Tag Archives: Security

Macate Genio Coming To UK



US multinational Macate are coming to the UK with the intention of launching their secure smartphone here later in the year. Setting up in Kensington, London, the Genio smartphone is a mid-range Android device with an emphasis on security.

The bare specs are a 5″ HD screen driven by a 1.3 GHz quad core processor with 2GB RAM and 16GB storage, though this can be expanded with a microSD card. The Genio has two cameras: a 13 MP rear camera and a 5 MP front selfie shooter. For lovers of stock Android, it’ll run Nougat 7 out of the box.

The Genio is encrypted as standard (AES256) and comes with secure messaging app NetMe from Macate’s software development team Codetel. The NetMe supports all the usual features of text, audio and video messaging and attachment sharing. They’ve also an encrypting email app too which I imagine will be pre-installed too.

The new UK team will be headed up by Darren Gillan, previously of Vertu, and he said, “We’re excited to be adding a UK base to our growing global network. Mobile security is a big issue for many consumers; they need a device that operates seamlessly but also securely. At Macate we’re dedicated to the development of cybersecurity and we’re delighted to be bringing that expertise to the UK mobile market in the form of Genio.”

Once on sale, the Genio will come in four colours, white, light golden, black and (pink) champagne, and will retail for £249. Obviously at this stage it’s hard to tell what the phone will be like, but hopefully we will get more details closer to the launch.


Bitdefender BOX Protects the Smart Home at CES



With the arrival of the Internet of Things, installing antivirus software on a PC isn’t going address malware lurking on a smart home control unit. A different approach is needed and Bitdefender’s BOX might be the solution. Dan talks to Todd about what Box offers over traditional security products.

The Bitdefender Box is a small hardware device which is connected into a free port on the main router – it’s similar in size to the control units for SmartThings or Hue. Once configured via Bitdefender’s Central Account or the companion smartphone app, it monitors the network traffic for suspicious activity. Box provides several layers of security over and above standard antivirus with everything from URL filtering to anomaly detection.

Bitdefender Box is available now for US$129 in the first year, with an annual subscription of $99. The next gen Box is expected in the summer, priced at $199. Box is currently only available in the USA.

Todd Cochrane is the host of the twice-weekly Geek News Central Podcast at GeekNewsCentral.com.

Become a GNC Insider today!

Support my CES 2017 Sponsor:
30% off on New GoDaddy Orders cjcgnc30
$.99 for a New or Transferred .com cjcgnc99 @ GoDaddy.com
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgnc1hs
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgncwp1
Proximity Beacons for Android Course.



Adieu Yahoo!



Dear Yahoo,

I’m sorry but I’m breaking up with you, and I’m afraid that it’s you, not me. We’ve been together for over ten years, from the early days of Flickr and Yahoo Groups, but you’ve hurt my feelings twice now and I think you’ve been cheating on me. It’s been fun but it’s not going to work out. There’s no longer any trust between us.

I’ll get my stuff out of your properties and return the keys as soon as I can. Goodbyee!

P.S. If anyone else wants to break up with Yahoo!, here’s the link https://edit.yahoo.com/config/delete_user.


Bold Euro Cylinder Smart Lock on Kickstarter



Bold LogoSmart locks have been gradually appearing on the US market over the past few years, with the Kevo Kwikset being one of the more popular. Over on the European side of the pond, it’s taken a little longer for smart locks to appear but they’re beginning to come onto the market from both established vendors and start-ups. Locks in UK and mainland Europe use different styles and standards from the USA so it’s not simply a case of rebranding an existing product.

Yale announced their entry into the market earlier in the year and you might have listened to my interview with them at this year’s Gadget Show Live. While beauty is in the eye of the beholder, some of the early smart locks have left a great deal to be desired aesthetically, with boxy designs  and limited colour choices. Black anyone?

Fortunately, there are some smart locks beginning to appear that work with European doors, match the door furniture and look good. Case in point, the Bold smart cylinder lock which has just launched on Kickstarter. It’s a plug-in replacement for doors that use the Euro profile cylinder lock, comes in four different colours and looks like a door knob.

Bold Smart Cylinder Lock

The Bold uses Bluetooth technology so it unlocks based mainly on proximity of a smartphone or key fob using the Bold app. One of the big benefits of pure wireless (no keypad) is that all the electronics can be on the inside of the door, safe from both the elements and criminals. There’s no remote unlock feature so you can’t unlock the door from the comfort of your desk to let a neighbour in but you can invite or authorise them to use their own smartphone to unlock the door. There’s benefits of both approaches and you’ll have to think through your use cases to decide what’s best for you. A keyfob (say, for children) is available for extra cost.

Bold Key Fob

The Bold seems to keep it simple from a hardware point of view too. The Bold isn’t motorised so it doesn’t actually unlock the door itself, though it engages the handle with the mechanism so that the door can be unlocked (or locked) by turning the handle. The benefit of this is a much longer battery life (three years) and lower cost for the lock while eliminating the need for often troublesome moving parts.

The team appear to have given some thought to security, working with specialists Ubiqu and their qKey to provide a secure system. Can’t say that I’m qualified to comment further but it does provide some reassurance that the Bold team aren’t making it up as they go along. To see the Bold in action, check the video on the Kickstarter page.

If this interests you, the lowest price point currently available is €149. Just remember with all things Kickstarter, there’s a risk to your money so don’t spend what you can’t afford. You might also want to check the dimensions on your door to check that the Bold doesn’t foul existing door handles.

Personally I’ve mixed feelings about smart locks. While I know that most door locks can be defeated by the determined criminal, I’m still confident that once I close my front door behind me and turn the key, that door is going to stay locked. With smart locks, there’s still that kind of nagging feeling that it might automagically unlock itself…and of course a mechnical lock is still going to be working in ten, twenty, thirty years’ time. Still, I’m tempted…..


Devolo Updates Home Control



Devolo LogoLast night Devolo pushed out a major update to its Home Control platform, providing additional functionality in four new areas. The update occurred painlessly on my system and while I wasn’t able to fully explore the new features, I’ve managed a few screenshots.

Devolo New DevicesFirst, there are three new supported devices with two sensors, flood and humidity, and one actuator, a siren, which are all coming soon. It’s not clear if the siren is for internal or external use though it will be useful in rounding out the security features of the system.

 

Second, there’s now integration with Philips Hue lighting system and Home Control picks up the configuration directly from the Hue hub, inserting the available lights into the list of devices. This addresses what I felt was one of the main flaws with Home Control and brings it up to scratch, as it were.

Devolo with HueThird, Home Control has improved third party integration with web services and this comes in two parts. The first is what Devolo are calling “scene sharing” and this is the ability to trigger remotely a scene (e.g. living room lights on). Effectively, this allows integration with tools like IFTTT, so you can do things like “If my GPS says I’m within 300m of home and it’s dark, then turn the hall and porch lights on.”

Devolo 3rd Party IntegrationThe second part of this integration allows the Home Control system to access other devices by URL, e.g. http://……, so if another device can “do stuff” via a web address, then Home Control can potentially access it. I haven’t explored this area but I imagine you could use this to integrate with other 3rd party devices like webcams that often present a web-based view, as well as working with IFTTT.

Finally, the dashboard functionality has been improved with the option to now have multiple dashboards so that it’s easier to construct different views of your smart world. For example, you could have a room-based dashboard or a device-based dashboard that could be used for a security view of the home. Again, I didn’t get a chance to play with this functionality so can’t comment in more detail, but it looks handy.

Overall it’s a worthwhile update that brings some much needed functionality to Home Control.


272 million emails and passwords leaked from Gmail, Hotmail and more



It seems that not a day goes by without some security news, usually in the form of a breach. There have been some big ones too, from Target to Home Depot, as well as online ones, including the embarrassing Ashley Madison one.

Now we have the latest news, and it’s up there with the largest in history. 272 million emails and passwords from the likes of Gmail, Hotmail and others have been leaked.

Before you panic too much, realize that the data obtained consisted largely of data that had been seen before. Hold Security, which broke this news, claims that “Only 0.45 percent is new, meaning that only 1 out of 200 credentials are ones we have never seen before”.

The hacker was simply trying to unload the data and contacted the security firm asking only 50 rubles, which is less than $1 US. Not wanting to contribute anything to this cause the Hold Security company negotiated and received the information for free.

Hold claims “When we peel back the layers and dig deeper, we find that the hacker is holding something back from us. Within several days of communication and after a couple more strategically timed votes on his social media pages, he shared more useful information. At the end, this kid from a small town in Russia collected an incredible 1.17 Billion stolen credentials from numerous breaches that we are still working on identifying. 272 million of those credentials turned out to be unique, which in turn, translated to 42.5 million credentials — 15 percent of the total, that we have never seen before”.

Yes, this has the potential to be very bad, but right now we just don’t know. We also don’t know why the hacker was trying to unload it so quickly and then ended up giving it away. Stay tuned as this unfolds.


Ransomware threat grows as April sets a new record



bigstock-Computer-Hacker-in-suit-and-ti-31750772

Ransomware is the latest phase in online fraud. Think of it as an old-time mafia shake-down. It amounts to protection money. Your data gets encrypted and you have to pay to unlock your own files. It’s a deplorable practice, but unfortunately also a lucrative one.

And it’s that promise of money that keeps the market for these things going. In fact, a new report claims April was the biggest month yet for this sector of malware.

Enigma Software Group did a study of all infections, covering more than 65 million since April 2013. The results were disturbing. It claims it “found that ransomware in April 2016 more than doubled the total from March 2016. Additionally, ransomware made up a larger percentage of overall infections in April than in any other month in the last three years”.

The trend has resulted in some high-profile attacks, including a hospital being hit. In many cases, it’s both individual users as well as businesses.

“It’s not just businesses that are being hit by ransomware”, says ESG spokesperson Ryan Gerding. “Every day thousands and thousands of people turn on their personal computers only to find their most precious photos and other files have been locked up by bad guys”.

The best defense against these attacks is to backup your data, either in the cloud or on an external drive that you can disconnect from the network, a it propagates across drives and computers to ensure that you have no access to it. There is also the usual advice — think before you click links and keep your system up to date, both OS and software.

Image Credit: Bigstock


Samsung SmartThings IoT System Vulnerable to Security Breaches



SmartThings logoThe Internet of Things and by extension, the connected home, is here. But is the world really ready for every facet of our daily lives to be connected to the internet? That smart toaster that notifies you via smartphone when your breakfast is ready might be a cool, convenient addition to your kitchen. But it’s a potential attack vector for hackers to breach your home network. And while it may be nothing more than a harmless prank for a hacker to reset your IoT-connected toaster to the “scorched earth” setting, the reality of this kind of security breach is much worse. Once an experienced hacker gets in thru the toaster, the home security system or front door lock could be their next targets.

That’s exactly what researchers discovered when testing out Samsung’s SmartThings IoT system of products. The test was conducted by computer scientists at the University of Michigan. What they found may come as shocking news to anyone considering outfitting a home with connected devices. The research team devised several exploits that worked against a SmartThing network by taking advantage of intrinsic flaws in the network’s design. One of the exploits was even able to extract the PIN from a connected door lock and send that PIN via text message to an outside recipient.

Most of the exploits were created by taking advantage of how Samsung’s SmartThings control apps interact with a network. Researchers were able to find multiple ways to intercept or redirect data being transmitted between these apps and the network. These processes made it possible to eventually gain entry to almost anything on the network.

It might be a good idea to hold off awhile on purchasing that shiny new SmartFridge. I suppose if you have only one device like this on your network, it could be OK. But once you’re adding door locks and security systems to your network, you’re potentially opening yourself up to these kinds of exploits.


Devolo Home Control Hands-On Review



Devolo LogoOver the past month, I’ve been using Devolo’s smart home system, Home Control. Regular readers of GNC will have seen the previous articles on the unboxing and a more detailed look at the hardware. In the last of the series, I focus on the set-up and usability of Devolo’s Home Control. Let’s take a look.

Getting Started

There are two ways to get started but both start with plugging in the Central Unit into a power socket. If the house already has other dLAN Powerline adaptors, then the Central Unit can be added into the network in the normal ways and it will connect back to through the router to the internet. In this instance, the Central Unit can be located somewhere convenient but preferably centrally in the building.

If there’s no Powerline networking, then the Central Unit will need to be plugged in close to the router or broadband modem. A network cable then connects the Central Unit to the router. If this is the case, the location is likely to be restricted by practicality.

My Devolo PortalOnce the Central Unit is powered up, the next part uses a web browser to sign-up for a login at www.mydevolo.com. Mostly it’s as expected, though for the Home Control configuration, your home address is required. Apparently it’s only for weather forecasts so if you’re concerned about giving the information, it doesn’t need to be 100% accurate. The configuration auto detected my Home Control unit and no technical knowledge was required.

Once into the Home Control, it looks as below. At this point, there are no devices, as it’s only the Control Unit. Along the top are the key areas for smart home control and the first time each area is accessed, Devolo helpfully overlays a semi-transparent set of instructions showing what needs to be done.

My Devolo Portal

Adding Sensors and Controls

Adding the sensors and controls is similarly straightforward. Click on Devices and then “+”. The page then prompts for the type of device to be added to the system before then showing you a series of YouTube videos on how to correctly turn on and pair the sensor with the Home Control unit. Here’s a screenshot for the motion sensor.

Add Devolo Motion Sensor

After adding all sensors and controls, the Devices tab will fill up. The Status column gives the detail for each sensor or controller parameter. Looking at the Door Switch in the top row, it’s currently open, triggered at 00:17, temperature is 17.5 Celsius and brightness is only 2%. Each device can have an icon which will switch to show changes in state to give visual feedback. Battery level is reported back too, which is handy and Statistics shows historical activity.

Devolo Devices

Similarly, the Dashboard will now look similar to this, filling up with key devices. The Dashboard is editable and you can choose what elements appear on display. The devices give a high-level view of their state and measurements.

My Devolo Portal

With all the devices added to the Control Unit, you can then start on make your home smarter. Without labouring the various points too much, the Groups tab lets you set up collections of devices, both by type and by location. At the moment, the only types that can be pooled seem to be smart plugs and thermostats but as I only had one of each device, I couldn’t test further. Assembling the sensors and controls is a drag’n’drop affair.

Locations threw up the first minor irritation. Although you can define a location, such as “Bedroom”, it’s not possible to add things to the location in the Groups tab. You have to go back to the Devices tab and choose the location from the drop-down.

Schedules and Scenes

As you might imagine, Schedule allows the setting of timers. In most instances this is obvious: turn on a smart socket for my electric blanket at 23:15, turn it off at 9.00.

Devolo Schedule

Schedule can also turn on things like scenes and rules. Say you’ve set up a rule to email you when motion is detected by a sensor. You don’t want that rule working while you are in the house, so perhaps you set a schedule such that the rule is only in effect when you are out at work, so the schedule says 9-5, Mon-Fri.

Devolo ScenesScenes are combinations of devices and states. You could have a scene called “Nighttime” that sets thermostats lower and turns off a smart socket that has, say, a light plugged in. The scene can be run directly or you can set-up a rule to run it, perhaps when you press a switch or button.

Notifications

Notifications can take the form of emails, SMS or push to devices. For each of those types, you can enter your mobile number, email address or devices. The SMS appears to be a paid-for option where you get a number of free SMS notifications but after that you have to buy additional texts. Consequently, the sensible thing is to use SMS only for really important things, like fire alarms.

The notifications can be used in the rules but on their own, notifications don’t do anything. There is supposed to be a special notification for low batteries, though I couldn’t figure out how to configure it. The error said, “No devices available! Please add devices to the group.” without any indication of how to add devices to the group.

Rules

Devolo Rules 1Finally, Rules. These are what make the smart home smart. Here’s a really simple rule that I can use if I want to go to bed early. If press button 1 on my keyfob, it turns on the smart socket for my electric blanket.

Creating rules uses drag’n’drop to develop both the “if” and “then” sides of the rule. The only limit seems to be your imagination and the number / type of devices that you have.

Devolo Rules Maker

 

If I understand the functionality correctly, rules can execute continually, e.g. send a notification every time the front door is opened, or a rule can be turned off once it’s been executed once, e.g. send a notification once when there’s motion to say a child is home from school.

The App

Devolo AppDevolo AppDevolo have a smart phone app that pulls all their products, including dLAN, web cams and Home Control into a single app. However, it’s for appearance only and the app hands the owner off to a simplified light version of the web site. It’s a little bit clunky in the places as the smartphone back button doesn’t always do what’s expected. As a light version, there are also some limitations but for day-to-day checking of sensors or to turn devices on remotely, it’s fine.

To be honest, I’d prefer a proper native app for smartphones and tablets but some may like using Home Control from a web browser.

The Verdict

Overall, I think that it would be fair to say that Devolo’s Home Control is a good first generation product. It was easy to setup and I particularly liked the videos shown during the pairing process. It was reliable, with rules triggering when they were supposed and there were no connectivity problems; sensors stayed connected. The web interface is good visually too, with the drag’n’drop and easy combination elements. As a fan of Powerline networking, I’m all in with the hub also being a dLAN adaptor.

Equipment-wise, it’s a good selection of sensors and controllers. Just three things to say. Having a fire alarm in the range is excellent, but there’s no camera and the red LED on motion and door sensors is unnecessary. All the gear is priced competitively in the market.

Also on the downside, the system sometimes betrays its Germanic roots with the odd “Suchen” popping up instead of “Search” and the web interface can be idiosyncratic in places. I’d also prefer a proper native app for my smartphone or tablet. However, these are minor quibbles and I guess my biggest concerns are about presence and connectivity to other systems, like Philips Hue.

With regard to presence, Devolo Home Control doesn’t have any features for locating the owner and family. Consequently, geofencing isn’t possible so lights can’t be turned on when driving up to the house, or the home alarmed automatically when people leave. Obviously the keyfob remote control can be used for convenience in some of these respects but it’s not quite the same.

Moving onto the lights, as it stands right now, lamps can only be controlled by plugging them into the smart socket and turning the socket on or off. There’s no integration with any of the main lighting systems on the market.

While that’s the bad news, the good news is that Devolo are working on lighting control and that an announcement about connectivity to third party systems like Hue and recipe app IFTTT is expected very shortly. If this upgrade is as suggested, this should address both of the concerns above.

To finish, the smart home market is new and there are lots of competitors in the space. Devolo’s Home Control currently has a few rough edges, but with a bit of polish and an integration upgrade, it’s a contender. Definitely worth considering for straightforward setup, useful range of sensors and controls, and web-based UI.

Thanks to Devolo for providing the Home Control system for review.


Secure Your Contactless Cards with Merlo Wallets at Gadget Show Live



Merlo LogoHere in the UK, contactless smart cards are increasingly popular with every credit and debit card in my wallet now enabled for PIN-free low value transactions. They’re very popular as travel cards too, with London’s Oyster card being a good (but not unique) example. Convenient as this contactless technology is, there can be problems. With a wallet full of cards, sometimes the wrong card can charged or the right card not recognised, but there have also been scare stories about criminals using portable card readers to take small amounts.

Merlo has a solution to this problem with a lovely range of British-designed leather wallets with built-in blocking technology, plus two outer unshielded pockets. What this means is that you put most of your cards inside the wallet where they can’t be read but put the card(s) you do want to use in the outer pockets; say, one travel card and one payment card. Pass your wallet across the reader and the right card is used.

Merlo London

Part of the British Inventors’ Project at Gadget Show Live, I chatted with Mark from Merlo to understand more about their new wallets. Prices ranges from GB£38 to £75 with four different wallet types available for purchase from Merlo’s website.