New camera can see through human body

Graphic showing male digestive system illuminatedImage copyright
Getty Images

Image caption

The new camera works by detecting individual photons within the human body

Scientists have developed a camera that can see through the human body.

The device has been designed to help doctors track medical tools, known as endoscopes, during internal examinations.

Until now, medics have had to rely on expensive scans, such as X-rays, to trace their progress.

The new camera works by detecting light sources inside the body, such as the illuminated tip of the endoscope’s long flexible tube.

Prof Kev Dhaliwal, of the University of Edinburgh, said: “It has immense potential for diverse applications, such as the one described in this work.

“The ability to see a device’s location is crucial for many applications in healthcare, as we move forwards with minimally invasive approaches to treating disease.”

‘Tissues and organs’

Early tests have shown the prototype device can track a point light source through 20cm of tissue under normal conditions.

Beams from the endoscope can pass through the body, but usually scatter or bounce off tissues and organs rather than travelling straight through.

That makes it problematic to get a clear picture of where the tool is.

Image copyright
Getty Images

Image caption

The device has been designed to help doctors track medical tools known as endoscopes within the body

The new camera can detect individual particles, called photons, and is so sensitive it can catch tiny traces of light passing through tissue.

It can also record the time taken for light to pass through the body, meaning the device is able to work out exactly where the endoscope is.

Researchers have developed the new camera so it can be used at the patient’s bedside.

The project – led by the University of Edinburgh and Heriot-Watt University – is part of the Proteus Interdisciplinary Research Collaboration, which is developing a range of new technologies for diagnosing and treating lung diseases.

Dr Michael Tanner, of Heriot-Watt University, said: “My favourite element of this work was the ability to work with clinicians to understand a practical healthcare challenge, then tailor advanced technologies and principles that would not normally make it out of a physics lab to solve real problems.

“I hope we can continue this interdisciplinary approach to make a real difference in healthcare technology.”

Get news from the BBC in your inbox, each weekday morning

Article source: http://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-41140654

Government names trial areas for ‘full-fibre’ broadband

Optical fibresImage copyright
Reuters

Image caption

At present, many UK properties offered fibre connections still rely on copper cables for the “last leg” of the journey

Six areas in the UK will soon be trying out broadband technology that provides data at speeds approaching one gigabit per second (gbps).

Businesses, schools and hospitals will be the first to try out the “full-fibre” network technology.

The pilots will be run in Aberdeenshire, West Sussex, Coventry and Warwickshire, Bristol, West Yorkshire and Greater Manchester.

The government will spend about £10m getting the pilots up and running.

Speeding up

The technology involved is known as full-fibre because it takes high-speed cables directly to premises.

By contrast, much of the existing fibre services in the UK connect the fast cables to roadside cabinets and then rely on older, slower copper for the final link to homes and other buildings.

Currently full-fibre networks are only available to about 2% of premises in the UK.

The government hopes that the projects will significantly boost the availability of the technology.

What is full fibre broadband?

The preferred technology of Openreach, the body that runs the UK’s fibre network, has to date been fibre to the cabinet.

That means that homes and businesses are connected by a slower copper-based connection to local street cabinets, before the fibre optic network takes over.

Full-fibre broadband uses fibre to the premises (FTTP) technology, which is widely regarded as the best way to deliver fast internet services.

Here, the fast-fibre optic cables run directly to homes and offices, providing a more stable, efficient and reliable connection than the hybrid copper and fibre systems.

They can also support broadband speeds of up to 1Gbps, enough to download an HD TV programme in five seconds.

“How we live and work today is directly affected by how good our broadband connection is,” said Andrew Jones, Exchequer Secretary to the Treasury, in a statement.

Faster, more reliable connections would create jobs, help new industries to emerge and let people work more flexibly, he said.

Image copyright
Getty Images

Image caption

Some remote homes have struggled to get decent broadband connections

Possible uses of full-fibre broadband would include hospitals sharing high-definition images to aid diagnosis, or schools using video more effectively during lessons.

However, broadband market analysts have pointed out that gigabit-capable cables would be shared with many different premises, suggesting that actual data download speeds would be much lower than the theoretical maximum.

The gigabit speeds that are possible with full-fibre are much faster than the 10 megabits per second (mbps) which the regulator Ofcom says modern families need to meet their requirements.

Last month, the government published information about the work being done on its broadband delivery programme, which aims to improve download speeds across the UK.

It claimed that 93% of premises in the UK can now get superfast broadband services, which run at speeds of about 24mbps.

Cash for the gigabit-speed broadband pilots comes from a £200m fund announced in the budget earlier this year.

The government said it aimed to spend the remaining balance of the fund by the end of 2021.

Article source: http://www.bbc.co.uk/news/technology-41122106

Tech Tent: cars, drones and the voice-controlled fridge

in-car computer at nightImage copyright
John F. Martin/Delphi

Image caption

More autonomous cars are generating more data, but what’s it worth?

  • Stream or download the latest Tech Tent podcast
  • Listen to previous episodes on the BBC website
  • Listen live every Friday at 15:00 GMT on the BBC World Service

This week’s Tech Tent turned into a gadget-fest as we explored the products turning heads at the Berlin IFA tech fair, the drones delivering medical supplies in Africa – and the connected car data that could be used to sell you more stuff.

David Paja from the car firm Delphi explained that, in his view, the rise of autonomous cars will lead to “exponential” growth in the data they are able to generate – and his firm is keen to cash in on it.

It’s essentially the smartphone business model on four wheels.

The firm has developed an internet platform that enables it to pick out valuable data, move it to the Cloud and then be shared with, in this case, an Israeli start-up partner called Otonomo which specialises in “data-brokering solutions”.

“In most cases the driver will need to accept that their data is being used,” he said.

Jane Wakefield reported from the TEDGlobal event in Tanzania, where robotics firm Zipline is planning to expand its drone delivery service of emergency blood supplies.

Chief executive Keller Renaudo said he was in talks to open four distribution centres in the country.

“Having an agile supply chain for healthcare makes a big difference in improving access and empowering doctors,” he said.

Image copyright
Getty Images

Image caption

This screen tunnel captivated visitors at the IFA tech fair

And finally to the IFA tech fair in Berlin, where we heard about calorie-counting kitchen scales and voice activated robot fridges.

As the saying goes, they promised us flying cars….

Rory Cellan-Jones is back in the Tech Tent next week.

Article source: http://www.bbc.co.uk/news/technology-41127174

FCC closes virus upload loophole on its website

Hands typing on a keyboardImage copyright
Getty Images

Image caption

The FCC is taking steps to improve the security of its website after internet users spotted a serious vulnerability

The Federal Communications Commission (FCC) has taken steps to secure its website after users discovered they could upload malware to it.

On Thursday, security researchers discovered a function connected to the US government agency website’s comment system that let them upload files.

The site allowed anyone to sign up to obtain a software key that let them upload the files they wanted.

The FCC said there was no evidence malware had actually been uploaded.

“The FCC comment system is designed to maximise inclusiveness and part of that system allows anyone to upload a document as a public comment, which is what happened in this case,” the FCC told the BBC.

“The Commission has had procedures in place to prevent malware from being uploaded to the comment system. And the FCC is running additional scans and taking additional steps with its cloud partners to make sure no known malware has been uploaded to the comment system.”

At the time of writing it is no longer possible to upload files in this manner, the communications watchdog said.

In plain sight

The bug emerged in what is known as application programming interface (API) available via the FCC site.

APIs are a well established technology and let developers interact via the web with the data that organisations hold and the services they offer.

While the comment system was easy for members of the public to use and upload files to when making complaints to the watchdog, the API was not meant to be publicly accessible.

However, anyone who knew where to find the API on the FCC’s website could request access to it. Documentation explaining how to upload documents was also publicly available on the site.

Security researchers experimented with the API, filling in forms to request access to keys that let them use it via email.

When they received the key, the users were surprised to find that they were able to upload any file type they liked to the website, whether the files were documents, music files or executable code.

The programmers claimed they were able to upload files as big as 25MB in size, Guise Bule, the editor of Contratastic magazine wrote on website Medium.

Article source: http://www.bbc.co.uk/news/technology-41124831

Catching the hackers in the act

Scanned dataImage copyright
ktsimage

Image caption

Attack bots scan net address ranges looking for vulnerable servers

Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.

The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.

About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cyber Reason.

Once the machines had been found by the bots, they were subjected to a “constant” assault by the attack tools.

Thin skin

The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, head of security at Cyber Reason. The servers were given real, public IP addresses and other identifying information that announced their presence online.

“We set out to map the automatic attack activity,” said Mr Barak.

To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.

Image copyright
die-phalanx

Image caption

The attack bots look for well-known weaknesses in widely used web applications

“They had no more depth than that,” he said, meaning the servers were not capable of doing anything more than providing a very basic response to a query about these basic net services and protocols.

“There was no assumption that anyone was going to go in and probe it and even if they did, there’s nothing there for them to find,” he said.

  • ‘Easy to expose secret web habits’
  • Power firms alerted on hacker threat
  • Deceitful data helps to thwart hackers
  • Rehab for teenage hackers

The servers’ limited responses did not deter the automated attack tools, or bots, that many cyber-thieves use to find potential targets, he said. A wide variety of attack bots probed the servers seeking weaknesses that could be exploited had they been full-blown, production machines.

Many of the code vulnerabilities and other loopholes they looked for had been known about for months or years, he said. However, added Mr Barak, many organisations struggled to keep servers up-to-date with the patches that would thwart these bots potentially giving attackers a way to get at the server.

During the experiment:

  • 17% of the attack bots were scrapers that sought to suck up all the web content they found
  • 37% looked for vulnerabilities in web apps or tried well-known admin passwords
  • 10% checked for bugs in web applications the servers might have been running
  • 29% tried to get at user accounts using brute force techniques that tried commonly used passwords
  • 7% sought loopholes in the operating system software the servers were supposedly running

“This was a very typical pattern for these automatic bots,” said Mr Barak. “They used similar techniques to those we’ve seen before. There’s nothing particularly new.”

As well as running a bank of servers for the BBC, Cyber Reason also sought to find out how quickly phishing gangs start to target new employees. It seeded 100 legitimate marketing email lists with spoof addresses and then waited to see what would turn up.

Image copyright
Devonyu

Image caption

Phishing gangs were quick to find new email addresses and start sending booby-trapped messages

After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.

About 15% of the emails contained a link to a compromised webpage that, if visited, would launch an attack that would compromise the visitor’s PC. The other 85% of the phishing messages had malicious attachments. The account received booby-trapped Microsoft Office documents, Adobe PDFs and executable files.


Brian Witten, senior director at Symantec research

We use a lots of honeypots in a lot of different ways. The concept really scales to almost any kind of thing where you can create a believable fake or even a real version of something. You put it out and see who turns up to hit it or break it.

There are honeypots, honey-nets, honey-tokens, honey anything.

When a customer sees a threat that’s hit hundreds of honeypots that’s different to when they see one that no-one else has. That context in terms of attack is very useful.

Some are thin but some have a lot more depth and are scaled very broadly. Sometimes you put up the equivalent of a fake shop-front to see who turns up to attack it.

If you see an approach that you’ve never seen before then you might let that in and see what you can learn from it.

The most sophisticated adversaries are often very targeted when they go after specific companies or individuals.


Mr Barak said the techniques used by the bots were a good guide to what organisations should do to avoid falling victim. They should harden servers by patching, controls around admin access, check apps to make sure they are not harbouring well-known bugs and enforce strong passwords

Deeper dive

Criminals often have different targets in mind when seeking out vulnerable servers, he said. Some were keen to hijack user accounts and others sought to take over servers and use them for their own ends.

Image copyright
CHBD

Image caption

Honeypots have become a useful tool for security firms keen to understand hack attack techniques

Cyber-thieves would look through the logs compiled by attack bots to see if they have turned up any useful or lucrative targets. There had been times when a server compromised by a bot was passed on to another criminal gang because it was at a bank, government or other high-value target.

“They sell access to parts of their botnet and offer other attackers access to machines their bots are active on,” he said. “We have seen cases where a very typical bot infection turns into a manual operation.”

In those cases, attackers would then use the foothold gained by the bots as a starting point for a more comprehensive attack. It’s at that point, he said, hackers would take over and start to use other digital attack tools to penetrate further into a compromised organisation.

He said: “Once an adversary has got to a certain level in an organisation you have to ask what will they do next?”

In a bid to explore what happens in those situations, Cyber Reason is now planning to set up more servers and give these more depth to make them even more tempting targets. The idea is, he said, to get a close look at the techniques hackers use when they embark on a serious attack.

“We’ll look for more sophisticated, manual operations,” he said. “We’ll want to see the techniques they use and if there is any monetisation of the method.”

Article source: http://www.bbc.co.uk/news/technology-40850174

Sony phone app takes 3D clone snaps

Sony has revealed new smartphones that can create detailed 3D scans of almost any object using the phone’s camera.

The company said the innovation was possible thanks to the power of the processor in its latest handsets.

It unveiled a series of new devices at the Ifa technology show in Berlin.

Article source: http://www.bbc.co.uk/news/technology-41111442

Selfie app ‘spots early signs of pancreatic cancer’

A team of medical clinicians and computer scientists have teamed up to create an app designed to spot early signs of pancreatic cancer.

The disease, which killed Apple’s co-founder Steve Jobs, is one of the hardest types of cancer to treat, but detecting and treating it early can make a big difference to survival rates.

The BiliScreen app is still in development at the University of Washington but is due to be presented at a computing conference later this month.

Article source: http://www.bbc.co.uk/news/technology-41114587

TEDGlobal: Africa needs more engineers and makers

Kamau GachigiImage copyright
TED

Image caption

Kamau Gachigi said there was a need for more engineers

Africa needs more engineers and makers, the head of Gearbox – Nairobi’s leading maker-space – has told the TEDGlobal conference in Tanzania.

Kamau Gachigi said that by 2050 Africa’s population is projected to have doubled and needs to build economies to sustain that level of growth.

Digital fabrications labs such as Gearbox were vital to this, he said.

Such labs need to start building more Africa-specific hardware, he added.

“These labs help people become more practical and more productive. We need many more people to develop their potential and contribute to society.”

He spoke about how young engineer Simon Wachira had used the lab to create a robotic tool that could cut both metal and wood, which is now creating parts for car giant General Motors.

Another project saw 24-year-old Esther help design sanitary towel dispensers which can be put up in schools to avoid the issue of girls missing school when they have their period.

And a third saw a pharmacy student design 3D models of CT scans that surgeons can use to practise operations before they operate on real tumours.

“He is making money selling these models to surgeons. It saves up to 60% of operation time and that means insurance companies are interested. He now has a business and doesn’t need to go back to university,” said Mr Gachigi.

Image copyright
Mobius

Image caption

The next iteration of Mobius’s low-cost jeep is due in 2018

Many speakers at the conference drew attention to the lack of manufacturing in Africa and the need to change that.

Joel Jackson is part of the small Nairobi manufacturing scene, making low-cost Jeeps with local staff and materials.

Mobius is a low-cost stripped-down car designed for Africa’s often rugged terrain. The firm sold 50 of them in 2015 and now, with a few tweaks based on customer feedback, is due to launch a second generation model next year.

At a cost of $11,000, it remains unaffordable for many Africans but the firm is already planning an even cheaper, modular vehicle which will be a basic chassis which people can effectively clip different designs on.

Education was also a key theme at TEDGlobal and MIT professor Clapperton Mavhunga wants to see African schools radically rethink education.

“We need to teach students to think critically and solve problems but at the moment students come to class, lecturers pour information into their ears and then they memorise that to pass exams,” he said.

The trend for university students to leave their villages and often their country to work for foreign firms also needs to be reversed.

Problem-solving is fertile in villages where people have to come up with solutions to their everyday challenges, he said.

“We should turn these villages into labs. These students need to go back to their villages and work for their communities. If ten of these join up there is the beginning of a village institute.”

Another issue raised at the conference was the lack of women in the technology sector in Africa.

In Nigeria, a new initiative – Nigerian Women Techsters – is aiming to change that. Launching in October, it intends to teach 7,200 women in 12 states in Nigeria to code.

Article source: http://www.bbc.co.uk/news/technology-41080479

US drone company eyes Tanzania for medical deliveries

ZiplineImage copyright
Zipline

Image caption

Packages are dropped from the drones, which do not land until their return to base

US robotics company Zipline, which launched the world’s first commercial drone delivery service, in Rwanda, says it is close to expanding to Tanzania.

It has been delivering emergency blood supplies within Rwanda since 2016.

Chief executive Keller Rinaudo told the TEDGlobal conference that he was in talks with Tanzania’s government to open four distribution centres.

But some have suggested the real goal of the negotiations is to gain permission to begin US deliveries.

Mr Rinaudo said he hoped a deal would allow the start-up to fly a range of medical products to thousands of Tanzania’s health centres.

“Having an agile supply chain for healthcare makes a big difference in improving access and empowering doctors,” he said at the TED event in Arusha, Tanzania.

Media captionZipline already offers a medical supplies delivery service in Rwanda

The UK Department for International Development promised last year to help fund Zipline’s African expansion.

However, the World Bank has questioned the Silicon Valley-based company’s true motivation.

“Demonstration of real commercial deals in Africa will help raise its track record for the US market,” said Edward Anderson, a senior technologist at the bank in Tanzania.

He said that Zipline was “doing wonders in terms of making drones real in Africa” but questioned whether the deal – a commercial one requiring the government to pay per delivery – would go through.

“Whether the Tanzanian government will accept the terms remains to be seen,” he said.

Billions of people lack adequate access to essential medical products such as blood and vaccines, and more than five million children die every year because of a lack of access to basic medical products, according to Mr Rinaudo.

The company charges between $15 and $45 (£11.60 to £34.85) per delivery, depending on product weight, urgency and distance.

“Think about what it would cost to make that journey by car, and that is about what it will cost,” said Mr Rinaudo.

But he made no apology for pursuing a commercial strategy.

“One of the most important things we are trying to show is that it is possible to tackle this problem in entrepreneurial ways.

“It doesn’t just have to be NGOs [non-governmental organisations] and foreign aid working on these big global issues.”

If the deal goes ahead, the centres would open over the next four years, allowing blood, vaccines and other medical items to be flown to health centres.

Zipline says it is also hoping to expand its service in Rwanda to deliver further medical products.

In Rwanda, the company is serving 12 hospitals via a central distribution centre.

Doctors or medical staff requiring blood contact Zipline online or via a WhatsApp message.

Its deliveries then take an average of 20 minutes.

The company says it receives multiple orders each day.

Image copyright
TED

Image caption

Keller Rinaudo was speaking at TEDGlobal in Tanzania

“It is a magically simple experience for doctors. We send them a message saying the blood is one minute away, and they walk outside to collect it,” said Mr Rinaudo.

The drones are launched from a catapult and fly below 500ft (152m) to avoid airspace used by passenger planes.

They have an operational range of 150km (93 miles).

The blood is delivered by parachute, and the drones do not land.

Article source: http://www.bbc.co.uk/news/technology-40935773

Cyber-flaw affects 745,000 pacemakers

PacemakerImage copyright
Getty Images

Image caption

Wireless models of St Jude-branded pacemakers can now receive a firmware update

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The Food and Drug Administration revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem.

The pacemaker’s manufacturer, Abbott, told the BBC there were a further 280,000 devices elsewhere.

The flaws could theoretically be used to cause the devices to pace too quickly or run down their batteries.

However, Abbott said it was not aware of any cases of this happening, adding that it would require a “highly complex set of circumstances”.

The Department of Homeland Security has said that an attacker would need “high skill” to exploit the vulnerabilities.

Three-minute fix

The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbott earlier this year.

Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.

The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes.

Image copyright
Abbott

Image caption

Pacemaker users are advised to ask their doctor if their model is affected

Pacemakers manufactured after 28 August will come with the new firmware pre-installed.

“As with any firmware update, there is a very low risk of an update malfunction,” the FDA said.

The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past.

Abbott said some patients might opt to continue with the old firmware as a consequence.

“In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits,” it said in a note to pacemaker users.

“If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time.”

Legal battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

Image copyright
Abbott

Image caption

Abbott has already issued a firmware fix to its home transmitter system

A hedge fund, Muddy Waters Research, first warned the media in August 2016 that the cardiac equipment had security flaws and claimed they could be exploited by “low-level hackers”.

The investment company also revealed it had bet St Jude’s shares would drop after it had been told of the issues by security company MedSec.

“[St Jude's] apparent lack of device security is egregious, and in our view, likely a product of years of neglect,” Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation.

However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company’s wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns.

Even so, the medical company’s legal action against Muddy Waters continues.

Article source: http://www.bbc.co.uk/news/technology-41099867