The vexing tech challenge of fighting ransomware: A battle of milliseconds
115 milliseconds. As quick as a blink, thats the amount of time a new technology – developed by researchers from Australias national science agency and a university in South Korea – takes to detect that ransomware has detonated on a computer and block it from causing further damage.
The finding seeks to address a vexing challenge that has stymied international efforts to stop such attacks. As hackers execute bolder attacks with bigger potential payouts, computer scientists are pushing the limits of software to make near-instantaneous decisions and save victims from ruin.
A spree of recent ransomware attacks have focused attention on the issue and spurred booming growth for part of the cybersecurity industry – one that has benefited from a presidential endorsement of sorts.
Since 2016, spending on “endpoint protection” software has more than doubled to $9.11 billion last year, according to data from Gartner Inc. Those are cybersecurity tools that protect “end user” devices such as laptops and desktop computers, which are vulnerable to being hacked through their users clicking on malicious links or phishing emails.
Last month, U.S. President Joe Biden issued an executive order that will require civilian federal agencies to deploy a specific type of that technology, called endpoint detection and response software, on their networks. Leading companies include SentinelOne Inc., Cybereason Inc., Microsoft Corp. and CrowdStrike Holdings Inc., according to Gartner.
The innovation of that software is that it blocks files deemed to be malicious – what traditional antivirus does – and goes a step further, automating the hunt for suspicious behavior on users’ machines, aiming to identify poisoned code before it causes damage, according to Oliver Spence, co-founder of U.K.-based North Star Cyber Security. Still, Spence said the technical challenge remains daunting.
“Solving ransomware is magnitudes harder than solving spam and that isn’t solved yet,” he said. “How do you tell which email is legitimate or not? How do I tell if a process is legitimate or not? Solve either problem completely, and you are well on your way to being rich enough to retire.”
Ransomware is a type of cyberattack that encrypts files on victims’ computers, rendering them useless until a ransom is paid. It can take just minutes to cripple an entire network. The recent hacks of Colonial Pipeline Co., which shut the biggest gasoline pipeline in the U.S. for nearly a week, and of JBS, which temporarily shut all U.S. beef plants for the largest meat producer globally, have exposed gaps in protection for critical industries.
One of the few ways to get ahead of the problem is to have security software running deep inside a computer’s operating system. There, it can see each program – or process – running on the machine and have the best shot at distinguishing between legitimate and nefarious ones.
“The technology exists to identify authorized processes versus unauthorized processes – that’s actually not that terribly hard,” said Lawrence Pingree, a managing vice president at Gartner. “The hard part is that ransomware, as a category, can use many hundreds of techniques including modifying or injecting authorized processes. Most security practitioners will tell you that it’s a race condition where defenders keep augmenting security to match the changing threats.”
Hackers often trigger alarms as they move around victim networks, performing reconnaissance and manipulating accounts while staging ransomware attacks, said Jared Phipps, senior vice president of sales engineering for SentinelOne. Endpoint detection and response software automates the analysis of those behaviors to try and stop the hackers before they escalate, he said.
“Executing the ransomware is the last thing they do,” Phipps said. “There are weeks and weeks or even months of lead time in the attack. There are going to be many different systems touched and in most cases there are a lot of security alerts. There is absolutely time to stop those attacks.”
One challenge of staying ahead of the problem is that skilled hackers routinely test their code and techniques against the latest security software, adapting when needed to evade detection, said Andrew Howard, chief executive officer of Switzerland-based Kudelski Security.
“Ransomware attacks today are typically human-operated, meaning that a human is actively guiding the attack,” Howard said. “As the defenses get better, this drives new offensive techniques, which drives better defenses, which drives new offensive techniques, and so forth. There is not a 100% effective technical solution for this problem.”
An executive at a leading cyber incident response firm, who asked not to be named discussing internal matters, said his company always recommends that ransomware victims it’s assisting buy some form of endpoint detection and response software, and that about 70% do. He said his firm analyzed its deployments from one of the leading vendors and found that the software blocked almost all of the attacks. “The only three fails we have seen in three years were because of poor implementation by the client,” the person said.
The person noted that such technologies aren’t cheap, starting at about $12 per “endpoint” – or device – per month, with discounts for big deployments. For large organizations, that can mean millions of dollars per year. But to put that in perspective, Colonial paid a $4.4 million ransom, while JBS paid $11 million.
One way that organizations are paying for the upgrade is by replacing their antivirus programs. Gartner projects that within five years, more than 60% of large organizations will have replaced antivirus with endpoint detection and response and similar software.
In the meantime, computer scientists are racing to improve the speed and accuracy of their code for handling the “response” part of the equation, trying to shave milliseconds off their times for blocking malicious actions.
In January, researchers from the digital arm of Australia’s national science agency – the Commonwealth Scientific and Industrial Research Organization’s Data61 unit – and from Sungkyunkwan University in South Korea published details of an experimental technology they developed to detect ransomware by looking at some of the lowest-level signals in a computer’s operating system.
One result, the researchers said, was the ability to detect ransomware on average in about 115 milliseconds, after just one file was encrypted – saving the rest of the computer and its contents. Software makers generally haven’t disclosed specific performance metrics in this area, so it’s unknown how the researchers’ findings compare to commercial efforts to thwart the attacks.
The paper’s lead author, Muhammad Ejaz Ahmed, wrote in an email that these results point to a goal that the security industry is urgently chasing. “Our approach can detect such activities at the early stages of a ransomware infection,” he said. This opens the door to “detect and give and early warning even before any damage is done.”
ADVERTISEMENT
Published : June 20, 2021
By : Syndication Washington Post, Bloomberg · Jordan Robertson
Airline and bank websites briefly go down in another major Internet outage
Multiple airlines, banking institutions and trading platforms went down early Thursday in the second major global Internet outage over the past two weeks.
Southwest Airlines, United Airlines and the Commonwealth Bank of Australia were among those who reported outages. The Hong Kong Stock Exchange posted how the site was facing technical issues. It said it was back online about 20 minutes later.
Virgin Australia said in a statement that its IT outage stemmed from a failure at the global content delivery network Akamai Technologies. The airline said it was “one of many organizations to experience an outage with the Akamai content delivery system today.”
Akamai, a tech firm in Cambridge, Mass., that works with some of the world’s biggest companies and banks, acknowledged the outage in a statement Thursday. The firm said it was “aware of the issue and actively working to restore services as soon as possible.”
Services have mostly been restored globally.
Internet monitoring websites showed dozens of disruptions early Thursday, the Associated Press reported. Westpac Bank, the Australia and New Zealand Banking Group and Australia Post, the country’s postal service, were also among those affected by the outage. Downdetector, a website monitoring outages, noted that the websites for Frontier Airlines, Vanguard and E-Trade were briefly down.
The disruption came days after a massive outage struck large swaths of the Internet, causing the New York Times, Amazon, Hulu and other high-traffic websites to temporarily shut down. The problem appeared related to the San Francisco cloud services provider Fastly, which many companies use to help their websites load faster.
A spokesman for Southwest told USA Today that “the pause in connectivity did not impact our operation.” The airline has faced a bevy of tech issues that have caused flight delays and cancellations in recent days.
United Airlines responded to a Twitter user asking about the outage by saying the company was “experiencing technical issues and working promptly to fix them.”
Banking institutions in Australia were particularly affected by Thursday’s outage. The Reserve Bank of Australia, the country’s central bank, was forced to cancel a bond-buying project because of the technical difficulties. A representative with the Commonwealth Bank of Australia said the bank was “seeing services return,” while a spokesperson with Westpac apologized to customers for a third-party provider’s disruption, “which impacted some of our services including Internet banking.”
The second outage is another example of how isolated disruptions can bring huge parts of online life to a halt. The pandemic-era shifts that sent more people to the Web for their groceries, work, school and health care have heightened the potential for broad shutdowns to cause real-world harm.
Similar outages have happened before. In 2019, Verizon accidentally routed much of its U.S. traffic to a single Internet service provider in Pennsylvania, causing sites such as Amazon and Facebook to stop working for many people. Last July, engineers at Cloudflare, which provides services similar to those of Fastly, accidentally pushed huge amounts of Internet traffic to a single data center in Atlanta, causing it to fail and take down websites such as Medium and the video game League of Legends.
Apples newly redesigned iMac measures just 0.45 inches thick. Thats a hair thinner than the original iPhone. Its thin enough to wedge under a wobbly table.
But to make a desktop computer that incredibly slender, something had to go. Unfortunately, left on the chopping block were some capabilities you might actually want in a $1,300 desktop computer.
Gone are the large-sized USB ports many of us still use to plug in gear. Gone, too, is the ability to later upgrade your memory. This iMac is no longer even an all-in-one computer: Apple had to move the power supply to an external brick like on a laptop.
An obsession with thin design has taken over consumer tech, and Apple is its leader. For you, that affects a lot more than just style. Going thin shapes what a device costs, what it’s useful for, how long it will last and what kind of impact it might leave on the environment.
Even if you’re not in the market for a new iMac, this computer is a case study in the strange priorities that shape so much of the technology we use.
This 24-inch computer, the first iMac powered by Apple’s own M1 processors, does contain lots of useful upgrades over the 2017 version. It’s faster and has a much-improved camera and a Touch ID fingerprint reader on the keyboard. It also comes in a rainbow of colors that will give anyone old enough nostalgia for the original all-in-one iMac.
I had been eagerly awaiting this iMac to replace my 5-year-old model. I’ve long been one of the iMac’s biggest fans: A desktop computer might sound old-school, but a big, beautiful screen is pretty much the ideal portal for getting work done.
But the new iMac I’ve been testing for a few weeks is a departure from my old one. It’s essentially an iPad on a stand. Actually, it’s less useful than that, because the iMac doesn’t have a touch screen.
Apple isn’t the only tech maker chasing thinness. Acer made an even skinnier desktop computer called the Aspire S24. But Apple sets the priorities for the industry and our expectations for what “progress” looks like in tech.
There are good arguments for thin handheld devices: Skinny phones fit better in skinny jeans. But even with Apple’s mobile tech, we’ve been burned: The ultrathin “butterfly”-style keyboard Apple introduced for laptops in 2015 created so many problems that Apple eventually abandoned it. Some people still haven’t forgiven Apple for removing the headphone jack in the iPhone 7 to add battery and waterproofing without making the phone fatter.
The arguments for a thin desktop computer are more of a stretch. There may be people who only care that this iMac is cuter. Apple believes it’s redefining the desktop computer into a device that can be at home in a kitchen or living room, or even picked up. (I wonder, though: Isn’t that what an iPad is for?)
We’re talking computers, not stilettos, so let me be unabashedly practical: To really evaluate the new iMac, you need to look inside.
To help me understand the ramifications of an extra-slender iMac, I called up iFixit, a repair website that’s well-known for doing gadget teardowns. IFixit let me watch while it sliced into the new iMac to see what compromises had to be made – and learn what happens when an iMac inevitably breaks or is too slow for the latest software.
The root of all the change for the iMac is that Apple gave it a new kind of brain. Instead of the Intel processors Macs have used for years, Apple is now using its in-house M1 chip, similar to the ones found in iPhones. The M1 chip gets less hot – meaning the iMac doesn’t need large fans inside.
I asked iFixit to show me what Apple did with the space it got back from the fans. On the plus side, it added super-wide sound chambers to the speakers, so music sounds great. It replaced the webcam at the top with a full-high definition model.
On the minus side, the thinner imperative took over. Now that it could fit the brain of an iMac into a half-inch body, Apple cut other parts that just didn’t fit. First went the power supply, the part that transforms the electricity coming out of the wall. Now the iMac has an external power brick. Maybe you’ll just throw yours on the floor, or maybe it’s one more thing for your cat to chew on.
Next, Apple cut the ports on the back of the computer. The new iMac only works with smaller-sized USB-C plugs, which can do lots of things but don’t fit many of the cables and devices we already own in a larger shape known as USB-A.
“I don’t see any way USB-A would fit within half an inch,” said iFixit CEO Kyle Wiens.
Apple also cut the compact flash-card reader included in past iMacs, making one more thing photographers need to buy. Even the basic Ethernet port, used in many schools and offices to hardwire Internet connections, was too big. Instead, Apple stuck Ethernet into the power brick, and charges $30 extra for it.
What this means is that anybody who plugs things into a computer either has to abandon old devices – for me, including backup drives, a DVD player and a lifetime’s worth of thumb drives – or buy a bunch of unsightly adapters known as dongles. By the time I plugged in mine, the back of the sleek iMac looked like a rat’s nest.
I’m sure these weren’t easy decisions for Apple. Perhaps doing things my way would have made the computer more expensive. But these were all possible on the previous iMac.
And everything but the SD card reader is available on the latest Mac Mini, Apple’s other M1-powered desktop computer that doesn’t happen to be as thin as a pancake. That $700 computer, which doesn’t come with a monitor, is the best choice right now for anyone who might need a desktop Mac for creative tasks.
– – –
Sacrificing longevity
ADVERTISEMENT
Even if you couldn’t give a rat’s nest about plugging into ports, Apple’s thin imperative chips away at something else you might want: longevity.
My old 27-inch iMac has a little door on the back to upgrade memory after the fact, a real help for future proofing. IFixit showed me why the new iMac wouldn’t need a door: Its memory is permanently soldered in place.
Apple says this design makes its memory faster with the M1. But it also means if you someday develop a new passion for, say, computer animation, you’d have to buy a whole new computer to get more memory.
Also fixed in place: the iMac’s hard drive. Aside from limiting upgrades, that poses challenges for data recovery and even security. (Earlier this month, Apple paid a multimillion-dollar settlement to a woman whose risque photos and videos were shared by technicians repairing her iPhone.)
And what about when your iMac inevitably just can’t keep up in six years? As recently as 2014, iMacs could transform into a monitor for another computer. But Apple no longer supports what it calls “target display mode.”
What about if your iMac breaks? IFixit found that while the fans, speakers and webcam are all reasonably modular, they’re tedious to access. To open up the iMac, the iFixit team used what looks like a pizza cutter to slice through glue that holds it together.
The glue isn’t new on this version of the iMac, but it “would be so much easier if they just had a couple of screws,” said iFixit senior editor Sam Goldheart.
Overall, iFixit gave the new iMac a repairability score of 2 out of 10 – one notch lower than the previous model. Apple, of course, offers its own repair service. But you at least deserve the right to repair your own tech.
These choices have an impact on the Earth, too. Apple touts the new iMac as being “better for the environment” because it uses some recycled materials. But the biggest environmental impact Apple could have is designing its hardware to be repaired and reused, rather than thrown away.
The new iMac “is less and less a computer, and more of an appliance,” said Wiens. “Computers are complex, and you need hardware flexibility to deal with problems that come up. Apple has systematically removed all of those options.”
This is partly a philosophical divide between Apple and Wiens. Turning computers into appliances can simplify them: You don’t need to know about what’s going on if it just works.
But Apple’s appliance mind-set is also self-serving, because it means we have to keep buying new stuff. You may already have a box of old iPads and iPhones you aren’t using after upgrading. Now you can add an iMac to the pile.
How one project has transformed Thai cooling sector, pushing climate-friendly technologies
The Thailand Refrigeration and Air Conditioning Nationally Appropriate Mitigation Action (RAC NAMA) has successfully supported Thailand’s energy savings and climate change targets through the introduction of climate-friendly and energy-efficient cooling technologies since 2016.
RAC NAMA has assisted 10 domestic producers in moving towards the production of cooling equipment that is both more modern and energy efficient, the project said.
Through this intervention, more than 150,000 green cooling units have been produced for the domestic and export markets, contributing to 350,000 carbon dioxide equivalence per tonne of greenhouse gas mitigation.
In the commercial refrigeration sector, it is projected that the cooling units will attain 90 per cent of the domestic market reach in the next three years.
RAC NAMA said it has built the necessary training infrastructure for service technicians by organising training of trainers courses for 222 head technicians and chief trainers from the Office of the Vocational Education Commission (Ovec), the Department of Skill Development (DSD) and partner producers. They are expected to pass on the knowledge to their peers, as well as establish eight training centres nationwide.
To prepare the service sector for the changing requirements and safety standards related to natural refrigerant technology, RAC NAMA said it has upgraded testing facilities to meet increasing demand for product testing.
RAC NAMA said it has also modernised policy frameworks, coordinated support, developed the expertise and resources of private and public institutions, and leveraged private and public financing to bridge prevailing investment gaps. Success stories from the implementation of the RAC NAMA project were summarised and disseminated at a closing webinar, along with a presentation on future strategies, to representatives from Office of Natural Resources and Environmental Policy and Planning (Onep), the Department of Alternative Energy Development and Efficiency (DEDE), the Electricity Generating Authority of Thailand (Egat), the Department of Industrial Works, DSD, Ovec, the Electrical and Electronics Institute, King Mongkut’s University of Technology North Bangkok, the Federation of Thai Industries, the Thai Industrial Standards Institute, and Thailand International Cooperation Agency.
In cooperation with ONEP, DEDE, Egat and the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, RAC NAMA said it has facilitated a shift away from the production and use of fluorinated refrigerants due to their high global warming potential (GWP), in refrigeration and air-conditioning systems, supporting Thailand on its way to becoming a low-carbon society.
The use of natural refrigerants is promoted, so-called green cooling, since they are substances that exist naturally in the environment and do not harm the ozone layer. They also come with zero ozone depletion potential and very low GWP.
Raweewan Bhuridej, secretary-general of the Office of Natural Resources and Environmental Policy and Planning, said: “Nowadays, the use of refrigeration and air-conditioning [RAC] technologies accounts for approximately 50 per cent of electricity consumed in Thailand, with the RAC sector one of the largest greenhouse gas emitters. Therefore, improving technology is an important factor in reducing global warming and helping Thailand to achieve the goal of reducing greenhouse gas emissions according to the Nationally Determined Contribution [NDC].
“The RAC NAMA project is the country’s most significant climate action in the cooling sector and has greatly contributed to our NDC effort. I would like to thank especially the NAMA Facility, through the German and British governments, for financing the RAC NAMA project, transferring knowhow and fostering international cooperation. I look forward to further conserving our climate and environment together.”
How one project has transformed Thai cooling sector, pushing climate-friendly technologies
Philipp Pischke, director of the Thailand RAC NAMA, GIZ, said: “Our project targeted our intervention through policy, technical and financial considerations, with respect to both the demand and supply sides and hence a continuous cooperation with the RAC industry and its end-users. Over the past five years, we have supported responsible ministries and agencies to define safety standards and relevant regulations in line with international best practices, demonstrated best practices of energy performance standards, labels and other incentive schemes, established a neasurement, reporting and verification system for the RAC sector to serve the country’s reporting obligations to the United Nations Framework Convention on Climate Change, assisted technology transfer and adoption to local producers, and increased the demand for green cooling products by setting up financial incentive schemes which increase the attractiveness for consumers in Thailand.
“All of the positive results from the implementation, especially a growing alliance for green cooling technologies in Thailand, require a lot of convincing and many joint efforts, and I would like to extend my thanks to all the partners that have made green cooling happen and RAC NAMA a success.”
How one project has transformed Thai cooling sector, pushing climate-friendly technologies
Mrs. Somjai Bunnag, director of Project Environment Division, Egat, stated: “In December 2017, Egat assumed responsibility for managing the RAC NAMA Fund, with a total budget of 8.3 million euros [approximately THB300 million], on behalf of the Thai government. A number of financial instruments have been defined for the whole demand and supply chain, as well as the service sector to incentivise producers in the switch to natural refrigerant products, boost consumers’ demand for these new products and improve the skills of technicians and the capacities of testing institutes to serve the growing demand over the long term.
“Egat is proud to have played a role in pioneering Thailand’s first climate finance project and initiating the sector-wide transition to green cooling technologies. Egat will build upon these successes and utilise the experience and knowledge gained from the implementation of the RAC NAMA Fund to manage the new Cooling Innovation Fund [CIF], under the ownership of Egat, to further promote sustainable innovation and market transformation to climate-friendly and energy efficient cooling technologies using natural refrigerants.
“With a funding of approximately THB180 million, the CIF is expected to start in the fourth quarter of 2021.”
The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is owned by the German government and has operations around the globe.
How one project has transformed Thai cooling sector, pushing climate-friendly technologies
Can astrology make sense of cryptocurrency? Maren Altman and a million TikTok followers think so
Maren Altman isnt a huge fan of TikTok. “Im a really serious person,” she said. She rarely scrolls through her feed. She cant stand most of it. “Im not into the trends or the jokes.”
She’s amassed more than a million followers anyway.
Then again, hers isn’t your typical TikTok page. No cute dogs here. No dancing.
Instead, the 22-year old posts astrology videos of all stripes, including ones focused on politics and celebrities (she predicted a major relationship shift for Kanye West and Kim Kardashian). In the astrology community, she’s reached one-name status, like Sting or Bono.
Her most intriguing videos apply astrology to a particularly daunting realm: cryptocurrency. Anything with a verifiable birthday or creation date has a birth chart that can be read and, according to astrologists, gleaned for predictive information. That means there’s astrology for relationships, pets, political movements and, yes, bitcoin. Skeptics are not on board, of course, and cynics might see it as a perfect match: Two things that feel like foreign languages to most people. Finding an edge in the crypto market is already a fuzzy art. Is attempting to use celestial bodies so far off?
Maren’s prominence is part of a mainstreaming of astrology and its micro-genres, fueled by apps and social media.
“People can learn about astrology in small, digestible ways through Instagram, TikTok, Facebook, Twitter,” said fellow financial astrologer Robert Weinstein. “Social media is this amplifier for everything in general. And astrology is just one of the things I think is really benefiting from it.”
Maren first became fascinated by astrology in a much more analog way. As a child, she would take the family newspaper and head straight to the daily horoscopes.
In her teenage years, which she said she spent “on the social margins,” she started to seriously study astrology, and made a few bucks at parties giving “readings to drunk kids.”
She saved that money and used it to invest in crypto. Then, she took her astrology skills to TikTok.
In a typical crypto astrology video, Maren reads the birth chart of a particular currency and offers thoughts on its immediate future. She often films herself in front of a brick wall adorned with a red neon sign reading “amor fati,” Latin for “love of fate,” and her language can get pretty colorful at times, befitting her punkish vibe.
In early January, Maren read Bitcoin’s chart, using its creation date, Jan. 3, 2009. “New moon in Capricorn, January 13th, looks big for bitcoin,” Maren says in the video. “Little before that … Saturn will join the bitcoin Mercury exact by degree on January 11th, which looks like some corrections with Mercury and Saturn. It could be news about something that leads to a drop momentarily. But with this new moon, sun moon Pluto, right on top of bitcoin’s Jupiter, this is like atomic-level new beginning.”
In other words, Saturn and Mercury’s position might indicate a drop in value, but Jupiter and Pluto signaled Bitcoin’s price would rebound from any correction and continue to rise.
“It looks like such a bull run,” she adds.
Sure enough, the price dropped on Jan. 11 and then popped back up two days later, more or less continuing to rise until April, at which point it had just about doubled in value.
Though Maren claims in the video that she isn’t offering financial advice, many of the comments on the post suggest some take it that way. “Looks like it’s invest o’clock,” one user wrote. “Ik this isn’t financial advice but can you do some finance tiktoks because i trust you and i wanna invest,” read another comment.
Then again, in another TikTok, she suggested May would be volatile but could find the currency reaching an all-time high. Instead, for the most part, bitcoin’s value plummeted.
Financial astrology has been around in various forms for decades. Weinstein became one of the first to focus on cryptocurrency – specifically bitcoin – in 2017. He shares his findings on his website The Astro Crypto Report and through his Twitter handle @AstroCryptoGuru, alongside other predictions, such as a tweet thread from 2019 in which he predicted “possible unexpected black swan events” in 2020.
He remained one of the loudest voices in cryptocurrency astrology until Maren “came storming onto the scene,” as he put it.
But even with her videos guiding her followers, the astrological world can be hard to fully comprehend.
“With astrology, we’re looking at the correlation between certain planetary alignments and world events,” Maren said, adding, “it’s looking at the past to predict the future.”
She said a misconception many have is that astrologers believe the planets cause those events. It’s more that they believe the celestial positions give us a head’s up as to what might happen. As Maren put it, “we aren’t positing that Jupiter’s sending out … rays to make us spend more money … It’s like how the clock on the wall isn’t making it three p.m. but it might tell us it’s three p.m.”
Still, it’s probably not a surprise that many financial planners see it as a load of hooey. Fredrick Standfield, the founder of Lifewater Wealth Management in Atlanta, said that people tend to get emotional around cryptocurrency, often because they “see how much money people are reportedly making” but “don’t see how much money some people lose” while simultaneously not quite understanding how it works in the first place.
When “people start to get into it and don’t really understand it or really grasp what it is, I think that that’s when they start to lend themselves and open themselves up to things like astrology, financial pseudoscience, things that are really, if you think about it, they’re not totally compatible with a scientific methodology, to me,” Standfield said.
He added that when things do work out, such as the aforementioned Maren prediction, then it creates a sense of confirmation bias. “People tend to interpret information in a way that confirms what they already believe and ignore anything to contrary, particularly when social media is involved.”
Maren isn’t too concerned about converting naysayers. She’s just happy if they “keep my name in their mouth.”
“Astrology has always been more of an esoteric kind of initiate, secret knowledge,” Weinstein put it. “It really never was for the masses.”
Plus, Maren has bigger fish to fry. She became something of a controversial figure after being accused of plagiarizing some of her readings, which she vehemently denies, and came under fire for comparing eating animals to the Holocaust, for which she later apologized. She said that as she’s become more well-known, the negative attention has ratcheted up to the point of physical threats.
“I’ve been scared for my life and have been through the wringer, and it’s absurd,” she said. But enduring that fear can make her feel invincible. “I’m kind of bulletproof in this weird, immortal way now.”
So for now, she plans to kept creating astrology TikToks and teaching courses on the subject through her website. But that’s just her short-term plan.
ADVERTISEMENT
“I don’t want to be just this. I create TikTok videos and my view count is what validates me,” she said. “But I want to have a Wikipedia page that has ‘She founded this company and is on the board of this company.'”
“I really, really want to create lasting structures in decentralized finance and A.I.,” she said. “As fun as and as passionate I am about astrology in my own life, doing daily horoscopes is not going to change the world.”
TOKYO – Major security firm Secom Co. has developed a security robot that can use smoke to thwart intruders.
Equipped with artificial intelligence and 5G technology, the Cocobo robot has been designed to patrol commercial facilities and office buildings.
If it detects suspicious individuals while on patrol, it can use a combination of sound, light and smoke to disorient intruders.
The robot can travel along preprogrammed routes and notify a security control center if it detects any abnormalities based on analysis of images taken with its built-in cameras. It is also capable of detecting explosions, gas leaks and fires.
According to the company, the robot will be used in trials in office buildings this month.
Amazon is about to share your internet connection with neighbors. Heres how to turn it off.
Theres an eyebrow-raising technology buried inside millions of Amazon Echo smart speakers and Ring security cameras. They have the ability to make a new kind of wireless network called Sidewalk that shares a slice of your home internet connection with your neighbors devices.
And on Tuesday, Amazon is switching Sidewalk on – for everyone.
I’m digging into my settings to turn it off. Sidewalk raises more red flags than a marching band parade: Is it secure enough to be activated in so many homes? Are we helping Amazon build a vast network that can be used for more surveillance? And why didn’t Amazon ask us to opt-in before activating a capability lying dormant in our devices?
I recommend you opt out of Sidewalk, too, until we get much better answers to these questions.
Sidewalk will blanket urban and suburban America with a low-bandwidth wireless network that can stretch half a mile and reach places and things that were once too hard or too expensive to connect. It could have many positive uses, such as making it easier to set up smart-home devices in places your WiFi doesn’t reach. (That can help your neighbors, and you.) But by participating, you also have no control over what sort of data you’re helping to transmit. In communities where Amazon Ring devices already over-police many doors and driveways, Sidewalk could power more surveillance, more trackers – maybe even Amazon drones.
Amazon seems oblivious to many obvious consumer concerns with its increasingly invasive technology. So let me say it: Remotely activating our devices to build a closed internet of Amazon is not OK.
Amazon founder and CEO Jeff Bezos owns The Washington Post, but I review all tech with the same critical eye.
Amazon declined my request to interview an executive in charge of Sidewalk but over email said it was about making our tech work better. “We live in an increasingly connected world where customers want their devices to stay connected. We built Sidewalk to improve customers’ experiences with their devices and to benefit their communities,” said Manolo Arana, general manager of Sidewalk.
Reasons we would want Sidewalk, he said, include continuing to receive motion alerts from Ring security cameras when they lose WiFi or extending the range of smart lights. Later this month, Amazon is also adding Bluetooth lost-item tracker Tile and smart lock maker Level to the Sidewalk network. And it is partnering with CareBand, a maker of wearable sensors for people with dementia, on a pilot test including indoor and outdoor tracking and a help button.
But Sidewalk is also a vast new wireless network entirely controlled by Amazon – and paid for by us.
– – –
Amazon is not the only big company working on getting more things connected to the internet by piggybacking on us. But it’s doing it in a more aggressive way.
Modern iPhones collect and beam out tiny snippets of other people’s data for Apple’s Find My network, used to report the location of lost devices and AirTag trackers. The routers that Comcast puts in our homes automatically double as hotspots for other Xfinity customers, though they create a separate WiFi network for the public traffic.
With Sidewalk, Amazon is creating a more robust network. Your lowly Echo speaker (or other compatible device) is already connected to your home’s private internet connection. When Amazon transforms it into a so-called Sidewalk Bridge, your device creates a new network of its own that’s not WiFi. Instead, it uses common Bluetooth to connect devices nearby, and another type of signal (using the 900 MHz spectrum) to connect to devices up to half a mile away.
This new Sidewalk network can’t carry as much data as WiFi, but it’s still impressive: Sidewalk signals from all the Amazon devices in your neighborhood overlap and join together to create what’s called a mesh network.
“WiFi is constrained mostly to your home; it doesn’t have the range to go into your backyard and into the neighborhood. Cellular offers long-range connectivity, but it is expensive. Sidewalk splits the difference between those two and allows us to put billions of things at the edge of the network,” Arana said.
But here’s the rub: Sidewalk authorizes your Echo to share a portion of your home’s internet bandwidth. It’s up to 500 megabytes per month – the rough equivalent of more than 150 cellphone photos. Amazon caps it at a rate of 80 Kbps, which the company says is a fraction of the bandwidth used to stream a typical high-definition video. Still, this traffic could count toward your internet service provider’s data cap, if you’ve got one. The bill will be paid by you, not Amazon.
Which raises the question: Shouldn’t Amazon be paying us?
It’s not hard to imagine Amazon could use Sidewalk for its own business, such as to track packages or connect up its delivery trucks.
Arana said: “Our focus right now is to make our customers’ devices work better. I’m not able to comment on future roadmap plans.”
– – –
Amazon says it built Sidewalk with three layers of encryption, so that nobody can view the raw data passing through it – not Amazon, not the person who’s sharing their internet.
Tech industry analyst Patrick Moorhead told me he is impressed by Amazon’s efforts to keep snoopers out. “I haven’t seen very many triple-protected, triple-encrypted systems out there,” he said. “That said, there’s no infallible system.” Even security standards for WiFi have been cracked over the years.
Some other security pros just aren’t keen on opening any kind of portal outside your home network’s secured perimeters, no matter what Amazon promises.
There’s no evidence hackers or independent researchers have found problems with Sidewalk – but it also has yet to become a high-profile target.
– – –
There are also big-picture concerns. Today Amazon talks about Sidewalk as a way to help the roughly quarter of American homes with smart-home appliances get and stay connected. But Amazon doesn’t usually have small ambitions.
At the very least, Sidewalk could massively increase the reach of Amazon’s thriving but controversial Ring security business, which police forces tapped for more than 20,000 requests for footage in 2020. Sidewalk would allow people and organizations to put Ring devices in places that weren’t possible before.
“It is slowly eliminating the notion of ‘off-the-grid,’ ” says Matthew Guariglia, a policy analyst at the tech-liberties-focused Electronic Frontier Foundation. Even though Amazon is a private company, that doesn’t mean the surveillance tech it sells can’t be dangerous.
“As long as Amazon is storing all that data . . . all of that can be accessible to police. It’s impossible to think of things as just private or public surveillance anymore.”
Amazon has been vague about what types of data will be able to transfer across the network, aside from innocuous-sounding examples, such as receiving alerts, software updates and the location of lost items. “As a low-bandwidth network, Sidewalk is intended to transmit small amounts of data,” Arana said.
– – –
Last but not least, Amazon should have made sharing our internet connection something we opt in to, rather than just turning it on.
Amazon is activating Sidewalk on devices going back to at least the third-generation Echo speaker, from 2018, though it tells me they can only join the Bluetooth part of the network. (Amazon disclosed those devices had Bluetooth, but not that it might someday use them to build a network.) Echo devices capable of joining the long-range part include the latest Echo and Echo Show 10, both announced in 2020.
“We believe Sidewalk will provide value for every customer and we want to make it easy for them to take advantage of benefits,” Arana said. “Customers setting up an eligible Echo device for the first time have the opportunity to disable Sidewalk during device setup and will also receive a separate notification shortly after setup as well.”
When I set up a new Echo speaker last November, the Alexa app popped up a page about it with only two choices: “enable” and “later.” Amazon said earlier this year it changed that screen to make it clearer customers had the ability to opt out.
Is Sidewalk capability still lurking in even older Amazon devices to be activated in the future? Amazon’s Arana would only answer: “We can’t comment on future plans.”
– – –
Turning Sidewalk off isn’t hard, but involves digging through some settings.
If you’ve got Echo devices, go to the Alexa app on a phone, then tap the More icon. Then tap on Settings, then tap on Account Settings, then tap on Amazon Sidewalk. In there, make sure “Enabled” is set to off.
If you’ve got Ring devices, go to the Ring app on a phone, then tap the three bars at the top left corner to get to the menu. Then tap Control Center, then scroll down to Amazon Sidewalk.
If you turn off Sidewalk on one kind of device, it should cover you for all of them. (Some people have complained they switched off the Sidewalk setting, but it turned itself back on. Amazon says it fixed the problem.)
One more thing to keep in mind: There’s no halfway option. If you turn off Sidewalk, you won’t be sharing your network with your neighbors, but your devices also won’t be able to access its network.
iPhone updates will include better video calls, paid privacy controls and virtual drivers licenses
Apple is adding a number of features that are perfect for a pandemic, such as watching streaming TV together or blurring your messy FaceTime background. Unfortunately, they come more than a year late, as most of the U.S. is reopening and switching back to in-person socialization.
Apple previewed what’s next for iPhones, iPads and Macs on Monday at WWDC. The annual event, short for Worldwide Developers Conference, is like a public to-do list for Apple’s products over the next few months. The operating systems will be available to everyone this fall, and in July as a public beta for people who like to test out new features before their friends.
The next iPhone update, iOS 15, will include more Zoom-like features for video-call app FaceTime, include screen-sharing and the ability to call non-Apple users. There are new privacy controls, including a paid option that is similar to a VPN. Apple Wallet is going to add support for state IDs, which could be great in bars and airports, unless your battery dies. In the photos app, there’s the ability to select text in pictures. And a handful of new health options let your devices look for patterns and send you reminders about your health, as well as give family members and doctors more ways to see other people’s health information.
For the second year in a row because of the coronavirus pandemic, WWDC is being streamed over the Internet rather than held in a conference hall full of guests. Without the live element, the event can feel like one long glossy video ad, chock full of whiz-bang demos and technical details packed onto presentation screens in tiny type.
The event is especially fraught this year. Apple typically uses WWDC to bolster its relationship with app developers, some of whom don’t like Apple’s tight control over the App Store. Last month, a judge finished hearing arguments in a lawsuit from “Fortnite” maker Epic Games about Apple’s commissions.
The most interesting new features focus on privacy, identification, FaceTime and the iPad.
Apple’s latest privacy moves include iCloud Plus, a paid service for encrypting information going to and from your devices. The iPhone’s built-in Mail app will also combat efforts to track you through email, and a new section in Settings called App Privacy Report will tell you how often apps use location, photos, camera and microphone. It will also show you all the third-party domains apps are contacting, a missing element of the app privacy “nutrition labels” Apple introduced last year.
In a bid to make the iPhone’s Wallet app more useful, Apple, the Transportation Security Administration and some states are working to let your state ID or driver’s license be stored in your phone. The app will also add virtual keys for office buildings, smart locks and some partner hotels.
FaceTime’s biggest Zoom-like change will allow users to schedule calls and share links to them. Even better, those links will also work via the Web for people on Android and Windows devices.
And iPads are getting more multitasking and note-taking features, including home screen widget upgrades, new keyboard shortcuts and a new notes option called Quick Notes.
There was no new MacBook Pro announced, but one update to MacOS, called Monterrey in its next version, allows greater interaction between devices. If you’re using a Mac right next to an iPad, you can just keep mousing right over the edge of the screen and start controlling the iPad. Called Universal Control, it also works between multiple Macs – and more than two devices at once. It also lets you drag and drop documents between the devices.
Published : June 08, 2021
By : The Washington Post · Geoffrey A. Fowler, Heather Kelly
Apples tightly controlled App Store is teeming with scams
Apple chief executive Tim Cook has long argued it needs to control app distribution on iPhones, otherwise the App Store would turn into “a flea market.”
But among the 1.8 million apps on the App Store, scams are hiding in plain sight. Customers for several VPN apps, which allegedly protect users’ data, complained in Apple App Store reviews that the apps told users their devices have been infected by a virus to dupe them into downloading and paying for software they don’t need. A QR code reader app that remains on the store tricks customers into paying $4.99 a week for a service that is now included in the camera app of the iPhone. Some apps fraudulently present themselves as being from major brands such as Amazon and Samsung.
Of the highest 1,000 grossing apps on the App Store, nearly two percent are scams, according to an analysis by The Washington Post. And those apps have bilked consumers out of an estimated $48 million during the time they’ve been on the App Store, according to market research firm Appfigures. The scale of the problem has never before been reported. What’s more, Apple profits from these apps because it takes a cut of up to a 30 percent of all revenue generated through the App Store. Even more common, according to The Post’s analysis, are “fleeceware” apps that use inauthentic customer reviews to move up in the App Store rankings and give apps a sense of legitimacy to convince customers to pay higher prices for a service usually offered elsewhere with higher legitimate customer reviews.
Two-thirds of the 18 apps The Post flagged to Apple were removed from the App Store.
The most valuable company in U.S. history, Apple is facing unprecedented scrutiny for how it wields its power and is fighting to hold onto it, including in a blockbuster trial that concluded last month. Regulators and competitors have zeroed in on the App Store in particular: Unlike app stores on other mobile operating systems, Apple’s store faces no competition and is the only way for iPhone owners to download software to their phones without bypassing Apple’s restrictions. Through it, Apple keeps a tight grip on software distribution and payments on its mobile operating system, called iOS.
Apple has long maintained that its exclusive control of the App Store is essential to protecting customers, and it only lets the best apps on its system. But Apple’s monopoly over how consumers access apps on iPhones can actually create an environment that gives customers a false sense of safety, according to experts. Because Apple doesn’t face any major competition and so many consumers are locked into using the App Store on iPhones, there’s little incentive for Apple to spend money on improving it, experts say.
“If consumers were to have access to alternative app stores or other methods of distributing software, Apple would be a lot more likely to take this problem more seriously,” said Stan Miles, an economics professor at Thompson Rivers University in British Columbia, Canada.
“We hold developers to high standards to keep the App Store a safe and trusted place for customers to download software, and we will always take action against apps that pose a harm to users,” Apple spokesperson Fred Sainz said in a statement to The Post. “Apple leads the industry with practices that put the safety of our customers first, and we’ll continue learning, evolving our practices and investing the necessary resources to make sure customers are presented with the very best experience.”
Simon Willison, a software engineer and a former iOS developer, recently fell for an app that wasn’t what it presented itself as. Willison owns a Samsung television and went to the App Store on his phone to install the accompanying Samsung remote control app called “SmartThings.” An app called “Smart Things” popped up, claiming to be a remote for Samsung televisions. Willison paid $19 for the app. “I thought wow, Samsung has gone downhill. They’re nickel and diming me for my remote control?”
It turns out the app was pretending to be the genuine Samsung product. His mistake, he says, was an “assumption that the App Store review process was good,” he said. “I held Apple in higher regard than I did Samsung.”
Samsung did not respond to a request for comment. TV Cast Limited, the maker of Smart Things, did not respond to a request for comment.
Apple isn’t the only company that struggles with this issue: They’re also on Google’s Play Store, which is available on its Android mobile operating system. But unlike Apple, Google doesn’t claim that its Play Store is curated. Consumers can download apps from different stores on Android phones, creating competition between app stores.
Apple says it is constantly improving its methods for sniffing out scams and usually catches them within a month of hitting the App Store. In a recent news release, Apple said it employed new tools to verify the authenticity of user reviews and last year kicked 470,000 app developer accounts off the App Store. Developers, however, can create new accounts and continue to distribute new apps.
Apple unwittingly may be aiding the most sophisticated scammers by eliminating so many of the less competent ones during its app review process, said Miles, who co-authored a paper called “The Economics of Scams.”
“If people do believe or are not worried about being scammed, then there’s going to be a lot of victimization,” he said. Miles also said Apple could warn consumers that some apps “are probably fraud and so buyer beware and you do your homework before you buy the app and don’t trust our store.”
Apple has argued that it is the only company with the resources and know-how to police the App Store. In the trial that Epic Games, the maker of the popular video game “Fortnite,” brought against Apple last month for alleged abuse of its monopoly power, Apple’s central defense was that competition would loosen protections against unwanted apps that pose security risks to customers. The federal judge in the case said she may issue a verdict by August.
The prevalence of scams on Apple’s App Store played a key role at trial. Apple’s lawyers were so focused on the company’s role in making the App Store safe that Epic’s attorneys accused them of trying to scare the court into a ruling in favor of Apple. In other internal emails unearthed during trial that date as far back as 2013, Apple’s Phil Schiller, who runs the App Store, expressed dismay when fraudulent apps made it past App Store review.
After a rip-off version of the Temple Run video game became the top-rated app, according to Schiller’s email exchange, he sent an irate message to two other Apple executives responsible for the store. “Remember our talking about finding bad apps with low ratings? Remember our talk about becoming the ‘Nordstroms’ of stores in quality of service? How does an obvious rip off of the super popular Temple Run, with no screenshots, garbage marketing text, and almost all 1-star ratings become the #1 free app on the store?” Schiller asked his team. “Is no one reviewing these apps? Is no one minding the store?” Apple declined to make Schiller available to comment. At trial, Schiller defended the safety of the app store on the stand. The app review process is “the best way we could come up with … to make it safe and fair.”
Eric Friedman, head of Apple’s Fraud Engineering Algorithms and Risk unit, or FEAR, said that Apple’s screening process is “more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog,” according to a 2016 internal email uncovered during the Epic Games trial. Apple employs a 500-person App Review team, which sifts through submissions from developers. “App Review is bringing a plastic butter knife to a gun fight,” Friedman wrote in another email. Apple declined to make Friedman available to comment. In deposition testimony, Friedman pointed to investments Apple has made to stop fraud. “A lot has changed in the last five years,” he said.
Though the App Store ratings section is filled with customer complaints referring to apps as scams, there is no way for Apple customers to report this to Apple, other than reaching out to a regular Apple customer service representative. Apple used to have a button, just under the ratings and reviews section in the App Store, that said “report a problem,” which allowed users to report inappropriate apps. Based on discussions among Apple customers on Apple’s own website, the feature was removed some time around 2016. Sainz said customers can still report apps through other channels.
“It’s detrimental to the general ecosystem that these things are happening,” said Jakub Vavra, a researcher at Avast, a cybersecurity company that has analyzed the App Store.
In a sworn deposition in the Epic lawsuit, Phillip Shoemaker, the former head of the App Review team, said employees in his department generally did not have a technical background in computer coding. They needed to know how to use a Mac and an iPhone, he said. “Qualifications were that they could breathe, they could think,” he said. And they typically worked at the Apple “Genius Bar” at the company’s retail stores. It typically took about 13 minutes to review a new app, Shoemaker said in the deposition. Shoemaker declined to comment.
In an April 21 hearing in front of the Senate Judiciary Committee, Apple’s chief compliance officer, Kyle Andeer, defended the App Store against allegations of scams and fake reviews. “Unfortunately, no one is perfect,” Andeer said. “But I think what we’ve shown, over and over again, is that we do a better job than others. I think one of the real risks of opening up the iPhone to side loading or third party app stores is that this problem will only multiply.” Apple declined to make Andeer available for comment.
Each day, Apple publishes a list of the top 1,000 grossing apps for that day. With data provided by market research firm Appfigures, The Post analyzed the top grossing apps on the day Andeer testified.
On the day of the testimony, there were 18 apps that The Post defined as being scams among Apple’s top grossing apps. The Post defined a scam as any app that takes money from customers using misleading tactics, including manipulated ratings and reviews as well as tactics that can trick people into paying for something accidentally or because they believed they had no choice. The Post also looked for keywords in the reviews section of the apps and patterns or complaints from customers who felt misled, tricked or scammed.
Five VPN apps – Prime Shield, Spy Block, Secure & Fast VPN Protector, CyGuard VPN and Upcure – raised red flags because of suspicious ratings and user complaints on the App Store. VPN apps are designed to protect a user’s privacy by routing their Internet traffic through a remote server. But by siphoning all traffic from a phone, they could also obtain passwords and sensitive login information.
In all five cases, Apple customers complained in the review section that they were drawn to the apps by misleading advertisements elsewhere on the internet, known as “scareware,” which scare users into thinking their phone has been infected by a virus.
The Apple “support” link for three of those apps leads to Russian websites that appear nearly identical to one another, suggesting they may be owned by the same entity using multiple Apple developer accounts.
Upcure was removed from the App Store before The Post contacted Apple. After The Post contacted Apple, the company removed the other four apps from the App Store. None of the apps responded to requests for comment.
Apple also took down a separate VPN app that wasn’t among the top 1,000 grossing apps after inquiries from The Post. FirstVPN: WiFi Security Master was programmed to tell users, “Malware detected! 36 viruses were found,” according to security researchers, then prod users for $13 a month to block the viruses. Users could have seen this notice after downloading the app, and it could have been used as scareware to get them to subscribe. The notice did not appear immediately after The Post downloaded the app. Security researcher Patrick Wardle independently found the message about 36 viruses embedded in the app’s code. Traditional anti-virus software for iPhones doesn’t even exist because of the way Apple restricts access to the phone’s software.
FirstVPN’s software also contained images from Pornhub, Netflix and ESPN, according to security researchers who analyzed it. Wardle said the images appeared to advertise the VPN app’s ability to circumvent copyright protections and adult content filters.
Sainz said it may be that not all customers who downloaded FirstVPN received the message about the 36 viruses. He said Apple removed the app and pointed The Post to Apple’s VPN guidelines for developers, which prohibit VPN providers from disclosing data to third parties. He would not say whether Apple notified users of the app about its removal. The developer behind FirstVPN didn’t respond to a request for comment.
Other scam apps were focused on dating or relationships. A dating app called uDates stood out because of suspicious reviews and user complaints on the App Store. The app, which promises you’ll “get close with someone you’re already close to,” requires an upgrade to a premium account for $20 a month to respond to the women who began messaging within seconds of signing up. The app, owned by a Latvian company called Battika SIA, did not respond to a request for comment. It has not been removed from the App Store.
MatureDating, a dating app that had suspicious reviews and inauthentic activity, was removed by Apple after inquiries from The Post. Laura Edison, director of NSI Holdings, MatureDating’s parent company said the inauthentic activity was caused by Apple’s recent privacy changes, which force apps to ask users if they want to be tracked across. Edison said NSI Holdings had used tracking to stop fraudulent users.
Another dating app, CooMeet, also asks for money for users to continue chatting with women. Its apparent owner, Comewel Limited, didn’t respond to a request for comment. CooMeet was removed from the App Store after The Post asked an Apple spokeswoman for comment. On June 3, CooMeet was back on the App Store, but this time under a new developer name, Gartwell Limited, based in Belize City.
Other suspicious apps identified by The Post did not respond to requests for comment.
When it comes to one type of scam, there’s evidence that Apple’s store is no safer than Google’s. Avast analyzed both the Apple and Google app stores in March, looking for fleeceware apps. The company found 134 in the App Store and 70 on the Play Store, with over a billion downloads, about half on Android and half on iOS, and revenue of $365 million on Apple and $38.5 million on Android. Most the victims were in the United States.
“Google Play reviews apps before they are published. This process involves a team who are experts in identifying violations of our developer policies earlier in the app life cycle,” said Google spokesman Scott Westover.
Vavra, the Avast researcher, said apps that charge weekly subscriptions are often suspicious. By charging people weekly, the subscriptions seem lower, and some customers will assume they are monthly, without reading the fine print – and those fees can add up. In one case, Vavra found that a palm reading app called FortuneScope charged as much as $3,432 per year. Russo-Bel-Remstroi, OOO, the developer of FortuneScope, did not respond to a request for comment.
Another strategy: Don’t just look at an app’s overall rating, which may be manipulated. Scroll down and read the reviews, too.
Most of the scam apps are highly rated. But a careful read of reviews may reveal that some are not authentic. A quick internet search shows that there are several services that sell positive reviews on the App Store.
For example, QR Code Reader – QR Scan – which earned $879,000 for a service built into iPhones – has a high rating of 4.6 stars and 16,000 reviews. But some of those have nothing to do with QR code scanning. “I have gone to see Annie Lover’s Nails for years and she has always gone the extra mile to provide exceptional service,” one review wrote. Another says, “I was taking a chance on getting the dog training collar, and I can’t say enough about it and how long it holds a charge. Thanks you!!!”
Air Apps, which owns QR Code Reader – QR Scan, didn’t respond to a request for comment.
This type of manipulation can “create the perception for the public that they are safe downloading an app or buying a product and engaging in content that other people have found valuable,” said Renee DiResta, technical research manager at the Stanford Internet Observatory, who has studied fake reviews on Amazon.
In some cases, the reviews are done with bots. Higher quality reviews use real people.
Saoud Khalifah, founder and chief executive of FakeSpot, which helps consumers detect fake reviews on websites like Amazon, said the company has found that on average about 25 to 30 percent of reviews on the App Store are fake. In 2019, Apple began filtering out the “low hanging fruit,” Khalifah said. But the company still misses the more sophisticated methods of fake reviews, which involve getting real people to post them.
Sainz said Apple rejects about a third of all submitted ratings and reviews. He said the idea of what makes a review fake is subjective and that some reviews FakeSpot might consider inauthentic may be done by real people.
There are sneakier ways to get good reviews. One method was employed by an app called “Streamer for Fire Stick TV,” which was rated 4.4 stars and had 8,500 ratings. The app, which charged users $3 a month or a one-time fee of $10 for a lifetime premium subscription, appears to be offered by Amazon but is not.
Its high ranking, though, appears to come from a coding trick that exploits a bug in Apple’s ratings system. The code in the Fire TV app forces users to rate the app, blocking the user’s ability to click on anything but four or five stars. The coding trick and bug was discovered using software created by Corellium, a company that makes security research tools. The developer of the app didn’t respond to a request for comment.
“We have processes in place to identify and investigate bad actors that use our brand to attempt to deceive the public, and we take action to protect customers and hold bad actors accountable to the fullest extent of the law,” Amazon spokesman Craig Andrews said in an emailed statement. (Amazon chief executive Jeff Bezos owns The Washington Post.)
The app was first noticed by Kosta Eleftheriou, an app developer who has been a vocal critic of Apple for what he says are lax standards for apps. Eleftheriou, who makes typing apps that can be used by blind people, says he was frustrated when one of his apps was being hurt by what he calls scam apps that used fake reviews to move up in the rankings. In March, Eleftheriou sued Apple, claiming the company abused its market power to hurt small developers.
Eleftheriou says he has heard from dozens of other app developers who are afraid of exposing scams themselves for fear of upsetting Apple. He tweets about the scams, often prompting Apple to delete them. Apple removed the Fire Stick TV scam a day after Eleftheriou tweeted about it.
Published : June 07, 2021
By : The Washington Post · Reed Albergotti, Chris Alcantara
Ransomware attacks are closing schools, delaying chemotherapy and derailing everyday life
SAN FRANCISCO – It can feel abstract: a group of organized but faceless criminals hijacking corporate computer systems and demanding millions of dollars in exchange for their safe return. But the impact of these ransomware attacks is increasingly, unavoidably, real for everyday people.
These crimes have resulted in missed chemotherapy appointments and delayed ambulances, lost school days, and transportation problems. A ransomware attack on Colonial Pipeline in May led to gas shortages and even dangerous situations caused by panic buying. This past week, hackers compromised the JBS meat processing company, leading to worries about meat shortages or other key food providers being at risk. Last fall, the Baltimore County Public Schools system was hit with ransomware and forced to halt classes for two days, which were being held virtually.
As recently as Wednesday, ransomware attacks were causing problems across the country. In Martha’s Vineyard, the ferry service transporting people to and from the Massachusetts island said it had been hit by a ransomware attack that disrupted its ticketing and reservation process. Ferries continued operating all week, but the ticketing system was still affected, causing delays, on Friday.
The recent spate of high-profile ransomware incidents is exactly what cybersecurity professionals have been warning about for years. But it’s partially the impact on everyday people – far from the executive suites, cybersecurity companies, or government agencies that regularly fret about the criminal enterprise – that has made the risk more visible. The ripple effects of ransomware can result in everything from mild inconvenience to people losing their lives, and it’s only increased in frequency during the pandemic.
“It’s not only that it’s getting worse, but it’s the worst possible time for it to happen,” said Robert Lee, chief executive of Dragos, an industrial cybersecurity firm. He says on average, there are likely 20 to 30 big ransomware cases happening behind the scenes in addition to the ones making headlines.
Ransomware attacks are not new. The money at stake has changed drastically, however, inflating from thousands to millions of dollars, and the targets are more sophisticated as well. The increasing number of companies connecting their systems and adding more remote access points, along with things like the widespread use of bitcoin, have widened the pool of targets. Cybercriminals once focused on small companies and individuals but have made headlines this year for attacks on higher-profile victims.
“Now you’ve got ransomware affecting whole corporate networks, interrupting critical national function, causing disruption in people’s lives. It’s really become a national security, public health and safety threat,” said Michael Daniel, president and CEO of the nonprofit group Cyber Threat Alliance.
The ransomware industry has grown but the underlying techniques for gaining access have largely stayed the same. Hackers commonly access companies’ systems through “phishing” attacks – emails sent to try to trick employees into giving up passwords or access. Once inside a company’s system, ransomware outfits will find critical information and lock it down, then contact a company to demand a ransom for it to be released.
These criminals generally work in loosely defined groups, sharing tips and resources that make it possible for individual hackers to easily extort multiple targets. Companies occasionally have backup copies of their systems that they can restore rather than pay a ransom. But that can result in delays, and sometimes hackers make copies of the information they access and threaten to leak private information online if they are not paid. A big data leak could be a huge issue for consumers, not just the companies.
“There’s this awful downward spiral of societal harm that happens from ransomware,” said Megan Stifel, co-chair of the ransomware task force and an executive director at the Global Cyber Alliance.
The Colonial Pipeline attack was one of the many worst-case scenarios experts have been warning about, and planning for, for years. A ransomware attack last month caused the company to shut down its pipeline connecting Texas to New Jersey.
Panicked that they wouldn’t be able to get enough fuel, drivers swarmed gas stations, resulting in long lines and barren gas pumps in parts of the U.S. Drivers hoarded fuel as stations ran out of their supply, exacerbating the issue. The attack sparked a real-world fire in a Florida town, according to local news reports, when a Hummer burst into flames after the driver filled up four gas containers. The panic buying even prompted the U.S. Consumer Product Safety Commission to issue a long tweet thread about gas safety, including a message that quickly went viral: “Do not fill plastic bags with gasoline.”
People’s safety has been even more directly threatened by attacks on health care systems. Hospitals have been particularly hard hit, as far back as 2016 when the Hollywood Presbyterian Medical hospital paid $17,000 in bitcoin to a ransomware hacker. Last November, the University of Vermont Medical Center was hit by ransomware and it took nearly a month for it to regain access to its medical records. Chemotherapy patients had their treatments delayed, and were sent to other health centers where some had to re-create their medical history.
Joshua Corman, the chief strategist for health care and covid on the government’s Cybersecurity and Infrastructure Security Agency COVID Task Force, has been studying the potential impact of health-care attacks on mortality rates. For example, if a hospital has to close suddenly, ambulances might take longer to reach people in distress.
“Minutes can be the difference between life and death for heart attacks, and hour or two can be the difference for a stroke,” said Corman.
Lee, the head of Dragos, recently worked with a power company that got hit with a ransomware attack but was able to maintain operations. However, attacks like that could easily result in localized power shortages, he says. Attacks on pharmaceutical companies, or any of the manufacturers in their pipeline, could delay critical medicine like insulin or even vaccines. The increased targeting of industries with the most potential for disruption may be the criminals’ business decision.
“It feels like these groups realize industrial companies are more ready to pay out and more quick to pay out, because if you impact industrial operations you have to get up and going for safety and community,” said Lee.
Beyond the physical inconveniences, ransomware attacks can also hurt public trust in technology and systems, and cause people to worry they’ll be a victim or to panic-buy products they think will see a price hike or be in short supply, according to Stifel.
Panic after attacks is part of the problem. This past week’s attack on JBS, one of the largest meat-processing companies in the world, resulted in temporary factory shutdowns. While there were not yet any confirmed meat shortages in the U.S., worried meat suppliers still warned consumers not to panic-buy beef, which could cause otherwise still stable prices to go up.
From higher gas prices to canceled surgeries, real-world financial and consumer safety implications of these hacks have spurred the federal government to crack down on ransomware. It’s investigating the causes, working on guidelines, and urging corporate America to take cybersecurity protections seriously.
“We’ve been warning about this overtly for more than eight years and a lot more quietly for longer, but now that its manifested, the silver lining is that we’re not starting ice cold,” said CISA’s Corman.
How one project has transformed Thai cooling sector, pushing climate-friendly technologies
How one project has transformed Thai cooling sector, pushing climate-friendly technologies
How one project has transformed Thai cooling sector, pushing climate-friendly technologies
SootinClaimon.Com 