Featured Article – Huawei: A Ban in the Balance

North America has already banned US companies from working with Huawei so with that in mind and with a decision by the UK about Huawei’s involvement in the country’s 5G infrastructure due very soon, we take a closer look at the issues involved.

5G

The UK has been awaiting the development of the 5th generation of mobile broadband infrastructure for a long time.  Most carriers currently use low-band spectrum or LTE, which provides great coverage area and penetration yet it is getting very crowded and peak data speeds only top out at around 100Mbps. 5G, on the other hand, offers 3 different Spectrum bands.  More frequencies, faster speeds and less latency should mean big improvements in broadband (particularly commercial) and an end to slowdowns during busy times of day that have been experienced due to the overcrowding of the current limited LTE.

Rumblings

The first rumblings about Huawei’s alleged security threat can be traced right back to 2001, although this was an allegation from India’s intelligence agencies that Huawei was helping the Taliban.

Following a Cisco lawsuit against Huawei in 2003 over the alleged copying of intellectual property (copying of software and violation of patents), concerns were raised in 2007 over whether a venture between Cisco rival 3Com and Huawei should be permitted due to a perceived lack of transparency in Huawei.

In 2010, more alarm bells started ringing and a Cyber Security Evaluation Centre (HCSEC) was opened in Banbury, where Huawei products and equipment were tested for security holes. The factory-style centre was set up as a partnership between Huawei and the UK authorities to make sure that the UK’s telecoms infrastructure is not compromised by the involvement of Huawei.

More Recently

The source of the more recent concerns goes back to 2012 when a US House of Representatives Intelligence Committee report flagged-up the potential for Chinese state influence from both Huawei and ZTE. 

Fast-forward several years, and several further allegations, including those arising from WikiLeaks, and the arrival of President Trump have put Huawei in the spotlight.  In summer 2018, the ‘Five-Eyes’ espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. agreed at a meeting to contain the global growth of Chinese telecoms company Huawei (the world’s biggest producer of telecoms equipment) because of the threat that it could be using its phone network equipment to spy for China. 

From here, bans on Huawei Technologies Ltd. as a supplier for fifth-generation networks equipment followed in the US, Australia, and New Zealand, and Meng Wanzhou, the chief financial officer of Huawei, was detained in Vancouver at the request of U.S. authorities, for allegedly violating US sanctions on Iran. 

In 2019, the US Department of Justice (DOJ) charged Huawei with bank fraud and stealing trade secrets. 

The UK

As one of the ‘Five-Eyes’ countries, therefore, further scrutiny of Huawei and objections to its products being included in the UK’s 5G infrastructure were on the cards.

In the UK in January 2020, however, the government said that it would allow Huawei equipment to be used in the country’s 5G network, but not in core network functions or critical national infrastructure, and not in nuclear and military sites.  The UK also decided that Huawei’s equipment would only be allowed to make up 35 per cent of the network’s periphery, including radio masts.  It was also understood at the time (following the publishing of a document published by the National Cyber Security Centre, NCSC) that the UK’s networks would have three years to comply with caps on the use of Huawei’s equipment.

This led to White House chief of staff Mick Mulvaney visiting to help dissuade the UK from using Huawei’s products in phone networks.

Also, Robert Strayer, the US deputy assistant secretary for cyber and communications while on a tour of Europe, warned that allowing Huawei to provide key aspects of the 5G network infrastructure could allow China to undermine it and to have access to “sensitive data”.  Mr Strayer piled more pressure on the UK by warning that if the UK adopts Huawei as a 5G technology vendor it could threaten aspects of intelligence sharing between the US and UK.

New Sanctions From The US

The US has kept up the pressure on Huawei this year by announcing new sanctions that will stop Huawei and third-party companies that make its chips from using any US technology and software to design and manufacture products. Also, the US government has reiterated its concerns that Huawei has Chinese military backing and, as such, is a threat to national security.

New Report Could Mean A Change

Now, following the UK government recently receiving a report from GCHQ’s National Cyber Security Centre (NCSC), and in the light of the new US Sanctions, some commentators are predicting that the UK could be likely to change its mind again.  This further possible move away from Huawei could be especially likely since Prime Minister Boris Johnson has acknowledged that he would not want the UK to be “vulnerable to a high-risk state vendor”.

Looking Forward

Although the UK government now has the NCSC report, and a further move away from Huawei looks likely, a final public decision may not be announced for another two weeks, during which time Huawei has indicated that it is open to discussion.

If GCHQ’s National Cyber Security Centre (NCSC) has found legitimate reasons why Huawei’s products pose a security (and diplomatic) risk as part of the 5G network’s periphery it is unlikely that the specific details will be revealed, and the UK will have to find alternative suppliers.  Tensions are already high between the UK and China over Hong Kong and bad news about Huawei certainly will not improve matters.   

Some critics have said that it appears that UK policy is being dictated by the Trump administration, but it is clear that in order for the UK to deliver on its broadband 2025 target, keep costs down, and avoid suffering the collateral damage of an argument that’s primarily between the US and China, some clever manoeuvring may be necessary. 

Competing Against Huawei

President Trump’s administration is reported to have met with major US communications networking companies in a bid to address the need for improved competition with Huawei globally.

Huawei Issues

Many of the issues and incidents that have led to this point, where the Chinese communications company Huawei appears to be a focus for much criticism by the Trump administration include:

– The belief that Huawei has close ties to the Chinese state.  For example, back in July 2018,  espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. (the so-called ‘Five-Eyes’), agreed at a meeting to contain the global growth of Chinese telecoms company Huawei (the world’s biggest producer of telecoms equipment) because of the threat that it could be using its phone network equipment to spy for China.  This led to the US, Australia, and New Zealand barring Huawei Technologies Ltd. (with Japan more or less joining the ban) as a supplier for fifth-generation networks.

– The detention of Meng Wanzhou, the chief financial officer of Huawei, in Vancouver at the request of U.S. authorities in 2018 for violating US sanctions on Iran. 

– An apparent ongoing US trade war and war of words with China which has been exacerbated by President Trump’s assertions that COVID-19, which he has described by President Trump as “Kung flu” at a recent Tulsa rally, originates in China.

– Back in January 2019, Apple’s CEO, Tim Cook, issued a revenue warning for this quarter to investors, pointing to challenges in China as being one of the main downward driving forces. The challenges included stiff competition from Huawei, Xiaomi, and Oppo in China.

– The banning by the Trump administration since May 2019 of US companies working with Huawei.

Meeting

The reported recent meeting between the Trump administration and networking company Cisco was allegedly to discuss the possible acquisition of Ericsson and Nokia, and any possible matters relating to tax breaks and financing for those companies.

This meeting is reported to have taken place following the cancellation due to the COVID crisis of meeting about 5G that was due to have taken place in April, and may have included the likes of Nokia, Ericsson, Dell, Intel, Microsoft and Samsung.

What Does This Mean For Your Business?

Meetings with technology companies are not exceptional but it is clear that Huawei, its alleged links with the Chinese state, wider issues with China in general, and how the US government can help US tech companies compete and maintain national security are still big issues on the agenda, despite the ravages of COVID-19.

In the UK, the government and security commentators have also voiced concerns about the prospect of Huawei being involved in the 5G network and a decision on the matter is due to be announced within the next fortnight.  Huawei has said the US sanctions are “not about security, but about market position” and China’s ambassador to London has said that banning Huawei from the UK’s 5G infrastructure would send a “very bad message” to Chinese companies. The UK is currently involved in another very public argument with China over a possible 3 million Hong Kong residents being offered a path to UK citizenship.

For UK businesses, however, it’s more of a case of wondering how soon the UK will be able to offer reliable 5G at the right price across most of the country so that UK businesses are not at a competitive disadvantage with overseas businesses.

Featured Article – Medical Apps For Smart Devices

The global pandemic and news about tracking apps have put health and technology in the spotlight.  With this in mind, here are some examples of medical apps for smart devices and smart health products that involve a link between smart wearables, apps, and other smart products.

Just A Look, Not An Endorsement

Before we delve into the world of health-tech, we would like to stress that we have no connection to (and are not endorsing or selling) any of the brands or products mentioned in this article and that other brands and products to those mentioned are available.  The intention is simply to take a brief look at a range of product types that are currently available.

Samsung’s Smart Watch For Blood Pressure

Samsung Electronics Co., Ltd (South Korea) has just announced the launch of its Samsung Health Monitor app to be used with Galaxy Watch Active2.

The smart app delivers a visual display of the wearer’s blood pressure to the watch and gives instructions if the readings present a potential danger.  Once the app is linked to the watch, and the app is calibrated every four weeks, the Galaxy Watch Active 2 wearer simply needs to tap their watch to measure their blood pressure.  The measurement results can be synced to the app on the user’s Galaxy phone and the results that have been tracked over days, weeks or months can also be shared with the user’s doctor as part of a medical review or consultation.

Heart Monitor

Samsung says that Electrocardiogram (ECG) tracking will also be supported on the Samsung Health Monitor app in South Korea within the third quarter of this year.

Other, EKG/ECG smart products and their associated apps are already available e.g. the mobile EKG monitor from AliveCor which links to a dedicated app to deliver and electrocardiogram (ECG) to a smartphone in around 30 seconds.

Fitness Watch

Many of us are already familiar with (or may have) a Fitbit or similar wearable health and fitness device.

The French ScanWatch, for example, is an advanced health/fitness watch that, for example, tracks heartbeat irregularities, and blood oxygen saturation during sleep, and connects to a smartphone (Android) app via Bluetooth.

Apple’s fitness tracking watch can also measure vital signs.

Sleep

Apple, for example, makes a number of other smart health tech gadgets that link to smartphone apps, such as the Beddit Sleep Monitor.  This system uses a slim, flat bracelet that feeds data about the wearer’s sleep to a smartphone app to help the user to improve the quality of their sleep.

Temperature Monitoring

With a high temperature (or limited high-temperature spikes) being a well-known symptom of COVID-19 for example, products such as the Withings Thermo thermometer, which gives the user an accurate temperature reading while automatically syncing with the app on the user’s iPhone or iPad, may be of particular interest to many people at this time. 

Blood Glucose Level Monitoring

For those who need to keep a close eye on their blood glucose levels, there are now some smart products on the market that can help achieve this.  One example is the iHealth Lab Inc Wireless Smart Gluco-Monitoring System, which comes with a glucometer, lancets and a lancing device, and it connects to an App which displays and records the results and keeps a history of all blood glucose measurements.

Brain Activity Monitor To Help Reduce Stress

Smart brain activity monitoring systems are also now available.  These use a headband device that communicates (via Bluetooth) with an app on the user’s smartphone or tablet.  The purpose of these apps, such as ‘Muse’, is to be able to help users to lower their stress levels, increase their resilience and improve their engagement/attention.

Breathing

One of the few real benefits of the global pandemic has been an improvement in air quality, due to the dramatic reduction in vehicle and industrial pollution. There are, however, smart products linked to apps that can help give alerts about air quality to those suffering from asthma or allergies.  One example is Atmotube Pro which uses sensors and a free mobile app to keep the user informed about any air quality threats and the presence of harmful gases.  Other examples include the Index BreezoMeter pollen and weather app.

Fertility Tracking

For those hoping to start a family, fertility tracking wearable and app combinations can help. Examples include the Ovia Fertility Tracker and Ava’s fertility tracking system.  These device/app combinations use a wearable bracelet to take the measurements e.g. temperature, pulse rate, breathing rate, and sleeping patterns to produce results that are displayed in graphics on a smartphone app so that a woman is able to more accurately judge when she is likely to be most fertile.

Track and Trace Apps

Perhaps the most important health app at the current time for many would be a track and trace app.  Unfortunately, the much-anticipated app that was being trialled in the Isle of Wight has now been ditched.  The hope is, with human track and tracing operating in the meantime, that an app based on Apple and Google’s technology will be available in the UK in the near future.

Looking Forward – Opportunities

Wearables linked to phone apps are a growth area that is providing many opportunities for businesses with health and fitness products that can be given significant added value thanks to a smart element and a good app.  The scope for businesses focusing on the health and fitness sector is huge although big tech names which already have integration of products and strong, recognisable, and trusted brands e.g. Apple or Samsung are in a particularly strong position.

Even though manufacturers of smart wearable technology are offering something of real value to consumers who are now, perhaps, more conscious than ever about health matters, they should not forget that security and privacy of the data stored and transmitted about the user should always be a priority, and it is in the interest of the manufacturer and the customer that correct safeguards are taken.

COVID-19 Advances Move To Cashless Society

A survey has shown how the need for most people to pay using a contactless card in shops, digital/ mobile and online means for purchases during lockdown may have sped up the move towards a cashless future.

Survey

The survey of 2,000 people, by Nationwide Building Society, showed that the average respondent had gone over six weeks without using cash and that the lockdown led to 27% of respondents to use mobile payments and 25% to use online or mobile banking for the first time.

Big Spike In Contactless

Not surprisingly, the survey revealed that in the first week of lockdown, 23 March, 7.15 million contactless payments worth £77.27m were made by Nationwide customers.  As the lockdown progressed, there was a substantial increase in contactless payments to 10.31 million contactless payments worth £128m in the week beginning 25 May.

Older People Too

The survey also revealed that 75% of older Nationwide customers (over 55) reduced their cash usage during the lockdown. This appears likely to be due to hardly any physical shops being open anyway, limited or no public transport in many places and online shopping becoming more important for safety and convenience reasons, particularly with many older and more vulnerable people sheltering. 

The lockdown appears to have forced older customers to try new payment and shopping routes e.g. Amazon and PayPal and perhaps to discover how easy and secure digital shopping can be.

Use of Cash in Decline Anyway

Before the pandemic, the use of cash had been declining anyway in developed countries in favour of payment-means like contactless, mobile payments and online shopping. For example, for the first time, debit card use, driven by contactless payments, overtook the number of payment transactions made in cash in the UK back in 2017.

Also, Access To Cash research from 2019 showed that cash use appeared likely to end by as soon as 2026, although notes and coins may still be used in 15 years’ time, but only for an estimated 10% and 15% of transactions.

The declining use of cash has also forced the removal of many ATMs, and a move to online and mobile banking has contributed to the closure of many bank branches.

All these factors have put pressure on the whole cash system and have threatened to drive cash out of popular use within 10 years.

Businesses

The pandemic created a reluctance for many essential stores that were open to accept cash due to possible health risks from its physical exchange, plus the limitations in bank services.  Prior to the pandemic, however, many businesses had already developed a preference for cashless operating because of its ease, convenience, speed of transactions, reduced theft risk and the resulting lower insurance premiums.

Many supermarkets had also been ramping up their competition for online grocery shopping.

Drawbacks

The pandemic has also helped to expose how many people in society are old, vulnerable, in poor health, and who need to use cash. For example, many poorer and older members of society, and those with mental health challenges rely on cash and may not have a bank account.

Also, businesses in rural areas have always found it more difficult to go cashless in preference of digital payment due to those areas being less well served by broadband and mobile connections.

What Does This Mean For Your Business?

Those businesses that have traditionally dealt in cash and digital/online for payment have undoubtedly seen a massive decrease in cash use, but one thing that the survey results may not show, but the assumption could be made from the results, is that the pandemic may have demonstrated to people that they can carry on without needing to use cash for many products and services.  This period of relying on contactless, digital and online payments may turn out to have accelerated the move towards a cashless society as consumers have been forced to try new methods and may have been won-over, and may prefer to carry on this way as much as possible.

Interestingly, Facebook’s WhatsApp has just announced that its users in Brazil can now send and receive money through its messaging app, using a PIN and fingerprint for authentication.  This will, no doubt, be rolled out to other countries soon and will facilitate a greater move away from cash towards digital payment methods.

Once businesses start moving forwards again, they should expect a growing preference by customers to use contactless, digital, and online payments.

COVID Alerts From Google Maps

Google Maps is now issuing COVID-19 related alerts to those looking for public transport directions in cities, looking for medical facilities and testing centres, and for those crossing borders.

New Alerts

Google has announced on its blog that it is augmenting its Google Maps information with alerts relating to COVID-19 restrictions, requirements and advice depending on the subject of the search.  The new features in the latest release of Google Maps on Android and iOS include:

 – Alerts from local transit agencies e.g. if persons are required to wear a mask on public transportation in the area that they are searching for information about.  These alerts are being rolled out by Google in Argentina, Australia, Belgium, Brazil, Colombia, France, India, Mexico, Netherlands, Spain, Thailand, United Kingdom, and the U.S.

– Driving alerts about COVID-19 checkpoints and restrictions along routes e.g. when crossing national borders in Canada, Mexico, and the U.S.

– Alerts reminding Google Maps users searching for medical facilities or COVID-19 testing centres about eligibility and facility guidelines to avoid being turned away or causing additional strain on the local healthcare system.

Existing Alerts and Insights

These alerts are in addition to those features already introduced last year, such as crowdedness predictions for public transit stations in Google Maps, and insights introduced in February, such as temperature, accessibility, onboard security, and insights concerning designated women’s sections in regions where transit systems have them.

How Busy?

Google has also announced that those searching for transit stations on Maps will be able to see information about the times when that transit station is historically more or less busy, thereby enabling them to plan trips accordingly.  Also, Google Maps users can now see live data showing how busy a particular transit station is right now compared to its usual level of activity.

What Does This Mean For Your Business?

Travel, whether it be to or from re-opening workplaces or business trips now involves the need to avoid crowded places and to be aware of the different rules to apply as regards the wearing of masks or any travel restrictions in certain areas.  The introduction of these new features and insights to Google Maps is not only helpful to users in the current situation but will also help Google ensure that its services remain relevant and are used as people are spending more time on and relying more on other COVID-19 tracing and alert apps in different countries around the world.

Featured Article – ‘Vishing’ and How to Guard Against It

‘Vishing’, or ‘phishing over the phone’ is on the rise and in this article, we look at vishing techniques and examples, and how to prevent them.

Vishing

The word Vishing is a combination of ‘voice’ and ‘phishing’ and describes the criminal process of using internet telephone service (VoIP) calls to deceive victims into divulging personal and payment data. 

Vishing scams to homes often use recorded voice messages e.g. claiming to be from banks and government agencies to make victims respond in the first instance.

The technology used by scammers is now such that voice simulation may even be used in more sophisticated attacks on big businesses. 

Vishing Vs Phishing

Phishing attacks can take different forms and can employ different combinations, such emails, bogus websites, and phone calls.  Vishing focuses on using VoIP to complete the scam and this can include using a ‘spoofed’ phone number of a real business or company to add the appearance of authenticity. 

Smishing

Smishing uses SMS text messages rather than phone calls to deceive victims into responding.

Selection

Victims are selected using large call lists where little or nothing is known about the target (‘shotgun’ attacks), or where some information is known from sources such as personal data that has come from website data breaches and perhaps from data interception data gathered from phishing and other social engineering attacks. Vishing attacks where some important data is already known by the attacker are referred to as ‘spear vishing’ attacks.

Motivation

The motivation for attackers is, of course, easy money or data which leads to the acquisition of more money, and perhaps use in further attacks on other sites which can give access to a person’s financial and personal data. In the U.S., for example, if attackers already have the first few digits of a Social Security Number, gaining the remaining numbers can give them access to many other sources of funds and data.

The motivation presented by the attacker to the target to make them part with their data is the promise of bogus rewards e.g. prizes and taking advantage of amazing limited offers, the need to avoid a negative outcome, and the need to be helpful/contribute positively to society e.g. in scams whereby a victim is asked to help police/fraud investigations.

In most cases, fraudsters use emotional manipulation, deception techniques and the illusion of limited time (act now) as ways to gain access to personal data. The internet telephone service (VoIP) calls also provide them with anonymity and flexibility that they need to target their attacks.

The Scale of the Problem

The scale of the vishing threat is now huge.  For example:

– First Orion’s 2018 Scam Call Trends and Projections Report showed that nearly 30% of incoming mobile calls were spam calls.

– The “Quarterly Threat Intelligence Report: Risk and Resilience Insights” report from Mimecast researchers warned that in 2020, “voicemail will feature more prominently” in attacks and showed vishing as becoming a likely daily occurrence in 2020.

– Proofpoint’s 2020 State of the Phish report (worldwide survey) found that 25% of workers could correctly define the term.

Examples of Vishing

Popular examples of vishing calls include:

– Calls from banks or credit card companies with messages asking the victim to call a certain number to reset their password.

– Unsolicited offers for credit and loans.

– Exaggerated (almost too good to be true) investment opportunities.

– Bogus charitable requests for urgent causes and recent disasters.

– Calls about extended car warranties.

– Calls claiming to be from fraud officers to (ironically) help people who have recently fallen victim to scams and attacks, asking people for their help in operations to catch fraudsters e.g. by transferring funds to a specified account.

– Calls claiming to be from government agencies e.g. tax office calls offering rebates or warning of an investigation.

– Tech support calls to fix bogus problems with computers.  This method can also use popup windows on a victim’s computer, often planted by malware, to issue a bogus warning from the OS about a technical problem.

– Travel and holiday company calls relating to (bogus) holiday bookings and cancellations.

– Calls relating to insurance e.g. for weddings, holidays, and flight cancellations.

– ‘One ring and cut’ (Wangiri – Japanese) calls where criminals trick victims into calling premium-rate numbers. For example, the fraudster’s system calls a large number of random phone numbers with each ringing once.  If someone calls back (replying to a missed call) they are directed to a premium rate number.

Real Examples

– In May 2018, in the North-East,  vishing calls over a three-week period resulted in the theft of £1Million by fraudsters pretending to be from their victim’s bank saying they were investigating fraudulent activity by staff within the organisation and asking victims to move large sums money into foreign accounts for safe-keeping.  This was coupled with a request that the victim did not report the call for fear of jeopardising the investigation.

– In September 2019 AI voice simulation software was used to impersonate the voice of a UK-based energy company CEO and to thereby make the company transfer £200,000 into the account of the fraudsters.

– In October 2019, Police in Derbyshire warned that scammers had called victims claiming to be “tech support representatives” from Microsoft, telling people there was something wrong with their computer and offering to fix the problem by remote access.

Government Fights Back

Earlier this month (May 2020), Her Majesty’s Revenue and Customs (HMRC) asked UK Internet Service Providers (ISPs) to remove 292 websites exploiting the coronavirus outbreak since the national lockdown began on March 23.

How To Guard Against Vishing

Ways that you and your business can guard against vishing attacks include:

– Don’t trust caller ID to be 100 per cent accurate, numbers can be faked.

– Don’t answer phone calls to unknown numbers, block numbers of spam callers, register your phone number with the Telephone Preference Services (TPS) and report any suspicious spam calls to the Information Commissioners Office (ICO).

– Beware of unsolicited alleged calls from banks, credit card companies or government agencies, particularly those asking to you to call certain numbers and/or change password details. The real organisations and agencies would not make calls of this kind.

– Include phishing, vishing, smishing and other variants with your security awareness training for employees.

– Avoid using a gift card or a wire/direct money transfer, and make sure that there is a policy and process in place for any money transfers that all employees must adhere to, even if the request appears to come from someone within the company. 

– Don’t give in to pressure; remember that you can ditch any call at any time, and give yourself the option of looking up the number of the company/agency/organisation that claims to be calling you and calling them back yourself to check.

Looking Ahead

The predictions from security researchers and commentators are that vishing, along with phishing and smishing are set to increase this year, and their success could be helped by the COVID-19 outbreak as people wait and search for information about financial and health matters, details about government payments and help, and details about cancellations e.g. holidays and flights. Companies and organisations need to educate their staff about the threat, while businesses and individuals need to be vigilant and cautious about any unsolicited phone calls, particularly those that offer rewards, create panic or warn of dire consequences, and those that apply pressure.

NHS Immunity “Passport” App

Andrew Bud, chief executive of iProov, the company behind the NHS app, has floated the idea of using facial recognition for Covid-19 “immunity passports”.

App

The iProov-made NHS app system, for Android and iOS, not to be confused with the in-development COVID-19 app, is a system for use in England that allows users to access a range of NHS services via smartphone or tablet.

The app can currently be used to get advice about coronavirus, order repeat prescriptions, book appointments, check symptoms (against NHS information), view the user’s medical records, register a user’s organ donation decision, and to find out how the NHS uses a user’s data.

Facial Recognition

Users of the app have to submit a photo of themselves from an official document such as their passport or driving license which the app system uses as the basis for facial recognition to enable a user to verify their identity and access NHS services via the app.

Each time the user logs in using facial recognition, the system scans a person’s face using their phone/tablet camera which involves the user seeing a short sequence of flashing colours.

The Basis of an Immunity Passport

In support of a suggestion made previously by Health Secretary Matt Hancock, Andrew Bud, chief executive iProov has suggested that the trusted identity system of the NHS app could provide the basis for an “immunity passport”.

Immunity Passports

According to the Lancet, an immunity passport is a “digital or physical document that certify an individual has been infected and is purportedly immune to SARS-CoV-2” (the disease associated with the 2019 COVId-19 virus).  The idea of an immunity passport is something that has been considered by governments including Chile, Germany, Italy, the UK, and the USA.  An immunity passport could be used to exempt individuals from physical restrictions and could enable them to return to work, school, and daily life.

Issues

While an immunity passport is an option, some of the issues with this idea are that:

– There is no evidence that people who have recovered from COVID-19 and have antibodies are protected from a second infection (as stated by the WHO, April 24).

– A false-positive and an immune status could make that passport holder change their behaviour, despite still being susceptible to infection and able to infect others.

– Artificial restrictions in society could result for those who don’t have an immunity passport, and this could lead to discrimination, inequality, corruption, bias and even to extra costs for those in countries that don’t have access to (free) health care at the point of delivery.

– Immunity passports for some could restrict travel and civil liberties and could even incentivise people to become infected in order to get the benefits that such a passport could bring.

What Does This Mean For Your Business?

All businesses want to provide a safe environment for their staff, their customers, and other stakeholders as we move out of lockdown restrictions where economies still must function in an environment where COVID-19 is still a serious threat.  Whereas an immunity passport sounds as though it could indicate that a person is less of a risk e.g. when accessing services, not enough is known about whether a person can contract the virus more than once, thereby limiting the effectiveness and validity of the system.  Also, it depends upon how rigidly and widely such a system is used as to its effectiveness, and there are clearly many other issues based around discrimination to consider.

Facial recognition on an app however does sound like it could form a trusted base for a system that requires accurate verification.

Featured Article – Does Your Phone Have A Virus?

Phones are essentially powerful mobile computers that contain vast amounts of valuable personal information. This article looks at how to tell if your phone has a virus, what to do if you think it has, and how to protect your phone.

Virus or Malware

Both a virus and malware are malicious programs, but in security terms, a virus is a type of malware that copies itself onto your device and malware, the general terms for malicious software, is a type of threat.

Types of Mobile Malware

There are many different types of malware that can infect mobile phones, including:

– Banking malware, many of which are Trojans designed to infiltrate devices and collect bank login and passwords.

– Spyware, used to steal a variety of personal data.

– Ransomware, which locks the phone until the user pays a ransom.

– Mobile Adware, whereby “malvertising” code can infect a device, forcing it to download specific adware types which can then allow attackers to steal personal data.

– Crypto-mining apps, which use the victim’s device to mine crypto-currency. For example, in February 2019, security researchers at Symantec claimed to have discovered 8 crypto-mining apps in the Microsoft Store.

– MMS Malware, whereby attackers can send a text message embedded with malware to any mobile number.

– SMS Trojans, which can send SMS messages to premium-rate numbers across the world thereby landing the user with an exceptionally large phone bill.

Android Vulnerable To Malware From Malicious Apps

Android phones are known to be vulnerable to malicious software that usually arrives via a malicious app that the user has downloaded, sometimes via the Google Play Store or an app from a third-party app shop.  A recent Nokia Threat Intelligence report showed that Android devices are nearly fifty times more likely to be infected by malware than Apple devices.

For example, back in September 2019, Security researcher Aleksejs Kuprins of CSIS cybersecurity services company discovered 24 apps which had been available for download in the Google Play Store that contained spy and premium subscription bot ‘Joker’ malware.  Also, in January 2019, security researchers discovered 36 fake and malicious apps for Android that could harvest data and track a victim’s location, masquerading as security tools in the trusted Google Play Store.

Android phones are also vulnerable to malware and viruses if users download message attachments from an email or SMS, download to the phone from the internet, or connect the phone to another device.

Why?

Reasons why Google’s open-source Android is vulnerable to malware include:

– The complicated processes involved in the issuing of security updates means that important software security updates often get delayed.  This is because unlike Apple iPhones, there are thousands of different Android devices made by hundreds of different manufacturers, each with a range of hardware quality and capabilities. 

– The open-source nature of Android, which is also one of its strengths in terms of scope and flexibility, can also lead to more human error and potential security holes.

Apple iOS

Apple iPhones are generally thought to be much less at risk from viruses and malware because they have protections systems built-in which include:

– The need to go through the Apple App Store to download an app. Apple reviews each app for malicious code before it makes it into the store, thereby stopping an obvious method of infection.

– iOS “sandboxing” stops apps from touching data from other apps or from touching the operating system, thereby protecting a user’s contact and other personal data.

– The majority of iOS apps do not run as an administrator, thereby limiting their ability to do damage.

– Apple issues frequent updates to patch any known vulnerabilities, which everyone with a compatible device receives at the same time.

Still Targeted

Although the vast majority of viruses/malware attacks on phones affect Google’s Android phone OS (97 per cent), and viruses are rare on Apple iPhones due to the built-in security measures, they are also still targeted by cybercriminals, and vulnerabilities in iOS platforms do exist.

For example:

– Phishing attacks e.g. bogus pop-up ads are used to trick iPhone users into downloading malicious software.

– Back in August 2019 a Google Project Zero contributor reported discovering a set of hacked websites (from February 2019) that were being used to attack iPhones to infect them with iOS malware and had most likely been doing so over a two-year period.

Signs That Your Phone May Have a Virus

Some of the main signs that your phone may already have a virus/be infected by malicious software are:

– Unusual and/or unexpected charges on your phone bill e.g. additional texting charges.

– Your phone contacts reporting that they have received strange messages from you.

– The phone crashes regularly. 

– New/unexpected apps are present.

– Apps crash more often than usual.

– An increase in the number of invasive adverts on your phone (a sign of adware).

– Slowing down of the phone and poor performance.

– Large amounts of data being used, without an obvious cause.

– The battery life is noticeably reduced.

What Next?

If your phone is infected with a virus, take the following steps:

– Switch the phone to airplane mode to stop malicious apps from receiving and sending data.

– Check the most recently installed apps against the listed number of downloads (in the App Store and Google Play).  Low download numbers, low ratings and bad reviews may indicate the need to delete the app.

– Install anti-virus software and carry out a scan of your handset.

– You can also contact your phone’s service provider or visit the high street store if you think you have downloaded a malicious/suspect app

iPhones

If you suspect that your iPhone may be infected:

– Check your apps and delete any unwanted ones.

– Clear the phone’s history and data, and restart.

– Consider installing mobile anti-virus software.

Prevention

Prevention is the best form of cure, and the steps you can take to ensure that your phone is both secure and not infected with a virus include:

– Using mobile security and antivirus scan apps.

– Only using trusted apps / trusted app sources.

– Check the publisher of an app (which other apps they have created), check the numbers of installations and positive reviews before installing an app, and check which permissions the app requests when you install it.

– Uninstalling old apps and turning off connections when not using them.

– Locking phones when they are not in use.

– Not ‘jailbreaking’ or ‘rooting’ a phone.

– Using 2-factor authentication.

– Using secure Wi-Fi and VPN rather than just the free Wi-Fi when out and about. 

– Being careful with email security and hygiene e.g. monitor for phishing emails and not clicking on unknown/suspicious attachments and links.

– Being careful with security around texts, social media messages and ads.

App Developers

With apps being the source of many infections of phones, there is an argument that there is responsibility among mobile app developers and those commissioning mobile apps to ensure that security is built-in from the ground up. This should mean making sure that all source code is secure and known bug-free, all data exchanged over app should be encrypted, caution should be exercised when using third-party libraries for code, and only authorised APIs should be used.

Also, developers should be building-in high levels of authentication, using tamper-detection technologies, using tokens instead of device identifiers to identify a session, using the best cryptography practices e.g. store keys in secure containers, and conducting regular, thorough testing.

Going Forward

If you train yourself to regard your phone as another mobile computer (that probably has a lot more personal data on it) that can be targeted by cybercriminals and needs protection, and are cautious regarding apps, emails, texts and adverts, then you are less likely to end up with a damaging virus/malware program on your phone.

Virtual Restart For Housing Market

The housing secretary, Robert Jenrick, has said in a speech about safely restarting the housing market that technology such as virtual viewings looks set to play an important part.

Hard Hit Housing

The housing market has been hit extremely hard by the effects of the COVID-19 pandemic and by the measures taken to curb the spread of the virus. Mr Jenrick highlighted how 450,000 property buyers had to put their plans on hold and 300,000 tenancies come up for renewal each month.  Also, the pandemic has meant that people have been unable to move, many people have been forced to take mortgage holidays or have struggled with rent payments and estate and letting agents around the country have been closed. Housing experts are now predicting a sharp drop in house prices this year.

The construction industry also ground to a halt as lockdown measures were introduced.

It is only now that some estate agents and housebuilding firms have begun to reopen as lockdown restrictions have been relaxed.

How Technology Is Helping

Technology is reported to be helping with the restart of the housing and construction industries in several ways including:

– Estate agents being encouraged to conduct virtual viewings rather than in-person visits to properties.

– Digital transformation projects under the Digital Street plan by HM Land Registry that should allow buyers to carry out parts of the property buying process digitally e.g. using blockchain for contracts and signing deeds online.

– The first-ever virtual hearings for the planning inspectorate which Mr Jenrick has said should take place “within weeks”.

– The UK government using video, phones, and computers to vote remotely on debates.

Measures

On 13 May Mr Jenrick announced the following other measures to help get the housing market and construction moving in the right direction again:

– The First Homes programme (later this year) will give a 30% discount on new homes for key workers including nurses and teachers and police officers as well as local first-time buyers.

– The opening of estate agents’ offices and show homes and allowing and removal companies and the other essential parts of the sales and letting process to re-start.

– Allowing house-building sites to apply to extend their working hours to 9 pm Monday to Saturday in residential areas and beyond that in non-residential areas.

What Does This Mean For Your Business?

The pandemic has forced many of those in government, business and other walks of life to use and realise the value of technology in order to carry out what work they can whether it is video conferencing, collaborative cloud-based working platforms, or other tech tools. The fact that aspects of the housing market and planning can be carried out in a ‘virtual’ way provides safe and effective ways to help to get things moving again and is making a positive contribution at an exceedingly difficult time.

Are Masks A Challenge To Facial Recognition Technology?

In addition to questions about the continued use of potentially unreliable and unregulated live facial recognition (LFR) technology, masks to protect against the spread of coronavirus may be presenting a further challenge to the technology.

Questions From London Assembly Members

A recently published letter by London Assembly members Caroline Pidgeon MBE AM and Sian Berry AM to Metropolitan Police commissioner Cressida Dick have asked whether the LFR technology could be withdrawn during the COVID-19 pandemic on the ground that it has been shown to be generally inaccurate, and it still raises questions about civil liberties. 

Also, concerns are now being raised about how the already questionable accuracy of LFR could be challenged further by people wearing face masks to curb the spread of COVID-19.

Civil Liberties of Londoners

The two London Assembly members argue in the letter that a lack of laws, national guidelines,  regulations and debate about LFR’s use could mean that stopping Londoners or visitors to London “incorrectly, without democratic public consent and without clear justification erodes our civil liberties”.  The pair also said that this could continue to erode trust in the police, which has been declining anyway in recent years.

Inaccurate

The letter highlights concerns about the general inaccuracy of LFR. This is illustrated by the example of first two deployments of LFR this year, where more than 13,000 faces were scanned,  only six individuals were stopped, and five of those six were misidentified and incorrectly stopped by the police. Also, of the eight people who created a ‘system alert’, seven were incorrectly identified.

Others Concerns

Other concerns by the pair outlined in the letter about the continued deployment of LFR include worries about the possibility of mission creep, the lack of transparency about which watchlists are being used, worries that LFR will be used operationally at protests, demonstrations, or public events in future e.g. Notting Hill Carnival, and fears that the technology will continue to be used without clarity, accountability or full democratic consent

Masks Are A Further Challenge

Many commentators from both sides of the facial recognition debate have raised concerns about how the wearing of face masks could affect the accuracy of facial recognition technology.

China and Russia

It has been reported that Chinese electronics manufacturer Hanwang has produced facial recognition technology that is 95% accurate in identifying the faces of people who are wearing masks.

Also, in Moscow, where the many existing cameras have been deployed to help enforce the city’s lockdown and to identify those who don’t comply, systems have been able to identify those wearing masks.

France

In France, after the easing of lockdown restrictions, it has been reported that surveillance cameras will be used to monitor compliance with social distancing and the wearing of masks.  A recent trial in Cannes using French firm Datakalab’s surveillance software, which includes an automatic alert to city authorities and police for breaches of mask-wearing and social distancing rules looks set to be rolled out to other French cities.

What Does This Mean For Your Business?

Facial recognition is another tool which, under normal circumstances (if used responsibly as intended) could help to fight crime in towns and city centres, thereby helping the mainly retail businesses that operate there.  The worry is that there are still general questions about the accuracy of LFR, its impact on our privacy and civil liberties and that the COVId-19 pandemic could be used as an excuse to use it more and in a way that leads to mission creep. It does appear that in China and Russia for example, even individuals wearing face masks can be identified by facial recognition camera systems, although many in the west regard these as states where a great deal of control on the privacy and civil liberties population is exercised and may be alarmed at such systems being used in the UK.  The pandemic, however, appears to be making states less worried about infringing civil liberties for the time being as they battle to control a virus that has devastated lives and economies, and technology must be one of the tools being used in the fight against COVID-19.