Tag Archives: Gadget Reviews

Google, Yahoo and others are getting fed up with government gag orders

girl with mouth sealed with the ...

The EFF may be handing out gold stars to firms that publish their own transparency reports, but earning that recognition isn’t easy. Government data requests are often coupled with gag orders, barring firms from telling users that security agencies are thumbing through their data. Now Google, Yahoo, Microsoft and Facebook are arguing that these orders are a violation of the First Amendment.

Naturally, the government disagrees, pointing out that the nondisclosure requirements of its security requests have been applied tens of thousands of times without issues. It further argues that “hypothesizing scenarios in which the NSL [national security letter] statue might conceivably be applied unconstitutionally” doesn’t make it unconstitutional in actuality. It’s a secret investigation, the government says; there’s no First Amendment right to distribute information related to it.

The companies are appealing the case, and say they don’t want to put the security investigations under the public eye — they just want their users to have more detailed statistics about the the volume and type of information the government demands. Both Google and Yahoo have separately promised to continue to push the issue, each arguing that users have a right to know when their data is being examined.

[Shutterstock / Alkestida]



Article source: http://www.engadget.com/2014/05/23/tech-companies-are-getting-fed-up-with-government-gag-orders/?ncid=rss_truncated

The real-life hacking behind Watch Dogs’ virtual world

It starts out simply. One day, you’re scrolling through the Naval Criminal Investigative Service database, identifying a perp’s body when an alert flashes red on your monitor. “INTRUSION DETECTED,” it screams. You’re getting hacked and there’s only one solution: Call your bumbling partner over and have him join you at the keyboard. The two of you frantically bang out rapid-fire key sequences as random program windows flash onscreen. The hacker’s getting further and further into the system. Your partner’s never seen code like this before and his usual tricks to combat it aren’t working. That’s when the display goes dead and your silver fox of a boss saves the day by pulling the power plug of your workstation.

That is how the entertainment industry wants you to think hacking works. But, like most Hollywood fantasies, it couldn’t be further from the truth. Ubisoft (the studio responsible for Tom Clancy’s Splinter Cell and Prince of Persia: The Sands of Time) knows this and for its upcoming cross-platform release, Watch Dogs, the company went to great lengths to ensure its game world didn’t fall into those same tropes. Watch Dogs focuses on mega-hacker Aiden Pearce as he manipulates a Chicago run by the CenTral Operating System (CTOS) using only the smartphone in his hand. This CTOS controls everything from the simulated Windy City’s traffic lights and ubiquitous surveillance cameras, to the drawbridges that cross the Chicago River. It’s a fictitious, near-future vision of connected urban life, but still Ubisoft wanted it to hew as closely to hacking reality as possible.

The development team’s reasoning for this was simple: “We’re trying to be relevant,” Watch Dogs Content Manager Thomas Geffroyd told me. “We felt that by understanding how negatively this culture has been portrayed, we could try to present the public with a more positive and accurate view of hacking and hackers.”

A Hollywood depiction of hacking on the show NCIS

To do this, Ubisoft tapped the cybersecurity experts at Russia-based Kaspersky Labs. Together, the companies worked to vet every shell script and brute-force attack portrayed in the game to keep the intrusions plausible. Accuracy is the linchpin of Watch Dogs‘ world, so having one of the largest internet security firms read over the script, play early versions of the game and point out any inaccuracies was integral to the game’s development process.


In January 2013, Kaspersky released a report on a long-running cyberespionage campaign, dubbed “Red October,” that infected computers in 43 countries and stole countless encrypted files from government agencies, military contractors and nuclear research facilities. In the days that followed, the lab received a number of requests from private-sector companies asking for extra investigation about the attacks — likely to see if they’d been targeted, as well.

In that batch of emails, though, was a different question from an altogether different firm. Ubisoft wanted to send the script for Watch Dogs over so Kaspersky could make sure all the hacking details were accurate. The studio had already spent three years researching cybersecurity and hacking; information the team readily found online. Still, they wanted a second set of eyes — Kaspersky’s eyes — to make sure small details weren’t overlooked along the way.

“We felt that by understanding how negatively this culture has been portrayed, we could try to present the public with a more positive and accurate view of hacking and hackers,” Geffroyd said.

Principal Security Researcher Vitaly Kamluk said it was a pretty unusual query, but he didn’t see the harm in his team helping. “We’re fans of video games,” he said, “and we said why not?” For Kamluk and his coworkers, the opportunity to work on Watch Dogs was a welcome change of pace and so they agreed to the task.

All of Ubisoft’s research had paid off: The suggestions from Kaspersky were relatively minor. “We didn’t do anything stupid in the first place,” Geffroyd said. Though he acknowledged that research may have attracted the attention of a few three-letter agencies. “It’d mean we did our job right!” he said. “I’m pretty much on any watch lists the NSA may have. I don’t have a doubt about that.” To Ubisoft’s credit, Kaspersky found little issue with Watch Dogs‘ script and instead focused on polishing the game from a technical perspective. “We know how hacking happens,” Kamluk said. “What skills are required … the order of the actions.” This, he told me, framed the team’s approach.

For example, at one point in the game, Pearce has to steal a sizable database and copy a hard drive from a server that’s tucked away in a protected datacenter. The script’s first draft had him log in by brute-force attacking the system (i.e., trying all possible character combinations of a short password) and then transferring the data to a network drive. That scenario wasn’t quite right according to Kamluk. “It may happen in the movies, but not in real life.”

Instead, Kamluk said a hacker would have to reboot the server via a hard reset, boot a custom operating system from an external device and then start copying an image of the hard drive. This type of action would realistically trigger an alarm, prompting security to come and check for physical intrusions. Which, as it turned out, was the immediate next part of Watch Dogs‘ story anyhow. In this case, Ubisoft’s decision to not follow the Hollywood model should actually help intensify gameplay.

Watch Dogs’ lead writer explains the project’s origins
Another suggestion that added to the realism, while also likely upping the tension, was a change to an in-car sequence. Ubisoft had originally written for Pearce to throw a GPS tag on his target and then follow him, but Kaspersky changed the sequence to make it a little more authentic. “[Pearce] has access to the surveillance cameras, can see through them and hack the bad guy just by jumping from one camera to the next without moving a finger,” Kamluk said. So, instead, he suggested Ubisoft have Pearce shadow his target while copying data over a Bluetooth connection. “That would make more sense to be in close proximity to the target; stealing data instead of just tracking where he goes,” Kamluk said.

In Watch Dogs‘ version of Chicago, smartphones, closed-circuit TV surveillance cameras and even natural gas lines are all connected to the CTOS. With that many devices on one network, Ubisoft’s initial idea to use IPv4, the current internet protocol system, for the game’s IP addresses (e.g., the used to log in to many routers) wasn’t plausible. The problem? IP address exhaustion: The more users or devices on a network, the fewer unique, assignable addresses that are available. Kamluk advised the team to adopt IPv6 instead since it would offer more addresses and be more realistic for a near-future city. “We went through the whole game and fixed all the visuals to make sure we could get that right,” Geffroyd said. “These are the little details [Kaspersky] helped us with.”

Even though Ubisoft is striving for accuracy with Watch Dogs, Geffroyd maintained the developer’s focus has always been on gameplay first. That goes for potential sequels, too.

Aiden Pearce identifies a hacking target with the in-game smartphone

“We’re not a simulator. With Watch Dogs, we provide entertainment and we strive for authenticity,” he said. “If we’d [implemented Kaspersky’s input] sooner, it would have been harder to get all of their information and try to fit it in, because it probably would have had an effect on gameplay.” And because of that, Geffroyd would have had to reject some of Kaspersky’s suggestions. Having the lab run through the script afterward, he said, was probably the best way to go.

Where Watch Dogs strays from reality is in how long a hack actually takes. Depending on the complexity of a real-world security system, a hack can take days or, in extreme cases, months. That’s where realism is a speed bump to fun and could make the game boring — it’s something Kaspersky acknowledged must be altered to fit the constraints of a video game. That isn’t to say that Watch Dogs is inaccurate, though. “Everything happening in the game is feasible in one way or another,” said Geffroyd. “The issue inherent with gaming is we have to extrapolate shortcuts. We have to respect the medium and make a compelling experience.”

Geffroyd knows that hacking is often boring, but said its effects are “pretty straightforward” and he thinks that’s what Watch Dogs does well. There are real shell scripts present in the game (UNIX command lines), but they’re counterbalanced with interfaces and components that most people would understand. “They tried to be as accurate as possible,” Kamluk said. “I was impressed that the developers actually asked us to share some typical screens of what hacking tools look like.” To make the game’s hacking more appealing, Ubisoft also emphasized physical results of hacking, like blowing up steam pipes and lifting drawbridges — stuff that’s immediately fun.

“Everything happening in the game is feasible in one way or another,” said Geffroyd.

The day I spoke with Geffroyd, he said a hacker friend told him that work’s being done to create a phone like Pearce’s. And, more importantly, the project had just secured funding. How? By showing the investors some Watch Dogs trailers. “I would say that everything we’ve extrapolated is pretty ensured to happen,” Geffroyd said.

These in-game hacks aren’t video game fantasy, either. Kamluk said he’s seen hacking tools like network and vulnerability scanners running on modern smartphones, and added that it’s possible for a phone to act as a front-end device that’s connected to a more capable, off-site file server. “The list of vulnerabilities that you see on the phone in Watch Dogs? Similar things are possible,” he said.

According to Geffroyd, when Anonymous wants to attack a website with a distributed denial-of-service (DDoS), it uses a desktop app that you don’t even need technical knowledge to operate. “It’s a very simple app you can download after a Google search,” he said. All you need to do is enter an IP address and the app will start to DDoS the target. “The reality of hacking applications is already there,” he said. “We’re just extending it a little.” Essentially, anyone can be a hacker nowadays.


Instances of Watch Dogs‘ smart city tech are already in place around the globe, albeit on a much smaller scale. New York City’s plans for Hudson Yards, a sensor-laden neighborhood that monitors seemingly every aspect of life, show progress on the domestic front. IBM has had Rio de Janeiro wired with a vast emergency monitoring system since 2010. And in Songdo, South Korea, Cisco has invested $35 billion to create an embedded telepresence infrastructure and energy-management system. There isn’t a single operating system akin to Watch Dogs‘ CTOS running an entire city just yet, but, like mobile hacking tools, Geffroyd and Kamluk don’t see it as being too far off. The threat of an Aiden Pearce may not be, either.

“The more we develop, the more devices we have, the more realistic this scenario [of hackers controlling a city] is,” Kamluk said. “We’re getting surrounded by an enormous number of digital devices connected over a network, which creates a lot of opportunities for hackers.”

Sometimes the hacker becomes the hacked in Watch Dogs

When Kamluk says “devices,” that term isn’t limited to what’s in your pocket. Case in point: Last year, a hacker took down a portion of Moscow’s networked speed cameras by uploading malware to the police computer system, and destroyed some of the cameras in the process. The attack put the traffic system out of commission for several weeks. Kaspersky was hired to investigate, but is contractually prohibited from disclosing any further details.

“People tend to create systems extending capabilities and implementing new features that are so attractive to the customer, but they don’t consider security,” Kamluk said.

One of the easiest points of intrusion right now are the supervisory control and data acquisition (SCADA) systems that operate on unencrypted networks. In-game and in the real world, SCADAs control traffic lights, drawbridges and natural gas pipelines. “Thousands and thousands” of them have been installed in the past 15 years and are connected to the internet, according to Geffroyd. And because the laborers putting them in place aren’t security technicians, an absurd amount of the SCADA traffic is open to the public and access is a search result away. “You’d be surprised what you can do without doing anything technically advanced,” Geffroyd said. “You just have to put in the very easy-to-guess default password and login [credentials].” You don’t need to be in the same city or even the same country to exploit these sensors, either.

Geffroyd told me that he hopes an actual smart city wouldn’t have as many weaknesses as Watch Dogs‘ version of Chicago, but complex systems are more apt to have security gaps. Because the first smart cities will be the likes of New York or even London, they’ll probably have a lot of legacy tech in place. Those older, unprotectable elements are what Geffroyd sees as weak links in a viable security system.

“People tend to create systems extending capabilities and implementing new features that are so attractive to the customer, but they don’t consider security,” Kamluk said. “Security must be considered extremely seriously; human lives will depend on how secure these systems are.”



Article source: http://www.engadget.com/2014/05/23/watch-dogs-hacking-kaspersky/?ncid=rss_truncated

Engadget Daily: Samsung’s VR headset, the new Leica T and more!

You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours – all handpicked by the editors here at the site. Click on through the break, and enjoy.

Samsung is making a VR headset for its phones and tablets

According to sources within Samsung, not only is the company working on a virtual reality headset, it expects to announce it this year. Between Samsung’s future headset, Sony’s Project Morpheus and Facebook’s Oculus Rift, this is shaping up to be an exiting year for VR hopefuls.

A week with Leica’s T, the most beautiful mirrorless camera money can buy

What’s it like shooting with the latest camera from Leica? It’s pure bliss! Machined from a solid block of aluminum, this camera is a work of art. However, if you want to join the club, you’ll need to fork over nearly $2,000. Is it worth it? Find out.

Apple to fix iMessage bug that causes ex-iPhone users to lose their texts

Those of you stuck in text message purgatory thanks to a bug with iMessage will soon have a happy resolution. Apple is reportedly working on a fix that will unlink phone numbers from inactive and abandoned accounts. For those who switched from iOS to another platform, this is welcoming news.

‘Gutted’ NSA reform bill passes the House, but sheds supporters

An updated version of the USA Freedom Act passed through the House of Representatives, but lost a number of important provisions that would have strengthened the bill. Both the Electronic Frontier Foundation and Google have dropped support for the newly amended bill.



Article source: http://www.engadget.com/2014/05/22/engadget-daily-samsungs-vr-headset-the-new-leica-t-and-more/?ncid=rss_truncated

Samsung is making a VR headset for its phones and tablets

Samsung is known for its ubiquitous Galaxy smartphones and tablets, popular smart televisions and, most recently, smart watches. The Korean consumer electronics giant is about to enter another major new category: virtual reality headsets. We’re told by sources close to Samsung that a virtual reality headset is not only in the works at the company’s mobile division, but it’s set to be announced this year. The urgency is said to be a measure of beating Facebook’s Oculus Rift and Sony’s Project Morpheus to market. Some developers already have early versions of the headset, which — at least in the development stages — is powered by flagship Galaxy devices (think: Note 3, Galaxy S5). The consumer model, however, is said to require the power of next-gen, unannounced Galaxy phones and tablets.

First things first, what are we talking about here specifically? A peripheral. We’re talking about a virtual reality headset — along the lines of Oculus Rift, but more akin to the Android-powered GameFace Labs prototype (seen below) — created by Samsung, powered by Samsung products. This is not the rumored “Galaxy Glass” project.

We’re told it has an OLED screen, as good or better than in the second Rift dev kit; it’s not clear how the headset connects to your phone/tablet, but we’re guessing it’s a wired connection rather than wireless. Given VR’s reliance on immediacy, a wired setup is a requirement (any lag introduced breaks the immersion, and often makes people sick). It’s also not clear how, or if, Samsung’s VR headset tracks head movement depth-wise. In the case of both Project Morpheus and Oculus Rift, separate cameras face the player and track depth by reading sensors on the respective headsets.

Beyond beating the competition to market, Samsung’s said to be targeting a lower price tier with its headset. Don’t expect anything too low — we’re still talking about a VR headset — but the idea again is to undercut Oculus and Sony. Unlike Galaxy Gear smart watches, we’re told that Samsung’s in-house OS, Tizen, doesn’t play a part in the VR headset.

This is a device meant for use with games. What type of games? Android games! Sure, but which ones? That’s certainly the question. Great games make the platform, and VR games are especially tough to crack given the newness of the medium. One thing’s for sure: most major games won’t work on VR as direct ports. Something like Minecraft VR makes sense on paper, but does it actually play well?

That question, and many more surrounding Samsung’s VR headset, remain a mystery. For now! Perhaps you know more? We’d love for you to get in touch! We’ll have more on Samsung’s virtual reality plans as we hear more; for now, the official line from Korea is, “Samsung doesn’t comment on rumor and speculation.”



Article source: http://www.engadget.com/2014/05/22/samsung-vr-headset/?ncid=rss_truncated

Engadget Daily: Ads on your thermostat, eBay’s password breach and more!

You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours – all handpicked by the editors here at the site. Click on through the break, and enjoy.

Google ads could be coming to thermostats, refrigerators and car dashboards

A Google filing with the SEC hinted that it’s considered displaying ads on a variety of devices that include “refrigerators, car dashboards, thermostats, glasses, and watches.” The company has since commented on the issue, saying that, “Nest, which we acquired after this filing was made, does not have an ads-based model and has never had any such plans.”

eBay asks all users to change their passwords following cyberattack

eBay looks like it’s the latest company to suffer a security breach after it alerted users that an attack had “compromised a database containing encrypted passwords and other non-financial data.” Change those passwords, stat!

Oculus VR and Palmer Luckey being sued by CTO’s former employer

Zenimax Media, owner of id Software, is suing Oculus VR co-founder Palmer Luckey, alleging that Luckey and Oculus VR stole and misappropriated trade secrets related to virtual reality technology. Oculus VR responded and said this lawsuit has no merit.

Old console, new tricks: Getting the most out of your Xbox 360

If you’re still holding on to your Xbox 360 but feel like it’s getting a bit long in the tooth, don’t fear! Engadget’s own Richard Lawler has a few tips that will ensure you’re getting the most out of your favorite game console.



Article source: http://www.engadget.com/2014/05/21/engadget-daily-ads-on-your-thermostat-ebay-password-breach/?ncid=rss_truncated

Land a role in the new Star Wars movie just for donating to UNICEF

Admittedly, we’re pretty stoked about the next instalment in the Star Wars saga — specifically seeing the old cast back in action. J.J. Abrams announced the Star Wars: Force for Change initiative from Episode VII’s set in Abu Dhabi this morning. Abram’s company Bad Robot, coupled with Disney and Lucasfilm will use Force for Change to help bring creative solutions to some of the world’s greatest problems. The initiative’s kick off would see your $10 entry fee go to Unicef’s Innovation Labs and Programs and the winner get a role in Episode VII. Yeah, you’ll get to flown to England with a friend, become J.J.’s VIP guest, get hair, make-up and costume sorted for your role. Have deeper pockets? Using the Omaze fundraising platform, entrants can choose all kinds of entry points and get gifts — think Kickstarter for charities. For $5k you get 500 chances to win and a replica lightsaber, for a cool $50K, 5,000 entries and a chance to see the film ahead of the rest of humanity. This first round in what we hope will be an ongoing charity saga, starts today and runs until July 18.



Article source: http://www.engadget.com/2014/05/21/land-a-role-in-star-wars/?ncid=rss_truncated