Tech Talk iconTech Talk


5 Ways Cyber Experts Think the FBI Might Have Hacked the San Bernardino iPhone

Last week, the FBI announced that it had, with the help of a third party, successfully broken into the passcode-protected iPhone 5C owned by San Bernardino shooter Syed Farook. It’s not clear yet whether the FBI found any information useful to its investigation, but the hack brought at least a temporary reprieve to the very public battle between Apple and the FBI over encryption and privacy rights. 

The agency hasn’t named its accomplice nor has it revealed how it gained access to the iPhone’s contents. To shed some light on the possibilities, IEEE Spectrum spoke with nine computer security experts and mobile phone forensics specialists about a few techniques that may have been behind this controversial hack:

1. The easy way in

Perhaps the simplest hack of all would be to exploit a vulnerability in iOS 9, the version of Apple’s operating system installed on Farook’s phone. Several experts including Robert Cunningham, chair of the IEEE Cybersecurity Initiative, and Dudu Mimran, chief technology officer for the Telekom Innovation Laboratories at Ben-Gurion University in Israel, believe this is the most likely approach.

Armed with the right security hole, also called a zero-day exploit, a hacker could potentially switch off functions that thwarted the FBI’s entry. These include a built-in delay that prohibits a user from trying too many incorrect password combinations at once, and an optional setting that prompts an iPhone to erase its memory after 10 failed entries. Once a hole is identified, there are many ways to deploy a bug to take advantage of it. The code can be sent as a malicious text message or by exploiting the driver that connects a charger to a laptop to enable new software to be uploaded to a phone.

As an added bonus, maneuvering via a bug is relatively low risk since these strategies avoid tampering with the iPhone’s physical components (more on that approach later). Joel Bollo, CEO at the MSAB, says the vast majority of mobile forensics solutions that his company executes for law enforcement clients are software-based.

So what kind of zero-day may have helped authorities slip in? It’s not entirely clear, but it’s not unreasonable to think that one could exist. There’s a healthy market for uncovering such flaws: The cybersecurity firm Zerodium paid a $1 million bounty last fall to a team that exposed a hole in iOS 9. As Mimran says, “There is no software that is considered bulletproof.”

2.  Trick the OS

Inside the iPhone 5C is an A6 chip that features both processors and RAM, which work together to achieve faster speeds than those that were available in previous models. In order to keep track of passcode attempts, this “system on a chip” also communicates with non-volatile memory stored elsewhere, such as in flash memory.

This setup leads experts to a second theory: that hackers may have circumvented the iPhone’s passcode protection by hijacking operations between the A6 and the non-volatile memory.

Ran Canetti, a computer scientist at Tel Aviv University and head of the school’s Check Point Institute of Information Security, says one way to do this would be to tamper with the physical line of communication that carries password recovery instructions between the two. A knowledgeable hacker could use this line to re-route Apple’s software, which typically receives marching orders from both the phone’s flash and RAM, to an external device. The FBI and its silent partner could’ve used such a device to instruct the software to continue accepting failed passcode attempts until the investigators arrived at the correct one.

“They can basically reset the place where it says, ‘Now you've tried nine times,’” Canetti says. “When the phone asks, ‘How many times have you tried?’ they say—‘No, you’ve only tried one time.’”

With the software rejiggered, the FBI could launch a traditional “brute force” attack, employing a software program to rapidly try password combinations until it arrived at the correct one. Since Farook’s iPhone 5C used a four-digit passcode, a program could run through every one of the 10,000 possible password combinations in a matter of minutes.

“That brute force technology isn't very sophisticated,” says Dylan Ayrey, a security engineer with the information security company Praetorian. “You could go on Ebay right now and purchase ways to brute force older versions of the iPhone.”

3. Reset (and reset and reset) the memory

One of the most popular theories among crypto-experts, including Gary McGraw, chief technology officer at the software security consulting firm Cigital, is that the FBI hacked the iPhone through a tactic called NAND mirroring. NAND is a form of flash technology used in memory chips for high-capacity and long-term storage.

Within an iPhone, NAND is thought to play a role in erasing a digital key required to unlock an iPhone’s memory after logging 10 failed password attempts. But if someone knows how to circumvent or reset the tally after each attempt, they could help themselves to unlimited tries.

One way to manually do that might be to remove the memory chip that NAND protects and make a digital copy of it. Once the copy is made, a hacker could test out combinations and simply reload the memory back onto the original chip before the 10-attempt limit is reached. iPhone forensics expert Jonathan Zdziarski has said this strategy is a lot like hitting “save” on a video game. If you die (or, in this case, lose your data) you simply go back and pick up where you left off.

Though it’s a crowd favorite among cybersecurity experts, FBI Director James Comey said in a press briefing in March that this approach, also called a replay or reset attack, wouldn’t work on Farook’s phone. But many remain skeptical of Comey’s insistence; shortly after he made that statement, Zdziarski contradicted it with a demonstration of the technique in a blog post.

That’s the post that won Citigal’s McGraw over to this theory, and he’s not the only one. Praetorian’s Ayrey says, “I think that strategy is very likely and I think that's basically the same sneak we would do here.”

4. Tear the whole thing apart  

An iPhone’s memory chips are shrouded in layers of both physical and digital protections to block hackers. To uncover its secrets, hackers must sometimes mount a physical attack in order to bypass certain tamper-resistant features.   

There are a few ways to do this. A hacker could start by heating up the device in order to detach a memory chip. The next step: using acid to remove the surface layers of the chip in an act known as “decapping.” That could be followed up with some precision work with a tiny laser drill for reaching sections of the chip the hacker wants to more closely examine.

Ari Juels, a professor in the Cornell Tech Security Group, says the goal in the Farook case would be to extract the handset’s unique ID, which is a special digital key that Apple assigns to each device during manufacturing and could be used to decode an iPhone’s memory.

Apple said in a white paper published last fall that in order to obtain this key, a hacker would have to mount a “highly sophisticated and expensive physical attack.” This is certainly an option the FBI may have considered, but runs the risk of obliterating the memory forever if a technician makes even the slightest miscalculation.

“This is a very invasive and expensive and tricky thing to do,” Dan Wallach, a computer security expert at Rice University, warns. “It's a destructive process that has a percentage chance of destroying the device.”

5. Sneak in through the side

A device that is hard at work can offer clues about the information it is handling. These clues include its power consumption, acoustic properties, electromagnetic radiation, or the time it takes for a specific component to complete a task.

In what’s known as a side-channel attack, experts can use specialized tools to monitor these properties and use the data they gather to infer what’s happening inside a device. For example, a hacker could hook up a resistor to the iPhone’s internal circuits and read the amount of energy that flows by with each passcode attempt. Ben-Gurion University’s Mimran likens it to putting your ear up to a safe, listening for a satisfying click as you turn the dial.

While Cunningham of the IEEE Cybersecurity Initiative says a hacker wouldn’t likely be able to read a PIN or passcode through this method, a would-be invader could almost certainly glean details about the size or complexity of the key and the nature of the cryptographic system within.

For example, a passcode retrieval process that relies on a form of encryption called Montgomery multiplication requires a chip to repeatedly square a large string of numbers. Eventually, it instructs the chip to multiply its result with the last integer used in this massive calculation. Depending on the integers and at what point the chip performs this computation, this process could require more or less energy.

Rice University’s Wallach says the best place to start when mounting a side channel attack would be to order specs on the iPhone 5C from a company such as Chipworks or iFixit. These firms specialize in breaking down commercial devices and writing detailed reports about their components, as well as offering their best guesses as to how information flows throughout a device.

But even with a cheat sheet, a side channel attack is also a very delicate process given the tiny wires and chips that make up a smartphone’s circuitry and internal components. What’s more, chipmakers have wisened up to this strategy, so many now install features that cause a chip to generate electromagnetic noise or maintain a steady power draw no matter what function they’re performing in order to confuse attackers.


MIT turns Wi-Fi Into Indoor GPS

Global Positioning System (GPS) satellite technology comes in handy for tracking cruise missiles, doing in-car navigation, and finding secluded restaurants. But step inside an airport, museum, or mall, and you’re often relegated to studying a paper map or asking for directions.

There are positioning systems designed for indoors, but they rely either on GPS-like radio or magnetic beacons, or on mapping the ever-shifting morass of Wi-Fi access points. Such methods have proved expensive to install and difficult to scale. What’s more, these indoor GPS systems are far from accurate enough to let you do cool things like a have a robot follow or avoid you.

Now researchers at MIT’s Computer Science and Artificial Intelligence lab (CSAIL) have developed a way for adjacent Wi-Fi devices, including smartphones, to locate each other within centimeters. The technology, called Chronos, relies on making the devices emulate multi-gigahertz wideband radios.

Chronos starts by having two Wi-Fi devices, a transmitter and receiver, hop simultaneously between all 35 frequency bands in the 2.4 gigahertz to 5.8 GHz Wi-Fi range. At each frequency, the rate at which signals accumulate phase naturally varies. The transmitter skips between bands every 2 to 3 microseconds, with the receiver comparing the phase differences at each step. Chronos can then calculate the time of flight of signals—and thus the distance—between the devices.

If one of the devices has multiple Wi-Fi antennas, as do most modern smartphones and laptops, Chronos can also calculate the angle between the two devices, and locate them in space. In experiments in everyday environments like an apartment or coffee shop, Chronos was able to localize devices to within 65 cm (or about 10 times the accuracy of GPS) using only off-the-shelf Wi-Fi cards.

The MIT researchers, PhD student Deepak Vasisht and Professor Dina Katabi, envisage Chronos being used to count people in smart homes for lighting control, to offer password-free Wi-Fi in cafés (while excluding freeloaders outside), and for robots to operate safely around humans.

“Because Wi-Fi is widely used and in every cellphone, it would be good to use this amazing technology for as many applications as we can,” Katabi told IEEE Spectrum.

There are some limitations, however. Although Chronos can run on existing Wi-Fi devices using just an app (or a firmware upgrade for an access point), each device has to undergo a one-time distance calibration. And because Chronos takes around one-tenth of a second to sweep all the Wi-Fi bands, its accuracy plunges if the devices are moving relative to one another during this initial setup.

So, do you have to place your cellphone on a counter—or on a table in the food court if you’re at the mall—so it’ll be perfectly still? “Walking is fine, but we’re not talking about somebody in a car,” says Katabi. “However for a drone, it’s actually better if it moves. Because its movement is controlled and you know the speed, you can leverage that information in a feedback loop to boost your results.”

Vasisht and Katabi tested Chronos on an AscTec Hummingbird quadcopter fitted with an Intel 5300 Wi-Fi card and a Go-Pro camera. The drone was set to stay 1.4 meters from a netbook, shooting photos of the computer as it moved. Chronos was able to keep the drone within just 4 cm of its programmed distance.

The next step for Vasisht and Katabi is to improve the resolution of Chronos even further, and to start building functions such as geo-fencing, which sets virtual boundaries. The researchers are in discussions with MIT about commercializing the technology. If all goes well, using your phone to find the way to your departure gate, with your robotic carry-on following close behind, could be just a few years away.


The Fight Over the .africa Domain Name

An explosion of domain names has reshaped the Internet by offering hundreds of new ways to end a Web address. Lawyers can now advertise websites with “.lawyer” while toy companies can register with “.toys.” Jokers who want to build a site that finishes with “.fail” or “.wtf” can do that, too.  

But one highly sought domain remains stubbornly out of reach for roughly a billion people. Africans still can’t register sites to “.africa” because the right to operate that domain is the subject of a tussle between rival registries that is now dragging through its fourth year. While the domain’s ultimate fate could remain the subject of legal battles for years, a California court will decide on 4 April whether to finally permit .africa to go live.

The domain could prove quite lucrative for whichever registry wins it, though both competing registries pledge to spend profits on charitable activities. Registries act as domain name wholesalers. They sell the right to resell a domain name to many registrars such as GoDaddy, which make their money by signing people up.

Wayne Diamond, who runs a registrar based in South Africa, says many of his clients want to list websites with .africa, but are stuck waiting. “I think there's growing impatience with what's happening now that it's being held up in legal wranglings,” he says. “The delay has had a significant impact on the growth of the domain space in Africa.”

The two registries vying for control of .africa have also pitched the domain as an emerging economic engine and cultural exchange. DotConnectAfrica, a charitable trust that operates out of Kenya, promotes .africa as “your online African identity” while the South African nonprofit ZA Central Registry says the new domain will enable “e-commerce, technology and infrastructure to flourish.”

Those promises have so far gone unfulfilled. The tug-of-war began in 2011 when the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit that manages domain names, noticed many of the shortest and most memorable addresses that ended in “.com,” “.org” and “.net” were taken.

The organization invited registries to apply to add more options, and has released 938 new domains in the time since. Most disputes were resolved amicably or by offering domains up for auction. For example, in January GMO Registry Inc. beat seven competitors with its $41.5 million bid for the “.shop” domain.

The .africa domain, however, didn’t go up for sale because of its geographic and cultural importance. In fact, ICANN requires applicants for a geographic domain to demonstrate support from 60 percent of national governments.

That requirement lies at the heart of the disagreement over which of the rival registries is better suited to manage .africa. Both candidates submitted their applications in 2012 and claimed that they had the support of the African Union Commission. DotConnectAfrica says it received the commission’s blessing in 2009, but the commission later formally withdrew that support and backed ZA Central Registry.

Sophia Bekele, head of DotConnectAfrica, says the process wasn’t “transparent and accountable” and that the commission failed to represent African governments. Neil Dundas, executive director of ZA Central Registry, points out that DotConnectAfrica has relatively few staff on the continent and would work with UK-based registry CentralNic to manage the domain. Filings with ICANN indicate DotConnectAfrica will charge only US $10 per year for website registrations, versus the $18 that ZA Central Registry plans to collect should it win the domain rights.

In 2014, ICANN agreed to issue .africa to ZA Central Registry. To fight back, DotConnectAfrica requested an internal review. After two more years, ICANN’s board passed a resolution in March reaffirming their decision and stating that DotConnectAfrica had not garnered enough government support.

That decision would have cleared the way for ZA Central Registry to begin registering Africa’s websites, but DotConnectAfrica filed a legal complaint against California-based ICANN, and asked a U.S. district court to block the organization from awarding .africa to ZA Central Registry while the case proceeds.

In a hearing scheduled for Monday, 4 April, the court will decide whether to grant DotConnectAfrica’s petition for a temporary stay that would prevent the transfer of the long-awaited .africa to ZA Central Registry while the suit against ICANN is adjudicated. If the court rules in its favor, ZA Central Registry estimates that it could have .africa sites up and running within four months. Dundas says he would love to see over a million sites signed up within three to five years.

But if not, the delay will drag on, and the promise of a new domain to jumpstart economic growth and build a shared online identity among Africans will remain nothing more than untapped potential.


My Subterranean Tour of London’s Crossrail

It’s a damp, freezing cold day in January, and I’m at the bottom of a massive hole in the ground. This is one of a pair of 41-meter-deep shafts in a part of east London called the Limmo peninsula, a spit of land on the banks of the River Thames. From a drone’s-eye view, it looks as though a giant hole punch has taken two neat circles out of the silty earth.

Back in late 2012, two enormous tunnel-boring machines were lowered into these shafts. Workers fired up the 1,000-metric-ton behemoths (named Elizabeth and Victoria), and their rotating cutting heads slowly gouged their way westwards. When they finally reached Central London in May 2015, it marked the completion of the tunneling work on Crossrail, a new underground railway system that spans London.

Crossrail will be fully operation by the end of 2019, with an expected 200 million passengers carried through its arteries every year. For now, it is Europe’s biggest construction project, with a budget of £14.8 billion (about US $21 billion).

This is my second visit to Crossrail. A few months earlier I strolled around the network’s immaculate new Canary Wharf station, where I learned about the innovations that are helping to bring this railway to life—including wireless sensors and lasers that monitor construction, smart components that warn of their impending failure, and a 3-D virtual model of the whole network that can be explored from an iPad. [For more on all that, see my article, “London’s Crossrail Is a $22 Billion Test of Virtual Modeling.”]

Here at the Limmo site, though, you can see the blunt end of this construction project. The area is packed with cranes, concrete mixers, and dumpsters. Warning alarms rip through the air as heavy loads are hoisted around. The workers wear scarves and balaclavas above their bright orange coats to ward off the cold.

My hosts and I descend the shaft using cramped stairs built from scaffolding and boards. Halfway down is a bizarre sight: a small shrine bolted to the wall, containing a figure of Saint Barbara, the patron saint of mineworkers and tunnelers. Dozens of these statues were blessed by priests and placed at the mouths of Crossrail’s tunnels before work began.

“It’s a tradition, hundreds of years old,” explains site manager Peter Kelly.

At the bottom, we walk along the eastbound tunnel as it curves upwards at a slight incline. Automated lighting brightens and dims as we pass, while bangs and crashes from the shaft echo around us. Rails laid out on the floor are ready to be welded together and mounted on ties by a mobile gantry, a vehicle that looks like a huge robotic spider on wheels. The gantry is currently less than 1 km to the east of here, and closing fast. Kelly says they’re now racing to finish all the civil engineering work at the site by the end of March. And in a few years’ time, trains will come barreling through here at about 65 kilometers per hour, tilting gently as they round the bend.

As we return to the surface, I notice that the short section of tunnel between the two shafts is strewn with rubble. Workmen are loading the hunks of concrete into wheelbarrows, their breath clouding the air from the exertion.

There’s no doubt that Crossrail is a high-tech railway—but building it still involves a whole lot of mud, concrete, shovels, and sweat. 


Machines Just Got Better at Lip Reading

Soccer aficionados will never forget the headbutt by French soccer great Zinadine Zidane during the 2006 World Cup final. Caught on video camera, Zidane’s attack on Italian player Marco Materazzi after a verbal exchange got him a red ticket. He left the field, making it easier for Italy to become world champions. The world found out later about Materazzi’s abusive words of Zidane’s female relatives.

“If we had good lip-reading technology Zidane’s reaction could have been explained or they would’ve both gotten sent out,” says Helen Bear, a computer scientist at the University of East Anglia in Norwich, UK. “Maybe the match outcome would be different.”

Bear and her colleague Richard Harvey have come up with a new lip-reading algorithm that improves a computer’s ability to differentiate between sounds—such as ‘p’, ‘b,’ and ‘m’—that all look similar on lips. The researchers presented their work at the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) in Shanghai.

Read More

Apple Reveals iPhone SE, and New iPad Pro With Chameleon-Like "True Tone" Display

At Apple’s latest press event in Cupertino, Calif., on Monday, the company revealed a new Retina display that automatically adjusts its color to match the light of its surroundings.

The first-of-its-kind technology, called the True Tone display, makes its debut on a smaller iPad Pro with a 9.7-inch screen. True Tone measures the brightness and temperature of the lighting in the immediate area (such as the oranges and yellows in a warmly lit room or the bluish hues of a cool summer night) through ambient light sensors. Then, it adjusts the hues on the screen to match.

The company says this chameleon-like quality should make reading or working on the iPad easier on users’ eyes. A separate function built into the iOS 9.3 update, called Night Shift, uses the internal clock and GPS system in a device to automatically move the colors on the screen away from the blue end of the spectrum as the sun sets. Artificial light from electronic devices is known to make it difficult to fall off to sleep. Blue wavelengths, say scientists, appear to affect sleep the most.

At the same event, Apple announced a new rose gold iPhone SE that it says melds the compact size of the iPhone 5 with the high performance of the iPhone 6. However, there was little about the underlying technology that breaks from the mold of its predecessors. Before the announcement, some analysts were already calling it “underwhelming.”

The new phone’s screen measures four inches diagonally, compared with the 4.7-inch screen for the iPhone 6 and 5.5-inch screen for the iPhone 6 Plus, which both debuted in 2014. That makes the iPhone SE very similar in appearance to the iPhone 5s.

In the U.S., there’s at least some evidence to suggest that a segment of customers may simply prefer a smaller device. Apple says that 60 percent of iPhone users who owned an iPhone before the launch of the iPhone 6 and 6s have neglected to upgrade.

Despite its iPhone 5–like size, the iPhone SE packs the same 64-bit A9 chip and M9 motion coprocessor as the iPhone 6s, enabling the “Hey, Siri” function to always remain on. It also comes equipped with Apple Pay and incorporates Touch ID, which allows a user to unlock their phone with their fingerprint.

As for price, the iPhone SE will cost $399 for 16GB, compared with $549 for the iPhone 6. That lower price, as well as the inclusion of Apple Pay, is likely part of Apple’s strategy to encourage customers in fast-growing cellphone markets such as China and India. CEO Tim Cook has said that China will eventually be home to the company’s largest customer base.

Overall, sales growth for the iPhone has already slowed worldwide. In January, the company said for the first time it expects iPhone sales to decline in the current quarter compared to the same period a year ago.

It’s a big week for Apple in several arenas. Tomorrow, the company faces the FBI in a U.S. federal court hearing over its refusal to build a new operating system that could break into the phone of a gunman from last year’s San Bernardino, Calif., mass shooting.

Fingers hold a small circuit board which supports four cylinders with lenses. A yellow/green piece of plastic partially covers the circuit board.

CeBIT 2016: Terabee’s Range Sensor Helps Make Drones Fast, Cheap, and Under Control

Editors Note: This week IEEE Spectrum is covering CeBIT, the enormous information and communications technology show that takes place annually in Hanover, Germany. For up-to-the-second updates, you can follow our CeBIT Ninja, Stephen Cass, on Twitter (@stephencass), or catch daily highlights throughout the week here.

The World Wide Web is the most famous technology to emerge from the needs of the international particle physics research center CERN, but it’s not the only one. In the latest example, a lightweight, inexpensive (and maker-friendly) range sensor has come about because scientists want to use drones to survey tunnels and vaults without smashing into expensive and difficult to replace equipment.

CERN’s massive subterranean facility lies underneath farm fields between Geneva and the Jura mountains. The centerpiece is the Large Hadron Collider, housed in a tunnel that forms a ring with a 27-kilometer circumference. As well as lots of interesting physics, these accelerators can also produce lethal amounts of radiation (hence the need to keep everything underground). A few years ago, CERN looked into the possibility of having drones create three-dimensional surveys of the radiation levels in the accelerator tunnels and the vaults that house CERN’s giant particle detectors. 

They approached a drone services company, but it was soon discovered that there was no way to create a drone that was small enough to operate in the cluttered spaces and yet had sensors that would let it locate itself with enough precision to avoid collisions. The result was the founding of Terabee in 2012, explains Massimiliano Ruffo, the company’s CEO, who I met at CeBIT’s airy press center yesterday. (I know you guys don’t care about #journalismproblems, but over the last 15 years of covering events I’ve had to work out of a lot of windowless pits, fighting with other reporters over desk space and wall sockets, so by all that’s holy, I’m going to give the Hannover Fair press center—which even has its own bar—a shout out.)

In 2015 Terabee was recognized formally as a CERN spin-off and selected to join the research center’s business incubation partner Innogex. Terabee began selling its first sensor, the TeraRanger One, the same year.

The matchbox-sized TeraRanger One sells for 125 euro (US $140) and weighs just 8 grams. Measuring the time-of-flight for infrared pulses generated by an LED allows the TeraRanger One to determine the distance to a single point-like region ahead 1000 times per second. The maximum distance that can be measured indoors (or, of course, underground) is about 14 meters, with a range accuracy of four centimeters. Ruffo says that with some sensor-by-sensor calibration and a slower rate of measurement, the accuracy can be increased to about two centimeters. Maximum distances closer to five to six meters are possible in sunlight.

The TeraRanger One’s onboard electronics takes care of all the post processing required from the sensor’s raw time-of-flight data and spits out the distance as a number that represents the number of millimeters measured. A 5-volt UART serial interface is used by default, and a 5 V I2C bus can be used with a firmware change, making the sensor trivial to hook up to an Arduino, and only slightly more complicated to connect to a Raspberry Pi. (That’s due to the latter’s aversion to voltages higher than 3.3 volts).

Inexpensive ultrasonic range finding sensors of TeraRanger One’s size and weight have been available for some time, but they lack its speed and angular precision. LIDAR systems, which often employ a rotating mirror to scan a sensing laser beam around, are also fast and provide high resolution at good distances but are bulkier and more expensive than the TeraRanger One. (Although that may change if DARPA’s phased-array LIDAR-on-a-chip ever comes to the mass market.) Stereo vision systems are another alternative for rangefinding, and can provide depth information over a wide field of pixels, but Ruffo believes that TeraBee again has the edge because the time-of-flight data produces more reliable distance measurements over a longer range.

For systems that require more complex measurements, such as those the doing the kind of SLAM (simultaneous location and mapping) required for the original CERN surveying, TeraBee currently offers a hub which allows measurements from up to eight separate sensors to be integrated. A pre-built eight sensor “tower” is in the works, says Ruffo, and the company also offers an evaluation version of a small LIDAR-type scanning platform

I’m hoping to try the TeraRanger One out for myself for Spectrum’s Hands On section in the coming months and put it through its paces. Perhaps, in honor of its design history, I can make a wearable people detector for the deep dark tunnels of the New York City subway—one that will solve the recurring problem of being oblivious to an empty subway seat opening up directly behind you and then losing that seat to another rider.

A glowing floating balloon patterned to look like an eyeball hovers in the evening sky outdoors.

CeBIT 2016: The Aerotain Skye Could Be Your Friendly Floating Camera Drone

Editors Note: This week IEEE Spectrum is covering CeBIT, the enormous information and communications technology show that takes place annually in Hanover, Germany. For up-to-the-second updates, you can follow our CeBIT Ninja, Stephen Cass, on Twitter (@stephencass), or catch daily highlights throughout the week here. 

Once upon a time there was a very odd British television show called The Prisoner, which featured a secret agent repeatedly attempting to escape from a mysterious village. One of the biggest threats the agent faced was a giant balloon called Rover, which would pursue and subdue rule-breaking villagers. Now Rover has been brought to reality, albeit in a much more adorable version, thanks to the engineers at Aerotain and their Skye inflatable drone.

The Skye is a 3-meter-diameter controllable balloon that’s filled with helium for buoyancy. Dotted around the surface are propellers whose direction can be adjusted, spinning the balloon or moving it around as required. There’s also the option to add an internal projector to display moving images on the balloon’s skin. Skye has been used at events as a crowd-pleaser, but it can also be used a platform for aerial photography by adding cameras.

Read More

Meet the Guy Whose Software Keeps the World’s Clocks in Sync

Clocks sprang forward last weekend in about 75 countries. Over time, technology has spared many citizens who observe daylight saving time the headache of physically changing their clocks. Electronic clocks automatically reset the time—a subtle convenience made possible by the rise of the global Internet, a network of real-life atomic clocks, and a physicist who has spent decades finding smarter ways to distribute time.  

In many cases, the internal clock that ticks away in a laptop or desktop computer is synchronized to an official time service maintained by the U.S. National Institute of Standards and Technology (NIST). This free service shares Coordinated Universal Time with personal devices, Web browsers, financial trading software and e-mail programs throughout the world. The service receives 150,000 requests per second (roughly 16 billion a day) from systems that repeatedly ask, “What time is it?

“If you have a PC, it's probably synchronized to the time service,” says Judah Levine, the man who originally built servers and programmed software to send time over the Internet for NIST back in 1993.

Here’s how it works: electronic clocks are programmed to check in (once an hour, on average) and record the time from a network of 20 “timeservers” scattered throughout the U.S. Three of those servers—two in Boulder, Colo., and a third in Fort Collins, Colo.—are physically linked to atomic clocks, the newest of which is so accurate, it gains or loses only a second every 300 million years. At those sites, an electric pulse signifying the start of each second is generated by the atomic clock and delivered to a server.

Once the pulse has arrived at a server, the signal is translated to the precise hour, minute and second of the day in Coordinated Universal Time using a string of characters sent separately from the clock to the server. This code enables the server to identify a given second as 16:02:56 UTC, for example. 

Next, this information is shared with the other NIST servers through a phone line and distributed to devices and systems over the Internet, primarily in 48-byte packets via the Network Time Protocol. Adjustments for time zones, daylight saving time, or leap seconds are made by Internet service providers or handled by instructions built into a network or device.

While many nations operate an official time service, NIST has the highest-capacity timekeeping network. It’s also the most popular. Jeff Sherman, a NIST physicist, recently tracked requests to two NIST timeservers for one month. He found requests originating from 316 million unique IP addresses, which he estimates represents about 8.5 percent of all the devices currently connected to the Internet. Those addresses were registered in 244 nations.

This system has served the Internet well for more than 20 years. But Levine expects demand for the time service to grow exponentially with the rise of internet-connected wearables and household electronics. These days, the 76-year-old physicist is thinking hard about how to prepare the network for the onslaught of requests it expects to receive in the era of the Internet of Things.

“The growth rate has sort of been steady at a few percent a month,” Levine says. “We should be able to handle the next two or three years of growth. After that, we're going to have to think again.” He isn’t even sure how many requests per day the current system could handle.

One way to absorb such growth might be to add more layers to the time service. For personal devices that do not require the precise time down to the thousandth of a second, companies such as Apple, Google or Microsoft could make a single request to NIST and then provide the time indirectly to thousands of customers through layers, or stratums, of service.

“One would hope that if a toaster is connected to the Internet,” Sherman says, “it doesn't need the same degree of accuracy as a power plant and someone would arrange for that toaster to be in that stratum system.” In fact, many companies already do this—but more may need to adopt the practice as the Internet of Things takes off.

Another option would be to rely more heavily on alternatives to the NIST time service that already provide the time to many devices and networks. For example, most cell phones rely on GPS satellites maintained by the U.S. Naval Observatory to track time. Many Web browsers synchronize to clocks maintained by other sources through the Network Time Protocol, which pre-dates Levine’s service.

For now, NIST is considering restructuring its timeservers so that every server is directly linked to an atomic clock. Levine says the plan is to build a fourth atomic clock at NIST’s headquarters in Gaithersburg, Md., and maintain about 12 timeservers total between the four sites. This would simultaneously improve the system’s accuracy and boost its capacity for delivering the answer to the question, “What time is it?”

Boys and girls smile as they hold tablets with bright yellow cases

CeBIT2016: The Kio Kit Is a Classroom in a Box

Editors Note: This week IEEE Spectrum is covering CeBIT, the enormous information and communications technology show that takes place annually in Hanover, Germany. For up-to-the-second updates, you can follow our CeBIT Ninja, Stephen Cass, on Twitter (@stephencass), or catch daily highlights throughout the week here.

Founded in 2013, BRCK is a Kenyan company that makes a rugged router designed for places with poor communications or power infrastructure. It can act as a traditional WiFi access point, but if a wired connection goes out or is simply not available, the router can switch over to cellular networks. Power outages are compensated for by an 8-hour battery. But now the company has gone beyond its basic product with the launch in September 2015 of BRCK Education and its US $5,000 Kio Kit.

The Kio Kit is an almost literal turnkey connected classroom: A water-resistant trunk-sized travel case contains 40 Kio 7-inch tablets and a BRCK router. The travel case wirelessly each charges each tablet, and the whole unit can be charged from either a wall outlet, solar power, or even a car battery. The tablets come pre-loaded with educational software chosen by the purchaser, which can be a mix of free and paid material from providers such as the Kahn Academy or eKitabu, a Kenyan e-book company. Updates can provided through the cloud when connectivity is available.

BRCK’s business development manager, Alex Masika, was at CeBIT to present early results from Kio Kit deployments at the invitation of the German Federal Ministry of Economic Cooperation and Development. Since January, Kio Kits have been sold into schools in Kenya, Tanzania, and the Solomon Islands, with additional orders coming in from Sudan, and queries from many other countries around the globe including the United States.

“The impetus for BRCK Education was the lack of education around the world, with hundreds of millions of kids going without,” says Masika. Educational content was available, but existing set of tools, such as typical consumer-grade tablets, “wasn’t able to address the challenges faced in Africa with power and connectivity,” he adds. Even something as basic as charging multiple mobile devices proved difficult in many schools, so BRCK tried to develop an all-in-one-solution with an emphasis on durability. The tablets are designed to survive a drop of least 70 centimeters, and “we haven’t had report of a single broken screen yet,” says Masika. Other touches—such as color coding the headphones yellow to make them easy to identify when giving instructions—were designed to make the system as hassle-free for teachers as possible.

Masika, who is currently looking for investors and industry partners who can help scale up production and distribution of the Kio Kit, notes that one thing he’d like to see is Kio Kits popping up in places like refugee camps along with other emergency infrastructure like tents. In the meantime, the Nairobi-based Kio Kit and BRCK engineers and designers are continuing to improve the system based on user feedback. 


Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Load More