Chinese tech companies are at it again
A reminder on the importance of both scalable systems and load testing. The recent Philippines' attempt to expand its national ID programme had a number of issues when they introduced a two-factor authentication system. PhilSys, as it is known, started out just fine when registrations began in 2020, when paper forms were still used. This in itself was a little strange as the purpose of the new system was to do away with the need to present physical documents when interacting with government agencies. PhilSys the digital ID system was marketed as such and promised transformation and other buzzwords including easier opening of bank accounts. All of this would also help everyone involved during Covid times. After 28 million paper applications, the digital system was turned on and in the first hour 40,000 people tried to register. The system promptly fell over due to the load and inability to scale quickly. Most IT people will admit to a similar experience in their past, but by 2021 there are surely enough historical examples of what will happen if you don't do sufficient load testing before a major release like this.
- The Chinese have been in the news again, this time it was Skyworth, the Android-based TV maker, and Gozen Data, the provider of one of their apps. A user, part of the Chinese tech forum V2EX, investigated the apps on his TV and found that one of them written by Gozen Data. He also found that it was scanning the local network and passing back details of the hostname, MAC address, IP address, latency, plus nearby Wi-Fi network's SSIDs, back to home base at gz-data.com. Skyworth itself knew that Gozen was sending some data but when it found out just how much it terminated the relationship, disabled the app, and demanded that out of scope data should be deleted. Gozen does not admit to any wrongdoing.
- In related news, China has recently started an anti-monopoly crackdown on "excessive" user data harvesting. It has identified 33 apps that illegally collect information not necessary to their services, and has given their operators 10 days to perform "rectification". Among the offenders are web giants Alibaba, Baidu and Tencent, who have a May 1 deadline to mend their ways. Also on that day, apps will require informed and active consent from users to collect and use personal information. It appears that the Chinese giants are free to operate as long as they don't negatively impact Chinese society. Ironically this will put them way ahead of US's Google, Yahoo, Amazon, Alphabet and others who seem to be able to collect whatever they want using only tacit approval. Stopping them from doing this has so far been fruitless.
- India has finally approved trials for 5G. Local service providers, including Vodaphone, were approved to go ahead with equipment from Ericsson, Nokia, Samsung C-Dot and Reliance Jio. Alert readers may note a couple of prominent omissions from the list. The list and their partners have changed from the initial ones back in 2019, but then India restarted the process in September 2020 with the new requirement to list priority vendors. India has multiple spectrums it can use for the 5G rollout and there will be testing in many of them. The process will last six months across all area types. The trials cannot use the existing networks, be non-commercial and all data must be stored in India.
- If you have a Dell desktop, including Alienware, built since 2009 and executing Windows, then it can be exploited to give admin level access to hackers. That is hundreds of millions machines. The problem is the update driver utility that has up to five vulnerabilities that comes bundled with the PC. According to a researcher at SentinelOne, they have yet to see anyone take advantage of these vulnerabilities, but they don't see everything. Dell will have a patch out by the time you read this but with that many machines not all will have that patch applied.
- As a guideline for when to buy a new phone, Samsung has stopped issuing security updates for the Samsung S8 range. Four years of Android support is actually quite good, with some other manufacturers dropping support well before then. There are of course other ways to update your devices but that takes a big of digging. If you have a Exynos chip-based device then do a search on "Project Sakura third-party ROM", which will bring you up to Android 11. The Qualcomm models are more difficult to update due to carrier based encrypted bootloaders, locking down the unit.
- Since we don't want to leave Apple out of the mix, security flaws in their software were patched in a recent set of updates to the desktop, iPad and iWatch devices. Some of these had already been hijacked by the usual suspects.
- The Mars Ingenuity helicopter continues to deliver and has had its mission extended after a 117 second flight. The hardy little device will be used to scout ahead for the rover. No word if they are eventually going to try a barrel roll or a flip of some kind at the end of mission.
James Hein is an IT professional of over 30 years' standing. You can contact him at email@example.com.