Saturday, 5 March 2016

1984 has arrived, just a bit later than expected

Smartphones and 1984:  Are We There Yet?

Most people have heard of the book “1984”.  It is without doubt George Orwell’s best novel and remains one of the most powerful warnings ever issued against the dangers of a totalitarian society.
For those who need a reminder the book was written in 1949 and set in the author’s future.  In Orwell’s bleak vision the main thread of the story is the omnipresent government surveillance at all levels of society.  People are electronically watched 24 hours a day and “disappeared” if they step from the narrow party line. 

The authors name has even entered the English language as “Orwellian”, an adjective used to describe a totalitarian system in which an organisation or government relentlessly spies on people in an attempt to exercise complete control over their behaviour and thoughts.

What has a book written over 60 years ago got to do with smartphones?  Well maybe more than first appears.  A disturbing picture of the state of data surveillance and collection is emerging.

Apples Fight for your Data Security

Despite Apples posturing towards the FBI regarding the privacy of an individual’s data it seems they might not be as concerned about privacy as we are led to believe.  The respected security researcher Jonathon Zdziarski wrote a paper titled; Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices. The paper describes how; with or without Apple’s help, spying agencies such as NSA and other third parties, familiar with how iOS operates can use these vulnerabilities to extract data from an iPhone, or even install applications for malicious purposes without the user’s knowledge.

Currently iPhones collect and report back location data and web search data and have access to user information stored in the iCloud and iTunes

Apple can access you contacts even if you disable iCloud and iMessage.  Consumers say they want privacy, but do not typically alter actions to protect themselves. This is among key findings from a recent study commissioned by Trend Micro Incorporated (TYO: 4704; TSE: 4704). The global study conducted by Ponemon Institute, “Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers,” reveals a slight majority of consumers believe the benefits of the Internet of Things (IoT) outweigh privacy concerns. However, 75 percent feel they do not have any control over their personal information. In addition, the research compares consumers’ perceptions on privacy, their willingness to change behaviour and the perceived value of their personal information“

These comprehensive findings show that, while consumers seem to be concerned about privacy and security, they do not fully grasp the role they can play according to Raimund Genes, CTO, Trend Micro. “At the same time, the majority who identify themselves as ‘privacy sensitive’ will not change their behaviour or information sharing practices even if they experience a data breach. This could be attributed to a feeling of powerlessness or an overall lack of awareness. It’s clear that more attention is needed to protect privacy and security on a personal basis. Fortunately, there are resources available to help individuals learn how to protect themselves.” Unfortunately People need to educate themselves because neither governments nor corporations will benefit from users who can keep their information locked down.

So we should Just Use Android Smartphones.

Android is a mobile operating system developed, maintained and distributing by Google to anyone who wants it FOR FREE.  Think about it for a second.  Why would the biggest advertising company in the world, actually he world’s largest publicly traded company spend millions on a product and then give it away?  It’s simply because they can make more money from the collection of data from the estimated 1.4 Billion devices running its software.

Since its meteoric rise in the internet age, Google has reached technological capabilities that seem almost science-fiction. Their latest is a neural network with a “superhuman” ability to determine the location of almost any image.  The internet giant’s immense collection of personal data amounts to its own surveillance network that likely exceeds the best government spy program anywhere in the world. The data sweep is not only online; Google’s Street View cars were discovered collecting information from wi-fi hubs ranging from “people’s medical histories to their sexual preference to marital infidelity.”

Google has said that their collection of data, when used properly, advances the public well-being. This sounds uncomfortably familiar to the propaganda campaign of intelligence officials defending the NSA’s domestic spying program and other intrusions of privacy revealed by Edward Snowden.

The next logical stage in this journey towards 1984 is to track a user's health behaviour using so called smart watch or fitness bands.  These devices are being developed to collect clues of a much more comprehensive nature than just steps in the park. Your blood pressure, electrodermal activity, blood alcohol content and much more than can be already be collected by health-tracking gadgets currently on sale.  I sincerely hope that smartphone users are concerned about insurance corporations collecting this type of personal data because they really as they should be.  If we keep going down the road we are on then soon we will be required to wear "health" bands to get medical insurance.  

On Wednesday 09th March, the European Union is expected to drop the hammer on Google, charging the company with violating antitrust rules with its search dominance. It’s the tail end of a five-year investigation from the EU’s competition commission, and a prolonged regulatory headache for the search giant. It could be costly too: The EU is reportedly plotting a fine as large as $6.4 billion, roughly a tenth of Google’s annual revenue. The Financial Times first reported the news.  Needless to say whatever happens there will be an appeal.

What happens next?

It is up to each and every citizen to educate themselves and decide if they want to be a drone tracked by corporate algorithms or if they want to grow as individuals and make decisions based on learned reasoning rather than asking Google for an answer every time they stumble.  I am not confident that the former will happen.


Tuesday, 3 November 2015

Marketing Images for the New Android BlackBerry Priv

Below is a collection of BlackBerry Android Priv Artwork..It is an interesting direction and quite different from previous campaigns.  What do you think?

Tuesday, 6 October 2015

Tata Power SED and Secusmart, a subsidiary of BlackBerry, Sign Contract Agreement

Launcher System Developed by Tata Power

Secusmart, the global expert in secure mobile communications, and Tata Power Strategic Engineering Secusmart Division (SED), part of the multinational Indian conglomerate, Tata Group, today announced a comprehensive partnership for the Indian market. The two companies have signed a term sheet (MoU) providing a framework for the collaboration, the aim of which is to evaluate the design, development and marketing of a highly secure mobile communications system tailored to the needs of Government customers in India.

“In the era of increasing incidents of espionage in State establishments and Corporates with cyber security breaches and data theft, the envisaged association with BlackBerry will increase opportunities to accelerate innovation for high-end secure communication solutions. The proposed collaboration is aimed at leveraging Tata Power SED’s expertise in security, software and hardware design and manufacturing and Secusmart’s expertise in software and security to provide a highly capable and secure communication solution meeting stringent Government requirements,” said Rahul Chaudhry, CEO of Tata Power SED.

The term sheet was signed during German Chancellor Angela Merkel’s official trip to India, underlining the importance of the partnership to both parties, and highlighting how crucial secure mobile communications are to the Government of India.

Dr Hans-Christoph Quelle, Chief Executive Officer, Secusmart, also commented on the partnership. He said: “Since Secusmart was founded, we have continued our focus on making mobile communications more secure, for customers all around the world. I am proud of our continued success in delivering world-class security solutions, and am delighted that our cooperation with Tata Power SED will play such a crucial role in securing mobile communications for the Indian market.”

Secusmart GmbH (, a subsidiary of BlackBerry Limited (BlackBerry – NASDAQ: BBRY, TSX: BB), is a leading expert in the development and implementation of comprehensive solutions for protecting businesses and public authorities from electronic eavesdropping. The Vodafone Secure Call app was created by Secusmart to allow companies to make secure mobile voice calls regardless of the platform and device being used. Vodafone Germany, the system’s first marketing and distribution partner, has been equipping German business customers with this solution for secure communications since the start of 2015. With its SecuSUITE for BlackBerry 10 high-security solution, Secusmart also protects the mobile communications of German and foreign governments as well as agencies and organisations responsible for providing emergency services.

The Tata Power Company Limited, Strategic Engineering Division (Tata Power SED) has been a leading private-sector player in the indigenous Design, Development, Production, Integration, Supply and Life-cycle Support of mission critical Defence Systems of Strategic importance, for close to four decades. During this period, the Division has partnered the Ministry of Defence (MoD), the Armed Forces, DPSUs and DRDO in the development & supply of state-of- the-art Systems and emerged as a Prime Contractor to MoD for Indigenous Defence Production when it secured Orders for Pinaka Multi Barrel Rocket Launcher, Akash Army Launcher and Integrated EW System for the Indian Army and for the Akash Air Force Launcher, COTS-based Automatic Data Handling System for Air Defence and Modernisation of Airfield Infrastructure (MAFI) for the Indian Air Force. 

Text based on a Secusmart press release
For more information, visit

Monday, 28 September 2015

UK National Health Service accredited apps leak medical data

A number of UK National Health Service (NHS) accredited smartphone health apps do not properly secure customer data and have poor information privacy practices, according to researchers at Imperial College London, who checked 79 of the 230-plus apps available in NHS England's Health Apps Library.

Apps in the library are supposed to be compliant with data protection legislation and undergo tests to ensure they meet standards of clinical and data safety. But despite this vetting, the researchers found that many of the apps weren't up to the required standard with some ignoring privacy standards, and nearly a third (29 per cent) sending the data ,which included both personal and health data, without any encryption at all. The majority also sent personal data to an third party associated online service.

"If we were talking about health apps generally in the consumer space, then what we found would not be surprising," said Kit Huckvale, a PhD student at Imperial College London, who co-wrote the study, suggesting that the NHS vetting procedures should conform to a higher standard.
The study sent bogus user data to all 79 apps in the study, and looked into how this was handled, eventually exposing those with poor security.  Four apps sent both identifying and health information without encryption. Although the study was not designed to examine data handling after transmission to online services, security problems appeared to place users at risk of data theft in two cases. The NHS has since claimed that it has removed the apps that are vulnerable, or has contacted the developers to insist they were updated.

But the findings are not surprising. After all, in June, NHS England was put under scrutiny for its review criteria for the Health Apps Library. The criteria were designed to provide a framework to assess those apps for suitability before they're published for the public to download - but they had been labelled weak, and furthermore it seemed as if some of the apps failed to meet even that low standard.

At the time, Phil Booth, co-ordinator at health privacy campaign group medConfidential, described the review criteria as "very weak", and added that his organisation had given feedback to NHS England on how some of the apps could be improved, but that the advice appeared to have been ignored.  For example the five step approval process is heavily focused on ensuring the information the app supplies is from an approved source and there appears to be little or no assessment of the apps suitability to handle or transmit data securely.

"Unfortunately, not all of the apps currently in the library even meet the criteria they supposedly should. And, despite having provided detailed and specific feedback on a number of these apps using the provided feedback forms on the relevant web pages SIX weeks ago, we have had no response - and nothing appears to have changed on the site."  At that time however a spokesperson from NHS England went directly to denial mode and claimed that the newly published report was out of date and that NHS Choices has improved slightly since it was written. Well that’s okay then except for the fact nothing whatsoever has been fixed.

The findings of the Imperial College London study suggest that NHS England failed to take notice of medConfidential's advice. It is likely that the Health Apps Library could be another major IT project fail for the NHS. It appears the NHS is taking a purely reactive stance to ensuring the library contains secure apps, as opposed to an eminently more sensible (considering what’s at stake) proactive approach, and this may well lead to personal and health data getting into the hands of criminals.

The NHS is just one amongst many organisations that needs to get up to speed with the criminal reality that is todays cyber world.

Wednesday, 29 July 2015

The Blame for Cyber Breaches moves into the Boardroom

The Blame Shifts?

Until quite recently Senior IT Execs have been the the lightning rods of the cyber breach era.  As soon as a company was hacked the unfortunate "IT Guy" could be seen packing his bags while silently cursing the miserable IT budget he had to work with. While most corporate entities would deny they have a blame culture they are generally happy to make exceptions and blame the head of IT when they get hacked. However things may be changing and the days are ending when IT execs most important task was to get high scores on "User Experience" surveys and take one for the team when the business was breached.

Historically the CEO's role in a breach scenario has been to offer mournful faced interviews, claiming that our privacy is important and such a significant cyber breach had been unforeseeable "who could know such a thing was possible?"..(everyone who reads the news!). But a recent spate of high-profile resignations show that the focus is now been turned squarely on senior board members.

Following a hack that compromised over 20 million personal records of government employees US Office of Personnel Management head Katherine Archuleta has been forced to resign. When the London based hedge fund, Fortelus, was hacked to the tune of $1.2 million, Thomas Meston, the CFO also lost his job.

Katherine Archuleta

These are two latest resignations in a trend that began in earnest last year when the CEO of giant US retailer Target, Gregg Steinhafel, was forced to resign from his $24 million per annum position in the wake of a disastrous data breach that compromised 40 million shoppers credit cards and 70 million customers personal data. Given a breach of this magnitude, Steinhafel was given little alternative but to leave his position as the head of the $40 billion corporation.

Target Retail Breach

The difficult fact for senior executives to understand regarding the cyber landscape is that there is nothing anyone can do after the event to limit damage. Unlike cash and other tangible assets, once the data escapes it can be replicated endlessly and shared globally in an instant.  No amount of court orders can slow down the process and a product recall doesn't really cut it. Once a breach has occurred the corporation will most likely find itself accused of negligence. It is then up to the CEO and his board to disprove any negligence claims by proving that all reasonable steps had been taken to safeguard the organisation’s database.
In the 80’s and 90’s when the computerized office was becoming a reality and a lot of the world’s current crop of CEO’s were in college studying business administration (without an ITC module), it was reasonable for executive boards to delegate the safeguarding of the corporate data to the experts in the IT department. The “IT guy” would install Anti-Virus software and get back to their proper job of responding to user feedback surveys, managing the network and helping users with their mouse, keyboard and printer. But now, suddenly it seems, there are hundreds of mobile devices connected to company servers and hundreds of thousands of new variations of malware being developed targeting these mobile devices it is a whole new landscape, combine this with the relentless ongoing and targeted email “phishing” campaigns that we see every day then it is clear that traditional safeguards are no longer adequate. Board members are now expected to understand the risks and authorize budgets to ensure properly designed and layered cyber defenses are in place and train staff to understand the outcome of risky behavior.  If they don't they risk ignominious dismissal.

Why Hack User Data instead of Financial Data?

The underlying reason for the growing trend in cyber-crime is because of the increasing value of corporate databases. The more business that is conducted online, the more corporations know about private citizens and therefore the more valuable the database becomes. In the case of a growing number of corporations, the company’s database is substantially more valuable than its cash holdings. A case in point is the recent Ashley Madison hack where the very personal details of up to 37 million trainee adulterers were taken from the company’s servers. This hack has destroyed Ashley Madison’s hope of a $200 million IPO and has the potential to cause untold misery to millions of families.

International organised criminals have rapidly shifted focus from financial fraud to data theft. Stolen data can be laundered more easily than stolen cash by disguising it as legitimate market research. The data can be doctored and presented to a rival organisation as legitimate; in others cases; it is simply put up for sale to the highest bidder. This is generally done via the Dark Web, using encrypted websites where anything can be bought and sold. The damage inflicted on the compromised corporation can be terminal.  With a single cyber-attack, a company can see its damage-control costs escalate out of control, its customer goodwill shattered, the company put at risk of lawsuits, and the company’s stock price decimated.

In 2014 the total number of detected security incidents globally grew to 42.8 million with the number of breaches costing over $20 million doubling.  These breaches were a litany of high-profile corporate and government security breaches such as Target Corp., Home Depot, Neiman Marcus, Michael Stores, Sony Pictures Entertainment, and Wall Street giant JPMorgan Chase, costing an estimated US$500-billion.

Bring on the Lawyers

Given the rising number of cyber violations, it’s not surprising, there has also been numerous class-action lawsuits filed in the U.S. from stakeholders for breach of fiduciary duty, including a case against another hacking incident at Sony involving the alleged theft and release of social security numbers and other personal data, while electronic commerce giant eBay Inc. is facing a class-action launched in July, 2014 by 125-million customers whose personal data was breached early last year.

The shifting face of IT Governance

With so much at stake, there is now a shift beginning toward data governance being removed from the IT department and into the boardroom as part of the enterprise risk-management framework. Boards are only now beginning to figure out that oversight of cyber security has become as much a part of their financial duty as the accounting on the balance sheet. It is not the job of the board to manage data security but it is the job of the board to ensure it is managed as well as reasonably possible.

The IT literate CEO

Given the current global tsunami of cyber-crime, CEO's need to sponsor projects that implement layered defense, mobile device management, staff training and also address the risks posed by third parties interacting with the business. Focus should be on the rapid detection of security intrusions, and an effective and rapid response.

But whatever form of attack may occur, from now on the cyber security buck stops at board level. Senior executives are beginning to realize that the delegation of total responsibility for corporate security to the "IT Guy" is over.

Monday, 8 June 2015

BlackBerry Extends its IoT reach from Cars into Ships and Hospitals

Most of us know that the BlackBerry’s QNX operating system used to power BlackBerry 10 phones has also become the technology of choice for mapping, communication and entertainment systems in cars.  Automakers from mass producer Ford to exclusive Porsche and BMW use the software.  QNX Software Systems is the leader in automotive software by a long shot and is forecast to remain the leader for the foreseeable future. According to Egil Juliussen, director of research, infotainment and ADAS, IHS Automotive QNX will grow from ”more than 16 million units in 2013 to 56 million in 2020,” But now BlackBerry is looking to use QNX to enter the transportation industry with iOT technology that will enable shipping companies to keep track of their cargo.

What is IoT again?

The Internet of Things describes the technology which connects objects to wireless networks, whether it's a person's smartphone to their fridge, or a trucking company to its fleet. The latter example is where BlackBerry says there's plenty of growth potential this year. Chennakeshu said the current systems used by the shipping industry are "a little archaic and not scalable."
"It's a very large business, in the tens of billions of dollars, with very low penetration."

Tracking a Shipment

Container ship

BlackBerry have unveiled the foundation of its Internet of Things platform at the Consumer Electronics Show in Las Vegas, marking the first step towards building a service BlackBerry believes will be a gateway to significant growth for its business.  BlackBerry will provide hardware and software support for cloud-based communications boxes built into shipping containers.

Each device will include a cellular radio, Wi-Fi connectivity, a microprocessor and sensors that monitor what's in the container, its location and other details to help fleet managers stay on top of their products and anticipate potential problems.
"There's lots of useful information you can collect to get more efficient," said Sandeep Chennakeshu, president of the BlackBerry's Technology Solutions unit in a telephone phone interview from CES. "(The communication box is) very similar to a cell phone, except it doesn't have a display or a keypad. That's right up our alley."

An early test was completed in October this year and plans are underway to make the devices available in "limited specific-use cases" in April, Chennakeshu said.
Bear in mind that there are 200 million shipping container movements every year and of those an estimated 10,000 containers are lost.  Even a limited trial in this industry is large

Over the past year, under the leadership of chief executive John Chen, the company has undergone a dramatic change in priorities and refocused mostly on large contracts with businesses, rather than chasing individual users.
BlackBerry has also looked for other ways to leverage its existing technology in new ways. Moving into the Internet of Things business is just one of a number of new initiatives.

Over the air updates

Chasing the shipping industry is only part of BlackBerry's bigger plan for the QNX Internet of Things platform, BlackBerry also sees opportunity to sell similar technology to automakers, who plan to install sensors in cars to detect mechanical problems and notify drivers when they need to get their vehicle serviced.  There was also a recent announcement of QNX auto system that will allow over the air updates for car software and so avoid expensive visits to the shop or even mass recalls such as the 1.9 million cars recalled by Toyota last year over a software issue.

Healthcare and IoT

BlackBerry announced at the beginning of this year that its QNX software will be used in the next generation of the HBox, a device made by U.S.-based medical technology company NantHealth, which BlackBerry acquired a minority stake in last April.

The HBox operates as a hub between mobile devices and the servers of health care companies, serving as part of an encrypted pipeline to transfer medical records between doctors and medical care centers.
“With HBox, we have created a ‘human signal’ capturing device that automatically and securely transmits, through our HIPAA-compliant ‘NantCloud,' critical medical data and vital signs to the mission control center,” said Patrick Soon-Shiong, M.D., founder and CEO of NantHealth. “Instantly and safely connecting the patient with the doctor and hospital allows for a higher quality of healthcare, expediting diagnosis and treatment, as well as more efficiently and accurately providing vital information into the hands of those in need.”
The QNX enabled HBox will be compatible with BlackBerry’s BES enterprise mobility management platform. HBox, once integrated with BES, will be fully encrypted to allow deployment in a HIPAA-secured environment, enabling clinicians and patients to securely access and receive medical information as soon as it is available, wherever they are.

The HBox marks the second ground breaking product resulting from the collaboration of BlackBerry and NantHealth. Last month, the two companies announced the first secure clinical genome browser, the NantOmics Cancer Genome Browser™, which provides doctors unprecedented access to patients’ genetic data on the BlackBerry® Passport smartphone.

Human Genome Displayed on a Passport

So, next time you hear someone say "BlackBerry the struggling smartphone maker" ignore them, BlackBerry is about a whole lot more than consumer smartphones.

Tuesday, 12 May 2015

Smartphone Apps Secretly Connecting to User Tracking and Ad Sites

So, you unbox your brand new phone.  You use it for a few weeks, you love it, the battery life is great and it runs smooth as silk.  Over the course of a few months you get a bit bored and you look for free apps, because everyone likes free stuff.  You pick and mix, get some cool games, some productivity apps for work and  you get helpful apps for your music collection.  Stuff is free and life is good.

Six months later you find your battery life is halved and the smokin
' speed you saw at first now shows some lag, the OS gets a bit flaky and you feel that your latest and greatest device is no longer up to date. You start to look at the latest models on release and look forward to an upgrade.


One thing that may be causing severe degradation of your smart phone performance is those wonderful free apps you are using.  Security researcher Luigi Vigneri from Eurecom has developed an automated system for detecting Android apps that secretly connect to ad and user tracking sites.

Vigneri began by downloading over 2,000 free apps from all 25 categories on the Google Play store.
He then launched each app on a Samsung Galaxy SIII running Android version 4.1.2 that was set up to channel all traffic through the team’s server. This recorded all the urls that each app attempted to contact.   They then compared the urls against a list of ad-related sites from a database called EasyList and a database of user tracking sites called EasyPrivacy, both lists were compiled for the open source AdBlock Plus project. Finally, they then compiled the number of matches on each list for every app.

The results
were interesting. In total, the apps connected to a staggering 250,000 different urls across almost 2,000 top level domains. And while most apps attempted to connect to just a handful of ad and tracking sites, some are much more prolific.

Vigneri give
s as an example “Music Volume Eq,” an app designed to control volume, a task that does not require a connection to any external urls. And yet Vigneri says “We find the app Music Volume EQ connects to almost 2,000 distinct URLs,”.  Many of the apps connect to ad-related sites and tracking sites while some connect to much more dubious sites that are associated with malware.

But here’s the problem
, as I see it. This frantic activity takes place without the user being aware of it and it eats resources. That’s something that most smartphone users would be highly annoyed to discover if they knew what was going on behind their back, so to speak.

The Music Volume EQ app is not alone in its excesses. The team say
s about 10 percent of the apps they tested connect to more than 500 different urls. And 9 out of 10 of the most frequently contacted ad-related domains are run by Google.

The user tracking sites that apps connect to are less pervasive. More than 70 percent of apps
did not connect to any user tracking sites. Those that do can be extravagant; some connect to more than 800 user tracking sites. What’s more many of these are created by organizations that Google has designated with “top developer status.” The worst offender is an app called Eurosport Player which connects to 810 different user tracking sites.

Today, Luigi Vigneri and pals from Eurecom in France have a solution. These guys have come up with an automated way to check the apps in Google Play and monitor the sites they connect to. Their results reveal the extraordinary scale of secret connections that many apps make without their owners being any the wiser.

They call their new app NoSuchApp or NSA for short in honour of a similarly named monitoring agency.  The team plan to make the app publicly available on Google Play in the near future.

So, if you find your phone lagging and eating your battery for lunch
, try resetting it to factory default and see if the shine comes back. 

And remember, those app guys that give you free stuff need to make a living, somebody is paying them either for your tracking data
, or your invisible URL connections. 

Most importantly, you end up paying the most, with loss of your privacy and of your smartphone battery life