Future Tense
The Citizen's Guide to the Future

July 29 2015 6:21 PM

Google’s Translate App Is Now Indispensable for International Travelers

Google Translate may be the coolest app that you probably don’t have on your phone. Available for both iOS and Android, Translate doesn’t just shuffle words and phrases from one language to another—it can also literally rewrite the world around you. As Tech Crunch reports, it also got a lot more useful Wednesday, adding 20 more languages to its repertoire. It now supports 27 tongues.

Instant translate is simple but surprisingly powerful, bringing augmented reality to the screens of consumer electronics. Hold up your phone’s camera to text in a foreign language, and the app will translate the words you put before it, erasing the old and inscribing the new in their place. As TechCrunch’s Drew Olanoff explains, Google built this feature around Word Lens, a program that it acquired when it purchased Quest Visual last year.


In its present form, instant translate works astonishingly well, but it does some things better than others. When I showed it a volume of Portuguese poetry, it was able to offer serviceable—if singularly unpoetic—takes on some lines. “The Martian found me on the street,” a Carlos Dumond de Andrade poem, aptly titled “Science Fiction,” promisingly begins, only to continue, “And had fear of my impossibility human.” Not bad, but I’ll stick with Richard Zenith’s more elegant rendering: “A Martian ran into me on the street/ and recoiled at my human impossibility.” While it was impressive to watch the words take shape on my phone’s screen, this clearly isn’t the sort of task that the program was designed to accomplish—and it shouldn’t be faulted for its failure.

Google Translate performed much better in my neighborhood coffee shop, successfully translating signs into Spanish, Filipino, and a variety of other languages, but it struggled to make sense of the specials scribbled on the chalkboard. While the handwritten missives of my baristas left it flummoxed, it can still recognize a surprisingly wide range of letters and fonts. Like Google’s image recognition software—which has gotten the company into a bit of trouble in the recent past—Translate uses convolutional neural networks to determine what is and isn’t a letter, and then to guess how those letters fit together into words.

Perhaps most impressively, all of this works even when a phone isn’t connected to the Internet or a cellular network. By limiting how much variation the network searches for, Google was able to fit Translate’s letter and word recognition capabilities into a surprisingly tiny package. When you first attempt to translate to or from a new language, you’ll be prompted to download a small data packet. Once you have that information stored on your device, it no longer needs to exchange information with Google’s data centers. This should make it a remarkable tool for those traveling abroad with limited Internet access.

Google Translate product manage Julie Cattiau told TechCrunch that the program isn’t going to replace traditional language learning any time soon. It’s also no poet—as its brute force renderings of the lines I showed it plainly demonstrate. It is, however, very, very cool.

Video Advertisement

July 29 2015 3:33 PM

The Most Important Feature of Windows 10 May Seem Boring. It’s Actually Revolutionary.

In the opening of a (truly hilarious) Microsoft promo video for Windows 95, the narrator says, “I just want a new operating system!” That’s exactly what we’ve been taught to look forward to every few years, and Wednesday’s release of Windows 10 feels like a satisfying step in the progression. But this time things are different, because this is “the last version of Windows.”

As the Verge reported in May, Microsoft developers started talking about a fundamental shift in Windows at the company’s Ignite conference. Instead of the periodic large releases of big-name operating systems, Microsoft wanted to make Windows 10 a streamlined, device-agnostic platform that could be reinvented whenever and however the company wanted on any given day. CEO Satya Nadella told BBC News on Wednesday that, "It’s not just another release of Windows, it’s the beginning of a new era."


In the new Windows world everything is seamless and infinite. In a statement about Windows 10 on Tuesday, Microsoft said, “Windows 10 is delivered as a service and kept automatically up-to-date with innovations and security updates.” It’s a mental shift from thinking of operating systems as individual releases to thinking of them as boundless platforms. Erick Schonfeld explained the concept well on TechCrunch in 2011: “The approach is more like updating a website than a piece of client software. The version numbers don’t really matter. What version of Amazon are you on? Exactly.”

But in 2011, Schonfeld obviously wasn’t talking about Windows 10 (Windows 8 was just debuting). He was talking about a service we all know that’s been doing incremental updates for years: Google Chrome. In 2010, Chrome changed from pushing updates every few months to releasing them every six weeks. The idea was that fixes and features should go live whenever they were ready. If something missed its deadline it would just come out six weeks later instead of holding everything up. When updates are that frequent, it doesn’t really matter what “version” you’re on.

Chrome program manager Anthony Laforge wrote in 2010:

Predictable fixed duration development periods allow us to determine how much work we can do in a fixed amount of time, and makes schedule communication simple. We basically wanted to operate more like trains leaving Grand Central Station (regularly scheduled and always on time), and less like taxis leaving the Bronx (ad hoc and unpredictable).

Incremental updates serve Windows 10’s goal of being a universal operating system and offering “one experience” across PCs, tablets, phones, Raspberry Pi, Xbox One, and HoloLens (plus the 2,000 devices Microsoft says it’s testing for compatability). Managing updates on so many different devices is currently pretty painful, and Windows 10 aims to fix that. If nothing else, streamlining the update process makes devices more secure, because they automatically get their patches and bug fixes instead of relying on users to initiate a download.

The pressing question, then, will be whether Microsoft can deliver significant innovations and redesigns without affecting Windows’ daily performance. Windows 10 is culling usage statistics to suggest times for automatic restarts (so updates can take effect), and presumably many updates will happen behind the scenes without requiring a restart at all. But Microsoft will need a way to generate excitement about new features as they come out, work carefully to avoid pushing out flawed updates, and generally keep users informed. You wouldn’t want your operating system to morph into something you never asked for, right?

July 29 2015 2:46 PM

Netizen Report: Emails Suggest Lebanon Used Angry Birds to Infect Devices With Malware

The Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. It originally appears each week on Global Voices Advocacy. Juan Arellano, Ellery Roberts Biddle, Hae-in Lim, Katitza Rodriguez and Sarah Myers West contributed to this report.

GVA logo

Emails leaked after Hacking Team’s systems were hacked in early July—and now searchable on WikiLeaks—indicate that Lebanon’s Interior Security Forces, General Security office, and Cybercrime Bureau all pursued contracts with the Milan-based surveillance-software maker. Emails suggest that Security Forces personnel were able to successfully infect target devices with the help of Hacking Team staff, and that they created a technical “backdoor” in the devices (a virtual channel through which authorities can monitor a user’s activities) by exploiting a security flaw in Angry Birds.


These revelations confirm what various bloggers and political activists had suspected after they were summoned for questioning by the Cybercrime Bureau. Beirut-based technology journalist Habib Battah described the bureau’s approach in June:

In some cases, bloggers have claimed that police agents tricked them into giving up information by sending malware to their computers, a practice [Major Suzan Hajj Hobeiche, head of the Cybercrime Bureau] seemed to endorse by claiming “ethical hacking” used by law enforcement is sometimes needed to protect the greater good. Yet, increasingly that greater good seems to be defined by the interests of the wealthy and well-connected. …

Peru and Pakistan erode citizen privacy with new surveillance tactics
A recent executive decree from Peru’s government compels all telecommunications companies and Internet service providers to store traffic data for three years. Assuming that the decree holds, telcos will be forced to provide police with individual user data from these logs upon their request. Issued one day before Peru’s independence day, the decree explicitly states that the police should have access to geolocation data without a warrant or court order, and that this data is not protected under the Peruvian Constitution. Peruvian lawyer Miguel Morachimo told the Electronic Frontier Foundation: “Any policy like that is controversial in itself, but the fact that it was directly approved by the Executive Branch without prior debate and in the middle of national holiday season is especially undemocratic.”

The decree has significant potential for abuse of its new powers. It ignores the fact that most cellphones today constantly transmit detailed location data about every individual to their carriers, and that all this location data is housed in one place—with the telecommunications service provider. This will leave Peruvian police with access to more precise, more comprehensive, and more pervasive data than would ever have been possible under previous policies.

Pakistan too is planning to expand its surveillance capabilities, which could include monitoring broadband Internet traffic, phone records, and cellular data transmissions, according to a report by Privacy International. The Verge notes that because Pakistan already has stringent registration requirements, such as a national biometric ID program and SIM card registration by fingerprint, these bulk surveillance plans may be particularly invasive.

U.K. High Court strikes down discrete data retention practices
In slightly better news from the world of digital surveillance, a U.K. High Court ruled against data retention laws that allowed the government to order telecommunications companies to retain their users’ metadata for one year stand. The reason: The laws failed to require authorities to obtain judicial approval prior. The court also took issue with the lack of “clear and precise rules” for the collection of data in the Data Retention and Investigatory Powers Act 2014 (sections 1 and 2). The Home Office says it will appeal the decision.

Malaysia blocks news website in face of public finance investigation
Malaysia blocked news website the Sarawak Report and suspended two local papers after they published investigative reports on the suspicious transfer of $700 million from a government-managed investment fund into the personal bank account of Malaysian Prime Minister Najib Razak. While there is evidence that the government has censored the Internet in the past, this marks the first time it has publicly acknowledged doing so. Although the Malaysian Communications and Multimedia Commission claims that the block was carried out legally under the Communications and Multimedia Act of 1998, the law does not sanction censorship of online websites.

Is YouTube headed for Russia’s Internet blacklist?
Russian media and Internet watchdog Roscomnadzor issued an official warning to YouTube on July 22 that the site may be added to the country’s Internet blacklist for copyright violations. The warning comes after the Moscow city court ruled that copyright was violated when two Russian TV shows were uploaded to YouTube. Though YouTube took down the videos, others were subsequently uploaded; Roscomnadzor reported seeing 137 copies on the site as of July 20.

Transparency reports: When it comes to takedowns, copyright is king
The online marketplace Etsy shut down more than 168,000 accounts over the year 2014, according to its first transparency report. It shut down 3,993 shops for violations of Etsy’s intellectual property policy and disabled 176,137 listings in response to DMCA takedown requests. However, the majority of the shutdowns were for non-IP related issues, such as spam and the sale of items prohibited on the site.

New Research

July 28 2015 10:18 PM

Jack Dorsey Wants to Reinvent Twitter

Less than a month after taking the tiller as interim CEO, Twitter co-founder Jack Dorsey is charting a new course.  

The famous Twitter timeline, in which tweets from everyone you follow are displayed in reverse chronological order, is no longer getting the job done, Dorsey said on an earnings call with investors Tuesday evening. And tweaks intended to help the company reach a broader user base, like instant timelines and a new home page for casual visitors, have failed. As a result, Twitter’s growth has been “unacceptable,” said Dorsey, who could be seen wearing a gray hoodie and a generous beard as he live-streamed the earnings call on Periscope.


Those tweaks, it’s worth noting, were implemented by his well-liked but cautious predecessor, Dick Costolo, before he was pushed out last month.

What’s needed, Dorsey said, is a broader overhaul of the Twitter product to make it more accessible to the majority of Internet users who don’t regularly log in. He called for a “questioning of our fundamentals,” including the reverse-chronological timeline, in order to “balance recency with relevance.”

For those who don’t speak social media, that’s code for “we need to get more like Facebook.” Whereas Twitter’s timeline ranks tweets by recency, Facebook’s News Feed ranks posts by relevance, as determined by complex algorithms that adapt to each user’s behavior and preferences. Twitter has been experimenting with similar software, which it now uses to show you a series of older tweets when you log in, under the heading “While You Were Away.” Expect to see more of that in the future, as Dorsey sang the feature’s praises multiple times on Tuesday’s call. “I’m definitely seeing a lot more value at the top of my stream,” he said.

Another forthcoming feature, code-named “Project Lightning,” will employ human editors to collect top tweets about trending news topics and live events as they unfold. Dorsey endorsed that as well, adding that he expects to release it this fall. But he suggested “While You Were Away” and Project Lightning are only the first steps toward an eventual shift away from reverse chronology. “There’s a lot more to do there,” Dorsey said.

From a business perspective, the Dorsey-led earnings call amounted to a blast of #realtalk from a company that under Costolo was at pains to reassure investors it was on the right path. Dorsey repeatedly said he was “not happy” with the company’s direction. Anthony Noto, the company’s buttoned-down chief financial officer, matched his boss’s grim tone. He warned investors that the user growth they’ve been clamoring for likely won’t come “for a considerable amount of time.”

An inability to grow beyond its core of loyal users has dogged Twitter since it went public in November 2013. Investors expecting the next Facebook have been disappointed quarter after quarter as user growth has flattened. This is despite consistently strong revenue growth, as Twitter has built a thriving mobile advertising business in just the past two years. Revenue was strong yet again in the most recent quarter. It topped $500 million, up 61 percent from the same quarter in 2014.

Costolo had sought to shift investors’ expectations for the company, arguing that Twitter could reach more people than Facebook even without persuading them to log in regularly. As I’ve explained, Costolo saw Twitter’s future as that of a media platform rather than a social network, with syndicated tweets gaining wide audiences beyond Twitter itself. It was a realistic vision, but evidently not a bold enough one for shareholders.

Dorsey, in contrast, hinted that Twitter will return to its earlier mission of becoming a daily destination for the majority of people on the Internet—like Facebook. Twitter should be, he said, “the first thing everyone in the world checks before they start their day.”

And whereas Costolo had essentially admitted defeat in Twitter’s bid to get more people tweeting, Dorsey argued it isn’t enough for people to consume tweets passively. In addition to being a window to the world, he said, Twitter should be “the most powerful microphone in the world.”

Key to all of these goals will be convincing people that they need another social network in their lives. To that end, Twitter is reportedly planning its first major marketing campaign.

Who will lead the company down this new path has been the subject of much speculation, particularly after reports that Square—where Dorsey is founder and CEO—is about to go public. Asked whether he is a candidate to take on the top post at Twitter on a permanent basis, Dorsey said he had “no update to provide.” But he sounded like a man gunning for the job.   

Previously in Slate:

July 28 2015 3:28 PM

The Real Reason Elon Musk Is Worried About Killer Robots

If you believe Elon Musk, you should be very, very afraid of killer robots, but maybe not for the reason you think. In an open letter published Tuesday by the Future of Life Institute, Musk, Stephen Hawking, and thousands of co-signatories call for a “ban on offensive autonomous weapons beyond meaningful human control.” This is the kind of phrase that summons up images of Arnold Schwarzenegger in the Terminator films, but that’s not what Musk and his collaborators seem to have in mind.

Nevertheless, it’s this familiar image of dystopian robopocalypse that opens all too many stories about the letter. The Washington Post, New York Times, and Huffington Post—to name but three examples—all illustrate their articles on the topic with Terminator stills. Though the articles’ authors don’t come out and say it, the connotations are clear: The robots are coming, and they want your blood.


Far from worrying that artificially intelligent killing machines are going to wipe out humanity, however, FLI has a more immediately relevant concern: research priorities. Musk has famously described artificial intelligence as an “existential threat.” But he’s also helped back research to help society “reap the benefits” of artificial intelligence “while avoiding potential pitfalls.”

This is not the first time the FLI has broached the issues surrounding A.I. through an open letter. In a previous missive, issued in January, the institute had proposed that researchers should work to “maximize the societal benefit of A.I.” by ensuring that intelligent systems “do what we want them to do.” While the attached statement of research priorities touched on autonomous weapons, it did so only in passing, offering little indication as to whether and how considerations of them should proceed.

A careful reading of the FLI’s latest open letter on autonomous warfare reveals that its authors aim to correct this oversight. “If any major military power pushes ahead with A.I. weapon development, a global arms race is virtually inevitable,” they write. Here, the danger isn’t so much that the technology will become more and more powerful but that more and more research energy will be directed toward military A.I. As it does, there will be fewer resources available to those hoping to design A.I. that preserves and sustains life.

The letter also suggests that as autonomous weapons become easier to produce, they will inevitably fall into the “hands of terrorists, dictators wishing to better control their populace, warlords wishing to perpetrate ethnic cleansing, etc.” While this is a serious and real concern, it is a far cry the hyperbolic fantasies suggested by comparisons to the Terminator films. FLI isn’t worried that A.I. will set out to kill humans. It’s concerned that humans will use A.I. to more efficiently kill one another.

Far from warning of an impending robopacalypse, then, FLI and the letter’s many co-signatories are encouraging us to rethink the way we approach A.I. today. The letter compares its proposed moratorium on autonomous weapons development to bans on chemical and biological warfare. Refraining from research into these areas doesn’t mean A.I. is on the verge of destroying all life—just that we don’t feel such research contributes to the experience of living. As Cecilia Tilli, who signed the January FLI artificial-intelligence letter, wrote in Slate, “being mindful doesn’t mean that experts believe danger lurks behind the next advance in artificial intelligence.”

It’s unfortunate that the FLI’s letter has contributed to fears about A.I. Adam Elkus has argued that such excessive concerns only make it harder for most of us to educate ourselves about what’s really going on. If we’re really going to follow the advice of Musk, Hawking, and their co-signatories, we should focus more clearly on A.I.’s “great potential to benefit humanity” and work to ensure that it can do so.

July 28 2015 2:45 PM

White House Finally Responds to Snowden Pardon Petition

Whistleblower Edward Snowden left the United States more than two years ago, and since then a petition has been circulating on WhiteHouse.gov demanding that he be pardoned. After conspicuous silence—the petition has 167,954 signatures, and all entries on the site with 100,000 or more are guaranteed a response—the administration finally posted an answer on Tuesday. It isn’t positive.

Where the petition calls for Snowden to be “issued a a full, free, and absolute pardon,” the White House response from Lisa Monaco, the president’s advisor on homeland security and counterterrorism, says, “He should come home to the United States, and be judged by a jury of his peers.”


Monaco writes:

Instead of constructively addressing these issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it.
If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and -- importantly -- accept the consequences of his actions.

The Intercept points out that the petition response does not cite any specific examples of “severe consequences” caused by the disclosures. Additionally, Snowden himself did not publicly disclose anything classified, since news outlets like the Guardian and the New York Times were the entities that actually released documents and information. (Update July 28: Just to clarify, this is a popular interpretation among Snowden supporters like the Intercept, though many others view it as a stretch.)

The White House also said on Tuesday in a seperate blog post that it had “caught up” with responding to “every petition in our We the People backlog — 20 in all.”

In the case of Snowden, Monaco writes, “The balance between our security and the civil liberties that our ideals and our Constitution require deserves robust debate and those who are willing to engage in it here at home.” So, yeah, that blanket pardon seems like a no right now.

July 28 2015 9:30 AM

Court Rules That You Can’t Expect Privacy If You Butt Dial Someone

If people want to spy on your calls they can tap your phone, but they don't even have to if you inadvertently dial them yourself. And if you're in the process of committing a crime, you probably shouldn't let your smartphone call 911. Now a Cincinnati federal appeals court has ruled that if you accidentally butt dial someone you don't have a reasonable expectation of privacy.

Last week, Judge Danny Boggs compared a butt dial (which he calls a pocket-dial) to leaving a window uncovered such that a neighbor or anyone else can peer in. He was deciding an appeal in a case in which an executive on the Cincinnati/Northern Kentucky International Airport board, James Huff, called the CEO's assistant, Carol Spaw, finished the call, put his phone in his pocket, and then unintentionally called her back. During that second call, Huff started talking to another executive about replacing the airport's CEO.* Spaw said hello a few times and tried to get their attention, but they were talking about her boss, so when that didn't work she started recording the 91-minute call and taking detailed notes. Gotta do it.


By the end of call, Huff had met up with his wife, Bertha Huff, and he summarized what he had discussed with the other executive for her—just in case Spaw didn't quite catch it the first time. After the incident, Spaw distributed the recording and her notes to other members of the airport board. The Huffs are the plaintiffs in the lawsuit.

There are a lot of strange things about this butt dial, which occurred in October 2013. As Bloomberg points out, it's unusual not to check your phone for more than an hour, and as Gawker notes, it seems like even when Huff did finally identify the butt dial he didn't actually terminate the call for two minutes. Of course, the difference between leaving your curtains open and calling someone by accident is intent. You open your curtains by choice, or should be able to clearly see that they're open, as opposed to being oblivious to a butt dial. But Boggs wrote, "James Huff lacked a reasonable expectation of privacy in his statements only to the extent that a third-party gained access to those statements through a pocket-dial call that he placed." (Emphasis preserved.)

Boggs notes that there are ways to prevent butt dials, like adding a numeric code or other lock screen. He wrote:

In sum, a person who knowingly operates a device that is capable of inadvertently exposing his conversations to third-party listeners and fails to take simple precautions to prevent such exposure does not have a reasonable expectation of privacy with respect to statements that are exposed to an outsider by the inadvertent operation of that device.

The discussion goes on to say that Bertha Huff did have a reasonable expectation of privacy, because she was speaking with her husband in their hotel room and should be able to expect that he hasn't butt-dialed someone, just like she should be able to expect that he wasn't intentionally recording their conversation. Boggs wrote:

If Bertha waived her reasonable expectation of privacy from pocket-dials by speaking to a person who she knew to carry a pocket-dial-capable device, she would also waive her reasonable expectation of privacy from recordings and transmissions by speaking with anyone carrying a recording-capable or transmission-capable device, i.e., any modern cellphone.

The case will go back to district court to determine whether Spaw is liable for recording Bertha Huff. If you're not already locking your phone for security reasons (you should be), maybe it's time to do it. Your butt can get you in a lot of trouble if you're not careful.

*Correction, July 29: This post originally misidentified a speaker involved in a lawsuit about privacy expectations during cellphone pocket dials. Assistant to the CEO of Cincinnati/Northern Kentucky International Airport Carol Spaw was not talking to an executive during a phone call. Board member James Huff was.

July 27 2015 4:56 PM

Google Finally Admits Defeat on Google Plus

Google is finally going to stop trying to make Plus happen.

The company announced in a blog post Monday that it will no longer force people to use a Google Plus account to log in to other, more popular Google services. That includes YouTube, whose users have been howling for years about the Google Plus requirement. Soon they’ll be able to log in with a plain old Google account.


From Google’s blog post:

When we launched Google Plus, we set out to help people discover, share and connect across Google like they do in real life. While we got certain things right, we made a few choices that, in hindsight, we’ve needed to rethink. So over the next few months, we’re going to be making some important changes.

Those changes include moving Google Plus’s location-sharing features into Google Hangouts and its (surprisingly excellent) photo-storage features into the new Google Photos app. Google also promises to make it easier for non–Google Plus users to delete the Google Plus profiles they never wanted in the first place.

Google is framing the changes as an example of its eagerness to listen and respond to the needs of its users:

People have told us that accessing all of their Google stuff with one account makes life a whole lot easier. But we’ve also heard that it doesn’t make sense for your Google+ profile to be your identity in all the other Google products you use.

That’s a bit rich, however. Google’s users, by and large, never wanted Google Plus in the first place, and they certainly never appreciated being dragooned into it in order to use other Google services that they did want.

So in reality, this is an admission of defeat. Google marshaled all the resources and monopoly power it could muster to build Google Plus into a viable Facebook rival, user backlash be damned. It didn’t work, and the best we can say of Google is that it’s finally acknowledging what has long been obvious to everyone else involved.

This is yet another opportunity for the tech press to declare Google Plus “dead,” but death is a very slow process when it comes to such a large product. Google prefers to call it “a more focused Google Plus experience.” By that it means that the social network will shift emphasis to what might be its only genuine constituency: interest-based communities who use the platform to share news and comments about niche topics like photography, electric cars, and outer space. Google Plus’s new “Collections” feature will let people group their posts by topic and follow topics rather than just other users. Think of it as a sort of male-dominated mini-Pinterest.

That obviously isn’t what Google had in mind when it set out build a Facebook killer. And, given Google’s track record of unceremoniously shuttering niche products, it may not be enough to save the social network in the long run. Still, it’s better than what Google Plus might have eventually become if the company had kept shoving it down users’ throats: a Google killer.

Previously in Slate:

July 27 2015 2:06 PM

These Researchers Just Hacked an Air-Gapped Computer Using a Simple Cellphone

This post originally appeared in Wired.

Wired logo

The most sensitive work environments, like nuclear power plants, demand the strictest security. Usually this is achieved by air-gapping computers from the Internet and preventing workers from inserting USB sticks into computers. When the work is classified or involves sensitive trade secrets, companies often also institute strict rules against bringing smartphones into the workspace, as these could easily be turned into unwitting listening devices.


But researchers in Israel have devised a new method for stealing data that bypasses all of these protections—using the GSM network, electromagnetic waves and a basic low-end mobile phone. The researchers are calling the finding a “breakthrough” in extracting data from air-gapped systems and say it serves as a warning to defense companies and others that they need to immediately “change their security guidelines and prohibit employees and visitors from bringing devices capable of intercepting RF signals,” says Yuval Elovici, director of the Cyber Security Research Center at Ben-Gurion University of the Negev, where the research was done.

The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data. Computers, for example, naturally emit electromagnetic radiation during their normal operation, and cellphones by their nature are “agile receivers” of such signals. These two factors combined create an “invitation for attackers seeking to exfiltrate data over a covert channel,” the researchers write in a paper about their findings.

The research builds on a previous attack the academics devised last year using a smartphone to wirelessly extract data from air-gapped computers. But that attack involved radio signals generated by a computer’s video card that get picked up by the FM radio receiver in a smartphone.

The new attack uses a different method for transmitting the data and infiltrates environments where even smartphones are restricted. It works with simple feature phones that often are allowed into sensitive environments where smartphones are not, because they have only voice and text-messaging capabilities and presumably can’t be turned into listening devices by spies. Intel’s manufacturing employees, for example, can only use “basic corporate-owned cell phones with voice and text messaging features” that have no camera, video, or Wi-Fi capability, according to a company white paper citing best practices for its factories. But the new research shows that even these basic Intel phones could present a risk to the company.

“[U]nlike some other recent work in this field, [this attack] exploits components that are virtually guaranteed to be present on any desktop/server computer and cellular phone,” they note in their paper.

Though the attack permits only a small amount of data to be extracted to a nearby phone, it’s enough to allow exfiltration of passwords or even encryption keys in a minute or two, depending on the length of the password. But an attacker wouldn’t actually need proximity or a phone to siphon data. The researchers found they could also extract much more data from greater distances using a dedicated receiver positioned up to 30 meters away. This means someone with the right hardware could wirelessly exfiltrate data through walls from a parking lot or another building.

Although someone could mitigate the first attack by simply preventing all mobile phones from being brought into a sensitive work environment, to combat an attack using a dedicated receiver 30 meters away would require installing insulated walls or partitions.

The research was conducted by lead researcher Mordechai Guri, along with Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, and Elovici. Guri will present their findings next month at the Usenix Security Symposium in Washington, DC. A paper describing their work has been published on the Usenix site, though it’s currently only available to subscribers. A video demonstrating the attack has also been published online.

Data leaks via electromagnetic emissions are not a new phenomenon. So-called TEMPEST attacks were discussed in an NSA article in 1972. And about 15 years ago, two researchers published papers demonstrating how EMR emissions from a desktop computer could be manipulated through specific commands and software installed on the machine.

The Israeli researchers built on this previous knowledge to develop malware they call GSMem, which exploits this condition by forcing the computer’s memory bus to act as an antenna and transmit data wirelessly to a phone over cellular frequencies. The malware has a tiny footprint and consumes just 4 kilobytes of memory when operating, making it difficult to detect. It also consists of just a series of simple CPU instructions that don’t need to interact with the API, which helps it to hide from security scanners designed to monitor for malicious API activity.

The attack works in combination with a root kit they devised, called the ReceiverHandler, that gets embedded in the baseband firmware of the mobile phone. The GSMem malware could be installed on the computer through physical access or through interdiction methods—that is, in the supply chain while it is enroute from the vendor to the buyer. The root kit could get installed through social engineering, a malicious app or through physical access to the targeted phone.

The Nitty Gritty

When data moves between the CPU and RAM of a computer, radio waves get emitted as a matter of course. Normally the amplitude of these waves wouldn’t be sufficient to transmit messages to a phone, but the researchers found that by generating a continuous stream of data over the multi-channel memory buses on a computer, they could increase the amplitude and use the generated waves to carry binary messages to a receiver.

Multi-channel memory configurations allow data to be simultaneously transferred via two, three, or four data buses. When all these channels are used, the radio emissions from that data exchange can increase by 0.1 to 0.15 dB.

The GSMem malware exploits this process by causing data to be exchanged across all channels to generate sufficient amplitude. But it does so only when it wants to transmit a binary 1. For a binary 0, it allows the computer to emit at its regular strength. The fluctuations in the transmission allow the receiver in the phone to distinguish when a 0 or a 1 is being transmitted.

“A ‘0’ is determined when the amplitude of the signal is that of the bus’s average casual emission,” the researchers write in their paper. “Anything significantly higher than this is interpreted as a binary ‘1’.”

The receiver recognizes the transmission and converts the signals into binary 1s and 0s and ultimately into human-readable data, such as a password or encryption key. It stores the information so that it can later be transmitted via mobile-data or SMS or via Wi-Fi if the attack involves a smartphone.

The receiver knows when a message is being sent because the transmissions are broken down into frames of sequential data, each composed of 12 bits, that include a header containing the sequence “1010.” As soon as the receiver sees the header, it takes note of the amplitude at which the message is being sent, makes some adjustments to sync with that amplitude, then proceeds to translate the emitted data into binary. They say the most difficult part of the research was designing the receiver malware to decode the cellular signals.

For their test, the researchers used a nine-year-old Motorola C123 phone with Calypso baseband chip made by Texas Instruments, which supports 2G network communication, but has no GPRS, Wi-Fi, or mobile data capabilities. They were able to transmit data to the phone at a rate of 1 to 2 bits per second, which was sufficient to transmit 256-bit encryption keys from a workstation.

They tested the attack on three work stations with different Microsoft Windows, Linux, and Ubuntu configurations. The experiments all took place in a space with other active desktop computers running nearby to simulate a realistic work environment in which there might be a lot of electromagnetic noise that the receiver has to contend with to find the signals it needs to decode.

Although the aim of their test was to see if a basic phone could be used to siphon data, a smartphone would presumably produce better results, since such phones have better radio frequency reception. They plan to test smartphones in future research.

But even better than a smartphone would be a dedicated receiver, which the researchers did test. They were able to achieve a transmission rate of 100 to 1,000 bits per second using a dedicated hardware and receiver from up to 30 meters away, instead of a proximity phone. They used GNU-Radio software, a software-defined radio kit, and an Ettus Research Universal Software Radio Peripheral B210.

Although there are limits to the amount of data any of these attacks can siphon, even small bits of data can be useful. In addition to passwords, an attacker could use the technique to siphon the GPS coordinates of sensitive equipment to determine its location—for example, a computer being used to operate a covert nuclear program in a hidden facility. Or it could be used to siphon the RSA private key that the owner of the computer uses to encrypt communications.

“This is not a scenario where you can leak out megabytes of documents, but today sensitive data is usually locked down by smaller amounts of data,” says Dudu Mimran, CTO of the Cyber Security Research Center. “So if you can get the RSA private key, you’re breaking a lot of things.”

See also:

July 24 2015 5:17 PM

Anonymous Claims Responsibility for Census Bureau Hack

The hacking collective Anonymous says it is responsible for a breach of the United States Census Bureau's nonconfidential networks. The group tweeted about the attack on Wednesday and began posting links to troves of data and documents it had obtained.

The data includes usernames and work phone numbers/email addresses for the bureau's 4,200 employees, plus some names and job titles, information about who works in which department, and lists of internal IP addresses. As the Register points out, most of this information was already available online.


The bureau told the Register and Business Insider in a statement:

The US Census Bureau is investigating an IT security incident relating to unauthorized access to non-confidential information on an external system that is not part of the Census Bureau internal network. Access to the external system has been restricted while our IT forensics team investigates.
Security and data stewardship are integral to the Census Bureau mission. We will remain vigilant in continuing to take every necessary precaution to protect all information.

Anonymous says that the hack is in protest of Obama administration trade negotiations related to the Trans-Pacific Partnership, or TPP, and Transatlantic Trade and Investment Partnership, or TTIP. In a story about the negotiations published Friday, the Economist explained:

Gauging the exact benefits of the TPP is tricky, not least because the trade talks are still confidential. Critics have bemoaned the lack of disclosure but conducting negotiations in the open would have been a sure way to undermine them. Governments will have several months to review the final deal before deciding whether to give their assent.

Though the breach isn't as severe as the OPM hack disclosed last month, it evokes familiar feelings and potentially exposes the Census Bureau to more intense and refined phishing attempts. Monzy Merza, a security specialist at the data analysis firm Splunk, said in an email statement, "My real concern is that [the OPM hack] desensitized the public and government officials to smaller but still damaging breaches like the attack on the Census Bureau. ... Organizations need to understand who is accessing their networks, from where, and for how long."

Maybe in August we can try going a whole month without a government hack.