Collaborative solutions to address the challenge of hybrid working

Roberto González Rojo    7 September, 2022

Microsoft surveyed 30,000 people in 31 different countries in 2021 as part of its Work Trend Index report, asking participants for their opinion on the most appropriate way to work and interact in a post-pandemic environment. 73% of respondents wanted to maintain flexible remote working options, but at the same time, 67% felt that face-to-face interaction was essential.

We are therefore faced with the dilemma of the new hybrid working model and its implications: it is now necessary to have options to connect from anywhere, at any time, using any device, synchronously or asynchronously, face-to-face or remotely, and also to provide an enriched user experience that even enhances collaboration in physical spaces. This substantially increases the complexity compared to previous paradigms, which were designed to try to emulate face-to-face scenarios in the workplace.

Companies must therefore adapt to this new situation, and it is here where tools that facilitate collaborative work play an essential role.

The market for CCUU solutions and collaboration

The consulting firm Omdia forecasts a global growth in users of collaboration tools that could reach 140 million by 2025, which translates into a business opportunity worth around 23 billion euros.

The technologies or tools that should serve to meet this demand are multiple and are part of a fragmented scenario, with the emergence of new players and solutions, as reflected in the Magic Quadrant (Meetings Solutions) published in 2021 by Gartner..

Cisco with Webex remains in the lead, although it shares this leadership with Microsoft Teams and Zoom, which have experienced significant growth in a very short period of time, threatening its dominant position:

  • Microsoft Teams has become the de facto standard for collaborative work during the pandemic: the number of daily users before COVID-19, 20 million, has risen to 270 million active monthly users, according to one of the latest reports published by the company itself. The fact that Teams is part of the Office 365 office suite has undoubtedly been a key factor in facilitating its adoption, accelerated by the circumstances that the coronavirus imposed, suddenly demanding a global remote working environment. Teams has been the fastest growing business-oriented application in Microsoft’s history.
  • Zoom has evolved from a cloud-based video conferencing offering to an end-to-end communications platform, building products ready for hybrid work environments. Its growth has also been exponential, reaching a market share of 28%. A freemium licensing model, supported by a simple and intuitive user experience that is easily adopted by the B2C segment, are part of the main reasons that have contributed to its rapid expansion.

Another trend in the Unified Communications market that Gartner highlights is the progressive migration towards cloud platforms as an alternative to in-house deployment. Gartner forecasts that by 2024, 3 out of every 4 user licenses will be linked to services deployed in the cloud. 

Telefónica Tech expands its offer to meet the needs of any customer

Telefónica Tech, in constant adaptation to all these changes, proposes a catalogue of solutions with a double objective: to cover each of the use cases associated with hybrid work environments and to meet the needs of all types of customers.

The main characteristics of these solutions are: 

  • Adapted to the needs and typology of any company, guaranteeing a barrier-free user experience.
  • Advanced and enriched with all the necessary functionality to ensure total collaboration between the different areas and teams of an organisation.
  • Leaders, driven by alliances with the main partners in the market, through collaboration agreements and certifications that support a complete and qualitative proposal.
  • Integrated with voice services, enhancing the user experience through a single interface for communication and collaboration.
  • Complemented with professional services that allow us to adapt, implement and manage any type of customer requirement.

All of this translates into a series of specific actions: 

  • Constant expansion of the catalogue, offering the best ecosystem of solutions through strategic alliances with global leaders such as Cisco, Microsoft and Zoom.
  • Applications always updated and enriched with the latest market innovations.
  • Personalised advice with the aim of proposing the best solution for each client.
  • Functionality complemented with value-added services, e.g. recorder, peripherals, etc.
  • An economical pay-as-you-go model, avoiding costly up-front investments for the customer.
  • A Global Operations and Support Centre is responsible for management and maintenance, providing all of Telefónica’s experience and knowledge in communications and collaboration solutions.
Cloud services enabling remote working

Five pillars of the best value proposition

Telefónica Tech’s value proposition, therefore, for collaboration products and services, is based on offering its customers a one-stop-shop experience, on cloud solutions, fully managed and adapted to their business requirements.

The main characteristics of this value proposition are: 

  1. Customer centric: the satisfaction of customer needs as a priority objective, with a definition of profiles to meet the different use cases, including the best user experience.
  2. Complete offer: with a catalogue that includes an ecosystem made up of products from the main partners and manufacturers in the market, through strategic alliances, covering any functionality demand and aimed at all types of customers.
  3. Products always updated with the latest versions, offered as Software as a Service (SaaS) on cloud infrastructure.
  4. Scalable pay-per-use economic model, avoiding the need for costly initial investments.
  5. End-to-end managed service, including both initial advice to the client and the configuration, operation and advanced administration of the service. 

Telefónica Tech is an industry leader in CCUU solutions and Collaboration

Telefónica Tech is a leader in Unified Communications solutions and Collaboration for companies. The activities carried out by its team of professionals complement the different technologies, thus enabling it to offer end-to-end services, with the aim of providing customers with the ability to isolate themselves from the complexity of these products and focus exclusively on their business.

Telefónica Tech’s main tasks include: 

  • Advice and planning: technical-economic analysis and proposal of the most appropriate solution.
  • Design and implementation: implementation of the proposal made, based on the previous study.
  • Migration: if necessary, of previous applications.
The impact of cybersecurity attacks on SMEs and corporates

Deep Learning: everything you need to know

AI of Things    6 September, 2022

Thanks to the enormous technological development of recent years, there are now solutions with a great impact on the business environment. A clear example of this is Deep Learning, a concept that is becoming more and more relevant in digital strategies thanks to the possibilities it offers.

What is Deep Learning?

It is basically a field of Artificial Intelligence (AI) in which algorithms mimic the way the human brain processes data.

This happens thanks to artificial neural networks that seek to emulate the way the human brain operates, to identify patterns and generate predictions from large volumes of data. All without the need for supervision, so it is a type of Machine Learning, but much more advanced than traditional machine learning.

Given the potential of this technology to extract valuable information – for example, to identify business opportunities or improve processes – several industries are investing in developments related to Deep Learning.

It is estimated that this market will grow from USD 6.85 billion in 2020 to USD 179.96 billion in 2030, indicating its importance for business strategies.

What role do artificial neural networks play?

As we saw earlier, Deep Learning seeks to mimic the functioning of the human brain, using logical structures that resemble the nervous system, with a system of “artificial neurons” capable of perceiving different characteristics of the objects being analysed.

To process the data, these neural networks are organised in layers that integrate multiple interconnected processing units, which work simultaneously, emulating the way the brain processes information.

These layers are organised as follows:

  1. Input layer: represents the input fields for the data to be entered into the system.
  2. Hidden layers: can be several. They symbolise the bridge between the input and output of the neural network. Data will pass through all the processing units that make up these layers.
  3. Output layer: represents the final destination of the data and the place where the output of the model will be generated. 

Artificial neural networks continuously improve the performance of their predictions by comparing the responses with the expected results.

These artificial neural networks represent algorithms capable of recognising patterns and distinguishing, for example, specific images or sounds in a matter of seconds.

And although initially their predictive capacity will be very limited, after many repetitions the algorithm will be able to accurately replicate the known result based on the data used, acquiring greater autonomy and accuracy.

Deep Learning Uses

Now that we have clarified what Deep Learning is and how it works, let’s take a look at some of its main uses today.:

  • Speech recognition and automatic translation on platforms such as YouTube and Skype, or in digital assistants such as Siri and Alexa.
  • Facial recognition in Google Photos.
  • Anti-fraud methods that analyse the details of transactions (time of execution, recipients, amounts, among other relevant information) to detect suspicious actions that may affect bank accounts.
  • In the agricultural sector, it can be seen in intelligent irrigation systems that take into account factors such as the level of water in the soil or humidity in the air.

Deep Learning Benefits

Given the applications it has, Deep Learning is positioned as one of the technologies with the greatest impact on the business environment, generating benefits such as:

  • Process automation: the autonomous work capacity of deep learning allows different processes to be automated, achieving greater efficiency and quality.
  • Ability to work with unstructured data: Deep learning is able to identify patterns and make predictions in a powerful way even when data is not organised.
  • Long-term profitability: Deep learning can help organisations detect business opportunities or improvements in various areas.
  • Scalable system: this technology works seamlessly with large volumes of data, so it can easily adapt to higher levels of information to keep pace with the growth of an organisation.

Deep Learning is setting the pace in the digital transformation of organisations, impacting areas such as workflows, customer service and process optimisation.

Making the leap towards this technology is crucial to boost competitiveness and, with it, strengthen the positioning of companies in an increasingly digitalised market.

Wireless attacks on OT

Diego Samuel Espitia    5 September, 2022

Wireless networks are now present in all types of industries. It is undoubtedly one of the most notable changes brought about by smart industry because it has increased productivity and reduced costs. However, in several scenarios it has been shown that wireless networks do not generate security conditions that can be considered optimal.

To change this, two wireless transmission protocols have been developed that strive to improve cyber security levels: Ultra-WideBand (UWB) connectivity and the UWB variation of the Real Time Location System (RTLS).

Nonetheless, researchers specialised in OT security at Nozomi Networks (a company acquired by Telefónica Tech) conducted a series of security tests on these protocols and found some 0-day vulnerabilities where it is possible to gain access to sensitive information being exchanged in the transmission.

Security test results

To focus the research a bit specific models of equipment and its use in the industrial and hospital sector were taken, where it was decided to test Sewio Indoor and Avalue Renity, which are two UWB RTLS packages that deliver location, protection functionalities are used in maintenance operations and others.

Once these elements were in place, we proceeded to carry out the research on communications and data analysis that are executed in a traditional operation infrastructure with these elements, which is composed of locators, information anchors, the UWB and the RTLS processing server.

Using this network architecture, the researchers initiated reverse engineering and analysis processes in various scenarios and responses, which are fully documented in the research team’s final report.

In the following report you can see the tactics, techniques and procedures that were performed to simulate how an actor can gain access to information by executing a Man in the Middle (MitM) attack and an access to the communication network.

What are operational technology (OT) security “Patch Tuesdays”?

Possible consequences and options for mitigating this attack

When an attacker applies these methods in real life, he or she can easily know the position of people or assets in factories, which are used for rescuing people in remote jobs or in cases of emergencies within an operating plant.

In hospitals, it is widely used in cases of emergencies and in order to attend to serious medical symptoms. Therefore, in a passive attack, criminals could access information on staff behaviour and habits or know the location of valuable assets.

Now, one of the most common RTLS application functionalities is the creation of geofences, which are used from a personnel and asset protection point of view, using the entrances or exits of specific areas, which can generate an alert for proximity to dangerous equipment or other alerts.

In testing attacks on these configurations, it was possible to modify the monitored areas or actions taken in the geofence, generating manufacturing stoppages or allowing access to dangerous areas or the possibility of eliminating anti-theft monitoring.

Hypocrisy doublespeak in ransomware gangs

Conclusion

All these analysis and results were shown in the BlackHat USA 2022 edition, where it was very well qualified and received. The demonstrations showed that all types of industries can be victims of this type of attack and that the consequences can be not only operational, but also life-threatening.

It is important for the industry to validate the possibility of remediating or mitigating the possible impact through network segmentation and the use of industrial firewalls, as well as the implementation of intrusion detection in operating environments that allow for the detection of anomalous behaviour or unexpected movements in the network, and finally, the possibility of implementing encrypted data transmission.

Cyber Security Weekly Briefing, 27 August — 2 September

Telefónica Tech    2 September, 2022

Critical vulnerability in Atlassian Bitbucket Server and Data Center

Atlassian has recently warned its users about a new critical vulnerability affecting the Bitbucket Server and Data Center software, which shall be patched inmediately.

The flaw, CVE-2022-36804, has a CVSS v3 of 9.9 according to Atlassian, and it allows command injection through especially crafted http requests, which open the way for remote code execution.

The exploitation of the vulnerability is not complex and does not requiere high privileges. The attacker would only need reading rights in public or private repositories and would never need to interact with the user. The versions of Bitbucket Server and Data Centers affected by the flaw are all from 6.10.17 to 8.3.0, and patches have already been published for versions 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.1.3, 8.2.2, and 8.3.1. 6.X versions will not be patched.

For all users who cannot patch this issue at the moment, Atlassian recommends to close public respositories temporarily. Meanwhile, Max Garret, the researcher who found this vulnerability and reported it to Atlassian, has promised to deliver a PoC in 30 days, and has claimed that Atlassian’s patch should not be very difficult to circumvent.

Mofe info

* * *

Intellexa offers a 0-day exploit for iOS and Android

A document property of Israeli-based company Intellexa has recently been leaked, uploaded on Twitter by VX-underground’s profile, it shows a commercial offer of a spyware for a price of 8 million euros.

The spyware works on iOS version 15.4.1 and Android version 12 and, since it is a 0-day, it is unlikely to be patched and not work on either of the new versions of these operating systems. This exploit allow remote access to the data of the impacted devices.

The infection attack vector, according to the document, would be a link that needs to be clicked in order to inject the payload into the device. Also, the offer includes a one-year warranty, a platform to analyze the extracted data, as well as ten types of concurrent infections and a catalogue of a hundred other successful infections as examples.

More info

* * *

Use of Log4j vulnerabilities against targets in Israel

Microsoft has published details of a recent investigation carried out in their Threat Intelligence Center (MSTIC), which informs on a wave of attacks by the MuddyWater (dubbed as Mercury by Microsoft) threat actor against targets in Israel.

According to the researchers, this actor has been using the popular Log4shell vulnerability to compromise unpatch software. This time, attacks were mainly aimed at SysAid, an IT management program, instead of attacking WMware software as has been traditionally used in these attacks.

MuddyWater exploited the vulnerabilities as initial point of entry into the victim’s system, in which they would then run web shells to execute different malicious commands, create users with admin privileges, steal credentials via Mimikatz, and move laterally via tools such as RemCom or Windows Management Instrumentation. To avoid these attacks, Microsoft recommends applying the patches for this set of vulnerabilities, already available since January 2022.

More info

* * *

More than 1,000 iOS apps found exposing encrypted AWS credentials

Researchers from Symantec’s Threat Hunting team have detected nearly 2,000 mobile apps containing encrypted AWS (Amazon Web Services) credentials.

Most of the apps (1,856) correspond to the iOS system, while only 37 belong to Android. 77% of the apps have been confirmed to include valid AWS access tokens that could be used to directly access private cloud services.

In addition, those valid AWS tokens could be used by an attacker to access cloud instances where active service databases containing millions of records, including user account details, internal communications and other sensitive data, are located, depending on the type of application.

Symantec’s research is intended to warn mobile app developers of the dangers of overreliance or insecure practices that expose AWS credentials, which could make the mobile app supply chain vulnerable, as well as open the door for malicious actors to private databases, leading to potential data breaches and exposure of end users’ personal data.

More info

* * *

Google patches 24 vulnerabilities in Chrome

Google’s latest security bulletin has fixed 24 vulnerabilities, including a critical flaw (CVE-2022-3038), and has added the sanitizer system in order to protect users from XSS injection attacks.

Most of the patched vulnerabilities were due to memory management issues, with use-after-free and buffer overflow flaws that impacted complements such as WebUI and Screen Capture.

Google has also corrected several security policies and incorrect implementation vulnerabilities. It is worth noting that while there may not be evidences that these vulnerabilities are being actively exploited, there is a serious unpatched vulnerability affecting the operative system clipboard through Chromium-based browsers, and that it can be exploited with no authorization or interaction from the user.

Google also recommends installing the browser’s latest version to fix these flaws

More info

TrustOS, the Swiss Army Knife of Blockchain Networks

Alberto García García-Castro    30 August, 2022

Did you know that there are currently dozens of public Blockchain networks and that, added to the private and consortium ones, there could be hundreds? Which of them would be best suited to the needs of companies? In the following paragraphs we will answer these and other questions related to the adoption of this technology at the corporate level.

In recent years, the number of companies and public entities that are using Blockchain technology for their daily operations is growing significantly, partly thanks to the new use cases that have been developed with the Blockchain technology.

How can a company implement Blockchain technology?

Applications such as cryptocurrencies, decentralised finance, NFTs or web 3.0 have burst onto the corporate world and more and more companies are interested in integrating some of them into their technology stack.

The problem arises when it comes to putting it into practice within the company: How would the use case be implemented? Which network is the most suitable for a company’s processes?

In the last five years, Telefónica’s Blockchain team has heard these types of questions on a regular basis and that is why we decided to create a product that would make it easier for companies to build their use cases, and thus help to answer their doubts and needs in relation to blockchain technology.

Blockchain network interoperability

There has been an open debate about the interoperability of Blockchain networks for several years. Currently, the number of technologies within the ecosystem is growing exponentially, but almost all of them are isolated.

In other words, it is not possible to exchange information between them, which causes a problem when it comes to sharing data stored in different blockchains.

5 key trends for mass adoption of Blockchain

As companies and public institutions start to adopt Blockchain as a technology for their use cases, there is a need to use different networks for their applications.

A public network could be used, for example, for use cases that require a high level of transparency in the display of information. But if you want to maintain data privacy and keep it in a specific geographic location for regulatory reasons, you could store it in a private network.

As can be seen, depending on the needs of each entity, it will be better to use one type of network or another.

TrustOS, the Blockchain service managed by Telefónica Tech

To remove these barriers to the adoption of the technology, Telefónica has created a product such as TrustOS, which makes it easier for companies to use different types of blockchain networks for their applications.

In this way, regardless of the network used, the company will not have to adapt its processes or integrations to a new technology, which will allow it to tackle projects where Blockchain adds value without technological risk.

In order to get a general idea of the number of Blockchain networks that can be accessed with TrustOS today, the following paragraphs will list the most important ones:

Public Networks

These types of networks are the first to be used within the ecosystem. They are open and accessible through the internet. Anyone who wants to join can do so without restrictions and the information stored in them is public and auditable at any time. Moreover, there is no central entity that regulates the functioning of the ecosystem.

In order to benefit from the advantages of this type of network, Telefónica has made access to these two public networks available to its customers through TrustOS:

  • Ethereum: on this platform, companies can include the business logic of their applications through Smart Contracts. This is possible thanks to the fact that the Ethereum network is the largest Blockchain network in the world where this type of smart contracts can be deployed. Access to this technology through TrustOS allows the deployment of decentralised applications on a network with a computational power of 1.25 PH/s, which is equivalent to 1.25 quadrillion operations per second, used, among other things, to verify and add new transactions to the blockchain.
  • Bitcoin: within the framework of the European INGENIOUS project in which Telefónica Tech is actively collaborating, TrustOS is being used for connectivity with the Bitcoin network for sending evidence. It is the public blockchain network with the highest market capitalisation with a value of 577B$.
  • Polygon: last March 3rd was announced the collaboration agreement between Telefónica and Polygon, one of the most popular Blockchain ecosystems of the last year, especially thanks to the rise of NFTs and Web 3.0. It is a technology that solves the scalability limitations of Ethereum, making it easier for companies to use this new network for applications that require a large volume of transactions with predictable costs and settlement times.

Private Networks

This type of network tends to have a higher transaction processing and privacy management capacity than public networks, but it should also be noted that they are less decentralised in terms of the data they store.

It is a network that can only be accessed with a prior invitation from the organisation that administers it and is mainly used for business use cases that require privacy in the data stored, either due to regulatory or technical requirements.

In the area of private networks, Telefónica manages and operates the H+ network for the members of Alastria, the Spanish consortium of more than 500 companies. This is a private blockchain used for applications that require information privacy, high performance when processing transactions and guaranteed support in the event of incidents.

Incentives in business blockchain networks: a new approach

On the other hand, within the framework of Telefónica Tech’s collaboration with the European INGENIOUS project, TrustOS is also being used as a facilitator for connection to a private IOTA network, a DLT focused on the world of the Internet of Things (IOT).

Beyond these platforms, TrustOS has the capacity to integrate with any network that uses protocols such as Hyperledger Fabric or Hyperledger Besu, as well as being compatible with networks that use the Ethereum Virtual Machine.

Consortium Networks

Regarding consortium networks, they use similar technologies to public networks, but the responsibility for administration and management is shared among several organisations. These entities control who can access the network and how the information stored on the network can be interacted with.

Today, TrustOS provides access to two of the most important business and institutional consortia in the ecosystem:

  • On the one hand, there is Alastria, an open association of companies, universities and public bodies, which promotes the use of Blockchain in Spain. They are not linked to any specific technology as they promote the use of different platforms within their alliance. Specifically, TrustOS allows interaction with the networks present in the consortium that implement the Hyperledger Besu and Quorum protocols.
  • On the other hand, it is also possible to interact with LACCHain, a business and institutional consortium that promotes the development of the Blockchain ecosystem in Latin America and the Caribbean. Connections can currently be established with the LaCChain and LaCNet networks based on Hyperledger Besu.
Rethinking consensus for a more sustainable Blockchain: from PoW to PoS

Next steps to enrich TrustOS with new Blockchain networks

In addition to all the platforms mentioned above, work is already underway to use IPFS as a file storage system. This is a peer-to-peer network in which information can be stored in a decentralised manner, both in the public network and privately.

The use of this technology has become quite popular within the crypto ecosystem, partly thanks to the boom in NFTs. IPFS has been used as a distributed file system where non-fungible tokens are stored, so that they can be uniquely identified, avoiding duplication and possible fraud.

The European consortium EBSI (European Blockchain Services Infrastructure) is also being closely followed. This is a cross-border network formed by 29 countries (all EU Member States, Norway and Lichtenstein) and the European Commission, to provide public administrations with a private network that can be used for their applications and use cases. It is an infrastructure with great potential that would enrich the portfolio of networks that TrustOS already has.

What type of Blockchain network is the best option?

There is currently a wide variety of options when it comes to storing information in a secure and immutable way thanks to the different blockchain networks that exist today.

This could pose a problem for companies that are starting to adopt blockchain technology, as there are many variables to take into account when selecting the network that best suits their needs.

Telefónica Tech is therefore working to facilitate the process of integrating business applications into the Blockchain ecosystem, offering tools that make it possible in the most secure and simple way possible.

Featured image: Nick Fewings / Unsplash

Leave a Comment on TrustOS, the Swiss Army Knife of Blockchain Networks
Alberto García García-Castro
Alberto García García-Castro

Computer Engineer from UC3M and with a Master's degree in Blockchain, Smart Contracts and CryptoEconomics from UAH. I am currently working as Blockchain Technological Specialist at the Blockchain Competence Centre. In addition, I have several years of experience as a Technical Architect of Big Data platforms in multinational environments. In constant learning process. Enthusiastic about Blockchain technology as a driver of social transformation.

AI in Science Fiction Films: A Recurring Pattern of Fascination and Horror

Santiago Morante Cendrero    25 August, 2022

In today’s post we are going to explore how Hollywood films have dealt with the subject of technological advances, especially robotics and Artificial Intelligence. You will be surprised to discover that many of the films follow the same pattern, which we can say started at the beginning of the 20th century and became popular with Terminator. Let’s start!

From the Jewish Golem to “Star Wars” C3PO

There is a narrative that has proved recurrent in the history of human culture, namely the creation of artificial life to use it for our benefit. There are plenty of examples, be it Mary Shelley’s famous “Frankenstein” (1818) or the cute R2D2 and C3PO from Star Wars (see our previous post on “The Mandalorian”).

This recurring narrative can be traced back to Jewish mythology, with the clay Golem that comes to life when you put instructions in its mouth with a piece of paper and performs the tasks you ask it to do without complaint.

It is certainly an interesting concept, to be able to offload tasks onto another being who does not suffer or question the task. It is, to say the least, useful, and that is why we find this story repeated in all areas of culture, including cinema.

This is where a literary genre comes into play that is based on telling fictional stories in a context where technology and science have evolved beyond our reality. This is what we know as Science Fiction. When the Golem narrative and Science Fiction come together we have the robot books and movies.

The “R.U.R. pattern” common in Science Fiction

While it is true that not all films about robots and artificial intelligence treat the subject in exactly the same way, we do find a recurring pattern, especially in the Western world, which goes something like this:

  1. Humans have developed technology to the point where they can create an entity capable of performing tasks autonomously.
  2. An entity (a company, an army or an individual) decides to put this entity in charge of a critical asset or process for humanity, with the excuse of improving productivity, reliability or profitability.
  3. The entity develops autonomously beyond what the designers expected.
  4. The entity decides that the human being is an obstacle to its new vision of the universe and that it has to be eliminated, imprisoned or subjugated so that it does not disturb.
  5. And we could end with the fact that the entity is difficult to shut down or destroy and no one has thought to put a safety mechanism in place.

I’m sure that reading these points has made you think of a film or book that you have read. It is normal, this pattern is repeated more often than we realise.

In fact, we can find this pattern already in the first work that includes the word robot (from the Czech word robota, that is, slave). This book is “R.U.R.” (1920) by the Czech Karel Čapek, which in its plot tells us the story of a company that manufactures artificial beings (1) to reduce the workload of humans (2).

At this point, Harry Domin and Helena Glory, the owner of the robot factory and his wife respectively, decide to endow the beings with feelings, who end up developing beyond the initial objective (3), becoming aware of the slavery to which humans subject them, starting a rebellion and conquering the planet (4).

Deep Learning in Star Wars: May Computation Be With You

The story ends with all humans eliminated from Earth, because the robots were too strong and had no weak points (5).

Knowing the pattern, which we will call the “R.U.R. pattern” in deference to its origin, let’s go to Hollywood for a spin.

A (non-exhaustive) list of films that follow the R.U.R. pattern (Spoiler alert!)

If the film appears in this list, you can imagine the plot, but if you prefer not to know it, skip the following!    

  • “The terminator” (1984): Probably the most famous and the one that made the genre fashionable, it tells us how Skynet, a military AI takes control of all machines and computers with the aim of exterminating humans. Good thing we have Schwarzenegger on our side.
  • “Small soldiers” (1998): As fate would have it, a military chip ends up in articulated toy dolls which, once they become conscious, decide to wipe out the human race.
  • “The Matrix” (1999): Once they become self-aware, the machines decide to wipe out the human race. Humans decide to cut off their power source (the sun) and the machines, in return, start harvesting humans and using them as batteries while keeping them in a simulation.
  • “Red planet” (2000): A friendly robot dog accompanies astronauts on their exploration of Mars, but due to a glitch in its military programming, it decides to wipe out all human beings.
Photo: Unsplash
Photo: Samuel Regan
  • “I, robot” (2004): Una IA empresarial decide que los humanos han de ser protegidos de sí mismos y, oh sorpresa, los intenta encarcelar a todos.
  • “Stealth” (2005): A secret military programme puts an AI at the controls of a plane capable of starting a nuclear war and the plane decides to stop obeying orders.
  • “Eagle eye” (2008): A highly advanced military AI coordinates the lives of many people to overthrow a government it sees as impeding its plans for world domination.
  • “Echeron Conspiracy” (2009): Word for word the same plot as The Panic Plot.
  • “TRON: legacy” (2010): A world in which the ruling Artificial Intelligences have evolved to the point of enslaving all beings. Fortunately for us, in this case the domination is reduced to a subatomic world.
  • “Avengers:  Age of Ultron” (2015): Half-alien, half-computer robot aims to take over the entire planet and wipe out humans.
  • “Westworld” (2016): In this case, the robots are created for recreational purposes, until they realise what they are… and rebel.
  • “I am mother” (2019): Human-created AIs see how humans are destroying themselves and decide to wipe the slate clean with humans – to their regret, of course.

I’m sure we could go on like this for a bit longer, but the point has been made, we are fascinated by technology, but we are afraid to stop understanding it. I’m sure we’ll continue to see films in the future that follow this pattern – I hope you recognise it when you see it!!

Micro epilogue: The Eastern visión

To be fair, I have to admit that this is the Western view of the genre. In the East there is a completely different view of robots. These tend to be the good guys in the story, who are here to help us. But that will be in a different post.

I’ll be back!

Note: If you know more films that follow this pattern, let us know in the comments!

Movies and Big Data: how to make your heart pound

How IoT solutions help us deal with rising energy prices?

Miguel Maroto    24 August, 2022

This article is intended to describe how myself and my friends have been dealing with the increase in energy prices over the last year with the help of IoT solutions.

Paradigm shift on electricity prices

We have witnessed a spectacular increase in the price of energy over the last year, with a rise of 334% if we compare the average price in March 2021 with the average price in March 2022. This rise took place at a European level and was due to different factors.

Several circumstances have affected both my housing bill, which has risen by an average of 40%, and the bills of friends’ companies, which have suffered very significant rises both in the shops and in the factories of their companies.

In our country this situation has caused important changes in the energy consumption behaviour. In a recent study commissioned by LG Electronics, 84% of Spanish families have changed their consumption habits in recent months.

As a result, the population that has been affected by this paradigm shift is looking for solutions to help improve the energy efficiency of both their homes and business premises. The arrival of European funds, quantified at almost 7,000 million, will greatly help the progress of these efficiency solutions in our country.

What kind of IoT solutions help energy efficiency?

There are different types of solutions depending on whether they are aimed at the residential or corporate market.

The solutions focused on the residential market are simple modular solutions in which different components are included, including:

  • IoT devices: Different types of devices that collect consumption information that help improve decision making. Examples:
    • Intelligent light monitor: Allows the consumption of each connected appliance to be identified in real time.
    • Smart shower device: Device that changes colour depending on the volume of water consumed and helps the customer consume only the necessary amount of water, avoiding overconsumption.
    • Smart Plug: A device that makes it easy to measure the consumption of any electrical appliance connected to it. It is also possible to activate and deactivate it remotely.
    • Smart thermostat: Device that analyses the insulation of the user’s residence, as well as the outside temperature, to programme the best time to switch on the heating and define the temperature at which it should be switched on. This achieves a reduction in unnecessary energy consumption.
  • Management App: Application that receives the information collected by the sensors described above and helps the user to make decisions by recommending consumption habits.

For the corporate market, the solutions that help energy efficiency are found within what is called Smart Building, which is the intelligent management of the automation of all the buildings or infrastructures of a company to improve comfort, maintenance, accessibility, health and safety, etc.

This type of solution consists of the following elements:

  • IoT devices: A set of sensors that collect consumption information from different points of the building’s network and send it to the management platform.
  • Centralised Control Platform: A platform that allows any employee of the company to visualise the behaviour of the building in real time and thus make the necessary adjustments at all times.

What are the benefits of these solutions?

The benefits of these solutions for residential users are the following :

  • Saving on energy costs
  • Helping to fight climate change by reducing our environmental footprint.
  • Total control over the consumption of our electrical appliances

For the corporate market, such solutions offer the following benefits :

Economic

  • Reduction in the cost of energy bills for infrastructures.
  • Reduction of preventive and corrective maintenance costs of infrastructures.
  • Contained and predictable costs.  

Bussines

  • Energy optimisation by managing the comfort/energy consumption ratio according to economic and commercial criteria.
  • Implementation of environmental and corporate responsibility policies (ecoMarketing): energy consumption, water, emissions, etc.

Operational

  • Compliance with the regulatory framework (RITE) for infrastructures.
  • Centralised remote monitoring and control of devices in real time: lighting, air conditioning, marketing, cold rooms, machinery, swimming pools, fuel tanks, etc.
  • Facilitator of predictive maintenance of infrastructures.

What is Telefónica Tech contributing to the world of energy efficiency?

A team led by Eva Pérez Marcos at Telefónica Tech has launched the Telefónica Inmotics and Energy Efficiency Service, an e2e Smart Building solution that enables the centralised and remote management of devices in a network of infrastructures (usually buildings), providing customers with efficiencies in energy consumption and maintenance, ensuring that the necessary comfort conditions are achieved.

The solution consists of:

  • IoT devices, which collect data from different points in the building.
  • Operation and Supervision Platform: A platform that allows the building to be managed and monitored in real time.
  • Energy Intelligence Platform: An Energy Intelligence analytical platform that provides energy dashboards and proposes new policies to be implemented to manage infrastructures more efficiently.

To sum up, the implementation of this type of solutions by both individuals and companies will experience a very significant growth this year, mainly due to the increase in the price of energy, as well as factors such as the arrival of Next Generation funds and society’s awareness towards the environment, which will also help the adoption of this type of solutions by the corporate market.

Endless worlds, realistic worlds: procedural generation and artificial intelligence in video games

Javier Coronado Blazquez    22 August, 2022

In this post we will talk about how to automatically create realistic environments in virtual worlds. As an example, we will use the video game No Man’s Sky, by Hello Games, which in 2016 created entire galaxies and planets on a real scale with a simple algorithm, all of them entirely accessible and different.

As if this was not enough, we can also add artificial intelligence to the equation, which will be a revolution never seen before in the world of videogames

Infinite apes, endless worlds

A famous mental experiment known as the “infinite monkey theorem” says that, if we put an infinite number of monkeys to type on a computer for an infinite time, at some point one of them will write Don Quixote. By pure and simple chance.

Any book, even Cervantes’ opus magna, is a very long string made up of a finite number of characters, such as letters of the alphabet. In other words, in an infinite time, everything can and must happen.

We can ask ourselves whether this experiment can be extrapolated to other types of content. One approach comes in the form of what is known as procedural generation. This means that, starting from a sufficiently complex algorithm, the result of this algorithm can be randomised so that each time it is executed, the result is different.

This type of “unexpected result” has been applied not only in science, but also in the arts such as music or painting. However, it is in the world of video games where it has found a special appeal.

A sandbox (i.e., open world) video game requires a tremendous scale of modelling. After all, we are trying to mimic an entire world in a virtual environment. Due to purely technical and developmental constraints, most sandbox games had a limited number of periodically repeated elements.

Just as Neo in the Matrix would see a glitch in the form of cat-like déjà vu, we would start to see the same textures, the same trees, the same faces over and over again throughout the game. The possibility of randomising these elements, just as in real life, was all too tempting

Although there are more than a few examples of these attempts at procedural generation since the 1980s, probably the prime example due to the exorbitant scale is the video game No Man’s Sky, developed by Hello Games and released in 2016 for various platforms.

In this game, we wake up on an unknown planet with a broken spaceship, and our first mission is to find resources to repair it. So far, so conventional. We quickly realise that, unlike in other games, if we start walking in a straight line there are no invisible barriers, insurmountable obstacles, or anything that prevents us from leaving the modelled area. In fact, we could walk all the way around the planet if we wanted to, encountering extravagant fauna and flora everywhere.

When we manage to get off the planet, we see that it has a natural scale, i.e., comparable in size to Mars or Earth. In this strange Solar System, we find more planets and moons, to which we can travel by means of a fictitious warp drive (or “hyperspace”, as you prefer).

Landing on another of these stars, we find a new world to explore, different from the previous one in climate, landscape, fauna, flora, possible intelligent civilisations, and so on. The final twist comes when we wonder if we can also leave this Solar System, or even the galaxy.

We then discover that the game contains 255 individual galaxies, with a total of 18,446,744,073,709,551,616 planets, all of them accessible and different from each other. The number, in case anyone doesn’t feel like counting commas, is about 18 quintillions. If 100 people visited one planet per second, it would take about 5 billion years to visit them all. That is roughly the age of planet Earth.

Hello Games managed to create an entire Universe with infinite possibilities, without having to explicitly model a single planet. It only used procedural generation to combine these individual elements in different ways.

No two planets are identical, nor do they have the same fauna, flora or civilisations. In fact, by implementing online play capabilities, each player can discover planets and name them, or visit a friend in the underwater base he or she has created in a particularly peculiar Solar System.

The planets are the same for everyone, as the algorithm is deterministic – it is the initial planet assignment that is completely random. As a curiosity, even the game’s soundtrack is procedurally generated, based on thousands of samples from the 65daysofstatic band.

Ender’s (video) game

No Man’s Sky is an outstanding example of procedural generation in video games, but it’s been 6 years since it was released. How can we go further? This is where Artificial Intelligence (AI) comes in.

In video games, AI usually refers to the behaviour of NPCs (Non-Playable Characters), whether they are friends, enemies or neutrals. For example, in a racing game like Gran Turismo, the reaction of the other cars to the player’s actions: does the machine have an excellent driving skill, or a mediocre one?

It is interesting to see how little AI has evolved in video games. Most actions are predictable as soon as we learn the pattern. Even combat games known for their high difficulty (such as Hollow Knight, Cuphead or Dark Souls) present conceptually very simple battles, where the only real challenge lies in our ability as humans to execute a specific sequence of commands on the controller/keyboard at the exact time.

The same goes for the realism of NPCs when talking to the player, as they have a limited number of lines of dialogue and animations. It is typical to burn them out in a few iterations, which would never happen in the real world.

This will change radically with the application of AI, specifically Deep Learning. These algorithms will allow studios not only to have an invaluable programming tool for their works, but to autonomously generate concept art, dialogue or even entire games from scratch. In other words, procedural generation, but instead of being subject to a deterministic algorithm, it will be done organically and realistically, just as a human being would.

Character behaviour will be learned from our gameplay and implemented in real time. Realism will be extreme in terms of interaction with NPCs, as there will be infinite lines of dialogue. We will not be subject to choosing from a few predefined options but will be able to engage in natural conversations with any character. In addition, software such as StyleGAN, designed by NVIDIA and released open source in 2019, allows for the creation of photorealistic faces with a Generative Adversarial Network (GAN), exponentially increasing the immersion in the proposed narrative.

In a way, each person will play a different game, as the same piece of work will be configured according to that player.

Because the AI will always be learning, not only will it constantly generate new content for the game, but in a way the game will never be “finished”; only when we leave it will it stop building and updating itself. However, we must be cautious about applying Deep Learning to video games.

For example, an enemy that learns from our moves could quickly become invincible, as it will quickly see the weaknesses in our strategy and adapt its style, as is the case with Sophy, the new AI in Gran Turismo, which is capable of defeating professional drivers.

Only time will tell how far we can go in combining procedural generation and AI, but it’s clear that the future will be very realistic.

Javier Coronado Blazquez
Javier Coronado Blazquez

Doctor en Física Teórica por la Universidad Autónoma de Madrid especializado en Data Science y Machine Learning. Pasé de investigar materia oscura y rayos gamma a ser un adicto a los datos y su visualización. Actualmente, soy parte del equipo de AI & Analytics de Telefónica Tech, trabajando como Data Scientist y formador en transformación digital de empresas.

Cyber Security Weekly Briefing, 8 — 19 August

Telefónica Tech    19 August, 2022

Google reports largest DDoS attack in history

Google researchers have reported the largest DDoS attack ever recorded. Last 1 June, a Google Cloud Armor client received a series of HTTP DDoS attacks, which reached 46 million requests per second (RPS).

This layer 7 DDoS attack has become the largest attack of its kind, being 76% larger than the largest known attack to date.

According to the researchers, the attack was executed from 5,256 IP addresses spread across 132 countries, taking advantage of encrypted (HTTPS) requests. Furthermore, 3 per cent of the requests were executed from Tor exit nodes.

Researchers have determined that the geographical distribution and the types of unsecured services leveraged to generate the attack match the Mēris botnet attack family.

The attack lasted approximately 69 minutes and was stopped when, the researchers believe, the actor realised that the attack was not having the expected impact given the resources employed. Cloud Armor was able to block the attack and the victim was able to keep the services online.

More info

* * *

​​​​​​Cisco suffers cybersecurity incident

Cisco has issued a statement confirming that it was the victim of a data compromise at the end of May, on the 24th.

According to the company, the entry vector was the theft of an employee’s Google credentials stored in the browser. They used social engineering and phishing attacks to get the employee to accept malicious multi-factor notifications, thus gaining access to the corporate VPN and escalating privileges from it.

The Yanluowang ransomware group has also claimed responsibility, confirming that the data breach involved 2.75GB of information in 3,100 files in an email sent to Bleeping Computer, claiming responsibility and providing evidence.

On the other hand, Cisco says that the attackers were only able to steal non-sensitive data from a folder linked to the compromised employee’s account, adding that they found no evidence that they managed to access critical internal documentation such as that related to product development, sensitive customer or employee data, and claims that the ransomware would not have been deployed as they have not suffered encryption of any of their data.

More info

* * *

11 vulnerabilities in Chrome fixed

Google has released Stable Channel version 104.0.5112.101 for Mac and Linux, and version 104.0.5112.102/101 for Windows, which fixes a total of 11 vulnerabilities.

Among these vulnerabilities, the one catalogued as CVE-2022-2856 stands out, due to the fact that its active exploitation has been detected. This vulnerability was discovered by Google Threat Analysis Group researchers Ashley Shen and Christian Resell, and involves poor validation of untrusted inputs in Intents. On the other hand, vulnerability CVE-2022-2852 is also worth mentioning, as it has been classified as critical.

This vulnerability was discovered by Sergei Glazunov of Google Project Zero, being a use after free flaw in FedCM. Google has not provided further details of the vulnerabilities so far in order to allow the majority of users to upgrade.

More info

* * *

Microsoft warns of ongoing phishing campaigns by SEABORGIUM actor

Researchers at the Microsoft Threat Intelligence Center (MSTIC) have issued an advisory warning of new phishing campaigns by the threat actor SEABORGIUM, also known as ColdRiver or TA446.

These campaigns are reportedly mainly targeting NATO organisations and NATO members to obtain sensitive information, although Microsoft has detected attacks against countries in the Baltics, Nordic and Eastern Europe.

SEABORGIUM mainly targets defence and intelligence companies, non-governmental organisations (NGOs) and intergovernmental organisations (IGOs), think tanks and higher education.

SEABORGIUM operators use social engineering to trick their victims with fraudulent social media profiles to carry out credential theft, which ultimately ends with the sending of phishing emails with malicious URLs or attachments where the victim enters their credentials.

More info

* * *

​​​​New ransomware GwisinLocker

Security researchers have tracked down a new ransomware family, called GwisinLocker, targeting South Korean healthcare, industrial and pharmaceutical companies.

It has the ability to encrypt Windows and Linux servers, including ESXi servers and virtual machines. Operated by the threat actor Gwisin, which means “ghost” or “spirit” in Korean, it is believed, based on ransom note data, to be in the hands of an advanced persistent threat (APT) group linked to North Korea.

On Windows devices, the infection is initiated by the execution of an MSI installer that requires special parameters in the command console to execute the DLL file included in the MSI itself. This DLL will perform encryption actions by injecting itself into a Windows system process, thus evading detection by antivirus systems.

It also supports a function to encrypt files in safe mode. Regarding the Linux version, the analysed sample suggests that it is a sophisticated malware with features particularly designed to manage Linux servers, targeting VMware ESXi virtual machines.

Notably, GwisinLocker combines AES symmetric key encryption with SHA256 hashing, generating a unique key for each file.

More info

The artificial intelligence Dall-E turns any idea expressed in a sentence into an image

Nacho Palou    11 August, 2022

Generating photorealistic images from naturally expressed concepts such as “an astronaut riding a horse” or “a bowl of soup that looks like a monster”. Or anything else you can imagine, no matter how surreal.

That’s what Dall-E 2 does, the latest evolution of the artificial intelligence (AI) system announced by research and development company OpenAI, with Elon Musk among its founders.

It’s true that we’ve seen similar apps and AI systems before, which generate images from text or keywords. However, Dall-E’s latest demo generates images that leave no one indifferent due to their quality and realism, as well as their dreamlike and surreal style.

The name Dall-E combines the names of the Pixar character Wall-E and Salvador Dalí, the master of surrealism.

The tool is available to the public through registration, but its results can be seen on the OpenAI website and on Instagram.

Some images generated by OpenAI's AI model Dall-E
Some images generated by OpenAI’s AI model Dall-E

The company has shared examples of the images Dall-E produces when concepts, features and styles are combined into a short phrase.

Thus the phrase “a bowl of soup that looks like a monster made of play dough” would result in this image and its variants.

"A bowl of soup that looks like a monster made of play dough"
“A bowl of soup that looks like a monster made of play dough” according with Dall-E. Image: OpenAI

Whereas “a bowl of soup that looks like a monster woven out of wool” would result in this other image – and its variants.

"A bowl of soup that looks like a monster woven out of wool". Image: OpenAI
“A bowl of soup that looks like a monster woven out of wool”. Image: OpenAI

Different combinations can be tested on the OpenAI website, and this video shows other examples and explains a bit more about what Dall-E is and how it works.

Dall-E’s neural network “has learned the relationship between images and the texts that describe them,” the researchers explain.

“It not only understands individual objects such as a horse or an astronaut,” they say, but has also learned “how objects and actions relate to each other”. This is how Dall-E ‘knows’ how it should realistically represent an astronaut riding a horse.

Image generated by Dall-E artificial inteligence when you ask for an astronaut riding a horse. Image: OpenAI
Image generated by Dall-E artificial inteligence when you ask for an astronaut riding a horse. Image: OpenAI

To generate the image Dall-E uses a process called “diffusion” which starts by rearranging random patterns of dots and modifying them until the desired result is obtained, producing “images that have not existed before”.

Dall-E is an example “of how human imagination and systems can work together to create new things, amplifying our creative potential”

Dall-E aims to be an example of “useful and secure” AI

According to the researchers, the development of Dall-E fulfils three essential premises for the development of a “useful and secure” AI:

  • It allows the audience to express themselves in a way that was not possible before.
  • It reveals whether the AI system “understands” what is asked of it in writing, or whether it just repeats what it has learned.
  • Helps to understand how the AI system sees and understands the world.

Compared to the first version of Dall-E, announced just over a year ago, Dall-E 2 adds new features, as well as increasing the comprehensibility and the quality and complexity of the images and the speed at which they are generated.

  • Start from an existing image and create complex variations, such as changing the angle of a portrait and its style.
  • Edit an existing image to replace one object with another, to add an object that does not exist in the original image, considering styling, shadows, reflections and textures. You can even change the meaning of the image.

However, limitations in the use of Dall-E lead to bias

In addition to limiting its availability –the tool will be available to a small group of people, mainly AI researchers and some non-commercial artists– OpenIA has implemented some restrictions on the use of its new artificial intelligence model.

These restrictions are intended to avoid harmful or offensive use of the tool by preventing it from generating violent, sexual or politically charged images. It also prevents the generation of images that include known or recognisable people.

Avoiding bias and stereotyping is one of the great challenges for artificial intelligence

These limitations can, however, encourage bias in AI models such as Dall-E. OpenIA researchers found that removing sexual content to prevent Dall-E from producing adult images causes Dall-E to generate fewer images of women overall.

This is not a good thing, reports the publication Vox, “because it makes women invisible.” But this is not a problem unique to Dall-E: avoiding bias and the persistence of stereotypes is now one of the biggest challenges “for the entire AI developer community.”