CES – or the International Consumer Electronics Show to give its full name – is in full swing and I’m here in Las Vegas making some sense of the tech gifts we’ll be unwrapping in Christmas 2016 and beyond.
As expected virtual reality, unmanned aerial vehicles (okay, drones), connected home/internet of things and wearables are all well represented here, as is the motoring industry with major announcements on driverless cars, electric vehicles and more from the likes of Ford, Toyota and newcomer Faraday Future.
Here’s a quick hit of one of my live reports for the Mark Forrest show on BBC radio broadcast midway through press day:
Make no mistake, hoverboards have been the hot technology of 2015.
Fuelled by Back to the Future fever and celebrity spots with Jamie Foxx, Justin Bieber et al, self-balancing scooters (to give them their proper name) have proven so popular with the public that online auction site eBay reported sales of one every twelve seconds earlier in December.
On Thursday I joined the ITV Good Morning Britain team to talk through the hoverboard phenomenon and the growing safety concerns that have led retailers around the world to stop selling and start refunding.
Negotiating an obstacle course on a hoverboard in windy conditions while answering Ben Shephard’s questions live on national television? No sweat!
There are two powerful safety angles to this story:
First up, hoverboards are heavy, powerful vehicles requiring skill, balance and practice to master. Unlike a Segway – considered the hoverboard’s forebear by many – there are no handlebars here, it’s just a motorised sideways skateboard.
Like the Segway, however, it is illegal to ride hoverboards on public streets and pavements in the UK. When the Crown Prosecution Service issued a statement reinforcing this guidance in October some argued the law (derived from the Highway Act of 1835 in England and Wales) was overbearing and heavy-handed. Then, last week, a 15 year-old lost control and was killed, run over by a London bus after losing balance on a hoverboard.
The other safety angle is the construction of the boards themselves. Leaping aboard the lucrative coat-tails of the hoverboard craze far-east manufacturers have mass produced hoverboards to lower price points with inevitable corner-cutting. Sadly, these short-cuts have been potentially lethal, with basic safety standards and common sense all but ignored. The main flashpoint has been the electronics.
One problem is that lithium-ion batteries used are notoriously unstable unless properly shielded. Major airlines are refusing to carry hoverboards in hold or checked luggage for risk of the batteries catching fire mid-flight. The other problem is that to keep costs low manufacturers are choosing to ship hoverboards with inferior quality poorly-shielded batteries, without thermal cutout circuitry or fuses in their plugs. Outcomes have included spontaneous explosions and fires and have been well-documented in various social media and the mainstream press. National Trading Standards claims to have examined thousands of self-balancing scooters at UK borders since October, with 88% (15,000) assessed to be unsafe and detained.
Eager to avoid a PR horror story major retailers have been quick to ground hoverboards, pulling stock from shelves and issuing health and safety advisories faster than you can say Great Scott. Amazon has been issuing automated refunds to customers and advising to dispose of hoverboards in WEEE approved sites.
In the wake of the VTech hack I answer ITV Good Morning Britain viewers’ concerns on the safety of their kids’ personal details.
Another week, another high-profile online hack.
In August 2015 the Ashley Madison scandal climbed the mainstream news agenda based largely on how the outed data transcended the all-too-commonplace bank details and password leaks.
The breach of tech-toy manufacturer VTech’s data last week has achieved a similar degree of infamy: six million sets of children’s personal details – including photos and chat transcripts – were swiped with apparent ease.
It’s of scant consolation that the hacker chose to share the story (and data) with a journalist rather than the denizens of the dark web: the Hong Kong firm hadn’t a clue that its online defences had even been breached until the journalist contacted them, begging the question of whether VTech’s website has been breached before? Nobody, not even VTech, can be sure.
The very nature of the VTech hack is disappointing but, if there is a positive, also a cautionary tale for remainder of the online industry.
‘SQL injection’ attacks are the oldest in the book, literally child’s play to execute, with plug-and-play exploitation toolkits and tutorials freely available online.
Like TalkTalk before it, VTech should have known better. As well as poorly-secured passwords (hashed with fatally insecure MD5 but not salted, therefore crackable with little more than a Google search) were plain-text secret questions and non-existent SSL security, all of which indicates a business quite simply not taking seriously its duty of care with users’ most sensitive data.
That in 2015 high-profile online services are still open to rudimentary exploitation signifies – to me at least – a distinct immaturity of the web as a whole. If any good comes of this attack it will be the wake-up call to other service providers to get real with their online security.
While VTech might make it through the immediate blip in its seasonal sales, time will tell whether it can survive the longer reputational damage. I hope so: as a parent I’ve found VTech’s tech toys to be among the best in class. I just hope it now takes less of a toy-town approach to its online services and its users’ data.
In the same Good Morning Britain episode I also talked viewers through how to enable parental restrictions, controls and security measures for other Christmas gadgets – the full story is available on the ITV website.
October is National Home Security Month, the last week of which is Smart Home Security Week. Writing once again for The Metro newspaper I revealed six app-connected cameras for your connected home that give you piece of mind and, if necessary, help to catch crooks red-handed.
Amongst those I reviewed were flyaway Kickstarter success story Canary, home security heavyweight Piper nv and the innovative app-only Manything, which helps you to put to old smartphones to good use.
“Hello, this is Mark, I’m calling from the Windows Technical Department. We have identified a problem with your computer…”
Have you ever received a phone call that begins like this? I have, too many times to count. The so-called ‘Microsoft Tech Support Scam’ is almost as old as the internet itself but, like a nasty virus, it refuses to go away. I’ve just filmed an investigation for the new series of BBC Watchdog to highlight the how the scam works and catch the fraudsters red-handed.
Despite being plagued by these calls, I am fortunate; I know that they are almost certainly from scammers intent on stealing my money, personal details or identity. However, thousands of people do fall victim to this fraud every year with many hundreds of thousands of pounds reported stolen in the UK alone.
According to the National Fraud Intelligence Bureau (NFIB) the average victim of ‘Computer Software Service Fraud’ will be 59 years old and £210 worse off as a result of the crime, although some report losses of up to £6,000. As with many nuisance calls these criminals work on volume, and for every one hundred calls they make, if only one is successful then it will have been worthwhile.
In the past legal action against the perpetrators has proved difficult (although there have been some successes) but by showing Watchdog viewers what to look out for we hoped to raise awareness and reduce the number of victims.
We decided the best way to do this was to capture the scam in action for the cameras — a first for UK television, we think, and no mean feat given how difficult it is to track down the fraudsters. What happened next was quite intense…
You can watch the full report here.
Watchdog Scams the Tech Support Scammers broadcasts on BBC1 at 7.30pm on Thursday 29th October 2015.
Of all the high-profile hacks and leaks of 2015 the TalkTalk Data Breach in October may prove to be one of the most significant yet, potentially impacting all four million of its UK customers.
While details of the breach are still emerging the leaked data appears to include unencrypted names, addresses, email addresses, bank account/credit card information, customer account numbers and more.
The ‘significant and sustained’ cyberattack, likely using a DDOS (distributed denial of service) attack as a smokescreen for their chosen method of entry and extraction, shows the hallmarks of highly-organised cybercrime.
Sadly, this isn’t the first time that the UK telco’s customers have had their personal details sneaked out of the back door. Data leaks in November 2014 and August 2015 exposed information that has been used to successfully defraud customers of thousands of pounds with phishing and vishing attacks.
- Treat incoming telephone calls purporting to be from a service provider – TalkTalk or otherwise – as potentially toxic. Regardless of any account number or information quoted, or the telephone number called from (Call Line IDs are easy to spoof), in my opinion phishing and vishing fraud is now so common that incoming calls are impossible to trust. A reputable/genuine caller will quite understand any concerns and give you an option to call back on a verified number found on your (for example) bank statement or the firm’s main website (not a link they send). However, make sure you call back from another number (maybe a mobile if you have one – but check call charges) or ensure your landline has been cleared first (wait 5 minutes or call a friend first).
- Check your bank statements, credit card bills and any online payment service accounts (eg Paypal). If there are any transactions you don’t recognise, no matter how small, query them. And then keep checking them – this is good practice anyway.
- Check and change your passwords, particularly if you use the same password as your TalkTalk account across any other accounts? Email, social network, PayPal, auction sites etc?
TalkTalk has a dedicated page to keep those concerned updated with the latest news and advice on the data breach: http://help2.talktalk.co.uk/oct22incident
BBC Rip Off Britain LIVE returns for a second year to The One Show studios in Central London, and once again I will be on-hand to answer more viewers’ consumer technology questions. Last year I spoke about contactless payments and passwords – this year it’s online gaming.
In the first show of the week-long series I’m due to talk about how online gamers are increasingly being targeted by ‘bounty hunters’ eager to hijack their account to gain access to their games, achievements or even their credit card details (bear in mind that the show is live so anything could happen instead…!).
In a plot that quickly begins to sound like a video game in its own right, the fraudsters use a variety of tactics to trick high-value gamers into revealing their login details so that their gaming accounts and virtual identities can be stolen and sold on for real cash.
Earlier in the series Rip Off Britain spoke with two disgruntled gamers whose Sony Playstation accounts had apparently been hijacked, but other gaming platforms can be hot targets too. With over 4,500 games and 125 million gamers, PC gaming platform Steam is one of the largest gaming networks around and, inevitably, it is also a target for scammers.
Despite a well-publicised security flaw identified in July 2015 Steam generally has a sound reputation for security of its users’ data. However, this hasn’t stopped gamers from having their accounts compromised — in fact, the majority of fraud appears to be as a result of phishing and social engineering rather than any hacks of either Steam’s or its users’s systems.Posts like this on gamebanana go into some detail on the social engineering methods that scammers have successfully used to hijack accounts. It describes how scammers have used in-game instant messaging to pose as Steam administrators warning (ironically) that their account has been hacked and needs to be regenerated.
The post may be several years old, but sadly the same tactics are still in use. More recent scams may attempt to install malware onto your PC or into your browser, but they all involve convincing you to click a link or reveal your account information. Here’s another incredibly useful post that shows some scams in action, along with how to spot a Steam scam.
Steam Community: Avoiding Common Scams:
Vigilance, it seems, is the best defence, along with basic awareness of the tactics employed by the scammers.
But if you find yourself a victim of Steam account jacking then help is at hand – in fact, Steam has a special form to help recover stolen and hijacked accounts:
Recovering a Stolen or Hijacked Steam Account:
However, Valve bosses do acknowledge that Steam’s current customer service is far from good enough, with support tickets seemingly going unanswered or ignored, but it is working hard to remedy it.
Valve Explains Why Steam Customer Service Is Still Terrible:
Questions will inevitably be asked whether Valve, the parent company behind Steam, is active enough in trying to prevent this kind of fraud. In response Steam is currently introducing a two-factor authentication mechanism, Steam Guard Mobile Authenticator, which in theory should reduce some fraud.
Rip Off Britain LIVE airs on BBC1 from 9.15 until 10am from Monday 19th to Friday 23rd October 2015.
September is one of the busiest periods in the technology calendar as manufacturers race to announce and release the consumer products they hope will make their Christmas a happy one.
Not only a great time of year to be working in technology but a great time to be reporting on it too. Over the last few weeks I’ve joined the technology desk at International Business Times UK to report on breaking news from Apple, Samsung, Sony and more.
Alongside announcements of new smartphones, tablets and watches I wrote about topics as diverse as Virtual Reality video and fallen enterprise mobile player Blackberry and its attempts to remain relevant.
However, I want to share a couple of video stories here. First up is my bite-sized take on the major announcements at IFA 2015:
New smartphone announcements by Apple are a highlight for many tech-watchers but, frankly, they do go on a bit. I produced an extremely cut-down version of the Apple press conference revealing everything you need to know in roughly three minutes – saving you about an hour and forty minutes of your life.