Suramya's Blog : Welcome to my crazy life…

February 1, 2023

Product Idea: Use ChatGPT to write movie/TV Tech Jargon dialogs

Filed under: Emerging Tech,My Thoughts,Tech Related — Suramya @ 3:00 AM

ChatGPT has taken the world by storm and everyday we hear more and more stories about how good it is and how it is changing the world. Personally I think the best description of the software is how Christine Lemmer-Webber put it:

ChatGPT is Mansplaining As A Service. A service that instantly generates vaguely plausible sounding yet totally fabricated and baseless lectures in an instant with unflagging confidence in its own correctness on any topic, without concern, regard or even awareness of the level of expertise of its audience.

People are using it for anything and everything including writing exams, writing articles, job posts, etc etc. While the result we get looks quite plausible there have been multiple cases where the output is subtly wrong and using the result as is can cause problems. However, there is one place that I can think of that ChatGPT would be extremely useful without any major drawbacks. If you have seen any TV show recently there are a lot of times where the characters will use technobabble to explain something and a lot of times the explanations are so ridiculous that they end up distracting you from the actual plot (such as it is).

My idea is that we encourage the writers to start using ChatGPT to write the jargon, even if it gets it wrong it wouldn’t be worse than what we have already so it is a win win. Plus since we all know that media tech works differently we don’t have to worry about the results being 100% accurate or correct.

One example is as below:

Forensic Scientist 1: Hey, have you seen the results from the trace DNA sample we collected from the crime scene?
Forensic Scientist 2: Not yet, I was just about to head over to the lab and check. Why, did you already receive them?
Forensic Scientist 1: Yeah, I just got an email from the lab. They’re pretty clear cut.
Forensic Scientist 2: Great, let’s take a look. What do the results show?
Forensic Scientist 1: Well, the sample is a match with the reference sample from our suspect. The lab confirmed a positive identification.
Forensic Scientist 2: That’s fantastic. Did they provide any details on the genetic markers?
Forensic Scientist 1: Yes, they identified several short tandem repeat markers that match between the sample and the reference. They also ran a mitochondrial DNA analysis and got a match there too.
Forensic Scientist 2: This is really strong evidence. But we need to be sure to double check all the details, especially since this is a high-profile case.
Forensic Scientist 1: Absolutely. I was thinking we should do a full review of the lab’s methodology and verify that the samples were handled and stored properly.
Forensic Scientist 2: That’s a great idea. Let’s also review the lab’s accreditation and see if they meet all the necessary standards.
Forensic Scientist 1: Right, we want to make sure our evidence is solid and can stand up in court.
Forensic Scientist 2: Definitely. Well, let’s head over to the lab and start our review.
Forensic Scientist 1: Sounds good. Let’s do it.

Another example:

Cybersecurity Professional 1: Hey, have you seen the alert about the recent cyberattack?
Cybersecurity Professional 2: Yes, I just received the notification. What do we know so far?
Cybersecurity Professional 1: The attack appears to be a phishing campaign. The attackers are using fake emails to steal login credentials from unsuspecting victims.
Cybersecurity Professional 2: That’s a common tactic. Did they manage to compromise any systems?
Cybersecurity Professional 1: Yes, we have reports of several systems being breached. Our incident response team is currently investigating the extent of the damage.
Cybersecurity Professional 2: Okay, let’s see if we can help with the investigation. What’s the first step?
Cybersecurity Professional 1: First, we need to isolate the infected systems and contain the spread of the attack. Then we can start looking into how the attackers gained access and what they did once they were in.
Cybersecurity Professional 2: Right. I’ll start working on the containment and isolation. Have you seen any indications of what the attackers are after?
Cybersecurity Professional 1: It’s not clear yet, but it looks like they are targeting sensitive information, such as financial data and personal information. We need to be proactive and make sure all our systems and data are secure.
Cybersecurity Professional 2: Agreed. We need to inform the relevant stakeholders about the attack and what measures we’re taking to prevent further damage.
Cybersecurity Professional 1: Absolutely. We also need to start preparing for the worst-case scenario, in case the attackers managed to exfiltrate any data.
Cybersecurity Professional 2: That’s a good point. We need to be prepared for the aftermath and make sure we have a plan in place to respond effectively.
Cybersecurity Professional 1: Right. Let’s get to work and make sure we minimize the impact of this attack.

What do you think?

– Suramya

January 25, 2023

Fewer than 50% of smart appliances are connected to the internet by users and that percentage is too high

Filed under: My Thoughts,Tech Related — Suramya @ 3:04 AM

Smart Appliances or Smart Devices are a pain. Yes, sometimes they make your life easier by allowing you to control your lighting from the bed or switch on your devices remotely but they cause major security problems. There is a term for these ‘smart’ devices: “Internet of Shit”. This refers to all the devices that are connected to the internet that have no business being connected to it. One example is an IoT enabled toilet, Smart Toaster, Smart Mirror etc etc.

There are a lot of potential issues in IoT devices including but not limited to:

  • If the manufacturer decides to shut down the service the device becomes an expensive paperweight
    • Older model Lexus cars lost all remote capabilities because the 3G towers it depended on shut down
    • Older Sonos speakers lost functionality when the company decided to decommission them
    • Tesla car bricked itself because it lost connectivity after owner parked it in a basement.
  • Need a 24×7 active connection
    • People got locked out of their house because a server upgrade was happening
    • During an AWS outage folks were unable to change the temperature using their NEST systems
  • Security Issues: IoT devices are the amongst the most insecure devices out there
  • Lack of Interoperability

and much more. When I bought my AC a couple of years ago I had to argue for a good 15 mins to get a non-smart/internet connected AC. The salesperson couldn’t digest why I wasn’t interested in having a smart AC. A few years later I got a washing machine and there was no option to get a dumb machine, but thankfully it has the option to create a local hotspot that I can connect to from my phone to control the machine. Yeah, it would be more convenient to do it from a distance but guess what I am already next to the machine when I am putting clothes for a wash and it is not that hard to connect to the local AP, start the cycle and then switch back.

A lot of appliance manufacturers bet big on the Smart revolution and according to recent studies are quite surprised to find out that fewer than 50% of their consumers actually connect their smart devices to the internet. The main reason behind it, in my opinion is that there is no major value add for a toaster or a fridge or a toilet to be connected to the internet.

This whole conversation reminded me of the following quote:

Tech enthusiasts: My entire house is smart. Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don’t recognize.

I am not as bad but nothing at my house is connected to the internet if it doesn’t need to be and then also it is on a separate network isolated from my home machine.

Source: Slashdot: Appliance Makers Sad That 50% of Customers Won’t Connect Smart Appliances

– Suramya

January 22, 2023

Working remotely doesn’t leads to lonely people no matter what folks on Twitter say

Filed under: My Thoughts — Suramya @ 1:11 AM

“100% remote work combined with a no meeting culture is going to create a large group of lonely, isolated workers”Alex Cohen posted this on Twitter a little while ago. Apparently the only way to ward off loneliness is to work in an office and attend meetings since having friends and spending time with them is obviously so last millennium.

I am someone who tends to be a little on the workoholic side if I am not careful. I have spent all weekend in office multiple times and one of my managers frequently used to message me asking me why I was still online at 3am and logged into office systems. That being said, there is more to life than work. In one of our Townhalls in a previous organization, someone asked the CEO a question “What are you doing to ensure employees have a proper work-life balance” and he responded (and I am paraphrasing since this was a while ago) “It is not my or the company’s responsibility to ensure you have a proper work-life balance. Only you know what balance would work for you and you need to tell us when you have enough work and need to stop for a break. If you allow/want we can give you work 24 hours a day 7 days a week because we have enough things to do. You need to be the one to decide what work-life balance means for you and then let us know. Then we will ensure that you get to follow that.” This stuck with me since I heard it and I quote it often with my reportees when we talk about Work-life balance.

This is not to say that you shouldn’t make friends at work or people objecting to the statement don’t enjoy working with others on a project. However, if you make your work the defining factor in your life, you are going to burn out. (Telling from experience) It is good to step away from work to do something else as that will rejuvenate you and might even give you a new perspective. For me I read books, go hiking and travel to get a break from work. You will not believe how many of my project ideas and fixes for issues I was facing were conceptualized while I was slogging away on a hilltop or driving to a new location for a trip.

Someone once told me that it is ok to love your job but don’t expect that love to be always returned. One recent example is the Microsoft Engineer who spent 21 years with MS as a great performer but was still fired earlier this week with little notice. There are multiple such stories and I could fill books with various similar examples.

I have been working remotely since 2020 and it does get tiring as I can’t meet folks face to face for discussions and I do miss the coffee breaks and the random discussions. However, once I log off from work I spend time with family, I go out with friends, I watch movies and do other things and guess what I am happy. Work is one aspect of my life and while it is an important part it doesn’t necessarily define who I am as a person.

When I was a kid I complained to my dad that I was bored and he responded that the fact that you are bored is your problem, you need to figure out how to keep yourself entertained because it is not the job of others around you to keep you entertained. So after that me and my sister would come up with things to keep us busy and entertained. The same concept applies to feeling lonely, it is not the job of others in your life to keep you from feeling lonely (they will obviously be there for you) but rather you need to reach out to them and make connections and do things that would keep you entertained & connected.

What do you think?

– Suramya

January 15, 2023

Calling something older than Christianity doesn’t actually show that it is super old

Filed under: My Thoughts — Suramya @ 11:59 PM

I was reading Agents of Light and Darkness by Simon R. Green and came across this quote “Dedicated to the patron saint of lost causes, St. Jude’s is an old, old place; a cold stone structure possibly older even than Christianity itself.” in the book and it made me laugh. A lot of books have this habit of stating that xyz is older than Christianity as the measurement of how old things are and whenever I read it I just have to say that Christianity only started ~2000 years ago which is not that old compared to older religions, structures and things that exist in the world.

For example, Pyramids of Giza were built over 4500 years ago, a shrine worshiping Goddess (Shakti) made of stone at Baghor, Madhya Pradesh is dated 9000–8000 BC, Megalithic Temples in Malta are between 3000 and 700 BC. Even if you talk about religion Hinduism was started way back in 7,000 BCE, Zoroastrianism was founded ~1600 BCE and Confucianism, Buddhism & Jainism all were founded ~600 BCE. (Source: Oldest Religions in the world) There are so many things, places and ideas that are older than Christianity but there is a certain group of people in the world for whom the world doesn’t seem to exist before its start.

If you want to talk about old things, you can say that it is older than the discovery of fire or older than the start of agriculture or something similar and that still makes some sense. 2000 years is just a blink of an eye and even though it is a popular religion, measuring the age of something against it just doesn’t make sense to me.

– Suramya

January 14, 2023

Manager upset about order of recipients in email

Filed under: My Thoughts — Suramya @ 9:38 PM

There are a lot of people who are really concerned about their power & position, and will go to any lengths to ensure that everyone around them knows how powerful/senior they are. The below screenshot came up in one of my feeds a while ago and I found it to be really funny and all together ridiculous.

Didn't occur to me this is issue for some people.

One of the middle managers from one of our branch sent me an email, politely pointing out that he should be ahead of some recipient in TO field in the email I sent.

It was reply to me only not touching on the subject just pointing out the order.

Told him that's not part of our corporate culture and we don't do that.

Checked his AD account and he's new in company, account created 3 months ago.

When I craft the email I add people randomly from my head or alphabetically if I pull them from address book.

Seems silly thing to obsess about, order of recipient in email based on position, hierarchy.

Anyone encountered this before?
Manager upset about order of recipient in an email

What is even more funny is that people with actual power/position will not pull nonsense like this because they don’t need to. It’s only people who have little power who want to pretend that they have a lot. I have had the unfortunate ‘pleasure’ of dealing with some of these folks and it is always a massive pain because their ego will take any thing as an offense against them and will react accordingly to put the person in place. The only thing these folks will give any notice to is the people above them in power and for them they will do anything and everything to keep them happy.

This is one of the sillier examples that I have heard. Personally, I choose the email addresses in the order I remember them, starting with the main people (the people to whom the email is addressed) followed by the people who need to know what I am talking about in the email. I remember reading somewhere that folks in business schools and one of the big 4 consulting firms actually train people in what order the email addresses need to be listed but I can’t find the reference now. I think that is just a waste of time and energy which the person sending the email should that time on something useful or just take a short break instead of this nonsense.

I do remember having been called out for putting one of the senior people in the CC field instead of the To field even though they were just copied as a courtesy to keep them aware of what was going on. Going forward I remembered putting them in the To field but always found it silly. For me the To field is for the people the mail is addressed to or the people who need to action something on the email, the rest go into the CC field. For emails sent to me (I am in the To field), I have a rule that marked emails where I was in the To field in a specific color so that I knew those were emails I might need to action and that has worked great for me in combination to all my other email rules.

What do you think? Does the order of names in the email matter?

– Suramya

January 10, 2023

Thoughts on Digital payments, UPI and the changing face of Indian Payment options

Filed under: My Thoughts — Suramya @ 10:07 PM

Before demonetization happened back in 2016 in India where all ₹500 and ₹1,000 banknotes of the Mahatma Gandhi Series were discontinued overnight, digital payment systems like PayTm etc were there in the market but not super popular but immediately after the demonetization, online payment systems really took off especially UPI (Unified Payments Interface).

Currently India leads the world in digital payments and in ways to transfer money from one account to another. We started off with National Electronic Fund Transfer (NEFT) that allows a user to transfer money online to any bank that supports it and the transfer would complete within 24 hours. Shortly afterwards IMPS was introduced that allows a user to transfer money to another account instantaneously and whenever I have used it the money has been credited to the other account within a few seconds. Then we have UPI (Unified Payments Interface) which was launched on 11th April 2016 with the goal of making user to user payments easy & painless and supports person-to-merchant (P2M) and person-to-person (P2P) payments. In Dec 2022, 7828.9 Mn transactions were made with UPI for a value of 1,281,970.86 Cr (Rs. 1,281,970,86,00,000) and the total transactions using UPI were at 74,195.02 Millon which is more than the VISA + Mastercard transactions combined. More stats on UPI are available on the NCPI Website

People outside India have no idea how far UPI has changed the face of payments in India. You can go to a roadside shop in the smallest town in India and they are ready to accept payments using UPI. Last week we were in Yelagiri and one of our friends wanted to get a Tarot reading done by this lady sitting outside a temple we were visiting. She wasn’t carrying her wallet and asked if she could do an online payment and the lady immediately whipped out a QR code for her to scan and make a payment. Keep in mind that this is someone who charges Rs 50 for a reading and she loves online payments because it all goes to her account directly and she doesn’t have to worry about securing cash. Recently I went shopping in Bangalore and bought Rs 11 worth of stuff from a pharmacist and tried to pay with a Rs 20 note. I was told that they didn’t have change and was asked to pay online using UPI. So I asked them about online payments and the guy told me that only about 5-10% of people pay cash anymore and most prefer paying via UPI as it is more convenient. A similar story was shared by our neighborhood grocery shop as well. Cash is still in use but more and more people are moving to online payments just for the ease of use. Transactions from 5 Rs to multiple lakhs are done daily using UPI. (The only condition is that there should be a network/data connection available which is the case for most parts of India). If I run out of cash when traveling I just need my phone and can survive without having any cash on hand and it makes sharing/settling bills a breeze as everyone just transfers the money to one another instantly.

However, the west doesn’t want to acknowledge this and still thinks that people in India are living in the stoneage. If I was in the US I would need to use a third party system like Vinemo, PayPal etc to transfer money and they charge a transaction fees for each transaction. UPI on the other hand is free and is supported directly by the Bank/Credit card company. I can transfer money by scanning a QR code, or to a phone number that is connected to my UPI ID which in turn instantly credits the money to my bank account.

There is a privacy implication to this in that there is an electronic trail for every payment sent/received so if needed authorities can pull up all the data for a given user with a warrant. This also reduces the black money (money on which no tax is paid) to a minimum which allows the govt to tax the people correctly.

We Indians need to talk more about our accomplishments and especially success stories like UPI and similar stories as we are leading the world in this space and we should be proud of it.

Well this is all for now. Will write more later.

– Suramya

January 6, 2023

Good developers need to be able to communicate and collaborate and those are not euphemisms for politics and org building

Filed under: Computer Software,My Thoughts,Tech Related — Suramya @ 11:25 PM

Saw this gem in my Twitter feed a little while ago and had to save it so that I could comment on it.

Twitter screenshot stating: Because to some people, in order to be a senior software engineer it's about politics and org building (perhaps you'll hear euphemisms communication and collaboration)
Because to some people, in order to be a senior software engineer it’s about politics and org building (perhaps you’ll hear euphemisms communication and collaboration)

There is a constant theme in Programming that the good developers are anti-social, can’t be bothered to collaborate and should be left alone so that they can create a perfect product. The so called 10x developer. This is emphasized by movie stories about the genius developer creating something awesome sitting in their basement. Unfortunately that is not how real life works as this 10x developer is a myth. In real life you need to be able to communicate, collaborate and work in a team in order to be successful as a programmer. No single person can create an enterprise level software alone and even if you could it needs to be something that people want/need, so guess what you will have to talk to your users to understand what problems they are facing and then work on software that will fix them or make their lives easier.

In one of my previous company, my role was to look at new software/systems and bring them into the company. So we went to expos, talked to startups and explored the market and found a really cool software that we thought would be extremely useful for the business so we went back and pitched it to the business. To our shock no one was interested in adopting the software because it didn’t address any of the pain points that the business was facing. We thought it would be useful for them because we were looking at it from the outside and hadn’t bothered talking to them about what their pain points were. Then we sat down with the business and their development teams to understand the setup and find out what are the most urgent/painful problems that we should fix. After multiple discussions we went out and found a software that addressed a significant pain point for the business and as soon as we demo’d it, we were asked to expedite getting it validated/approved for installed in their org.

Similarly, one of the startups I was working with during the same time were creating tech to help blind people and I happened to mention that to the founder of a NGO (Non-Government Organization) that works with blind people and his response was that what they are creating is cool but I wish they would actually talk to some blind people before they start working on tech to help them, as the blind people don’t want systems that will give them sight but rather assist them in doing things without trying to recreate sight.

Coming back to the original point about Senior Software Engineer, it is not their job to work on every part of the project themselves. Their job is to look at the high level goal, design the architecture and work with other developers in their team to create the software. Another major task of the senior Software Engineer is to mentor their juniors, teach them the tricks of the trade and help them grow in their skills and role. I personally believe that I should always be training the people under me so that they can one day replace me so that I can move on to more interesting projects. If you make yourselves indispensable in your current role and no one can replace you then you will always be doing the same thing and can never move on. Yes, there is a risk that you might be replaced with a junior and get fired but that can even happen to the 10x developer as well. Personally, I would rather have 10 regular developers than a single 10x developer as they are a pain to work with. They will insist on having full control of the entire dev process will refuse to share information that other developers/database/network folks need and basically become a bottle-neck for the entire project.

The way I look at being a senior engineer/architect is that I get to work on the really interesting problems, write code for PoC’s (Proof of Concept) that fix the problem. Then I can handoff the code to others who can productionalize it with me providing guidance and support. Its not to say that I wouldn’t get my hands dirty productionalizing the system but I rather solve interesting problems.

Another myth is that the only person who knows the system will never get fired. I have taken over multiple systems over the years (at least 4 that I can recall for sure) where they were originally managed by a single person who refused to collaborate/communicate with the rest of the team. In some cases they were fired and I was asked to take over, in others they were moved to other non-critical projects so they stopped being a road block. It each case took us a lot of time to reverse engineer/understand the system but it was worth the effort to do that so that we could make future changes without fighting with someone for every change or having to call the person for information everytime the system gave problems.

Long story short: communications doesn’t equate politics and collaboration doesn’t equate org building. If you think that they do then you will be miserable in any mid to large size company. You might get away with it in a startup initially but not for long as the team grows you will be expected to work together with other developers/admins (collaborate) to create systems that others want and for that you will need to communicate with others to ensure what you are making is actually useful.

Well this is all for now. Will write more later.

– Suramya

December 21, 2022

“Linux is a meme and only autistic people use it” brainstorm from an anonymous coward

Filed under: Humor,My Thoughts — Suramya @ 8:28 PM

It is funny how people will make up stuff to explain why Linux (or any other OS) is difficult and why the person making the pronouncements can’t get it to do what they want it to do. Recently, the screenshot below came up in my feed and it made me laugh. As per the author only autistic people use Linux and everyone else “has just fallen for the meme”.

Linux is only for Autistic People

I have been using Linux almost full time since 2001 and am definitely not autistic. I can’t identify trains by their sounds and instead of not being able to talk to girls, according to some I sometimes talk too much. I have no interest in learning the names of the cast for any TV show and as far as I can tell I am leading a pretty normal life.

The genius who penned this (and I am of half a mind that this is just someone trolling Linux users) doesn’t seem to know that it is used to power 96.3% of the world’s top web servers and Android is based on Linux as well. It is the world’s 3rd most popular OS (after Windows and Mac) and while it has its own quirks it def doesn’t need you to know the in’s and out of the computer in order to use it. In fact in my experience, it is easier to install Linux and have a functional setup than it is to install Windows as Windows requires a lot of extra stuff to be installed in order to be productive while in Linux most of that is already pre-installed or built-in.

This was good for a laugh so I wanted to share it here.

– Suramya

December 19, 2022

IndiGo Airlines classifies powerbanks as Dangerous goods & threatens potential prosecution for carrying them on Flight

Filed under: My Thoughts — Suramya @ 2:19 AM

A couple of days ago while I was checking in for my IndiGo flight, I noticed that the airline has a page for “Dangerous Goods and Restricted Articles” just like most other airlines have when doing the online check in. What was interesting over here, was the fact that the page lists “Power Banks” under this category and states that “Carrying these objects may be an offense and may result in prosecution”.

Screenshot from Indigo website taken 10th Dec 2022

This makes absolutely no sense as powerbanks are now carried by pretty much everyone and yes while they are not allowed in checked-in luggage anymore, they are still allowed in carry-on luggage. Classifying then alongside weapons and flammable liquid etc doesn’t make any sense and just gives the airline the option to potentially abuse this classification if required.

I did try reaching out to Indigo over social media about this but didn’t get any response.

– Suramya

December 1, 2022

Analysis of the claim that China/Huawei is remotely deleting videos of recent Chinese protests from Huawei phones

Filed under: Computer Hardware,Computer Software,My Thoughts,Tech Related — Suramya @ 2:23 AM

There is an interesting piece of news that is slowly spreading over the internet in the past few hours where Melissa Chen is claiming over at Twitter that Huawei phones are automatically deleting videos of the protests that took place in China, without notifying their owners. Interestingly I was not able to find any other source reporting this issue. All references/reports of this issue are linking back to this tweet and based on this single tweet that is not supported by external validation. Plus the tweet does not even provide enough information to validate that this is happening other than a single video shared as part of the original tweet.

Melissa Chen claiming on Twitter that videos of protests are being automatically deleted by Huawei without notification

However, it is an interesting exercise to think how this could have been accomplished, what the technical requirements for this to work would look like and if this is something that would happen. So lets go ahead and dig in. In order to delete a video remotely, we would need the following:

  • The capability to identify the videos that need to be deleted without impacting other videos/photos on the device
  • The capability to issue commands to the device remotely that all sensitive videos from xyz location taken at abc time need to be nuked and Monitor the success/failure of the commands
  • Identify the devices that need to have the data on the looked at. Keeping in mind that the device could have been in airplane mode during the filming

Now, lets look at how each of these could be accomplished one at a time.

The capability to identify the videos that need to be deleted without impacting other videos/photos on the device

There are a few ways that we can identify the videos/photos to be deleted. If it was a video from a single source then we could have used a HASH value of the video to identify it and then delete. Unfortunately in this case the video in question is recorded by the device so each video file will have a separate hash value so this is not how we could do this.

The second option is to use the Metadata in the file, to identify the date & time along with the physical location of the video to be deleted. If videos were recorded within a geo-fence area in a specific timeframe then we potentially have the information required to identify the videos in question. The main problem would be that the user could have disabled geo-tagging of photos/videos taken by the phone or the date/time stamp might be incorrect.

One way to bypass this attempt to save the video would be to have the app/phone create a separate geo-location record of every photo/video taken by the device even when GPS is disabled or Geo tagging is disabled. This would require a lot of changes in the OS/App file and since a lot of people have been looking at the code in Huawei phones for issues ever since there was an accusation that they are being used by China to spy on western world, it is hard to imagine this would have escaped from scrutiny.

If the app was saving the data in the video/photo itself rather than a separate location then it should be easy enough to validate by examining the image/video data of photos/videos taken by any Huawei phone. But I don’t see any claims/reports that prove that this is happening.

The capability to issue commands to the device remotely that all sensitive videos from xyz location taken at abc time need to be nuked and Monitor the success/failure of the commands

Coming to the second requirement, Huawei or the government would need the capability to remotely activate the functionality to delete the videos. In order to do this the phone would need to be connecting to a Command & Control (C&C) channel frequently to check for commands. Or the phone would have something listening to remote commands from a central server.

Both of these are hard to disguise and hide. Yes, there are ways to hide data in DNS queries and other such methods to cover the tracks but thanks to Botnets, malware and Ransomware campaigns the ability to identify hidden C&C channels is highly developed and it is hard to hide from everyone looking at this. If the phone has something listening to commands then a scan of the device for open ports/apps listening to connections would be an easy thing to check and even if the app listening is disguised it should be possible to identify that something is listening.

You might say that the commands to activate might be hidden in the normal traffic going to & from the device to the Huawei servers and while that is possible we can check for it by installing a root certificate and passing all the traffic to/from the device via a proxy to be analyzed. Not impossible to do but hard to achieve without leaving signs, and considering the scrutiny these phones are going through hard to accept that this is something that is happening without anyone finding out about it.

Identify the devices that need to have the data on the looked at. (Keeping in mind that the device could have been in airplane mode during the filming)

Next, we have the question on how would Huawei identify the devices that need to run the check for videos. One option would be to issue the command to all their phones anywhere in the world. This would potentially be noisy and there is a possibility that a sharp eyed user catches the command in action. So far more likely option would be for them to issue it against a subset of their phones. This subset could be all phones in China, all phones that visited the location in question around the time the protest happened or all phones that are there in or around the location at present.

In order for the system to be able to identify users in an area, they have a few options. One would be to use GPS location tracking which would require the device to constantly track its location and share with a central location. Most phones already do this. One potential problem would be when users disable GPS on the device but other than that this would be an easy request to fulfill. Another option is to use cell tower triangulation to locate/identify the phones in the area at a given time. This is something that is easily done at the provider side and from what I read quite common in China. Naomi Wu AKA RealSexyCyborg had a really interesting thread on this a little while ago that you should check out.

This doesn’t even account for the fact that China has CCTV coverage across most of its jurisdiction and claim to have the ability to run Facial recognition across this massive amount of video collected. So, it is quite easy for the government to identify the phones that need to be checked for sensitive photos/videos with existing & known technology and ability.

Conclusion/Final thoughts

Now also remember that if Huawei had the ability to issue commands to its phones remotely then they also have the ability to extract data from the phones, or plant information on the phone. Which would be a espionage gold mine as people use their phones for everything and have then with them always. Loosing the ability to do this just to delete videos is not something that I feel China/Huawei would do as harm caused by the loss of intelligence data would far outweigh the benefits of deleting the videos. Do you really think that every security agency, Hacker Collective, bored programmers, Antivirus/cybersec firms would not immediately start digging into the firmware/apps on any Huawei phone once it was known and confirmed that they are actively deleting stuff remotely.

So, while it is possible that Huawei/China has the ability to scan and delete files remotely I doubt that this is the case right now. Considering that there is almost no reports of this happening anywhere and no independent verification of the same plus it doesn’t make sense for China to nuke this capability for such a minor return.

Keeping that in mind this post seems more like a joke or fake news to me. That being said, I might be completely mistaken about all this so if you have additional data or counter points to my reasoning above I would love for you to reach out and discuss this is more detail.

– Suramya

Older Posts »

Powered by WordPress