WhatsApp For Business Launches in UK

The new business-focused version of WhatsApp for Android is now available for download in the UK.

Small Business Needs

The new WhatsApp Business can be downloaded for free at Google Play, and is specifically aimed at the needs of small businesses, which account for 99.3% of all private sector businesses in the UK (FSB).

Facebook-owned WhatsApp has said that it wants people to use WhatsApp to connect with small businesses, and that the new ‘WhatsApp Business’ will make it easier for companies to connect with customers, and offers a more convenient way for the 1.3 billion WhatsApp users to chat with businesses.

Why Launch WhatsApp Business?

Since Facebook acquired WhatsApp in 2014 for $22 billion, the company has been looking for ways to monetize the app which, although was developed for use by individuals, is now being widely used by people in business, and in large and small organizations as a collaboration tool for staff.

This move by WhatsApp is also designed to gain a march on rivals in what has become a battle for the attention of consumers by messaging apps including Apple’s iMessage, Facebook’s Messenger, Kik, Slack for business, and others.
What Can It Do?

The launch in the UK (and the US, Indonesia, Italy and Mexico at the same time) is part of the wider worldwide rollout. According to WhatsApp, 80% of small businesses already using the App in India and Brazil say WhatsApp helps them both communicate with customers and grow their business (Morning Consult study figures).

Features

Features of the App include:

  • Business Profiles: to help companies to provide useful information to customers e.g. business description, email or store addresses, and website.
  • Smart Messaging Tools: to enable companies to respond quickly with answers to frequently asked questions, also greeting messages to introduce customers to the business, and away messages that let them know you’re busy.
  • Messaging Statistics: simple metrics like the number of messages read to see what’s working, and to give businesses a way of measuring and monitoring the effectiveness of the app.
  • WhatsApp Web: to enable the sending and receiving of messages with WhatsApp Business on the desktop.
  • Account Type: so that customers will know that they’re talking to a business because it is listed as a Business Account. This can become a Confirmed Account later (similar feature to Twitter’s verification process), and once confirmed, the account phone number will match the business phone number.
  • WhatsApp allows users to send photos, it has end-to-end encryption security (n important feature for businesses), allows for easy document sharing (up to 100 MB), and allows for seamless syncing of your chats to your computer so that you can chat on whatever device is most convenient.

What Does This Mean For Your Business?

Since many business people (and more importantly, their customers) were using WhatsApp for general communication anyway, it makes sense for Facebook to develop a version that is focused more specifically on small businesses. Clearly, this is a very large market in countries across the world, and it will, of course, present opportunities for monetisation and probably advertising using the Facebook-owned network in future.

From the perspective of businesses, WhatsApp provides a lot of powerful, useful, and cost saving features for a handy free app, and with speed and versatility of communications being an important factor in getting the business in today’s environment, WhatsApp Business is likely to prove popular.

WhatsApp Business offers businesses / brands the potential for building a relationship with their customers on a 1:1 level. The huge user base of the app, its speed and reliability, and the verification system of the business version could provide new opportunities for businesses that are able to harness it in a value-adding and engaging way.

There are many possible applications for WhatsApp Business e.g., KLM’s use of the app for flight confirmations and updates, brands using the app on competitions, and WhatsApp Business could work well in industries such as hospitality. WhatsApp could be a perfect way to enable customers to book a hotel room, get customer support, and even access an on-site member of staff such as a concierge. Retail brands could use the app for many purposes in addition to just shipping confirmations.

Many tech and business commentators are saying that 1:1 messaging is the future of personalized commerce and post-purchase customer service, and WhatsApp Business is well positioned enough, and widely used enough to provide opportunities for businesses worldwide to improve their communication and relationship marketing.

Amazon’s ‘No Checkout’ Grocery Store Opens

Amazon has opened a revolutionary checkout-free, bricks-and-mortar grocery store called ‘Amazon Go’ in Seattle, after more than a year of testing.

How Can It Have No Checkouts?

The Amazon Go store uses infra-red ceiling-mounted cameras and electronic sensors to track what shoppers remove from the shelves (which have weight sensors), and what they put back. Some items carry a visual dot code, which acts like a barcode, to help the cameras to identify them.

The system uses a deep learning element so that it can differentiate between customers as they move around the store and between similar looking items for sale. The items for sale are added to the customers’ Amazon Go account as they pick them up, and items are deleted from the account if they put back on the shelves. An electronic receipt is issued as the customer exits the store.

Cash is not needed as customers are billed to the card that Amazon has on file. The ‘grab and go’ concept of the Amazon Go “just walk out” store means that it has no checkout operators or self-service tills because the whole process is automated.

As yet, there is no information about how accurate the system is, and there have only been some reports of minor teething problems.

Super-Convenient

The fact that Amazon Go appears to have eradicated the challenges of long queues which can deter shoppers, and removed the challenge of human error and other messages and authorisation processes that can disrupt self-service tills, could mean that the new store concept poses a real challenge to other retailers.

Whole Foods

Amazon began challenging grocery retailers in the US such as Wal-Mart in the bricks-and-mortar world last summer when it bought Whole Foods Market Inc. for $13.7 Billion, with industry insiders saying that it would be a long and costly process for Amazon to revolutionize grocery delivery the way they revolutionized online retailing. Before groceries, Amazon moved into brick-and-mortar retailing with the opening of a bookshop in Seattle in 2015 – there are now 13 in the US, plus dozens of pop-up outlets.

Amazon launched its ‘Amazon Fresh’ grocery delivery service in the UK back in 2016, and reports indicate that it is 25% cheaper to use Amazon Fresh than shopping in traditional supermarkets.

What Does This Mean For Your Businesses?

The strengths and reach of Amazon has meant that it has spent the last 3 years diversifying and challenging more businesses in more markets. The scaling up of its parcel delivery, plus drone and robot deliveries, Amazon Fresh, its purchase of Whole Foods, and its opening of its Amazon Business online trade counter have seen more (small and large) businesses facing a tough new competitor. It is also worth noting that Amazon has a presence and therefore a potential instant grocery ordering system in many homes in the UK in the form of the Amazon Echo, thereby giving them a further advantage over the traditional big supermarkets.

For the big supermarkets here in the UK, although Amazon Go won’t challenge profits directly now (Amazon Go is one store in Seattle at the moment), the fact that it exists, it works, it appears to address key customer concerns (no queues), and its in the hands of a company with the scale, reach, and brand awareness to expand it is a worry and another challenge to the big grocery retailers.

On the plus side, if the technology could be replicated, it could serve as a blueprint for something that could be copied by the big supermarkets in some key locations.

Some commentators have pointed out that, while Amazon is not yet making large amounts of money (in big player terms) from its retail stores, they are helping to raise brand awareness and to promote Amazon’s Prime membership scheme.

HP Worldwide Recall of ‘Fire Hazard’ Laptop Batteries

HP has announced that it is launching a worldwide voluntary safety recall and replacement program for certain notebook computer and mobile workstation batteries over safety concerns.

Fire Hazard

The reason given for the recall is that the batteries, including those for the ProBook, ZBook, x360, Pavilion and Envy, is that HP says they have the potential to overheat, posing a fire and burn hazard to customers.

The fire hazard risk appears to have been reported by the Consumer Product Safety Commission (CPSC) which identified eight cases of the batteries overheating, melting, or charring. There has also been a report of one person suffering a first-degree burn from the battery, and three others suffering damage to property totalling $4,500.

How Big Is The Problem?

The CPSC estimates that as many as 50,000 units sold in the U.S. are at risk, and possibly, a further 3,000 more units sold in Canada.

Which Batteries?

HP says that the affected batteries were shipped with specific HP Probook 64x (G2 and G3), HP ProBook 65x (G2 and G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 notebook computers and HP ZBook (17 G3, 17 G4, and Studio G3) mobile workstations sold worldwide from December 2015 through December 2017. This includes those sold as accessories or provided as replacements through HP or an authorized HP Service Provider.

HP has provided a list of the notebook product names for batteries that may be affected at the foot of this page on its website: https://batteryprogram687.ext.hp.com/en-US/Home/ProgramSummary

How to Check Your Battery

On the same web page, HP has provided a downloadable HP Validation Utility which will check whether the battery is in your notebook is affected. The utility will also verify the battery as being one of HP’s, and this means that HP will be able to send a free replacement battery.

What If You Can’t Get To The Battery?

HP have stated that in cases where the battery is internal to the system (and isn’t customer replaceable), they will provide a “free battery replacement service” for each verified, affected battery validated on their HP Battery Recall website. This will mean that the battery will be replaced by an authorized technician at no cost to the customer.

Battery Safety Mode

In the light of the news about fire risk, if customers need to continue using their notebook, HP says that they can do so by enabling the Battery Safety Mode by connecting the notebook to an HP power adaptor.

What Does This Mean For Your Business?

The reports of people suffering burns and property being damaged are alarming, and the immediate advice for businesses with HP notebook computers and mobile workstations is to go to the HP Battery Recall website https://batteryprogram687.ext.hp.com/ to check if their battery is affected, learn about the BIOS update that contains the Battery Safety Mode feature, and to order a free battery and battery replacement services, if eligible.

In times where mobile devices are becoming ever more popular and powerful, and globalisation means that products can be widely shipped in large numbers before a problem is identified, stories such as these are becoming all-too-common. For example, there was the case of the Galaxy Note 7 phone recall due to explosive batteries, and last August, 10,000 Galaxy Note 4 batteries were recalled for risk of overheating. In the case of HP, they appear to have acted quickly, and to have provided adequate help and advice to customers. This story is also, therefore, a reminder of the importance of a having Disaster Recovery Plans in place.

Licence Plate Recognition -1 Million Mistakes a Day!

Concerns over the possible misreading of hundreds of thousands of vehicle licence plates each day have led to calls for statutory regulation of the UK’s automatic number plate recognition (ANPR) system.

Over 1 Million Mistakes Per Day!

The ANPR system uses 9,000 ANPR cameras, to record and store up to 30 million vehicle records each year. Unfortunately, it is also reported to be recording a staggering (up to) 1.2 million false readings of number plates every day! That’s the equivalent to over 400 million incorrect readings each year!

The implication is that innocent motorists may be wrongly accused and punished for a variety of motoring offences, and that real offenders may be escaping punishment. This has led to calls for statutory regulation of the camera system.

Police In the Dark

Not only does The National ANPR Data Centre (NADC) accept data from all police ANPR systems, without carrying out any checks on the effectiveness of those systems, but it is also believed that Police currently have no meaningful data on the accuracy of ANPR, or on the contribution surveillance cameras make to tackling crime.

Also Cyber Attack Risk

Not only is it unclear what contribution the camera system could be making to cutting crime, but it has also been revealed that some systems could be at risk from cyber attack, thereby possibly allowing data to be changed, making it impossible to use as evidence anyway.

A recent example in the U.S. left over half of the surveillance cameras covering the city of Washington’s public spaces unable to record footage for three days, until experts were able to remove ransomware from the recording devices.

Facial Recognition Camera Concerns

There are growing concerns too, particularly where data protection and privacy are concerned, about the increased use of facial recognition cameras to identify suspects by matching camera images against 19 million custody images held by police. For example, Leicestershire Constabulary faced criticism after using automatic facial recognition at the Download concert in 2015, in Donnington Park, and the Metropolitan Police used similar technology during last year’s Notting Hill Carnival to match images of people with photographs stored on its Electronic Wanted and Missing Systems (EWMS).

Surveillance Camera Commissioner Says…

The England and Wales Surveillance Camera Commissioner, Tony Porter, has said that he is yet to be convinced that an assertion that national ANPR meets performance standards holds water.

What Does This Mean For Your Business?

Although there may be valid concerns about inaccuracies in the ANPR system and the impact these could have on businesses and individuals, other surveillance cameras can play an important role for business security monitoring systems. Used responsibly and only for the intended purpose, they can add value, and provide a low cost, cost saving, and vital way to maintain security.

Camera surveillance generally is now an almost unnoticed part of daily life in what, according to Big Brother Watch, is now the most surveilled western democracy, where there is now an estimated 6 million+ surveillance cameras. The worry among some of those being watched is that privacy and security are at risk, the fact that we are being watched constantly by unknown parties (and our images potentially stored and shared) is sinister, mistakes can be made with the responsibility being placed on the victim to clear their name and prove inaccuracy, regulations are not adequate, and that many cameras are operated by businesses, and quasi-government organisations.

For many people, an argument that ‘if you’re doing nothing wrong you’ve got nothing to worry about’ is not a valid argument because it simply gives a green light to the further erosion of rights without considering the consequences, and occasionally we all do something wrong (but perhaps not intentionally) which is more likely to be caught on camera than ever before, and the punishment may not feel as though it fits the crime with the inflexibility of some camera-based systems and their operators.

The introduction of GDPR will also have implications for what images from surveillance cameras are stored, where and how securely they are stored. For example, GDPR could apply to stored facial images of individuals.

Ford Doubles Investment in Electric Cars

The Ford Motor Co has announced its plans to more than double its previously announced target of $4.5 billion investment in electric cars to $11 billion by 2022, and the company is aiming to have 40 mainstream, hybrid and fully electric vehicles in its model line-up.

Cost Cuts To Create Investment

Ford’s Chief Executive Jim Hackett is reported as saying that the capital investment for the major move to electric / hybrid car manufacture will be created by slashing a massive $14 billion in costs over the next five years.

Why?

The shift towards investment in electrification is being driven by pressure from regulators in China, Europe and California to cut carbon emissions from fossil fuels, and plans by China, India, France and the United Kingdom to phase out vehicles powered by combustion engines and fossil fuels between 2030 and 2040.

Ford’s move is also being driven by pressure from the success of Tesla in creating electric sedans and SUVs that resulted in a large number of orders, causing it to surpass Ford in terms of market capitalization, thereby positioning Tesla as the second-largest auto company in the U.S. after General Motors. Tesla also proved to other car manufacturers that large-scale demand exists in the market.

A large amount of the pressure driving Ford’s move, of course, also comes from the move by its bigger competitors into electrification. For example :

  • GM announced last year it would add 20 new battery electric and fuel cell vehicles to its global line-up by 2023.
  • Volkswagen said in November it would spend $40 billion on electric cars, autonomous driving and new mobility services by the end of 2022.
  • Toyota is working towards creating breakthrough battery technology in the first half of the 2020s with a view to cutting the potential cost of making electric cars.
  • Mercedes-Benz plans to electrify its entire portfolio by 2022 (50 electric and hybrid models).
  • Jaguar Land Rover plans to electrify its entire vehicle line-up by 2020.
  • Renault, Nissan, and Mitsubishi plan to release 12 all-electric models by 2022.
  • Volvo plans to electrify all its vehicles by 2019.

Thinking Big

Ford hopes that its ‘think big’ on electric cars strategy which arrived with its new chairman Jim Hackett (previously in charge self-driving car subsidiary Ford Smart Mobility) will enable it to accelerate global development of electric vehicles, make quicker decisions, and gain ground on the competition.

Which Cars?

Whereas motor show presentations currently indicate many other manufacturers appear to be currently focusing on electric trucks and SUVs, Ford has been clear that it plans to electrify all of its iconic and popular vehicles, 40 electric vehicles by 2022, with 16 fully electric vehicles and the rest plug-in hybrids.

What Does This Mean For Your Business?

The move to electrification by car manufacturers has been coming for some time, pushed by international pollution / emission targets, and pulled by consumer demand and the promise of new opportunities. For businesses, costs as well as performance and reliability are important, and as long as electric vehicles deliver on all three, then the move to electrification is good news.

Although the move to electrification will have implications for vehicle-related businesses e.g. fuel suppliers, garages and parts suppliers, it will also create new markets and new opportunities. For example, Ford’s own ‘Team Edison’ is looking for strategic partnerships with other companies, including suppliers, in some markets.

Electrification of vehicles on a large scale will also bring exciting and potentially cost-saving driverless vehicle opportunities for many businesses.

There are, of course, the obvious environmental benefits that we can all enjoy in the future with cleaner air.

OnePlus Accused Of Credit Card Fraud

Chinese Android Phone company OnePlus is at the centre of a storm of complaints after many customers said that their credit cards had been used for fraudulent transactions after they purchased products from the OnePlus web store.

What Happened?

After receiving multiple customer complaints on the OnePlus support forum, and on social media platform Reddit over the weekend linking purchases on its website oneplus.net to fraudulent activity customer accounts, OnePlus has issued a statement saying that it has launched an investigation into the claims.

Customers affected appear to be those who have purchased a phone directly through the company website with their credit card rather than using a third-party such as PayPal.

A poll on the OnePlus support forum indicates that as many as 200 people in different countries have seen fraudulent charges, ranging from $50 to $3,000, appear on the credit cards that they used on the OnePlus site.

Theories and Denial

Theories as to what may have happened include the fact that the company’s Oneplus.net e-website was initially built on the Magento eCommerce platform which was known to be vulnerable to cross-site scripting and remote code execution attack. OnePlus has said, however, that although it had used the platform originally, since 2014 it had been re-building the entire website with custom code, and credit that card payments were never implemented in Magento’s payment module.

Another theory, fuelled by a security audit by Fidus, focuses on the idea that OnePlus may have been conducting card transactions itself, rather than through an iFrame, thereby making credit card details (including security code) vulnerable to interception as they passed through the OnePlus site. OnePlus has denied this, saying that it hasn’t been processing cards itself, it doesn’t save any payment information surrendered when people purchased its phones, and that it merely passes all data to a partner who handles the payment process.

Problems In The Past

Some of the accusations are fuelled by the fact that, last year, OnePlus admitted that some of its phones had been sending data to Alibaba without the user’s knowledge or consent, thereby breaching data protection law in Europe. Also, the company admitted that an insecure, secret back-door diagnostic tool had been left on some phones.

What Does This Mean For Your Business?

Customer trust is paramount in business, and businesses have a responsibility to make sure that all customer data and privacy is protected. The introduction of GDPR this year should help to push this message even further towards to top of the business agenda. This story reminds us that, in a time where we are more confident than ever to buy online, basic security vulnerabilities still exist in some cases where credit card numbers are submitted through forms.

Sadly, as in so many cases, breaches and security vulnerabilities are not revealed first by the company themselves, but by affected customers and researchers / other third-parties. In the case of OnePlus, as in so many others, customers have accused the company of being slow to respond to the problem.

Companies need to test and audit their payment systems to make sure that they offer maximum security as well as convenience to customers.

This story should also be a reminder of how important it is to have a workable, well-communicated, and current Disaster Recovery Plan and Business Continuity Plan in place.

In the case of OnePlus, more information is yet to be revealed about exactly what happened and why. The company itself has advised customers who think they may have been affected to check their card statements, and contact their banks to resolve any suspicious charges and help to initiate a chargeback and prevent any financial loss.

New macOS Too Secure?

The new security called ‘System ‘Integrity Protection’ (SIP) behind macOS High Sierra is proving so secure that it appears to be stopping users from being able to delete (third-party) apps with ease.

What’s The Issue?

The process behind the SIP was first introduced to users during the ‘El Capitan’ version of macOS (10.11) in late 2015, and has a unique advantage in relation to macOS’s overall security infrastructure.

However, the SIP framework follows Apple Software Update processes that are so strict that it is impossible with the new macOS environment for runtime attachments or code injection infiltration to occur within an Apple Software Update setting.

All this means that not only will users find it less easy to delete certain third-party software / apps, but also that the past bugs may be made exempt by the ‘rootless’ SIP framework, and could, therefore, become a future risk.

Why?

Apple is essentially undertaking a simple bunkerisation / sandboxing of app behaviour within the macOS environment from a binary level in order to prevent third-party developers who have not sold their wares through the macOS App Store from being deleted with ease. Therefore, the only software affected by this security change is software developed outside of Apple.

Sealed

The ‘sealed’ nature of the software environment in iOS means that ‘permissionless’ app distribution on an iPad or iPhone can’t really happen and actually goes against the terms and conditions of use. The only way around it would be to ‘jailbreak’ the device, which would also wave the owner’s right to a legal warranty. However, the macOS App Store allows for permissionless app distribution in the context of online software distribution.

What Does This Mean For Your Business?

Security is a priority to businesses today, particularly with the proliferation of potentially devastating malware and phishing scams. With Android phones, for example, there have been some problems and scares recently with 36 fake, malicious apps turning up in Google Play, and with a fake version of WhatsApp being downloaded from Google Play by more than one million unsuspecting people. Apple systems have always been seen as a more secure option, a benefit that is very much valued by Apple users. Any move to protect the Apple environment is, therefore, something is likely to be valued and understood by many users, and any talk of potential ‘security’ problems causes alarm among the Apple community.

The problem, in this case, isn’t really that there is any kind of immediate security flaw as such, but that there is a more of a new user annoyance in relation to personal choice, as the High Sierra system allows third-party app installation but not its own singular removal. One possible potential security risk is that a user could be tricked into installing a virus or phishing app which is then protected by the sealed SIP framework.

It is, however, possible to restart the system in ‘recovery mode’ and delete any offending app because ‘recovery mode’ suspends any SIP framework protection during the ‘recovery’ boot-up mode sequence.

New Law Tackles Digital Ticket Touts

The UK Government has announced that cyber touts caught using specialised software called ‘bots’ to purchase tickets in bulk for re-sale at inflated prices on secondary websites, could soon face unlimited fines.

Bots Ban This Year

The UK Government stated at the end of December that it planned to make this year a great year for music and sports fans by passing new legislation to ban ticket tout bots. The proposed legislation will be designed to deter ticket touts from exploiting automated software to bulk-buy tickets thus bypassing ticket limits imposed by the management team behind the events.

The fact that the UK government has now notified the European Commission is further evidence that it now wants to press ahead with the bots ban as soon as possible.

Digital Economy Act

The UK already has the Digital Economy Act (2017) in place, and the new legislation will be added as a provision to this existing Act. The DEA (2017) already has additional requirements on ticket sellers to provide a bespoke ticket numbering system.

The changes will also mean a revision of the Consumer Rights Act in order to help clarify the restrictions imposed on secondary re-selling of tickets.

Examples

Recent examples of the reason why the government wants to push ahead with the legislation include concert tours by Adele and Ed Sheeran, where bots were used by touts to purchase large quantities of tickets before re-selling them at inflated prices, thereby leaving fans feeling let down and excluded. Also, for the Broadway hit show Hamilton in London’s West End, touts’ use of bots has led to tickets being sold for upward of £6,000.

Live Sport And Music At A Fair And Reasonable Price

The Rt Hon. Matt Hancock MP, the Minister of State for Digital, Culture, Media and Sport, believes this new statutory clampdown will help fans see live sport and music at a fair and reasonable price. He has stated that the government plans to work together with improvements by industry, to help make the market more transparent and improve Britain’s thriving live events scene.

Industry Collaboration – A Future Partnership?

The government hopes that industry can be more innovative to help deal with the ticket tout bot problem. The Department for Digital, Culture, Media & Sport (DCMS) cites pioneering examples from DICE, the UK software giant, using mobile technology to ‘lock-in’ tickets to user accounts to circumvent the possibility of touts acquiring digitally locked tickets.

Well-known musicians who have been hit by touts have also launched a partnership to sell tickets that cannot be sold on at a profit. For example, Twickets.co.uk has support from big names like Ed Sheeran and others.

Also, GUTS, a Dutch start-up is using Blockchain, the technology behind Bitcoin, to create a system that makes it impossible to sell on tickets for a profit. The hope is that a legislative drive, along with industry-based innovation, can help make fans experience of live music and sport more enjoyable and preferably a lot less expensive.

What Does This Mean For Your Business?

The buying-up and re-selling (at hugely inflated prices) of music and sport event tickets has only benefitted the touts and has had a serious downward effect on the profits of promoters, artists and sporting stars as fans have felt disillusioned, ripped-off and abandoned. The image of some major artists (and therefore, the value of their brands) and the loyalty of fans has also been affected because the activities of touts has a rub-off effect on the artists themselves.

This move by the government is an important and long-overdue move in the right direction for the live entertainment industry. Although introducing a change to law in itself will not stop the activity of technology-toting touts overnight, if used in partnership with innovations in the industry such as locked-in tickets and the use of Blockchain technology, and coupled with the very public support for systems where fans can buy tickets at fair prices e.g. Ed Sheeran’s public support for Twickets.co.uk, the activity of touts could be limited. In short, this will benefit the industry and the fans.

Tech Tip – Windows 10: “Print” Documents Straight To PDF

Windows 10 finally lets you “print” documents to PDF, which means that you no longer need to install a third-party app to save a web page or document for use offline. You can now simply select PDF as a printing output option.

To Print to PDF in Windows 10:

  1. Open up your document e.g. in a text editor like Microsoft Word (this actually works from any program that lets you print, not just Word, and not just with a text document).
  2. Click File > Print.
  3. Under Printer or Destination, choose Print as a PDF.

All iPhones, iPads and Macs Affected by 2 Major Bugs – Meltdown and Spectre

Two major security flaws which are present in nearly all modern processors / microchips mean that most computerised devices are potentially vulnerable to attack, including all iPhones, iPads and Macs.

What Security Flaws?

The 2 hardware bugs / flaws in nearly all computer processors made in the last 20 years are known as ‘Meltdown’ and ‘Spectre’. The 2 flaws could make it easier for something like a malicious program to steal data that is stored in the memory of other running programs.

Meltdown

Meltdown, discovered by researchers from Google’s Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, affects all Intel, ARM, and other processors that use ‘speculative execution’ to improve their performance (most of the modern global market). Speculative execution is when a computer performs a task that may not be actually needed in order to reduce overall delays for the task – a kind of optimisation.

Meltdown could, for example, leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.

Spectre

Spectre, which affects Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.

Apple Systems and Devices Affected

Apple is reported to have said that all Mac systems and iOS devices are affected, although the Apple Watch is not believed to be affected by it.

No Known Exploits Yet

It should be said that researchers have uncovered the existence of the flaws, and while the potential for exploitation is there, there have been no known exploits to date. In the light of the wide publicity that the existence of the flaws has received, this could change.

What’s Being Done?

Intel has announced that that it is working with AMD, ARM, other technology companies and some operating system vendors to find a fix. Intel and ARM are also planning to release patches for the flaws in upcoming software updates from them and operating system makers.

Google has said that the flaw didn’t exist in many of its products, and it has mitigated the issue in those products where it was present. Google has also said that an upcoming browser update (Chrome 64) will offer further protection when it is rolled out on 23 January.

Microsoft has released an emergency patch for all Windows 10 devices with other updates for other Windows versions scheduled for release within days. Amazon is reported to have said that its whole EC2 fleet is now protected.
Apple has issued a partial fix in macOS 10.13.2 and will continue to fix the issue in 10.3.3.

What Does This Mean For Your Business?

It is highly likely that your devices are affected by the flaws because they are hardware flaws at architectural level, more or less across the board for all devices that use processors. The best advice is to install all available patches without delay and make sure that you are receiving updates for all your systems, software and devices.

Although closing hardware flaws using software patches is a big job for manufacturers and software companies, it is the only quick answer to a large-scale problem that has been around but apparently ‘under the radar’ for a long time.

Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.