend a long time using a smartphone, however.

"Everyone will agree that there is excessive use and even obsession with smartphones, but I don't believe it's addiction," she said.

Apple has not yet responded to requests for comment.

Source: bbc.co.uk
 
corner spacer corner
 


Posted by Damien Biddulph on Mon 8th Jan 2018

Police warning over phishing emails that convincingly mimic Debenhams' email receipts

Consumers warned about "convincing" Debenhams phishing emails

Debenhams experienced a poor Christmas trading period, according to reports

Police have warned consumers over what they describe as a wave of convincing phishing emails that mimic e-receipts from retail chain Debenhams in order to compromise people's PCs. 

The phishing emails are intended to persuade people to click on a link to check the details and status of their order, which then downloads the malicious payload. 

The emails have been circulating since before Christmas. The company is aware of the scam after recipients contacted the company, while 55 people have contacted Action Fraud after receiving the scam emails. 

While the emails copy a typical Debenhams email receipt - one sent to customers after they have purchased or ordered something in-store - they are easily given away by the fact that they come from a clearly non-Debenhams address. 

Action Fraud described the phishing e-receipt email as "the most convincing phishing email we've seen"

It continued: "More than 55 information reports have been sent to our National Fraud Intelligence Bureau (NFIB). We would advise people to not click on any links, delete it and report it to us.

"Debenhams is aware it's a fake and have had customers contact them directly about it. Their e-receipts are issued to people when they make a purchase in store and this is a carbon copy.

"So these are not only unusual, but could catch some people off guard. The giveaway is the fact they were sent from personal email addresses."

Debenhams confirmed the scam to the Daily Mail: "We are aware of this and we continually take steps to protect customers and support the work that organisations such as Action Fraud and Cyber Aware conduct to encourage customers to be vigilant and aware of the steps they can take to stay cyber secure."

Phishing has continued to grow in recent years as the most effective way for cyber attackers to penetrate both organisations, and to compromise computer users' personal details. 

Indeed, organisations rather than individuals are probably most at risk given the sums involved. 

According to the FBI, spear-phishers have netted some $2.3bn since 2013 in a variety of semi-sophisticated, global email frauds - snaring a number of senior executives in the process, costing their companies millions

Source: v3.co.uk
 
corner spacer corner
 


Posted by Damien Biddulph on Mon 8th Jan 2018

Bitcoin miners are leaving China as strict regulations start to bite

Bitcoin miners rush to leave China following regulatory clampdown

A number of the biggest Bitcoin mining companies are rushing to move their operations overseas as China continues to clamp down on cryptocurrencies.

According to Bloomberg, some of the world's most prolific mining organisations are based in China, but are rushing to leave the country after the introduction of strict regulations. 

Bitmain, which is responsible for running some of China's largest bitcoin-mining operations, has confirmed plans to shift its headquarters to Singapore as a result of the regulatory changes.

 

The organisation has also launched mining operations in the US and Canada in order to tighten its grip on the lucrative Bitcoin digital currency, which has grown rapidly in recent months.

Speaking to Bloomberg, Bitmain's co-founder Wu Jihan confirmed the news. BTC Top, which owns the third-biggest mining operation, has plans to move as well. It's in the process of opening a new facility in Canada.

Along with Bitmain and BTC Top, ViaBTC has been focusing on launching operations further afield. The firm operates in Iceland - where geo-thermal power is inexpensive - and the US, as well as China.

For a long time, China was the world's driving force behind the cryptocurrency craze. However, this is rapidly changing as the country's government continues to clampdown on cryptocurrencies, citing money laundering concerns. 

It has also rapidly grown to consumer a significant percentage of global electrical power output. 

Last year, China stopped local exchanges from trading virtual currencies, and it's also banned initial coin offerings. Firms and leading industry figures have been angered by these decisions.

But the Chinese Government is going further by working on proposals that could derail bitcoin mining altogether. This is the underlying computing process enabling transactions.

Inevitably, lawmakers in China want to be in a position where they can limit the power and authority exerted by cryptocurrency organisations.

Jiang Zhuoer, founder of BTC, told Bloomberg: "We chose Canada because of the relatively cheap cost, and the stability of the country and policies."

Source: v3.co.uk
 
corner spacer corner
 


Posted by Damien Biddulph on Mon 8th Jan 2018

Amazon rejects report suggesting that it plans to turn Echo voice assistants into ad machines

Amazon working on new deals to pump out ads via its Alexa AI technology, claims CNBC

The blue glow of the Amazon Echo isn't at all sinister

Amazon's Alexa AI tech is set to be expanded - with a deal in the pipeline for advertising to be pumped direct to users' devices. 

According to CNBC, the retail giant has been negotiating with a range of major companies, such as Clorox and Procter & Gamble, to let them promote their products via Alexa. 

In the near future, Amazon could roll out a service for its voice assistants that replicates Google's paid searches. Essentially, companies would pay Amazon for the privilege of their products coming up when users make voice searches. 

 

So far, Amazon has been reluctant to implement advertising on the Echo in-home assistant, for fear that it would put people off, but the company may find the advertising opportunity too lucrative to turn down - 

Personal assistants have boomed in popularity since the first Amazon Alexa was released in 2014, and many consumer companies fear losing money and market share as a result of artificial intelligence technology. 

As CNBC notes, brands are keen pay technology companies, such as Amazon, a lot of money to appear near the top of searches when consumers look for certain products. 

This isn't the first time that such news has hit the press. In the past, Amazon has suggested that it's looking to release a paid advertisement service for Alexa. 

Amazon has yet to make its move, although CNBC's sources suggest that it will introduce paid advertising at some point this year. 

Amazon, though, has officially rejected the report. The company said it doesn't currently have plans to bring advertisements to either Alexa or its Echo speakers. 

However, Amazon now has more than 5,000 employees working on Alexa and related products, who all need to be paid. 

Whether it proves possible to 'monetise' the devices with advertising is also open to question. 

Ernst & Young's Greg Stemler, Americas consumer products & retail industry sector leader for transaction advisory services at the firm, isn't convinced. "In these early days, artificial intelligence doesn't appear to recognise brand value, and it doesn't articulate it," he told CNBC

"It may be a real challenge for branded consumer packaged goods companies to readjust." 

Source: v3.co.uk
 
corner spacer corner
 


Posted by Damien Biddulph on Tue 2nd Jan 2018

 

GlitchImage copyrightGETTY IMAGES

Although the rush to connect everything from toys to toothbrushes, cars to sex toys, and any number of household appliances to the internet, seems inexorable, there is little regulation protecting your cyber-security.

Not surprising then that there has been a raft of stories this year highlighting the vulnerabilities that are coming to light.

Now, with Christmas upon us, it's highly likely that you've considered buying a connected device, or maybe Santa will leave one for you under the tree.

But with no one else to rely upon to regulate the security of your new device, what should you do to protect you and yours?

The most important question you should ask is why the item needs to be connected to anything other than, possibly, a power source.

Ginger bread manImage copyrightGETTY IMAGES

Image captionYour personal details could make a tasty target for hackers

If it's a gimmick, or even if it's a feature you think looks really "cool", ask yourself seriously if it's worth the risk.

Look at the data the device gathers, what it shares - voluntarily and if hacked - and weigh that against what the connectivity is doing for you.

Managing your risk is all you can hope for this Christmas, as nothing is ever absolutely secure, but some degree of connectivity is useful.

If it's not vital to the operation of the device think about disabling the connectivity.

If it does what it is supposed to without collecting and reporting data then disconnect it. Even then you might consider whether the device is gathering information that you would rather was not kept: see if you can erase the data or if there is some setting that prevents it being collected in the first place.

The moment you see words such as "smart" or "connected" you need to move on to the second question: is there any known problem with the item.

If the security community has found a problem you should be able to find it quickly by searching online. Look for words such as security "vulnerability", "exploit" or "flaw" in connection with the device's name.

Christmas hackerImage copyrightGETTY IMAGES

Image captionConsumer group Which? has raised concerns that some connected toys can be hacked to let attackers spy on or even communicate with their owners

And don't forget to search for "data breach" in relation to the company that might hold data you and yours are being asked to provide.

Research about cyber-security of a device and its associated services is the best defence but as things currently stand you need to go and find it. Don't assume anyone will proactively send a recall notice or security notification.

If after Christmas you are the proud owner of a connected, smart device then learn how to update the firmware.

Any good vendor will have provided a means by which you can upload the latest embedded software, just like you do on your PC. However, again typically you need to be proactive as few of these devices are updated automatically by the manufacturer.

If the device has the facility to automatically update then make sure you enable it.

If there is no way to maintain the firmware in the device, then it tells you a great deal about the approach of the manufacturer to security.

It's inevitable that flaws will be found but if the manufacturer has no means of updating the device it makes little difference, even assuming the manufacturer was inclined to fix the problem.

Christmas doorImage copyrightGETTY IMAGES

Image captionChecking regularly for updates can help keep attackers locked out

Although you might not want to ask if the person kind enough to give you the gift has kept the receipt, any device that you cannot update should be treated with caution - ie don't trust it with anything sensitive.

And if you're the one buying the device do your homework first. It's not always easy but the manufacturers' websites, especially their support section - assuming one exists - will usually tell you what is possible.

If you are willing to take the risk with the device, and it then requires you to provide personal data - for example to use an associated app - be very circumspect.

Don't use your real personal data - give an alternative persona. Unless it's a financial transaction there is no reason why you need give accurate information about yourself.

However, if you are joining in some form of online community - often the case with connected toys - remember that others probably are not as they appear either.

Of course, this is about balancing risk again. If you have some form of smart assistant and it doesn't know who you really are, it's not going to be nearly as useful as it would be otherwise.

Plus, in your rush to use your new device do the one thing none of us is ever really inclined to do: read the terms and conditions. Some online services reserve the right to withdraw access if you give false information.

Presentational grey line

Troubled toy

 

Media captionThe BBC showed in 2015 how Cayla, a talking child's doll, could be made to to say any number of offensive things.

My Friend Cayla has found itself in the unfortunate position of being the plastic face of connected toy controversy.

At the start of 2015, UK security firm Pen Test Partners showed the BBC that the device's software could be hacked, allowing an attacker to make the doll swear at its owner.

The Vivid Toy Group, which distributed the machine, played down the threat and promised its app would be updated.

But at the end of 2016, US consumer groups claimed the data the toy gathered about the children who played with it amounted to "surveillance".

In February 2017, a telecoms watchdog in Germany, a country with strict privacy laws, urged local parents to destroy any units they owned and banned further sales.

And then, earlier this month, a French data regulator accused the toy's manufacturer of a "serious breach of privacy" due to a flaw said to allow people close by to connect via Bluetooth devices, potentially allowing them to "listen and record" conversations heard by the doll.

The European Consumer Organisation has also expressed concerns, while the US Public Interest Research Group featured Cayla in its recently published Trouble in Toyland report.

Although Cayla is still listed on the websites of many leading UK High Street and online retailers, most appeared to list it as out-of-stock at the time of writing.

Presentational grey line

At the risk of having dampened the Christmas spirit, there is some good cheer on the horizon for the new year.

Christmas clean-upImage copyrightGETTY IMAGES

Image captionNew data privacy laws are on their way, but it's usually better to avoid getting into a mess than having to clear it up afterwards

Many are lobbying hard for the EU to expedite the regulation of the security of Internet of Things (IoT) devices, and there is already an agreed position on the standard to which these devices should be held.

Although these regulations might not be in effect for next Christmas, 2018 does see the arrival of the EU's General Data Protection Regulation (GDPR), which will give you the right to have your data deleted by third parties.

The authorities will have significant new powers to ruin Christmas if they don't comply.

Source: bbc.co.uk
 
corner spacer corner

Recent News

   
corner spacer corner
Veeam Specialist Microsoft Small Business Specialists Birmingham Microsoft Gold Certified Partner Birmingham Siemens Solution 1 Reseller Birmingham Sonicwall Specialists Birmingham Business Link Approved Birmingham Fujitsu Primergy Certified Partner Birmingham Facebook Follow us on Twitter ESET NOD32 VMWare
IT Support
IT Services
IT Solutions
Get Support Now
Sitemap
© 2018 Discus Systems plc. All rights reserved. Content Management by Verve Digital