Monthly Archives: June 2017

Recap: Roundup Of The Biggest Announcements At Apple WWDC 2017

What would a world without apps look like? Apple offered a sneak peek at such a hypothetical (and fairly alarming!) scenario with a hilarious ‘Appocalypse’ video, to kickstart this year’s Worldwide Developers Conference (WWDC; 5-9 June). The video was followed by the two-and-a-half hour long keynote, with a record 5300+ registered Apple developers in attendance. Several important announcements were made during the keynote, and we will take a look back at them here:

 

  1. Homepod – Apple was widely expected to showcase a new smart home speaker at this year’s WWDC, and the Cupertino tech giant did not disappoint in that regard. The sleek, Siri-enabled Homepod was announced – with the speaker having a wide range of smart functionalities. For starters, the ‘home entertainment speaker’ can customize audio playback depending on the area and type of room it is placed in. A four-inch woofer, together with a 7-beam tweeter array, offers excellent audio quality – while other essential features, like echo-cancellation (multi-channel) are also built-in. Powered by the Apple A8 processor, the Homepod also has the capability to answer questions (thanks to the ‘Hey Siri’ support), start timers, fetch news and schedule reminders. It can be paired with other Homepod(s) as well. The special ‘Musicologist’ feature helps in streaming audio from Apple Music, once a user has requested Siri to play something. Apple Homepod will be available in black and white body colors, and will start shipping from December 2017 (the price is $349). It combines the best features of Sonos and Amazon Echo – and should emerge as a worthy rival to both.
  2. watchOS 4 -Although tvOS 11 did not make an appearance at WWDC 2017 (more on that later), Apple did come out with an update for its smartwatch platform. The fourth iteration of watchOS has many new additions – with the interesting watch faces being worth a separate mention. Apart from the cool Toy Story character faces (Sheriff Woody, Buzz Lightyear, Jesse), there is also a ‘trippy effect’ kaleidoscopic face and the innovative Siri watch face. The latter can display personalized information, based on the precise location, time and preferences of users. As expected, more activities have been added in the built-in Activity app, while the Workout application has also received workouts (e.g., high-intensity interval training, enhanced swimming training). Third-party app developers have also been kept in mind, with watchOS 4 having lots of new APIs. The blinking light mode and the flashlight mode are also interesting additions. The Music app in Apple Watch has been redesigned, the new ‘Gymkit’ functionality has been included, and the platform will also allow people to make payments through Watch (person-to-person payments).

Note: The Siri watch face will bring in artificial intelligence (AI) to the watchOS platform.

3. iOS 11 – The newest version of the iOS platform was, of course, announced at the Apple annual conference – as is the custom every year. The final version of iOS 11 will be launched in September, and it will be present on this year’s iPhone 8 (or will it be iPhone 7S?). Several tweaks have been made in the latest iteration of iOS, with the redesigned Control Center – with toggles becoming 3D Touch-enabled and the entire set of controls becoming viewable on a single sheet. A new ‘Apple Pay Cash’ card will be made available, to facilitate person-to-person payments via Apple Pay. Syncing across multiple devices will become easier and faster than before, with iMessages being made a part of iCloud (with end-to-end encryption). Live images can be modified/edited, while images will be compressed in the HIEF format (which are visually at par with JPEG images, and require about 50% less space). The Notifications panel and the lock screen have been merged into a single display area in iOS 11, while there is also a special ‘Do Not Disturb’ mode for users – which will mute all notifications and send automated messages, when they are driving. Airplay 2 will make audio sharing and playback on paired devices an absolute breeze.

4. 10.5” iPad Pro – Last year’s 9.7” iPad Pro was a big attempt on the part of Apple to revive the flagging fortunes of the iPad. At this year’s WWDC, an upgraded version – the 10.5” iPad Pro (along with the 12.9” variant) – has been announced. The new model has a display screen with much narrower bezels, and can easily fit in a full on-screen keyboard (the company has been trying to create a ‘handheld computer’ experience with iPad Pro). The A10X Fusion processor (6-core) delivers optimal speed and performance. The 10.7” iPad Pro will also support HDR videos – a first in the history of iPads. The revolutionary ‘ProMotion technology’ will enhance the refresh rate of the screen to an amazing 120 Hz – making activities smoother, and significantly reducing the latency of Apple Pencil. The new iPad Pro model will have the same camera specifications as iPhone 7 (12MP rear camera with optical image stabilization…yay!). Shipments of the Apple tablet might have gone down over the last couple of quarters – but Apple is not going to give up on it anytime soon.

5. macOS High Sierra – We moved on from OS X to macOS in 2016 (the first version of the latter was called macOS Sierra) – and this year, we have got an upgraded version of the platform, in the form of macOS High Sierra. Apple is looking to make web browsing easier and faster than ever on Mac computers – with the Safari browser now having the capability to block autoplay videos (it also has an ‘intelligent tracking prevention’ feature. The in-built JavaScript engine has been billed to be close to 80% faster than Google Chrome – an impressive feat indeed. The 64-bit APFS (Apple File System) – which debuted on iOS 10.3 – is coming to the macOS platform as well. The Photos app has been revamped, while the split-screen functionality in the Mail app will add to the convenience factor. At the event, Craig Federighi also mentioned that both Metal VR and Metal 2 graphics engines will be coming to macOS High Sierra, along with the Steam VR SDK (much to the joy of the developers attending WWDC). What’s more, the platform will also support Unreal Engine and Unity.

6. More intelligent Siri – Siri on iOS has been getting consistently smarter – and its performance is set to climb a couple of notches higher on iOS 11. With the help of SiriKit, the mobile digital assistant will support more external apps than before. Contextual search will be boosted by proactive suggestions, while Siri will also be enabled to ‘read’ texts off the phone screen (thereby making the task of understanding difficult words easier). The recalibrated Siri has an enhanced natural voice, with ‘intelligence’ levels being buoyed by on-device learning. On devices running on iOS 11, Siri will also be able to translate user-commands and queries to different languages, like Spanish, English, Chinese, German, and many more. The assistant will also be able to pull up VR codes, and perform banking and task-management activities.

7. iMac Pro – Easily the biggest of the Mac-related updates announced at WWDC 2017. An all-new iMac Pro (for professionals) is set to be launched, with uber-powerful eight-core Xeon configuration (ten-core and eighteen-core options will be available). The size of the iMac Pro will be 27”, and it will have a vRAM of 16GB. The high-quality VR environment will be a big plus for this computer, which will have the breakthrough Radeon Vega GPUs. The 27” iMac Pro will be available in Space Grey, and will start to ship in December.

Note: Apple CEO Tim Cook referred to the iMac Pro as ‘pretty badass’. It is being touted as the most powerful computer the Cupertino company has ever made.

8. More about Macs – Prior to the conference, there was plenty of buzz about the Intel Kaby Lake processors (7th generation) coming to Mac computers. These processors have indeed been included in the refreshed lineup of Mac systems. The 21.5” iMac can be upgraded to have the Fusion Drive storage system (it is standard on the 27” model). The new models will also have higher memory and storage capacities – a maximum of 32GB and 64GB for the 21.5” and the 27” iMac computers respectively. The computers will have two new Thunderbolt 3-compatible USB-C ports, come with Radeon Pro GPU processors, and the Iris Plus graphics configuration. According to reports, the SSD of the revamped Mac systems function almost 50% faster than their predecessors. The 27” iMac will boast of 5.5 teraflops power for processing. New chips and drives were also announced for Macbook, Macbook Air and Macbook Pro – offering significant speed boosts.

9. Amazon Video app on Apple TV – Rather surprisingly, not much was announced by Apple regarding its smart TV platform (the much anticipated tvOS 11 was not showcased). However, there was big news – about Amazon Prime Video finally becoming available both on Apple TV and the TV app of the iOS platform. With Amazon and Apple burying their past differences and getting together, the content source of Apple TV will expand considerably – something that all Amazon Prime subscribers can rejoice about. ITV Hub and All 4 remain the other popular video apps that are not yet on the Apple TV roster.

10. Redesigned App Store – The App Store is being redesigned by Apple for the first time this year, to enhance its user-friendliness. The changes are being made as a component of the overall iOS 11 update. The UI of the App Store will become neater and more streamlined – with every app/game being presented in separate ‘product pages’, and greater visibility for in-app purchases. The overall layout resembles that of Apple Music, with the content-separating tab ensuring easier browsing. Information about all the new games (including gameplay tips and help) will be available – while there will be a new ‘App Of The Day’ tab feature, to highlight the specially recommended application on any day. There is something for iOS app developers too – with the ‘phased releases’ option making it simpler to release relatively large updates.

Note: It was also revealed that Mountain Valley 2 (by Ustwo Games) will be present in the restyled App Store.

11. ARKit – The war in the augmented reality (AR) space is hotting up. In April, Facebook launched its AR-focused ‘Camera Effects’ platform, while Microsoft has also launched its very own platform for AR developers. After several months of subtle hints, Apple finally announced at the recently-concluded WWDC that it is going to join the game – with the all-new ARKit suite. The platform will provide tools and resources to app developers for creating high-end AR applications (for iPhone and iPad). In a live demonstration at the conference, Apple showed how augmented reality can be used to enhance the real world, by placing virtual objects in it. The company, as Tim Cook has repeatedly said, is looking to make inroads in the AR market. After implementation, ARKit has the potential to help Apple surge ahead of its competitors.

12. iPad-specific updates – iOS updates do not often have specific new features for the iPad. An exception to this was iOS 9, which introduced split screen multitasking for the tablet. iOS 11 will also come with a fairly large number of ‘for iPad’ updates – ranging from a revamped Files application, innovative multi-app views and smooth document markup options (with Apple Pencil), to a redesigned app dock and built-in capability to ‘recognize’ handwritings in the Notes app. It remains to be seen whether the new iPad models (10.5” and 12.9”) can bring about a turnaround in the fortunes of the device.

At WWDC 2017, Tim Cook officially announced that the total number of devs registered in the Apple Developer Program now stands at 16 million. The keynote was one of the most interesting in recent years, with all the software and hardware announcements mentioned above. The CEO summed up things by saying ‘Apple is doing great’ – and this year indeed looks big for the company.

 

 

How To Ensure IoT Security?

iot security tips

Anything that can connect to the internet, will connect to the internet

That, in essence, is the spirit behind the exponential growth rate of Internet of Things (IoT) worldwide. Going by a recent BI Intelligence report, there will be close to 35 billion ‘connected devices’ in active use by the end of this decade – with business being the biggest sector to use this technology. However, in the rush to come up with new and innovative IoT tools, platforms and gateways – the importance of ensuring proper security standards is often relegated to the background. In 2016, the number of ransomware attacks increased by an alarming 36% (YoY) – with as many as 17 million samples of new malware being detected in the third quarter of the year alone. The time has obviously come to give more attention to the security aspect of IoT – since the consequences of the ‘wrong person having access to the wrong internet resources’ scenario can be serious indeed.

The importance of internet security in general, and the safety protocols of IoT in particular, is not lost on the present-generation business professionals. On average, 3 out of every 4 senior managers/decision makers feel that there will be further spikes in cybersecurity attacks in the next 18-24 months, while nearly 50% business owners list security as among the biggest potential problems in new applications. A large number of IT security experts also opine that the existing standards, policies and protocols are not adequate to cope with the ever-increasing cyber security threats. In here, we will offer some basic tips and pointers for ensuring the security of IoT applications:

  1. Maintaining an inventory of connected devices – By August 2016, an average North American household had 8-10 connected devices. That number will push towards 50 by 2020. The number of smart IoT business applications is also increasing at a rapid clip. In this scenario, it is vital to keep track of all the tools and gadgets with web-connectivity that are being used (apart from, of course, computers and smartphones). The list of IoT devices being used by any person/group/business should be regularly updated, and all types of media players and microphone/camera mounted gadgets should be included. In addition, the volume and type of data each IoT tool has access to should also be noted. Maintaining a systematic inventory report of IoT applications and their components makes it easier to identify probable sources of vulnerabilities.
  2. Using updated firmware – The IoT routers/gateways as well as all the connected devices in a network should have the latest security patches and updates. The onus is on the users to regularly check for these updates (from the makers’ websites, for instance) and install the same whenever they become available. If and when possible, this checking procedure can be automated too. New types of malware and hacks are being created practically every day – and unless you are using the latest firmware versions, your IoT network is at a risk.
  3. The importance of passwords – Passwords are probably the biggest security tool in the hands of the users. Plenty of people make the mistake of selecting the same password for all of their IoT devices – making the task that much easier for professional hackers (if the password of any one system is hacked, the other systems connected to it also become accessible). Hence, it is of immense importance to select separate passwords for each IoT tool. Also, the individual passwords need to be strong enough and not easily guessable. There are several advanced password manager apps currently available, where all the passwords can be stored. Users should never forget to change the factory-set passwords (‘12345’, ‘password’, etc.).

Note: Over 1 billion Yahoo! User accounts were hacked in 2013. The next year, a further 500 million accounts were breached.

4. Staying wary of DDoS attacks – A 2016 NexusGuard report found that, between the first and second quarters of the year – the number of distributed denial-of-service (or, DDoS) shot up by a whopping 83%. In 2016 Q4, reports of DDoS attacks came in from as many as 80 different countries (China had the lead with most attacks, with USA and South Korea taking up the second and third spots respectively). Any business that has a proper website (websites can also be a significant source of revenue) needs to be aware of a potential DDoS attack. The trick here lies in selecting an internet service provider (ISP) that offers robust security against such attacks. If funds are not a point of concern, a internet hosting firm with specialized DDoS mitigation plans can be opted for (their services are often relatively pricey). An attacker might target an entire ISP or any particular user – and your IoT environment should be powerful enough to repel such threats.

5. Encryption is key to security – The volume of confidential, personalized data – right from names and contact information, to bank account/card information and transaction details – being stored on the cloud is increasing with time. During data transmission, nearly 82% of all cloud service providers offer secure data encryption services. While that seems pretty good – a closer look reveals a much more worrisome stat: less than 10% of the stored information is encrypted during rest (i.e., when it is not being transmitted). Not surprisingly, this is the state which attackers tend to target – seriously compromising cloud security as a whole. Before uploading/storing any information on a IoT network, users need to ensure that it would be encrypted properly. It is not easy (at least, it ain’t a quick job!) to decrypt well-encrypted information – and that enhances the security assurances manifold.

6. Consider whether continuous internet-connectivity is required – It would be surprising to note how many IoT devices and gadgets can be disconnected from the network at different times – but users (from business and consumer sectors) do not take the trouble of doing so. Something like a smart thermostat, or a personal smartphone, might need to be connected at all times – but the scene is different (at least it should be) for automated coffee-makers, or smart lighting systems, or audio/video streaming devices (smart TVs, for instance). The longer an IoT device remains connected to the network – the greater is the time a hacker gets to plot an attack on it. Whenever a smart gadget is not being used, it is advisable to disconnect it from the network.

Note: Not all IoT devices need to be connected to the cloud. In any case, over-reliance on the cloud network can increase security risks.

7. Deactivating Universal Plug and Play – Universal Plug and Play (UPnP) is, in theory, a very useful feature. It helps smart devices without any specific configuration settings to ‘discover’ other, similar tools in the network. However, this ‘universal discoverability’ comes with a serious corollary too – since it becomes easier for hackers to find and target IoT devices. Even if a user has no intention of making his/her device(s) visible to everyone, it can be done by certain customized search engines (which locate everything connected to the web). Given these vulnerabilities in the UPnP protocol, it is a good idea to turn the feature off – on the router as well as all connected smart devices.

8. Multiple networks and a ‘Guest Network’ – Instead of using a single router and hoping for the best, IoT security experts generally recommend having multiple routers – particularly when there are several IoT gadget/appliances to be connected. Having several routers automatically ensures segmentation of the network – and that, in turn, diversifies the potential security threats. Even if a network segment (and the devices within it) is compromised, the other parts remain secure. It is also important to create a separate ‘guest network’ with the help of wifi routers. There is no way to predicting which users will want to get on an IoT platform at any time – and to keep the main network safe, unknown visitors should be routed through this ‘guest network’.

Note: Different smart home devices, like printers and surveillance cameras, were used in last October’s Dyn cyber attack – the biggest internet attack of its type. Github, Spotify and Reddit were among the websites affected.

9. Being aware of the risks of BYOD – By the end of this year, 1 out of every 2 companies in North America will support BYOD (Bring Your Own Device) policies. Markets&Markets has estimated that that value of the global BYOD market will go beyond $180 billion this year. While bringing personal devices to office for work-related purposes definitely has its benefits (from lowering the stress on workplace devices to helping employees enjoying a more ‘involved feeling) – doing so is fraught with security risks. A personal smart device is not likely to have the requisite security features and encryption standards – and as such, it can put valuable business information at risk. An individual device with suspect security can be easily targeted to get unauthorized access to company databases. A scary thought, indeed!

Note: As the number of smart devices used for work (company-owned plus personal) increase, keeping track of them on a real-time basis becomes difficult. That is yet another reason to limit the BYOD practices within a business as much as possible.

10. Staying away from unknown wifi connections – Unsecure wifi networks (public wifi networks that are not password protected, for instance) are perfect tools for hackers to spread malware. While the attractions of logging on to such an ‘open network’ can be considerable (saving on mobile data…so, yay!) – such networks can be dangerous from the security perspective. Users should, as a rule of thumb, view all wifi networks without passwords as ‘vulnerable’, and refrain from using them on their handheld devices or any other smart gadgets. Use your own routers and networks – and have strong passwords for them.

11. The time factor – Implementing security parameters on IoT devices is not a ‘one-and-done’ job. Over time, the effectiveness of IoT security depreciates – and users have to continually keep track of the latest technologies and protocols and how they can be used to make the network ‘safer’. Tackling new threats with urgent software updates and patches is all very fine – but the focus should firmly be on following the latest manufacturing models for any smart device or IoT gateway. In other words, the IoT security considerations should follow a ‘bottom-up’ path, with manufacturers being responsible for incorporating updated security features in new tools and gadgets. In the fast moving domain of the World Wide Web, device-makers can no longer afford to just create a smart device and then provide security patches on an ‘as required’ basis.

Note: When a manufacturer exits the market, all the devices created by it stop receiving the necessary software updates. In such cases, it is prudent to replace the concerned devices (which are now unsecure).

12. Minimal personal data and code obfuscation – As the world is getting more and more connected, the amount of personal information out in the wild (often without the owner(s) being aware of it) is increasing. For instance, the GPS system of a smart car can give away its precise parking location details – and when that information falls in the hands of a hacker, car thefts become a very real possibility. The same goes for home automation systems and IoT business tools as well. Users should minimize ‘disclosing’ such information that can be traced back to them. Maintaining a certain level of obscurity on the internet platform is important.

Hack attacks, in most cases, involve reverse engineering of the underlying codes in IoT applications. An effective way to tackle this is via code obfuscation (i.e., the technique of over-elaborating and complicating machine codes to make reverse engineering difficult and way more time-consuming). Among the popular programming languages, while C/C++ are often used in the security-related sections of IoT apps – developers generally avoid using JavaScript.

Less than 38% of all organizations worldwide have a proper IoT strategy management policy in place (according to a PwC report). This clearly highlights the fact that there is plenty of catching-up to do for businesses – to minimize the security-threats and hack attacks. The task has to start from training individual users about the types of malware and threats they might face – and how they can work around them. Using VPNs (virtual private networks) to enhance the security of IoT devices is also a good idea. Websites and mobile apps that involve monetary transactions (for example, shopping portals) should have proper Secure Sockets Layer (SSL) support.

IoT will continue to evolve – and unfortunately, cybersecurity threats will grow with it too. It is up to the product manufacturers and end-users to work together and keep such threats at an arm’s length, at all times.