An identity theft epidemic looms in South Africa and passwords will not be enough to protect you. But there is a solution, writes ARTHUR GOLDSTUCK.
South Africans have to brace themselves for an identity theft epidemic, after a website exposed 60-million South African identity numbers, along with extensive personal details (see http://bit.ly/SAbreach).
Suddenly, it is not enough to choose complicated, hard-to-guess passwords for online services like Internet banking, email, backup sites and cellphone services. In many cases, one merely has to confirm a range of personal details – exactly like those exposed in the breach – to change a password and gain access to a website containing financially sensitive information.
It is for this very reason that information security experts have for many years recommended something called two-factor authentication (2FA). It means that, to access a site or service, one needs a physical form of authentication as well as digital verification like user names and passwords.
The typical solution is to use one’s smartphone, usually via a one-time password e-mailed or sent by SMS. While this meets the technical definition of two-factor authentication, it is useless if identity theft has been used to have a new SIM card issued with your number.
Enter U2F, or Universal Second Factor. Jointly developed in 2012 by Google and a company called Yubico, it was adopted a year later by an industry body, the FIDO (“Fast IDentity Online”) Alliance, as a standard for two-factor authentication.
According to Yubico, it “enables Internet users to securely access any number of online services, with one single device, instantly and with no drivers, or client software needed”. You still need separate passwords for each site, but a separate device validates them.
The main problem with the solution in South Africa has been the absence of suitable U2F devices. That, in turn, has largely been a factor of service providers like banks not embracing the standard.
But now, the game has changed, First, a growing number of major international organisations have built it into their security options, with Google, Facebook and Dropbox, among other, all having it as an option.
Secondly, and most important, a South African company has built the first home-grown U2F-compliant solution.
It’s called SOLID wekKey, and it looks like a small USB flash drive. It secures several hundred passwords with a single overarching password. A small, downloadable password manager application allows the user to transform all these passwords into strong passwords that are almost impossible to guess or crack.
It was developed by Ansys, a South African company based in Centurion. Ansys has made a name for itself manufacturing custom security products for clients, ranging from small businesses to large enterprises, across the defence, aerospace, industrial and telecommunications sectors. With webKey, it is venturing into designing and marketing its own products for the consumer market.
“The general public struggles with basic account security,” says Ansys CEO Teddy Daka. “Year after year, we see that easy to crack passwords such as ‘123456’ or ‘password’ are still in common use, and individuals rely on just one or two memorable passwords or passphrases to protect all their online accounts.”
He reminds the public that, while security experts recommend the use of long passwords made up of uncommon phrases, and that every account must be protected with a unique password, people tend to use the same simple credentials all the time. As this writer has pointed out many times, when a user name and password is stolen from one site, it can often be used across multiple services.
The real issue is that people tend to compromise security for the sake of simplicity. The more secure a solution, usually, the more complex, and therefore the less popular. However, we have entered an era when hackers are going after the big fish and the small alike. When it is as easy to break into a million small accounts as one big one, no one remains safe. That means the simple solutions are no longer secure enough.
“People use easy to remember passwords because they choose convenience over security,” says Daka. “This shouldn’t come as a surprise. We shouldn’t expect people to remember passwords that are made up of 25 random characters for an account they need to access every day.”
However, products like SOLID webKey do the remembering for the user. Yes, you can build complex pass phrases into a password locker on your smartphone, but the locker is as vulnerable as the phone itself. Keep the password on a separate device, and one extra barrier has been placed between the hacker and your peace of mind.
How does it work?
SOLID webKey uses a combination of physical password vault, contained on a USB device, and a small industry-standard software application called KeePass.
The full name of the application, KeePass Password Safe, sums up its role perfectly: it is the equivalent of placing your valuables in an industrial-strength safe. Of course, as Hollywood teaches us, no safe is completely foolproof, but this kind of solution gives the user a chance against both random hackers and the professionals looking for easy targets.
Typically, hackers would use malware, or infected software, delivered via cunning “phishing” email and other attacks, to steal passwords. The SOLID webKey guards against this by requiring a physical tap of the USB device before passwords can be accessed. Because the password is never typed in, but delivered via a hardware “token”, it can’t easily be intercepted.
This is the basis of both two-factor authentication (2FA) and the Universal Two-Factor (U2F) standard promoted by the FIDO Alliance.
The main obstacle to the wider uptake of U2F is the fact that it remains a mystery to most consumers, and even services like Gmail and Facebook – which come under regular, sustained attack – do not make a special effort to highlight the option. However, as the cyber war intensifies, U2F is expected to move to the front and centre of such sites’ efforts to protect their users.
“Two-factor authentication is rapidly becoming the norm, and is a proven way to secure accounts,” says Daka. “Through SOLID webKey, we hope to make it easier to use and therefore more popular with South Africans who want the best in online security.”
When will we stop calling them phones?
If you don’t remember when phones were only used to talk to people, you may wonder why we still use this term for handsets, writes ARTHUR GOLDSTUCK, on the eve of the 10th birthday of the app.
Do you remember when handsets were called phones because, well, we used them to phone people?
It took 120 years from the invention of the telephone to the use of phones to send text.
Between Alexander Graham Bell coining the term “telephone” in 1876 and Finland’s two main mobile operators allowing SMS messages between consumers in 1995, only science fiction writers and movie-makers imagined instant communication evolving much beyond voice. Even when BlackBerry shook the business world with email on a phone at the end of the last century, most consumers were adamant they would stick to voice.
It’s hard to imagine today that the smartphone as we know it has been with us for less than 10 years. Apple introduced the iPhone, the world’s first mass-market touchscreen phone, in June 2007, but it is arguable that it was the advent of the app store in July the following year that changed our relationship with phones forever.
That was the moment when the revolution in our hands truly began, when it became possible for a “phone” to carry any service that had previously existed on the World Wide Web.
Today, most activity carried out by most people on their mobile devices would probably follow the order of social media in first place – Facebook, Twitter, Instagram and LinkedIn all jostling for attention – and instant messaging in close second, thanks to WhatsApp, Messenger, SnapChat and the like. Phone calls – using voice that is – probably don’t even take third place, but play fourth or fifth fiddle to mapping and navigation, driven by Google Maps and Waze, and transport, thanks to Uber, Taxify, and other support services in South Africa like MyCiti, Admyt and Kaching.
Despite the high cost of data, free public Wi-Fi is also seeing an explosion in use of streaming video – whether Youtube, Netflix, Showmax, or GETblack – and streaming music, particularly with the arrival of Spotify to compete with Simfy Africa.
Who has time for phone calls?
The changing of the phone guard in South Africa was officially signaled last week with the announcement of Vodacom’s annual results. Voice revenue for the 2018 financial year ending 31 March had fallen by 4.6%, to make up 40.6% of Vodacom’s revenue. Total revenue had grown by 8.1%, which meant voice seriously underperformed the group, and had fallen by 4% as a share of revenue, from 2017’s 44.6%.
The reason? Data had not only outperformed the group, increasing revenue by 12.8%, but it had also risen from 39.7% to 42.8% of group revenue,
This means that data has not only outperformed voice for the first time – as had been predicted by World Wide Worx a year ago – but it has also become Vodacom’s biggest contributor to revenue.
That scenario is being played out across all mobile network operators. In the same way, instant messaging began destroying SMS revenues as far back as five years ago – to the extent that SMS barely gets a mention in annual reports.
Data overtaking voice revenues signals the demise of voice as the main service and key selling point of mobile network operators. It also points to mobile phones – let’s call them handsets – shifting their primary focus. Voice quality will remain important, but now more a subset of audio quality rather than of connectivity. Sound quality will become a major differentiator as these devices become primary platforms for movies and music.
Contact management, privacy and security will become critical features as the handset becomes the storage device for one’s entire personal life.
Integration with accessories like smartwatches and activity monitors, earphones and earbuds, virtual home assistants and virtual car assistants, will become central to the functionality of these devices. Why? Because the handsets will control everything else? Hardly.
More likely, these gadgets will become an extension of who we are, what we do and where we are. As a result, they must be context aware, and also context compatible. This means they must hand over appropriate functions to appropriate devices at the appropriate time.
I need to communicate only using my earpiece? The handset must make it so. I have to use gesture control, and therefore some kind of sensor placed on my glasses, collar or wrist? The handset must instantly surrender its centrality.
There are numerous other scenarios and technology examples, many out of the pages of science fiction, that point to the changing role of the “phone”. The one thing that’s obvious is that it will be silly to call it a phone for much longer.
MTN 5G test gets 520Mbps
MTN and Huawei have launched Africa’s first 5G field trial with an end-to-end Huawei 5G solution.
The field trial demonstrated a 5G Fixed-Wireless Access (FWA) use case with Huawei’s 5G 28GHz mmWave Customer Premises Equipment (CPE) in a real-world environment in Hatfield Pretoria, South Africa. Speeds of 520Mbps downlink and 77Mbps uplink were attained throughout respectively.
“These 5G trials provide us with an opportunity to future proof our network and prepare it for the evolution of these new generation networks. We have gleaned invaluable insights about the modifications that we need to do on our core, radio and transmission network from these pilots. It is important to note that the transition to 5G is not just a flick of a switch, but it’s a roadmap that requires technical modifications and network architecture changes to ensure that we meet the standards that this technology requires. We are pleased that we are laying the groundwork that will lead to the full realisation of the boundless opportunities that are inherent in the digital world.” says Babak Fouladi, Group Chief Technology & Information Systems Officer, at MTN Group.
Giovanni Chiarelli, Chief Technology and Information Officer for MTN SA said: “Next generation services such as virtual and augmented reality, ultra-high definition video streaming, and cloud gaming require massive capacity and higher user data rates. The use of millimeter-wave spectrum bands is one of the key 5G enabling technologies to deliver the required capacity and massive data rates required for 5G’s Enhanced Mobile Broadband use cases. MTN and Huawei’s joint field trial of the first 5G mmWave Fixed-Wireless Access solution in Africa will also pave the way for a fixed-wireless access solution that is capable of replacing conventional fixed access technologies, such as fibre.”
“Huawei is continuing to invest heavily in innovative 5G technologies”, said Edward Deng, President of Wireless Network Product Line of Huawei. “5G mmWave technology can achieve unprecedented fiber-like speed for mobile broadband access. This trial has shown the capabilities of 5G technology to deliver exceptional user experience for Enhanced Mobile Broadband applications. With customer-centric innovation in mind, Huawei will continue to partner with MTN to deliver best-in-class advanced wireless solutions.”
“We are excited about the potential the technology will bring as well as the potential advancements we will see in the fields of medicine, entertainment and education. MTN has been investing heavily to further improve our network, with the recent “Best in Test” and MyBroadband best network recognition affirming this. With our focus on providing the South Africans with the best customer experience, speedy allocation of spectrum can help bring more of these technologies to our customers,” says Giovanni.