HP newsroom blog
cancel
Showing results for 
Search instead for 
Did you mean: 
Published: September 10, 2017

HP_Security_Council_Banner.jpg

 

HP’s Security Advisory Board enlists a trio of security experts to help it triumph in a malicious new world.

 

For decades, hackers fell squarely into two camps: “black hats” in it to show off their skills, and then later, for money, espionage and data theft, and “white hats” who breached systems to uncover flaws before the bad guys could find them and make sure companies promptly fix them.

Now, destruction for destruction’s sake has become a hallmark of the global cyberattack.  The foremost example being the 2012 Shamoon attack in Saudi Arabia on one of the world's largest oil companies, that wiped or destroyed 35,000 computers before the devastation was halted. Similar attacks aiming to render PC hardware inoperable have continued since, with Shamoon 2.0 earlier this year or even some of the NotPetya variants more recently. With malicious actors everywhere looking for any possible exploit, one key to surviving the constant escalation of threats is to keep reinventing how you stay ahead of the game.

A new Security Advisory Board organized by HP aims to do just that, by bringing a trio of outside security experts inside the company. All three initial members have unique first-hand expertise in the world of hacking and the latest developments in security technology and strategies.  

Michael CalceMichael CalceThe board builds on over two decades of HP leadership in cybersecurity for endpoint devices. As the world’s largest PC manufacturer and leading maker of printers, HP has driven a slew of security innovations, from technology that provides cryptographically secure updates of a device’s BIOS to run-time intrusion detection, which checks for anomalies, automatically rebooting when an intrusion is detected.

These security experts will act as a reconnaissance team, providing insights from the front lines that the company will use to reinforce its own security work. The board will also generate strategic conversations about the rapidly shifting security landscape with HP executives and the market. 

“We want to be the sharpest we can be on what the future holds, understanding the threat landscape today and being able to address the real problems of tomorrow,” says Boris Balacheff, HP’s chief technologist for system security research and innovation. 

The person HP chose to lead the advisory board is far from your run-of-the-mill corporate security expert. The new chairman, security consultant Michael Calce, a.k.a. “Mafiaboy,” launched his public career in 2000 at the age of 15 by unleashing a massive cyberattack that brought down Yahoo!, eBay and Amazon. It led to an FBI manhunt and $1.7 billion in economic fallout.  

Robert MasseRobert MasseJoining him is Robert Masse, a partner at a major consulting firm (acting independently in this instance), with more than 20 years of experience in cybersecurity, focusing on risk management and – ironically – a shared history with Calce. Following his own run-in with law enforcement over hacking when he was a teen, Masse provided guidance to Calce after his arrest.

A third member is Justine Bone, who began her career doing reverse engineering and vulnerability research at New Zealand’s version of the U.S. National Security Agency before leading security for companies, including Bloomberg LP. She’s now the CEO of MedSec, which analyzes technology security for healthcare companies.Justine BoneJustine Bone

The Security Advisory Board will work with HP to identify evolving threats and help companies adapt to the fundamental changes taking place in the security landscape. One of these changes is that inadequate security can’t be hidden anymore; the hackers’ armory is too deep and sophisticated and automated attack tools are constantly on the lookout for flaws to exploit. Bone says it takes only two and a half minutes after you plug in a smart camera or screw in a smart light bulb for an internet bot to compromise that device. Billions of connected devices span every inch of our economy and our lives, from supply chains and energy grids to connected cars.

That’s putting everyone under a microscope, from the top of the chain to the bottom. “Security has become an imperative for our customers,” says HP’s Balacheff.  With the average U.S. breach costing $7 million and intensifying scrutiny from consumers and investors, it’s increasingly clear that everyone throughout an organization, from a company’s security group up to the board, needs to be involved in anticipating security threats. “Originally cybersecurity was an IT problem. What we’re seeing is now it's being heavily looked at by the board and the audit and risk committee and treated like any other risk,” says Masse. “I think now's the time where we really have the opportunity to improve things at a much better level than before.”

Additionally, organizations need help understanding just how profoundly the thinking behind security strategy needs to change. Traditionally, companies felt that software or network security solutions would be the answer, however with the evolution of attacker sophistication and our increased dependency on devices for everything we do, it is no longer that simple. Security needs to start at the lowest level of hardware and firmware design.

When baby monitors are conscripted into botnets to launch assaults that take down Twitter and Netflix, it’s clear that any connected device can be attacked. And as the flood of network-connected gadgets continues to rise — 20 billion such devices are expected to be in service by 2020 — this challenge will only grow.

That’s why every device must be built from the ground up to be secure and able to adapt, says Calce. This principle is one the tech industry has always preached, but hasn’t always practiced. An example of this, Calce explains, is when a computer or printer boots up: up to a million lines of code can be executed before the device’s operating system is even loaded, in what is known the device's 'firmware' (often still referred to as BIOS in PCs). This occurs before the user is even able to see any kind of welcome screen. Designing protections, but also the ability to detect attack and recover a compromised device, that is how far HP has gone, trailblazing the future of endpoint security by designing hardware-enforced cyber-resilient devices.

“For years,” says Bone, “software and hardware makers were able to rely on security by obscurity. There was no upside to building in this quality all the way through the product because nobody was asking questions. Now, though, people are definitely asking.”

That’s where HP has been focused for years. The security board members say it’s paying off — that’s why they’re eager to work with HP to get this message out. 

“HP is looking to implement security on anything and everything they develop,” says Calce. “That’s the type of mindset we need if we ever want to have some level of security in this world.”

For more information on how HP is creating the most secure business devices in the world visit www.hp.com/reinventsecurity.

    Corporate Innovation
Published: September 14, 2017

Sound-graph_Immersive-Audio.jpg

Audiophiles know that sound reproduction is improved by adding more speakers to a room and making them larger. But that won’t help make today’s increasingly slim and often tinny-sounding laptops, tablets, and phones sound good.

There is a way, however, to make small devices sound larger and better, enabling a high-quality, immersive audio experience, suggests HP Labs researcher Sunil Bharitkar a member of the Media team in HP’s Emerging Compute Lab.

“We can use software to process the audio signals on HP devices so that they approximate the spatial quality of sound that you hear in a room with a multi-loudspeaker audio system,” he says. “We call it immersive audio.”

While competing approaches offer similar processing techniques, the key to HP’s lies in applying specific audio filters and “transforms” that create natural sounding audio with a low compute complexity.

Bharitkar has been guiding an effort at HP Labs, in partnership with colleagues in HP’s Personal Systems and Print groups spearheaded by Personal Systems Chief Technologist Mike Nash, to use this research to upgrade the audio quality on HP’s mobile and desktop devices.

“Audio is an essential, and often underestimated, component of any technology experience, which is why we’re thrilled to be working in close collaboration with HP Labs to make our devices sounds second to none in the industry,” says Nash.

 

Immersive Audio Flow Chart.png

The team first needed to establish objective metrics against which to measure audio performance on HP devices. Based on the outcome of those measurements, they then started redesigning HP’s audio processing technology from the ground up, an effort that has included creating a novel signal topology and a unique set of audio filters.

Additionally, the researchers are applying machine learning in their audio processing topology to classify the sound content (whether it was a movie, for example, or a song). Furthermore, using machine learning it can be ensured that multiple layers of unnecessary processing are not applied where the content is identified as having already been processed, reducing the signal processing compute load and minimizing artifacts.

 

Head, Torso & Mouth Simulator used by HP Labs for extracting directional cues associated with sound localization, and for speech reproduction.Head, Torso & Mouth Simulator used by HP Labs for extracting directional cues associated with sound localization, and for speech reproduction.This is rapidly taking users towards an experience – delivered either through a device’s small speakers or a set of headphones – that faithfully reproduces the intent of its creator of any kind of audio, from a song recorded in a small studio to a Hollywood blockbuster, while consuming as little processing power as possible.

Thanks to commonalities between internationally standardized testing methodologies used for image and audio quality assessments, the HP team have been able to draw on the experience of HP’s Print Quality Evaluation group to test their improvements, assembling several panels of non-experts to evaluate their innovations..

In an effort led by HP Mobility’s Head of Software, Chris Kruger, the first iterations of HP’s new audio processing algorithms are now being packaged into the Qualcomm Snapdragon audio processing chips used in HP mobile devices. Next up: further refining the technology and adding it to HP’s consumer offerings, and towards that the Labs are working closely with Sound Research, an HP partner, for integration.

Published: August 14, 2017

HP Labs intern Swetha RevanurHP Labs intern Swetha Revanur

We first met with Swetha Revanur last summer, when she was a recent high school graduate heading for Stanford University and interning in HP’s Emerging Compute Lab on a project that used sensor data to create simulations of how people move around in different living spaces. This year, Revanur is back in the same lab but working on a new challenge. We caught up with her to see how her academic interests have developed over the last twelve months and to learn about what she’s been working on this time around.

HP: First of all, how was your freshman year at Stanford?

I had an amazing freshman year! I’ve met some of the most brilliant people, the classes were just the right amount of challenging, and I joined an acapella group on campus. In December, I also traveled out to Sweden to speak at the 2016 Nobel Prize Ceremonies and meet the laureates. I’m excited to start my sophomore year in September!

HP: Are you still planning to major in computer science?

Yes, that hasn’t changed! When I started at Stanford, I was interested in biocomputation, but my interests have since shifted to artificial intelligence.

HP: What prompted the change?

The decision was actually driven largely by my work at HP Labs last summer where I had a lot of exposure to the algorithmic side of computer science. I think that if I can understand these algorithms and optimize them, I can have a much larger impact in whatever sector I choose to work in. At the end of the day, machine learning can always be applied to health, and it has a huge scope. 

HP: So what are you working on this year?

I’m with the same team in the Emerging Compute Lab, but instead of looking at sensor analytics, I’ve shifted my focus to the intersection of deep learning and robotics. I’m using techniques in reinforcement learning, which lets us train software agents to find the optimal actions to take in specific environments. I’ve developed a hybrid approach that maintains the same performance as state-of-the-art reinforcement learning algorithms, while improving data and cost efficiency.

HP: How’s it going?

Reinforcement learning is a new area of study for me, and so it’s been a fruitful process of self-teaching. Initially, I was wrangling with pages of linear algebra to understand how existing methods work. Once I got my bearings, I was able to point out gaps and come up with optimizations, and now I’ve implemented the algorithm in TensorFlow.

HP: How will you test the new algorithm?

The new hybrid algorithm will be tested in simulation. I’ll start with simple tests with basic software agents. For example, I recently ran a test where a pendulum was trained to stay upright. Gradually, we’ll work up to full humanoid simulations.

HP: Why is HP interested in this work?

A lot of folks in HP Labs are working in a fundamental robotics research space, on projects like mapping, localization, and navigation. My hybrid approach helps cut time and cost requirements in that space. In general, robotics dovetails really well into the social, business, and home application layers that HP is a major player in.

I was invited to speak at the HP Labs global all-employee meeting with our CTO, Shane Wall. The implications of better reinforcement learning are broad, the interest is there, and I’m excited to see where it takes us.

Published: August 07, 2017

As HP continues its journey to reinvent the global manufacturing industry, it is critical to have visionary and experienced leaders charting the way. Michelle Bockman, former executive vice president at GE Digital, recently joined HP to lead its 3D printing market expansion efforts.

At GE, Bockman most recently led the company’s ambitious strategy to build a software-driven digital future for large industrial customers. With more than 20 years of experience in a wide range of functions and industries, she’s led global operations, managed engineering, driven sales and marketing, built new digital businesses – even ran an industrial manufacturing plant.

Michelle BockmanMichelle BockmanBockman’s diverse experience gives her a fresh perspective on unlocking new value for customers who are reinventing their operations. We caught up with her to learn more about keys to driving the digital industrial transformation of production.

 

Q. Why did you choose this time to join HP?

A. We’re on the cusp of a new industrial revolution that could be greater than anything we’ve ever seen – ubiquitous connectivity, AI, robotics, the internet of things, 3D printing and more are all converging to drive unprecedented social and economic change. HP plays a central role in this revolution and is really leading the way with innovations in 3D printing, blended reality and other technologies businesses are embracing in their digital reinventions. Put this all together and we are poised to transform some of the largest industries on the face of the earth.

This is the place to be if you want to profoundly change the way people live, work and interact with one another. HP is one of the founders of Silicon Valley and has a strong heritage of reinvention which, quite frankly, also appealed to my entrepreneurial spirit. I can’t tell you how excited I am about this adventure in innovation. 

 

Q. Tell us about your new role leading the expansion of 3D Printing for HP. Where will you be focused?

A. To grossly oversimplify, I have a broad responsibility to expand the overall 3D printing market for HP in partnership with our foundational customers, strategic partners, and materials ecosystem, and drive the development of new digital services for the 3D printing business. What this really means is focusing on customer outcomes by working deeply with market leaders such as BMW, Jabil, Johnson & Johnson, and Nike as they embrace 3D printing to transform their businesses, and applying these lessons learned to the entirety of our product portfolio, so we can really accelerate development of new applications and services. 

It also means leading our global strategic alliances with SIs and software partners, and to drive our open materials strategy with the largest chemical companies on earth, as we’ll need to leverage the world to transform a $12 trillion industry. Finally, no digital industrial transformation is complete without developing the next generation of connected, digital services that unlock unique insights and value for our customers and partners.  

Q. As a longtime industry veteran, where do you see the greatest opportunities for change?

A. 3D printing technology has been around awhile, but it’s poised for a real breakout. The combination of new technology such as HP’s Multi Jet Fusion, which is up to 10 times faster and half the cost of other systems, plus the radical expansion of new materials with a simultaneous plummet in cost due to our open materials platform, means the economic promise of 3D printing is finally ready to deliver. This is no longer technology just for prototyping or the R&D team. This is a platform for large-scale industrial production. 
Couple the continued march of those innovations with the larger digital transformation unfolding across the entire design, production, and distribution workflow, and you have a massive opportunity to help companies innovate faster, be more agile in their manufacturing, and implement more flexible supply chains. This unlocks huge economic opportunity, new business models, and competitive advantage. I believe that those who invest in digital transformation will reap the rewards, and we are just scratching the surface of what this reinvention means for some of the largest companies and industries in the world.

Q. You’ve led a diverse range of functions over your career.  What else can you share with us from your journey?

A. I like to solve really hard problems with smart, curious and passionate people in industries that are changing the world. That’s what drew me to mechanical engineering in college and continues to drive me today. Over the course of my career, I’ve been lucky enough to experience many facets of businesses – from leading large organizations through change to developing new products and services to direct and daily interaction with the customer. At the end of the day what we do really matters if it delivers value to our customers and, in my mind, also delivers value to the world at large. I couldn’t be more thrilled to be part of the HP 3D printing team, which is striving to achieve exactly those goals.

Published: May 12, 2017

As I am sure that some of you have read, on May 11, a Swiss cyber-security firm, Modzero AG, released a whitepaper highlighting that a keylogger issue – which in this case, is debug code – that is present in Conexant audio drivers on select HP computers.

At HP, customer security is our top priority, so I wanted to give an update on the issue, what we have done, and our best advice to customers.

First and most importantly, there is a fix for our commercial PCs available on HP.com as of today, May 12, with fixes for all consumer PCs scheduled to be available on May 13. In addition, HP has not had, nor will it have, any access to user data as a result of this issue.

When HP learned about this earlier this month, our Cyber Security team immediately investigated the issue, found the root cause and worked on a fix. In addition to being available on HP.com, we are also in the process of getting it published through Microsoft’s Windows Update Service. This is so customers – especially those with PCs not managed by an IT organization – will get the update automatically. For customers whose PCs are managed by their internal IT team, the update is available for deployment through their standard sets of tools.

As Modzero’s report states, there was a keylogger capability in the Conexant HD audio driver package that is preinstalled on some HP PCs. This capability was created by Conexant during the development process to help debug an audio issue. Adding debug code is a normal part of the development process and such code is supposed to be removed and never included in a commercially available product. Unfortunately, in this case, Conexant did not remove the code. We certainly never intended to include this code in shipped products.

The debug code stores keystrokes in a log file that it creates to help developers diagnose an issue. This code is stored in a file locally on the PC, and then it is cleared out each time the user logs off and whenever the PC is rebooted.

Some media coverage suggested that the log files are sent back to HP. These articles are inaccurate – such information is never sent back to HP. Again, HP never intended to include this functionality in a shipped product used by customers. What is most important to know is that there is an immediate commercial fix available with all consumer fixes available by May 13.

This issue effects certain commercial notebooks and desktop systems manufactured since 2015. In addition, a select set of our consumer systems are effected. For more information on the exact systems that need an update to the audio driver, check out our security advisory.

Our best advice to customers is to install the updated driver package. If you are a consumer customer or a business without a dedicated IT team, we recommend using Window Update to keep your PC updated automatically. For customers with a dedicated IT organization, download the Softpak from HP.com and distribute the updated driver package as you would any other update. Given the nature of this issue, our advice is to deploy this update as quickly as possible.

While HP didn’t create the driver, our job is to keep the customer safe even when the issue is with third-party code. We have learned from this situation and will work to with our partners to further verify the debug code is removed from their software before it goes final. That said, we will also continue to work with the security community to learn about these issues if they do come up, and then work to make sure we can get high quality fixes out to customers as quickly as possible, just as we are doing in this case.

For more information, please read the security advisory available here.