Website Hosting

Printing, document capture and compliance risk in the GDPR era

From the point of view of compliance, printing and document capture devices are everywhere, and range from multi-functional printers and scanners to mobile devices carried by employees.

And every time a document is captured or printed it resides in storage on a device or somewhere else on the network. That risk needs to be dealt with, in terms of compliance.

In this podcast Mathieu Gorge, CEO of Vigitrust, talks about the risks inherent in an organisation’s printing and document capture environment – including from mobile devices – and how to incorporate it into your GDPR risk assessment strategy.

Antony Adshead: What are the storage and compliance concerns in printing and document capture?

Mathieu Gorge: First of all we should recognise that printing and document capture are the forgotten parts of the internal and distributed network from a compliance and storage perspective.

If we break it down, what really is printing and document capture. It’s essentially scanners, printers, whether networked or wireless, multi-functional printers/devices and mobile devices with cameras.

So, if I look at a standard multi-functional device, for example, it allows you to printing, scanning, scan-to-fax, scan-to-email and follow-me printing, which was created by HP a few years ago.

Scan-to-fax and scan-to-email is where you scan a document and it automatically sends it to your fax machine or to your email. If you do that it means your document ends up on your mail server and also on your backups.

With regards to follow-me printing the idea is that you send a printing document to a queue, whether in the cloud or on the server within your network, and you maybe travel to another office, authenticate on the printer and the document is there so you don’t have to carry it with you.

As you can see, from a storage and compliance perspective, you start with one document and you end up with tens of versions of the document, which, again, end up being backed up.

Finally, from a mobile device perspective, all devices now come with cameras and it’s not unusual to use them to take a picture of a document and then email it or text it.

Again, that creates a headache from a compliance and storage perspective, because now the document is stored on a device and also on your network, and may also end up being stored on the network of the mobile provider.

And so from a GDPR perspective, it’s important to map out how you actually use those devices, where they are and if you are taking appropriate security measures to protect that is sent or transmitted or stored from the device.

Storage and compliance

Adshead: How do you ensure your printing and document capture environment is managed appropriately from a storage and compliance perspective?

Gorge: You need to make sure the printing and document capture environment is part of your risk strategy and of the technology that will protect your environment. And so if you look at GDPR again, it requires you to perform a privacy impact assessment (PIA), should you believe the information or the data being dealt with could be put at risk.

And if you look at a printer or multi-functional device that is networked there is potential risk, so you need to include that in your PIA. To do that you need to do an asset inventory that’s going to allow you to see at the click of a button all the scanners, IP printers, multi-functional devices and any type of mobile device whether it’s owned by the employee or the company.

The next thing you need to do is to put in technical security around this: Firewalls, strong authentication, automatic purge of hard drives and so on. You can then train people so they understand the risks with regards to confidentiality, integrity and the availability of that data – the famous CIA concept – and provide them with dos-and-don’ts.

The best way to do that is through e-learning. For example, Vigitrust offers a very short dos-and-don’ts on secure printing that can be added to a traditional security awareness programme.

Finally, you shouldn’t forget that you need to secure the devices from the physical perspective. The devices have hard drives that are as big as hard drives were in laptops from two to three years ago, and you can appreciate the amount of data that is being potentially being saved on those drives. It is important nobody can get physical access to those drives, as well as logical access.

So, it’s a mix of mapping the assets, training people, securing the physical hardware and then securing it from a logical perspective. 

Strong Buy 6.16% Yield Won't Be On Sale Forever

This research report was produced by The REIT Forum with assistance from Big Dog Investments.

Tanger Factory Outlet Centers (SKT) is a solid REIT with a great dividend track record.

Source: SKT

Management has been prudent in protecting their balance sheet and keeping leverage low.

Source: SKT

They are very firmly within the investment grade credit rating and have significant excess cash flow even after paying the common dividend.

The bears on SKT must be ignoring a few simple fundamental factors.

SKT fundamentals

If SKT’s net operating income is simply flat over the next several years, SKT would still be a very reasonable investment. If net operating income was flat, we would expect very minimal pressure on total FFO as interest rates increase and a portion of the debt is refinanced.

The impact to total FFO should be quite small. Since SKT has so much excess cash flow after all of their operating expenses, common dividends, and capitalized expenditures for the properties, they are free to repurchase shares. By our estimate, they could reasonably shrink the number of shares outstanding by around 2% per year. That means even with flat FFO or an extremely minor decline in total FFO, the FFO per share would still be increasing. This also assumes SKT would continue to raise their dividend and maintain a similar payout ratio on FFO per share.

We see the above as the bear case scenario.

More likely scenario for SKT

It is more likely that we will see same-store NOI growth in 2019. Pressure on NOI in 2018 was tied to the Toys “R” Us bankruptcy. SKT knew the bankruptcy was coming but expected more of the impact to occur in 2019 rather than 2018. Because the Toys “R” Us bankruptcy hit earlier than expected, the weakness in earnings shows up for 2018 instead of 2019. With an expectation for moderate growth in same-store NOI on average over the next several years, we would expect total FFO to grow modestly. Given the expectation for a declining share count, we would expect FFO per share to grow a little faster.

If FFO per share and dividend per share grew at 1%, we would expect long-term returns to the buy-and-hold investor to run around 7% with 6% from yield and 1% from growth. In a more bullish scenario, we would be looking at FFO per share and dividend growth running in the 3% to 4% range which combines with the 6% yield for 9% to 10% in total returns. It is important to point out that this is forecasting the return from the dividend and the growth rate rather than speculating on the price movement over the next month.

Some short-term investors will be focused on the change in share price. We view the most likely direction as up over the next 12 months. However, predicting precisely where the share price will end is not a reliable indicator of long-term results.

Buyout potential

We’ve seen a few buyouts on REITs so far in 2018, including one in the mall space. While these are outlets, it is still classified as a mall REIT (sometimes a strip center).

There is an enormous amount of private capital looking for entry into real estate. This private capital is driving valuations on real estate. Ironically, the funds managing it are benefiting from the lack of transparency in their structure. Investors want real estate, but they are terrified by the day to day price movements in the stock. The price movement in the underlying asset, the real estate, is dramatically smaller. Consequently, investors are occasionally more comfortable with simply getting an appraised value a few times per year rather than seeing the daily fluctuations in market price. It seems absurd that investors would pay a premium for less liquidity and less transparency, but that is precisely what is happening in the real estate market today with an enormous amount of wealth.

A prudent manager in this structure might look to buy a REIT this way and then report the net value of the assets to investors. For instance, Blackstone (BX) recently acquired another REIT for their portfolio of real estate. Prologis (PLD) acquired another REIT. Buyers exist with the capital to swallow entire REITs. General Growth Properties (GGP) was recently swallowed by Brookfield Property Partners (BPY).

It would be sad to see SKT go right after hitting 25 years of dividend growth, but management indicates that they are willing to pick up for the phone for anyone who wants to make an offer. Generally, that would be on one property or a few properties, but a bid could be made for the entire company.

SKT’s confidence

Management of SKT had good things to say on the Q2 2018 earnings call (parts bolded for emphasis):

In terms of our balance sheet and capital position, we’re in great shape. We have a largely unencumbered portfolio, maintained solid interest coverage and have no significant debt maturities until 2021. We are committed to sustaining a stable and flexible financial position. We plan to continue to deliver a very strong level of cash flow and remain disciplined in our capital allocation decisions with a singular focus on creating value. The cash we generate covers our capital needs for investing in our assets, paying our dividends, repurchasing our common shares and deleveraging our balance sheet. Our dividend, which remains a priority, is secure and well covered. We have also continued to execute on our share repurchase program.

Going forward, we do not anticipate any new developments in 2018 and ’19. But we’ll continue to evaluate our priority uses of cash and long-term opportunities for growth. While we recognize the challenges we have discussed related to select overleveraged retailers, we believe industry sentiment surrounding fashion retailers is improving. According to recent reports, nearly 7,000 stores closed in all retail properties were announced in 2017. And slightly less than half of that number is slated to close this year. Importantly, offsetting those closures, approximately 2800 stores are scheduled to open this year. This all suggests a healthier retail outlet.

Our confidence in the long-term growth of the outlet distribution channel remains unwavered. In particular, relative to other retail channels, we don’t believe that outlets have been overbuilt. So the need to right-size and the competition among landlords is minimized. Furthermore, we are increasingly hearing the conviction among retailers that brick-and-mortar is a critical element of their omni-channel brand strategy. While the positive sales are encouraging and our conversations with tenants and prospects are constructive, we know there’s still much work to be done. We continue to employ a strategic approach that has proven effective and successful over the last 37 years, which includes keeping the tenant mix of our centers dynamic and giving Tanger shoppers the brands and designers they want. With this long-term view, we have proven we can successfully adapt to evolving consumer preferences and align those with tenant needs.

Final thoughts

We believe SKT is still attractively valued and expect it to perform well on the basis of higher expected FFO per share next year and continued dividend growth. The payout ratio is excellent and there is plenty of FFO leftover after paying the dividends. The balance sheet and debt maturities are great. SKT has raised its dividend for 25 consecutive years and is currently trading at a large discount to the net value of their assets. We believe the net value is around $30.00 per share.

If you enjoyed reading this article and want to receive updates on our latest research, click “Follow” next to my name at the top of this article.

Disclosure: I am/we are long SKT, BPY.

I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.

Apple iPhones get bigger and pricier, Watch turns to health

CUPERTINO, Calif. (Reuters) – Apple Inc introduced its largest-ever iPhone and a watch that detects heart problems on Wednesday in an attempt to get customers to upgrade to more expensive devices in the face of stagnant global demand for smartphones.

The relatively small changes to its lineup, following last year’s overhauled iPhone X, were widely expected by investors and the company’s shares ended down 1.2 percent at $221.07.

The strategy has been successful, helping Apple’s stock to rise more than 30 percent this year and making it the first publicly traded U.S. company to hit a market value of more than $1 trillion.

Apple’s new iPhone XS, pronounced “ten S,” has a 5.8-inch (14.7-cm) screen, and will be sold at a starting price of $999. The XS Max, the largest iPhone to date and one of the biggest on the market, has a 6.5-inch (16.5-cm) screen, and will start selling at $1,099.

“They have finally added a larger-screen phone so that they can directly compete with the Galaxy Note9 products,” Gartner analyst Annette Zimmermann said at the event at Apple’s Silicon Valley headquarters, referring to rival Samsung Electronics which has led the trend toward big-screen phones.

“The larger screen will be very important in China to turn around the trend there, because they have lost some share in the last few years, partly because of screen size,” she added.

Apple also introduced a lower-cost 6.1-inch (15.5 cm) iPhone XR made of aluminum, at a starting price at $749.

Graphic: Apple stock performance six months ahead of each iPhone launch – reut.rs/2CJ8fgI

The iPhone XS Max’s display size is 26 percent larger than the previous largest iPhone display, marking it the largest increase in screen size since 2014, wrote analyst Gene Munster of Loup Ventures in a note.

This year’s three top phones are all more expensive than last year’s models.

With two of them starting at $999 or higher in the United States, Apple appears to be taking advantage of a strong U.S. economy, low unemployment, and rising household wealth. The median U.S. household income rose for a third straight year in 2017 to the highest on record since 1967 by one measure, government data showed on Wednesday.

MEDICAL DEVICE MARKET

Looking for ways to lessen reliance on phones, which represent more than 60 percent its revenue, Apple opened its event by announcing the new Apple Watch Series 4 with edge-to-edge displays, like its latest phones, and they are more than 30 percent bigger than displays on current models.

It is positioning the new watch as a more comprehensive health device, able to take an electrocardiogram to detect an irregular heartbeat and start an emergency call automatically if it detects a user falling down, potentially appealing to older customers.

The U.S. Food and Drug Administration said it worked with Apple to develop apps for the Apple Watch and has been taking steps to ease the regulatory pathway for companies seeking to create digital healthcare products.

As many as 6.1 million Americans have atrial fibrillation, a heart disease involving irregular heart rhythm for which the Watch could offer an early warning. That number is expected to double by 2050 as the population gets older, according to the American Heart Association.

A demonstration of the newly released Apple products is seen following the product launch event at the Steve Jobs Theater in Cupertino, California, U.S. September 12, 2018. REUTERS/Stephen Lam

“This does have a lot of potential for patients,” said Dr. Michael Valentine, president of the American College of Cardiology and a cardiologist at Central Health in Lynchburg, Virginia. “Clinicians face patients every day with palpitations, rapid heart rates, and other symptoms,” and the doctors want a more portable monitoring and recording system.

BMO Capital Markets analyst Joanne Wuensch added that physicians would be unlikely to make medical treatment based on data from the watch, though it could encourage patients to see cardiologists.

Healthcare technology analyst Ross Muken at Evercore said many companies were developing monitoring devices. “This update really establishes the company’s increasing efforts to push the watch as a serious medical device,” he said of Apple.

Shares of fitness device rival Fitbit Inc fell 6.9 percent after the Series 4 announcement on Wednesday.

Apple’s event was held at the Steve Jobs Theater in its new circular headquarters in Cupertino, California, named after the company’s co-founder who wowed the world with the first iPhone in 2007.

Executives made no mention of a wireless charging mat, or content deals for Apple TV, as some industry analysts had expected.

“We all knew this was going to be a transitional but not transformational phone update,” said Trip Miller, managing partner at hedge fund Gullane Capital, which owns Apple shares.

Graphic: Apple’s Growth Seen Slowing – reut.rs/2CS6xt8

Slideshow (26 Images)

Reporting by Sonam Rai in Bengaluru and Stephen Nellis in Cupertino, California; Additional reporting by Deena Beasley in Los Angeles, Supantha Mukherjee in Bengaluru, Nadine Schimroszik in Berlin and Yasmeen Abutaleb in Washington; Writing by Bill Rigby; Editing by Peter Henderson and Nick Zieminski

Chilean telecoms firm GTD to install undersea fiber optic cable

SANTIAGO (Reuters) – Chilean telecommunications company GTD said on Wednesday it will install an undersea cable along more than 2,174 miles (3,500 km) of Pacific coastline to improve connectivity with its operations in Colombia and Peru.

The project to lay the fiber optic cable, which will be submerged 2,000 meters (6,561 feet) below sea level in the ocean when it is complete in two years, is aimed at doubling the company’s data transmission in Chile, GTD said in a statement.

GTD’s plan comes at a time when Chile is trying to pivot toward an information-based economy and courting major tech companies, including Google and Amazon, to expand their operations within its borders.

Google and Chilean officials announced earlier on Wednesday the $140 million expansion of the company’s data center in Chile.

With this initiative “there will be more possibilities to compete in a globalized world … and attract more investment to Chile,” said Juan Manuel Casanueva, president of GTD, in a statement emailed to Reuters.

The undersea cable project will improve the service and operation of GTD’s data center network, made up of seven data centers in Chile, Peru and Colombia.

Reporting by Antonio De La Jara,; Writing by Cassandra Garrison; Editing by Alistair Bell

Watch Moritz Simon Geist's Sonic Robots Play Thumping Techno Music in His Video for 'Entropy'

When he plays a techno show, Moritz Simon Geist doesn’t reach for a laptop. Instead, he calls on his army of sonic robots—a collection of small, motorized creations that click, clank, and whirr in an intricate mechanical symphony.

Geist composes robotic electronic music, a burgeoning genre of electro jams that relies on hardware, not software, to engineer electronic sounds and beats. His forthcoming EP, The Material Turn, debuts in October with four tracks made entirely from self-fashioned instruments—futuristic robo-kalimbas, a droning guitar, and salvaged hard drives turned into percussive beat machines.

[embedded content]

Watching Geist play music is a little like watching a mad scientist in a lab. Trained as an electrical engineer, he is a man of materials, constantly tinkering with the instruments as they ping and plonk in front of him. Geist grew up playing the clarinet, piano, and guitar, so when he first started making electronic music in the 1990s, he found it strange that the music was all contained within a software interface on a screen. “I wanted something I could touch,” he says. “So I built my own instruments.”

Each of Geist’s “instruments” is custom-made in his workshop in Dresden, Germany. Some are engineered to produce a specific sound, like his take on a kalimba, made from metal pieces and 3-D printed parts. Other instruments come by way of discovery, like finding that tapping a screwdriver against a metal lid makes a pleasant tinging noise.

The result isn’t just a dynamic, throbbing album full of electrifying techno. For Geist, it’s a way to push the frontiers of electronic musicmaking.

Mr. Robot

Mechanized instruments have been a curiosity for as long as music-makers could rig together parts. Take the first self-playing piano, the Forneaux Pianista, invented in the mid-19th century. It used air valves to inflate a bellows and mechanically thump on the keys, creating an effect of the piano playing itself. Vaucanson’s mechanical flute player and Phonoliszt’s self-playing Violina would follow, and autonomous instruments remained a fascination throughout the 20th century.

“We have a museum full of self-playing instruments,” says Marian van Dijk, the director of the the Museum Speelklok in the Netherlands, which has an exhibit about robots and music on view this month. “People in the 19th century were looking forward to these inventions, and we are in a similar period now—looking forward to all the possibilities.”

As the field of robotics has become more sophisticated, engineers and musicians have developed new ways to incorporate machinery into music-making. Shimon, a robotic marimba-playing robot built at Georgia Tech, relies on artificial intelligence to “improvise” like a jazz musician. In a jam session, it can rhythmically bob its robotic “head” and listen to other human musicians, then tap out a tune of its own. “It’s a combination of old instruments and new robotics,” says van Dijk.

Geist had seen plenty of robotic music—bands like Compressorhead, a Berlin-based group that uses a series of humanoid robots to play traditional instruments—but he’d never seen robots in techno. The combination seemed obvious.

“Robots and techno—I mean, come on,” he says. “It’s machine music.”

His first instrument, the MR-808, recreated the sound of a Roland TR-808 drum machine in an enormous, room-sized box filled with traditional drums and robotic parts. It took him three years to build. When he debuted the instrument in an interactive exhibit, Geist realized he’d struck upon something interesting. He quit his job at a research lab, dropped out of his PhD program, and devoted his time to making musical robots.

Geist followed the MR-808 with a selection of new and futuristic inventions: The Glitch Robot combined 3D-printed parts with relays, tongues, solenoids, and motors to create glitchy, metallic noises. The Tripods One, which Geist calls a “sonic installation,” is a percussive instrument built from hard drive actuators arms and motors that mechanically ping metal pieces and springs.

[embedded content]

His latest single, “Entropy,” features a new suite of instruments. A “futuristic kalimba” riffs on the African instrument, made with a circuit board, five metal tongs, and a piezo contact microphone controlled with a Midi keyboard. A “pneumatic hi-hat” blows air into cylinders filled with small styrofoam balls to create a soft percussive noise. Rescued hard drives make a clicking sound, similar to a snare. There’s also a “drone guitar,” built by attaching a motor to an electric guitar, and an instrument Geist describes as “crazy psychedelic glasses,” which uses a motorized arm to clink on beer glasses filled with different amounts of water so they’re tuned to various pitches.

For Geist, the instruments represent not just a new way to make music, but a new way to experience it. The instruments each have a visual component, which makes it possible to watch the sounds as Geist creates them. “A lot of electronic laptop compositions, they don’t have a body,” he says. “I’m trying to give this body back to electronic music.”

Watching him play “Entropy,” you see styrofoam balls float up on puffs of air, while LED lights blink on the futuristic kalimba. The motor fingers the guitar strings like a disembodied hand. Sure, the requisite electro-techno strobe lights and bass-heavy beats feel familiar. But with his sonic robots, Geist manages to do something increasingly rare in electronic music. When he plays, he keeps all eyes locked on the stage.


More Great WIRED Stories

Meet the Transhumanists Turning Themselves Into Cyborgs

A woman tries on a virtual reality headset at a neuroscience lab in Geneva, Switzerland.

This exoskeleton can be used to treat physical handicaps or to augment the wearer’s motor skills. The Defense Advanced Research Projects Agency (DARPa) is working on a similar prototype that would could turn soldiers into war machines.

Neil Harbisson, who is color blind, implanted a prosthesis into his skull that converts colors into sound waves. He considers himself a cyborg.

The dietary supplement Elysium contains nicotinamide riboside, which has been shown to promote cell regeneration in mice. The drug’s long-term effect on humans is unknown.

Julien Deceroi implanted a magnet into his middle finger. He’s an example of a “grinder,” biohackers who operate on their own bodies.

The size of a grain of rice, the NFC/RFID microchip can be implanted under the skin by a tattoo artist. The chip can be used to store data or interface with electronic devices.

This anti-aging light therapy mask is meant to be worn for five minutes a day and promises to make the user look younger.

The Mailpan—an implant filled with stem cells that secrete insulin—is an artificial pancreas that could potentially transform the lives of diabetics.

Marie-Claude Baillif has suffered from myopathy since adolescence. Without her respirator, she would have died thirty years ago.

“Nootropics,” aka smart drugs, are a class of substances supposed to improve cognitive function, memory, creativity, or motivation.

The body modification artist Lukas Zpira is the author of the “Body Hacktivism Manifesto,” which advocates “taking control of our destinies by perpetually reinventing the self.”

Professor Grégoire Courtine of the École Polytechnique Fédérale de Lausanne implants electrodes into a paralyzed rat’s spinal cord to help it learn to walk again.

Photographer Matthieu Gafsou says transhumanism encompasses a wide array of techniques and philosophies.

One of the biggest misconceptions about transhumanism is the belief that it’s a new phenomenon. “We have been intimately involved with technology for a very long time,” Gafsou says.

In many ways, all of us are transhumanists based on our extensive use of technologies like the smartphone, the artificial hip, and the pacemaker.

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

Tesla has taken plenty of innovative steps to protect the driving systems of its kitted-out cars against digital attacks. It’s hired top-notch security engineers, pushed over-the-internet software updates, and added code integrity checks. But one team of academic hackers has now found that Tesla left its Model S cars open to a far more straightforward form of hacking: stealthily cloning the car’s key fob in seconds, opening the car door, and driving away.

A team of researchers at the KU Leuven university in Belgium on Monday plan to present a paper at the Cryptographic Hardware and Embedded Systems conference in Amsterdam, revealing a technique for defeating the encryption used in the wireless key fobs of Tesla’s Model S luxury sedans. With about $600 in radio and computing equipment, they can wirelessly read signals from a nearby Tesla owner’s fob. Less than two seconds of computation yields the fob’s cryptographic key, allowing them to steal the associated car without a trace. “Today it’s very easy for us to clone these key fobs in a matter of seconds,” says Lennert Wouters, one of the KU Leuven researchers. “We can completely impersonate the key fob and open and drive the vehicle.”

Just two weeks ago, Tesla rolled out new antitheft features for the Model S that include the ability to set a PIN code that someone must enter on the dashboard display to drive the car. Tesla also says that Model S units sold after June of this year aren’t vulnerable to the attack, due to upgraded key fob encryption that it implemented in response to the KU Leuven research. But if owners of a Model S manufactured before then don’t turn on that PIN—or don’t pay to replace their key fob with the more strongly encrypted version—the researchers say they’re still vulnerable to their key-cloning method.

Keys to the Kingdom

Like most automotive keyless entry systems, Tesla Model S key fobs send an encrypted code, based on a secret cryptographic key, to a car’s radios to trigger it to unlock and disable its immobilizer, allowing the car’s engine to start. After nine months of on-and-off reverse engineering work, the KU Leuven team discovered in the summer of 2017 that the Tesla Model S keyless entry system, built by a manufacturer called Pektron, used only a weak 40-bit cipher to encrypt those key fob codes.

The researchers found that once they gained two codes from any given key fob, they could simply try every possible cryptographic key until they found the one that unlocked the car. They then computed all the possible keys for any combination of code pairs to create a massive, 6-terabyte table of pre-computed keys. With that table and those two codes, the hackers say they can look up the correct cryptographic key to spoof any key fob in just 1.6 seconds.

In their proof-of-concept attack, which they show in the video below, the researchers demonstrate their keyless-entry-system hacking technique with a hardware kit comprising just a Yard Stick One radio, a Proxmark radio, a Raspberry Pi minicomputer, their pre-computed table of keys on a portable hard drive, and some batteries.

First, they use the Proxmark radio to pick up the radio ID of a target Tesla’s locking system, which the car broadcasts at all times. Then the hacker swipes that radio within about 3 feet of a victim’s key fob, using the car’s ID to spoof a “challenge” to the fob. They do this twice in rapid succession, tricking the key fob into answering with response codes that the researchers then record. They can then run that pair of codes through their hard drive’s table to find the underlying secret key—which lets them spoof a radio signal that unlocks the car, then starts the engine.

[embedded content]

That whole attack chain, the researchers say, is possible thanks to the Pektron key fob system’s relatively weak encryption. “It was a very foolish decision,” says KU Leuven researcher Tomer Ashur. “Someone screwed up. Epically.”

The KU Leuven researchers say they told Tesla about their findings in August 2017. Tesla acknowledged their research, thanked them, and paid them a $10,000 “bug bounty” for their work, the researchers say, but it didn’t fix the encryption issue until its June encryption upgrade and more recent PIN code addition.

In a statement to WIRED, Tesla said those fixes were rolled out as quickly as possible given the time needed to confirm the researchers’ work, test a fix, and integrate it into their manufacturing processes. “Due to the growing number of methods that can be used to steal many kinds of cars with passive entry systems, not just Teslas, we’ve rolled out a number of security enhancements to help our customers decrease the likelihood of unauthorized use of their vehicles,” a Tesla spokesperson wrote to WIRED. “Based on the research presented by this group, we worked with our supplier to make our key fobs more secure by introducing more robust cryptography for Model S in June 2018. A corresponding software update for all Model S vehicles allows customers with cars built prior to June to switch to the new key fobs if they wish.” The company also noted that you can trace a Tesla on your phone, which should make it relatively easy to locate a stolen vehicle.

The researchers believe their attack might also work against cars sold by McLaren and Karma and motorcycles sold by Triumph, which also use Pektron’s key fob system. But they weren’t able to get their hands on those vehicles to test them. Neither Karma nor Triumph responded to WIRED’s request for comment, nor did Pektron itself. McLaren says it’s still investigating the issue but is alerting its customers to the potential theft risk and offering them free “signal-blocking pouches” that block radio communications to their key fobs when they’re not in use. “While this potential method has not been proven to affect our cars and is considered to be a low risk, plus we have no knowledge of any McLaren vehicle being stolen by this or the previously reported ‘relay attack’ method, nevertheless we take the security of our vehicles and the concerns of our customers extremely seriously,” a McLaren spokesperson writes.

If those other manufacturers are indeed affected, beyond putting keys in those “signal-blocking pouches”—Faraday bags that block radio communications—just how all of them might definitively fix the problem is far from clear. The researchers say that the companies would likely have to replace every vulnerable key fob, as well as push out a software update to affected vehicles. Unlike Tesla, whose cars receive over-the-air updates, that might not be possible for other manufacturers’ vehicles.

Warning Sign

Despite the questions surrounding how to prevent the attack, KU Leuven’s Ashur argues that revealing the vulnerability is necessary to pressure Tesla and other carmakers to protect their customers from theft. Now that Tesla has added a PIN feature, it also serves as a warning that Tesla owners should turn on that feature to protect against a surprisingly easy method of grand theft auto. Aside from the PIN, Tesla also allows Model S owners to disable passive entry for its key fobs, meaning drivers would have to push a button on the fob to unlock the car. That would also stymie the KU Leuven attack. “This attack is out there, and we’re not the only people in the world capable of coming up with it,” Ashur says.

For years, hackers have demonstrated that it’s possible to perform so-called relay attacks against keyless entry systems, spoofing a car’s radio signals to elicit a response from its key fob and then replaying that signal in real time to the car’s locking system. In some cases, hackers have pulled off those attacks by amplifying the key’s radio signal, or by bridging the distance between the car and the victim’s key fob by holding one radio device close to each. Those relay attacks have been used to pull off very real car thefts, though it’s never been clear how many, given the lack of evidence left behind. Relay attack thefts are no doubt part of Tesla’s motivation for adding its PIN precaution, regardless of the KU Leuven research.

But even those relay attacks still only allow a car thief to spoof a victim’s key once. Even if they manage to drive the car away, they’re unable to unlock or start it again. The KU Leuven attack, by contrast, allows a thief to permanently clone the victim’s key, so that they can unlock and drive the car in perpetuity. “Basically, we can do everything a relay attack can do and more,” says Wouters.

With that dangerous key-cloning method now in the open, anyone who owns a vulnerable Model S would be wise to turn on Tesla’s newly added PIN feature or disable passive entry. Punching four numbers into the car’s dash or a button on its key fob before starting it up may be an annoyance, but it beats returning to a empty parking spot.


More Great WIRED Stories

White House Secrets Top This Week's Internet News Roundup

Boy, oh boy. Technically, thanks to Labor Day, this past week was shorter work-wise than most. That said, the internet never takes a day off, so it was just as full as the rest. Think we’re kidding? We’re not. As proof, here’s a series of unrelated tweets that represent just a fraction of what people were talking about online over the last seven days:

Hungry for more? Read on.

Fear and All Kinds of Loathing in Washington, DC

What Happened: The newest Trump administration tell-all book might be the biggest—or, at least, the most all-telling, and the most reliably true—one yet. Needless to say, it didn’t come and go without causing some drama.

What Really Happened: It’s been a few weeks since Omarosa’s book grabbed headlines, so clearly it’s time to start thinking about another White House tell-all. This time around, it’s possibly the motherlode: Fear: Trump in the White House is the upcoming release from legendary journalist Bob Woodward, and it’s been breathlessly anticipated by everyone who figured that Woodward would have the true story about what is going on in President Trump’s administration. And with the release just a week away, this happened:

Yes, the Washington Post got its hands on the book early, and let’s just say that the review—such as it was—suggested that this would be everything people wanted and more.

The first excerpts to be released were juicy, to say the least.

And, it turned out, it wasn’t just the Post that got an early copy.

Let’s just say that a lot of people found what was shared to be a little alarming.

Others were more alarmed (or, at least, surprised) by the lack of pushback from the White House over the release of the excerpts and the response they were generating.

As should only have been expected, that didn’t last.

And, of course, it wasn’t too long before the president got in on the action.

There’s only one problem with taking the attitude that you can just pretend this stuff isn’t real: This book comes from Bob Woodward. He really doesn’t half-ass or fictionalize. He’s the real deal, as could be seen by his wonderfully old-school reply to the denials.

Perhaps the oddest part of the whole thing may have been an 11-minute call between Woodward and Trump, which was recorded and then released by the Post.

Seriously, though: If this is just what’s coming from the pre-release hype, imagine what the actual book will be like.

The Takeaway: If nothing else, this whole kerfuffle has proven once again that, for the current President of the United States, there’s no such thing as bad publicity, even when it’s clearly bad publicity.

The Op-Ed Is Coming from Inside the House

What Happened: Bypassing the need for reporters and anonymous sources, the New York Times published an op-ed by an unnamed White House staffer about the goings-on in the current administration.

What Really Happened: As if the Woodward book didn’t make the White House look unruly enough, there was a pretty dramatic second development on Wednesday that was … well, dramatic, all things considered.

The piece was titled, with wonderful overstatement, “I Am Part of the Resistance Inside the Trump Administration“—although, as the actual piece explained, “To be clear, ours is not the popular ‘resistance’ of the left. We want the administration to succeed and think that many of its policies have already made America safer and more prosperous”; instead, it argued, “there is a quiet resistance within the administration of people choosing to put country first”—and it was, to put it mildly, quite a read.

It should be pointed out that plenty of people were unconvinced by the central premise of the piece.

As further proof that the White House might not be at the top of its game, the publication of the essay appeared to come as a complete surprise to people within the administration, as the by-the-second tick-tock of Twitter revealed.

…It took, apparently, one hour and 31 minutes to formulate a response, judging by the timestamp on the following. Just in case you’re curious.

But what is a response from the White House these days without some extemporaneous riffing from President Trump? As you might expect, he treated this extraordinary event with the nothing but the gravitas and reflection it truly deserved.

There was another, equally obvious, outcome of the whole thing: lots and lots of speculation about who wrote it. Reportedly, the search for the author of the piece combined with the search for those who spoke to Bob Woodward for Fear, is likely creating a very unhappy atmosphere in the White House.

The fact that the Times op-ed editors granted the writer anonymity was deemed troublesome by many, though the reasons why varied from person to person.

While some people had some cunning plans for finding out who was responsible—

—others believed that the identity of the author wasn’t entirely mysterious in the first place, as this much-shared thread on Twitter made clear.

For what it’s worth, Mike Pence denies writing it, which … I mean, he would, wouldn’t he? That’s just what you’d expect him to do. Wait, now I’m getting all paranoid.

The Takeaway: One of the surprising takeaways from the whole thing was just how ready social media was to publish parodies of the piece, complete with any number of pop culture references…

Justice Brett Is So Close to Happening

What Happened: Last week everyone got to meet Brett Kavanaugh, the next Supreme Court justice (probably). As far as meet-cutes went, let’s just say that the Senate and Brett had particularly awkward rom-com rockiness to deal with.

What Really Happened: While all of the above was unfolding, there was a parallel track of intrigue happening in the confirmation hearing for potential Supreme Court judge Brett Kavanaugh, which turned out to be anything but dull. Even before the hearing began, people were excited, and not just because an amazing 42,000 pages of documentation were released just hours before the first day of the hearing began. Why, there was even cosplay.

Things got off to an amazing start. Or, at least, certainly not a boring one.

Oh, but the controversy of the day wasn’t just about what the Senators were saying, as it turned out.

As if the video didn’t disprove the White House version of events, Fred Guttenberg offered his take on what had happened, which was (of course) disputed by the White House.

To the surprise of literally no one, this became a media story pretty quickly. But, wait! That’s not all! On the very same day—this is still just the first day of the hearings, remember—there was also the idea that one of Kavanaugh’s staff was flashing a white power sign behind him for the entire hearing.

Thankfully, this was something that was very quickly put to rest on social media even before it had time to set in.

Bash’s husband took to Twitter to complain.

We’d love to be able to say that, after such a tumultuous first day, the hearings settled down into a nuanced discussion moving forward, but the second day brought up potential hacking connections and confusion over whether he’d been consulted over the Mueller probe, and the third had conflict over documents concerning race, whether or not Roe v. Wade is “settled law,” his inability to condemn Trump’s attacks on judges, and if he’d lied during his 2004 confirmation hearings for the DC Circuit Court. This one, it seems, is going to run and run. But don’t worry, Kavanaugh fans; he’s still likely to be confirmed no matter what.

The Takeaway: If nothing else, Twitter displayed its ability to keep everyone on-topic as the first day of the hearings drew to a close.

InfoVictory May Have Been Declared After All

What Happened: Ding-dong, Alex Jones’ social media career is dead, now that he’s been officially kicked off of Twitter.

What Really Happened: It took a very long time, but guess what? Alex Jones has, a month after being removed from YouTube, Facebook, and Pinterest, also been banned by Twitter.

Many people wondered why it was only now that Jones—who had already seemingly violated the platform’s terms of conduct—was removed. Let’s just say that he gave Twitter a lot of reasons in the 24 hours before his banning.

There’s actual video of this here, originally streamed by Jones and InfoWars on Periscope. It’s somewhat astounding. And then, of course, there was this, but you knew about this photo already.

Of course, Jones being banned from his final mainstream outlet was big news—but more than a few people were suspicious about just what exactly led to Jones’ removal, and how close to home it hit for the social network.

As much as we might want to focus on the Jack Dorsey of it all—and that’s saying nothing about that beard—we really, really, shouldn’t forget [gesturing wildly] all of this, either.

Perhaps we’ll never know what the real reason for Jones’ removal was. Then again, perhaps it doesn’t even really matter.

The Takeaway: Maybe this should just be the start of a multi-pronged effort on behalf of Twitter. Some folks are already offering up suggestions for next steps, after all.

Just Do It to Yourself

What Happened: Nike extended its deal with Colin Kaepernick, the NFL quarterback who famously took a knee during the National Anthem to protest police violence, and everything you might have expected to come as a result happened.

What Really Happened: The ever-controversial subject of NFL protests returned to the fore last week with the news that Colin Kaepernick is the face of Nike’s next wave of “Just Do It” commercials. Kaepernick announced the deal with Nike via Twitter.

It was, as Nike surely hoped, a muchreportedupon deal—and a lucrative one, too.

Whatever the value of the deal, maybe we should take a second to appreciate that Nike is standing up for someone seemingly abandoned by those in his chosen career.

Well, maybe don’t get too excited…

This just in: This issue is a particularly complicated one. Nonetheless, surely it’s good to see someone stand behind Kaepernick, right? Turns out, not everyone thought so.

The so-called boycott didn’t impress everyone, however.

Presumably, Nike wasn’t impressed by—but may have been, perhaps, thankful for—the protests, considering that estimates suggested the news raised $43 million in media exposure for the company in just one day. Curiously, while Nike stock is down 2 percent at the time of this writing, it is also gaining popularity and expected to continue doing so.

The Takeaway: No matter how nuanced the idea of a Nike deal may be, considering the company’s own practices, let’s take a brief moment to enjoy how utterly un-nuanced the enjoyment of ridiculous protests that ultimately both miss the point and serve no purpose can be.


More Great WIRED Stories

This Week in the Future of Cars: What Happened at Tesla, Uber, and Chevy this week

We’re going fast…somewhere. This week was full of people and corporations making market-moving decisions. Not all seemed wise. Elon Musk did a 2.5-hour live interview, got peer pressured into smoking a blunt, and maybe didn’t inhale. Mercedes has a fully electric SUV coming out, and Chevy is prepping the country’s serious haulers for the intro of its beefy new pickup. A company that specializes in bus trips took an interesting detour into sleep technology. It’s been a weird week! Let’s get you caught up.

Headlines

  • Late Thursday evening, Tesla and SpaceX CEO Elon Musk gave a rare live interview to eminent podcaster and comedian Joe Rogan. It was classic Elon, transportation editor Alex Davies observes: thinky, a little awkward, goofy, full of weed jokes (and a touch of actual weed). But that sheer force of personality may not be enough to guarantee the electric carmaker’s future anymore.
  • Even so, it’s very hard to imagine a Tesla without Musk. It will probably take an even more dramatic incident for the loyalists on the company’s board to take a hard line with the self-christened “business magnet.”
  • Aurora, the little-known supergroup made up of autonomous vehicle technology pioneers, is finally talking. Alex chats with Waymo veteran and Aurora CEO Chris Urmson on why the startup will be smarter about machine learning than its competition, and how close its tech is to being able to do everything a human can.
  • One year into his role as CEO of Uber, Dara Khosrowshahi reflects—and introduces a new suite of safety features.
  • One Montana startup is using Doppler lidar—the same tech that cops use to catch speeding drivers—to create colorful images that just might give cars a better (and safer) sense of what is gong on around them.
  • As part of a string of electrifying announcement from major automakers, Mercedes-Benz unveils its first fully electric SUV. This one comes with an 80-kWh lithium-ion battery, an estimated 279 mile-per-charge range (according to the New European Driving Cycle testing protocol), and a top speed of 112 mph.
  • There are monster trucks, and then there’s Chevy’s new ZR2 Bison pickup truck. Senior writer Jack Stewart has the details on the off-roading, desert-running behemoth, a perfect rig for people who really, truly need to haul a lot of stuff.
  • WIRED contributor Eric Adams takes a trip to West Africa to hang out with the Diplomatic Security Service. Never heard of ‘em? They’re the Postal Service meets Mission Impossible: 103 couriers who carry top secret mail between US State Department hubs. Quoth Eric: “Snow, rain, heat, or gloom of night? Try war, ebola, diplomatic ejection, or military coup.”
  • If an overnight trip on a bus sounds unappealing, the team at the startup Cabin would like to introduce you to their new snoozing tech. The company’s vehicles—which take near-daily trips between San Francisco and LA—are already stocked with 23 sets of pillows, blankets, night lights, and bunk beds. It now hopes to outfit the buses with bump-cancelling mattress mechanisms, for a smoother ride and night.
  • What happens if the Bay Area doesn’t solve its housing and transportation problems? More for the rich, and even less for the poor, probably. A local urban policy think tank explores the ways the region could fix its issues in the next 70 years—and the ways it could bungle them.

Bike Lane Propaganda of the Week

Bike lanes are great, but you know what’s even greater? Protected bike lanes. This Vox video explores what happened when New York got smarter about building them. (Spoiler: good stuff.)

[embedded content]

All hail the protected bike lane.

Stat of the Week

70%

Portion of ride-hailing trips that were completed in Asia alone in 2017. The next biggest markets were North America and Latin America; only 5 percent of trips were completed in Western Europe due to stricter regulation. (Via ABI Research)

Required Reading

News from elsewhere on the internet

In the Rearview

Essential stories from WIRED’s past

A look back at 2016 finds the top reason startups fail: running a hardware business is super hard.


More Great WIRED Stories

Russia will spend 10 billion roubles on car demand support in 2019: TASS

MOSCOW (Reuters) – Russia will spend about 10 billion roubles ($143 million) on its car demand support program in 2019, Industry and Trade Minister Denis Manturov was quoted as saying by the TASS news agency on Saturday.

Reporting by Polina Devitt; Editing by Kevin Liffey

Unique Premium WP Themes Free
Ritzywordpressthemes.com is a site dedicated to procure for you free Wordpress themes and/or uniquely designed premium Wordpress themes for your blogs. Though exclusively designed themes normally have a cost, for most cases, we are able to find a company willing to sponsor the theme; hence you will have it for free. Contact us for more info.
Cloud Computing Tutorials
No feed items found.