• Hackers can steal macOS keychain passwords using unsigned applications, it works on the latest version of macOS, High Sierra 10.13, and previous releases.

    Cyber security expert Patrick Wardle, director of research at Synack, revealed that unsigned applications can steal macOS Keychain passwords, including plaintext passwords from the latest version of macOS High Sierra and previous versions of macOS.

    The researchers tested the exploit on Sierra and High Sierra, but he confirmed that El Capitan appears vulnerable as well. This issue is not a ‘High Sierra specific’ vulnerability.
    The researchers shared a video that shows how an unsigned application can exfiltrate sensitive data from the macOS Keychain, including plaintext passwords.

    OS keychain hack

    “What does your attack do?

    A: I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords. This is not something that is supposed to happen! :(” explained Wardle.

    on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭

    It interesting to note that the attack does not require root permissions. The attack does require the knowledge of the master password, it only needs the targeted user to download and launched a malicious application, clearly ignoring the warnings displayed when an app from an unidentified developer is being executed.

    “Q: What are the prerequisites for this attack?

    A: As this is a local attack, this means a hacker or piece of malware must first infect your your Mac! Typical ways to accomplish this include emails (with malicious attachments),  fake web popups (“your Flash player needs updating”), or sometimes legitimate application websites are hacked (e.g. Transmission, Handbrake, etc). Theoretically, this attack would be added as a capability or as a payload of such malware. For example, the malware would persist, survey the system, then use this attack to dump the keychain. If I was writing a modular mac backdoor or implant, I’d call it the “dump keychain” plugin :)”  added the expert.

    Wardle reported the discovery to Apple along with a proof-of-concept (PoC) code, he avoided to publicly disclose technical details to prevent malicious actors from abusing the technique.
    Security experts always recommend customers to download applications only from trusted sources and pay attention to the security warnings displayed by the operating system.

    “A few things. As mentioned before, this attack is local, meaning malicious adversaries have to  first compromise your mac in some way. So best bet – don’t get infected. This means run the latest version of macOS and don’t run random apps from emails or the web. Also, this attack requires that the keychain is unlocked. By default the keychain is unlocked when the user logs in. However, you can change the keychain password (so it is not automatically unlocked during login, or (via the Keychain Access app) lock the keychain while you are not using it. ” suggests Wardle to stay safe.

    Unfortunately, Apple’s bug bounty program doesn’t cover macOS., this means that the expert will not be rewarded. Well, let's hope that Apple will make his case an exception.

  • Skylake is the codename for Intel's sixth-generation range of Core laptop and desktop PC processors. They've already been superseded by the seventh-gen CPUs and you can find out how Skylake compares with Kaby Lake.

    But Skylake isn't dead yet. No. Intel has launched Skylake X CPUs, which are the high-end enthusiast versions.

    Interestingly, Intel isn't using the Core i7 branding as it has done in previous years but add a new number: 9. The Core i9 range could be in response to AMD's Ryzen processors, which were named to seem similar to Intel's Core i5 and i7 ranges. 

    Last year at Computex, Intel unveiled its first 10-core consumer CPU, the company's move into the world of a "megatasking." It was a pricey chip, launching at around $1,700, but it satisfied the needs for users who needed to juggle several intensive tasks at once. Now, Intel has upped the ante with a whole new family of processors for enthusiasts, the Core X-series, and it's spearheaded by its first 18-core CPU, the i9-7980XE.

    Priced at $1,999, the 7980XE is clearly not a chip you'd see in an average desktop. Instead, it's more of a statement from Intel. It beats out AMD's 16-core Threadripper CPU, which was slated to be that company's most powerful consumer processor for 2017. And it gives Intel yet another way to satisfy the demands of power-hungry users who might want to do things like play games in 4K while broadcasting them in HD over Twitch. And as if its massive core count wasn't enough, the i9-7980XE is also the first Intel consumer chip that packs in over a teraflop worth of computing power.

    If 18 cores is a bit too rich for you, Intel also has other Core i9 Extreme Edition chips in 10, 12, 14 and 16-core variants. Perhaps the best news for hardware geeks: the 10 core i9-7900X will retail for $999, a significant discount from last year's version.

    All of the i9 chips feature base clock speeds of 3.3GHz, reaching up to 4.3GHz dual-core speeds with Turbo Boost 2.0 and 4.5GHz with Turbo Boost 3.0. And speaking of Turbo Boost 3.0, its performance has also been improved in the new Extreme Edition chips to increase both single and dual-core speeds. Rounding out the X-Series family are the quad-core i5-7640X and i7 models in 4, 6 and 8-core models.

    While it might all seem like overkill, Intel says its Core i9 lineup was driven by the surprising demand for last year's 10-core chip. "Broadwell-E was kind of an experiment," an Intel rep said. "It sold... Proving that our enthusiast community will go after the best of the best... Yes we're adding higher core count, but we're also introducing lower core counts. Scalability on both ends are what we went after."

    As you can imagine, stuffing more cores into a processor leads to some significant heat issues. For that reason, Intel developed its own liquid cooling solution, which will work across these new chips, as well as some previous generations. All of the new Core i9 processors, along with the 6 and 8-core i7 chips, feature scorching hot 140W thermal design points (TDPs), the maximum amount of power that they'll draw. That's the same as last year's 10-core CPU, but it's still well above the 91W TDP from Intel's more affordable i7-7700K.

    Over the past few years, Intel's laptop chips have been far more interesting than its desktop CPUs. Partially, that's because the rise of ultraportables and convertible laptops have shifted its focus away from delivering as much computing power as possible, to offering a reasonable amount of processing power efficiently. The new Core i9 X-series processors might not be feasible for most consumers, but for the hardware geeks who treat their rigs like hot rods, they're a dream come true.

    When is the Core i9 release date?

    Release date: June 2017*

    At the chips' launch at Computex 2017, Intel said the new processors would be on sale "in the coming weeks". *That applies to the Core i9-7900X downwards. 

    The i9-7920X will go on sale in August, while the top three chips don't yet have an official release date.

  • There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.

    The scope and severity of the fallout from the WannaCry attacks over the past week elicits plenty of "we told you so" head shakes about the dangers of ransomware. With a lightning-fast speed, the blackmail worm spread quickly.

    According to Europol, the attack had reached about 150 countries and more than 200,000 systems. When security researchers found a kill-switch for the attack that they used to their advantage, it didn't take long for new variants to start up again with infections occurring at a rate of 3,600 systems per hour.

    It was a nasty bit of business and while the hue and cry over ransomware shouldn’t be ignored, there are a lot more valuable lessons beyond those that have to do with cyber blackmail. Here are just a few of them.

    1: Vulnerability and Patch Management overshadows everything

    Patch, patch and patch. It's been the overwhelming mantra of security pros for decades, and this attack campaign shows us why. The rapid spread of the worm was made possible by the ubiquity of systems worldwide running on unsupported or unpatched operating systems.
    Hopefully, after this attack, organizations will significantly alter their continuous patch hygiene. Microsoft also released new emergency patches for Windows XP and 2003, even though it has stopped all security updates and technical support for XP since April 2014, which simply shows the seriousness of the attack and the risk of deploying out-of-date operating systems in work environments."

    2: Unknown Assets can cause you so much problems

    It's just about impossible to patch systems an organization doesn't even know exists. The insidious effects of WannaCry offer up a good illustration of how easy it is for attackers to scale attacks against the forgotten systems that can be lost through inconsistent asset management.
    "Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors," says Steve Ginty, senior product manager at RiskIQ. "For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, they provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall."

    3: Network Segmentation Can Be a Valuable Risk Reducer

    Of course, patch management isn't as simple as just finding every system and waving a magic wand over them. Many organizations struggle to update legacy and embedded systems due to a host of technical problems. It's why WannaCry found such fertile ground in healthcare organizations, since many medical devices are built on top of old Windows operating systems that are very difficult to update due to government regulations and the organizations' own concerns about causing system disruptions during updates. We all have faced challenge(s) while updating our work and personal devices at one point or the other.
    "In many cases, devices will never receive updates either because the OS is no longer supported and memory, storage, and processing constraints may prevent the device from operating effectively with the latest software. Finally, I suspect that many hospital administrators may not recognize the danger from using outdated software on these devices, and simply avoid patching because the device works. Thus 'if it ain’t broke, don’t try to fix it' mentality can be tremendously detrimental to hospital security."
    This scenario is a perfect example of how compensating controls - like network segmentation - should have kicked in for a lot of organizations.
    "Of course, today, completely disconnecting a machine from the Internet typically renders it of little use. But network connectivity can be limited as much as possible," says Brighten Godfrey, co-founder and CTO of Veriflow. "Segmentation requires careful network architecture, especially in a complex environment where configurations of firewalls, routers and other devices are continually changing. Rigorous network verification methods can help ensure that the intended segmentation is continually realized."

    4: Security Has Real-World Repercussions

    Speaking of healthcare, one of the big-picture lessons that security professionals around the world should be thinking deeply about is the fact that cybersecurity is no longer just a game of protecting data. When attacks happen today, they have real-world repercussions that can affect the safety of people's life and limb.
    "With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry," says Terry Ray, chief product strategist for Imperva.
    The attacks against the UK's National Health Service put hospital operations at a standstill and threatened the health of real people. As much as the security industry talks about its struggle with attackers as a game, using terminology like "whack-a-mole" and "cat-and-mouse" to describe the back-and-forth exchanges, the truth that WannaCry should bring home is that what we're engaged in is not frivolous or fun. The consequences are real and serious.

    5: It's Easy to Forget the 'A' in Security's 'CIA'

    So many security organizations get hung up on the confidentiality and integrity part of IT risk management that they forget the final leg of that three-legged stool: availability. According to estimates from Cyence researchers, the business interruption costs to companies from WannaCry will add up to over $8 billion.
    "Business interruption caused by the WannaCry malware is probably the most substantial and problematic component to this event. Organizations will suffer interruptions to their business, lost income, and extra expenses while the infection is being remediated – and it will take some time to get back to full productivity even after systems are restored.
    Obviously, these are big-picture lessons. And it will take time to turn these lessons into meaningful action. In the meantime, for those who've found they've lost access to their WindowsXP systems, there's at least some good news on that front. Security researchers with the French security firm Quarkslab have released a tool called Wannakey, which can help recover the private encryption key for infected WindowsXP systems.

  • If you can’t get enough of Space Black/Deep Blue iPhone colorways, we’ve got you covered with some nice looking photos of alleged iPhone 7 Pro units in Apple Watch-style Space Black finish that’s supposed to replace the current Space Gray option. Plus, we have a bunch of crisp shots of a working iPhone 7 Pro prototype in Deep Blue.
    Feast your eyes on the photos and let us know your thoughts in the comments.

    More iPhone 7 Space Black images

    As you can see below, the images purportedly show a rumored iPhone 7 Pro model sporting three pins on the backside, presumably for a Smart Connector. We can clearly see curved appearance of the dual-camera system on the back, along with cleaner antenna lines and a SIM tray on the side (so no e-SIM for the next iPhone).

    The Home button seems to sit flush with the front face, yet another indication that the iPhone 7 may come with a non-moving Home button outfitted with pressure sensors and haptic feedback to simulate clicks.

    After nine years, the iPhone 7 appeared ready to move to a MacBook-inspired touch sensitive button which uses haptic feedback to simulate the sensation of physical touch. A fixed button would be more reliable, save physical space and potentially enable Apple to use the touch sensitivity to add gesture support at a later date (there’s no sign of this in iOS 10).

    How about Deep Blue?

    The images you see below were sent by an unknown source. The pictured unit is apparently an engineering prototype, running iOS 10. A few images show the device running Apple’s internal testing software, called SwitchBoard.
    Aside from a nice-looking blueish hue, the device’s backside sports dual cameras, in line with previous rumors, along with legitimate-looking iPhone branding.
    Whether or not the device on these crisp photographs is a regular 5.5-inch iPhone 7 Plus model or its rumored “Pro” counterpart is anyone’s guess, but one rumor said Apple had abandoned Deep Blue in favor of a more subdued Space Black finish.

    Yesterday’s Space Black photos

    Yesterday, Dutch blog TechTastic.nl posted high-quality photos of iPhone 7 casings in Space Black that you can see right below. Japanese blog Mac Otakara was first to report earlier in the summer that the iPhone 7 might come in a new Deep Blue colorway, but the post was later amended to indicate that the hue is actually more akin to the stainless steel Apple Watch in Space Black, so there’s that.

    iPhone 7 to support fast-charge tech?

    Last but not least, earlier this morning The Malignant posted a sketchy image suggesting that the iPhone 7 may use a special circuitry to support “at least” 5-volt, 2-amp fast-charging. The image below is said to show an iPhone 6s logic board next to its iPhone 7 counterpart with a new circuitry to support fast-charge technology.

    No Stereo Speakers
    This news comes via highly reliable French site Nowhereelse.fr which has attained schematics of the iPhone 7. The schematics say the matching second speaker grill on the bottom edge of the iPhone 7 (added thanks to the removal of the headphone jack) is purely cosmetic and simply houses the microphone.

    Apple has pulled a similar stunt before with the iPhone 4S which also had matching dual speakers on the bottom edge (the headphone jack was at the top of the phone back then). Many predicted stereo sound at the time, only to be disappointed.

    September is almost here!

    With a little more than three weeks left until a rumored September 7 unveiling, small wonder we’re now seeing high-quality photographs of genuine-looking iPhone 7 parts.
    I’m eager to hear your thoughts on these rumored leaks for the next iPhone. Would you pick one over another, and why? or would you stick with your current iPhone?

  • Security Experts at Sophos explained the efficiency of the business model known as Cybercrime-as-a-Service in the specific case of Vawtrak botnet.

    The term Cybercrime-as-a-Service refers the practice in the cyber criminal ecosystem to provide product and services for use by other criminals. In September 2014, a report from Europol’s European Cybercrime Centre (EC3), the 2014 Internet Organised Crime Threat Assessment (iOCTA) report, revealed the diffusion of the business model in the underground communities and highlighted that barriers to entry in cybercrime ring are being lowered even if criminal gangs have no specific technical skills.

    Criminals can rent a botnet of machines for their illegal activities, instead to infect thousands of machines worldwide. These malicious infrastructures are built with a few requirements that make them suitable for the criminals, including User-friendly Command and Control infrastructure and sophisticated evasion techniques.
    The botnets are very flexible and could be used for several purposes, including to serve malware or to send out spam emails. For example, the botnet’s computers can be configured to serve as proxies or even — once all the other usability has been sucked out of them — as spambots.

    An example of banking malware botnet is Vawtrak, also known as NeverQuest and Snifula. According data provided by Sophos, Vawtrak was the second most popular malware distributed by malicious drive-by downloads in the period between September and November.

    Sophos published an interesting paper on the cybercrime-as-a-service model applied to the Vawtrak botnet, titled “Vawtrak – International Crimeware-as-a-Service“.
    “If you look at the client-side, the commands used, and the debugging code, suggests that it’s more user friendly than some of the other malware we look at,” said James Wyke, senior threat analyst at Sophos Ltd. “It’s almost certainly going to be a point-and-click Web-based interface. Simplicity is one of Vawtrak‘s positive points.”

    Despite Wyke hasn’t personally evaluated the Vawtrak for leal and ethical reasonsSophos was able to investigate the activities Vawtrak platform is being used for. The experts recognized a pattern in the “modus operandi” of the Vawtrak clients, which used the botnet to target banks and other financial institutions worldwide. The attackers are able to run sophisticated attacks in a methodical way, by-passing two-factor authentication mechanisms and implementing custom injection mechanism.

    The experts revealed that Vawtrak was used by criminal organization in US to compromise both large banks (i.e. Bank of America and Citigroup) and smaller financial institutions (i.e. Bank of Oklahoma, Cincinnati’s Fifth Third Bank, the Columbus-based Huntington National Bank).

    There are tens of thousands of computers already infected and in the network, Wyke said.
    cybercrime-as-a-service botnet infections

    That makes it smaller than some of its competitors but, because of its business model, it might actually be more profitable.
    The cybercrime-as-a-service model developed for the Vawtrak botnet allows customers to choose specific types of infected machines, to customize the botnet to hit a specific target (i.e. banks, private firms) or to request specific types of stolen data.
    “If you want banking credentials for certain banks, or certain regions of the world, they can start campaigns targeting those banks or those countries,” said Wyke. “We’re moving away from the model where the cybercriminals write their own software, or sell you a kit and you go away and create your own botnet,” Wyke said.

    The availability of stolen data makes the model of sale Cybercrime-as-a-Service very attractive for criminals that can use them to run further attacks by having more information on the targets.

    The Vawtrak botnet provides also specific data hijacked by the botnet, including banking access credentials, that allows the criminals to deliver new strain of malware to the infected computers.
    “This is a flexible business model,” he said. “Once the machine starts sending out spam it becomes obvious that it’s infected with malware and it’s not going to be infected much longer,” he said.

    Experts at Sophos suggest to keep defense systems up-to-date and provide a free removal tool for the Vawtrak botnet on the company website.

  • A basic guide to the Internet's underbelly -- the Dark Web.

    Deep or Dark?

    There's a difference between the "Deep Web" and "Dark Web." While the "Clear Web" is the surface area which is indexed by search engines such as Google and Yahoo, the Deep Web is an area search engines can't crawl for or index. Plunging in further, the Dark Web is a small area within the Deep Web which is intentionally hidden from discovery.

    How do you access the Dark Web?

    You can't use standard access methods to gain entry into the Dark Web. The most common method is through the Tor network, an anonymous network created from nodes which disguise online activity. In order to use Tor, you need the Tor browser, and may also need to be issued an invitation to access certain .onion domains hidden within the Dark Web.

    Wait, .onion domains?

    An .onion address is the result of Onion networking -- low-latency communication designed to resist traffic analysis and surveillance. The use of Onion networking is not a perfect solution to maintain anonymity, but it does help disguise who is communicating with whom.

    It's not just drugs

    Many of us heard when the underground marketplace Silk Road, one of the largest hidden within the Tor network, was taken down following an investigation by US authorities. However, there are many more vendors peddling their wares within the Dark Web. While drugs are the most commonly-thought of when it comes to the secretive area, you can also purchase a plethora of other illegal goods. Weapons, porn, counterfeit money and fake identities, hacked accounts and even hitmen can be found if you have the cash. If someone annoys you, sending over a SWAT team as a "prank" is also possible.

    It's also something of an eBay for peculiar items.

    A quick browse and I could buy lifetime membership passes to popular services such as Netflix, old consoles, clothing, emulators and DVDs, a car or two and bulk weight loss pills. Technology is also popular -- there is a wealth of devices available -- both counterfeit and apparently legitimate -- if you know where to look.

    The Dark Web is used for more than buying and selling.

    So-called "ethical" hacking and political forums, archives of forbidden books, tips on how to care for your cat -- there are potentially thousands of private .onion addresses hosted which go beyond marketplaces.

    Trading is hardly safe or risk-free

    Whether you take a risk with buying bargain designer clothes on the Clear Web or sink a few Bitcoins in purchasing illegal items through the Dark Web, neither is risk-free.
    Vendors and sellers might be trying to avoid the eyes of legal enforcement in the darker side of the Internet, but this doesn't stop scams from taking place. Scam vendors and quick grab-and-run schemes run rampant -- especially as there is no way to follow up with failed sales down the legal route.

    Buying and selling through the Dark Web

    How do you trade without being linked to bank accounts? Virtual currency is the most common method, which includes "tumbling," a laundering process which destroys the connection between a Bitcoin address which sends virtual currency and the recipient in the hopes of covering a user's tracks. Some vendors offer escrow services which holds Bitcoin in trust until goods have been delivered and both parties are happy -- although value fluctuations linked to Bitcoin use makes this move risky.

    Avoiding spying eyes

    Aside from using the Tor browser and VPNs, a number of buyers and sellers use "Tails," free software which can be booted from flash storage to provide end-to-end encryption for your browsing sessions.
    To further cover their tracks, vendors and sellers will often also use public Wi-Fi hotspots to conduct their business.

    Reddit is used as a communication platform for Dark Web transactions

    Although far from exhaustive, the best Clear Web resource to bounce around and learn a little about the darker, nastier aspects of the Internet is on Reddit. There are sub-forums in which Dark Web vendors and buyers exchange news, thoughts and seller reviews. Advice is also issued on how best to "clean house," create safe "drop" zones to pick up packages ordered from the Dark Web and what to do if you think law enforcement is keeping an eye on you.

    There is a whole lot more to know about the Deep web. Click this link to read more.

  • Microsoft's Windows 10 was launched some few weeks ago, but questions -- lots of questions -- still remain about the new operating system, from when it will be taken to the bosom of enterprise to whether some of Microsoft's moves leading up to it were premeditated.

    Microsoft expert, Steve Kleynhans, spoke at length about the latest OS answering 10 questions about Windows 10. Kleynhans' responses were lightly edited for length.

    Will Windows 10 beat Windows 7's first-year adoption rate, which stood at 22% of all Windows PCs at the end of 12 months? 

    "It is quite likely that Windows 10 will beat Windows 7's adoption in the first year due to three factors," said Kleynhans. "First, the free upgrade will probably be taken by a relatively healthy portion of the population. Second, more users have automatic updates enabled today than six years ago. And third, compatibility between Windows 7 and Windows 10 is significantly better than between Windows XP and Windows 7. There will be a lot fewer blockers to get in the way.

    "Enterprise adoption isn't likely to be significantly better in the first year. However, enterprises will move more quickly to Windows 10 than Windows 7 and there will be a few motivated to move a bit earlier if only because of the one-year free upgrade deadline. There are fewer barriers to moving with Windows 10, including in-place upgrades and no new Internet Explorer [IE] version to wrestle with, so while enterprises will take a bit longer than consumers to get started, both should be a lot higher with Windows 10."

    When will enterprises begin adopting Windows 10 in force? 

    "Companies never do anything quickly, so aside from some aggressive early adopters, most organizations will use 2016 as a time to study the new OS and potentially run some pilots," Kleynhans said. "Real roll-outs might start in late 2016, but are more likely to really kick off in 2017."

    What's Windows 10's biggest draw for enterprises? 

    "Two things: security and lighter-weight management," said Kleynhans. "There are a number of security enhancements, from biometric log-ins to hardware-enabled protection for parts of the OS, that will be compelling to enterprises.

    "Similarly, the ability to use a store for provisioning users, enabling a self-service model, and potentially opening options for BYOD will be attractive.

    "In the short term most companies are looking at Windows 10 as providing them access to 2-in-1 devices that users find intriguing, without having to figure out Windows 8 or deal with some of its enterprise shortcomings. But regardless of any goodness in the product, the biggest driver will ultimately be Windows 7's end-of-life."

    What in Windows 10 -- or about it -- will be the biggest inhibitor to adoption by enterprise? 

    "Probably inertia," said Kleynhans. "For the most part, hardware and software compatibility isn't a big blocker, although official ISV [independent software vendor] support may be, especially in regulated industries. But doing a large-scale Windows migration is a major project. While it is nice to say that this is the last one enterprises will have to do, they still have to do this one.

    "Like any major project, it will take budgeting of time and resources. It will be disruptive. There are also things to learn and integrate into existing processes, such as the new servicing model, selecting a branch, and changes in how they manage things in order to keep current and supported."

    [Computerworld couldn't resist a follow-up question about Kleynhans' reference to "the last one enterprises will have to do," asking him if that would, in fact, be the case. "I think Microsoft believes that," Kleynhans answered. "That's the plan of record. But things change. In 10 years, who know what will happen?"]

    Will enterprises accept Windows 10's new patching and update schemes, or will they reflexively lock down devices with LTSB (long-term servicing branch) and just treat Windows 10 as they now do Window 7? 

    "Some enterprises will undoubtedly try to fall back to the LTSB because it will seem safe and familiar," agreed Kleynhans. "But I suspect that they will quickly discover that the limitations make it unsuitable for a large portion of their users.

    "Once they address the new update cadence for some users, it will be straightforward to extend it to a larger group, lessening the appeal of the LTSB. We will probably see some companies start with the majority of their users on LTSB, but quickly shift towards only those who really need it. By 2019 it is likely that LTSB will be a small percentage of users, less than 10%."

    Will Windows 10 measurably help Microsoft in mobile?

    "Well, it couldn't hurt," countered Kleynhans. "But it really is a big question whether it will draw developers to the platform with the kind of apps that are being developed for iOS and Android.

    "The only thing that truly solves the problem is market share. If a developer perceives the entire Windows 10 ecosystem as a target, the market share number will look pretty good. However, it is likely that most phone developers will continue to focus solely on the Windows smartphone number, and that will dampen their interest."

    What about Microsoft's Universal app strategy? Will that have an impact? "Microsoft certainly hopes it will," said Kleynhans. "But any impact will be a relatively slow build. It will be one more option in a broad collection of options for developers, even if they only focus on the PC: Should I develop a Web app, should I write a traditional Windows app, keep building .NET?

    "I think developers targeting PCs will settle on a combination of Web and Universal apps, but that is likely to be 2018 or later, when a critical mass of Windows 10 devices is in businesses.

    "Universal Windows apps are most immediately compelling to businesses looking at building something that needs to be accessed on a tablet and a PC, or potentially a 2-in-1. So it will help Windows 10 gain a stronger foothold in vertical business applications with a mobility component.

    "In the short term, there may also be some success with games. People like casual games as a simple distraction, even on PCs, so that will be a reasonably good target."

    Will there be a repeat of the scramble to get off Windows XP as Windows 7 nears retirement in January 2020? "There is a lot more awareness of the end-of-life of Windows 7 than there was of Windows XP's," Kleynhans said. "It is still fresh in the minds of a lot of companies, and so you are seeing it pop up on long-range road maps.

    "Generally, companies will plan to be more proactive and will have great intentions about avoiding the mad dash to the finish line in 2019, but the realities of business, and human nature, will cause plans to slip. I expect it will be less of a scramble, but it will still be a scramble."

    Will Microsoft be able to continue to charge for the OS or will it revert to a support model for revenue? "Microsoft will continue to charge for Windows," Kleynhans asserted. "The real question is whether users perceive that they are paying for Windows.

    "The vast majority of users will get Windows as part of the device and the cost will be buried in the device, like the cost of the screen or battery. Unless you are building your own PCs, it won't be visible. Users will get all the updates on that device for free so they won't perceive that they ever pay for Windows.

    "Enterprises, on the other hand, will be gradually coaxed towards a Software Assurance model with flexibility, deeper support, and additional management and security capabilities being the carrots offered over traditional volume licensing. This will look much more like a subscription model."

    In hindsight, several of Microsoft's moves in 2014 now seem to be preliminary steps toward Windows 10, including the requirement that businesses migrate to Windows 8.1 Update within four months, and the deprecation of most IE editions other than IE11. Were these part of a master plan, or was Microsoft simply trying things?" "It's probably best to think of this as more an evolutionary process than a detailed master plan," said Kleynhans. "Obviously, there was always a plan to get people off older versions of IE. The specific timing, though, was in place before the details of Windows 10 were locked down.

    "I look at the updates for Windows 8.1 as being tweaking and testing towards a goal of faster updates, rather than long-term steps in a grand scheme. Remember there was a regime change in Windows, and Microsoft for that matter, right in the middle of all of this, and what we are seeing now is the output of the new leaders, tempered with some marketplace realities."

    The Connected Car

    The way cars are made, bought and driven is changing with mobile communications. This paves the way to a driverless future

    IN A generation from now, your journey home may go a bit like this. As you leave your office, an empty car rolls up. Perhaps you summoned it, or maybe this is a regular pickup. On the way home you listen to your favourite music, watch a television show or catch up with the news. You barely notice as the car slows down or speeds up to avoid other vehicles, except for when it pulls aside to let an ambulance through. Some of the other cars have drivers using a steering wheel, but many of them, like yours, have no wheel at all.
    Despite that hold-up your journey is much faster, even though there are more cars on the road than in 2014. When you arrive home, the car heads off to its next client, or to park somewhere and wait for a call. You don’t know or care. After all, it’s not your vehicle: you summon a car only when you need one.

    Tantalising glimpses of this future are common today, most notably in Google’s bubble-shaped prototype of an autonomous car. The internet giant has been running Toyotas and other models adapted for driverless travel up and down Highway 101 in Silicon Valley for a couple of years now, using on-board sensors to keep the vehicles on the straight and narrow.

    Other experiments use a different approach to ensure safe journeys. Some 3,000 drivers in Ann Arbor, Michigan, have had wireless internet connections fitted to their cars. These are used to feed information to and from other vehicles and the transport infrastructure. The system will, for instance, warn a driver about to overtake a car if there is a chance of a collision with an oncoming vehicle, or change a traffic light to green if safe to do so. The number of vehicles involved in the project, run by the University of Michigan and largely funded by America’s Department of Transportation, could triple over the next few years.

    What is happening in Michigan is part of a much broader trend: the rise of the “connected” car. This is the coming together of communications technologies, information systems and safety devices to provide vehicles with an increasing level of sophistication and automation. It is a process that will change not just how cars are used but also the relationship between a car and its driver. This, in turn, will affect the way vehicles are made and sold. Eventually, it is the connected car that may deliver a driverless future.

    The kit that enables this is starting to appear in new vehicles. Some of the most advanced driver aids can be specified in certain Mercedes-Benz models. These cars are already capable of doing a fair bit of autonomous driving. For instance, the German company’s new “Intelligent Drive” package has a feature which, in congested traffic moving at less than 60kph (37mph), allows the driver to let the car steer, brake and accelerate by itself. The system uses a combination of ultrasonic and radar sensors along with cameras that monitor all around the vehicle. Because Mercedes drivers like to be comfortable, it will even automatically adjust the suspension before the car hits a pothole in the road.

    Many features in modern cars are becoming accessible to smartphones that connect to the vehicle. A smartphone app allows the driver of an electric BMW i3, for example, to check the battery capacity of his vehicle while it is being topped up at a recharging station. Audi, part of the Volkswagen group, is working on a system which would allow a driver to get out of the car and use his smartphone to instruct the vehicle to park itself.

    Connected cars are a marriage of two types of mobile technology: the mechanical sort, which revolutionised transport in the 20th century, and the electronic variety, which has transformed telecoms in the 21st. A recent report by analysts at Citigroup, a bank, used data from IHS, a research firm, to divide the ways that mobile telecoms are influencing motoring into three useful groups.

    The car app

    The first bunch is made up of services and applications delivered via mobile networks to a car—either to systems that are part of the vehicle or to devices, such as smartphones or tablets, carried by the driver or passengers and connected to the car wirelessly or with a cable. The most obvious example are “infotainment” systems, which stream music, video, satellite navigation and traffic information. The second consists of services based on data supplied from the car, such as advance warning that a part needs to be replaced. And the third category brings together multiple vehicles, communicating with each other and with smart infrastructure, from roadside sensors to traffic signals and remote data centres, to make traffic flow more smoothly and safely.

    Broadly speaking, services in the first group are the most widespread already. “The cards in infotainment have been dealt,” says Andreas Mai of Cisco, a network-equipment giant. People already have their favourite services, like iTunes, Spotify or TripAdvisor, on their smartphones. Surveys, though, suggest that car buyers place a higher value on services that make travelling safer, save them time or money, or alert them to problems with their vehicle. These services lie mainly though not wholly in the second and third groups. But widespread availability may take several years.

    The number of cars with some sort of networking ability today is small, perhaps only 8% of the global total, according to McKinsey, a consulting firm. But by 2020 around a quarter of all cars, mainly the more expensive sort, will be online. The build-up will be relatively slow because many old cars stay on the road for a decade or so. But for new cars things are changing rapidly. BMW has been embedding SIM cards for mobile connectivity in all its new cars since April. By 2020, around 90% of all manufacturers’ new models are likely to have them, according to Machina Research, another consulting firm. The market then starts to look particularly juicy. A recent report by GSMA, the mobile operators’ trade body, says revenues from the sale of in-vehicle services, hardware and the provision of connectivity itself will treble over five years to reach $39 billion by 2018. Machina reckons it could rise to a staggering $422 billion by 2022, most of it coming from connected services to and from vehicles.

    Description: http://cdn.static-economist.com/sites/default/files/imagecache/full-width/images/print-edition/20140906_TQD003_0.jpg

    Car buyers are expected to be keen on connected services once they get to know about them and see them in action. This much is clear from the limited offerings already available. The ability for the car itself to call the emergency services automatically in the event of an accident is reckoned by many drivers to be a valuable feature of GM’s OnStar, a connected safety and navigation system which in effect enables a vehicle to function as a phone. A separate app also allows OnStar users to lock and unlock the car’s doors remotely, start the engine and find the vehicle on a map if the driver forgets where he parked it. GM aims to have the service available in nearly all its cars worldwide by 2015.

    But regulators are also forcing the pace. The European Union wants a system that automatically calls for help in the event of a crash to be fitted to all new vehicles by 2015. Russia has similar plans and Brazilian cars will need to be fitted with trackers as a way to reduce theft. Encouraged by the Ann Arbor test, in February America’s National Highway Traffic Safety Administration said it would begin working on a regulation to require vehicle-to-vehicle (V2V) communication to be fitted in all new cars.
    On the digital dashboard

    Different applications require different technologies. A search for a parking space would probably go over public mobile networks from an app, whether on the driver’s smartphone or one running on a digital dashboard. For safety features, such as preventing a car from pulling out in front of another, V2V communication is essential, says Kurt Sievers of NXP, a semiconductor company. Public networks will be too slow for this and may lack the capacity. His company is making systems with dual antennae to cope with reception difficulties, because radio waves from moving vehicles tend to bounce off buildings and other surfaces. Authentication of signals matters too, to prevent cars taking unnecessary avoiding action.
    With increased connectivity between cars, driver aids will become much more sophisticated. A connected car would, for instance, receive not just information about a hazard detected by its own sensors, but also alerts from a vehicle farther along the road or around a blind corner.

    Description: http://cdn.static-economist.com/sites/default/files/imagecache/full-width/images/print-edition/20140906_TQD004_0.jpg

    Connectivity can also help provide more real-time information about traffic hold-ups, beyond that already provided by satellite-navigation devices. The addition of vehicle-to-infrastructure communication (V2I) takes things further still. Whereas the connected cars in Ann Arbor can change the timing of traffic lights, a combination of V2V, V2I and automated driving could do away with traffic lights completely. Cars could be co-ordinated so that they avoid one another at road crossings. Not having to stop at road crossings would reduce congestion.
    The sensors in vehicles that check things like tyre and oil pressures, as well as brakes and engine performance, will also have a role. Pavan Mathew of Telefónica, a mobile-network operator, points out that many drivers dread the moment when a dashboard warning light flicks on. Remote monitoring and messaging can swiftly send a note to the driver about the extent of the problem.

    Vehicles’ diagnostic systems could also pick up faults before they are manifested as black smoke pouring from an exhaust pipe or a horrible grinding noise from the engine. Cars could then be brought in for repair before trivial problems develop into big ones. Following the lead of Tesla, a Californian maker of electric cars, more faults might one day be fixed remotely over the internet by a software upgrade.
    Indeed, checking on cars remotely has plenty of other possibilities that may reduce (or worsen) stress levels. Online services will allow, for instance, closer monitoring of the driving behaviour of teenagers beyond the basic warnings of aggressive braking or exceeding speed limits that the “black boxes” supplied by some insurance companies presently provide. And not just younger drivers. Insurers are likely to offer any driver a lower premium if technological monitoring of his driving habits shows he is being careful.

    Exactly who will deliver all these new motoring services is far from clear. It is by no means certain that it will be traditional carmakers, even though they are all busily developing, making and marketing increasingly connected vehicles. In the past consumers have expected the new technologies that appear in cars quickly to become standard features for which they pay little if anything extra. Electric windows, anti-lock brakes and power steering are now almost universal.

    The connected car, however, has created powerful new competitors in the motor industry’s traditional supply chain. And some of those new competitors are keen to win themselves a big slice of the action. These are mobile-telecoms operators, makers of networking gear, developers of V2V and V2I technologies, producers of consumer hardware and systems, software firms and creators of mobile apps.

    Cars will become bundles of different technologies, not only of devices but also of consumer brands, all vying for the driver’s attention in a sometimes uneasy alliance with carmakers. Apple and Google are locked in competition for control of the digital dashboard. In response to CarPlay, a vehicle-infotainment system developed by Apple, Google in June launched a rival called Android Auto.

    Mobile-phone operators see the connected car as yet another device to be hooked up to their networks. In America, AT&T is letting drivers of GM cars add their vehicles to their data plans, alongside their smartphones and tablets, for $10 a month. In future, which mobile network you use may affect your choice of car. In a recent poll Nielsen, a market-research firm, found that half of Americans who owned cars made since 2009 would be less likely to buy a new car if it had a different data plan from their smartphone.
    Invisible competitors

    Not everyone trying to get in on the act will be visible to the driver. All the data going to and from cars and infrastructure will have to be transmitted and processed. That adds to demand for chips, network equipment and data centres. Cisco, for example, envisages a lot of processing taking place not in the “cloud” of central data centres but more speedily and conveniently within a “fog” of intelligent networks.

    Fiat Chrysler’s boss, Sergio Marchionne, is worried that it will cost his company money to “provide a venue to host other people’s parties”
    Carmakers know they will have to share the benefits of the connected car. Some seem gloomy about their prospects of getting any of them at all. Fiat Chrysler’s boss, Sergio Marchionne, is worried that it will cost his company money to “provide a venue to host other people’s parties”. Some carmakers see more of an opportunity to profit as they could benefit beyond their share of the monthly charges for connectivity. Using the data to tweak the design and performance of their vehicles by identifying components that are more likely to cause problems will both help them to improve the cars they produce and cut warranty costs. Good connectivity should help to reinforce brand loyalty too.

    The relationship between carmakers and their customers is at arm’s length at present, operating through a dealership system that is reminiscent of that between handset-makers and operators. After selling a car through a franchised dealer, further interaction with car buyers is limited to a dealership visit every couple of years for a service (or sooner if there is a problem). Connectivity will bring the customer and carmaker closer together. Ship and forget will be supplanted by ship and update, which is what makers of computers and mobile devices do already. So far car companies seem unclear about what this will mean for how they do business.

    Getting closer to their customers should at least make the carmakers more responsive. The data can help manufacturers and dealers target customers more efficiently. As well as sending details of offers, dealers might better fit a particular car to a driver through an analysis of individual driving habits. They could suggest extra features that would suit some motorists, from hybrid technology to modest add-ons. Some carmakers are already miles along this road. Elon Musk, Tesla’s boss, laughs at the suggestion that his customers would accept anything less than a high degree of connectivity and interaction when he sells them an electric car.

    The data could help customers know more about cars too. Motorists will have the ability to find out the actual miles per gallon a car will do in the real world rather than trust the claims made by car companies, which use a box of tricks to make their vehicles unrealistically frugal during tests.

    Carmakers, usually conservative and slow-moving, are getting ready. Aside from the engine, body and interior, cars already contain lots of electrical architecture. Most of the big firms have set up connected-car groups to work alongside their electrical engineers to ensure that the hardware and software required for connectivity fit. Detroit’s car guys are deferring to techies, poached from the software industry, who are adept at dealing with app-makers and the like. Carmakers are looking closely at Tesla, which describes itself as a “software company that builds cars”, for inspiration.

    Connectivity will eventually change the way cars are integrated into transport systems. Car sharing, either through car clubs run by the big rental firms or peer-to-peer services, will be far easier when communication between vehicles and potential passengers is seamless and any car can be accessed and operated securely by any smartphone. Making journeys using several forms of transport, including a car, will be smoother if it is easier to find car-sharing locations or parking spaces close to connecting points for trains or buses.

    And with increasing automation and connectivity there will be less need to have to own or drive these vehicles yourself. Today’s experimental autonomous cars stuffed full of on-board sensors are only part of the solution. The development of systems that let cars talk to cars, and to the world beyond, will be just as important on the road to a driverless future.