Google annually hosts Google I/O where they take the opportunity to introduce the latest tech additions such as new versions of Android, Google Home, and Google Assistant. Every year is a step into the future after Google I/O. And since most of today’s hardware is powered by Google’s technology, Google I/O is our first glimpse to the biggest upcoming offerings of major tech providers.
Today, Google I/O or Google’s largest conference for tech developers will be happening in its hometown of Mountain View, California. A reported 7,000 people are said to be in attendance at its shoreline amphitheater to discuss future innovation that Google will be implementing to step forward.
This year’s Google I/O follows after some of the company’s significant setbacks or public display of discontent from its employees. Just late 2018, the historic Google Walkout where over 20,000 employees walked out from some of Google offices across the world to express their grievances towards the company’s attitude towards tolerating sexual harassment and gender discrimination.
Moreover, Google also faced issues regarding its controversial military contracts and works in China. Employees publicly voiced out their concerns with the company’s treatment of temporary and contract workers.
Nonetheless, the tech giant’s CEO, Sundar Pichai, will be headlining Google I/O’s keynotes. It’s a good time for Pinchai to speak on behalf of the company to address the issues piled against them, which has grown to be one of Google’s most controversial years in its 20-year reign.
Setting aside Google’s setbacks this past few months, we’re here to embark on another week full of new technologies that Google has in store. The event will run from May 7-9 at 10 AM PT or 1 PM ET. Here are some tech-related introductions that we’re waiting to hear in Google I/O 2019.
Pixel 3A and 3XL
The leaks regarding Google’s latest smartphones have been all over the internet for the past several months now, so it’s a no brainer to expect that Google will be introducing them this coming weekend. The Google Store website also teased a photo about a pixel-related announcement set to happen on the first day of Google I/O.
Both phones are allegedly Google’s mid-range phones pegged to compete with other mid-range phones available in the market. This new device will be a stretch since cost-cutting is one where Google continues to struggle. Reportedly, the Pixel 3A will start at $399, while the larger Pixel 3A XL with a 6-inch screen will be $479.
However, what we’re expecting to hear during the conference is how the Pixel 3A and 3XL will fare against other mid-range phones. At this point, they’re not doing much in terms of appearance, so we’re holding on to the software announcements about this.
On better news, the headphone jack is back!
Nest Hub Max
Last month, Google had another store mishap where it accidentally leaked its latest smart home devices. The Nest Hub Max apparently will include a “10-inch HD screen and stereo speakers,” and a Nest Cam.
Although Google usually makes its hardware announcements during the “Made by Google” event, it’s not out of the ordinary to introduce it during the Google I/O event.
Google has been teasing Stadia for several months now and is said to announce the product in the summer. But it’s not overreaching to expect more information regarding the service during Google I/O.
The idea behind Google Stadia is that it will become a unique gaming platform where users can play through Google’s data centers instead of a console. Think about Netflix’s Bandersnatch but at the gaming level.
There still are a lot of questions surrounding the service like costs, subscription, or how it will perform in terms of lag across different providers.
Every year, Google I/O takes a chunk of time to elaborate on how their Google Assistant is smarter, more efficient, and more human-like. The Google Assistant is currently on a race with Amazon’s Alexa and Apple’s Siri.
Alexa has taken the lead with AI-learning tech. Google’s Assistant made its own with human-like speech; all achieved with some controversial privacy concerns where Siri is apparently using an advantage where they don’t store information and operates through given software capabilities alone.
Every year, Google also introduces new updates with its Android software. This year, we’ll be expecting how its software will perform with the introduction of foldable phones and privacy updates to address concerns that have been circulating over the idea of tech companies storing people’s information, more specifically on location services.
However, it’s also most likely that Google will answer questions on how the new updates will reach more smartphones as most of them still run on older versions.
If you don’t have a ticket to attend the Google I/O, a live stream will be available on the Google I/O page.
To keep you up to date as Google I/O introduces the future over the weekend, here’s our streamline you can follow:
- May 7, 2019: Pixel 3A And 3A XL Is Coming And Its Better Than We Thought
- May 8, 2019: ‘Google Nest’ For Helpful Homes
- May 9, 2019: Smarter And More Practical ‘Google AI’ Techs?
- May 10, 2019: How Google Is Banking On Data Privacy
- May 10, 2019: Android Q Is Now Available In Beta
Facebook May Be Tracking Your Online Photos Too
While no active hacking is happening, security experts believe that the discovery carries heavy implications.
It appears that Facebook is not only tracking people’s porn-watching behavior online but also the photos they download. A researcher has found Facebook trackers in several images that he downloaded that could potentially point out to one thing: Facebook is tracking everyone.
But this shouldn’t surprise anyone. Facebook isn’t necessarily the supreme authority in data safety and cybersecurity. But the discovery made by Edin Jusupovic proves that Facebook’s tracking mission does not end in its platform.
On Twitter, Jusupovic said that Facebook has embedded “hidden tracking codes” in photos that people download. He noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained a special IPTC instruction.
IPTC (International Press Telecommunications Council) is an organization that sets publishing standards, including image metadata.
According to the researcher, what he found, where facebook secretly embeds tracking codes in photos only, was ““shocking level of tracking,” adding that “the take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and probably so much more).”
Yesterday, Z6Mag published a report that a group of researchers has found hidden tracking codes in different porn sites online that can be traced back to Facebook, Google, and Oracle. Researchers from Microsoft, Carnegie Mellon, and the University of Pennsylvania scanned 22,484 porn sites and found that 93% of the sade porn sites include hidden codes from the three tech giants.
“Our analysis of 22,484 pornography websites indicated that 93% leak user data to a third party. Tracking on these sites are highly concentrated by a handful of major companies, which we identify. We successfully extracted privacy policies for 3,856 sites, 17% of the total. The policies were written such that one might need a two-year college education to understand them. Our content analysis of the sample’s domains indicated 44.97% of them expose or suggest a specific gender/sexual identity or interest likely to be linked to the user,” the study’s abstract stated.
Jusopovic’s finding “IPTC special instructions” simply refers to a special kind of coded watermark that Facebook adds to tag the image in its own coding. These are where the “tracking” comes into the picture – those tags can be read later. Meaning, Facebook will now how the data of people who had downloaded the image, reuploaded it, and all other information that can be linked to the movement of the image across the internet.
What does it imply?
Adding coded watermarks to images is not new tho. It can be used by the company in arbitrating copyrights claims, or providing better user service, and even in targeting the right target market for advertising. However, as Jusopovic states, what he found was a “shocking level of tracking.”
According to one analyst, the metadata has been added since 2016 and “contains an IPTC block with an ‘Original Transmission Reference’ field that contains some kind of text-encoded sequence. This coding method lets Facebook “know it has seen the image before when it gets uploaded again,” explained a user on Reddit. “It is yet another way to learn associations between people. Person 1 uploaded a bunch of the same photos Person 2 uploaded, let’s show them both all the same advertisements!”
But it needs to be clarified that there is no active tracking that it is happening. With “tracking,” Jusopovic means that Facebook and other people with the right tools can access all the metadata in a photo including the crumbles it picks up as it moves from one platform to another. However, this too carries a lot of security of implications.
“Hidden data can be predictably transmitted through social network images with high-fidelity – and AI can hide that data in plain sight, at large-scale, and beyond human visual discernment, making steganalysis and other countermeasures difficult,” Zack Allen from ZeroFOX.
Nonetheless, the discovery of Jusopovic is proof that Facebook is yet to make do with its promises to protect people’s data as well as make sure that people are aware of what happens to their data. This promise follows the high-profile case involving Facebook and Cambridge Analytica, where the social media giant was slapped with a five-billion fine by the FTC.
Educational Institutions And Services Are Targets Of Recent Data Breaches
Two separate data breach have affected 62 US colleges and more than 7 million users of the K12.com, with vulnerabilites already exploited by hackers.
Education institutions have been victims of two separate data breaches and hacker attacks that have exposed millions of student data to the prying eyes in the wild.
For one of the exposure, more than 62 US colleges have been breached by a hacker that has exploited a vulnerability in an enterprise resource planning (ERP) web app; the U.S. Education Department confirmed this week.
Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP, which allows universities to customize and design their hope-page websites and online applications, has had a vulnerability that was exploited by a hacker who made fake user profiles that are “almost immediately for criminal activity.”
Banner Web Tailor is a web tool, made for higher education institutions, that provides registration, curriculum management, advising, administration, and reporting functionality. Students can access and change their registration, graduation, and financial aid information. It is also used by professors and teachers to input grades which the students can then view online. It is used by hundreds of institutions, many of which have opted to use the Single Sign-on Manager to participate in CAS- and SAML-based single sign-on services.
Joshua Mulliken, a cybersecurity researcher discovered a vulnerability in the authentication mechanism used by the two modules earlier this year. This vulnerability allowed a hacker to hijack students’ web-sessions and take over their accounts. Ellucian fixed the vulnerability in May, and public disclosure was published, by both the researcher and NIST.
“An improper authentication vulnerability (CWE-287) was identified in Banner Web Tailor and Banner Enterprise Identity Services. This vulnerability is produced when SSO Manager is used as the authentication mechanism for Web Tailor, where this could lead to information disclosure and loss of data integrity for the impacted user(s). The vendor has verified the vulnerability and produced a patch that is now available. For more information, see the postings on Ellucian Communities,” reads the public disclosure of the vulnerability.
According to the announcement made by the US Education Department, hackers have already started exploiting the said vulnerability. “The Department has identified 62 colleges or universities that have been affected by the exploitation of this vulnerability,” officials said.
We have also recently received information that indicates criminal elements have been actively scanning the internet looking for institutions to victimize through this vulnerability and developing lists of institutions for targeting with this exploitation.”
The attackers, as said by the officials for the Education Department, “leverage scripts in the admissions or enrollment section of the affected Banner system to create multiple student accounts.” One victim reported that the attackers created thousands of fake accounts over days, with around 600 accounts created within 24 hours.
K12.com exposes users’ data
Meanwhile, a recent data breach involving K12.com has compromised more than seven million students’ data who use one of the company’s programs, leaving the data accessible to anyone online.
In June 25, 2019, Comparitech and security researcher Bob Diachenko uncovered the exposure when they found an unprotected MongoDB out in the open as they scan for unsecured databases.
The exposure affected K12.com’s A+nyWhere Learning System (A+LS), which is used by more than 1,100 school districts. The database has 6,988,504 records containing students’ data. The information held within each file included:
- Primary personal email address
- Full name
- School name
- Authentication keys for accessing ALS accounts and presentations
- Other internal data
“In this instance, an old version of MongoDB (2.6.4) was being utilized. This version of the database hasn’t been supported since October 2016. What’s more, the Remote Desktop Protocol (RDP) was enabled but not secured. As a result, the database was indexed by both the Shodan and BinaryEdge search engines. This means the records contained in the database were visible to the public,” said the researchers.
The researchers were able to reach out to K12.com, and a representative from the company said: “K12 takes data security very seriously. Whenever we are advised of a potential security issue, we investigate the problem immediately and take the appropriate actions to remedy the situation.”
While the danger that comes from the exposed data was not as huge as the first data breach involving the world’s educational system, the researchers said that it carries with it some implications.
“While the leak of this information isn’t as bad as, for example, the exposure of financial data or Social Security numbers, it does have its implications. These pieces of information can be used to target individual students in spear phishing and account takeover fraud. Having their school name made public could potentially put students at risk of physical harm,” they said.
Morpheus Chip Is Almost Impossible To Hack Says Researchers
Much like the Greek god, Morpheus chip is a hacker’s nightmare.
As cyber criminals up their game in terms of deriving different sophisticated techniques to compromise systems, steal funds, and take over identities, a group of researchers has developed what some media outlets called unhackable chip that is designed to confuse hackers and prevent them from infiltrating systems at the microprocessor level.
Researchers from the University of Michigan call it “Morpheus,” and it said to be “vulnerability tolerant” as it blocks potential attacks by confusing hackers and making it difficult for them to hack at the chip level.
Morpheus is backed by the famous US Defense Advanced Research Projects Agency (DARPA) and is a new chip architecture that bridges the gap between program and machine-level semantics making a system’s firewall impenetrable.
“Attacks often succeed by abusing the gap between program and machine-level semantics– for example, by locating a sensitive pointer, exploiting a bug to overwrite this sensitive data, and hijacking the victim program’s execution,” reads the study’s abstract.
Most common attacks today use malware to trick systems into misusing basic programming possibilities such as permissions and code injection, or into manipulating unusual states.
“In this work, we take secure system design on the offensive by continuously obfuscating information that attackers need, but normal programs do not use, such as [the] representation of code and pointers or the exact location of code and data,” the researchers added.
Just like the Greek god, Morpheus can manipulate program values
According to the developers of the Morpheus, the new chip architecture combines two powerful protections: ensembles of moving target defenses and churn.
The first layer of protection which is ensembling moving target defenses, the chip architecture randomizes key program values (e.g., relocating pointers and encrypting code and pointers) “which forces attackers to probe the system before an attack extensively.”
This means that much like Morpheus, the Greek god of sleep, the chip architecture can make fundamental program values (dreams) to shapeshift to make it harder for future hackers to distinguish them and exploit their vulnerabilities.
The second layer of protection brought by the new chip architecture is the churn, which transparently re-randomizes program values running underneath the system. “With frequent churn, systems quickly become impractically difficult to penetrate,” they said.
Furthermore, Morpheus is also designed to perform both the protection processes, re-randomizing program values every 50 milliseconds, which is faster than any hacker can catch up with, making it highly difficult to locate.
“Each moving target defense in Morpheus uses hardware support to individually offer more randomness at a lower cost than previous techniques. When ensembled with churn, Morpheus defenses offer strong protection against control-flow attacks, with our security testing and performance studies revealing:
- high-coverage protection for a broad array of control-flow attacks, including protections for advanced attacks and an attack disclosed after the design of Morpheus, and
- negligible performance impacts (1%) with churn periods up to 50 ms, which our study estimates to be at least 5000x faster than the time necessary to possibly penetrate Morpheus,” they wrote in their study.
One of the proponents of the study explained how the Morpheus chip works using analogies he derived from solving the Rubik’s cube puzzle.
“Imagine trying to solve a Rubik’s Cube that rearranges itself every time you blink. That’s what hackers are up against with Morpheus. It makes the computer an unsolvable puzzle,” University of Michigan’s Todd Austin explains to journalists.
The researchers said that another way of understanding how Morpheus works is that it is a low-level version of a standard protection technique called Address Space Layout Randomisation (ASLR).
Nonetheless, the researchers said that Morpheus chip architecture is not “unhackable.” Other techniques could fight off its protective mechanisms as it does not address all forms of attack. However, the innovation will reduce the attack surface at the very least.
“Looking ahead, we see great potential for EMTD technologies,” the researchers said. “Beyond control-flow attacks, we envision that a similar approach could be adopted to protect against side-channel attacks, timing attacks, Rowhammer attacks, and even cache attacks. To address each of these additional challenges, we will explore what assets the attacker needs and then develop efficient mechanisms to boost uncertainty and stifle attacks,” they added.
Check Out What’s New:
- Facebook May Be Tracking Your Online Photos Too
- FCC Chair Ajit Pai Slammed China’s Anti-Islam Policy, Called For Protection Of Religious Freedom
- Germany Will Make Measles Vaccine Mandatory Through New Law
- Educational Institutions And Services Are Targets Of Recent Data Breaches
- Morpheus Chip Is Almost Impossible To Hack Says Researchers
- Tinder Is Trying To Skirt Google Play Store Fees
- ‘F*CK THE POLICE’ And Other Things Tweeted By The Hacker Who Took Over Met Police Website
- The Future Of Child Care: Smart Diapers
- The Walking Dead Movie Will See An End To Rick Grimes
- There’s A Flame-Throwing Drone You Can Buy, And It’s Completely Legal
Arts & Entertainment3 weeks ago
‘Criminal Minds’ Season 15: A Tear-Jerking Finale Is Coming
Technology2 weeks ago
Google Stops Trends Alerts In New Zealand Following Criticisms From NZ Government
Business6 days ago
Political Stand-Off: Chinese-Canadian Goods
Science3 weeks ago
Summer Penis Is Giving Men Big Dick Energy
Science2 months ago
Norway’s Celebrity Beluga Whale ‘Hvaldimir’; A Russian Spy Or Child Therapist?
Technology3 weeks ago
Cloud Service Provider, ‘PCM’ Fell Victim To A Data Breach Aimed To Collect Gift Cards
Technology3 weeks ago
‘Uncall’ Promises To Remove Your Number From Generic Robocall Lists And Dark Web Databases
Technology3 weeks ago
‘Google,’ ‘University of Chicago’ Faces Class Action Over ‘Electronic Health Record’ Breach