Warning over medical implant attacks

Many medical implants are vulnerable to attacks that could threaten their users' lives, according to studies.

Security researchers have developed attacks that locate and compromise implants used to manage conditions such as diabetes and heart disease.
One attack identified a radio signal that, if re-broadcast, would have switched off a heart defibrillator.
Researchers say more work needs to be done to secure implants and protect against malicious actions.
Radio grab For increasing numbers of people an active life is only possible thanks to a medical implant that monitors their vital signs and which intervenes when needed.
Pacemakers that regulate heart beats, pumps that deliver insulin and defibrillators that watch for abnormal cardiac rhythms are being fitted to many more people to help them manage these chronic conditions.
Barnaby Jack, a researcher at security firm McAfee, has discovered that the wireless links used to interrogate and update these devices left them open to attack.

In two weeks of work he found a way to scan for and compromise insulin pumps that communicate wirelessly.

"We can influence any pump within a 300ft [91m] range," Mr Jack told the BBC. "We can make that pump dispense its entire 300 unit reservoir of insulin and we can do that without requiring its ID number."
Mr Jack said diabetics typically needed a dose of 5-10 units of insulin after a heavy meal to help regulate blood sugar. Making the device empty its cartridge into a host's bloodstream would cause "deep trouble".
In similar work Prof Kevin Fu, a computer scientist at the University of Massachusetts Amherst, has found that is possible to capture a signal that controls the working of a heart defibrillator.
During his research Prof Fu discovered that implanted defibrillators are tested using a specific radio signal when first placed inside a patient. The signal turns the device on and off.
Lab work revealed that it was possible to capture this signal as it was broadcast. Re-broadcasting it turned off a device close by.
Prof Fu said the limited battery life of medical devices meant they could not use any authentication or encryption to protect signals passing to and from the device - leaving them open to attack in the future.

Many hearts are kept beating thanks to a medical implant

"Patients are much better off with these devices than without," said Prof Fu, but added that the work he and others were doing was signalling forthcoming problems that needed to be addressed now.
"Future devices will be much more connected, much more connected to the internet and will have much more use of wireless technology," he said.
Manufacturers needed to think about security as they designed products and harden them against future problems, he said.
"There is no silver bullet, it's not that these problems are easy to address," he said. "But there is technology available to reduce these risks significantly."
The UK's Medicines and Healthcare products Regulatory Agency said it had never received any reports of medical implants being hacked.
"We closely monitor the safety and performance of all medical devices and take action to ensure the safety of patients," said an MHRA spokesman.

US sues Apple and publishers over e-book prices

Technology giant Apple and major book publishers are being sued by the US Department of Justice over the pricing of e-books.

The US accuses Apple and Hachette, HarperCollins, Macmillan, Simon and Schuster and Penguin of colluding over the prices of e-books they sell.
This lawsuit is over the firms' move to the agency model where publishers rather than sellers set prices.
But Hachette, HarperCollins and Simon and Schuster have already settled.
The case will proceed against Apple, Macmillan and Penguin "for conspiring to end e-book retailers' freedom to compete on price", the Justice Department said.
"As a result of this alleged conspiracy, we believe that consumers paid millions of dollars more for some of the most popular titles," Attorney General Eric Holder said.
'Effectuate their conspiracy'

"To effectuate their conspiracy, the publisher defendants teamed up with defendant Apple, which shared the same goal of restraining retail price competition in the sale of e-books," according to papers filed in New York's Southern District court on Wednesday morning.

"Apple facilitated the publisher defendants' collective effort to end retail price competition by coordinating their transition to an agency model across all retailers."
Apple, which sells books through its iBooks platform on the iPad and iPhone, declined to comment.
Hachette said that it remained "confident that we did not violate the anti-trust laws" while adding it "reluctantly" joined the settlement.
But Macmillan's chief executive, John Sargent, said "the terms the DOJ demanded were too onerous" to settle and would allow Amazon "to recover the monopoly position it had been building before our switch to the agency model".
Meanwhile, the European Commission has also been probing e-book price fixing.
Apple, Hachette, HarperCollins, Macmillan and Simon and Schuster have now made proposals to settle that probe.
"The European Commission has received proposals of possible commitments from Apple and four international publishers," said the EU's competition commissioner Joaquin Almunia.
"I welcome the fact that these five companies are making proposals to reach an early resolution of the case, so promptly after we opened proceedings in December 2011," he added.
Agency versus wholesale Electronic books are sold according to a different formula from that governing the sales of physical books.

For most physical books publishers set a wholesale price, often about half the cover price, and then let a retailer decide how much they actually want to charge for the title.

This model was initially adopted for e-books but has since been changed for what is known as an agency model.
Under this scheme, publishers set the price of a book and the agent selling it gets a 30% cut. The agency model was adopted by publishers largely at the prompting of the late Steve Jobs.
The shift to agency pricing was also seen as a protective measure to head off attempts by Amazon to corner the market in e-books. It had been aggressively cutting prices to win customers over to its Kindle e-book reader.
Amazon once tried to apply the wholesale model on book publishers - by selling all books at $9.99 - but was rebuffed by the publishers.
In the complaint, the Justice Department said that Amazon "capitulated" when publishers and Apple teamed up to offer e-books on agency terms.
The retailer faced the prospect of having fewer books on its Kindle platform if it did not agree to publishers' terms.
Apple founder Steve Jobs described the strategy as an "aikido move" according to a biography published after his death.
"We were not the first people in the books business," Mr Jobs told his biographer, Walter Isaacson, in the book.
"Given the situation that existed, what was best for us was to do this aikido move and end up with the agency model. And we pulled it off."
The lawsuit comes a day after Apple surpassed $600bn (£379bn) in value, affirming its position as the world's most valuable firm.

Bug hits new Nokia Lumia 900 smartphone

A software bug in the latest Nokia smartphone is causing some handsets in the US to occasionally lose their data connection, the company has said.

The Finnish manufacturer said a fix for the Lumia 900's "memory management issue" would be issued on 16 April.
In the meantime, affected customers are being offered $100 (£63) in call credits.
Analysts say the setback could hit Nokia's hopes of regaining market share from rivals Apple and Google.
Nokia is still the world's largest mobile manufacturer, but is losing out significantly in the smartphone market.
The Lumia 900, which was released in the US on Sunday, runs Microsoft's latest Windows Phone software. The phone is expected to launch in the UK by the end of the month.
'Prudent measure' In a blog post, Nokia said the phone had enjoyed a "positive response" since its release, but that problems soon emerged.
"After this flagship device began selling, we identified a software issue," the company wrote.
"In short, a memory management issue was discovered that could, in some cases, lead to loss of data connectivity.

Continue reading the main story

“Start Quote

It's like they stalled their engine when everybody is looking at them”

Carolina Milanesi Analyst

"This issue is purely in the phone software, and is not related to either phone hardware or the network itself. As a proactive and prudent measure, we decided to take immediate action."

The company said that users who wanted the update immediately could trade in their handsets for a model already running the software fix.
Gartner analyst Carolina Milanesi said it was a worrying start for a product which Nokia had promoted with a considerable marketing effort.
"It's like they stalled their engine when everybody is looking at them at the start of their race," Ms Milanesi said.
However, others praised Nokia's speed in dealing with the bug once it was identified.
"I have been impressed by their forthright, aggressive, and undoubtedly costly response," said Boston-based analyst John Jackson from CCS Insight.
Also on Wednesday, Nokia warned it expected to post losses in the first and second quarters of this year, news which saw the company's shares drop by 14%.

Apple develops tool to 'detect and remove' Flashback Trojan

Apple has said it is developing a tool to "detect and remove" a Trojan that is said to have infected more than half a million Mac computers.

It said it is working with internet service providers (ISPs) to disrupt the command network being used by hackers to exploit the malware.
Trojans are infections that can expose computers to control by hackers.
It is Apple's first statement on the threat. It issued patches to prevent the malware's installation last week.
The two security updates were released eight weeks after Java's developer Oracle issued a fix for other computer systems.
In a message posted on Apple's website's support section, the company said it had fixed a "Java security flaw for systems running OS X v10.7 and Mac OS X v10.6".
It suggested users of Macs running earlier versions of its system software should disable Java in their web browser preferences.
In addition, Apple said it was working with ISPs to shut down networks of servers hosted by the malware authors, which the code - known as Flashback - relies on "to perform many of its critical functions".
Macs 'being targeted' Russian anti-virus firm Dr Web, which has tracked the scale of the botnet, said it believed around 650,000 machines had now been infected.
The company's chief executive, Boris Sharov, told the BBC that since the Trojan was publicised, they have seen downloads of their anti-virus software increase by 28,000%.
"The thing that we have proven to the community is that people should care about their security, even on Macs," he said.
According to a timeline of events posted on its website, Dr Web said activity surrounding the virus began as far back as February.
Traditionally, Apple has promoted the fact that its Macintosh line is largely free from viruses and other similar threats due to the fact almost all malicious software is designed to exploit computers running on Microsoft Windows.
McAfee Labs' Dave Marcus told the AFP news agency: "All the stuff the bad guys have learned for doing attacks in the PC world is now starting to transition to the Mac world."
"Mac has said for a long time that they are not vulnerable to PC malware, which is true: they are vulnerable to Mac malware."
The security firm F-Secure has posted detailed instructions about how to confirm if a machine is infected and how to manually remove the Trojan

Sony sheds 10,000 staff in major reorganisation

Electronics firm Sony is to shed 10,000 jobs as part of a major reorganisation, chief executive Kazuo Hirai has said.

The cuts, which represent 6% of the global workforce, will be made over the next 12 months.
The reduction includes staff working in businesses that are being sold, such as its chemicals division.
Sony has been struggling to compete in the television business with South Korea's Samsung and LG, while Apple has challenged it in audio gear and phones.
On Tuesday, Sony forecast a record annual loss of $6.4bn (£4bn), double its previous estimate. Its share price has fallen 40% over the past 12 months.
Entrepreneurial spirit Sony says it will focus its business on three areas - digital imaging, games consoles and mobile devices.
It hopes the changes will help to generate sales of $10.5bn by the financial year ending in March 2015, with a profit margin of 5%.

Continue reading the main story

“Start Quote

Mr Hirai wants Sony to find a new path by creating products that are really going to wow people. But saying that is one thing, doing it is another”

Roland Buerk BBC News, Tokyo

• Japanese electronics: The future

In the last financial year, Sony reported sales of $7.9bn.

"We have heard a multitude of investor voices calling for change. Sony will change," Mr Hirai - who took over as chief executive earlier this month - said at a press conference.
"Sony has always been an entrepreneurial company. That spirit has not changed," he said.
The reorganisation will cost Sony $926m (£581m) during the current financial year.
But analysts have been underwhelmed by Mr Hirai's announcement.
"I for one was expecting more," said Pelham Smithers, who runs his own consultancy specialising in the electronics industry.
Continue reading the main story

Sony Corp

Last Updated at 12 Apr 2012, 18:59 GMT

price	change	%
18.73	- -0.02	- -0.11

"This presentation has the same feel as a presentation made three to four years ago when the previous chief executive, Howard Stringer, tried to restructure."

"But back then Samsung and Apple were not as powerful as they are today," he said.
Toshiyuki Kanayama, senior market analyst at Monex, said: "I don't see anything new here. They've talked before about bringing the TV business back to profits. The comments about the electronics business are the same."
"Nothing has changed from what they've flagged in the past, including the M&A plans in the medical field," he said.
Sony's television business has lost money for the past eight years. Analysts say that while it sells about 20 million TV sets a year, it is still not big enough to be profitable.
To tackle that problem Sony is planning to cut costs in the business by 60% by March 2014.
"If they're planning to cut fixed costs by 60%, that signifies the closure of one factory, and the business can shrink. That's not necessarily a bad thing," said Kikuchi Makoto, chief executive at Myojo Asset Management.
"The problem is that the plan is lacking in specifics on the plus side."
The BBC's Tokyo Correspondent, Roland Buerk, said: "Mr Hirai wants Sony to find a new path by creating products that are really going to wow people."
"But saying that is one thing, doing it is another."
Rival Japanese TV maker Sharp is also forecasting hefty losses. It expects an annual loss of $4.7bn this year.

Google+ revamped with Facebook and Twitter-like features

Google has unveiled a revamp of its social network, Google+, borrowing heavily from rival networks Twitter and Facebook.

The search-engine giant has introduced trending topics and cover pictures, as well as a more "dynamic" navigation menu.
The company said more than 170m people have "upgraded" to the social network so far.
But critics say the number of regular visitors is much lower.
In a blog post, Google's Vic Gundotra wrote: "It's still early days, and there's plenty left to do, but we're more excited than ever to build a seamless social experience, all across Google."
He said the new features included "full bleed" media - showing pictures and video in full-size and quality - and "conversation 'cards'", which would make it easier to have threaded conversations, similar to the format found in Google's email service, Gmail.
Stand-out features The service now displays a list of the most commonly discussed subjects, known as trending topics. This feature mirrors microblogging site Twitter, which first introduced trending-topic lists on its site in 2010.

Continue reading the main story

“Start Quote

You can use many more of the features more intuitively”

David Philips Social media expert

Also borrowed - from Facebook - is the cover-photo feature - a large image displayed behind a user's profile picture.

Cover photos were introduced to Facebook profiles as part of its timeline redesign and rolled out to its users over the past few months.
David Philips, a social-media and PR lecturer, told the BBC he believed the revamp had made it easier for Google+ users to use the network's stand-out features.
"It opens up the architecture of Google Plus so you can use many more of the features more intuitively," he said.
"I think it's now becoming a serious small-business tool, and also a very interesting tool for families where they can have lots of information shared among members of the family."
He added that while Google+ might struggle to stand out among its bigger, more active rivals, the breadth of integrated services would soon begin to work in the network's favour.
"I think this is a development that helps it carve a niche because it allows people to use so many different tools at the same time," he said.

EU investigates internet's spread to more devices

The European Commission is extending a probe into the spread of the internet.

The regulator says it expects an explosion in the number of household appliances and other devices connected to the net before 2020.
It is launching a consultation over controls of the way information is gathered, stored and processed, saying it wants to "ensure the rights of individuals are respected".
The public is being invited to send in its views before a 12 July deadline.
The commission says that the average person living within the 27-nation bloc has at least two devices connected to the net at present - typically a computer and smartphone.
It expects the figure to rise to seven by 2015, with a total of 25 billion wirelessly connected to the net worldwide. By the end of the decade it says that could climb to 50 billion.
"If a university teacher cancels a morning lecture because they are sick, students' alarm clocks and coffee machines could automatically be reset," it gives as an example.
"If an elderly person forgets to take an essential pill, a warning message could be sent to a close family member."
"People need to know and trust that this sort of change is one they are comfortable with, and it's important to have that conversation now," a spokesman told the BBC.
Energy-efficient chips The spread of wireless-connected devices has been dubbed "the internet of things" and has previously identified as potential catalyst to the economy.
Arm Holdings - the British computer chip designer - is at the forefront of efforts to spur on the tech.

Continue reading the main story

“Start Quote

Sharing highly sensitive personal data... automatically creates certain risks and vulnerabilities”

Emma Draper Privacy International

It announced a new "Flycatcher" architecture in March, paving the way for licensees to build the "most energy-efficient microprocessors" to date.

The US chip-maker Intel also announced a partnership with the Institute of Automation of Chinese Academy of Sciences earlier this week to create a research centre in Beijing to create related core technologies.
Risk and reward Previous technological advances have led to new legislation.
A recent example is the EU's Privacy and Data Communications Directive which requires users to give permission for websites to install tracking-cookies into their browsers. The directive was introduced last year and comes into effect in the UK on 26 May.
"From a legal point of view the internet of things is the next big thing," said Dai Davis, an information technology lawyer at Percy Crow Davis.
"Usually European legislation lags years behind technology - we have seen that with recent data privacy regulation. It is worth noting that this won't be the first time the EU has consulted on the subject - but we have yet to see significant action."
London-based campaign group Privacy International said it intended to take part in the process.
"Technologies like these need to be carefully designed if they are to enhance our private lives, not endanger them," said spokeswoman Emma Draper.
"Sharing highly sensitive personal data - like medical information - to a network of wireless devices automatically creates certain risks and vulnerabilities, so security and privacy need to be built in at the earliest stages of the development process."
The commission said it plans to publish its recommendations by the summer of 2013.

Facebook criticised over data download tool

Facebook has updated a tool that lets users look at some of the data the social network holds on them.

The update gives people an "expanded archive" of their activity on Facebook letting them see friend requests and login locations.
Facebook said other categories of data would be added in the future.
Campaigners said the data shared did not go far enough and handed over only a "fraction" of the information European laws demand.
Raw access Facebook's Download Your Information tool was first introduced in 2010 and gave people a digital copy of the photos, posts and messages they had shared on the social network.
Those who took the chance to get their archive got a compressed file full of data.
In a blogpost explaining the change, Facebook said the updated tool would be gradually rolled out to all users.
Campaigners said the change should have included much more information. The download tool supplied data in 22 categories, far fewer than the 84 demanded by European law, said Max Schrems, an Austrian law student who founded the Europe v Facebook pressure group.
He said updating the tool was an attempt to "fool" users as it did not give people access to the raw data they were entitled to.
Europe v Facebook had filed several complaints about Facebook's privacy policy, he said, but they would not have been able to do this if they had relied only on the processed data provided by the download tool.
Instead, Mr Schrems and other campaigners used an online form on Facebook to request the unprocessed data held on them. Facebook removed this form after 40,000 people used it to lodge requests to see their data.
Facebook has faced persistent criticism over what it does with the data people surrender about their lives and relationships.
In late 2011, the Irish data protection commissioner issued a report on Facebook's privacy policy and said it should give people better access to their data and do more to tell them what is done with it.
The commissioner said it planned to conduct a formal review of the progress Facebook has made towards complying with the recommendations in July 2012.

Icann's internet suffix application deadline looms

Organisations wishing to buy web addresses ending in their brand names have until the end of Thursday to submit applications.

For example, drinks giant Pepsi can apply for .pepsi, .gatorade or .tropicana as an alternative to existing suffixes such as .org or .com.
Parties are able to request up to 50 web address endings.
The Internet Corporation for Assigned Names and Numbers plans to publish application details on 30 April.
Companies had to sign up to its process by March to qualify for the upcoming deadline. It says 839 users are taking part.
'Smooth experience' Canon and Google are among the companies to have said that they paid the $185,000 (£116,355) fees required to take part in the process.
Nominet, the organisation which manages .uk domains, confirmed it was applying for .wales and .cymru.
ICM Registry - the firm which already oversees .xxx addresses - announced it had also applied for .sex, .porn and .adult. It said it wanted to offer them "free of charge" to its existing customers.
Successful applicants face $25,000 in costs per year to maintain the generic top-level domains.
"We plan to apply for Google's trademarked gTLDs, and we're currently exploring opportunities to apply for new ones as well," the search giant told the BBC.
"We want to help make this a smooth experience for web users - one that promotes innovation and competition on the internet."
Other organisations were less forthcoming - Facebook, the BBC and Coca-Cola would not comment on their plans.
"We do not disclose details of any proprietary marketing plans until they are public facing," the drinks maker said.
Auctions The process has the potential to cause problems among firms that share brand names. The US and German firms that both operate under the name Merck have already clashed over ownership of a Facebook page.

Continue reading the main story

“Start Quote

This programme is the result of six years of careful study... It was neither hasty nor ill conceived”

Icann

The German firm confirmed it had applied for .merck and .emerck.

The US company's spokesman, Ron Rogers, told the BBC: "We're monitoring the Icann gTLD application process with interest."
Anheuser-Busch InBev and Budejovicky Budvar may face similar conflict over their claims to own the Budweiser beer brand.
Icann suggested that in such cases the firms involved should try to negotiate a deal by themselves. If they fail, it said it would hold an auction for the suffix as a "last resort".
"We don't want to be judge and jury - we want the applicants to work it out on their own," an Icann spokesman told the BBC.
Backlash Efforts to launch the new naming system have been mired in controversy.
In November, 87 business associations and companies sent a petition to the US Department of Commerce complaining that the program entailed "excessive cost and harm to brand owners".
Signatories included the tech giants Adobe, Hewlett-Packard, Dell and Samsung.
The department subsequently snubbed Icann by cancelling a bidding process that was expected to extend the organisation's right to run the Internet Assigned Numbers Authority - the contract which allows it to manage the domain name system.
Although Icann retains control for now, its mandate runs out in September.
However, the organisation rejects claims that its move to introduce new suffixes was badly thought out.
"This programme is the result of six years of careful study and deliberation which involved more than 2,400 public comments and dozens of public comment periods," a spokesman told the BBC.
"It was neither hasty nor ill conceived."

Ann Romney fires back at never-worked charge

WASHINGTON (AP) — Ann Romney fought back Thursday against a Democrat who suggested she's no economic expert because she "hasn't worked a day in her life." Raising the five Romney sons, she said, was such a full-time job that her husband, Republican presidential contender Mitt Romney, considered it more important than his work as the family breadwinner.
"He would say, 'My job is temporary...Your job is a forever job that's going to bring forever happiness," Ann Romney told Fox News, wading into a multimedia furor over comments by Democratic consultant Hilary Rosen. "Mitt respects women that make those different choices."
Rosen apologized to Ann Romney later Thursday for her "poorly chosen" words.
"As a mom I know that raising children is the hardest job there is," Rosen said in a statement. "As a pundit, I know my words on CNN last night were poorly chosen."
"In response to Mitt Romney on the campaign trail referring to his wife as a better person to answer questions about women than he is, I was discussing his poor record on the plight of women's financial struggles," Rosen said.
First lady Michelle Obama, a working mother of two, even jumped into the fray with this tweet: "Every mother works hard, and every woman deserves to be respected. - mo." Tweets tagged "mo" are said to be from the first lady.
The series of exchanges brought the Mommy Wars to the presidential campaign trail as both parties court women voters critical to their prospects in the November election. President Barack Obama's high command had demanded that Rosen apologize, while the Democratic National Committee disavowed her comments and her, reflecting the acute sensitivity of both parties about alienating any sub group of female voters.
The multimedia furor erupted Wednesday night when Rosen said on CNN that Ann Romney, whose husband is worth millions, never had to work to pay the bills and should not be her husband's surrogate on women and the economy.
"His wife has actually never worked a day in her life," Rosen said. "She's never really dealt with the kinds of economic issues that a majority of women in this country are facing."
The backlash was brutal and swift.
David Axelrod, Obama's top campaign strategist, tweeted that Rosen's comments were "inappropriate and offensive." The president's campaign manager, Jim Messina, said Rosen should apologize. And the Democratic National Committee downplayed any connection to Rosen or her firm.
"What she said was absolutely out of bounds," said DNC Executive Director Patrick Gaspard on MSNBC. "Ann Romney is someone who obviously has worked hard to raise five good boys and she's made some tough choices in her life, I'm certain. Families should be absolutely out of bounds in this discussion."
He added: "Hillary Rosen is absolutely not a paid adviser to the DNC or to the Obama campaign, absolutely not."
Romney's campaign quickly assembled a conference call for reporters with the campaign's female surrogates, who said Rosen's comments pit women who make different choices in a difficult economy against each other.
"The Democrats see them as the key to this election, the Democrats are saving their vitriol for highly successful Republican women, people like, sadly, Mrs. Romney," said Rep. Cynthia Lummis, R-Wyo. "The Democrats continue their politics of division that President Obama himself said he'd change."
Some of the Republican response was divisive, too.
"Many, many people in the Democratic Party view the choices that Ann Romney made as the greatest threat to feminism," Sabrina Schaeffer, executive director of the Independent Women's Forum, said on the same call.
White House spokesman Jay Carney on Thursday deflected questions about Rosen's comment and her visits to the president's office building.
Romney's campaign said Rosen has been to the White House 35 times. Carney said he knows three women with the same name and couldn't be certain that records showing visits to the White House by a similarly named person actually refer to the Democratic strategist.
For her part, Rosen said Republicans were trying to change the subject by attacking her.