Apple Thinks I’m Two-Faced

I’m a self-professed lover of all things Apple. Caveat:Mostly because I do use Amazon Alexa all throughout my house. But everywhere else, it’s all Apple – IPhones, new MacBook Pro, Apple TVs, IPads, IMac, iCloud for all my backups, and Apple Watches.

I’ve loved the iPhone X and, in particular, Face ID. It has worked like a charm reliably and consistently…until today. What happened today? I shaved my beard off. Mind you, prior situations I’ve worn hats or sunglasses and have successfully unlocked the X and apps with Face ID. But today I shaved my beard and Face ID did not recognize me. No worries. I went through the reset process and re-registered my “new” face with Face ID.

I’m intrigued by this for a few reasons.

• Did it work before with hats or sunglasses due to a vulnerability? Or was the AI of Face ID’s computer vision algorithm THAT good?
• For the same reason, when I shaved today, did it stop working because it legitimately “saw” a different person?
• In the broader topic of “explainable AI”, can we mere mortals in fact determine or predict what the true outcome should be for instances like this? Because if we can’t, then I’m sure the hackers will.

If we expand this facial recognition to the larger world around us, will I start getting advertisements, traffic tickets, or be placed on some “watch list” the next time I grow a bear or shave in the future? Many companies, governments, and law enforcement agencies dream of the day of large-scale facial recognition and action ability of that recognition to make more money, surveillance, or arrests. Or is that simply the looming nightmare for the rest of us?

Advertisement

Credit Card Security

I recently had a miserable experience with credit card fraud and am not looking forward to having more high tech credit cards in my pocket as a result. I was pumping gas at a Chevron station in East Palo Alto. All seemed rather benign and safe. I swiped my credit card in the embedded machine in the pump. It asked me for the usual zip code info, approved and on I went with pumping the gas. I finished, took my receipt and drove off. About an hour later I get an email from Barclays Bank who handles the Virgin America VISA card (really cool looking card) stating that I had possible fraud activity on my card. I checked it online and noticed that there were two charges at that same Chevron station: my first legitimate one and another larger, fraudulent one for $120. I promptly cancelled it and the Barclays Bank folks were really good on the phone.

I asked around with several friends as to how this might possibly have happened. It’s not definitive but it’s theorized that there was someone at the gas station with a wireless device that somehow had activated the embedded chip in my credit card and somehow got access to information that obviously made them capable of a making a fraudulent charge on the card. Another possibility is that the gas pump somehow could have gotten hacked or intruded upon allowing access to be gained to the cards that get swiped through it.

So there are many credit cards with the embedded chips in them for contactless payments with the terminals at several merchants. Are we headed full speed ahead into a brick wall of a security hole with this embedded technology? What else is at risk?

• Our healthcare with smart tags or cards that carry our health information?
• Our passports with the new smart chips in them?

Will the move to using our smartphones or cellphones be safer for doing payments and commerce?

Tanks to Thinktanks: Migration to Cyberwar

For quite some time there has been speculation and vehement discussions around how the war of the future won’t be fought on the traditional battlefield (at least not there alone) but online and in cyberspace. This statement is no more true as of lately due to the advent of the battle of giants: Google and China! Additionally this morning on IT-Harvest there are a multitude of compelling pieces on how cyberwar is expanding “to a new front”.

“This is a watershed moment in the cyber war,” James Mulvenon, director of the national-security firm, Center for Intelligence Research and Analysis at Defense Group Inc., said last week. “Before, the Chinese were going after defense targets to modernize the country’s military machine. But these intrusions strike at the heart of American innovation community.”

The proposals aren’t just ending at making statements about where the new front is being fought, but high level military officials are actually now saying to revector military budgets partially away from tanks and planes to high tech cyber defense and potentially even cyber offensive capabilities. General David Richards, Great Britain’s army chief, is of this mindset.

Britain’s armed forces are facing a new “horse versus tank moment” in dealing with the challenges of modern warfare, he told the weekly broadsheet. “People say I’m only talking about war with non-state actors,” Richards said, such as the Taliban insurgents currently being fought in Afghanistan. “I’m not. I’m saying this is how even war between states is more likely to be fought in the future.”

Let’s think about the facts here.

1. Conventional and mechanized war is expensive; cyber threats are cheap.
2. The skills to fight conventional war take time to develop; cyber criminals can be high school kids in any part of the world.
3. There are significant barriers to entry and obtaining tools for fighting conventional warfare; cyber threats are available in open source and scalable tools.
4. Conventional reconnaissance mostly finds the conventional threats; new cyber threats using wireless devices and technologies may NEVER be detected until it was already too late.
5. Who has been investing longer in their cyber skills? The criminals! The good guys need to catchup and look at this problem in a very different way than how they’ve been trained in the past. Throw out the old rule book!!!

We certainly can’t move completely from equipping our soldiers and Marines with headphones and keyboards rather than helmets and rifles. But the relatively unsophisticated new enemy “combatant” is working on very novel, subtle and inexpensive ways of affecting our economy, national security and critical infrastructures to our nation. We need to take a lesson or two from them to beat them at their own game.

GSM Hacking Trial

This week on Dark Reading there was more talk of the cracking of the GSM A5/1 over the air encryption. There is certainly a lot of attention swarming to this topic, rightly so given the pervasiveness of mobile. In addition the hacker community is making statements of the A5/3 encryption who is built into some of the 3G standards.

I think that the biggest concern does lay solely with the cracking of A5/1, but that there is a HUGE community of software programmers interested in “seeing” how vulnerable these encryption protocols actually are and if they can break them. In general this is a good thing to overcome the Kool-Aid Syndrome (where carriers and mobile technologists because too enamored with legacy and the status quo) and get telecom vendors, standards bodies, and carriers to think innovatively and out of the box. However it’s only a good thing if malicious behavior does not reign supreme.

Imagine if the confidential mobile communications of a government official or corporate CEO were intercepted and held for ransom. Imagine if terrorists were somehow to exploit this vulverability to their advantage. As with any socially and globally impactful technology, there are two sides to the coin: the good side and the dark side!

How do we solve this both near term and long term? Do we ban cellphones in certain instances or environments? Is this even feasible given the human appendages that cellphones and smartphones have become?