Microsoft, the NSA and even the U.S. Government warned Windows users to update: now the inevitable ... [+] BlueKeep attack is underway.
SOPA Images/LightRocket via Getty Images
When Microsoft issued the first patch in years for Windows XP in May 2019, you knew that something big was brewing. That something was a wormable Windows vulnerability that security experts warned could have a similar impact as the WannaCry worm from 2017. The BlueKeep vulnerability exists in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2: and it’s now been confirmed that a BlueKeep exploit attack is currently ongoing.
A little bit of BlueKeep history
Microsoft twice warned users to update vulnerable Windows systems, first on May 14, and then again with even more urgency on May 30. Those warnings appeared to go unheeded in enough numbers to warrant an escalation on the update alerts. On June 4, the National Security Agency (NSA) took the unusual step of publishing an advisory urging Microsoft Windows administrators to update their operating system or risk a "devastating" and "wide-ranging impact" in the face of a growing threat. This warning was given even more gravitas on June 17 when the U.S. Government, via the Cybersecurity and Infrastructure Security Agency (CISA), issued an "update now" activity alert. At much the same time, security researchers were predicting that a "devastating" BlueKeep exploit was only weeks away.
The Windows BlueKeep exploit attack
Security researchers, including Kevin Beaumont who originally named the vulnerability and Marcus Hutchins (also known as MalwareTech) who was responsible for hitting the kill switch that stopped the WannaCry, have confirmed that a widespread BlueKeep exploit attack is now currently underway. Hutchins told Wired that "BlueKeep has been out there for a while now. But this is the first instance where I’ve seen it being used on a mass scale."
It would appear that rather than a wormable threat, where the BlueKeep exploit could spread itself from one machine to another, the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet. This dampens the panic that there could be another WannaCry about to happen, although the potential for such a scenario, albeit on a much smaller scale, certainly remains. For now though, this looks like being an attack campaign with a cryptocurrency miner payload.
BlueKeep exploit attack mitigation
While there is always the possibility that the threat actors behind this attack could drop more malicious payloads than a crypto-miner, for now, this acts as yet another warning for users of the 700,000 or so still vulnerable Windows systems to get patching. Cryptocurrency miners are resource hogs at best, and a roadmap that further malware installations could follow. In the case of this attack, though, there's another problem to be aware of: the exploit code isn't all that. It would appear that the attackers are using the demo exploit code released by the Metasploit team at Rapid7 in September 2019, but without enough coding skills to get this to work without it causing a Blue Screen of Death (BSOD) error.
Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability? I'd have thought that a wormable exploit, even if it hasn't been "wormed" on this occasion, that vampires your system resources or crashed your machine was warning enough. But, hey, what do I know?
Google made much ado of its recently created Health unit, but it didn't offer much insight into what that division would actually... well, do. Now, however, it's considerably clearer. Google Health lead David Feinberg and CNBC sources have outlined some of the ideas his team has, and they revolve around (surprise!) search for both you and your doctor. Feinberg envisions a search bar that would help doctors search medical records like they do the web. A doctor could search for "87" to find an 87-year-old patient instead of using the patient's name, as an example.
An insider also claimed that Google is considering a Flights-style dedicated search experience for health. You could research conditions without wading through the regular web to find trustworthy info.
It's not certain how close either idea is to fruition, and CNBC's tipster warned that it wasn't certain the Google search team would sign off on the dedicated health search. Google might have to ditch advertising on the health page. They do indicate how Google Health and Feinberg are thinking, however, and give you a hint of what to expect in the future.
Whatever comes about, Feinberg may have been busy behind the scenes. Other CNBC sources claim he's been "building bridges" to improve health-related searches in Google and YouTube, such as downplaying videos that push anti-vaccination myths. The team could be very busy bolstering your healthcare experiences -- it just isn't particularly apparent yet.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
After years of rumours, Google looks as if it’s about to get very serious about smartwatches. The long-rumoured Pixel Watch, developed by the same industrial design team behind the likes of the Pixel 4, Google Home, and PixelBook, was allegedly pulled at the eleventh hour before it was unveiled on-stage during one of the Mountain View-based company’s annual Made By Google hardware showcases.
It’s unclear why the smartwatch was ditched from the portfolio. However, it seems Google has decided it’s ready to think again.
Google’s parent company, Alphabet Inc, has bought smartwatch and fitness tracking manufacturer Fitbit for a whopping $2.1billion. The company, which is behind wearables including Fitbit Versa 2, Versa Lite, Charge 3, and connected home products like the Aria Smart Scales, will now report to Google Senior Vice President of Devices, Rick Osterloh.
The Google SVP is already in-charge of ensuring the company has a unified approach to design. Speaking about the acquisition, Osterloh said it was “an opportunity to invest even more in Wear OS as well as introduce Made by Google wearable devices into the market".
The acquisition makes a lot of sense.
Google has managed to build a very successful line of smartphones, with the Pixel 4 and 4 XL being the most recent additions to the portfolio. Its connected home range, including the Google Nest Mini, Nest Max, and Nest Hub, has also enjoyed a huge amount of success.
However, the Californian company has struggled to translate that success into other product lines, most notably its pricey PixelBook range, or the (currently) non-existent wearable and smartwatch department.
Buying Fitbit could change that overnight.
Fitbit has always been widely-praised for its build quality and feature set. However, the company has struggled against increased smartwatch competition from high-end fitness trackers, like Garmin, and the tight-integration with iOS and design offered by consumer brands, like Apple.
Operating inside Google will surely allow Fitbit products – provided they continue to be branded as such – to offer close ties with Google’s existing Google Fit health apps as well as faster pairing à la Pixel Buds. On the flip side, Google could nab some of Fitbit’s extraordinary social features, including head-to-head competitions with friends and challenges and medals to keep users motivated towards their goal.
Google Fit does not currently offer menstrual tracking, something Fitbit has boasted for a long time.
Following the acquisition announcement, Fitbit issued a statement to reassure existing users that it’s new position inside the search giant would not alter its stance on securing health and fitness data. It states, “Fitbit health and wellness data will not be used for Google ads”.
The latest move comes as Google announced a deal to buy $40 million worth of Fossil’s smartwatch technology back in January. Fossil was already one of a handful of premium brands building smartwatches on Google’s open-source wearable operating system, Wear OS.
Combining the hardware know-how of the Fitbit team with the smartwatch technology used to power Fossil, Google could be poised to build a truly competitive Pixel Watch to take on the best-selling Apple Watch range for the first time under the watchful eye of Rick Osterloh.
The Nest Learning Thermostat was first introduced to the world in 2011 and it inspired many other brands to think about "boring" home appliances in a new way.
But 10 products stand out more than the rest. Here are the biggest smart home hits of the decade, ranked in ascending order.
Ry Crist/CNET
10. Belkin Wemo Smart Switch (2012)
Ah, the humble smart plug. These handy gizmos plug into outlets and make it possible to control lamps, space heaters and other dumb home appliances from your phone -- or with a voice command. It's a simple, affordable entry point into the smart home, and the Belkin Wemo Smart Switch was an early favorite.
Its $50 price, straightforward app and early adoption of IFTTT, a service that helps devices from different manufacturers work together, made it a popular product recommendation in the early days of CNET's smart home coverage. Belkin replaced this particular switch with the Belkin Wemo Insight Switch (2013) and the Belkin Wemo Mini Smart Plug (2017), but the original Wemo Smart Switch is a legacy smart home product that inspired other brands to introduce easy-to-use app-enabled smart plugs.
Piper was the original all-in-one home security system. This self-contained security device, now discontinued, cost $239. It came with an HD security camera, two-way audio and motion, audio, humidity, temperature and ambient light sensors. Piper was outfitted with a siren, so you could scare away potential intruders with a screaming 105-decibel alarm.
Piper got its start on Indiegogo and expanded to online stores like Amazon after Icontrol Networks purchased the startup. Icontrol then released an improved version of the original Piper with night-vision called the Piper NV. Many other brands followed suit with all-in-one home security systems, but Piper led the charge for this smart home product category.
Alarm.com purchased the Piper division of Icontrol Networks in 2017 and the Piper and Piper NV products were discontinued.
The August Smart Lock, first introduced in 2013, was pretty revolutionary at the time. Instead of replacing your entire deadbolt -- a standard step for many smart locks, even today -- August's inaugural smart lock retrofit over most standard deadbolts. The installation required minimal time and effort and you could lock and unlock your door from the August app. August has since introduced next-gen versions of its classic Smart Lock, but the installation and overall simplicity remains the same. In 2017, Assa Abloy, the parent company of lock maker Yale, purchased August.
Most of the large appliances we've seen with integrated smart home tech aren't actually all that smart. The Family Hub fridge by Samsung is one of the few exceptions -- it was the first large appliance that impressed us with its smart tech.
At $5,600, the Family Hub is an expensive refrigerator -- Samsung has since introduced other, slightly more affordable models. Samsung's goal: to make Family Hub the hub of your house. Not only do the fridges have an app, they have built-in cameras where you can see what's inside when you're at the grocery store. Not sure if you need more milk? Just check the camera. They also come with a giant touchscreen display on the outside, complete with a calendar, music apps and much, much more.
As there hasn't been much innovation in the category since the Family Hub's debut, Samsung's line of smart fridges still dominate the category today by default. It's not something you need to rush out and buy, but the Family Hub was a good first step for the category that showed us the potential of smart large appliances.
The Dropcam Pro influenced the entire DIY security camera industry when it first hit the scene in 2013. Its 2012 predecessor, the Dropcam, was a solid camera, but the 1080p Pro really set the standard for the security hardware to come. Priced at $199, the Dropcam Pro had a straightforward app for live streaming, motion alerts and two-way talk.
Startup Nest (now owned by Google) purchased Dropcam in 2014 and the Nest Cam Indoor was largely inspired by the Dropcam Pro. But its influence goes far beyond the Nest Cam Indoor. The Dropcam Pro marked the beginning of an era of $200 1080p HD home security cameras. That trend has only recently given way to more affordable models, like the $20 Wyze Cam.
SmartThings began on Kickstarter. The idea was simple -- this single, router-connected hub would control all (or at least, most) of your smart home devices. And the related SmartThings app would be your one-stop spot for monitoring and managing the settings of each device. When we tested the first-gen version, we liked it. It did a decent job unifying devices so you didn't have to switch between a ton of apps and settings menus. Instead, everything was in one place.
After Samsung bought SmartThings in 2014 it introduced next-gen hubs with similar, updated functionality around the same time as the first Amazon Echo. By comparison, SmartThings and hubs from other companies (like Wink and Revolv) were clunky and hard to use. Even so, the original SmartThings hub, and its competitors (Wink and Revolv deserve honorable mentions here), paved the way for smart speakers and other devices that unite all of your smart home gadgets under a single device.
Before Ring was Ring, founder Jamie Siminoff launched the Bot Home Automation Doorbot. The Doorbot had a lot of design and performance problems, but the company rebranded quickly as Ring. The $199 Ring Video Doorbell was among the first solid smart doorbells to reach store shelves. It's still sold today, at the reduced price of $100. Ring now offers a variety of other doorbells, security cameras and smart lights.
Color-changing LED bulbs may not seem like a new thing today, but back in 2012 they were pretty wild -- and Philips was at the forefront of the category. Originally sold for $200 in a three-pack with a required Zigbee hub, the color-changing starter kit now includes four bulbs for the same $200 price. Monitor and manage your lights individually and by room in the app. Set schedules, automations with other devices and more.
The original Amazon Echo emerged during a time when we were all trying to make sense of the smart home. Hubs like SmartThings and Wink were important precursors, but it wasn't until the Amazon Echo arrived in 2014 that the smart home really took off. This cylindrical speaker, powered by voice assistant Alexa, would open up the smart home world to entire families in a way that the trickier-to-operate hubs never could.
Kids could ask Alexa to tell them a joke. Adults could set kitchen timers, play podcasts, get weather reports -- and control their connected devices with a simple command, "Alexa, turn on the kitchen lights." A lot has changed in the smart speaker category since this first product -- Google Assistant and Siri have swooped in with smart speakers of their own. And the Alexa of 2019 has grown up a lot in five years, connecting with thousands of different skills, creating thousands of potential ways to interact with the newest, ever-growing lineup of Amazon Echo products.
The 2011 Nest Learning Thermostat, dreamed up by Matt Rogers and Tony Fadell (known as the "father of the iPod), marked the start of the modern smart home industry. Before the $249 app-enabled Nest launched, there were other thermostats (and other devices in general) you could control with your phone. But Nest was the startup that first considered design in a major way. It took something utilitarian and boring -- a thermostat -- that typically hides on the wall in a hallway, and made it a statement piece.
There are dozens of smart thermostats today and our current favorite isn't even a Nest model -- it's the Ecobee SmartThermostat. But Nest made people excited about buying smart home products and I think it's one of the main reasons the larger category has grown so fast in ten years.
Now that Google's acquisition of Fitbit is official, the question is what the search giant will do with it. When the news broke on Friday, Google's Rick Osterloh said the company sees the deal as an "opportunity to invest even more in Wear OS, as well as introduce Made by Google wearable devices." For the time being, then, it looks like Google plans to leverage Fitbit's expertise to another push into wearables.
Earlier this week, we speculated on some of the ways in which Google's purchase of Fitbit would be bad for wearables. However, there are a lot of things Google could learn from Fitbit to make Wear OS a compelling platform. The important thing here is that Google doesn't do what it has seemingly done in every other situation like this, which is to change its mind after only a short while.
Make fitness fun and easy
It's fair to say that Wear OS is already a competent smartwatch platform. What it lacks is a strong fitness component. There's a lot Google could learn from Fitbit here. To start, the most important lesson is to make the experience fun. For a lot of people, working out is a chore. What Fitbit has always done well is add a sense of whimsy to something as mundane as walking 10,000 steps a day. Anytime you finish your step goal or walk after a long period of sitting, Fitbit makes it a cause for celebration with splashy graphics and words of encouragement.
Robust heart rate tracking is a must
If the first new wearable Google releases doesn't feature Fitbit's PurePulse heart rate tracking technology, then the acquisition will have been a missed opportunity. More so than any other hardware feature, PurePulse is the reason to buy a Fitbit wearable. After some initial foibles, the feature feels both consistent and accurate. Moreover, one of the smartest things Fitbit has done in the last few years is make the tech more affordable. What used to be a feature limited to the company's more expensive trackers is now something you can get on the $100 Inspire HR. Reliable heart rate tracking should be a standard feature on Wear OS devices, not a nice add-on.
There's a lot of ways in which Fitbit's PurePulse heart rate tracking could make Wear OS a more compelling platform. One example is Fitbit's Cardio Fitness Score feature, which leverages the company's heart rate tracking to provide you with an easy to understand way to improve your fitness level. Heart rate tracking should be at the center of any attempt Google makes to try and create a compelling fitness platform because it would allow the company to most directly match the Apple Watch's more advanced fitness features.
Fitbit is more than just Fitbit
In 2016, Fitbit purchased smartwatch startup Pebble's talent and intellectual property. It's hard to say what came out of that purchase other than the Fitbit App Gallery, which was created with help from some of the talent Fitbit acquired in the deal. The fact Fitbit seemingly never did more with Pebble's tech seemed a missed opportunity. Pebble had a lot of interesting ideas about how smartwatches could complement a smartphone, particularly as it relates to notifications and user interface.
In addition to Pebble, through Fitbit, Google has also acquired talent and technology from Vector, Coin, Fitstar and Twine Health. Between Friday's acquisition and its Fossil purchase earlier this year, the company now has a wealth of talent in the field. It should leverage that talent in a way that allows the company to improve the ecosystem with better software, hardware and features.
Battery life and Bluetooth performance need to go hand-in-hand
One area where Fitbit trackers have always excelled is battery life. Even taking advantage of features like heart rate and sleep tracking, you can still get close to a week of battery life on most Fitbits. And battery life is an obvious area where Wear OS can improve.
But Google shouldn't only focus on the battery life of its smartwatches. If you've used a Fitbit in conjunction with an Android phone -- particularly one of Google's Pixel smartphones -- you'll know that they absolutely destroy your phone's battery. The same is not true with iOS devices. If wearables are going to be a major aspect of Google's Android strategy moving forward, then Bluetooth performance needs to be as good or better than it is on iOS. Likewise, Bluetooth performance and battery life can't be an afterthought on Pixel smartphones. Part of the problem with a lot of wearables is that they're a burden on the most important device in people's lives, that's something Fitbit has, for the most part, been able to avoid.
Make it social
One of the underestimated strengths of Fitbit's platform is its social hooks. If you've ever bought one of the company's trackers for a family member, then you'll know how much your parent or sibling seeing your daily stats can motivate them to reach their own goals. Fitbit wisely built a lot of functionality that encourages people to engage in healthy competition.
For example, one of the things you can do in the Fitbit app is take part in something called Adventure Races. These essentially see you doing the digital equivalent of a tough mountain hike. Along the way, you can see how you're doing against your friends and family members. They can be easy to overlook, but more so than any feature Fitbit offers on its trackers, it's the social ones that keep people hooked. Studies have found that fitness trackers can help people with their physical health, but the main issue is that most people stop using their devices a couple of months after buying them. By making the experience social, Fitbit has been able to turn some users into dedicated fans. That's something Google shouldn't underestimate.
More than anything, what Google needs to learn from Fitbit is that Wear OS doesn't need to be everything to everyone. The reason so many people love their Fitbits is that they do one thing and they do it exceptionally well. Apple eventually came to the same realization with watchOS. It was only after the company stopped trying to create the "next big thing" and focused on how the platform could help people with their health and fitness goals that the Apple Watch became more compelling. A similar focus is essential for Wear OS if it's to have any chance at denting Apple's hold on the wearables market.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
