Tag Archives: Technology

Security firm finds some Macs vulnerable to ‘firmware’ attacks

FILE PHOTO: Apple CEO Tim Cook speaks under a graphic of the new MacBook Pro during an Apple media event in Cupertino, California, U.S. October 27, 2016. REUTERS/Beck Diefenbach

By Stephen Nellis

(Reuters) – Since 2015, Apple Inc <AAPL.O> has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

When a computer is first powered on — before the operating system has even booted up — firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models – such as the 21.5-inch iMac released in late 2015 – 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

“Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,” the company said in a statement. “In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

(Reporting by Stephen Nellis; Editing by Leslie Adler)

Exclusive: U.S. Homeland Security found SEC had ‘critical’ cyber weaknesses in January

Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January

By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Department of Homeland Security detected five “critical” cyber security weaknesses on the Securities and Exchange Commission’s computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

The report’s findings raise fresh questions about a 2016 cyber breach into the U.S. market regulator’s corporate filing system known as “EDGAR.” SEC Chairman Jay Clayton disclosed late Wednesday that the agency learned in August 2017 that hackers may have exploited the 2016 incident for illegal insider-trading.

The January DHS report, which shows its weekly findings after scanning computers for cyber weaknesses across most of the federal civilian government agencies, revealed that the SEC at the time had the fourth most “critical” vulnerabilities.

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched “promptly” the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulator’s systems.

The hack, two weeks after credit-reporting company Equifax <EFX.N> said hackers had stolen data on more than 143 million U.S. customers, has sent shockwaves through the U.S. financial sector.

An SEC spokesman did not have any comment on the report’s findings.

It is unclear if any of those critical vulnerabilities, detected after a scan of 114 SEC computers and devices, still pose a threat.

During the Obama administration, such scans were done on a weekly basis.

“I absolutely think any critical vulnerability like that should be acted on immediately,” said Tony Scott, the former federal chief information officer during the Obama administration who now runs his own cybersecurity consulting firm.

“This is what was at the root of the Equifax hack. There was a critical vulnerability that went unpatched for some long period of time. And if you’re a hacker, you are going to … try to see if you can exploit it in some fashion or another. So there is a race against the clock.”

For the past several years, the Department of Homeland Security has been producing a report known as the “Federal Cyber Exposure Scorecard.” It provides a weekly snapshot to more than 80 civilian government agencies about potential outstanding cyber weaknesses and how long they have persisted without being patched.

A directive by Homeland Security requires agencies to address critical vulnerabilities within 30 days, though sometimes that deadline can be difficult to meet if it might disrupt a government system.

The January snapshot shows improvements have been made across the government since May 2015, when there were a total of 363 critical vulnerabilities on devices across all of the civilian agencies, according to the report.

As of January 23, by contrast, there were a total of 40 critical vulnerabilities across the agencies reviewed by DHS and another 280 weaknesses categorized as “active high,” which is the second more severe category.

The top four agencies with the most “critical” vulnerabilities as of January 23 included the Environmental Protection Agency, the Department of Health and Human Services, the General Services Administration and the SEC.

However, more vulnerabilities do not necessarily mean one agency is worse than another because things depend on how many computers or devices known as “hosts” were scanned and what kinds of information could potentially be exposed.

“All it takes is one,” Scott said. “You can have one host and one vulnerability and your risk might be 10 times as high as someone who has 10 hosts and ten vulnerabilities.”

(Reporting by Sarah N. Lynch; Editing by Nick Zieminski)

Equifax reveals hack that likely exposed data of 143 million customers

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski/File Photo

By Yashaswini Swamynathan

(Reuters) – Equifax Inc, a provider of consumer credit scores, said on Thursday that personal details of as many as 143 million U.S. consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States.

The company’s shares fell nearly 19 percent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the U.S. population.

Atlanta-based Equifax said in a statement that it discovered the breach on July 29. It said criminals exploited a U.S. website application vulnerability to gain access to certain files that included names, Social Security numbers and driver’s license numbers.

In addition, credit card numbers of around 209,000 U.S. consumers and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were accessed. Information of some UK and Canadian residents was also gained in the hack, Equifax said.

Equifax said in its statement that it was working with law enforcement agencies and has hired a cyber-security firm to investigate the breach. It said its investigation is “substantially complete,” and expects it will be completed in the coming weeks.

The company declined to comment beyond its statement.

The Federal Bureau of Investigation is tracking the situation, a spokeswoman for the agency said.

U.S. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, said in a statement that it would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.”

Equifax’s breach follows rival Experian Plc’s breach two years ago that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc (http://reut.rs/2f8ES9k)

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in a statement, adding that the company is conducting “a thorough review of our overall security operations.”

LIKELIHOOD FOR PHISHING SEEN HIGH

Cybersecurity experts said the breach was very serious.

“On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud.

Equifax handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.

Ryan Kalember, senior vice president of cyber security firm Proofpoint, said the hack was “especially troubling” because companies typically offer free credit monitoring services from firms such as Equifax, which has now itself suffered a huge cyber attack.

“The information is very personal – the likelihood that it could be used for phishing is very high,” said Matt Tait, a former analyst at the British intelligence service GCHQ and a cyber security researcher.

Equifax said consumers could check if their information had been impacted at, www.equifaxsecurity2017.com.

Representative Maxine Waters, a member of the House of Representatives Financial Services Committee, said in a statement that she would reintroduce legislation to “enhance consumer protection tools available to minimize harm caused by identity theft.”

Three days after Equifax discovered the breach, three top Equifax executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose off stock worth about $17.8 million, regulatory filings show. It was not clear whether these transactions were part of a pre-arranged sales plan.

Equifax said in a statement that the executives were not aware that an intrusion had occurred when they sold their shares.

(Reporting by Yashaswini Swamynathan in Bengaluru; Additional reporting by Laharee Chatterjee in Bengaluru and Siddharth Cavale and Dustin Volz in Washington; Editing by Leslie Adler)

Ukraine cyber security firm warns of possible new attacks

Ukraine cyber security firm warns of possible new attacks

KIEV (Reuters) – Ukrainian cyber security firm ISSP said on Tuesday it may have detected a new computer virus distribution campaign, after security services said Ukraine could face cyber attacks similar to those which knocked out global systems in June.

The June 27 attack, dubbed NotPetya, took down many Ukrainian government agencies and businesses, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.

ISPP said that, as with NotPetya, the new malware seemed to originate in accounting software and could be intended to take down networks when Ukraine celebrates its Independence Day on Aug. 24.

“This could be an indicator of a massive cyber attack preparation before National Holidays in Ukraine,” it said in a statement.

In a statement, the state cyber police said they also had detected new malicious software.

The incident is “in no way connected with global cyber attacks like those that took place on June 27 of this year and is now fully under control,” it said.

The state cyber police and the Security and Defence Council have said Ukraine could be targeted with a NotPetya-style attack aimed at destabilizing the country as it marks its 1991 independence from the Soviet Union.

Last Friday, the central bank said it had warned state-owned and private lenders of the appearance of new malware, spread by opening email attachments of word documents.

Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

(Reporting by Natalia Zinets; Additional reporting by Pavel Polityuk; Writing by Alessandra Prentice; editing by Mark Heinrich and Richard Balmforth)

Tech companies urge U.S. Supreme Court to boost cellphone privacy

FILE PHOTO: A fan uses a cell phone to record a performance during the 2014 CMT Music Awards in Nashville, Tennessee June 4, 2014. REUTERS/Harrison McClary

By Andrew Chung

WASHINGTON (Reuters) – More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon Communications Inc <VZ.N>, have called on the U.S. Supreme Court to make it harder for government officials to access individuals’ sensitive cellphone data.

The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user’s whereabouts.

Signed by some of Silicon Valley’s biggest names, including Apple <AAPL.O>, Facebook <FB.O>, Twitter <TWTR.N>, Snap <SNAP.N> and Alphabet’s <GOOGL.O> Google, the brief said that as individuals’ data is increasingly collected through digital devices, greater privacy protections are needed under the law.

“That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant,” the brief said.

The justices agreed last June to hear the appeal by Timothy Carpenter, who was convicted in 2013 in a series of armed robberies of Radio Shack and T-Mobile stores in Ohio and Michigan.

Federal prosecutors helped place him near several of the robberies using “cell site location information” obtained from his wireless carrier.

Carpenter claims that without a warrant from a court, such data amounts to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment. But last year a federal appeals court upheld his convictions, finding that no warrant was required.

Carpenter’s case will be argued before the court some time after its new term begins in October.

The case comes amid growing scrutiny of the surveillance practices of U.S. law enforcement and intelligence agencies and concern among lawmakers across the political spectrum about civil liberties and police evading warrant requirements.

Nathan Freed Wessler, an attorney with the American Civil Liberties Union who is representing Carpenter, said the companies’ brief represented a “robust defense of their customers’ privacy rights in the digital age.”

Verizon’s participation in the brief was important, he added, given that it receives, like other wireless carriers, thousands of requests for cellphone location records every year from law enforcement. The requests are routinely granted.

Civil liberties lawyers have said police need “probable cause,” and therefore a warrant, to avoid constitutionally unreasonable searches.

The companies said in their brief the Supreme Court should clarify that when it comes to digital data that can reveal personal information, people should not lose protections against government intrusion “simply by choosing to use those technologies.”

(Reporting by Andrew Chung; Editing by Chizu Nomiyama)

Greater China cyber insurance demand set to soar after WannaCry attack: AIG

FILE PHOTO: A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su/File Photo

By Julie Zhu

HONG KONG (Reuters) – Demand for cyber insurance from firms in Greater China and elsewhere in Asia is poised to soar, based on enquiries received after the “WannaCry ransomware” attack earlier this year, executives at American International Group Inc said.

The American insurer saw an 87 percent jump in enquiries for cyber insurance policies in May compared to April for Greater China including Hong Kong as a direct result of the WannaCry attack, while the global increase was 38 percent, they said.

“The big increase means the organizations are aware they really need protection,” Cynthia Sze, head of an AIG business in Greater China that provides solutions to companies dealing with cyber breaches, told reporters. AIG executives declined to give details on numbers or say how many of the enquiries actually resulted in policy sales.

The self-replicating WannaCry malware in May infected over 200,000 computers in 150 countries.

A typical cyber insurance policy can protect companies against extortion like ransomware attacks. It could also cover the investigation costs and pay the ransom.

In Hong Kong, which is dominated by small and medium sized enterprises, the impact of a cyber attack could be severe as cyber threats are not a priority given the limited resources of SMEs, said Sze.

Citing Hong Kong police statistics, Sze said computer security incident reports have grown to about 6,000 last year from 1,500 in 2009. Financial losses resulting from such incidents jumped from HK$45 million ($5.76 million) to HK$2.3 billion over the same period, she said.

Hong Kong police did not immediately respond to a request for comment to confirm the numbers.

“WannaCry has really changed the dynamics. We used to tap large multinational companies that understood where the exposure was. Now we are really talking about mid-market and SMEs,” said Jason Kelly, AIG’s head of liabilities and financial lines for Greater China, Australasia and South Korea.

The global market for cyber insurance is worth $2 billion, with 30 percent of middle to large firms purchasing cyber insurance protection, according to AIG. The insurer has also seen an average annual growth rate of 20 to 25 percent in cyber insurance policies over the past three years worldwide, said Kelly.

Insurance companies have been cautiously entering the cyber insurance market as they look for growth amid stiff competition and potential exposure to cyber breaches.

According to Kelly, the annual damage from hackers to the global economy reached about $400 billion in 2015.

(Reporting by Julie Zhu; Editing by Muralikumar Anantharaman)

As shootings soar, Chicago police use technology to predict crime

A Chicago police officer attends a news conference announcing the department's plan to hire nearly 1,000 new police officers in Chicago, Illinois, U.S. on September 21, 2016.

By Timothy Mclaughlin

CHICAGO (Reuters) – In a control room at a police headquarters on Chicago’s South Side, officers scan digital maps on big screens to see where a computer algorithm predicts crime will happen next.

Thrust into a national debate over violent crime and the use of force by officers, police in the third-largest U.S. city are using technology to try to rein in a surging murder rate.

And while commanders recognize the new tools can only ever be part of the solution, the number of shootings in the 7th District from January through July fell 39 percent compared with the same period last year. The number of murders dropped by 33 percent to 34. Citywide, the number of murders is up 3 percent at 402.

Three other districts where the technology is fully operational have also seen between 15 percent and 29 percent fewer shootings, and 9 percent to 18 percent fewer homicides, according to the department’s data.

“The community is starting to see real change in regards to violence,” said Kenneth Johnson, the 7th District commander.

Cities like Philadelphia, San Francisco, Milwaukee, Denver, Tacoma, Washington, and Lincoln, Nebraska have tested the same or similar technologies.

The techniques being used in Chicago’s 7th District’s control room, one of six such centers opened since January as part of a roughly $6 million experiment, are aimed at complimenting traditional police work and are part of a broader effort to overhaul the force of some 12,500 officers.”We are not saying we can predict where the next shooting is going to occur,” said Jonathan Lewin, chief of the Chicago Police Department’s Bureau of Technical Services. “These are just tools. They are not going to replace (officers).”

The department’s efforts come after a Justice Department investigation published in January found officers engaged in racial discrimination and routinely violated residents’ civil rights.

That probe followed street protests triggered by the late 2015 release of a video showing a white police officer fatally shooting black teenager Laquan McDonald a year earlier.

Some critics of the department fear the technology could prove a distraction from confronting what they say are the underlying issues driving violence in the city of 2.7 million.

“Real answers are hard,” said Andrew Ferguson, a law professor at the University of the District of Columbia who has written a book on police technology. “They involve better education, better economic opportunity, dealing with poverty and mental illness.”

 

‘KILLING FIELDS’

Chicago’s recent rash of shootings – 101 people were shot over the Independence Day weekend alone – prompted President Donald Trump to bemoan the response of city leaders to the bloodshed, and Attorney General Jeff Sessions to describe some of its areas as “killing fields.”

One of the technologies being used in the 7th District is HunchLab, a predictive policing program made by Philadelphia-based company Azavea. It combines crime data with factors including the location of local businesses, the weather and socioeconomic information to forecast where crime might occur. The results help officers decide how to deploy resources.

Another is the Strategic Subject’s List, a database of individuals likely to be involved in shootings that was developed by the Illinois Institute of Technology.

Police are tight-lipped about how it is compiled, saying only that the algorithm looks at eight factors including gang affiliation and prior drug arrests to assign people a number between 0 and 500. A higher number reflects higher risk.

They are also using the gunfire detection system made by ShotSpotter Inc which uses sensors to locate the source of gunshots. Police officials declined, however, to say how many such devices were installed in the 7th District.

“We can’t give away the kitchen sink and tell them all of our secrets,” district commander Johnson said.

 

(Reporting by Timothy Mclaughlin; Editing by Ben Klayman and Lisa Shumaker)

 

China holds drill to shut down ‘harmful’ websites

Computer code is seen on a screen above a Chinese flag in this July 12, 2017 illustration photo. REUTERS/Thomas White/Illustration

By Sijia Jiang

HONG KONG (Reuters) – China held a drill on Thursday with internet service providers to practice taking down websites deemed harmful, as the country’s censors tighten control ahead of a sensitive five-yearly political reshuffle set to take place later this year.

Internet data centers (IDC) and cloud companies – which host website servers – were ordered to participate in a three-hour drill to hone their “emergency response” skills, according to at least four participants that included the operator of Microsoft’s cloud service in China.

China’s Ministry of Public Security called for the drill “in order to step up online security for the 19th Party Congress and tackle the problem of smaller websites illegally disseminating harmful information”, according to a document circulating online attributed to a cyber police unit in Guangzhou.

An officer who answered the phone in the Guangzhou public security bureau confirmed the drill but declined to elaborate.

President Xi Jinping has overseen a tightening of China’s cyberspace controls, including tough new data surveillance and censorship rules. This push is now ramping up ahead of an expected consolidation of power at the Communist Party Congress this autumn.

The drill asked internet data centers to practice shutting down target web pages speedily and report relevant details to the police, including the affected websites’ contact details, IP address and server location.

China’s cyberspace administration declined to comment, saying it was not the correct department to address the question to. China’s Ministry of Public Security did not respond to a faxed request for comment.

Several service providers, including 21Vianet Group and VeryCloud, issued notices to users, warning of possible temporary service disruptions on Thursday afternoon as a result of the drill, which were confirmed to Reuters by their customer service representatives.

Nasdaq-listed 21 Vianet Group is China’s largest carrier-neutral internet data center services provider according to its website, and counts many Western multinationals including Microsoft, IBM, Cisco and HP among its clients. It runs Microsoft’s Azure-based services in China.

21 Vianet Group did not immediately respond to an emailed request for comment.

China has been tightening its grip on the internet, including a recent drive to crack down on the usage of VPNs to bypass internet censorship, enlisting the help of state-owned telecommunication service providers to upgrade the so-called Great Firewall.

Apple last week removed VPN apps from its app store, while Amazon’s China partner warned users not to use VPNs.

(Reporting by Sijia Jiang; Additional reporting by Susan Gao and Jasper Ng in HONG KONG and Ben Blanchard in Beijing; Editing by Mark Potter)

Half of German companies hit by sabotage, spying in last two years, BSI says

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

BERLIN (Reuters) – More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said on Friday, and estimated the attacks caused around 55 billion euros’ worth of damage a year.

Several high-profile attacks have occurred recently, such as the WannaCry ransomware attacks in May and a virus dubbed “NotPetya” that halted production at some companies for more than a week. Others lost millions of euros to organized crime in a scam called “CEO Fraud”.

Some 53 percent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found – up from 51 percent in a 2015 study.

At the same time, the damage caused rose by 8 percent to around 55 billion euros a year, the survey of 1,069 managers and people responsible for security in various sectors found.

Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said.

“The high number of companies affected clearly shows that we still have work to do on cyber security in Germany,” he said in a statement on Friday.

The BSI urged companies in Europe’s largest economy to make information security a top priority and said all companies need to report serious IT security incidents, even if anonymously.

Schoenbohm told Reuters in an interview that hardware and software makers should do their part to shore up cyber security and patch weaknesses in software more quickly once identified.

“There’s still a lot of work to be done,” he said. “We have to be careful that we don’t focus solely on industry and computer users, but also look at the producers and quality management.”

Some 62 percent of companies affected found those behind the attacks were either current or former employees. Forty-one percent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said.

Foreign intelligence agencies were found to be responsible in 3 percent of the cases, it said.

Twenty-one percent believed hobby hackers were responsible while 7 percent attributed attacks to organized crime.

(Reporting by Michelle Martin, Andrea Shalal and Thorsten Severin; Editing by Larry King and Hugh Lawson)

Tech companies wage war on disease-carrying mosquitoes

Researcher Ethan Jackson places the Project Premonition mosquito trap in the wild in this handout photo obtained by Reuters June 30, 2017. Microsoft/Handout via REUTERS

By Julie Steenhuysen

CHICAGO (Reuters) – American technology companies are bringing automation and robotics to the age-old task of battling mosquitoes in a bid to halt the spread of Zika and other mosquito-borne maladies worldwide.

Firms including Microsoft Corp and California life sciences company Verily are forming partnerships with public health officials in several U.S. states to test new high-tech tools.

In Texas, Microsoft is testing a smart trap to isolate and capture Aedes aegypti mosquitoes, known Zika carriers, for study by entomologists to give them a jump on predicting outbreaks.

Verily, Alphabet’s life sciences division based in Mountain View, California, is speeding the process for creating sterile male mosquitoes to mate with females in the wild, offering a form of birth control for the species.

While it may take years for these advances to become widely available, public health experts say new players brings fresh thinking to vector control, which still relies heavily on traditional defenses such as larvicides and insecticides. “It’s exciting when technology companies come on board,” said Anandasankar Ray, an associate professor of entomology at the University of California, Riverside. “Their approach to a biological challenge is to engineer a solution.”

SMART TRAPS

The Zika epidemic that emerged in Brazil in 2015 and left thousands of babies suffering from birth defects has added urgency to the effort.

While cases there have slowed markedly, mosquitoes capable of carrying the virus – Aedes aegypti and Aedes albopictus – are spreading in the Americas, including large swaths of the southern United States.

(For a map of U.S. mosquito territory, see http://tmsnrt.rs/2tqlJHa)

The vast majority of the 5,365 Zika cases reported in the United States so far are from travelers who contracted the virus elsewhere. Still, two states – Texas and Florida – have recorded cases transmitted by local mosquitoes, making them prime testing grounds for new technology.

In Texas, 10 mosquito traps made by Microsoft are operating in Harris County, which includes the city of Houston.

Roughly the size of large birdhouses, the devices use robotics, infrared sensors, machine learning and cloud computing to help health officials keep tabs on potential disease carriers.

Texas recorded six cases of local mosquito transmission of Zika in November and December of last year. Experts believe the actual number is likely higher because most infected people do not develop symptoms.

Pregnant women are at high risk because they can pass the virus to their fetuses, resulting in a variety of birth defects. Those include microcephaly, a condition in which infants are born with undersized skulls and brains. The World Health Organization declared Zika a global health emergency in February 2016.

Most conventional mosquito traps capture all comers – moths, flies, other mosquito varieties – leaving a pile of specimens for entomologists to sort through. The Microsoft machines differentiate insects by measuring a feature unique to each species: the shadows cast by their beating wings. When a trap detects an Aedes aegypti in one of its 64 chambers, the door slams shut.

The machine “makes a decision about whether to trap it,” said Ethan Jackson, a Microsoft engineer who is developing the device.

The Houston tests, begun last summer, showed the traps could detect Aedes aegypti and other medically important mosquitoes with 85 percent accuracy, Jackson said.

The machines also record shadows made by other insects as well as environmental conditions such as temperature and humidity. The data can be used to build models to predict where and when mosquitoes are active.

Mustapha Debboun, director of Harris County’s mosquito and vector control division, said the traps save time and give researchers more insight into mosquito behavior. “For science and research, this is a dream come true,” he said.

The traps are prototypes now. But Microsoft’s Jackson said the company eventually hopes to sell them for a few hundred dollars each, roughly the price of conventional traps. The goal is to spur wide adoption, particularly in developing countries, to detect potential epidemics before they start.

“What we hope is (the traps) will allow us to bring more precision to public health,” Jackson said.

SORTING MOSQUITOES WITH ROBOTS

Other companies, meanwhile, are developing technology to shrink mosquito populations by rendering male Aedes aegypti mosquitoes sterile. When these sterile males mate with females in the wild, their eggs don’t hatch.

The strategy offers an alternative to chemical pesticides. But it requires the release of millions of laboratory-bred mosquitoes into the outdoors. Males don’t bite, which has made this an easier sell to places now hosting tests.

Oxitec, an Oxford, England-based division of Germantown, Maryland-based Intrexon Corp, is creating male mosquitoes genetically modified to be sterile. It has already deployed them in Brazil, and is seeking regulatory approval for tests in Florida and Texas.

MosquitoMate Inc, a startup formed by researchers at the University of Kentucky, is using a naturally occurring bacterium called Wolbachia to render male mosquitoes sterile.

One of the biggest challenges is sorting the sexes.

At MosquitoMate’s labs in Lexington, immature mosquitoes are forced through a sieve-like mechanism that separates the smaller males from the females. These mosquitoes are then hand sorted to weed out any stray females that slip through.

“That’s basically done using eyeballs,” said Stephen Dobson, MosquitoMate’s chief executive.

Enter Verily. The company is automating mosquito sorting with robots to make it faster and more affordable. Company officials declined to be interviewed. But on its website, Verily says it’s combining sensors, algorithms and “novel engineering” to speed the process.

Verily and MosquitoMate have teamed up to test their technology in Fresno, California, where Aedes aegypti arrived in 2013.

Officials worry that residents who contract Zika elsewhere could spread it in Fresno if they’re bitten by local mosquitoes that could pass the virus to others.

“That is very much of a concern because it is the primary vector for diseases such as dengue, chikungunya and obviously Zika,” said Steve Mulligan, manager of the Consolidated Mosquito Abatement District in Fresno County.

The study, which still needs state and federal approval, is slated for later this summer.

(Editing by Marla Dickerson)