Scientists have developed a camera that can see through the human body.
The device has been designed to help doctors track medical tools, known as endoscopes, during internal examinations.
Until now, medics have had to rely on expensive scans, such as X-rays, to trace their progress.
The new camera works by detecting light sources inside the body, such as the illuminated tip of the endoscope’s long flexible tube.
Prof Kev Dhaliwal, of the University of Edinburgh, said: “It has immense potential for diverse applications, such as the one described in this work.
“The ability to see a device’s location is crucial for many applications in healthcare, as we move forwards with minimally invasive approaches to treating disease.”
‘Tissues and organs’
Early tests have shown the prototype device can track a point light source through 20cm of tissue under normal conditions.
Beams from the endoscope can pass through the body, but usually scatter or bounce off tissues and organs rather than travelling straight through.
That makes it problematic to get a clear picture of where the tool is.
The new camera can detect individual particles, called photons, and is so sensitive it can catch tiny traces of light passing through tissue.
It can also record the time taken for light to pass through the body, meaning the device is able to work out exactly where the endoscope is.
Researchers have developed the new camera so it can be used at the patient’s bedside.
The project – led by the University of Edinburgh and Heriot-Watt University – is part of the Proteus Interdisciplinary Research Collaboration, which is developing a range of new technologies for diagnosing and treating lung diseases.
Dr Michael Tanner, of Heriot-Watt University, said: “My favourite element of this work was the ability to work with clinicians to understand a practical healthcare challenge, then tailor advanced technologies and principles that would not normally make it out of a physics lab to solve real problems.
“I hope we can continue this interdisciplinary approach to make a real difference in healthcare technology.”
Six areas in the UK will soon be trying out broadband technology that provides data at speeds approaching one gigabit per second (gbps).
Businesses, schools and hospitals will be the first to try out the “full-fibre” network technology.
The pilots will be run in Aberdeenshire, West Sussex, Coventry and Warwickshire, Bristol, West Yorkshire and Greater Manchester.
The government will spend about £10m getting the pilots up and running.
The technology involved is known as full-fibre because it takes high-speed cables directly to premises.
By contrast, much of the existing fibre services in the UK connect the fast cables to roadside cabinets and then rely on older, slower copper for the final link to homes and other buildings.
Currently full-fibre networks are only available to about 2% of premises in the UK.
The government hopes that the projects will significantly boost the availability of the technology.
What is full fibre broadband?
The preferred technology of Openreach, the body that runs the UK’s fibre network, has to date been fibre to the cabinet.
That means that homes and businesses are connected by a slower copper-based connection to local street cabinets, before the fibre optic network takes over.
Full-fibre broadband uses fibre to the premises (FTTP) technology, which is widely regarded as the best way to deliver fast internet services.
Here, the fast-fibre optic cables run directly to homes and offices, providing a more stable, efficient and reliable connection than the hybrid copper and fibre systems.
They can also support broadband speeds of up to 1Gbps, enough to download an HD TV programme in five seconds.
“How we live and work today is directly affected by how good our broadband connection is,” said Andrew Jones, Exchequer Secretary to the Treasury, in a statement.
Faster, more reliable connections would create jobs, help new industries to emerge and let people work more flexibly, he said.
Possible uses of full-fibre broadband would include hospitals sharing high-definition images to aid diagnosis, or schools using video more effectively during lessons.
However, broadband market analysts have pointed out that gigabit-capable cables would be shared with many different premises, suggesting that actual data download speeds would be much lower than the theoretical maximum.
The gigabit speeds that are possible with full-fibre are much faster than the 10 megabits per second (mbps) which the regulator Ofcom says modern families need to meet their requirements.
Listen live every Friday at 15:00 GMT on the BBC World Service
This week’s Tech Tent turned into a gadget-fest as we explored the products turning heads at the Berlin IFA tech fair, the drones delivering medical supplies in Africa – and the connected car data that could be used to sell you more stuff.
David Paja from the car firm Delphi explained that, in his view, the rise of autonomous cars will lead to “exponential” growth in the data they are able to generate – and his firm is keen to cash in on it.
It’s essentially the smartphone business model on four wheels.
The firm has developed an internet platform that enables it to pick out valuable data, move it to the Cloud and then be shared with, in this case, an Israeli start-up partner called Otonomo which specialises in “data-brokering solutions”.
“In most cases the driver will need to accept that their data is being used,” he said.
The Federal Communications Commission (FCC) has taken steps to secure its website after users discovered they could upload malware to it.
On Thursday, security researchers discovered a function connected to the US government agency website’s comment system that let them upload files.
The site allowed anyone to sign up to obtain a software key that let them upload the files they wanted.
The FCC said there was no evidence malware had actually been uploaded.
“The FCC comment system is designed to maximise inclusiveness and part of that system allows anyone to upload a document as a public comment, which is what happened in this case,” the FCC told the BBC.
“The Commission has had procedures in place to prevent malware from being uploaded to the comment system. And the FCC is running additional scans and taking additional steps with its cloud partners to make sure no known malware has been uploaded to the comment system.”
At the time of writing it is no longer possible to upload files in this manner, the communications watchdog said.
In plain sight
The bug emerged in what is known as application programming interface (API) available via the FCC site.
APIs are a well established technology and let developers interact via the web with the data that organisations hold and the services they offer.
While the comment system was easy for members of the public to use and upload files to when making complaints to the watchdog, the API was not meant to be publicly accessible.
However, anyone who knew where to find the API on the FCC’s website could request access to it. Documentation explaining how to upload documents was also publicly available on the site.
Security researchers experimented with the API, filling in forms to request access to keys that let them use it via email.
When they received the key, the users were surprised to find that they were able to upload any file type they liked to the website, whether the files were documents, music files or executable code.
The programmers claimed they were able to upload files as big as 25MB in size, Guise Bule, the editor of Contratastic magazine wrote on website Medium.
Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.
The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.
About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cyber Reason.
Once the machines had been found by the bots, they were subjected to a “constant” assault by the attack tools.
The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, head of security at Cyber Reason. The servers were given real, public IP addresses and other identifying information that announced their presence online.
“We set out to map the automatic attack activity,” said Mr Barak.
To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.
“They had no more depth than that,” he said, meaning the servers were not capable of doing anything more than providing a very basic response to a query about these basic net services and protocols.
“There was no assumption that anyone was going to go in and probe it and even if they did, there’s nothing there for them to find,” he said.
The servers’ limited responses did not deter the automated attack tools, or bots, that many cyber-thieves use to find potential targets, he said. A wide variety of attack bots probed the servers seeking weaknesses that could be exploited had they been full-blown, production machines.
Many of the code vulnerabilities and other loopholes they looked for had been known about for months or years, he said. However, added Mr Barak, many organisations struggled to keep servers up-to-date with the patches that would thwart these bots potentially giving attackers a way to get at the server.
During the experiment:
17% of the attack bots were scrapers that sought to suck up all the web content they found
37% looked for vulnerabilities in web apps or tried well-known admin passwords
10% checked for bugs in web applications the servers might have been running
29% tried to get at user accounts using brute force techniques that tried commonly used passwords
7% sought loopholes in the operating system software the servers were supposedly running
“This was a very typical pattern for these automatic bots,” said Mr Barak. “They used similar techniques to those we’ve seen before. There’s nothing particularly new.”
As well as running a bank of servers for the BBC, Cyber Reason also sought to find out how quickly phishing gangs start to target new employees. It seeded 100 legitimate marketing email lists with spoof addresses and then waited to see what would turn up.
After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.
About 15% of the emails contained a link to a compromised webpage that, if visited, would launch an attack that would compromise the visitor’s PC. The other 85% of the phishing messages had malicious attachments. The account received booby-trapped Microsoft Office documents, Adobe PDFs and executable files.
Brian Witten, senior director at Symantec research
We use a lots of honeypots in a lot of different ways. The concept really scales to almost any kind of thing where you can create a believable fake or even a real version of something. You put it out and see who turns up to hit it or break it.
There are honeypots, honey-nets, honey-tokens, honey anything.
When a customer sees a threat that’s hit hundreds of honeypots that’s different to when they see one that no-one else has. That context in terms of attack is very useful.
Some are thin but some have a lot more depth and are scaled very broadly. Sometimes you put up the equivalent of a fake shop-front to see who turns up to attack it.
If you see an approach that you’ve never seen before then you might let that in and see what you can learn from it.
The most sophisticated adversaries are often very targeted when they go after specific companies or individuals.
Mr Barak said the techniques used by the bots were a good guide to what organisations should do to avoid falling victim. They should harden servers by patching, controls around admin access, check apps to make sure they are not harbouring well-known bugs and enforce strong passwords
Criminals often have different targets in mind when seeking out vulnerable servers, he said. Some were keen to hijack user accounts and others sought to take over servers and use them for their own ends.
Cyber-thieves would look through the logs compiled by attack bots to see if they have turned up any useful or lucrative targets. There had been times when a server compromised by a bot was passed on to another criminal gang because it was at a bank, government or other high-value target.
“They sell access to parts of their botnet and offer other attackers access to machines their bots are active on,” he said. “We have seen cases where a very typical bot infection turns into a manual operation.”
In those cases, attackers would then use the foothold gained by the bots as a starting point for a more comprehensive attack. It’s at that point, he said, hackers would take over and start to use other digital attack tools to penetrate further into a compromised organisation.
He said: “Once an adversary has got to a certain level in an organisation you have to ask what will they do next?”
In a bid to explore what happens in those situations, Cyber Reason is now planning to set up more servers and give these more depth to make them even more tempting targets. The idea is, he said, to get a close look at the techniques hackers use when they embark on a serious attack.
“We’ll look for more sophisticated, manual operations,” he said. “We’ll want to see the techniques they use and if there is any monetisation of the method.”
Africa needs more engineers and makers, the head of Gearbox – Nairobi’s leading maker-space – has told the TEDGlobal conference in Tanzania.
Kamau Gachigi said that by 2050 Africa’s population is projected to have doubled and needs to build economies to sustain that level of growth.
Digital fabrications labs such as Gearbox were vital to this, he said.
Such labs need to start building more Africa-specific hardware, he added.
“These labs help people become more practical and more productive. We need many more people to develop their potential and contribute to society.”
He spoke about how young engineer Simon Wachira had used the lab to create a robotic tool that could cut both metal and wood, which is now creating parts for car giant General Motors.
Another project saw 24-year-old Esther help design sanitary towel dispensers which can be put up in schools to avoid the issue of girls missing school when they have their period.
And a third saw a pharmacy student design 3D models of CT scans that surgeons can use to practise operations before they operate on real tumours.
“He is making money selling these models to surgeons. It saves up to 60% of operation time and that means insurance companies are interested. He now has a business and doesn’t need to go back to university,” said Mr Gachigi.
Many speakers at the conference drew attention to the lack of manufacturing in Africa and the need to change that.
Joel Jackson is part of the small Nairobi manufacturing scene, making low-cost Jeeps with local staff and materials.
Mobius is a low-cost stripped-down car designed for Africa’s often rugged terrain. The firm sold 50 of them in 2015 and now, with a few tweaks based on customer feedback, is due to launch a second generation model next year.
At a cost of $11,000, it remains unaffordable for many Africans but the firm is already planning an even cheaper, modular vehicle which will be a basic chassis which people can effectively clip different designs on.
Education was also a key theme at TEDGlobal and MIT professor Clapperton Mavhunga wants to see African schools radically rethink education.
“We need to teach students to think critically and solve problems but at the moment students come to class, lecturers pour information into their ears and then they memorise that to pass exams,” he said.
The trend for university students to leave their villages and often their country to work for foreign firms also needs to be reversed.
Problem-solving is fertile in villages where people have to come up with solutions to their everyday challenges, he said.
“We should turn these villages into labs. These students need to go back to their villages and work for their communities. If ten of these join up there is the beginning of a village institute.”
Another issue raised at the conference was the lack of women in the technology sector in Africa.
In Nigeria, a new initiative – Nigerian Women Techsters – is aiming to change that. Launching in October, it intends to teach 7,200 women in 12 states in Nigeria to code.
However, the World Bank has questioned the Silicon Valley-based company’s true motivation.
“Demonstration of real commercial deals in Africa will help raise its track record for the US market,” said Edward Anderson, a senior technologist at the bank in Tanzania.
He said that Zipline was “doing wonders in terms of making drones real in Africa” but questioned whether the deal – a commercial one requiring the government to pay per delivery – would go through.
“Whether the Tanzanian government will accept the terms remains to be seen,” he said.
Billions of people lack adequate access to essential medical products such as blood and vaccines, and more than five million children die every year because of a lack of access to basic medical products, according to Mr Rinaudo.
The company charges between $15 and $45 (£11.60 to £34.85) per delivery, depending on product weight, urgency and distance.
“Think about what it would cost to make that journey by car, and that is about what it will cost,” said Mr Rinaudo.
But he made no apology for pursuing a commercial strategy.
“One of the most important things we are trying to show is that it is possible to tackle this problem in entrepreneurial ways.
“It doesn’t just have to be NGOs [non-governmental organisations] and foreign aid working on these big global issues.”
If the deal goes ahead, the centres would open over the next four years, allowing blood, vaccines and other medical items to be flown to health centres.
Zipline says it is also hoping to expand its service in Rwanda to deliver further medical products.
In Rwanda, the company is serving 12 hospitals via a central distribution centre.
Doctors or medical staff requiring blood contact Zipline online or via a WhatsApp message.
Its deliveries then take an average of 20 minutes.
The company says it receives multiple orders each day.
“It is a magically simple experience for doctors. We send them a message saying the blood is one minute away, and they walk outside to collect it,” said Mr Rinaudo.
The drones are launched from a catapult and fly below 500ft (152m) to avoid airspace used by passenger planes.
They have an operational range of 150km (93 miles).
The blood is delivered by parachute, and the drones do not land.
However, Abbott said it was not aware of any cases of this happening, adding that it would require a “highly complex set of circumstances”.
The Department of Homeland Security has said that an attacker would need “high skill” to exploit the vulnerabilities.
The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbott earlier this year.
Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.
The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes.
Pacemakers manufactured after 28 August will come with the new firmware pre-installed.
“As with any firmware update, there is a very low risk of an update malfunction,” the FDA said.
The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past.
Abbott said some patients might opt to continue with the old firmware as a consequence.
“In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits,” it said in a note to pacemaker users.
“If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time.”
The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.