 Two unrelated stories have caught the imagination in recent days, both presenting a stark warning as to the risks in what you type into your Google search bar. Safe browsing is becoming ever more critical, as seen with Google’s new AI-powered security update coming to Chrome. But some of the dangers will surprise you. First let’s deal with a serious cyber threat caught by the security team at Sophos, which warned last week that “the internet is full of cats—and in this case, malware-delivering fake cat websites used for very targeted search engine optimization.” It turns out that the latest trick to lure users into installing malware relies on niche search engine terms to push malicious links on those awaiting the results. This so-called SEO-poisoning needs fairly specialist terms, otherwise it would not be able to command headline top-of-the-page results. “In this case,” Sophos says, “we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: Are Bengal Cats legal in Australia?” Is that niche enough for you? “Our investigation,” the team reports, “revealed the threat actor was using SEO poisoning through an easily accessed online forum found via a simple Google search, initiated by the user for ‘Do you need a license to own a Bengal cat in Australia’… Immediately after the user clicks the link, a suspicious .zip file was downloaded to C:\Users\<Username>\Downloads\Are_bengal_cats_legal_in_australia_33924.zip onto the victim’s machine, and the user’s browser was directed to the URL hxxps:[//]www[.]chanderbhushan[.]com/doc[.]php.” Suffice to say, opening this compromised forum post would download a malicious ZIP-archive payload that would start the staged installation of dangerous malware. “Once used exclusively by the cybercriminals behind REVil ransomware and the Gootkit banking trojan,” GootLoader, Sophos warns, has now “evolved into an initial access as a service platform—with Gootkit providing information stealing capabilities as well as the capability to deploy post-exploitation tools and ransomware.” Clearly if you have an interest Bengal cats and you live in Australia, then you’ll need to be extra careful. I’m not sure if they’re legal in the country, and I don’t plan to Google to find out. I’ll leave you to do your own non-Google research. For everyone else, bear this attack in mind. If your search is particularly niche then you may be more susceptible to malicious links in search than more generic hunts. As ESET’s cyber guru Jake Moore warns, “criminals are clever with how they operate and often people will put a huge dose of trust in search engines assuming results are vetted prior to being ranked. Unfortunately, malicious actors are becoming more creative meaning people need to be vigilant across all parts of the internet.” The fundamentals don’t change though—be wary of links and installs. Usually this applies most to socially engineered attacks via social media, email or messaging platforms. This just adds search results into that heady mix. The second “be careful what you Google” story is very different. Just a few days before the Sophos report was published, a story appeared in several media outlets, warning that “a woman has revealed the four words you should avoid Googling to ensure the police do not pay an unexpected visit to your house.” As reported, a couple in Long Island “were browsing for everyday household items” when they inadvertently entered just the right combination to trigger a terrorism profiling flag, prompting law enforcement to pay them a visit. “So, if you don't want police to show up at your door, don't search the four words - 'pressure cooker bomb' along with the word 'backpack'.” The story was a little stretched given that this wasn’t a direct flag from an all-seeing computer system in DC analyzing Google searches, it was in fact the IT department at the husband’s employer who flagged the search and reported it to the local police. This was back in 2013, with the Boston Marathon fresh in people’s minds. “Following the couple's unintentional internet search, several black SUVs pulled up at the couple's house to ensure they were not a terrorist threat.” While the story has captured the imagination, it’s not the searches that will catch you out but the content returned by those searches. Accessing websites and links flagged as dangerous is more likely to see your browsing behaviour traced back to you than a search itself. That said, if you fall foul of law enforcement then a review of the search history on your devices or linked to your accounts is almost certain. As per The Hill, “the search history of Thomas Matthew Crooks, identified as the 20-year-old gunman who attempted to assassinate former President Trump at a rally outside Pittsburgh last weekend, includes photos of Trump and President Biden, among other things. Crooks, who was killed after opening fire at the campaign event, had searched dates of Trump’s appearances and the upcoming Democratic National Convention, FBI officials told members of Congress.” Unless you’re exceptionally careful with clean devices and no account logins, especially not a Google account login, and you use a VPN or even connect from a location unconnected to you, internet activity has a habit of coming back to bite. And that’s before the inevitable new threats from AI search engines start to appear. Learn more by visiting OUR FORUM.  Is Microsoft gearing up to make another attempt in the foldable smartphone market after the failure of its Surface Duo? A recent patent suggests they might be. Originally published in 2021, this patent hinted at the possibility of a third-generation Surface Duo. However, new updates to the patent have brought it back into the spotlight, sparking fresh speculation about Microsoft’s plans. According to the patent, Microsoft is developing a new kind of foldable device that could solve many of the problems seen in today’s foldable phones. Instead of the dual-screen design of the original Surface Duo, this new concept would feature a single foldable screen. The device could fold both inward and outward, which is different from most foldable phones that typically only fold inward. One of the major issues with current foldables is the appearance of creases on the screen where it folds. Microsoft’s solution is clever: the patent describes a system where excess screen material can be hidden within the device’s chassis as it folds, preventing visible creases or dips. Achieving this would involve advanced manufacturing techniques, such as wet etching and laser cutting, according to the patent details. Microsoft’s journey in the mobile phone market has been rocky. The company first entered the space with its Windows Mobile software, but it struggled to compete when Apple’s iPhone and Google’s Android phones arrived. Windows Mobile was designed for older resistive touchscreens, which used a stylus, whereas the iPhone and Android phones were optimized for modern capacitive touchscreens that could be controlled by finger taps. By the time Microsoft launched its new Windows Phone 7, which was a complete redesign of the software, it was too late. Apple and Android were already dominating the market, and Microsoft couldn’t break through as a major player. Even acquiring Nokia Mobile, one of the biggest phone manufacturers at the time, didn’t help. Eventually, Microsoft gave up on its mobile operating system entirely. In 2020, after several years away from the mobile market, Microsoft made a surprising move by launching the Surface Duo. This time, instead of using its own software, the device ran on Android. The Surface Duo was technically a foldable phone, but it had a different design than the foldables we’re used to today. It had two separate screens connected by a hinge, allowing it to fold 360 degrees. While the idea was innovative, the Surface Duo faced several problems. It was expensive, had software limitations, and didn’t get much promotion. As a result, it didn’t catch on with consumers. Microsoft released a second version, the Surface Duo 2, which had some improvements, but it still failed to gain significant traction. Rumors about a Surface Duo 3 with a flexible OLED screen began to circulate, but the project was eventually canceled. The recent updates to Microsoft’s patent have sparked some hope that the company might be working on a new foldable device. However, it’s important to take this with a grain of salt. Big tech companies like Microsoft file patents all the time, and only a small percentage of them ever turn into actual products. Even if this concept doesn’t make it to market, filing the patent still has value. It secures the idea and could lead to licensing deals, allowing Microsoft to profit from its innovation without ever launching the product. Follow this and more on OUR FORUM.  The Android operating system, despite its immense potential, often feels like a missed opportunity. Google’s ambitious strategy of creating an open-source platform with multiple hardware partners seemed poised to revolutionize the mobile device landscape. Yet, seventeen years later, the single-vendor, proprietary iPhone still dominates mobility. Google is a highly innovative company, but often suffers in the execution department. By contrast, Microsoft isn’t particularly innovative, but excels in execution, particularly in enterprise use cases. Let's delve into some illustrative examples. Google Apps, launched in 2006, was a pioneering move—a web-based office productivity suite, when the concept of working in the cloud was still nascent. Though Google Apps couldn’t match Microsoft Office's functionality, it's good enough solution appealed to many individuals and small businesses. Fast forward a few years, Microsoft introduced a web-based version of Office (Office 365) that was far more capabile. Despite arriving late to the party, Microsoft’s iteration was so refined and familiar that it now boasts over 200 million subscribers, generating billions in revenue annually. .Another example: Consider the browser wars. Google recognized the shortcomings of Internet Explorer long before Microsoft did, leading to the development of Chrome. Through its open-source foundation, Chrome catalyzed innovation and quickly became the dominant browser. Microsoft responded by adopting Chromium’s open-source framework for its Edge browser, thereby revitalizing its web presence and ending incompatibilities of the browser wars. Edge has become a robust alternative to Chrome. Another pertinent example is WebRTC. Google’s efforts made this real-time communication protocol a free, browser-based standard. Initially, Microsoft was hesitant, with Lync and Skype for Business lacking WebRTC support. However, Teams extensively leverages WebRTC to deliver video and interoperability with other collaboration platforms. Google Meet on the other hand still only has browser and third party options for its interoperability. For those not familiar, Android exists in two forms: a free, open-source version and a proprietary, paid version that includes Google apps and access to the Play Store. The latter is prevalent in Android-based smartphones in the US and Europe, while many Asian vendors prefer the free version, customizing it to access their own app ecosystems. With the paid version of Android, manufacturers must sign Google's Mobile Application Distribution Agreement (MADA). This version requires bundling Google apps and the Google Mobile Services (GMS) framework. GMS requires users to log into their Google accounts during device setup. While the current plans to implement MDEP in meeting rooms is intriguing, its potential is far greater. I foresee Microsoft reentering mobility with its own version of Android aimed at business users. This version would integrate with Microsoft applications natively, allowing users to log in with their Microsoft credentials instead of a Google ID. For apps, users could access a new Microsoft app store—let’s tentatively call it the "Work Store." This move could position Microsoft as a mobile player and nudge Google (and its Play Store) further toward consumers. In 2015, Microsoft wrote off $7.6 billion related to its acquisition of the Nokia phone business and, soon after, killed Windows Phone. Microsoft experimented with making Android phones before (Surface Duo and Surface Duo 2), but those were Google MADA phones that required Microsoft users to use or create Google credentials. In an interview with Business Insider, CEO Satya Nadella reflected on the company’s mistakes with mobile: “I think there could have been ways we could have made [mobile phones] work by perhaps reinventing the category of computing between PCs, tablets, and phones.” Learn more by visiting OUR FORUM. |
Latest Articles
|