TIME Security

UPS: We’ve Been Hacked

The United Parcel Service logo on the side of a delivery truck on April 23, 2009 in New York City.
The United Parcel Service logo on the side of a delivery truck on April 23, 2009 in New York City. Chris Hondros—Getty Images

Malware that impacted 51 franchises in 24 states may have compromised customers' credit and debit card information

The United Parcel Service announced Wednesday that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised. There are 4,470 franchised center locations throughout the U.S., according to UPS.

The malware began to infiltrate the system as early as January 20, but the majority of the attacks began after March 26. UPS says the threat was eliminated as of August 11 and that customers can shop safely at all locations.

“The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information,” wrote the company in a public statement. “Not all of this information may have been exposed for each customer. Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The UPS Store is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.”

A list of impacted franchises can be found here.

TIME Security

Report: Devastating Heartbleed Flaw Was Used in Hospital Hack

It marks the first case of Heartbleed actually being used to hack companies

The infamous Heartbleed Internet security flaw that exposed half a million secure servers to password theft was used by Chinese hackers to steal data from American hospitals, according to a report.

Citing anonymous sources, the data security company TrustedSec told TIME Wednesday that the Heartbleed vulnerability allowed hackers to steal secret keys used to encrypt user names, passwords and other information from Community Health Systems, the second-biggest for-profit U.S. hospital chain. They then used the keys to swipe 4.5 million patients’ data. The attack marks the first known breach of a company by hackers using Heartbleed.

Community Health Systems, which operates 206 hospitals in 29 states, said in an SEC filing Monday that the attackers bypassed its security systems and stole data that included birth dates, names, social security numbers and addresses for 4.5 million patients.

“The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information,” TrustedSec said in a blog post. TrustedSec cited three “trusted” and anonymous sources close to the Community Health investigation.

Though the recent attack on Community Health Systems is the first that’s known to have used the Heartbleed vulnerability, it is likely just one of many instances that did, security experts said. Hackers had a wide window for mischief in the period between Heartbleed’s disclosure in early April and companies’ installation of patches to defense against the exploit, which in some cases took days or weeks.

“You had a lag time of a week to several weeks before patches were implemented, so if attackers were scanning companies, there must have been countless situations where hackers used Heartbleed to gain access,” TrustedSec CEO David Kennedy said. “This is just the beginning of many that have either not been discovered, or cases in which companies are working on responding and disclosing now.”

Kennedy said the hospital incursion happened about a week after Heartbleed was first made public.

Most of the well-known attacks attributed to Chinese hackers have targeted valuable intellectual property, particularly telecommunications or defense companies, or large industrial companies. But the recent attack against Community Health instead targeted social security numbers and customer data, signifying a different approach by Chinese cyber criminals, if the attacks indeed came from China.

“The attack against Community Health Systems might not have been for espionage or industrial espionage,” said Nir Polak, the co-founder of security company Exabeam. “The attackers might have just wanted to monetize on cybercrime,” Polak said, which is often the goal of non-governmental cybercrime groups.

TIME Smartphones

Sprint Has This Year’s Most Unique Phone, and It’s Cheap

Sprint

Forget curved displays and head-tracking cameras. The award for this year’s most interesting phone goes to the Sharp Aquos Crystal, which has practically no bezel around the sides or top of the display.

We’ve seen bezels get narrower over the years — the LG G3’s side bezels are particularly slim — but no one’s managed to remove them completely until now. With the exception of the extra-large chin on the bottom of handset, the Aquos Crystal is nearly all screen.

And oddly enough, Sprint and Sharp aren’t using this neat trick to justify jacked up prices. The Aquos Crystal is a mid-range device, and it’s priced like one at $240 off-contract.

That price gets you a 5-inch, 720 display, a 1.2 GHz quad-core processor, 1.5 GB of RAM, 8 GB of storage, a microSD card slot, an 8-megapixel rear camera and a 2-megapixel front camera. (Sharp also makes a high-end Aquos Crystal with a larger display and faster processor, but there’s no word on a U.S. launch.)

Removing the bezels does have a couple of inherent drawbacks. Because there’s no room above the screen for a front-facing camera, Sharp had to put it in an awkward spot on the bottom bezel. The lack of top bezel also precludes a proximity sensor to detect when you’re holding the phone up to your ear. As The Verge reports, the phone’s display simply locks up when you’re on a call.

In other words, going bezel-free might not be the course of action for most handset makers — at least not until they can solve the above issues (or until people stop taking selfies). But as a one-off way to stand out from dozens of similar-looking phones, the Aquos Crystal will be tough to beat.

TIME How-To

3 Apps That Actually Pay You Money

fronto
Fronto

“Earn extra money simply by doing the things you do every day!”

Let’s be honest: You have good reason to be skeptical of “free money” claims. But there really are a small handful of legitimate advertising-powered smartphone apps that offer you money in exchange for being able to advertise to you.

That’s right, the following three apps won’t save you money — they’ll actually pay you money. None of them will make you a millionaire, but they could put an extra $20 or more in your pocket each and every month. And that’s not too bad just for playing around with your smartphone, right?

Fronto

Would you subject yourself to extra advertising if it meant more money in your pocket? If the concept seems appealing to you, check out the Android app Fronto.

Fronto works by placing ads and curated links to content on your smartphone’s lock screen. Every time you interact with this content, you earn points. Unlock your phone while an advertisement is being shown, for example, and you might earn 20 points. Download an app that Fronto suggests for you, and you might earn 100 or more. Fronto also doles out points for referring friends.

Points do take a while to accumulate, especially if you don’t take Fronto up on any of its special offers. But that’s okay – here, it’s worth the effort. Every 25,000 points can be exchanged for $10 in cold, hard cash, payable directly to your PayPal account.

You can download the free Fronto app on Google Play.

Perk

Want to take your earnings beyond the lock screen? Then check out Perk, a series of apps, browsers, search tools and more that converts virtually everything you do on your phone into points, redeemable for cash.

There are a lot of different apps in the Perk universe: Perk Shopping, Perk Search, Perk Screen, Perk Browser, Perk TV and Perk Pop Quiz. Each offers a function along with a small reward for using it. Search using Perk and you’ll get a few points. Watch an ad on Perk TV and you’ll get a few more. Buy something on 1-800-Flowers and other similar retailers via the Perk Shopping app and you’ll earn a ton.

Like with Fronto, Perk points can be redeemed for cash via PayPal. You’ll get the most bang for your points by redeeming them for gift cards instead. Minimum payouts with Perk are $5.

You can find out more about and download the Perk family of apps at Perk.com.

Shopkick

shopkick
Shopkick

Walking around your local mall may be a good way to get a little extra exercise, but it can also be a way to get a little bit of extra money, too. That’s the idea behind Shopkick, an app that rewards you simply for visiting stores.

When you open the Shopkick app at your local mall (or really, whenever), you can see a list of nearby stores that are willing to offer you “kicks” (points) just for walking through the doors. Most of the stores tempting you with points are the type you might walk into anyway, like Walmart, Macy’s, Target or Crate & Barrel. Once you’re in the store, the app might offer you a few challenges (e.g., find and scan a certain item) to earn bonus points. You can even link a credit card to the app to earn points for completing a purchase in-store.

You can rack up enough points to get a reward in a single trip, given the right mall. The minimum reward with Shopkick is a $2 Target gift card, yours for redeeming just 500 points.

You can get the free Shopkick app for iOS via the Apple App Store and for Android via Google Play.

This article was written by Fox Van Allen and originally appeared on Techlicious.

More from Techlicious:

TIME Tablets

This Enormous Tablet Could Replace Your Kid’s TV

Fuhu's Big Tab tablet boasts a screen as large as 24 inches. Fuhu

The Big Tab is aiming to replace video game consoles and TVs for kids' entertainment

Family game night is going digital — a new super-sized tablet for kids is aiming to replace the classic board game, the Xbox and maybe even the television.

The Big Tab, developed by fast-growing startup Fuhu, boasts a massive screen of either 20 or 24 inches, depending on the model. That’s a big jump from the company’s popular Nabi 2 tablet, which has a seven-inch screen. But Fuhu founder Robb Fujioka says the big screen size will encourage children to collaborate and socialize when they use their device, rather than tuning out the rest of the world.

To make the tablet into a social hub, Fuhu has developed a large suite of multiplayer games, from classics like checkers and Candyland to internally developed titles. A feature called “Story Time” offers 35 interactive e-books that utilize animated illustrations. Kids can also utilize video editing software, a Pandora-like radio service and educational software.

There are also tools for adults on the Android-powered device. A separate Parent Mode allows adults to download apps from the Google Play or Amazon stores. Parents can also set limits on which apps their children can access and for how long they can use them. Like Fuhu’s other devices, the Big Tab also boasts a virtual currency system that lets parents pay their kids when they complete chores or use educational apps for a certain amount of time.

The device, which also lets parents track their kids’ usage patterns, could appeal to adults looking to guide their children toward more productive forms of entertainment. Fujioka says he replaced the television in one of his children’s rooms with the Big Tab and uses it to keep track of whether his kid is playing educational games or watching Netflix. “It’s not just a boob tube,” he says. “It’s an interactive device.”

Though the tablet market is only a few years old, the devices have been embraced by parents in a big way. Tablet usage among children between ages two and 12 increased from 38% to 48% over the last year, according to research firm NPD. Juli Lennett, head of the toys division at NPD, said it’s a combination of safety, durability and kid appeal that has led to the quick popularity of children’s tablets. “When the price point is $99, on top of being a real functional tablet, these additional features are tough to beat,” Lennett told TIME via email.

The challenge for Fujioka and Fuhu will be convincing parents to pony up for a high-end tablet. The Big Tab will cost $449 for the 20-inch model and $549 for the 24-inch when it launches this fall, far more than the $180 the Nabi 2 goes for. And while the larger size means the Big Tab can be used by multiple people at once, it also makes the device less portable than its smaller cousins, eliminating one of the original selling points of the tablet form factor. “The beauty of these tablets is you throw them in your bag and you go,” says Gerrick Johnson, an equity research analyst at BMO Capital Markets who follows the toy industry. “A [24-inch] tablet becomes a little more difficult.”

Still, Fuhu is well positioned to prove skeptics wrong. The company sold 1.5 million of its normal-sized kids’ tablets in 2013, says Fujioka. This year, Fuhu is leading the children’s tablet market in the U.S., according to NPD, beating out competitors like Samsung and KD interactive. The question now is whether others will follow their lead in developing kids’ devices that cost as much as an iPad or a video game console.

“We think there’s a big market out there,” Fujioka says. “We believe we’re defining a new category of tablet products for the family.”

TIME Innovation

You Can Unlock This High-Tech Padlock With Your Phone

noke
FUZ

We’re almost to the point, technologically, where you won’t have to remember a single thing.

This newfangled padlock — called Noke — has no keys, keyhole or combination for you to remember, instead relying on your iOS or Android device to unlock it via Bluetooth. Get within 10 feet of the thing, keep your phone in your pocket and you’ll be able to unlock it. You can share access with other people as well, turn off the auto-unlock-within-10-feet feature and receive alerts whenever Noke is unlocked by someone else.

“But what if I lose my phone?!” you bellow, your face red with Internet nerd rage, your hammy fists pounding against your desk until they leave C-shaped sweat rings. You can unlock the lock by pumping the doohickies in a Morse code-like fashion you set in advance, like so:

noke code
FUZ

The padlock has a battery, which lasts a year and can only be removed when the padlock’s unlocked. If you manage to run it dry, there’s an emergency backup feature as well. It’s water resistant, and there’s a special bike cable available for $20.

This is a Kickstarter project that’s been fully funded, with the promise of the padlocks being shipped out early next year. Early backers can get a padlock for $59; the final retail price is set to be around $89.

[OhGizmo!]

 

TIME Video Games

This Is What Happens When Jimmy Fallon Plays Goldeneye 007 with Pierce Brosnan

Hint: It does't go well for Mr. Brosnan.

+ READ ARTICLE

Want to see Jimmy Fallon square off with James Bond actor Pierce Brosnan (playing as his digital Bond-ian self) in Nintendo’s Goldeneye 007? Wish granted for roughly two minutes if you click the video above.

It’s weird watching someone like Brosnan, who I’m guessing isn’t a routine gamer, play a game like Goldeneye 007 on national TV. And that’s the point: It gives you little sense of what it’s like to play a fan-beloved game plenty would call Rare’s magnum opus, but then you’re watching to see how merciless a relatively serious gamer like Fallon’s going to be (relatively merciless), whether Brosnan’s going to be a good sport about it (a very good one), and what the audience is going to make of Fallon’s trademark sputtering and faux-obsequiousness.

Why was Brosnan on Fallon last night? To talk up his new film, The November Man, a spy flick about an ex-CIA agent drawn into the thick of an agency coverup.

TIME twitter

Your Twitter Favorite Button Just Got a Lot More Powerful

Social Media Site Twitter Debuts On The New York Stock Exchange
Getty Images

This is why mysterious tweets are showing up in your Twitter timeline

If you’ve noticed tweets from people you don’t follow popping up on your Twitter timeline, you’re not going crazy.

Twitter has updated its help document with information explaining why new tweets, in addition to sponsored tweets and ads, now show up in your timeline, in addition to the regular digest of tweets from Twitter accounts that you follow.

“When we identify a Tweet, an account to follow, or other content that’s popular or relevant, we may add it to your timeline. This means you will sometimes see tweets from accounts you don’t follow. We select each Tweet using a variety of signals, including how popular it is and how people in your network are interacting with it. Our goal is to make your home timeline even more relevant and interesting,” says the updated document.

Importantly, favoriting something is not the sole decider in whether the new tweet shows up on your timeline.

TIME could not immediately confirm with Twitter what, exactly, qualifies a tweet as “popular or relevant,” but it seems to involve how many retweets and favorites something gets–meaning that the once relatively impotent little star next to a tweet has just been given new–if rather ambiguous–life.

TIME Hacking

Hacking Traffic Lights Is Apparently Really Easy

181166696
Getty Images

Security researchers in Michigan reveal vulnerabilities in crucial roadway infrastructure

In the 1969 classic The Italian Job, Michael Caine and crew commit a major gold heist by hacking into the traffic light system of Turin, Italy, to cause a massive traffic jam, giving the robbers a perfectly synced path to escape through the gridlock.

As it turns out, this piece of high-action Hollywood theatrics is not merely screenwriter fantasy. According to cyber security researchers at the University of Michigan, pulling off a caper like that wouldn’t even be difficult today.

“Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” writes the research team led by computer scientist J. Alex Halderman.

“With the appropriate hardware and a little effort, [a hacker] can execute a denial of service attack to cripple the flow of traffic in a city, cause congestion at intersections by modifying light timings, or even take control of the lights and give herself clear passage through intersections,” according to the researchers’ findings.

The Michigan team identified three main weaknesses in traffic control systems in the U.S.: use of unencrypted wireless communication signals, default usernames and passwords, and the use of a traffic controller—the machine that interprets sensor data and controls lights and walk signs, etc.—that is vulnerable to known hacks.

Traffic signals that were at first use isolated machines have evolved into the interconnected systems we have today, which facilitates big improvements in traffic flow and safety. Unfortunately, it also leaves traffic control systems vulnerable to a system-wide attack that would have been impossible in a pre-computerized era.

Researchers also identified some relatively easy fixes for the vulnerabilities they found, but added that “the real problem is not any individual vulnerability, but a lack of security consciousness in the field.”

Here’s a clip of the traffic hack scene from the 2003 remake of The Italian Job. Computers really have come a long way.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser
Follow

Get every new post delivered to your Inbox.

Join 45,180 other followers