Technology
EXPLAINER: The security flaw that’s freaked out the internet
Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.
The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure. The affected software is small and often undocumented.
Detected in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a challenge; it is often hidden under layers of other software.
The top U.S. cybersecurity defense official, Jen Easterly, deemed the flaw “one of the most serious I’ve seen in my entire career, if not the most serious” in a call Monday with state and local officials and partners in the private sector. Publicly disclosed last Thursday, it’s catnip for cybercriminals and digital spies because it allows easy, password-free entry.
The Cybersecurity and Infrastructure Security Agency, or CISA, which Easterly runs, stood up a resource page Tuesday to help erase a flaw it says is present in hundreds of millions of devices. Other heavily computerized countries were taking it just as seriously, with Germany activating its national IT crisis center.
A wide swath of critical industries, including electric power, water, food and beverage, manufacturing and transportation, were exposed, said Dragos, a leading industrial control cybersecurity firm. “I think we won’t see a single major software vendor in the world — at least on the industrial side — not have a problem with this,” said Sergio Caltagirone, the company’s vice president of threat intelligence.
Eric Goldstein, who heads CISA’s cybersecurity division, said Washington was leading a global response. He said no federal agencies were known to have been compromised. But these are early days.
“What we have here is a extremely widespread, easy to exploit and potentially highly damaging vulnerability that certainly could be utilized by adversaries to cause real harm,” he said.
A SMALL PIECE OF CODE, A WORLD OF TROUBLE
The affected software, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers. It runs across many platforms — Windows, Linux, Apple’s macOS — powering everything from web cams to car navigation systems and medical devices, according to the security firm Bitdefender.
Goldstein told reporters in a conference call Tuesday evening that CISA would be updating an inventory of patched software as fixes become available. Log4j is often embedded in third-party programs that need to be updated by their owners. “We expect remediation will take some time,” he said.
Apache Software Foundation said the Chinese tech giant Alibaba notified it of the flaw on Nov. 24. It took two weeks to develop and release a fix.
Beyond patching to fix the flaw, computer security pros have an even more daunting challenge: trying to detect whether the vulnerability was exploited — whether a network or device was hacked. That will mean weeks of active monitoring. A frantic weekend of trying to identify — and slam shut — open doors before hackers exploited them now shifts to a marathon.
LULL BEFORE THE STORM
“A lot of people are already pretty stressed out and pretty tired from working through the weekend — when we are really going to be dealing with this for the foreseeable future, pretty well into 2022,” said Joe Slowik, threat intelligence lead at the network security firm Gigamon.
The cybersecurity firm Check Point said Tuesday it detected more than half a million attempts by known malicious actors to identify the flaw on corporate networks across the globe. It said the flaw was exploited to plant cryptocurrency mining malware — which uses computer cycles to mine digital money surreptitiously — in five countries.
As yet, no successful ransomware infections leveraging the flaw have been detected. But experts say that’s probably just a matter of time.
“I think what’s going to happen is it’s going to take two weeks before the effect of this is seen because hackers got into organizations and will be figuring out what to do to next.” John Graham-Cumming, chief technical officer of Cloudflare, whose online infrastructure protects websites from online threats.
We’re in a lull before the storm, said senior researcher Sean Gallagher of the cybersecurity firm Sophos.
“We expect adversaries are likely grabbing as much access to whatever they can get right now with the view to monetize and/or capitalize on it later on.” That would include extracting usernames and passwords.
State-backed Chinese and Iranian hackers have already exploited the flaw, presumably for cyberespionage, and other state actors were expected to do so as well, said John Hultquist, a top threat analyst at the cybersecurity firm Mandiant. He wouldn’t name the target of the Chinese hackers or its geographical location. He said the Iranian actors are “particularly aggressive” and had taken part in ransomware attacks primarily for disruptive ends.
SOFTWARE: INSECURE BY DESIGN?
The Log4j episode exposes a poorly addressed issue in software design, experts say. Too many programs used in critical functions have not been developed with enough thought to security.
Open-source developers like the volunteers responsible for Log4j should not be blamed so much as an entire industry of programmers who often blindly include snippets of such code without doing due diligence, said Slowik of Gigamon.
Popular and custom-made applications often lack a “Software Bill of Materials” that lets users know what’s under the hood — a crucial need at times like this.
“This is becoming obviously more and more of a problem as software vendors overall are utilizing openly available software,” said Caltagirone of Dragos.
In industrial systems particularly, he added, formerly analog systems in everything from water utilities to food production have in the past few decades been upgraded digitally for automated and remote management. “And one of the ways they did that, obviously, was through software and through the use of programs which utilized Log4j,” Caltagirone said.
What is biometric identification? It is the process through which unique biological characteristics are used in biometric identification to recognize and validate a person. These characteristics can be found in facial traits, eye structures, DNA, fingerprint patterns, and even handwriting. All this data that can be gathered on an individual inevitably brings up the ethical issues in biometrics that need to be addressed.
Facial recognition and fingerprint scans were previously the domain of security, and they were utilized for identification and law enforcement. However, increasingly more business and civil applications are using biometrics authentication. Due to this increased use, it is crucial to address the moral and ethical issues in biometrics when used in the creation of new application and technology.
Applied biometrics and corporate ethics have received little empirical study despite the widespread use of biometric technologies. As a result, there is plenty of room for future study to help us better comprehend the moral consequences of adopting this technology.
This article examines the ethical concerns associated with the use of biometric technology on the use of biometrics for non-security applications as well as the moral ramifications for business.
Ethical Issues in Biometrics and Privacy
Biometric data takes privacy concerns to a whole new level that typical data gathering only touches on. Digital identities can be forged, and anonymity on the web can be maintained to a degree if you know how. Also, digital data can be deleted – if we forget that Meta (Facebook) has been revealed to store deleted data, which is an ethical concern in itself.
The problem with biometric data is that it is unforgeable, unconcealable, and permanent, You can’t change your eye structure, your fingerprint, or your facial features. Big tech companies already have your face, fingerprints, and your voice recorded and stored via current biometric authentication systems – mainly used for unlocking your phone. That data will be there forever, and there is little that people can do about it besides avoid it In the first place.
While many companies still give users the option of using a good old fashion passcode to unlock their phones, as technology as a whole tends to do, the biometric alternative is slowly gaining more traction, and will one day become the norm, as it is hard to argue its convenience and security. You can’t accidentally leave your eyeball at home or forget your fingerprint. But in the same sense, you can’t change it. If your childish curiosity while browsing the web put a black spot on your record, there’s no changing that.
Therein lies the question of who if anyone should have access to such data. Today’s tech giants have all our data in their hands, that won’t change with the spread of biometric verification methods. Indeed, it will only increase targeting capabilities.
While the collection of biometric data on its own does not necessarily mean it will be shared, monetized, or abused in any way, it never the less requires clear and strict guidelines and regulations to be implemented around it. There are too many things that can be abused by the wrong party when the ethical issues in biometrics are not taken seriously, and if such limitations are not applied stringently.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Technology space to stay informed and up-to-date with our daily articles.
The Reno line of smartphones has always had a fantastic camera and an attractive design. The Reno 8 and 8 Pro include a 120Hz AMOLED display, the newest Dimensity chipsets, 80W fast charging, a 32-megapixel front camera, and triple 50-megapixel back cameras, among other notable features that make the Oppo Reno 8 and Reno 8 Pro high-quality yet affordable option for anyone.
Here we compare the two latest Oppo phone series iterations and see what to expect from the flagship Oppo smartphone, and how the Oppo Reno 8 and the Oppo Reno Pro stack up against each other.
Oppo Reno 8 Specifications
The Oppo Reno 8 has a smaller 6.43-inch full-HD+ AMOLED display with a resolution of 1,080 by 2,400 pixels, a 90Hz refresh rate, and Corning Gorilla Glass 5 protection. It also runs Android 12 with ColorOS 12.1 on top. Additionally, the display has an 800 nits maximum brightness and a 20:09 aspect ratio. An octa-core MediaTek Dimensity 1300 SoC, up to 8GB of LPDDR4x RAM, and up to 256GB of UFS 3.1 storage are all found within the Oppo smartphone.
The Reno 8 has a triple back camera configuration for pictures and movies, with a 50-megapixel main sensor and an f/1.8 lens as its focal point. Additionally, there is a 2-megapixel macro camera with a 112-degree field of view and an 8-megapixel sensor coupled with an f/2.2 ultra-wide angle lens.
The Reno 8 offers 5G, 4G LTE, Wi-Fi 6, Bluetooth v5.3, GPS/A-GPS, NFC, and a USB Type-C connector as connection options. An accelerometer, light, gyroscope, magnetometer, and a proximity sensor are among the sensors on board. For biometric verification, the phone also has a fingerprint sensor hidden behind the display. A 4,500mAh battery inside the Oppo Reno 8 supports 80W Super Flash Charge quick charging. The phone weighs 179 grams and has dimensions of 160 x 73.4 x 7.67mm.
Oppo Reno 8 Pro Specifications
A 6.7-inch full-HD+ (1,080×2,412) AMOLED display with up to 120Hz refresh rate and Corning Gorilla Glass 5 protection is included with the Oppo Reno 8 Pro. Running on top of Android 12 is ColorOS 12.1. Additionally, the display supports HDR10+ and is certified by Netflix HD, Amazon HDR, SGS Low Motion Blur, and SGS Low Blue Light. The MediaTek Dimensity 8100-Max SoC, which has eight cores, and up to 12GB of LPDDR5 RAM power the smartphone. Storage on the Oppo Reno 8 Pro is UFS 3.1 capable of up to 256GB.
The Oppo Reno 8 Pro boasts a triple rear camera arrangement with a 50-megapixel Sony IMX766 main sensor and an f/1.8 lens, an 8-megapixel sensor and an ultra-wide lens with an f/2.2 aperture and a 112-degree field of view, and a 2-megapixel macro camera with an f/2.4 aperture. Along with the MariSilicon X NPU, the phone’s camera will offer generally better performance in both bright and dim light. It has a 32-megapixel front-facing camera sensor with an f/2.4 lens for taking selfies and making video calls.
The phone has 5G, 4G LTE, Wi-Fi 6, Bluetooth v5.3, GPS/A-GPS, NFC, and a USB Type-C connector as connectivity options. An accelerometer, a light meter, a gyroscope, a magnetometer, and a proximity sensor are among the sensors built into the phone. For biometric authentication, the phone also contains a fingerprint sensor underneath the touchscreen. The smartphone has a 4,500mAh battery that supports rapid charging at 80W Super Flash Charge. The phone weighs 183 grams and has dimensions of 161 x 74.2 x 7.34mm.
Both the Oppo Reno 8 and Reno 8 Pro are prime smartphones that can fit any user’s preferences and can be considered premium smartphones on the cheaper side. If you like photography, you will be satisfied with the level of quality overall, but keep in mind that neither phone is particularly water resistant, so be careful where you take it.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Technology sections to stay informed and up-to-date with our daily articles.
Many prefer the rumbling ‘vroom’ of a gasoline car to the soft hum of an electric vehicle, while others would rather just be satisfied in the knowledge that they are lessening their carbon footprint. Let’s look at the cold hard facts however, and compare electric cars vs gas cars
Electric Cars vs Gas Cars: Components
The amount of moving components is an important distinction between electric and gasoline-powered automobiles. While a gasoline-powered car contains hundreds of moving components, an electric vehicle just has one, the motor. Another significant distinction is that the electric car has fewer moving components. The electric car is more dependable and needs less routine maintenance. The maintenance needed for a gasoline-powered car ranges from routine oil changes, filter replacements, tune-ups, and exhaust system repairs to less frequent component replacements including water and fuel pumps, alternators, and so on.
Electric Cars vs Gas Cars: Maintenance
The expenses associated with maintaining an electric car are reduced since there are less maintenance requirements. The shaft, the only moving component of the electric motor, is extremely dependable and needs little to no maintenance. The controller and charger are electrical devices that require minimal to no maintenance because they have no moving components. Modern sealed lead acid batteries are maintenance free and utilized in electric cars nowadays. However, these batteries have a finite lifespan and will eventually need to be replaced. New batteries are being developed to increase the range of electric cars as well as the battery pack’s lifespan, perhaps eliminating the need to replace the battery pack throughout the course of the vehicle’s lifespan.
Electric Cars vs Gas Cars: Efficiency
In addition to being simpler and less expensive to repair than gasoline-powered vehicles, electric vehicles are also more cost-effective to run. The electric car will drive roughly 43 miles for $1 based on the efficiency of 3 miles/kwhr and the cost of power at 7 cents per kwhr. The gasoline-powered car will go roughly 18 miles based on the average gas mileage of 22 miles per gallon and the price of gasoline at $1.25 per gallon. As a result, an electric car may drive more than twice as far on a dollar’s worth of petrol.
Where Electric Falls Behind
There are still a number of difficulties for the owner of an electric car despite the fact that it will be less expensive to operate and maintain.
The primary issue is the restricted range offered by existing battery technology. The amount of driving distance possible utilizing the current batteries is between 50 and 150 miles. These ranges are being extended by new battery technologies, and prototypes of these batteries have shown ranges of up to 200 miles between recharging. Solar powered charging stations are being implemented in numerous places to decrease range anxiety towards electric vehicles
The lack of qualified service professionals to repair and maintain electric cars is another issue that faces their owners. A two-year associate degree program has been developed to train high school graduates to become proficient electric vehicle technicians, and training programs are being developed and made available to upgrade the conventional automotive technician with the skills needed to maintain an electric vehicle.
Infrastructure to recharge the batteries is also required. The most important component of the infrastructure for recharging already exists: electric power is accessible practically everywhere. To support the electric car, it is still necessary to guarantee that charging stations with the right sorts of service (i.e., maximum voltage and current) are placed in important areas. Plans must also be made.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Technology sections to stay informed and up-to-date with our daily articles.
Volkswagen to Develop New Semiconductor with STMicro Amid Chip Crunch
Facebook’s Growth Woes in India: Too Much Nudity, Not Enough Women
Exclusive-U.S. Probes China’s Huawei over Equipment Near Missile Silos
What are the Ethical Issues in Biometrics?
NEOM: A $500 Billion smart-city to be built in Saudi Arabia
5 Reasons Why… Telecoms is Important in Society
Advantages and drawbacks of Voice Recognition Technology
SIM Box Fraud – A Growing Concern
Cisco VP highlights need for inclusivity when entering the 4IR
Salt Edge looks to steer digitalization of EU’s banking sector
Ian Terblanche, Global Strategic Sales & Channel Director at Sigfox
