As companies rush to refashion themselves for the digital age, two news stories from last week remind us why businesses shouldn’t ignore the physical world as they focus on the digital.
Our first cautionary tale is about a large, multinational company scrambling to be first to market with a new product, only to have the review units it sent to media outlets suffer serious hardware failures. That’s right, I’m talking about the multiple reports of broken and malfunctioning screens on the Samsung Galaxy Fold. The second story involves the College of Saint Rose, which suffered significant losses due to a former student using a USB Killer flash drive to destroy more than $50,000 of computer hardware.
Samsung Galaxy Fold review units suffer broken/malfunctioning screens
In my last ZDNet Monday Morning Opener, I explained why foldable devices, such as the Samsung Galaxy Fold and Huawei Mate X, could eventually unseat the traditional PC as the dominant device for corporate knowledge workers. The nearly $2,000 Fold officially goes on sale April 26, but unfortunately for Samsung, it’s getting off to a rough start.
As reviewers for media outlets, like ZDNet’s sibling site CNET, were putting the Fold through its paces, several experienced problems with the phone’s 7.3-inch foldable display.
SEE: Samsung Galaxy Fold: A cheat sheet (TechRepublic)
Reviewers, such as Bloomberg’s Mark Gurman and YouTuber Marques “MKBHD” Brownlee, both removed a thin protective film applied to the Fold’s screen assuming it was meant to be removed like the plastic wrapping often used in the packaging for new phones. Removing this layer appears to have caused or contributed to the complete failure of the screens on both reviewers’ phones. The Verge’s Dieter Bohn, reported that the screen on his Fold developed a small bulge in the center above the hinge (possibly due to debris getting into the hinge mechanism), also resulting in a broken screen. Todd Haselton, from CNBC, also reported a screen malfunction on his loaner Fold, which still had the protective coating intact. As of this writing, the screen on CNET’s Galaxy Fold review unit is still functioning.
In response to the reports of broken screens, Samsung issued the following statement:
“A limited number of early Galaxy Fold samples were provided to media for review. We have received a few reports regarding the main display on the samples provided. We will thoroughly inspect these units in person to determine the cause of the matter.”
Despite the reported problems, the company is pushing ahead with the Fold’s April 26 launch. And while it’s too early to know how the early reports of broken screens will affect sales of the Fold or foldable phones in general, the same company that suffered a PR nightmare with the Galaxy Note 7 battery fires just two years ago, shouldn’t have brought a product to market that seems to have two serious physical design flaws…a hinge that allows debris to get under the screen and an essential screen component that lends itself to user removal.
In press releases, Samsung has said the Fold can withstand 200,000 folds and unfolds, but clearly their testing either didn’t catch these potential flaws or the product was rushed to market in spite of them. It’s also possible the reviewers weren’t given final-release hardware, but with less than a week until launch, I find the latter hard to believe.
“By sticking to the April 26 launch date and releasing the Galaxy Fold with nothing more than a warning to not peel off the protective layer, Samsung is playing with fire,” wrote ZDNet’s Adrian Kingsley-Hughes, “Again.”
Let’s hope CNET’s Jessica Dolcort is right in her belief that Samsung won’t want another Note 7-style PR disaster and will “fully refund a broken Galaxy Fold if it did happen to you.”
Former student destroys college computers with USB Killer thumb drive
The second tale of physical hardware woe comes from The College of Saint Rose, a small private school in Albany, New York. According to a plea agreement filed March 16, a former student used a USB Killer device to destroy 59 computers, multiple monitors, and several computer-enhanced podiums. The college’s losses totaled more than $58,000 in hardware and staff time, which according to the court documents, the defendant has agreed to repay.
Reports of the USB Killer drive surfaced in 2015 and ZDNet covered them back in 2016. As ZDNet’s Catalin Cimpanu explained, “USB Killer devices work by rapidly charging thumb drive capacitors from the USB power supply, and then discharging the electrical current back into the USB slot–all in a matter of seconds–effectively frying the computer to which the USB Killer device is connected.” This may be the first reported prosecution of someone using the device for a criminal offense.
SEE: IT physical security policy template download (Tech Pro Research)
The defendant was caught due to a combination of video surveillance and his own arrogance. According to Albany’s Times Union, cameras captured footage of a man whom federal agents and college staff identified as the defendant. And according to the plea agreement, the defendant used his personal iPhone to film himself performing the attacks while making statements like “it’s dead” and “it’s gone. Boom.”
Even before ESD weapons like the USB Killer surfaced, USB ports posed a significant security risk. For decades, IT departments have balanced their convenience for transferring data and connecting peripherals, with their ability to facilitate the exfiltration of sensitive data and installation of malicious code.
Combine the inherent risks of USB drives with the propensity of people to pick up random thumb drives and stick them in the nearest computer, and you have a frustratingly hard-to-counter and dangerous security threat. Even if college IT staff had disabled the USB ports through software or a more physical manner such as glue, a determined vandal could have still have destroyed the machines through less sophisticated, but likely more detectable means, like water or a hammer. Regardless, physical security should always be the foundation for your overall IT security strategy. In the college’s case, better access controls, such as keycards for authorized personnel, may have prevented the defendant from gaining access to the machines. (There is no information in the court documents that the college did, or did not, use such access controls.)
More on physical security from ZDNet’s sibling site TechRepublic:
Don’t forget about the physical
Although the different in their scope (product testing vs. physical security), both tales illustrate the importance of keeping and eye how real people interact with your physical devices in the real world. A lesson we should all keep in mind.
ZDNET’S MONDAY MORNING OPENER:
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.
PREVIOUSLY ON MONDAY MORNING OPENER:
READ MORE HERE