The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday November 6, 2019

Police Scotland has unveiled a new aerial drone system to assist them in searches for missing and vulnerable people.

Police Scotland has unveiled a new aerial drone system to assist them in searches for missing and vulnerable people.

The remotely-piloted aircraft system (RPAS) can see things we can't to try to work out where people are.

It uses advanced cameras and neural computer networks to spot someone it is looking for - from "a speck" up to 150 metres away.

Its recognition software is compact enough to be run on a phone, with the technology learning as it goes.

Nicholas Whyte, of Police Scotland's air support unit says, "The drone itself has very special sensors on it. There's a very highly-powered optical camera which can allow us to see things quite clearly from a good height. Also, there's a thermal imaging sensor which detects heat."

He also reminds the public that this technology is not for invading privacy or spying. "We're there to find people. People who need our help or people who are lost."

Drones are an becoming a common sight. Outwardly, this one looks no different from others, apart from a flashing blue light.

But the data this drone gathers is processed in real time. The software can discern a person, animal or vehicle from just a handful of pixels in a huge moving colour image.

How? Because they taught it to.

Prof Carl Schaschke, dean of the School of Computing, Engineering and Physical Sciences at UWS, said it could spot someone from up to 150 metres away.

He said, "It does that by being shown images, multiple images, time and time again until it recognises what the objects are from pretty much any orientation."

The term artificial intelligence may conjure up images of Terminator-like thinking robots.

But in this case it means a machine that can learn.

The team taught it using hundreds of hours of footage of police officers in different clothing, positions and situations.

And there's another breakthrough.

Prof Schaschke said, "It doesn't require sophisticated supercomputing. It really is quite a low-cost approach to this - it simply uses a mobile phone."

A search needs just two police officers to operate it: one to fly the drone, the other to use the recognition software.

Police Scotland has already deployed three of the drones across Scotland and the system's formal launch will come on Thursday in Glasgow.

Source: www.bbc.com

Sent to us by: Roy W. Nash

After initially denying it, the Nuclear Power Corporation of India has now confirmed that their network of nuclear power plants has been hacked.

After initially denying it, the Nuclear Power Corporation of India has now confirmed that their network of nuclear power plants has been hacked.

Malware had been found on the administrative network of the Kudankulam Nuclear Power Plant. The admission came a day after the company issued a denial that any attack would affect the plant's control systems.

The breach was first detected on September 4th.

Associate Director A. K. Nema stated, "The matter was immediately investigated by [India Department of Atomic Energy] specialists. The investigation revealed that the infected PC belonged to a user who was connected to the Internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored."

It's not clear if data was stolen from the network. But the nuclear power plant was not the only facility reported being compromised. When asked why he called the malware attack an act of war, threat analyst Pukhraj Singh, a former analyst for India's National Technical Research Organization, said, "It was because of the second target, which I can't disclose as of now."

While the attack may not have given direct access to nuclear power control networks, it could have been part of an effort to establish a persistent presence on the nuclear plant's networks.

As a paper published in May by the International Committee of the Red Cross on the human cost of cyber operations pointed out, “the majority of the computer devices in the world are only one or two steps away from a trusted system that a determined attacker could compromise."

The paper points out that "preemptive compromise of trusted systems would make attacks significantly easier," and that establishing a persistent presence on a network could aid in things such as supply-chain attacks—attempts to use software update processes or other potential opportunities to move to isolated networks to deliver an attack in the future.

While the administrative network of the Nuclear Power Corporation was likely not a good route for such an attack given standards for nuclear control systems security, it certainly could provide information about maintenance operations that would be useful for espionage—or for a future attempted cyber-attack.

Source: arstechnica.com

Sent to us by: Roy W. Nash

Amidst an already rocky ship following their response to US sanctions in Venezuela, Adobe continues to falter in the eyes of users, making a security blunder that exposed around 7.5 million user records to the public.

Amidst an already rocky ship following their response to US sanctions in Venezuela, Adobe continues to falter in the eyes of users, making a security blunder that exposed around 7.5 million user records to the public.

Security researcher Bob Diachenko, together with Comparitech, discovered the unsecured database. Adobe had left the data of its users on a publicly accessible server.

Specifically, the researchers discovered an unsecured Elasticsearch database containing data of Adobe Creative Cloud users. Anyone with access to the internet could easily view the data without requiring any authentication.

The unprotected server contained around 7.5 million records of the users. The data included personal information of the individuals, such as email addresses, Member ID, country, date of account creation, subscription status, payment status, Adobe products in use, and time since last login. It also leaked information about whether the user is an Adobe employee or not.

Despite the explicit personal information it leaked, the unsecured database did not expose any financial data or passwords.

The researchers discovered the unsecured database on October 19, 2019. Upon discovering the database, they immediately notified Adobe about it. Following their report, the company secured the database the same day.

However, Diachenko estimates that the database remained publicly accessible for about a week. It also remains unconfirmed whether anyone else has accessed the database during this time.

Comparitech's report states, "The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams. Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example."

Users should remain very careful, and be overly skeptical if they receive any emails that appear to be from Adobe, especially if it asks for passwords or sensitive data, or requires the user to click a link or call a phone number.

Source: latesthackingnews.com

Sent to us by: Roy W. Nash

An interesting and unexpected flaw in how smart devices work has turned up as five months after returning a rental car, the customer discovered that he can still track the vehicle, lock and unlock it, and even start and stop its engine.

An interesting and unexpected flaw in how smart devices work has turned up as five months after returning a rental car, the customer discovered that he can still track the vehicle, lock and unlock it, and even start and stop its engine.

When Masamba Sinclair rented a Ford Expedition from Enterprise Rent-a-Car last May, he was excited to connect it to FordPass. The app allows drivers to use their phones to remotely start and stop the engine, lock and unlock the doors, and track the vehicle's precise location.

He says, "I enjoyed it and logged into FordPass to be able to access vehicle features from my phone such as locking, unlocking, and starting the engine. I liked the idea of it more than I found it useful. The UI does look good and work well, though."

Now, Sinclair's opinion of mobile apps in rental cars is decidedly less favorable. That's because, five months after he returned the vehicle on May 31, his app continues to have control over the vehicle. Despite multiple other people renting the SUV in the intervening months, FordPass still allows Sinclair to track the location of the vehicle, lock and unlock it, and start or stop its engine. Sinclair has brought the matter to Ford's attention, both through its website and multiple times on Twitter. So far, Ford has done nothing to kill his access.

He says of the setup, "All it took was me downloading the app and entering the VIN, then confirming connectivity through the infotainment system."

While he believes there is probably a way to disassociate his phone from the car itself, he's right in thinking it's crazy to put the onus on renters to have to do that. Not to mention the security questions that raises.

Source: arstechnica.com

Sent to us by: Roy W. Nash