ePLDT Launches Visitor Management System for Faster, Easier, and Safer Reception

Wazzup Pilipinas!

Companies that receive many guests face the challenge of monitoring and tracking the people going in and out of their premises. This can be inconvenient to receptionists, employees, and even to visitors especially when traditional recording is used.

ePLDT, Inc., with its continuing initiative to deliver best-in-class digital business solutions, is proud to announce its Enhanced Visitor Experience (EVE) app, a fully digital and interactive visitor registration system designed to help companies process incoming and outgoing traffic.

According to Nico Alcoseba, Vice President and Head of PLDT’s Disruptive Business Group, the app provides a window to what kind of culture exists beyond the reception area.

“With EVE, companies can provide an interactive visitor experience to people coming to the office from the moment they first logged in to the time their host is ready to accommodate them,” Alcoseba said. “It’s a solution that guests, receptionists, and employees will find simple and enjoyable.”

EVE offers a digital end-to-end visitor-reception-host interface system through an automated visitor information recording and extraction.

“EVE addresses real-life enterprise challenges ranging from long queues, mismanagement of guest information when using pen and paper, inaccurate guest reports, and disorganized guest-host relations,” Alcoseba emphasized.

App Challenge Cebu 2016 Awards Winners

Wazzup Pilipinas!

Globe Telecom, in partnership with Molave Development Foundation, awarded Team Magtutudlog Bisaya, comprised of Jonie Aranzado-Jumamil, Genesis Lagacan, and Vahn Marty Cagalawan, as the Grand Prize winner of App Challenge Cebu 2016 held last December 13, 2016 at the Cebu City Public Library. The competition was designed to encourage local developers to create educational Android apps that will teach K-3 pupils about reading and writing in Cebuano. The team bested other teams in a live pitch and prototype demonstration to a panel of esteemed judges: Ms. Michelle Tapia, Ms. Bea Lacson, and Ms. Mara Garcia from Globe Telecom; Ms. Irma Saligumba from Molave Development Foundation; Ms. Irene Pilapil from the Department of Education, and Ms. Tina Amper of TechTalks.ph.

“Amazing, we can’t believe it,” Jonie exclaimed when he and his team won PhP 100,000 in the App Challenge. Aside from the cash prize, the team is supported with supervisory guidance and continued mentorship from Globe Telecom, Molave Development Foundation, and IREX through their Beyond Access program as they continue to build their learning app.

While the team, along with their university MSU-Iligan Institute of Technology, celebrates their win, they are also looking forward to developing their learning app further in the next few months to come. The app, which will feature familiar games to Cebuano kids, will be an essential digital tool in teaching kids how to read and write in Cebuano. Education stakeholders present at the Pitch & Awarding, including officials from the University of Cebu, the Mayor’s Office, Department of Education, and the Cebu City Library, have commented on how the app will be a welcome addition to the literacy content for the Cebuano community.

At present, a lot of students have minimal-to-no usable material for in-classroom learning or for self-study especially for fundamental skills like mother tongue literacy in K-3, thus, while they are able to speak and to understand their main language or dialect, their reading and writing abilities are limited.

On the other hand, many teachers all over the country are saddled with additional work on content development to compensate for the lack of available good-quality materials instead of being able to focus on improving student outcomes.

Cebuano is among the pre-identified major Mother Tongues for instruction, according to the Department of Education. The language is the second most widely used language, after Tagalog, and is spoken by 21 million Filipinos.

The app is expected to help address the problem by teaching the half-a-million Cebuano children their native alphabet and helping them build their vocabulary, among other things, through various activities. Learning concepts will focus on colors, numbers, shapes, family members, and/or body parts.

Team MAJA, comprised of Aldrin Navarro, Jay Arnel Bilocura, and Jae Marie Magdadaro, came in as the first runner-up in the App Challenge. Their learning app, when developed, has great potential to be added to the ever-growing body of content for the Cebuano language.

Globe Telecom, along with Manila-based Molave Development Foundation and Washington D.C.-based IREX, are closely invested in enriching education through tools, content and technology that advance basic education in the Philippines. The local developer community is very much alive and thriving, and as highlighted through the promising work of budding developers, has great potential to help shape and transform Philippine education for the better.

Globe and NBA Provide Enhanced NBA App User Experience Ahead of 2016-17 Season

Wazzup Pilipinas!

As the 2016-17 NBA season tips off, the NBA and Globe Telecom, the League’s official wireless and broadband services partner, provide an updated NBA app user experience for sports fans to watch the NBA live on their mobile devices.

Globe customers subscribing to any NBA promo will experience a simpler registration process without the need to input PIN codes to access NBA content on their mobile devices. Once customers complete the promo registration, users will receive a link via SMS directing to the NBA app to verify their mobile number. Once authenticated, fans can immediately enjoy NBA games and programming on their mobile devices.

“Globe is committed to providing the best possible mobile experience so that our customers can access content seamlessly on their devices. By closely working with the NBA, we have developed a streamlined registration process, free of inputting tedious PIN codes. This way, one can easily access NBA games and content anytime,” said Globe Senior Advisor for Consumer Business Dan Horan.

Avid NBA fans can now catch their favorite team games and game specials through their Globe Broadband plan that comes with six months free access to NBA LEAGUE PASS. On mobile, NBA promos are also available in three service offerings: NBA499 for a 30-day premium access, NBA299 for 7 days, and NBA50 for a 24-hour access. To begin the NBA LEAGUE PASS registration process, Globe users must text the preferred NBA promo keyword (NBA499, NBA299, NBA50) to 8080.

Rocco Nacino and Morissette Amon: Brand Ambassadors of New Social Media App Findr

Wazzup Pilipinas!

Actor Rocco Nacino and singer Morissette Amon were recently announced as the Brand Ambassadors of the newest social media app called Findr.

At the VIP and Media Launch held on October 25, 2016 at the The Eye of Green Sun Hotel in Makati city, both Rocco and Morissette find the app very useful so they could easily not only interesting events and places but also like-minded individuals who share their common interests. Since Rocco is also a businessman, he could also post his businesses on the Findr app, while Morissette can post her concerts and music gigs, thus both of them becoming content providers as well. You can find out more by watching our video coverage of the event that we will upload soon.

Also gracing the event was motoring journalist and TV host James Deakin who also shared his thoughts about the Findr app. We have his all his convincing statements documented on video as he shared how we need a social media app which filters out the unnecessary information or news that we don't really need - like breakfast in the morning, or political rants, that often pollute social media networks like Facebook and the rest.

Findr is the brainchild of Salvador "Buddy" Silva Jr. III, Founder, Chairman of the Board and Chief Executive Officer of Satellite GPS Tracking and Asset Management System Corporation, the company that developed Findr, and also SafeSat, which is their commercial version of the app. Findr is designed for the consumers, while SafeSat is for businesses especially those in the logistics and distribution industry.

We also had a special video interview with Buddy, as well as with Findr Co-Founder and Technical Manager Angelo Kaufmann, who was in charge of the overall development of the Findr app.

Risks - or Not - Behind Pokémon Go

Wazzup Pilipinas!

At FortiGuard, we wouldn't let you down without an analysis of Pokémon Go. Is it safe to install? Can you go and hunt for Pokémon, or stay by a pokestop longing for pokeballs? While this article won't assist you in game strategy, I'll give you my first impressions analyzing the game.

Versions
There are two sorts of Pokémon applications:

1. The official versions, issued by Niantic.

We will talk more about these later, but in brief, they are not malicious.

2. The hacked versions. These are also known as "mods", which are issued by other developers, for multiple reasons. It is in this category we are the most likely to encounter malware. For instance, a repackaged version infected with DroidJack RAT has been identified to be in the wild (see analysis below).


15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4

However, not all hacked versions are necessarily malicious: we inspected hacks to play on Android 4.0 (the minimum requirement is normally 4.4), or to modify GPS coordinates, neither of which showed any malicious intent.

baf0dc2e19c6ec9ebfc2853785e92e175064c522a82410c2e56e204fad156838 4d482cf9beef8d4f03a6c609025fc6025069c0c83598032e46380d23a75f1979

Besides manual inspection, we also sent those samples to our learning-based Android prediction engine, SherlockDroid / Alligator, which confirmed our analysis ;)


Risk #1 Installing an infected version

As mentioned earlier, a sample with sha256


15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4

is infected with Android/SandrC.tr, dubbed DroidJack RAT.

This is a known malware, for which we have had a signature since 2015. Therefore, Fortinet customers were protected from this malicious Pokémon app from the beginning :)

This malware is quite widespread. Internal statistics at Fortinet indicate more than 8,800 detections in a year, and 160 last month alone, but those figures are largely underestimated for various reasons, including the fact that reporting is not enabled by default. So, basically, what you should remember is that this malware is still in the wild and active currently.

More malware to come?

Yes, very certainly. Malware authors are likely to continue to re-package the game with a variety of malware and distribute it. The fact the game wasn't released in all countries at the same date, for example, (thus forcing impatient users to look for alternatives on the web), combined with the fact there are large game hacking (that's nice) and cheating (that's bad ;) communities only increase the potential for downloading an infected version of the game.

Risk #2 Full Google Account Information? (This is fixed)

Adam Reeve noticed that the game requested full access to your Google account. Note: we are not talking about an Android permission here but a permission of an app connected to a Google account.

This was an error and Niantic fixed this. So be sure to remove the permission from your account and upgrade your Pokémon Go application.

Finally, note that it is not extremely clear in the documentation exactly how much "full access" really means, but no malware or exploit of this has been reported so far.

Risk #3 Unwanted network traffic

In a perfect world, we'd expect games to only send packets over the network that are absolutely necessary for the game to run, such as your location, the details of Pokémon around you, etc.

However, this is very far from reality, and for years now most Android applications are bundled with third party kits (analytics, crash reporting, cross platform engines, etc.) which use up the bandwidth which send and receive more or less useful side information containing, in the best cases, the exact model of your smartphone, or in the worst, personal information such as your phone number and other private data.

Pokémon Go is one of these bandwidth hungry applications. I downloaded it two weeks ago, and it is already close to being the most greedy application on my phone...

For mobile users, the consumption of bandwidth is a real issue. On average, 24% of an application's traffic is for third party tracking and advertising services. For some applications, the rate rockets to 98%.

While the percentage of side traffic for Pokémon Go hasn't been measured precisely, given the number of third party functionality it includes, I wouldn't be surprised if it isn’t well above 50% ;)

Here is a list of what version 0.31.0 contains:

· Crittercism - now called Apteligent - is a mobile application "performance management solution"

· Dagger is a "fast dependency injector"

· Android support libraries: those are common to nearly all Android applications

· Apache commons I/O

· Unity 3D: that's the game engine Pokémon Go heavily relies on

· Space Madness Lunar Console: this is a "lightweight Unity native iOS/Android logger"

· Google Ads

· Google GSON

· Jackson XML: this is the JSON library for Java

· JNI bridge

· Upsight: a mobile analytics and marketing platform

· Google billing

· Square Otto: an event bus

· Voxel Busters: with "cross platform native plugins"

· rx for Reactive programming

Along with such "not-so-essential" network traffic to third party servers also comes common leaks. While we expect Niantic Labs and Unity 3D (game engine) to access our geographic location (to locate Pokémon and pokestops), perhaps we shouldn’t expect apps like Crittercism, Google Ads, Jackson XML, or Upsight to retrieve our location?

The disassembled code also shows that Voxel Busters is building the full list of our phone's contacts (see figure below). They access the display name, phone number, phone and email of all contacts. The list is then compiled into a JSON object and sent to a function named UnitySendMessage, which is then exported by a Unity shared library (libunity.so) where it is dispatched to another function, and where I currently lose its track. Are contacts sent to remote servers? This is not confirmed yet, but is of some concern.

So, yes, you need to know that while you play Pokémon Go you send your geographic location, along with other details (e.g network operator name, phone brand, etc.), to several remote servers, and you "pay" for this side traffic through bandwidth consumption. Unfortunately, this is increasingly true for nearly any game found in application stores nowadays...

Risk #4 Spoofed Pokémon map or activity

The Pokémon Go application communicates with Niantic servers via HTTPS (see image below). Even better, in version 0.31.0, Niantic introduced certificate pinning to ensure that applications exchanged information with the real Pokémon servers and not with others

Initiating a TLS handshake with Pokémon Go servers

However, when certificate pinning is not active, an attacker can perform a MITM attack and thus completely modify the game for victims. For example, rastapasta managed to customize pokestops!

Hacked pokestop by rastapasta

A malicious person can easily imagine other customizations, such as displaying an infected link in a pokestop, or directly injecting infected traffic. While such attacks are probably feasible, they are tricky, and the attack would only operate on the network where the Pokémon Go MITM proxy is setup.

Conclusion

· The Pokémon Go application is not malicious.

· It is no longer possible foe the application to fully access your email. It was a risk with an older version, but hasn't ever been demonstrated.

· There are currently versions of Pokémon Go in the wild repackaged with malware, and I expect more to come. Consequently, if you are not retrieving your applications from a safe application store I recommend you check its SHA256 hash against the official one, or scan the application with an anti-virus tool.

· Like most applications nowadays, Pokémon Go (or the third party apps it uses) exposes your privacy and implies unwanted network traffic.

· Niantic has obviously paid attention to securing access to its gaming servers. However, locally, MITM proxy attacks remain possible by skilled attackers.

Keep posted!



Contributed By: Axelle Apvrille Anti-Virus Malware Researcher, FORTINET

https://blog.fortinet.com/2016/08/11/risks-or-not-behind-pokemon-go