nav-left cat-right

Biometric data left out in the open

htc_one_max_group_sprintThe fingerprint scanner has raised questions since its first integration into the modern smartphone: is it secure, is it reliable, who will have access to my fingerprints?

Besides a number of external ways to fool a scanner, researchers at FireEye, a security company, found an internal vulnerability in phones like the HTC One Max and Samsung Galaxy S5 that left fingerprint images vulnerable to being copied by hackers or malware. The vulnerability has since been fixed on all phones that the researchers found to be affected, although it’s unclear how the patch was applied.

Before talking about how ridiculously unsecured the fingerprints were, here are a few things to keep in mind about smartphones. A smartphone is just a tiny computer with no keyboard or mouse. Like any computer, smartphones organize their data into folders. As the user, you have access to some folders (like the folder that holds and displays your applications, or the one that holds pictures) while you don’t have access to others. This is meant to prevent accidentally deleting important files. For security, some folders are further only accessible by the phones operating system; regular users and applications can’t get inside. Those kinds of folders are usually where phone makers store fingerprint data.

Samsung and HTC weren’t doing that. Instead, they were putting them in a folder called /data/, which is a very accessibly folder. If you have an Android phone, you can open a file manager and look into that folder right now. (It might seem empty, but only because the files are hidden to you. That can be changed in most file managers’ options page.) The file itself was a common image format (.bmp) and the image only skewed by minimal security. The permission in the phone is actually called “world readable.” So, if a malicious app wanted to take the image of your fingerprint, nothing would stop it. And that’s it. No attacks to gain root access or phishing. Just going into an unprotected folder.

At the most conservative estimate, 12 million phones were open to having their fingerprints stolen—that’s the last reliable number of Samsung S5’s that were sold. Numbers are shaky on the HTC One Max, and if researchers found the same vulnerability on other phones, they didn’t mention the names.

In their report, researchers also mentioned that failings in the terminology between authentication and authorization. They call it a “confused authorization attack,” when the user means to only open the phone (authenticating) while a malicious app uses the same fingerprint to authorize a mobile payment. The FIDO Alliance, a security consortium to uphold online security and with members like Microsoft, Samsung and Google, is now working on a specification to properly address these vulnerabilities.

Your Old Flickr Photos Can Reveal Your Future Travel Plans...

fotoSay cheese, and let everyone know your travel habits! Photo-sharing site Flickr is a great way to show off your best shots, but scientists have discovered that the website is also a great tool for predicting where photographers will go next.

In a new study published today in Royal Society Open Science researchers announce that they have developed a new algorithm that uses Flickr photos to accurately predict people’s present locations, using their past photo history.

The scientists looked at 8 million photos taken by 16,000 people in the United Kingdom, focusing on pictures that had both timestamps and geographic coordinates, and on users who uploaded pictures more than once. Using all that information, they were able to figure out a formula that would predict the movement of people between cities in the UK (between London and Bristol, for example.) When they compared the results of their predictions to the National Travel Survey, a government survey of travel patterns, they found that their results reflected the survey’s data in 92 percent of cases.

The Flickr data collected by researchers works on two levels. With the algorithm they can either focus on individual users, and predict the likelihood that someone will be in any given city at a particular time. They can also use it on a larger scale to look at how users move between cities.

From a privacy perspective, it might be a little disconcerting to know that your pictures can give others a window into your movements. But for anthropologists or people involved in urban planning, the information could be really useful for planning future transportation options or figuring out how and where people are moving.

“Humans are inherently mobile creatures.” The authors write in the paper. “The way we move around our environment has consequences for a wide range of problems, including the design of efficient transportation systems and the planning of urban areas.”

The study authors don’t elaborate on whether their algorithm, or a similar one, could be used to extract data from other image-heavy social networks such as Instagram (which has undergone some location awareness controversies of its own). But they do mention that the method they’ve developed can be used to mine online data sources for travel information, something that many users might never have anticipated.

Delivery Robots Are Coming To A Hotel Near You

psc0915_nw_054Soon hotels will be teeming with robots. At least that’s the hope at Savioke, a startup that develops robots for the service industry. The company’s room-service helpers have made more than 4,000 deliveries so far. Its newest robot, Relay, has been deployed in about 10 early-adopter locations, delighting most guests but committing the occasional faux pas. To find out what it will be like when there’s a robot in every hotel, we spoke with Tessa Lau, Savioke’s co-founder and chief robot whisperer.

Popular Science: How exactly does a robot work in a hotel?

Tessa Lau: It’s a delivery robot. When the front desk needs to send an item up to a guest room–an amenity like a toothbrush or a towel, or a sandwich or a snack–they go over to the robot, put the item into its compartment, and send it off. Relay knows how to take the elevator and make its way up to the guest’s room. When it gets there, it calls the room phone. So the guest comes to the door, Relay opens its compartment, and the guest retrieves the item. We got complaints when the robot just delivered its item and went home. Now it stays a little bit to interact with the guest. It gives people a chance to shoot video or take a selfie with the robot before it heads on home.

Sometimes humans can be creeped out by robots. How do you overcome that?

One design element is the robot’s eyes. They blink. They’re on its little tablet. That makes the robot look more human, a little cuter—but yet, not fully human. That’s one of the balances we have to strike. If it looks too humanlike, people assume it can do things that it can’t. We already have people saying “Hi, robot, how are you?” It’s hard for a robot to respond to that. So it doesn’t. And in a similar vein, it makes little beeping noises rather than talking to you. That’s because we don’t want you to think it’s smarter than it actually is.

“Our goal is to create technology that disappears into the background, which is hard because robots are so sexy.”

What happens when it doesn’t respond like a human would?

There was one incident in the Aloft Cupertino hotel where a little girl saw it and got so excited. She went up to it and hugged it, and was dancing all around it. The robot was trying to get past her into the elevator, but she was blocking its path. And at that point, an inebriated man came up and got angry, and so he kicked the robot and slammed it into the elevator. It was fine–robots don’t get angry. So the robot just found itself in the elevator, turned around and faced the door, and went to the second floor. We build them to withstand enough abuse under daily use.

How does it make you feel watching Relay work?

I wrote a lot of the code behind it, I had my hands on so much of the technology, and I saw it being built. Even so, it’s amazing just watching it do its thing. The robots start to take on personalities. You could say it’s because they have slightly different motor adjustments underneath. They’re each calibrated a bit differently. Therefore, they have slight variations in performance. They start to take on little quirks. Like, the one guy I was working with yesterday–Beta 6–it’s really quiet. It rolls along so smoothly, you can barely hear it coming. And it just peers around the corner. It’s still magical watching it go.

Where else do you want to deploy Relay in the future?

There are a lot of places where it could be useful. As a side project, we’re looking at robots in elder care, and we’ve seen interest from places like sports stadiums–to do deliveries to box seats–office buildings, on cruise ships, airports, restaurants, hospitals. They are all indoor spaces where stuff has to move around–and we can help.

Alphabet Launches Life Sciences Company To Make Smart Contact Lenses And More...

hand_holding_-_zoomed_inSince Google’s announcement to restructure into Alphabet by the end of the year, we haven’t heard a lot from the inside. Presumably, there were a lot of moving pieces to be sorted internally, and press weren’t invited to those conversations.

But today we’ve gotten the first peek at what an Alphabet company will look like from Alphabet president Sergey Brin: a standalone version of Google’s life sciences team, the group initially tasked with packing body monitoring hardware into a contact lens.

This group was expressly mentioned in CEO Larry Page’s initial announcement of the creation of Alphabet. With a little speculation, we can now look to other explicitly-mentioned groups to become their own companies under Alphabet, namely Calico, which was Google’s fight against aging.

Another Google X project mentioned was Project Wing, a competitor to Amazon’s drone delivery service.

The new company will be led by CEO Andy Conrad, who has been leading the team since 2013. He comes from a history of leading projects in the private sector, working in 2005 with Dole Food Company chair David Murdock to establish the North Carolina Research Campus, a health research superpower. He also co-founded the National Genetics Institute in 1991, and built a new HIV test.

The lab will take projects from early research to clinical testing according to Brin, and looks to “transform the way we detect, prevent, and manage disease.” So far, Brin says, the group has created a nanodiagnostics platform and a cardiac and activity monitor. Let’s see what they do now.