Monthly Archives: August 2014

Apple Opens Battery Replacement Program For Affected iPhone 5 Units

Apple has created an iPhone 5 battery replacement program after it released a statement saying that it had discovered a “very small percentage” of units “may suddenly experience shorter battery life or need to be charged more frequently.”

This iPhone 5 battery replacement program is the second to arrive. Late last year, Apple had a replacement program for iPhone 5s units with battery life issues.

Apple says the affected iPhone 5 units were sold between the month of it’s launch, September 2012, and January 2013.

The support site features a tool to check if your serial number belongs to a faulty iPhone 5. The replacement program is available at Apple Retail Stores, Authorized Apple Service Providers, and via AppleCare, in the US and China first. Those outside those countries will have to wait till August 29th.

As per us usual, you’re advised to backup you data, Turn off Find my iPhone, and Erase all Content and Settings before arriving to get the battery replaced.

If you had already paid to get your battery fixed (and you’re eligible for this replacement), Apple is offering refunds.

The program is available up to March 1, 2015 and it does not extend your iPhone 5’s warranty.


Via: techcrunch

The UPS Store breach – what went wrong and what UPS got right

Data breaches at 51 UPS Stores in two dozen US states have put as many as 100,000 customers at risk of identity theft and credit card fraud, after malware was found on the stores’ networks, the company said.

The UPS Store – a subsidiary of global shipping service UPS – said it began investigating after it received a bulletin from the US Department of Homeland Security warning of a “broad-based malware intrusion” targeting retailers.

It appears that the malware was on the stores’ point-of-sale (PoS) registers, similar although not necessarily related to the attack on Target in late 2013.

UPS said that the network intrusions occurred between January and July of this year, and malware on the networks of the 51 affected stores (around 1% of the company’s 4,470 franchise locations) was eliminated as of 11 August 2014.

Lost customer data included customers’ names, postal addresses, email addresses and payment card information.

UPS notified customers via its website, although the company said it “does not have sufficient customer information to contact potentially affected customers directly.”

So sorry

After so many data security incidents at retailers in the past year, from Target to Neiman Marcus, Michaels, and just recently P.F Chang’s and Supervalu, you would hope that the industry should be getting better at preventing attacks.

At the very least, companies should be figuring out how to effectively notify impacted customers.

A statement on 20 August from The UPS Store CEO Tim Davis makes it clear that he is taking responsibility for the data breach – including two words that we don’t often hear from CEOs: “I apologize.”

It’s unfortunate that UPS wasn’t able to reach out directly to affected customers, but the company seems to have done a good job of getting the word out on its website and giving customers the information they need to determine if they were victims.

The UPS Store website explains in a clearly worded FAQ exactly what happened, where it happened and over what time period, what data was stolen, and what to do.

Unlike some companies that dismiss security incidents with little more than a shrug – notably those in the tech sector such as Snapchat and Viber – retailers know that their very survival depends on maintaining customer trust that their financial data is safe when they use a credit card.

As Target has found out, it can take a long time to restore that lost trust, and the cost of a data breach includes damage to a brand that can be hard to calculate.

For the sake of his company – and his customers – let’s hope Davis’s apology is more than empty words.



Via: sophos

OS X Yosemite Public Beta 2 and new iTunes 12 build now available

Apple has just released the second version of the OS X Yosemite Public Beta and a new beta build of the thoroughly overhauled iTunes 12 for Yosemite. The second public Yosemite beta is basically the same version as OS X Yosemite Developer Preview 6 that was seeded to Apple’s registered developers last week week.

Both updates are available for download through the Mac App Store to folks who applied for the OS X Beta Program

The new iTunes 12 beta build 97 features new media-category icons for your Music, Movies, TV shows, Podcasts and more, in addition to smaller design tweaks ensuring user interface consistency.

Known issues in Yosemite Public Beta 2:

  • Safari
    • Safari may hang whne playing certain Netflix content
  • iPhoto and Aperture
    • iPhoto 9.5.1 and Aperture 3.5.1 are required on OS X Yosemite. Update to these versions from the Mac App Store.
    • Text and other interface elements such as checkboxes and radio buttons may not display properly.
    • Photos shared via Twitter and Messages may be rendered at a reduced size.
  • iCloud
    • The shared purhcase histroy page on the Mac App Store is disabled for Family Sharing accounts.

As for Yosemite, new features first made public in a developer-only release last week include five beautiful new wallpapers (download them here) that focus on the beauty of the Yosemite National Park, revamped icons in System Preferences, a tool to send Apple your diagnostics and usage data, a prettified MacBook charging icon in the menu bar and more.

Also new in Yosemite: a Do Not Disturb switch in the Notification Center and a host of other minor tweaks and changes, such as new Image Capture and external drive icons and new dashboard display options.



Via: idownloadblog

Learning from the Amtrak Data Breach – Risks from Within

A recent report published by Amtrak’s Office of the Inspector General revealed that an employee of the passenger rail company had been selling passenger data for two decades. The buyer of this data was none other than the Drug Enforcement Agency, which paid the employee $854,460 over the period. Iowa’s senior senator, Check Grassley, sent a letter to the DEA raising serious concerns over the incident.

The most significant part of this security breach is the fact that this former employee was able to sell personally identifiable information of Amtrak passengers since 1995. In other words, this misconduct was being carried out without being noticed by even a single person for two decades. Through this unauthorized sale of customer data, the employee received $854,460 in total from DEA.

The DEA was supposed to be able to receive the customer data in question upon request, and for free, via a joint taskforce that included both Amtrak and the DEA. In short, the American taxpayers paid for information that they should have received free. After the incident came to light, instead of being punished, this employee chose to retire.

How the security breach was identified in the first place is not included in the OIG report. Considering the fact that one employee was able to carry out a series of misconduct for such a long time, serious questions need to be asked – what kind of internal control and audit were in place? What kinds of security measures were implemented to prevent such breach?

Survey: One in five respondents were breached from the inside

Whether caused by cyber-attacks or malicious employees, data breach continues to make headlines worldwide. A Trend Micro survey that was carried out in March 2014 among 1,175 Japanese IT security professionals and decision makers revealed that 233 or 19.8% of them experienced data breaches from internal systems in 2013. In other words, one in five respondents were breached from the inside.

A total of 778 respondents (almost two-thirds of those surveyed) confirmed that they had experienced security breach of some kind. 28 respondents (3.6%) added that the stolen data that had been used or manipulated elsewhere. These statistics only represent security breaches among businesses in Japan, but it is likely that statistics might be more or less similar elsewhere, even if not the same. Data breach is no longer “someone else’s problem”.

Organization-wide efforts needed

We are used to talking about data breaches being caused by cybercriminals or accidents by employees. However, this incident –together with recent data breach done by contractor using smartphones in Japan– highlights how significant the threat can be from malicious insiders.

Organizations need to invest their efforts into developing security policies and guidelines, and making these understood to their employees. Staff training and awareness efforts can also help in the fight against data breach. These efforts should also be aimed at discouraging employees from even thinking about compromising their company’s data.

When it comes to targeted attacks, the assumption must be that breaches will happen. Businesses now need to realize and invest in security based upon the assumption that insider threats will happen.


Via: trendmicro

Twitter injects favorites into newsfeeds, but is it an ‘invasion of privacy’?

Twitter is taking people’s favourites and injecting them into others’ newsfeeds as if they were retweets.

The move is causing harrumphing among people who mistakenly thought their favourites were private.

A few such:


Twitter is showing what you favorite now… That is like an invasion of privacy.



Twitter showing what people favorite now …. Can’t even lurk in private

The thing is, we never could have lurked in private, favouriting tweets from our super-secret hidden bat caves.

That’s because the information’s readily available.

All somebody has to do is to go to your Twitter account and click on a list that displays all your favourites on one page, like this.

Still, some Twitter users seem to prefer having at least what they think of as “semi-private” favs – as in, private if you assume that others don’t know/care enough to click on a page to see what Twitterishly turns you on.


@pkafka That sucks. Favorites should be semi-private.

The Next Web’s Jon Russell reports that he first got wind of the RT-ification of favourites on 4 August.

Since then, users report that Twitter has increased the volume of your favourites that it shows to your friends. As well, people are being notified when others follow someone new.

I reached out to Twitter to ask for the rationale behind what might just be an experiment and for any other details it might want to share. I’ll update the article if I hear back.

But given that it’s a service that runs on advertising revenue, one might assume that the newsfeed tweaks are yet more sticks to poke at that honey hole.

Beware, Twitter: right now, you’re respected as a decent source of news.

Take care that you don’t dilute that by unleashing algorithms and experiments that pollute newsfeeds.

Stuffing people’s newsfeeds with content they didn’t ask for is a sure way to convince people you’re getting Facebook-y.


Via: sophos

Malware threatens virtual machines, according to report

Malware for virtual machines is a threat – one that uses advanced techniques to evade automated analysis and has the potential to infect the physical host, Liam O’Murchu, a researcher with Symantec Security Response stated.

The conclusion is based on the “Threats to virtual environments” report released by Symantec, which is timely because Forrester Research is sourced as stating that more than 70 percent of organizations are planning to use server virtualization by the end of 2015.

Virtual machines simulate computer systems and are popular with researchers because malware can be executed and analyzed without needing to reinstall production systems, O’Murchu said. Nowadays, enterprises are increasingly using virtual machines in production environments with real customer data, he added.

“While enterprises may not think virtual machines are a security risk, from our analysis, [82] percent of the malware we tracked was able to run on virtual machines,” O’Murchu said. “In some rare cases, we also saw malware breakout of guest systems and infect the physical host.”

For a recent example, O’Murchu pointed to CVE-2014-0983; a “guest-to-host” breakout exploit for Vupen’s VirtualBox. He explained that by escaping the added layer or protection provided by virtual environments, malware gains longevity and can gain access to the network.

Another security threat – Crisis, for example – involves the opposite, a “host-to-guest” threat where malware, possibly spread through social engineering, lands on a host server and makes its way into a virtual environment or creates and launches its own “malicious virtual machine,” according to the report.

“Malware used in targeted attacks increasingly evades automated analysis on virtual machines,” O’Murchu said.

The malware does this in a number of ways, such as by waiting for the virtual machine to restart or by awaiting a certain number of mouse clicks before executing, according to the report, which adds that the analysis system will likely consider the file harmless if it does not act maliciously within five to ten minutes.

It is noteworthy that 18 percent of threats – researchers chose 200,000 random pieces of malware that customers submitted since 2012 – detect virtual environments and abort their payload execution, O’Murchu said, explaining, “Malware can check its runtime environment for specific files, registry keys, MAC addresses and other artifacts to verify if it is running on a virtual system.”

Proper access control management, disaster recovery, virtual network protection, updated snapshots of virtual machines and logging are some best practices, O’Murchu said, emphasizing that enterprises need to include virtual machines as a part of security strategy.

“The host server, as well as any virtual machine running on it, needs to be protected against malware,” O’Murchu said. “To achieve this, advanced malware protection with proactive components that go beyond the classical static antivirus scanner needs to be in place. This can be agentless on the hypervisor or in the guest image themselves.”


Via: scmagazine

Brown HIV researchers make Dropbox secure with nCrypted Cloud

Consumer tech acceptable for sensitive data with a little help from encryption.

While workers have embraced consumer technology in the workplace with enthusiasm, those technologies have posed pesky problems for organizations that deal with sensitive personal information, especially universities.

That was the case at Brown University where one of its HIV researchers wanted to use Dropbox, an online storage and sharing service with more than 275 million worldwide users, to manage the work of her research team.

Brown’s IT department has strict rules governing the kind of data gathered by those HIV researchers. Any information “regulated, restricted, confidential or personally identifiable” must be stored on a system owned and managed by Brown.

Those rules put a crimp in Assistant Professor Caroline Kuo’s HIV research in South Africa. Kuo, a Dropbox user, found the service ideal for her project’s needs. It stored data on a device as well as in the cloud, which is important when collecting data in the field where Internet connectivity may be non-existent, and synchronized that data seamlessly with the cloud when an Internet connection was available.

Most important, though, Dropbox was easy to use, a characteristic that’s been driving adoption of consumer technologies by workers. “A lot of my staff in South Africa are computer illiterate,” Kuo explained. “They have to go through basic computer training to even learn how to open a file. Dropbox was really simple for them to understand.”

That simplicity is what makes products like Dropbox attractive to users. “What’s exciting about the new file sharing tools is that people can gravitate to them quickly and solve an immediate obvious problem: sharing a file with someone else,” observed Greg Milliken, marketing vice president for M-Files, maker of an enterprise content management platform.

Dropbox’s simplicity contrasted mightily with the solution offered by the university’s IT department, a solution really not designed for sharing multiple files through a unified interface. For each filed shared, a secure link had to be created and emailed to whomever you wanted to share the file with. Then the email’s recipient had to click on the link and login to the system to obtain the file. Synchronization between a local folder and the Brown cloud was non-existent, and shared files stored on the university’s servers were automatically deleted after 30 days.

“It was designed to send one or two files between two people, but what they weren’t prepared for was multiple users needing to access shared files and an interface to make that happen,” Kuo said.

“It was unwieldy for multiple accounts,” she continued. “On on our project, we’ve got 10 folders and in each folder there are large audio, video and Word files. Having to create a link and email them separately was a nightmare.”

Although Kuo liked using Dropbox, she shared the university’s concerns about security. Storage of data on a device was nice, but it was risky, too. “A big consideration is how do you protect the data on the device,” she said. “It’s very likely that a device will be stolen. Just last week, colleagues were held up at gunpoint for their mobile phones that they’d been collecting data on.”

In addition, some central administration over the devices was needed. If a device is stolen, it would be handy to be able to wipe the device’s data remotely. The IT department, too, needed some insight into the devices to impose policies to insure security, as well as cut the device’s access to the university’s systems when its owner left the institution.

What Kuo and Brown discovered was a solution to both the needs of the project manager and the IT department. It’s called nCrypted Cloud. The service encrypts data at rest and in transit, preserves the ease-of-use of DropBox and gives  project managers and network administrators a measure of control over users and shared files.

Check out “Encrypt All Your Shared Data With nCrypted Cloud“.

“We view Dropbox as a cloud hard drive, and we’re sort of a virtual lens on top of it,” nCrypted Cloud co-founder Nick Stamos explained. “We intercept all the data to and from Dropbox and encrypt it.”

The data is also encrypted at the endpoints in a system, where an nCrypted Cloud client application resides. When a file needs to be used at an endpoint, the client decrypts the data for application use.

The “virtual lens” approach has allowed nCrypted Cloud to expand its solution beyond Dropbox to Google Drive, OneDrive, Box and Egnyte.

To a Dropbox user, there’s very little to tip them off they’re using nCrypted Cloud, save for a slight addition to a standard Dropbox file icon: a lock to show a user that the file is encrypted.

Policies can be attached to files and folders by their creators and workflow policies controlled by an administrator. Creators can control details about sharing the contents of a folder and collaboration on files. Administrators have full auditing visibility into the system and can set policies such as requiring a PIN to access any Brown University data with a mobile device or  barring “rooted” mobile devices from accessing university data.  “It’s sort of a distributed responsibility,” Stamos said.

Management of the system is done through nCrypted Cloud’s servers. That’s a useful arrangement should a device be misplaced or stolen. “Whenever a thief tries to connect a mobile device to a network, we can erase the data on the device from a central location,” Kuo said. “So not only is the data encrypted, but on top of that we know we can log onto the device from our office and wipe it clean.”

Encryption can serve another purpose when using a service like Dropbox. “There’s some concern that cloud storage providers will look at your data to target advertising at you,” explained   Richard Stiennon, chief research analyst with IT Harvest and an nCrypted Cloud user. In fact, last fall it was revealed that Dropbox was peeking at all “.doc” files uploaded to the system. The company said it needed to snoop on the files for de-duplication purpose, to scan for them for malware and to allow users to a preview documents without opening up a desktop program.

An elaborate key management system is also deployed to protect data encrypted by nCrypted Cloud. For example, keys for unlocking Brown’s data aren’t stored on nCrypted Cloud’s servers where they could be obtained by a third-party. “We  don’t want access to those keys,” Stamos said. “So if the Department of Justice or someone else comes to us, we don’t want to ever expose our customers’ information.”

With nCrypted Cloud, each file is put into a 256-bit AES zip container. “That was important for us because we didn’t want to build anything that was proprietary,” Stamos explained. Each file has a unique password and each person has both a personal and corporate identity. Each identity has a private  and public key pair. Passwords encrypted with the corporate identity has two public-private key pairs — one for the owner of the file and one for their employer. “That guarantees that the corporation or institution will always have access to the information,” Stamos said.

It also addresses a problem with devices that may contain both personal and institutional information because personal information can be encrypted using a personal identity. “If you leave work or quit, they can revoke your access to work files and be assured you don’t have access to them,” said Adrian Sanabria, an enterprise security analyst with The 451 Group. “At the same time, you can be assured that they can’t revoke your access to your personal files.”

“The catch is,” he added, “you’re the one categorizing what’s work and what’s personal. So the company is depending on the user to do that correctly, if at all.”

Other measures are taken to ensure that nCrypted Cloud can’t be forced to cough up a customer’s private keys. First, the corporate private keys remain with the institution — only the institution’s public keys remain with nCrypted Cloud.

Second, it borrows an algorithm used to secure WiFi networks to secure a user’s private keys. In nCrypted Cloud that algorithm is used to take a user’s account ID, which is public information, and a password to generate a personal key that’s used to encrypt their private key. That encrypted cocktail is stored in the nCrypted Cloud servers. “So the server has encrypted data that it will give to anyone who asks for it but they need the right credentials to unlock the private key,” Stamos explained.

One knock against encryption is that it creates latency in a user’s experience. Stamos discounted that notion for nCrypted Cloud. “It really doesn’t hurt performance,” he said. “I think we’re the only product in the world that actually reduces the size of data when we encrypt it.”

“Computers are so powerful today performance really isn’t an issue,” he added. “Even in mobile, network connectivity is always a bigger constraint than encrypting and decrypting data.”

In the coming months, the Brown researchers will be expanding their efforts to gather data through mobile devices. Those efforts could be a real test for nCrypted Cloud. “It’s a big unknown for me how nCrypted Cloud will perform where network speeds are slow and reception unstable,” Kuo said.



Via: csoonline

How Yahoo email encryption could help your business

Yahoo’s browser plugin for end-to-end encryption could provide an easy-to-use solution for encrypting webmail.

If Yahoo gets it right, then the end-to-end email encryption the Internet company is promising would be a big help to companies concerned with privacy in the use of webmail, experts say.

Alex Stamos, chief information security officer for Yahoo, announced last week at Black Hat that the company was developing a browser plugin for encrypting messages sent from Yahoo Mail.

The company planned to release the plugin next year.

Stamos demonstrated the plugin, which was “pretty clunky,” Cameron Camp, a security researcher at anti-virus vendor ESET who attended the demo, said. However, the early-stage technology was expected to be much better by the time it’s released.

The goal is to make end-to-end encryption (E2EE) easy enough that any company employee or consumer can send email over the Web that remains indecipherable until the recipient decrypts it.

Deploying that level of secrecy today is difficult and is not user friendly, which hampers adoption by all but the most security conscious organizations.

“It’s really hard to do,” Camp said of E2EE. “Their (Yahoo’s) goal is to make it easy enough, so anyone can do it.”

Based on the demonstration, a person who wants to send an encrypted message would compose it through the plugin, as opposed to on the regular Yahoo Mail interface.

What isn’t clear is how the email would be decrypted by a non-Yahoo email service. A decryption key is needed to decipher the messages, and Camp wasn’t sure how that key would be handed to the receiving service.

“I don’t know how Yahoo is going to manage that part,” Camp said.

Other potential problems that will need to be worked out include making the encryption technology compatible on any device, since email is often sent through a smartphone or tablet.

“This type of technology becomes extremely tricky to manage, as it requires copying keys/passwords around from device to device, and integration with email clients,” Robert Hansen, vice president of WhiteHat Security labs, said in an email.

Nevertheless, in general, E2EE is a “great idea,” Hansen said.

“Not only does it give the user more privacy from would-be man-in-the-middle (attacks), but it also encourages the rest of the industry to adopt it,” he said.

Businesses interested in having employees use Yahoo encryption after it is released should give the technology time to mature and develop a track record for working smoothly, Camp said.

Waiting is best, because “if you need encryption, you don’t want to get it wrong,” he said.

In June, Google released the source code for the “alpha” version of an E2EE extension for the Chrome browser. Called End-to-End, the extension is based the OpenPGP standard and is available for testing and evaluation.

Yahoo is working with Google to at least provide E2EE between Yahoo Mail and Gmail.

Internet companies have been working on advancing email encryption to ease concerns businesses and consumers have over government snooping.

Those fears stem from reports that the U.S. National Security Agency has been gathering massive amounts of information on Internet activity, including email and instant messages. The revelations were based on documents released to the media by former NSA contractor Edward Snowden.



Via: csoonline

Could Real Life ‘Purge’ Threat Happen

Reports are coming in from cities around the United States where flyers are being put up announcing “The Purge” and saying “Get Your Squad Ready!”  They say “The Purge” will begin on August 31st!  It’s also going out on Instagram, Facebook and other social media!

Specific cities, venues and activities mentioned include; Louisville, KY; Detroit, MI; Jacksonville, FL; Kansas City, MO; Cleveland, OH; St. Louis, MO; Pittsburg, PA; The Kentucky State Fair and after school activities (sports events, concerts, etc.).

Where I am (Louisville, KY) the threats of a violent crime outbreak for tonight and other dates going forward — based on the movie “The Purge” — are being taken seriously by police.

For those that don’t know, “The Purge” is a movie series that has so far had two movies – “The Purge” and “The Purge Anarchy”.  In the movies, the government allows 12 hours where any crime is legal.  You can murder anybody in those 12 hours (7pm to 7am) and do any kind of crime and it’s perfectly legal!  Of course no emergency services will be available during the purge hours so they advise you to get off the streets if you’re not purging this year!  You can use weapons of Class 4 or lower during the purge.  The only people that you can’t murder are government employees of ranking 10 who are immune to the purge.  This was all setup by “The New Founding Fathers” who said that the yearly purge was necessary to “Release the Beast”, keep full employment and to bring about a renewed America!

Could it be that our society is so dumbed down and evil now that many gang bangers could go out and copycat the movie and start killing people!

Police in both Louisville and Jeffersonville, Ind., said they are aware of the “Louisville Purge” threats circulating on Twitter and will have officers ready to respond.

Louisville police spokesman Sgt. Phil Russell said the police “take any threat that would incite violence on our community seriously.”

LMPD: Residents urged to report suspicious ‘Purge’ activity

POLL: What image describes your feeling about “Louisville Purge”

He said their investigation has not identified any specific threats; they have only come across general information that goes along with crime that happened in the movie.

However, Russell said with the trend in the nation of mob violence and violent outbreaks, “it would be prudent for us to monitor it and to be ready for any possibility.”

As reported  by Connie Leonard of Wave 3 News, awareness of random violence was heightened beginning with a wave of violent crime beginning with the March 22 attackon the Big Four Bridge, in which a group of teenagers beat and kicked a man in the presence of his family without provocation. The violence continued seemingly aimlessly throughout the downtown area, captured on surveillance video. After a leaked FBI memo suggested planned gang violence might take place two weeks later, the LMPD placed additional officers at events like Thunder over Louisville and the Pegasus Parade. No actual planned violence took place.

Russell said he doesn’t know if the intent of the original poster of the “Louisville Purge” idea — which says the purge will take place from 8 p.m. Friday until 6:30 a.m. Saturday — was to be taken seriously. But now the police have to watch out for any criminals who might use it as a catalyst to exact violence in the community.

He said a lot of officers were already supposed to be on patrol Friday for various other events, such as the Kentucky State Fair, so the department will be adequately staffed and prepared.

Jeffersonville Police Maj. Josh Lynch said his department had received calls from concerned citizens about the threats.

Lynch said the department decided to beef up patrols and develop contingency plans in case something did happen.

“In law enforcement, we have to take all threats serious,” he said.

Both Jeffersonville and Louisville police are encouraging anyone who sees something suspicious or witnesses a crime to report it.

As reported by WLKY, Louisville Metropolitan Police report that posters and fliers have sprung up advertising that a ‘Purge’ crime spree would be in effect on Friday from 8:30 pm to Saturday at 6:30 am for residents in Kentucky’s largest city. Louisville MPD released a statement on the posters and fliers assuring residents that the department will be ready if there are any sort of mass disturbances.



Alright, all I can say is this is another reason to take you, your family and friends safety in your own hands at all times.

Start now to make sure you are staying prepared.

Big tech firms back Wi-FAR for remote broadband

802.22 standard, approved in 2011, promises low-cost broadband for remote areas.

Google, Microsoft and Facebook are cranking up an emerging wireless technology known as Wi-FAR to help reduce the digital divide in remote and unconnected regions of the world.

Wi-FAR is a recently trademarked name from the nonprofit WhiteSpace Alliance (WSA) that refers to the 802.22 wireless standard first approved by the IEEE (Institute of Electrical and Electronics Engineers) in 2011.

The standard shares the underused TV band of spectrum called whitespace to send wireless signals, typically over distances of six to 18 miles in rural and remote areas. It has a theoretical download speed of more than 22 Mbps per TV channel that serves up to 512 devices, according to the WSA. That could result in speeds of about 1.5 Mbps on a downlink to a single device.

While such speeds are far slower than for the gigabit fiber-optic cable services that Google and AT&T are building in some U.S. cities, the speeds could theoretically begin to compete with some 3G cellular speeds, although not 4G LTE speeds. For an impoverished or sparsely populated region where businesses and schoolchildren have little Internet access, Wi-FAR could be a godsend when used to link base stations (typically found at the ground level of cell towers) in a distributed network.

Students at the University of Limpopo in South Africa use laptops connected to the Internet using Wi-FAR wireless technology. (Photo: Microsoft)

About 28 million people in the U.S. don’t have access to broadband, while globally, about 5 billion people, nearly three-fourths of the world’s population — don’t have broadband Internet access, said Apurva Mody, chairman of both the WSA and of the 802.22 Working Group.

“This is cheap Internet access and there are dozens of trials underway, with Google in South Africa, Microsoft in Tanzania and other continents, and even Facebook’s interest,” Mody said in an interview. “You have 1.2 billion people in India who need cost-effective Internet access. There’s a lot of enthusiasm for Wi-FAR.”

Wi-FAR will be cheaper for access to the Internet than LTE and other wireless services. The lower cost is partly because Wi-FAR works over unlicensed spectrum, similar to Wi-Fi, which allows network providers, and even government entities, to avoid paying licensing fees or needing to build as many expensive cell towers, that can cost $50,000 apiece, Mody said. “The prices for Wi-FAR service will be very small, perhaps less than $10 per month per household.”

The 802.22 technology can be low cost because the whitespace spectrum is shared with conventional users, including TV stations on UHF and VHF bands. Thanks to sophisticated databases that track when a whitespace channel will be in use in a particular region, a cognitive (or smart) radio device can determine when to switch to another channel that’s not in use. Testing in various Wi-FAR pilots projects, many of them in Africa, is designed to prove that Wi-FAR devices won’t interfere with other existing users on the same channel.

“We have yet to have an interference problem,” said James Carlson, CEO of Carlson Wireless Technologies, a Sunnyvale, California-based company that is working with Google on two six-month trials of 802.22 in the UK, among other areas. The company completed a successful trial with Google serving students in South Africa in 2013. Carlson, in an email interview, said the company is working with five database providers, noting that the “prime purpose of the database is to protect the incumbent spectrum user.”

Whitespace spectrum sharing, coupled with the use of the databases, is generally called dynamic spectrum allocation technology. In January, the U.S. Federal Communications Commission approved Carlson’s RuralConnect TV whitespace radio system for use with a Spectrum Bridge TV whitespace database, effectively bringing the first dynamic spectrum sharing product to market.

In the U.S., RuralConnect is authorized for use in the UHF TV band, running from 470 MHz to 698 MHz. The FCC opened up the band in 2010.

At the time, Carlson said the FCC’s approval would give a boost to global efforts to use whitespace technology. “Providing connectivity to underserved populations worldwide is more than an interest to us,” he said in a statement. “It’s our corporate mission.”

RuralConnect will get competition from products in other companies, including Redline, Adaptrum and 6Harmonics, Carlson said. In addition to other providers, Google has built a whitespace database that Carlson is testing.

In all, Carlson Wireless has piloted dozens of whitespace projects, and expects to start its largest yet for 30 base stations and 5,000 users near New Delhi in the next six months, Carlson said.

“India is the next big boom for online needs, and the rural areas are not getting [Internet service] with [typical] mobile systems,” Carlson said. “So they are choosing to go with the TV whitespace because the UHF band is almost all vacant in rural areas and 600 MHz propagation is superb.”

While Carlson has been working with Google, Microsoft separately announced in June a whitespace pilot project at the University of Limpopo in South Africa. It is part of a Microsoft 4Afrika Initiative to help ignite economic development in Africa.

In May, Microsoft and Facebook joined with SpectraLink Wireless to announce a whitespace project for students and faculty at universities in Koforidua, Ghana. That project brought the number of nations where Microsoft has whitespace pilots to 10 countries on four continents.

In the Microsoft and SpectraLink partnership, Facebook’s Connectivity Lab team will lead efforts to better understand how TV whitespace spectrum can support wireless Internet users, according to a statement.

Microsoft and others believe that TV whitespace technology will best work in combination with Wi-Fi and other low-cost wireless technologies. While much of whitespace technology is focused on building specialized bridge hardware for use in base stations, Mody said some companies are developing fixed wireless 802.22 routers, similar in appearance to Wi-Fi routers, that will be placed inside of homes.

Microsoft also spearheaded the Dynamic Spectrum Alliance, which Google and Facebook joined last November. The alliance is exploring many uses for whitespace spectrum, including Internet of Things device connectivity.

Craig Mathias, an analyst and wireless consultant for The Farpoint Group, said 802.22 devices may compete against or complement a number of other technologies, including cellular and Wi-Fi.

“802.22 is not a pipe dream, but so far there’s not a lot of evidence of its success,” Mathias said in an interview. “It does make sense. The rate of innovation in wireless is so high that you hear something exciting every week. But not all wireless standards are successful in terms of having [successful] wireless products.”


Via: computerworld