HP newsroom blog
cancel
Showing results for 
Search instead for 
Did you mean: 
Published: September 10, 2017

HP_Security_Council_Banner.jpg

 

HP’s Security Advisory Board enlists a trio of security experts to help it triumph in a malicious new world.

 

For decades, hackers fell squarely into two camps: “black hats” in it to show off their skills, and then later, for money, espionage and data theft, and “white hats” who breached systems to uncover flaws before the bad guys could find them and make sure companies promptly fix them.

Now, destruction for destruction’s sake has become a hallmark of the global cyberattack.  The foremost example being the 2012 Shamoon attack in Saudi Arabia on one of the world's largest oil companies, that wiped or destroyed 35,000 computers before the devastation was halted. Similar attacks aiming to render PC hardware inoperable have continued since, with Shamoon 2.0 earlier this year or even some of the NotPetya variants more recently. With malicious actors everywhere looking for any possible exploit, one key to surviving the constant escalation of threats is to keep reinventing how you stay ahead of the game.

A new Security Advisory Board organized by HP aims to do just that, by bringing a trio of outside security experts inside the company. All three initial members have unique first-hand expertise in the world of hacking and the latest developments in security technology and strategies.  

Michael CalceMichael CalceThe board builds on over two decades of HP leadership in cybersecurity for endpoint devices. As the world’s largest PC manufacturer and leading maker of printers, HP has driven a slew of security innovations, from technology that provides cryptographically secure updates of a device’s BIOS to run-time intrusion detection, which checks for anomalies, automatically rebooting when an intrusion is detected.

These security experts will act as a reconnaissance team, providing insights from the front lines that the company will use to reinforce its own security work. The board will also generate strategic conversations about the rapidly shifting security landscape with HP executives and the market. 

“We want to be the sharpest we can be on what the future holds, understanding the threat landscape today and being able to address the real problems of tomorrow,” says Boris Balacheff, HP’s chief technologist for system security research and innovation. 

The person HP chose to lead the advisory board is far from your run-of-the-mill corporate security expert. The new chairman, security consultant Michael Calce, a.k.a. “Mafiaboy,” launched his public career in 2000 at the age of 15 by unleashing a massive cyberattack that brought down Yahoo!, eBay and Amazon. It led to an FBI manhunt and $1.7 billion in economic fallout.  

Robert MasseRobert MasseJoining him is Robert Masse, a partner at a major consulting firm (acting independently in this instance), with more than 20 years of experience in cybersecurity, focusing on risk management and – ironically – a shared history with Calce. Following his own run-in with law enforcement over hacking when he was a teen, Masse provided guidance to Calce after his arrest.

A third member is Justine Bone, who began her career doing reverse engineering and vulnerability research at New Zealand’s version of the U.S. National Security Agency before leading security for companies, including Bloomberg LP. She’s now the CEO of MedSec, which analyzes technology security for healthcare companies.Justine BoneJustine Bone

The Security Advisory Board will work with HP to identify evolving threats and help companies adapt to the fundamental changes taking place in the security landscape. One of these changes is that inadequate security can’t be hidden anymore; the hackers’ armory is too deep and sophisticated and automated attack tools are constantly on the lookout for flaws to exploit. Bone says it takes only two and a half minutes after you plug in a smart camera or screw in a smart light bulb for an internet bot to compromise that device. Billions of connected devices span every inch of our economy and our lives, from supply chains and energy grids to connected cars.

That’s putting everyone under a microscope, from the top of the chain to the bottom. “Security has become an imperative for our customers,” says HP’s Balacheff.  With the average U.S. breach costing $7 million and intensifying scrutiny from consumers and investors, it’s increasingly clear that everyone throughout an organization, from a company’s security group up to the board, needs to be involved in anticipating security threats. “Originally cybersecurity was an IT problem. What we’re seeing is now it's being heavily looked at by the board and the audit and risk committee and treated like any other risk,” says Masse. “I think now's the time where we really have the opportunity to improve things at a much better level than before.”

Additionally, organizations need help understanding just how profoundly the thinking behind security strategy needs to change. Traditionally, companies felt that software or network security solutions would be the answer, however with the evolution of attacker sophistication and our increased dependency on devices for everything we do, it is no longer that simple. Security needs to start at the lowest level of hardware and firmware design.

When baby monitors are conscripted into botnets to launch assaults that take down Twitter and Netflix, it’s clear that any connected device can be attacked. And as the flood of network-connected gadgets continues to rise — 20 billion such devices are expected to be in service by 2020 — this challenge will only grow.

That’s why every device must be built from the ground up to be secure and able to adapt, says Calce. This principle is one the tech industry has always preached, but hasn’t always practiced. An example of this, Calce explains, is when a computer or printer boots up: up to a million lines of code can be executed before the device’s operating system is even loaded, in what is known the device's 'firmware' (often still referred to as BIOS in PCs). This occurs before the user is even able to see any kind of welcome screen. Designing protections, but also the ability to detect attack and recover a compromised device, that is how far HP has gone, trailblazing the future of endpoint security by designing hardware-enforced cyber-resilient devices.

“For years,” says Bone, “software and hardware makers were able to rely on security by obscurity. There was no upside to building in this quality all the way through the product because nobody was asking questions. Now, though, people are definitely asking.”

That’s where HP has been focused for years. The security board members say it’s paying off — that’s why they’re eager to work with HP to get this message out. 

“HP is looking to implement security on anything and everything they develop,” says Calce. “That’s the type of mindset we need if we ever want to have some level of security in this world.”

For more information on how HP is creating the most secure business devices in the world visit www.hp.com/reinventsecurity.

    Corporate Innovation
Published: January 08, 2018

 

Pirates_15_CoreSet_Front_IR.jpg

In an era when laptops take pictures, phones track your movements, and digital assistants listen for instructions at home, people are increasingly worried about the sensors they are letting into their lives.

“If you see how many users are doing things like putting tape over the cameras on their laptops, that suggests there's something we can do to help them feel more comfortable,” says Mary Baker, a senior researcher in HP’s Immersive Experiences Lab.  

In response, Baker has been leading an effort at HP Labs to understand what exactly people are concerned about when it comes to interacting with today’s digital devices and to imagine ways in which those concerns might be addressed.

She began with a survey of HP consumers from a wide range of backgrounds, asking them to describe their attitudes to the smart digital assistants that are gaining in popularity with families across the world.

“To me that was a good place to focus because it's a new technology, so a lot of people are thinking about why they might or might not want to adopt it,” Baker notes. “What I found was that while the top reason for not buying an assistant was because people weren’t sure they really needed one, the second biggest was all about security and privacy – the word “creepy” came up in lots of the comments.”

Indeed, it became clear that many people worry that these devices are enabling something or someone to listen in on them or see them without their knowledge.

That spurred a follow-on study where Baker interviewed a smaller group of users in depth about their attitudes to sensing technologies and challenged them to create simple prototypes of devices that would assuage their concerns.

“We wanted to know what it might take for people to just look at a device and know intuitively how private they are with respect to it,” says Baker. “Is it obvious to them how they would control it? Can they trust those indicators and controls?”

Significantly, interviewees felt that an LED “recording” indicator was not something they were able to trust. Instead, they preferred solutions that physically blocked or separated a sensor from a device to indicate that it was not currently in use.

“So while tech companies spend a lot of time trying to hide sensors, users might prefer us to make their behavior more obvious,” Baker suggests.

These insights clearly have implications for any company interested in creating devices that users feel will protect their privacy, and Baker and her HP Labs colleagues have been sharing their findings with HP’s various product groups. Most recently, Baker, along with Jim Mann from the Office of the Chief Engineer, and Cath Sheldon from Customer & Market Insights, led a workshop for teams from across each of the company’s major business units. The workshop, sponsored by Chief Engineer Chandrakant Patel, offered the opportunity to discuss and share information about design features that are most likely to reassure users and has prompted new inventions around sensor privacy.Rotating microphone.Rotating microphone.

She and her colleagues Eric Faggin and Hiro Horii have also shared a variety of conceptual sensor solutions developed by Immersive Experiences Lab engineers in response to her survey research. These include microphone units that must be physically manipulated before they work and clasps that cover cameras when not in use.

While considerations like complexity and manufacturing cost are always major determinants of final designs, teams across HP now have a better understanding of how consumers are likely to respond to sensors in future HP devices.

“We want the users’ experience with HP products to be associated strongly with protection of their privacy,” Baker says. “That’s what this research is all about.” 

Published: December 12, 2017

synaptics.png

HP was advised of an issue that exists with Synaptics’ touchpad drivers that impacts all Synaptics OEM partners. HP uses Synaptics’ touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available in the security bulletin on HP.com. HP has no access to customer data as a result of this issue.

Published: November 29, 2017

FitStation_029.jpg

 

Today, FitStation powered by HP announced that Brooks Running Company, which designs and markets high-performance running shoes, apparel and accessories in more than 60 countries worldwide, is partnering with FitStation to deliver the first-ever fully custom running shoes. FitStation, a new platform that delivers custom-fitted and individualized footwear through innovative 3D scanning, dynamic gait analysis, and manufacturing technologies, has piloted the innovative biometric-based running shoe development platform at 11 premium retail locations across the US, to rave reviews.

Brooks is committed to providing the experience each runner wants. The ability to deliver a personalized shoe based on an individual’s unique biomechanics is an important offering for the runner who is interested in tip-of-the-spear technology and a totally tuned ride,” said Brooks CEO Jim Weber. “As part of our focus on reinventing performance running, we will continue to push the envelope to bring runners new innovations that help them tailor their unique running experience.”FitStation_003.jpg

 

FitStation combined with Brooks’ deep understanding of runners’ unique biomechanics and commitment to providing personalized experiences that enhance the run for the individual, brings Run Signature to the next level and delivers the most personalized individualized running footwear, all based on the customer’s personal data. This personalized footwear will be available via special order through select retail partners beginning June 2018.   

The Brooks announcement comes on the heels of another key partnership; in October, HP joined partner Steitz Secura at A+A in Germany. A safety shoe specialist, Steitz Secura is using FitStation to aid in its focus on comfort, preventative health and safety.

The digital foot scanning platform allows customers to create a profile, choose to receive personalized off-the-shelf insole and shoe recommendations, fully customized 3D printed insoles, or receive their own pair of truly individualized custom footwear. This unique solution analyzes each foot using a combination of 3D scanning and pressure plate technology to deliver a complete dynamic gait analysis for the individual. FitStation analyzes the data and produces details for custom shoes with polyurethane injected midsoles, that vary in density based on the customer's precise needs. Then, the products can be produced locally for unbelievable ease and speed.FitStation_006.jpg

 

Reinventing how the world designs, manufactures, and sells

FitStation is HP’s next step in the company’s journey to reinvent how the world designs and manufactures with commercial 3D technologies. It’s also a significant leap in reimaging what the retail experience of the future will look like. While brick and mortar stores have faced challenges as online shopping grows in popularity, there is still a deep desire for in-store experiences. But the store of the future needs to engage customers in fresh, tailored ways. Offerings that deliver individualized ‘you-get-me’ options will win the retail wars. "FitStation by HP is changing what personalization means—from the in-store experience to the final product. In collaboration with Brooks and Superfeet, we are delivering truly made-to-measure footwear with a lot size of one,” said Ed Ponomarev, general manager of FitStation and business development HP Inc. “Digitalization of biometric data opens an opportunity to ultimate individualization with the speed and cost efficiency of mass production. HP brings deep experience in computing, scanning and technology integration at scale to deliver a revolutionary digital manufacturing platform, creating individualized products that are available to anyone—from casual runners to elite athletes.”

“Without question, the system is on the cutting edge within our industry, and the level of engagement with our consumers is remarkable. FitStation has become an integral component now in our standard shoe-fitting process with our business. In addition to a cool experience, the system allows us the opportunity to sell the consumer a very personalized ME3D insole while never having to stock an inventory item...positively brilliant,” said Adam White of Running Central.FitStation_015.jpg

 

FitStation uses HP Multi Jet Fusion printing technology to manufacture the world’s first 3D printed insoles made using 3D scanning and dynamic gait analysis to create a one-of-a-kind digital profile of each foot. Superfeet, the leader in innovative, over-the-counter insoles, is piloting the platform in select stores across the 4,000 retail locations where they have a presence.

"For 40 years, we have set the standard for shape and fit. Until today, the technology to deliver a 3D printed insole that meets Superfeet’s exacting standards didn’t exist,” said Eric Hayes, Chief Marketing Officer at Superfeet. “Our new solution allows us to create the most individualized shape and fit on the planet.” 

"FitStation is a truly disruptive platform that will improves people’s lives and change the way people purchase footwear and shoe insoles,” said Louis Kim, Global Head of Immersive Computing, Personal Systems, HP Inc. “We are reinventing the footwear shopping experience, bringing a level of customization and personalization never before seen. We are stitching HP’s capabilities in 3D scanning and 3D printing to bring this Blended Reality vision to life and are working with leading partners within the footwear industry to develop this revolutionary platform.”

Learn more about FitStation powered by HP.

Published: November 27, 2017

Multi-jet-fusion printed part on the left and a high resolution scan of the indicated portion of it on the right  showing the micro surface structure used  for authentication.Multi-jet-fusion printed part on the left and a high resolution scan of the indicated portion of it on the right showing the micro surface structure used for authentication.An HP Labs investigation into accurately identifying and authenticating 3D-printed objects is helping enable a future where parts for high performance machines like jet engines are routinely printed to order. It may also aid the development of new systems for tracking physical objects of any kind on a massive scale.

HP Labs Distinguished Technologist Stephen PollardHP Labs Distinguished Technologist Stephen Pollard

 “To use a 3D printed part in a machine like an aero-engine, you need to be able to confidently identify and track that part after it has been printed from a known and trusted printer,” observes Bristol, UK-based researcher Stephen Pollard.

One way to do that would be to add a unique identifier like a bar code to each printed item. But Pollard and his colleagues in HP’s Print Adjacencies and 3D Lab wanted to come up with an approach that added no processing or materials cost to the 3D printing process and that would also have applicability for 3D objects created via more conventional methods.

Their solution: a low cost, three-stage, automated identification and authentication system that doesn’t require a printed object to be readied for authentication in any way.  

It works by first designating a small area of the object to be tracked as the location of a “virtual forensic mark.” This need only be a centimeter or so square and can easily be pre-assigned in the digital version of the 3D object before it is printed.   

Once the item is printed, it is robotically scanned so that the location of the virtual forensic mark can be identified. Finally, a second, very high resolution scanner takes a measurement of that small area. It’s so accurate – detecting surface differences of just two thousandths of a millimeter - that it can establish a unique digital signature for every printed version of an identical 3D object.

With this identifying information on file, the object can be scanned again whenever a confirmation of the object’s specific identity is needed.

“It’s like a fingerprint scanner for physical objects,” says Pollard.

The team has already created prototypes for most of the elements in their system. They next plan to miniaturize and integrate them together into a single prototype device, creating a tool that does the work of instruments that currently cost tens of thousands of dollars for under $100 per machine.HP Labs research engineer Faisal AzharHP Labs research engineer Faisal Azhar

One major challenge will be to place each of these elements together in way that allows the process to be fully automated, adds Labs researcher Faisal Azhar.  

“The other hard problem we face is extracting reliable and repeatable signatures of the 3D parts,” Azhar says. “We are already able to make incredibly accurate scans but those scans need to be reliably repeatable to be confident that the object we identify right after printing is the same object we later want to place, for example, in a machine.”

At present, the system is optimized to scan the surface of objects created by HP 3D printers. But the Labs identification and authentication team plans to expand its capabilities to include objects made from a more diverse array of materials.

More broadly, they are also looking to measure properties of 3D objects beyond their shape, and devise methods for further enhancing production line integration and automated machine interactions with them. “This “forensic” level of authentication and identification will really come into its own when 3D printing moves from prototyping and into production, and manufacturers are printing millions and even billions of copies of any one part,” says Pollard.

Published: November 21, 2017

 

intel-logo-default-150x150.png

Intel has identified a vulnerability in its Management Engine platform that impacts all its OEM partners. HP has worked with Intel to provide fixes for impacted systems that are available in our security advisory on HP.com. More information from Intel is available HERE.