It’s time to start thinking of smartphones and USB Flash drives like toothbrushes or razors — for personal use only.
German security researchers have discovered that USB-connected devices have a fatal flaw. Anything that connects via USB can be reprogrammed to pose as another device.
That means a stranger’s USB stick could dupe your computer into thinking it’s a keyboard, then type in certain commands and quietly take control of your laptop.Or it could pose as a network card, rerouting your Internet traffic so everything you do can be spied on.
Identity theft, bank fraud, extortion — you name it. Anything follows. And any talented computer engineer can tamper with a device’s firmware to dupe a computer.
Some cybersecurity experts, like Rapid7’s Trey Ford, say the danger of sharing USB devices have been spotted before.
But SRLabs chief scientist Karsten Nohl, a member of the team that discovered the flaw, said the implications are now clear. Downloading the wrong app can infect your phone, then compromise your computer. And borrowing a stranger’s USB stick could infect your computer permanently.
“Someone asking, ‘Can I charge my Android on your computer?’ will have a much different connotation in the future,” Nohl said.
Hacker makes encrypted message app
The problem is made worse, because modern day antivirus and protection software won’t catch it. USB duping isn’t technically a computer virus in action, just a device masquerading as another one. So, there’s no solution for it right now except simply barring Flash drives.
That’s the approach the U.S. military takes at sensitive locations. The Pentagon disabled its computers USB ports and banned the use of Flash drives in 2008 to prevent infection of government computers there.
The flaw was discovered by SRLabs researchers Nohl, Jakob Lell and Sascha Krissler, and will be explained in detail at the Black Hat cybersecurity conference next week in Las Vegas.
The team tested with several types of Flash drives, as well as Android smartphones, which connect to computers via USB ports. The team did not test iPhones or other smartphones.
But it’s not about a specific kind of device. At its very core, the USB flaw exists because of the convenient nature of computer Universal Serial Bus ports — they’re universal. They accept all sorts of devices — mouses, microphones, printers and more.”That simplicity has a cost,” Nohl said.
source : CNN
NCDMB: The agency providing funding, incubation and mentorship opportunities for technology startups and innovators
Win up to $10,000 Seed Funding in the NCDMB Oil & Gas Technology Hackathon
The Nigerian Oil and Gas Technology (NOGTECH) programme is the first ever Oil and Gas hackathon with the primary aim of fostering innovations in the oil and gas industry as well as creating a platform for the proliferation of local content. The programme is headlined by the Nigerian Content Development and Monitoring Board (NCDMB) with partnership from Learners Support Consultancy and BrentHub.
NOGTECH aims to address the challenges faced by the nation’s oil and gas industry and its linkage sectors by ideating, developing and prototyping digital technology solutions that solve these pertinent problems. The programme is promoting innovation by offering seed funding, business mentorship and incubation to the winning ideas.
Call for Submissions
The Executive Secretary of NCDMB, Engr. Simbi Kesiye Wabote, disclosed that “five teams will get $10,000 equity-free grants each”.
In a webinar session titled “Innovating for the future of Nigeria’s Oil & Gas Industry and its Linkage Sectors.”, Engr. Wabote revealed that submissions into the programme will be scrutinised based on several factors.
”Participants must be a team/company of at least two or more members with at least 75 percent of the founding team as Nigerians. The team/company must be a registered, or intending to register as a profit/business entity. The solution described in response to the challenge must be driven by digital technology – Software, Hardware or both.”
He also disclosed that “the solution must either be at the ideation stage, prototype level or a launched solution that hasn’t gained commercial traction. The team must be available to participate in a three-day hackathon as well as a three-month incubation programme, if selected.”
Solving the Industry’s Toughest Challenges
NCDMB is determined to unearth scalable solutions to the industry’s biggest challenges. Some of the identified problem areas include the rising problem of pipeline vandalism, increase in cyber-physical risk, widening skill gap, supply chain and logistics inefficiency, rising carbon footprint and issues surrounding transparency, accountability and civic engagement.
Innovators are encouraged to proffer sustainable and scalable solutions to these biggest challenges faced by industry stakeholders.
Pitching to Investors
Ultimately, the winning teams will have an opportunity to pitch their prototypes to investors. But before then, the NOGTECH programme is taking place over several weeks with the selected ideas advancing on a stage by stage basis.
The first stage is the call for submissions where teams and startups are encouraged to submit their ideas. Shortlisted teams in each of the challenge areas will first be invited to present online to a team of experienced entrepreneurs and industry professionals. The most promising teams will then be selected to participate in an all-expense paid 3-day hackathon. Submit your ideas here
During this time, shortlisted participants will have a couple of days to collaborate and build their prototypes or fine-tune existing prototypes with guidance from industry stakeholders, experts and mentors. At the end of the bootcamp, teams will revalidate their solutions and have the opportunity to pitch to a panel of judges.
Prizes for Winning Teams
The winning five teams will undergo a 3-month incubation program where each team will get a $10,000 equity-free grant, a work-space, expert mentors, global partners and unprecedented market access over three-months, ensuring they become commercial and investor-ready.
At the end of the incubation, the teams will participate in a showcase day to demonstrate their progress. This showcase will aim to connect them with investors and industry stakeholders where they can further amplify their market access.
So if you are an innovator seeking opportunities, identifying them and seizing the ones that then match, then you have to apply to NOGTECH.
In order to participate in the hackathon, innovators, teams and startups can get started here.
Slack announces Connect, an improved way for companies to talk to one another
Virtual events are the new norm for product rollouts in 2020, with Slack taking to the internet earlier today to talk about a new part of its service called Slack Connect.
On the heels of Apple’s lengthy and pretty good virtual WWDC that took place earlier this week, Slack’s event, part experiment and part press conference, was called to detail the firm’s new Slack Connect capability, which will allow companies to better link together and communicate inside of their Slack instance than what was possible with its shared channels feature. The product was described inside of a business-to-business context, including examples about companies needing to chat with agencies and other external vendors.
In its most basic form, Slack is well-known for internal chat functionality, helping teams talk amongst themselves. Slack Connect appears to be a progression past that idea, pushing internal communications tooling to allow companies to plug their private comms into the private comms of other orgs, linking them for simple communication while keeping the entire affair secure.
Slack Connect, a evolution past what shared channels offered, includes better security tooling and the ability to share channels across 20 orgs. The enterprise SaaS company is also working to give Connect-using companies “the ability to form DM connections independent of channels,” the company told TechCrunch.
The product could slim down email usage; if Slack Connect can let many orgs chat amongst themselves, perhaps fewer emails will be needed to keep different companies in sync. That said, Slack is hardly a quiet product. During his part of the presentation, Slack CEO Stewart Butterfield noted that the service sees up to 65 million messages sent each second at peak times.
According to the CEO, Slack Connect has been piloted for a few months, and is now available for paid plans.
Slack shares are off 3.8% today, before the news came out. Its broader company cohort (SaaS) are also down today, along with the market more broadly; investors don’t appear to have reacted to this piece of news, at least yet.
Apple has acquired Fleetsmith, a startup that helps IT manage Apple devices remotely
At a time when IT has to help employees set up and manage devices remotely, a service that simplifies those processes could certainly come in handy. Apple recognized that, and acquired Fleetsmith today, a startup that helps companies do precisely that with Apple devices.
While Apple didn’t publicize the acquisition, it has confirmed the deal with TechCrunch, while Fleetsmith announced the deal in a company blog post. Neither company was sharing the purchase price.
The startup has built technology that takes advantage of Apple’s Device Enrollment Program, allowing IT departments to bring devices online as soon as the employee takes it out of the box and powers it up.
At the time of its $30 million Series B funding last year, CEO Zack Blum explained the company’s core value proposition: “From a customer perspective, they can ship devices directly to their employees. The employee unwraps it, connects to Wi-Fi and the device is enrolled automatically in Fleetsmith,” Blum explained at that time.
Over time, the company has layered on other useful pieces beyond automating device registration, like updating devices automatically with OS and security updates, while letting IT see a dashboard of the status of all devices under management, all in a pretty slick interface.
While Apple will in all likelihood continue to work with Jamf, the leader in the Apple device management space, this acquisition gives the company a remote management option at a time when it’s essential with so many employees working from home.
Fleetsmith, which has raised more than $40 million from investors, like Menlo Ventures, Tiger Global Management, Upfront Ventures and Harrison Metal, will continue to sell the product through the company website, according to the blog post.
The founders put a happy face on the deal, as founders tend to do. “We’re thrilled to join Apple. Our shared values of putting the customer at the center of everything we do without sacrificing privacy and security, means we can truly meet our mission, delivering Fleetsmith to businesses and institutions of all sizes, around the world,” they wrote.