Loading

Category: The Latest

1451 posts
On
Posted on
in category

Drone sighting at Germany’s busiest airport grounds flights for about an hour

22 views
Comments are closed Drone sighting at Germany’s busiest airport grounds flights for about an hour Comments are closed

A drone sighting caused all flights to be suspended at Frankfurt Airport for around an hour this morning. The airport is Germany’s busiest by passenger numbers, serving almost 14.8 million passengers in the first three months of this year.

In a tweet sent after flights had resumed the airport reported that operations were suspended at 07:27, before the suspension was lifted at 08:15, with flights resuming at 08:18.

It added that security authorities were investigating the incident.

A report in local press suggests more than 100 takeoffs and landings were cancelled as a result of the disruption caused by the drone sighting.

It’s the second such incident at the airport after a drone sighting at the end of March also caused flights to be suspended for around half an hour.

Drone sightings near airports have been on the increase for years as drones have landed in the market at increasingly affordable prices, as have reports of drone near misses with aircraft.

The Frankfurt suspension follows far more major disruption caused by repeat drone sightings at the UK’s second largest airport, Gatwick Airport, late last year — which caused a series of flight shutdowns and travel misery for hundreds of thousands of people right before the holiday period.

The UK government came in for trenchant criticism immediately afterwards, with experts saying it had failed to listen and warnings about the risks posed by drone misuse. A planned drone bill has also been long delayed, meaning new legislation to comprehensively regulate drones has slipped.

In response to the Gatwick debacle the UK government quickly pushed through an expansion of existing drone no-fly zones around airports after criticism by aviation experts — beefing up the existing 1km exclusion zone to 5km. It also said police would get new powers to tackle drone misuse.

In Germany an amendment to air traffic regulations entered into force in 2017 that prohibits drones being flown within 1.5km of an airport. Drones are also banned from being flown in controlled airspace.

However with local press reporting rising drone sightings near German airports, with the country’s Air Traffic Control registering 125 last year (31 of which were around Frankfurt), the 1.5km limit looks similarly inadequate.

Article Source

 

On
Posted on
in category

Non-invasive glucose monitor EasyGlucose takes home Microsoft’s Imagine Cup and $100K

21 views
Comments are closed Non-invasive glucose monitor EasyGlucose takes home Microsoft’s Imagine Cup and $100K Comments are closed

Microsoft’s yearly Imagine Cup student startup competition crowned its latest winner today: EasyGlucose, a non-invasive, smartphone-based method for diabetics to test their blood glucose. It and the two other similarly beneficial finalists presented today at Microsoft’s Build developers conference.

The Imagine Cup brings together winners of many local student competitions around the world with a focus on social good and, of course, Microsoft services like Azure. Last year’s winner was a smart prosthetic forearm that uses a camera in the palm to identify the object it is meant to grasp. (They were on hand today as well, with an improved prototype.)

The three finalists hailed from the U.K., India, and the U.S.; EasyGlucose was a one-person team from my alma mater UCLA.

EasyGlucose takes advantage of machine learning’s knack for spotting the signal in noisy data, in this case the tiny details of the eye’s iris. It turns out, as creator Brian Chiang explained in his presentation, that the iris’s “ridges, crypts, and furrows” hide tiny hints as to their owner’s blood glucose levels.

EasyGlucose presents at the Imagine Cup finals.

These features aren’t the kind of thing you can see with the naked eye (or rather, on the naked eye), but by clipping a macro lens onto a smartphone camera Chiang was able to get a clear enough image that his computer vision algorithms were able to analyze them.

The resulting blood glucose measurement is significantly better than any non-invasive measure and more than good enough to serve in place of the most common method used by diabetics: stabbing themselves with a needle every couple hours. Currently EasyGlucose gets within 7 percent of the pinprick method, well above what’s needed for “clinical accuracy,” and Chiang is working on closing that gap. No doubt this innovation will be welcomed warmly by the community, as well as the low cost: $10 for the lens adapter, and $20 per month for continued support via the app.

It’s not a home run, or not just yet: Naturally, a technology like this can’t go straight from the lab (or in this case the dorm) to global deployment. It needs FDA approval first, though it likely won’t have as protracted a review period as, say, a new cancer treatment or surgical device. In the meantime, EasyGlucose has a patent pending, so no one can eat its lunch while it navigates the red tape.

As the winner, Chiang gets $100,000, plus $50,000 in Azure credit, plus the coveted one-on-one mentoring session with Microsoft CEO Satya Nadella.

The other two Imagine Cup finalists also used computer vision (among other things) in service of social good.

Caeli is taking on the issue of air pollution by producing custom high-performance air filter masks intended for people with chronic respiratory conditions who have to live in polluted areas. This is a serious problem in many places that cheap or off-the-shelf filters can’t really solve.

It uses your phone’s front-facing camera to scan your face and pick the mask shape that makes the best seal against your face. What’s the point of a high-tech filter if the unwanted particles just creep in the sides?

Part of the mask is a custom-designed compact nebulizer for anyone who needs medication delivered in mist form, for example someone with asthma. The medicine is delivered automatically according to the dosage and schedule set in the app — which also tracks pollution levels in the area so the user can avoid hot zones.

Finderr is an interesting solution to the problem of visually impaired people being unable to find items they’ve left around their home. By using a custom camera and computer vision algorithm, the service watches the home and tracks the placement of everyday items: keys, bags, groceries, and so on. Just don’t lose your phone, since you’ll need that to find the other stuff.

You call up the app and tell it (by speaking) what you’re looking for, then the phone’s camera it determines your location relative to the item you’re looking for, giving you audio feedback that guides you to it in a sort of “getting warmer” style, and a big visual indicator for those who can see it.

After their presentations, I asked the creators a few questions about upcoming challenges, since as is usual in the Imagine Cup, these companies are extremely early stage.

Right now EasyGlucose is working well but Chiang emphasized that the model still needs lots more data and testing across multiple demographics. It’s trained on 15,000 eye images but many more will be necessary to get the kind of data they’ll need to present to the FDA.

Finderrr recognizes all the images in the widely used ImageNet database, but the team’s Ferdinand Loesch pointed out that others can be added very easily with 100 images to train with. As for the upfront cost, the U.K. offers a 500-pound grant to visually-impaired people for this sort of thing, and they engineered the 360-degree ceiling-mounted camera to minimize the number needed to cover the home.

Caeli noted that the nebulizer, which really is a medical device in its own right, is capable of being sold and promoted on its own, perhaps licensed to medical device manufacturers. There are other smart masks coming out, but he had a pretty low opinion of them (not strange in a competitor but there isn’t some big market leader they need to dethrone). He also pointed out that in the target market of India (from which they plan to expand later) isn’t as difficult to get insurance to cover this kind of thing.

While these are early-stage companies, they aren’t hobbies — though admittedly many of their founders are working on them between classes. I wouldn’t be surprised to hear more about them and others from Imagine Cup pulling in funding and hiring in the next year.

Article Source

 

On
Posted on
in category

Samsung spilled SmartThings app source code and secret keys

22 views
Comments are closed Samsung spilled SmartThings app source code and secret keys Comments are closed

A development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects — including its SmartThings platform, a security researcher found.

The electronics giant left dozens of internal coding projects on a GitLab instance hosted on a Samsung-owned domain, Vandev Lab. The instance, used by staff to share and contribute code to various Samsung apps, services and projects, was spilling data because the projects were set to “public” and not properly protected with a password, allowing anyone to look inside at each project, access, and download the source code.

Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk who discovered the exposed files, said one project contained credentials that allowed access to the entire AWS account that was being used, including over a hundred S3 storage buckets that contained logs and analytics data.

Many of the folders, he said, contained logs and analytics data for Samsung’s SmartThings and Bixby services, but also several employees’ exposed private GitLab tokens stored in plaintext, which allowed him to gain additional access from 42 public projects to 135 projects, including many private projects.

Samsung told him some of the files were for testing but Hussein challenged the claim, saying source code found in the GitLab repository contained the same code as the Android app, published in Google Play on April 10.

The app, which has since been updated, has more than 100 million installs to date.

“I had the private token of a user who had full access to all 135 projects on that GitLab,” he said, which could have allowed him to make code changes using a staffer’s own account.

Hussein shared several screenshots and a video of his findings for TechCrunch to examine and verify.

The exposed GitLab instance also contained private certificates for Samsung’s SmartThings’ iOS and Android apps.

Hussein also found several internal documents and slideshows among the exposed files.

“The real threat lies in the possibility of someone acquiring this level of access to the application source code, and injecting it with malicious code without the company knowing,” he said.

Through exposed private keys and tokens, Hussein documented a vast amount of access that if obtained by a malicious actor could have been “disastrous,” he said.

A screenshot of the exposed AWS credentials, allowing access to buckets with GitLab private tokens. (Image: supplied).

Hussein, a white-hat hacker and data breach discoverer, reported the findings to Samsung on April 10. In the days following, Samsung began revoking the AWS credentials but it’s not known if the remaining secret keys and certificates were revoked.

Samsung still hasn’t closed the case on Hussein’s vulnerability report, close to a month after he first disclosed the issue.

“Recently, an individual security researcher reported a vulnerability through our security rewards program regarding one of our testing platforms,” Samsung spokesperson Zach Dugan told TechCrunch when reached prior to publication. “We quickly revoked all keys and certificates for the reported testing platform and while we have yet to find evidence that any external access occurred, we are currently investigating this further.”

Hussein said Samsung took until April 30 to revoke the GitLab private keys. Samsung also declined to answer specific questions we had and provided no evidence that the Samsung-owned development environment was for testing.

Hussein is no stranger to reporting security vulnerabilities. He recently disclosed a vulnerable back-end database at Blind, an anonymous social networking site popular among Silicon Valley employees — and found a server leaking a rolling list of user passwords for scientific journal giant Elsevier.

Samsung’s data leak, he said, was his biggest find to date.

“I haven’t seen a company this big handle their infrastructure using weird practices like that,” he said.

Read more:

Article Source