main

PC News and Reviews

Intel Partners With ARM to Securely Connect ‘Any Device to Any Cloud’

October 15, 2018 — by Wccftech.com0

iot-security-2x1-740x370.jpg

Intel has been very interested in the growth of Internet Of Things for the past few years, and while many “tech evangelists” seem to love it, most of us on the hardware side as well as the average consumer have been lukewarm with the idea of WiFi connected refrigerators.  That being said one of the most questionable things about IoT devices is the lack of any built-in security and the ability to be used in botnets has been a major critique of these devices in the past.

Intel Adds Support for ARM devices on Intel Secure Device Onboard

Enter Intel Partnering with semiconductor rival ARM to provide much-needed flexibility. Intel has announced today that it has expanded its Intel Secure Device Onboard to ARM-based devices which will expand support for IoT practitioners to automatically provision their devices to the cloud platform of their choosing. This is mostly aimed at the enterprise and commercial fields with edge computing, AI and predictive maintenance. Intel has said that the biggest problem is with the growth of data the more valuable it will become, and without collaboration and open methods securely provisioning the devices and data on the cloud will be a challenge.

intel-9th-gen-core-2-customRelated Intel Core i5-9600K 6 Core/6 Thread CPU Overclocking Performance Benchmarks Leak Out – Achieves 5.2 GHz on High-End Air Cooler

Intel has decided to share their Secure Device Onboard system to ARM products for the sake of simpicity for IT teams.

“Intel and Arm are simplifying one of IoT’s most complex and challenging barriers with regard to streamlining the manufacturing and security deployment workflows for IoT, this is an ROI win for the customer, who will be able to deploy both Intel- and Arm-based devices at a lower cost and with less friction between IT and OT while at the same time retaining flexibility over their data and cloud partner choice until the deployment phase.”

Michela Menting, director ABI Research,

Intel plans on using Secure Device Onboard to help customers, partners and IT firms to install IoT devices more efficiently and to reduce the time manufacturers need to pre-configure the devices, which while already working on their own products will be expanded to ARM devices as well. This should result in the customer being able to choose the onboarding systems without being locked into a single cloud provider’s chosen provisioning method or a single device architecture. This in turn allows more flexability to be built in before the device is purchased to onboard into any cloud ecosystem.

For more data on how this works, Intel has released the video below.

[embedded content]

Submit

Gaming News

After Shooting At Dr Disrespect's House, Streamers Are Concerned For Their Safety

September 12, 2018 — by Kotaku.com0

jpn8uxatvxr1wirkwspv.png

Illustration: Jim Cooke

Yesterday, one of Twitch’s best-known streamers, Dr Disrespect, was forced to abruptly shut down his stream after someone fired a gun at his house, shattering a window. Police have since said the shots likely came from a BB gun, but this and other recent incidents now have Twitch streamers concerned for their privacy and safety.

It’s been a frightening and tragic few weeks for public figures in video games. At the end of last month, a shooter opened fire on a Madden tournament in Jacksonville, FL, killing two pros and injuring numerous others. This week, shots (presumably of the BB variety) were fired at Dr Disrespect’s house on two separate occasions. All of this on top of ongoing issues like swatting—which led to a young man’s death late last year—and stalking. In the wake of it all, some streamers feel like their safety is no longer guaranteed at any time, whether they’re playing Fortnite in their home or out and about at TwitchCon.

Advertisement

“I may not attend TwitchCon,” popular streamer Ellohime said on Twitter shortly after Dr Disrespect ended his stream. In 2015, Ellohime had to deal with a fan showing up at his front door without any warning. “This is a difficult decision (and I am still thinking hard on it),” Ellohime said, “but I just wanted to get this out there. Don’t feel safe in America.” In a follow-up statement today, Ellohime explained his rationale, saying that everything from Jacksonville to Dr Disrespect to death threats he’s personally received is informing his decision.

“It’s obviously targeted. Safety is practically an illusion at this point,” another streamer named SuniDey said of Dr Disrespect’s situation. “Makes me question going to conventions.”

Today, Twitch issued a brief statement on Twitter telling TwitchCon attendees that security is the company’s “highest priority” for its annual show, which takes place this October in San Jose, California.

Advertisement

“We want to assure you that we are adding additional security measures on top of past event measures,” the statement read, promising “more detailed information on TwitchCon security in the coming days.”

Photo: Twitch

Call of Duty and Fortnite YouTuber Tabor Hill says that he had a bullet fired at his house last year, but fortunately nobody was in the room it ended up ricocheting around.

Advertisement

“Man, just watched the Dr Disrespect clip,” Hill said yesterday on Twitter. “I know the feeling, especially having kids. Someone did it to my house last year with a FMJ round. Tore right through my kid’s bathtub at headshot level. My wife and kids are scarred ever since.”

Even if the gun in question was a BB gun, streamers point out that that does not lessen the severity of the situation.

“If the weapon used again Dr Disrespect was a BB gun or a regular gun, the scenario is uncalled for and dangerous. They damaged his home and scared his family,” a streamer named Ash told Kotaku in a DM. “YouTubers being stalked, streamers’ homes being shot, bomb threats at events, and now a shooting at a tournament all warranted my fear for events. I’m honestly scared to attend TwitchCon and DreamHack Atlanta.”

Advertisement

Streamers are also increasing their personal security, and recommending that others do the same.

“One thing I believe in when having an online presence is anonymity,” Mixer partner Br0dyman said. “Protect yourself, everyone. With what happened with Dr Disrespect, you can never be too careful with your information. Streamers, start by getting a PayPal business account.”

Advertisement

Ash said she “rarely” gives out her full name, and she lists different locations than where she actually lives on social media. She also lives in a gated community, which adds an extra level of security. Even then, though, she doesn’t take safety for granted. If a viewer she knows and trusts wants to visit, she’ll let them stay at her place, but “if not, I drive out to them and their hotel and never show them where I actually live.”

Moe, a streamer and content creator consultant, thinks some responsibility falls on Twitch, too.

“While it probably isn’t reasonable to expect Twitch to go as far as providing security for their biggest partnered creators, I think there should almost certainly be more education provided to them,” he told Kotaku in a DM. “There should be some sort of workshop, video, etc that explains to them the dangers they face as celebrities. Examples should be provided of incidents that have happened and that surely will continue to happen. They should be taught that anyone can find their information and where they live if they really want to. Most importantly, Twitch should provide suggestions (or even better, direct support in implementing solutions) for how to avoid or reduce incidents like what Dr Disrespect has encountered.”

Advertisement

Image: Twitch

Moe pointed out that streamers, YouTubers, and other burgeoning celebrities who benefit from a culture of perceived accessibility are in an odd spot right now. “I think the big issue with Twitch/YouTube content creators and security is that they’re essentially mini-celebrities, but without the knowledge and caution that actual Hollywood celebrities have,” he said. “They typically live in normal neighborhoods with their neighbors often not even knowing who they are. Yet they absolutely are celebrities, just one step below Hollywood actors and pop stars.”

The bigger, wealthier streamers and YouTubers should consider living in gated communities and getting security cameras, Moe said. At the same time, though, many of these people are in their 20s and have only recently come into wealth, if they’ve come into wealth at all. And just because a streamer is smaller, that doesn’t necessarily mean they’re in the clear.

Advertisement

If nothing else, Moe recommended forewarning the local police “so they can approach those situations with better awareness of what may be happening.” Swatting, especially, takes advantage of a lack of savvy on the police’s part, so better safe than sorry.

Ash, though, doesn’t want to leave anything to chance. She said she doesn’t believe in owning a gun herself, but at times, she carries a knife, and she plans to have pepper spray on her person in the near future.

“With these occurrences happening frequently, it’s definitely increased how fearful I am of being in huge crowds of people where anything can happen,” she said.

Gaming News

Fighting Game Tournament Offers Complicated Solution To Event Safety Concerns

September 7, 2018 — by Kotaku.com0

bdbqrsqqqn9vriizhxdf.jpg

Photo: SoCal Regionals

In response to the recent mass shooting tragedy in Jacksonville, during which two Madden competitors were killed and 11 more were injured by a fellow player, the annual SoCal Regionals fighting game tournament will enforce additional security measures in an effort to protect attendees. The most glaring policy is the event’s implementation of mandatory arcade stick checks, asking players to unscrew and open their peripherals for further inspection.

With comments closed on the official announcement, the fighting game community was left to sound off on its favorite social media platform: Twitter. Some have thanked SoCal Regionals organizer Level Up, with one player saying that, after Jacksonville, “I’ll take [the new policies] over lack of security any day.” But others haven’t been as positive. Attorney and commentator David “UltraDavid” Graham claimed the announced security measures were “too much,” and longtime competitor Scott “Sabre” Bender referred to the move as “absolute absurdity” and “unbelievably ridiculous.”

For years, the SoCal Regionals have been one of the most important tournaments in the fighting game community calendar, and its prominence has grown thanks to being chosen as a stop on the official pro tours for Street Fighter V, Dragon Ball FighterZ, Tekken 7, and Injustice 2. Registration numbers have yet to be finalized, but if last year’s event is any indication, hundreds are expected in Ontario, California the weekend of September 14.

Jimmy Nguyen, the president and chief operating officer of Level Up, told Kotaku that community concerns following the Jacksonville shooting were the driving force behind this new policy. “As an event organizer, you have to listen to all of the feedback and make a decision that puts safety first,” he explained. “We run community events and listen to their feedback. The looming conversation around SoCal Regionals is currently mainly about safety. If we did nothing about it, we aren’t serving the community.”

A recent tweet in which Capcom thanks the community for their understanding seems to point to the developer’s involvement in the decision. Capcom organizes the Street Fighter V tournament circuit that the SoCal Regionals call home. When asked about any affect Capcom may have had on this policy, however, Nguyen repeated that feedback from the community was the key influence. Capcom did not respond to a request for comment.

Advertisement

Although great strides have been made to make arcade sticks more accessible and customizable for the fighting game community at large, they’re still solid pieces of equipment that take some work to disassemble. Sticks without accessible latches often require users to unscrew the various panels that go into their construction, and when the insides are finally exposed, there’s very little room to hide anything besides maybe some small snacks. That being said, the folks behind SoCal Regionals believe adding this layer of security on top of bag checks and metal detectors (both handheld and walk-through) will make their event safer despite the added 1-2 hours of waiting they expect attendees to experience as they enter the venue.

This is a unique problem in the world of competitive gaming. Where esports like League of Legends and Overwatch run competitions that focus solely on select high-profile teams, fighting game events are open-bracket affairs that give everyone a shot at greatness. As such, a majority of the attendees at tournaments like SoCal Regionals are there to compete and will be walking into the venue with all kinds of peripherals with which to do so. It isn’t hard to imagine these additional security measures bottlenecking hundreds of attendees, turning the often-crowded lines into even greater time-sinks and, possibly, soft targets themselves.

Advertisement

Some arcade sticks, like Razer’s Panthera, feature a simple latch for opening, but a majority of peripherals do not.Image: Razer

“While I understand the response, I feel in part that there’s a sense of panic and a desire from the community for a knee-jerk reaction,” Street Fighter V competitor Brian “Brian F” Foster told Kotaku. “People are scared, and the recent shooting showed a violation of what many in the community perceive to be their safe space. I think there was a demand from the community to provide both a fast and actionable response to the safety concerns. While security at events has always been suspect, they mostly behave like a public space; people can enter as they choose and participate if they want. I don’t expect or want increased levels of security in all public spaces. There comes a certain point where it transitions from security to security theater, simply to ease the minds of people who are anxious and scared.”

Foster’s claim that SoCal Regionals’ new layer of scrutiny amounts to “security theater”—visible security procedures that often do little to actually make people safe—has been common since the arcade stick inspections were first announced. The most well-known example of this phenomenon is the Transportation Security Administration (TSA) and the practices they employ during airport security checks.

Advertisement

Despite the TSA asking travelers to remove their shoes, belts, hats, jackets, etc. and offload everything into plastic bins for further examination before submitting to a full body scan, a 2016 report from the Department of Homeland Security found that undercover investigators were able to sneak fake explosives and weaponry past TSA agents and onto airplanes 95% of the time. In a post-9/11 world, terrified Americans were looking for anyone and anything to make them feel safe while they traveled, and the implementation of ostentatious, pre-flight inspections did the trick while amounting to very little in terms of improving security.

“The request to have players open their arcade sticks, even sticks with no easy way to be opened besides removing several screws to take apart the paneling, is way over the top,” Foster continued. He also worried that having to unscrew part of the controller and then put it back together could introduce defects into the stick that would affect performance.

Advertisement

Justin Wong, on the other hand, says he doesn’t mind SoCal Regionals’ new security measures. The community veteran, who has been attending (and winning) fighting game tournaments for decades, explained to Kotaku that although arcade stick inspections feel “a little extreme,” it’s “better to be safe than sorry.”

Right now, a lot of details are up in the air, and the organizers were unwilling to delve into specifics before the event. Will attendees have to open up their arcade sticks every time they leave and return to the venue? What happens in the event security personnel damage an expensive peripheral? And will warranties on this equipment be voided by such an intrusion?

Early on, Chinese arcade stick manufacturer Qanba told one player that, yes, his warranty would be null should it be opened, but recently walked that back, saying that they are working with SoCal Regionals to keep track of whose controllers were inspected as to maintain warranties. Hori, a similar company based in Japan, told Kotaku that they too will not be voiding the warranties of SoCal Regionals attendees who are asked to open their arcade sticks as long as they aren’t “modified or altered” in any way. We’ve also reached out to peripheral developers Razer and Hitbox for their takes on the matter.

Advertisement

Photo: Robert Paul, Evo

David Graham, the attorney and commentator, reiterated many of the same concerns as Foster during a short conversation with Kotaku, saying, “I don’t want the inconvenience and invasion of privacy of security theater to outweigh the value of actual security, and I think this does that.” That said, he understands that SoCal Regionals has to do something in the face of a federal government that seems unable to deal with the ever-present risk of gun violence. When asked if the event could face any legal backlash for asking attendees to possibly void their arcade stick warranties, Graham said that probably wouldn’t be the case. “It’s up to the owner of each stick to decide if they want to void the warranty on their stick,” he added. “If players don’t want to void their warranties, they can avoid SoCal Regionals. It’s totally up to them.”

Advertisement

In the same way this arcade stick issue is confined to the fighting game community, gun violence is a problem that’s been pretty much solved in the developed world outside of the United States. Any conversation on this matter must discuss the myriad ways that state and federal governments have failed American citizens. According to the latest findings of the Small Arms Survey, a global group dedicated to studying armed violence, and originally reported by The Washington Post, there are now enough guns in the United States to give one to every person in the country with a remaining surplus of 67 million firearms.

Little action has been taken by Congress to enact effective gun control policies, like closing state-level loopholes that allow private gun show sellers to bypass background checks or even enforcing current laws that limit the access known domestic abusers have to firearms.

Mass shootings have become an integral part of the fabric of American life, but little is done apart from an offering up of the now-memetic “thoughts and prayers” by our politicians. What happened in Jacksonville may have been a wakeup call for the competitive gaming community. It was a sign that, along with high schools, college campuses, movie theaters, night clubs, and concert halls, video game tournaments are just as susceptible to these kinds of tragedies as anywhere else. It’s hard to fault anyone looking for a feeling of safety in a country that’s proven itself to be anything but; my only hope is that this newfound fervor to combat gun violence begets more political activism in esports, akin to the teenagers of Parkland, in addition to heightened security measures that may or may not work.

Advertisement

Ian Walker loves fighting games and writing about them. You can find him on Twitter at @iantothemax.

PC News and Reviews

Intel Microcode Update Includes Gag Order – License Being Updated Right Now [Update]

August 23, 2018 — by Wccftech.com0

Intel-New-x86-uArch-Featured-Image-740x416.jpg

So something pretty detrimental to optics was included in Intel’s recent microcode update. A gag-order not to use any comparative or benchmarking software to test the new security patches was present in the licensing boilerplate. Needless to say, this is bad – very bad. I reached out to Intel and they let me know that the issue was being handled and the license is going to be updated post haste.

Intel responds to license update forbidding benchmarking: rolling out an updated version soon, welcomes all feedback

Originally spotted by Perens, the last clause in the microcode update that fixes critical side channel attacks – like spectre and meltdown – prohibits users from figuring out just how much difference the fix made. There had been (educated) speculation that a fix would not be possible without a decrease in performance and such a gag-order would curb the spread of information to the consumer. The rumored performance hit is in the range of 10%-15%. It goes without saying that there will be even more people interested in benchmarking these updates than before.

Gag orders very rarely work of course, due to the Streisand effect, so its always interesting to see companies try – that said, I am hoping that this was the work of some over-zealous lawyer in their legal department and not an actual calculated decision by an exec. Here is the bare clause that’s causing the headaches:

The offending boilerplate: You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results.

And Intel’s reply to us:

Intel’s reply: “We are updating the license now to address this and will have a new version available soon. As an active member of the open source community, we continue to welcome all feedback.”

Intel did respond fairly quickly to my email and it looks like they will be rolling back the offending clauses in the license soon enough (we’ll let you know either way). It does look like this was an honest mistake because I doubt any executive with know-how of the market would be dumb enough to think an order like this would actually work. Unless their aim was to make sure everyone benches the hell out of the new updates – in which case they were spectacularly successful.

Submit

PC News and Reviews

QNAP Extends Surveilance Intergration Scale with Dahua Technology Network Cameras

August 18, 2018 — by Wccftech.com0

PR-dahua-surveillance-camera-integration-en.jpg

QNAP Systems, a leader in Network attached storage and all things backups, has today announced that QVR Pro, the next-generation surveillance solution featuring the QVR Center central management software and QVR Guard failover protection, is now compatible with an additional 88 models of Dahua Technology’s Eco-savvy 3.0, WiFi 265 and H.265 PTZ series network cameras.

QNAP Adds Dahua Technology For QVR Pro Next Generation Cameras With H.265

QNAP has worked with Dahua Technology to provide users with greater choice and compatibility in deploying a comprehensive surveillance solution. Dahua’s Eco-savvy 3.0 network camera series can deliver real-time 4K video streams at 15 fps, providing security applications with impressive range of smart detection features. Dahua’s WiFi 265 series supports H.265 compression. Dahua’s H.265 PTZ camera provides a large monitoring range with clear details, while the latest H.265 compression cuts bandwidth in half to ensure video recording with greater efficiency and lower cost.

wccftech-qnap-ts-251b-4Related QNAP Launches New TS-251B SOHO NAS, Packs Intel Dual Core Celeron J3355

QVR Pro, the professional surveillance solution on QNAP NAS, includes 8 monitoring channels, allowing users to quickly build a home surveillance environment hosted on the QNAP NAS without any extra software required. Businesses can easily expand the number of monitoring channels up to 128 by purchasing QVR Pro licenses to deploy a large-scale surveillance project. QVR Pro uses an independent operating environment on the QNAP NAS, and by leveraging the storage expandability of the NAS, surveillance videos are safely stored for on-demand playback. The enhanced QVR Pro Client cross-platform software allows for rapid multi-channel playback and can support simultaneous play multiple 4K network cameras. Synchronous playback can focus on moving objects, while the diversified event notification setting ensures all urgent events are delivered. QVR Pro Client is available for mainstream operating systems on desktop and mobile, making surveillance management more convenient.

For more product information about QVR Pro, visit this link

For more information about QNAP NAS and compatible network cameras, visit this link

Submit

Tech News

Synaptics' Next-Gen Fingerprint Sensor Security: The FS7600 Match-In-Sensor

August 6, 2018 — by Anandtech.com0

Prometheus_678_678x452.png

Synaptics last month introduced its second-generation match-in-sensor (MIS) solution designed for a wide range of fingerprint sensors including those in PCs and other devices. The new FS7600 MIS relies on a brand-new silicon, which the company claims is designed for maximum performance and security.

The Fingerprint Reader: Sensor Plus Security

Before we proceed to the Synaptics FS7600 sensor, let’s recap the basics about fingerprint readers in general. Contemporary fingerprint hardware/software never keeps the image of a real fingerprint, but stores an abstract/hash of its distinctive features in a proprietary format. Once a new fingerprint sample is captured, the hardware/software compares the hashed data, not the images. This approach helps to improve both user experience and security.

Synaptics offers two types of fingerprint readers: match-on-host (MOH) and match-in-sensor (MIS). An MOH solution performs matching during a process that runs on the host system. A MIS system is completely stand-alone and contains a processor, storage, and cryptographic capabilities, running everything locally and performs matching in an environment physically isolated from the host. It then sends an identification result that is encrypted and signed using a sensor-specific key (this key is important, more on that later) to the host.

The Synaptics FS7600

The Synaptics FS7600 (codenamed Prometheus) is the company’s 2nd generation MIS. Besides the scanner itself, the chip features a 192 MHz processor, a hardware accelerated matcher (which uses what Synaptics calls “Quantum Matcher” algorithms), a hardware accelerated image processing unit, a hardware accelerated encryption engine that supports TLS 1.2 and AES-256, its own internal flash memory for fingerprint database, as well as physical I/O interfaces (USB, SPI, GPIO are supported).

Notably, the FS7600 supports up to a 0.2 mm sensing distance, meaning it can be put under glass, under mylar, or just coated with a protective layer. The FS7600 can also come in different shapes for various kinds of applications and different locations of the scanner on a PC. This includes a 10×10-mm square, a 10-mm circle, or a 4×12-mm rectangle .

Synaptics FS7600: Availability

Synaptics’ FS7600 is available to PC makers right now, and is expected to be implemented in future devices. Large OEMs tend to update their PC platforms once a year, so with high-end Coffee Lake systems having just hit the market in the past quarter, the next big window of opportunity for Synaptics to get their sensor adopted by PC vendors will be spread out over the next few quarters.

For their part, Synaptics says that they are going for a wide market approach, targeting both business and consumers. Business users being the more obvious case, particularly because of Windows Hello for Business. As for consumer users, the use cases are a bit more limited at present, as the current Windows Hello fingerprint tech isn’t slated to arrive in consumer OSs. Instead a fingerprint sensor would be a forward-looking addition, as Microsoft is working on their FIDO 2.0-based next-gen OS security tech, which unlike Hello will be coming to consumers.

As for non-PC applications, those have much longer product design and retail lifecycles. The FS7600 was designed for both PC and non-PC applications in mind, so while the sensor can be used in other types of devices, it would be quite some time before any such devices would hit the market. Otherwise, for early adopters, an external dongle incorporating the FS7600 is set to be available this month.

PQI MyLockey 2: 32 or 64 GB, FS7600, Available This Month

PQI has been producing Synaptics-based fingerprint readers for various customers for a while now. The company was first to launch a retail product featuring a Synaptics sensor nearly two years ago and is about to start selling its new one.

PQI’s 1st Gen MyLockey released in 2016 relies on Synaptics’ FS4300 MOH solution that supports all the company’s advanced security technologies. Being powered by a host CPU, the MyLockey 1 is of course fast, but it does not support Windows Hello for Business and will not support Microsoft’s next-gen OS-based security.

Its successor is the aptly named My Lockey 2, which is based on the FS7600 MIS solution and comes with embedded 32 GB or 64 GB of memory to store various files.

Since the 2nd Gen PQI My Lockey is also a flash drive, it looks like a flash drive and is not as small as the previous-gen product. Now, if the 1st Gen My Lockey could be installed once and never removed, the 2nd Gen My Lockey will be travelling because it is a drive. In the meantime, if the 1st Gen My Lockey was made of plastic with a metallic frame, the 2nd Gen My Lockey is made entirely of plastic and the construction does not seem to be too rugged.

Keeping in mind how important things on a PC can be, it might be best to use the 2nd Gen My Lockey only locally, which is good enough for desktops.

Along with their product announcement, Synaptics also gave us a bit more detail about how their architecture works.The chip is made using TSMC’s 55 nm fabrication process, which as we’ve seen repeatedly with products that aren’t high-performance processors, is still good-enough for various ASICs that do not need extreme compute throughput but can benefit from a relatively high transistor density. Given FS7600’s high level of integration, this is exactly our case: a low-power chip packing multiple relatively small special-purpose accelerators.

The FS7600 runs Synaptics’ own operating system. The sensor processes hashed data in a proprietary format, with virtually all demanding tasks being hardware accelerated. This high level of integration is something the company feels is very important, as it offers relatively few points in the authentication chain where an attacker can even attempt to compromise the sensor. Even then, an attack would be about fooling the sensor into giving up its keys or accepting an invalid fingerprint, as even if one could retrieve the hashed metadata – bearing in mind that the fingerprint sensor itself doesn’t have that ability – recovering a complete fingerprint from the stored metadata is thought to be impossible due to the nature of the one-way hash.

It is noteworthy that Synaptics can still update its MIS using a driver update in a bid to improve the PurePrint anti-spoofing or the Quantum Matcher technologies. But for an unauthorized person the FS7600 is going to be a tough nut to crack.

Synaptics FS7600: Performance Figures

As noted above, MOH sensors are typically considerably faster than MIS solutions because they can use the power provided by an Intel Core (or AMD Ryzen, or any other) processor to perform all the necessary tasks and no MIS is going to have performance of a contemporary high-performance x86 CPU any time soon.

According to Synaptics, it takes 180 – 250 ms for its advanced MOH product (such as the FS4300) to capture a fingerprint and match it. By contrast, its first-gen MIS could only boast a 900 ms time, which is considerably slower. The good news is that the FS7600 is designed to lower the capturing and matching time of a fingerprint to 350 ms (capturing takes around 50 ms, processing takes another 300 ms). This being primarily due to the use of more fixed function accelerators.

In a bid to demonstrate how fast the FS7600 works, Synaptics’s Godfrey Cheng showed us a retofitted commercial laptop with the new sensor and demonstrated it at Computex earlier this year. The matching takes so little time that from a visual standpoint everything happens instantly.

[embedded content]

From performance numbers point of view, MOH fingerprint solutions are still a bit faster than the FS7600, but Synaptics believes that at 350ms the FS7600 is still fast enough to provide an excellent user experience. Taking Synaptics’ own numbers for a MOH solution, this would put the FS7600 at around 100-150ms slower than an MOH solution, which although is within the realm of human response time, is not excessively so, especially for a “passive” action like a fingerprint swipe. In the meantime, the ‘sealed’ FS7600 has an important advantage over its speedy brother: compatibility with Microsoft’s Windows Hello for Business and next generation OS-level security.

Microsoft Next-Gen Security & Windows Hello for Business

Typically, fingerprint authentication is used for system activation. Obviously, you can replace certain passwords with a fingerprint, but in general everything is limited to a local PC. Meanwhile, an equally (if not more) important use of authentication is for various web and cloud applications, which means that a universal authentication method has to be supported for local and web/cloud services.

Microsoft offers two initiatives to address this problem. The first one is Windows Hello for Business, which is available today and, as the name suggests, it is aimed at the enterprise. The second one is the company’s next generation OS-level security tech designed for consumers.

When it comes to local authentications, both the Windows Hello for Business (WHFB) and the next gen OS-level security (NGOSLS) rely on Microsoft’s Virtualization Based Security. As the name implies, the latter separates applications across different virtualized machines that never affect each other, making intercepting keys using a malicious program a more difficult task.

When extending usage of a local authentication to the web, the WHFB uses Azure Active Directory’s built-in identity protection, whereas the NGOSLS relies on the  FIDO (Fast IDentity Online) 2.0 specifications and certifications. Both Azure and FIDO 2.0 require a compatible MIS with a number of special feature and sensor specific key, so an MIS setup is mandatory for both.

Ideally, both types of sensors (match-on-host, match-in-sensor) have to support a sophisticated technology that protects against spoofing. One of the strengths of fingers as identification is that they’re hard to spoof, however it’s not impossibly so. Meanwhile people leave their fingerprints around on virtually everything, so getting someone’s fingerprint is often a lot easier than it would seem. This means a sensor needs to be able to reject items that have a fingerprint but aren’t a human finger, such as gelatin or laxtex fingers. Otherwise, as we saw last year, it can be trivially easy to fake-out naive sensors.

Synaptics calls their proprietary solution PurePrint. The company doesn’t talk about the technology in too great of detail, but the sensor is connected to a host using a TLS 1.2/AES-256 encrypted connection in order to prevent intercepting or faking a valid fingerprint.

Ultimately, while Synaptics is in both the MOH and MIS businesses, now that they have a MIS sensor they feel is competitive in terms of total matching time, the company is trying rather hard to justify why OEM customers should switch to a more integrated MIS solution. This means tactfully pointing out the security shortcomings of MOH sensors, such as the fact that it requires greater software support on the host OS (a particular challenge for non-PC devices) and the general insecurity of a general purpose system.All of which makes a sealed system preferable.

That said, it is not like MOH sensors are bad though — Synaptics’ Quantum Matcher works in SGX and Windows 10 VBS-protected environments, and neither has been cracked so far. Meanwhile, a high-performance CPU is by definition faster than any tiny IC in an MIS in matching hashes and performing all the other necessary operations. As a result, MOH solutions are typically going to provide a better user experience. Though with the FS7600, Synaptics thinks they’re finally able to hit the right balance between security and performance/experience

Final Thoughts and a Glance into the Future

Overall, creating a match-in-sensor fingerprint solution that can perform similarly to match-on-host solutions is an important achievement for Synaptics. This is especially as the as the company looks to further grow their non-core businesses, and bite off a larger piece of the fingerprint sensor market. Of course, necessity is the mother of invention: Synaptics had to design an MIS as fast as the FS7600 because it needed a high-performance sensor compatible with Windows Hello for Business as well as Microsoft’s next-gen OS-based security tech. So for Synaptics the FS7600 is essentially a non-optional product. With that in mind, now that they have the FS7600, Syaptics is looking to compete for design wins in non-PC devices that benefit from a low response time (think door locks, vehicles, etc.).

Though with the FS7600 now complete, Synaptics’ already has an eye towards their own future products. The company is developing its next generation of products, including investigating how to harden their products against ever-improving quantum computers. To that end, the company’s specialists are looking into beyond-AES-256 algorithms that will be “qubit-proven,” meaninging they cannot be factored even when a quantum computer is applied.

Related Reading

Tech News

Phishing scam targets iPhone users with a fake call to ‘Apple Care’

July 30, 2018 — by Engadget.com0

Shutterstock / ymgerman

As more and more people use their mobile devices for everyday computing tasks, it makes sense that there would be more attacks. The latest phishing attempt, discovered over at Ars Technica, involves a false webpage that initiates a call on your iPhone. According to the site, when they made the call, they were connected to a fake representative who said he was “Lance Roger from Apple Care.” The person quickly hung up as the reporter tried to stall and get more detail on the scam.

Sean Gallagher at Ars Technica reports that he received an email that was formatted to look like an official iCloud security warning from Apple. The message had a link to a webpage in southern India, which then forwarded him to yet another webpage made to look like the official Apple support site. This secondary page then used JavaScript to start a dialog box on his phone to start a phone call. According to Gallagher, it will also initiate a FaceTime session on an iOS device. Gallagher has sent the details along to both Apple and Google’s security response teams. We’ve reached out to Apple for comment and will update this post when we hear back.

Tech News

Verizon VPN app protects against shady public WiFi

July 29, 2018 — by Engadget.com0

Patrick T. Fallon/Bloomberg via Getty Images

Add Verizon to the list of tech giants that can’t resist the temptation to offer their own virtual private network services. The carrier (and Engadget’s parent company) has released a Safe Wi-Fi app for Android that uses the encryption of a VPN to protect you against dodgy WiFi hotspots. Ideally, you won’t have to worry about a fake access point intercepting your data traffic at the airport or coffee shop. The app even blocks ad trackers that can lead to targeted marketing — yes, the telecom that got in trouble for aggressive ad tracking is now helping you avoid it.

There’s a recurring fee like with many apps, although the $4 per month you’ll pay is a bit of a bargain compared to other services. TunnelBear, for instance, amounts to $5 per month if you’re willing to pay on a yearly basis. The bigger gotcha may be the range of eligible devices. The app only secures up to 10 of the devices linked to your Verizon account. If you were hoping to use Verizon’s coverage for your WiFi-only tablet, you’ll have to look for a general-purpose alternative.

[embedded content]

Verizon owns Engadget’s parent company, Oath (formerly AOL). Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.