A new, tunable smart surface can transform a single pulse of light into multiple beams, each aimed in different directions. The proof-of-principle development opens the door to a range of innovations in communications, imaging, sensing, and medicine.
The research comes out of the Caltech lab of Harry Atwater, a professor of applied physics and materials science, and is possible due to a type of nano-engineered material called a metasurface. “These are artificially designed surfaces which basically consist of nanostructured patterns,” says Prachi Thureja, a graduate student in Atwater’s group. “So it’s an array of nanostructures, and each nanostructure essentially allows us to locally control the properties of light.”
The surface can be reconfigured up to millions of times per second to change how it is locally controlling light. That’s rapid enough to manipulate and redirect light for applications in optical data transmission such as optical space communications and Li-Fi, as well as lidar.
“[The metasurface] brings unprecedented freedom in controlling light,” says Alex M.H. Wong, an associate professor of electrical engineering at the City University of Hong Kong. “The ability to do this means one can migrate existing wireless technologies into the optical regime. Li-Fi and LIDAR serve as prime examples.”
Metasurfaces remove the need for lenses and mirrors
Manipulating and redirecting beams of light typically involves a range of conventional lenses and mirrors. These lenses and mirrors might be microscopic in size, but they’re still using optical properties of materials like Snell’s Law, which describes the progress of a wavefront through different materials and how that wavefront is redirected—or refracted—according to the properties of the material itself.
By contrast, the new work offers the prospect of electrically manipulating a material’s optical properties via a semiconducting material. Combined with nano-scaled mirror elements, the flat, microscopic devices can be made to behave like a lens, without requiring lengths of curved or bent glass. And the new metasurface’s optical properties can be switched millions of times per second using electrical signals.
“The difference with our device is by applying different voltages across the device, we can change the profile of light coming off of the mirror, even though physically it’s not moving,” says paper co-author Jared Sisler—also a graduate student in Atwater’s group. “And then we can steer the light like it’s an electrically reprogrammable mirror.”
The device itself, a chip that measures 120 micrometers on each side, achieves its light-manipulating capabilities with an embedded surface of tiny gold antennas in a semiconductor layer of indium tin oxide. Manipulating the voltages across the semiconductor alters the material’s capacity to bend light—also known as its index of refraction. Between the reflection of the gold mirror elements and the tunable refractive capacity of the semiconductor, a lot of rapidly-tunable light manipulation becomes possible.
“I think the whole idea of using a solid-state metasurface or optical device to steer light in space and also use that for encoding information—I mean, there’s nothing like that that exists right now,” Sisler says. “So I mean, technically, you can send more information if you can achieve higher modulation rates. But since it’s kind of a new domain, the performance of our device is more just to show the principle.”
Metasurfaces open up plenty of new possibilities
The principle, says Wong, suggests a wide array of future technologies on the back of what he says are likely near-term metasurface developments and discoveries.
“The metasurface [can] be flat, ultrathin, and lightweight while it attains the functions normally achieved by a series of carefully curved lenses,” Wong says. “Scientists are currently still unlocking the vast possibilities the metasurface has available to us.
“With improvements in nanofabrication, elements with small feature sizes much smaller than the wavelength are now reliably fabricable,” Wong continues. “Many functionalities of the metasurface are being routinely demonstrated, benefiting not just communication but also imaging, sensing, and medicine, among other fields... I know that in addition to interest from academia, various players from industry are also deeply interested and making sizable investments in pushing this technology toward commercialization.”
As a result, India, China, and a range of technology organizations in the European Union and United States are researching and developing QKD and weighing standards for the nascent cryptography alternative. And the biggest question of all is how or if QKD fits into a robust, reliable, and fully future-proof cryptography system that will ultimately become the global standard for secure digital communications into the 2030s. As in any emerging technology standard, different players are staking claims on different technologies and implementations of those technologies. And many of the big players are pursuing such divergent options because no technology is a clear winner at the moment.
According to Ciel Qi, a research analyst at the New York-based Rhodium Group, there’s one clear leader in QKD research and development—at least for now. “While China likely holds an advantage in QKD-based cryptography due to its early investment and development, others are catching up,” says Qi.
Two different kinds of “quantum secure” tech
At the center of these varied cryptography efforts is the distinction between QKD and post-quantum cryptography (PQC) systems. QKD is based on quantum physics, which holds that entangled qubits can store their shared information so securely that any effort to uncover it is unavoidably detectable. Sending pairs of entangled-photon qubits to both ends of a network provides the basis for physically secure cryptographic keys that can lock down data packets sent across that network.
Typically, quantum cryptography systems are built around photon sources that chirp out entangled photon pairs—where photon A heading down one length of fiber has a polarization that’s perpendicular to the polarization of photon B heading in the other direction. The recipients of these two photons perform separate measurements that enable both recipients to know that they and only they have the shared information transmitted by these photon pairs. (Otherwise, if a third party had intervened and measured one or both photons first, the delicate photon states would have been irreparably altered before reaching the recipients.)
“People can’t predict theoretically that these PQC algorithms won’t be broken one day.” —Doug Finke, Global Quantum Intelligence
This shared bit the two people on opposite ends of the line have in common then becomes a 0 or 1 in a budding secret key that the two recipients build up by sharing more and more entangled photons. Build up enough shared secret 0s and 1s between sender and receiver, and that secret key can be used for a type of strong cryptography, called a one-time pad, that guarantees a message’s safe transmission and faithful receipt by only the intended recipient.
By contrast, post-quantum cryptography (PQC) is based not around quantum physics but pure math, in which next-generation cryptographic algorithms are designed to run on conventional computers. And it’s the algorithms’ vast complexity that makes PQC security systems practically uncrackable, even by a quantum computer. So NIST—the U.S. National Institute of Standards and Technology—is developing gold-standard PQC systems that will undergird tomorrow’s post-quantum networks and communications.
The big problem with the latter approach, says Doug Finke, chief content officer of the New York-based Global Quantum Intelligence, is PQC is only believed (on very, very good but not infallible evidence) to be uncrackable by a fully-grown quantum computer. PQC, in other words, cannot necessarily offer the ironclad “quantum security” that’s promised.
“People can’t predict theoretically that these PQC algorithms won’t be broken one day,” Finke says. “On the other hand, QKD—there are theoretical arguments based on quantum physics that you can’t break a QKD network.”
That said, real-world QKD implementations might still be hackable via side-channel, device-based, and other clever attacks. Plus, QKD also requires direct access to a quantum-grade fiber optics network and sensitive quantum communications tech, neither of which is exactly commonplace today. “For day-to-day stuff, for me to send my credit card information to Amazon on my cellphone,” Finke says, “I’m not going to use QKD.”
China’s early QKD lead dwindling
According to Qi, China may have originally picked QKD as a focal point of their quantum technology development in part because the U.S. was not directing its efforts that way. “[The] strategic focus on QKD may be driven by China’s desire to secure a unique technological advantage, particularly as the U.S. leads in PQC efforts globally,” she says.
In particular, she points to ramped up efforts to use satellite uplinks and downlinks as the basis for free-space Chinese QKD systems. Citing as a source China’s “father of quantum,” Pan Jianwei, Qi says, “To achieve global quantum network coverage, China is currently developing a medium-high orbit quantum satellite, which is expected to be launched around 2026.”
That said, the limiting factor in all QKD systems to date is their ultimate reliance on a single photon to represent each qubit. Not even the most exquisitely-refined lasers and fiber optic lines can’t escape the vulnerability of individual photons.
QKD repeaters, which would blindly replicate a single photon’s quantum state but not leak any distinguishing information about the individual photons passing through—meaning the repeater would not be hackable by eavesdroppers—do not exist today. But, Finke says, such tech is achievable, though at least 5 to 10 years away. “It definitely is early days,” he says.
“While China likely holds an advantage in QKD-based cryptography due to its early investment and development, others are catching up.” —Ciel Qi, Rhodium Group
“In China they do have a 2,000-kilometer network,” Finke says. “But it uses this thing called trusted nodes. I think they have over 30 in the Beijing to Shanghai network. So maybe every 100 km, they have this unit which basically measures the signal... and then regenerates it. But the trusted node you have to locate on an army base or someplace like that. If someone breaks in there, they can hack into the communications.”
Meanwhile, India has been playing catch-up, according to Satyam Priyadarshy, a senior advisor to Global Quantum Intelligence. Priyadarshy says India’s National Quantum Mission includes plans for QKD communications research—aiming ultimately for QKD networks connecting cities over 2,000-km distances, as well as across similarly long-ranging satellite communications networks.
Priyadarshy points both to government QKD research efforts—including at the Indian Space Research Organization—and private enterprise-based R&D, including by the Bengaluru-based cybersecurity firm QuNu Labs. Priyadarshy says that QuNu, for example, has been working on a hub-and-spoke framework named ChaQra for QKD. (Spectrum also sent requests for comment to officials at India’s Department of Telecommunications, which were unanswered as of press time.)
“A hybrid of QKD and PQC is the most likely solution for a quantum safe network.” —Satyam Priyadarshy, Global Quantum Intelligence
Multiple sources contacted for this article envisioned a probable future in which PQC will likely be the default standard for most secure communications in a world of pervasive quantum computing. Yet, PQC also cannot avoid its potential Achilles’ heel against increasingly powerful quantum algorithms and machines either. This is where, the sources suggest, QKD could offer the prospect of hybrid secure communications that PQC alone could never provide.
“QKD provides [theoretical] information security, while PQC enables scalab[ility],” Priyadarshy says. “A hybrid of QKD and PQC is the most likely solution for a quantum safe network.” But he added that efforts at investigating hybrid QKD-PQC technologies and standards today are “very limited.”
Then, says Finke, QKD could still have the final say, even in a world where PQC remains preeminent. Developing QKD technology just happens, he points out, to also provide the basis for a future quantum Internet.
“It’s very important to understand that QKD is actually just one use case for a full quantum network,” Finke says.
“There’s a lot of applications, like distributed quantum computing and quantum data centers and quantum sensor networks,” Finke adds. “So even the research that people are doing now in QKD is still very, very helpful because a lot of that same technology can be leveraged for some of these other use cases.”
As the world’s 5G rollout continues with its predictable fits and starts, the cellular technology is also starting to move into a space already dominated by another wireless tech: Wi-Fi. Private 5G networks—in which a person or company sets up their own facility-wide cellular network—are today finding applications where Wi-Fi was once the only viable game in town. This month, the Newbury, England–based telecom company Vodafone is releasing a Raspberry Pi–based private 5G base station that it is now being aimed at developers, who might then jump-start a wave of private 5G innovation.
“The Raspberry Pi is the most affordable CPU[-based] computer that you can get,” says Santiago Tenorio, network architecture director at Vodafone. “Which means that what we build, in essence, has a similar bill of materials as a good quality Wi-Fi router.”
“In a Raspberry Pi—in this case, a Raspberry Pi 4 is what we used—then you can be sure you can run that anywhere, because it’s the tiniest processor that you can have,” Tenorio says.
Santiago Tenorio holds one of Lime Microsystems’ private 5G base-station kits.Vodafone
Private 5G for Drones and Bakeries
There are a range of reasons, Tenorio says, why someone might want their own private 5G network. At the moment, the scenarios mostly concern companies and organizations—although individual expert users could still be drawn to, for instance, 5G’s relatively low latency and network flexibility.
Tenorio highlighted security and mobility as two big selling points for private 5G.
A commercial storefront business, for instance, might be attracted to the extra security protections that a SIM card can provide compared to password-based wireless network security. Because each SIM card contains its own unique identifier and encryption keys, thereby also enabling a network to be able to recognize and authorize each individual connection, Tenorio says private 5G network security is a considerable selling point.
Plus, Tenorio says, it’s simpler for customers to access. Envisioning a use case of a bakery with its own privately deployed 5G network, he says, “You don’t need a password. You don’t need a conversation [with a clerk behind a counter] or a QR code. You simply walk into the bakery, and you are into the bakery’s network.”
As to mobility, Tenorio suggests one emergency relief and rescue application that might rely on the presence of a nearby 5G station that causes devices in its range to ping.
Setting up a private 5G base station on a drone, Tenorio says, would enable that drone to fly over a disaster area and, via its airborne network, send a challenge signal to all devices in its coverage area to report in. Any device receiving that signal with a compatible SIM card then responds with its unique identification information.
“Then any phone would try to register,” Tenorio says. “And then you would know if there is someone [there].”
Not only that, but because the ping would be from a device with a SIM card, the private 5G rescue drone in the above scenario could potentially provide crucial information about each individual, just based on the device’s identifier alone. And that user-identifying feature of private 5G isn’t exactly irrelevant to a bakery owner—or to any other commercial customer—either, Tenorio says.
“If you are a bakery,” he says, “You could actually know who your customers are, because anyone walking into the bakery would register on your network and would leave their [International Mobile Subscriber Identity].”
Winning the Lag Race
According to Christian Wietfeld, professor of electrical engineering at the Technical University of Dortmund in Germany, private 5G networks also bring the possibility of less lag. His team has tested private 5G deployments—although, Wietfeld says that they haven’t yet tested the present Vodafone/Lime Microsystem base station—and have found private 5G to provide reliably better connectivity.
“The additional cost and effort to operate a private 5G network pays off in lower downtimes of production and less delays in delivery of goods,” Wietfeld says. “Also, for safety-critical use cases such as on-campus teleoperated driving, private 5G networks provide the necessary reliability and predictability of performance.”
For Lime Networks, according to the company’s CEO and founder Ebrahim Bushehri, the challenge comes in developing a private 5G base station that maximized versatility and openness to whatever kinds of applications developers could envision—while still being reasonably inexpensive and retaining a low-power envelope.
“The solution had to be ultraportable and with an optional battery pack which could be mounted on drones and autonomous robots, for remote and tactical deployments, such as emergency-response scenarios and temporary events,” Bushehri says.
Meanwhile, the crowdfunding behind the device’s rollout, via the website Crowd Supply, allows both companies to keep tabs on the kinds of applications the developer community is envisioning for this technology, he says.
“Crowdfunding,” Bushehri says, “Is one of the key indicators of community interest and engagement. Hence the reason for launching the campaign on Crowd Supply to get feedback from early adopters.”
A short-haul aircraft in the United Kingdom recently became the first airborne platform to test delicate quantum technologies that could usher in a post-GPS world—in which satellite-based navigation (be it GPS, BeiDou, Galileo, or others) cedes its singular place as a trusted navigational tool. The question now is how soon will it take for this quantum tomorrow to actually arrive.
But is this tech just around the corner, as its proponents suggest? Or will the world need to wait until the 2030s or beyond, as skeptics maintain. Whenever the technology can scale up, potential civilian applications will be substantial.
“The very first application or very valuable application is going to be autonomous shipping,” says Max Perez, vice president for strategic initiatives at the Boulder, Colo.–based company Infleqtion. “As we get these systems down smaller, they’re going to start to be able to address other areas like autonomous mining, for example, and other industrial settings where GPS might be degraded. And then, ultimately, the largest application will be generalized, personal autonomous vehicles—whether terrestrial or air-based.”
The big idea Infleqtion and its U.K. partners are testing is whether the extreme sensitivity that quantum sensors can provide is worth the trade-off of all the expensive kit needed to miniaturize such tech so it can fit on a plane, boat, spacecraft, car, truck, or train.
Turning Bose-Einstein Condensates Into Navigational Tools
At the core of Infleqtion’s technology is a state of matter called a Bose-Einstein condensate (BEC), which can be made to be extremely sensitive to acceleration. And in the absence of an external GPS signal, an aircraft that can keep a close tally on its every rotation and acceleration is an aircraft that can infer its exact location relative to its last known position.
As Perez describes it—the company has not yet published a paper on its latest, landmark accomplishment—Infleqtion’s somewhat-portable BEC device occupies 8 to 10 rack units of space. (One rack unit represents a standard server rack’s width of 48.3 centimeters and a standard server rack depth of 60–100 cm.)
Scientists tested delicate Bose-Einstein condensates in their instruments, which could one day undergird ultrasensitive accelerometers.Qinetiq
In May, the company flew its rig aboard a British Aerospace 146 (BAe 146/Avro RJ100) tech demonstrator aircraft. Inside the rig, a set of lasers blasted a small, supercooled cloud of rubidium atoms to establish a single quantum state among the atoms. The upshot of this cold atom trap is to create ultrasensitive quantum conditions among the whole aggregation of atoms, which is then a big enough cloud of matter to be able to be manipulated with standard laboratory equipment.
Using the quantum wave-particle duality, in which matter behaves both like tiny billiard balls and wave packets, engineers can then use lasers and magnetic fields to split the BEC cloud into two or more coherent matter-wave packets. When later recombined, the interference patterns of the multiple wave packets are studied to discover even the most minuscule accelerations—tinier than conventional accelerometers could measure—to the wave packets’ positions in three-dimensional space.
That’s the theoretical idea, at least.
Real-World Conditions Muddy Timetables
In practice, any BEC-based accelerometer would need to at least match the sensitivity of existing, conventional accelerometer technologies.
“The best inertial systems in the world, based on ring laser gyroscopes, or fiber-optic gyroscopes, can...maintain a nautical mile of precision over about two weeks of mission,” Perez says. “That’s the standard.”
The Infleqtion rig has provided only a proof of principle for creating a manipulable BEC state in a rubidium cloud, Perez adds, so there’s no one-to-one comparison yet available for the quantum accelerometer technology. That said, he expects Infleqtion to be able to either maintain the same nautical-mile precision over a month or more mission time—or, conversely, increase the sensitivity over a week’s mission to something like one-tenth of a nautical mile.
The eventual application space for the technology is vast, says Doug Finke, chief content officer at the New York City–based market research firm Global Quantum Intelligence.
“Quantum navigation devices could become the killer application for quantum-sensing technology,” Finke says. “However, many challenges remain to reduce the cost, size, and reliability. But potentially, if this technology follows it similar path to what happened in computing, from room-size mainframes to something that fits inside one’s pocket, it could become ubiquitous and possibly even replace GPS later this century.”
The timeframe for such a takeover remains an unanswered question. “It won’t happen immediately due to the engineering challenges still to be resolved,” Finke says. “And the technology may require many more years to reach maturation.”
Dana Goward, president of the Alexandria, Va.–based Resilient Navigation and Timing Foundation, even ventures a prediction. “It will be 10 to 15 years at least before we see something that is practical for broad application,” he says.
Perez says that by 2026, Infleqtion will be testing the reliability of its actual accelerometer technology—not just setting up a BEC in midflight, as it did in May.“It’s basically trading off getting the technology out there a little faster versus something that is more precise for more demanding applications that’ll be just behind that,” Perez says.
UPDATE 4 June 2024: The story was updated to modify the accuracy estimate for the best inertial navigation systems today—from one nautical mile per one-week mission (as a previous version of this story stated) to one nautical mile per two-week mission.
Drinking-water systems pose increasingly attractive targets as malicious hacker activity is on the rise globally, according to new warnings from security agencies around the world. According to experts, basic countermeasures—including changing default passwords and using multifactor authentication—can still provide substantial defense. However, in the United States alone, more than 50,000 community water systems also represent a landscape of potential vulnerabilities that have provided a hacker’s playground in recent months.
Yet the larger threat is still very real, according to officials. “When we think about cybersecurity and cyberthreats in the water sector, this is not a hypothetical,” a U.S. Environmental Protection Agency spokesperson said at a press briefing last year. “This is happening right now.” Then, to add to the mix, last month at a public forum in Nashville, FBI director Christopher Wray noted that China’s shadowy Volt Typhoon network (also known as “Vanguard Panda”) had broken into “critical telecommunications, energy, water, and other infrastructure sectors.”
“These attacks were not extremely sophisticated.” —Katherine DiEmidio Ledesma, Dragos
A 2021 review of cybervulnerabilities in water systems, published in the journal Water, highlights the converging factors of increasingly AI-enhanced and Internet-connected tools running more and bigger drinking-water and wastewater systems.
“These recent cyberattacks in Pennsylvania and Texas highlight the growing frequency of cyberthreats to water systems,” says study author Nilufer Tuptuk, a lecturer in security and crime science at University College London. “Over the years, this sense of urgency has increased, due to the introduction of new technologies such as IoT systems and expanded connectivity. These advancements bring their own set of vulnerabilities, and water systems are prime targets for skilled actors, including nation-states.”
According to Katherine DiEmidio Ledesma, head of public policy and government affairs at Washington, D.C.–based cybersecurity firm Dragos, both attacks bored into holes that should have been plugged in the first place. “I think the interesting point, and the first thing to consider here, is that these attacks were not extremely sophisticated,” she says. “They exploited things like default passwords and things like that to gain access.”
Low priority, low-hanging fruit
Peter Hazell is the cyberphysical security manager at Yorkshire Water in Bradford, England—and a coauthor of the Water 2021 cybervulnerability review in water systems. He says the United States’ power grid is relatively well-resourced and hardened against cyberattack, at least when compared to American water systems.
“The structure of the water industry in the United States differs significantly from that of Europe and the United Kingdom, and is often criticized for insufficient investment in basic maintenance, let alone cybersecurity,” Hazell says. “In contrast, the U.S. power sector, following some notable blackouts, has recognized its critical importance...and established [the North American Electric Reliability Corporation] in response. There is no equivalent initiative for safeguarding the water sector in the United States, mainly due to its fragmented nature—typically operated as multiple municipal concerns rather than the large interconnected regional model found elsewhere.”
DiEmidio Ledesma says the problem of abundance is not the United States’ alone, however. “There are so many water utilities across the globe that it’s just a numbers game, I think,” she says. “With the digitalization comes increased risk from adversaries who may be looking to target the water sector through cyber means, because a water facility in Virginia may look very similar now to a water utility in California, to a water utility in Europe, to a water utility in Asia. So because they’re using the same components, they can be targeted through the same means.
“And so we do continue to see utilities in critical infrastructure and water facilities targeted by adversaries,” she adds. “Or at least we continue to hear from governments from the United States, from other governments, that they are being targeted.”
“We developed a white paper recommending this type of approach in 2021,” Morley says. “I have testified to that effect several times, given our recognition that some level of standardization is necessary to provide a common understanding of expectations.”
“I think the best phrase to sum it up is ‘target rich, resource poor.’” —Katherine DiEmidio Ledesma, Dragos
Hazell, of Yorkshire Water, notes that even if the bill does become law, it may not be all its supporters might want. “While the development of the act is encouraging, it feels a little late and limited,” he says. By contrast, Hazell points to the United Kingdom and the European Union’s Network and Information Security Directives in 2016 and 2023, which coordinate cyberdefenses across a range of a member country’s critical infrastructure. The patchwork quilt approach that the United States appears to be going for, he notes, could still leave substantial holes.
“I think the best phrase to sum it up is ‘target rich, resource poor,’” says DiEmidio Ledesma, about the cybersecurity challenges municipal water systems pose today. “It’s a very distributed network of critical infrastructure. [There are] many, many small community water facilities, and [they're] very vital to communities throughout the United States and internationally.”
In response to the emerging threats, Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technologies, issued a public call in March for U.S. states to report on their plans for securing the cyberdefenses of their water and wastewater systems by May 20. When contacted by IEEE Spectrum about the results and responses from Neuberger’s summons, a U.S. State Department spokesperson declined to comment.
A recent Bluetooth connection between a device on Earth and a satellite in orbit signals a potential new space race—this time, for global location-tracking networks.
Bluetooth, the wireless technology that connects home speakers and earbuds to phones, typically traverses meters, not hundreds of kilometers (520 km, in the case of Hubble Network’s two orbiting satellites). The trick to extending the tech’s range, Hubble Network says, lies in the startup’s patented, high-sensitivity signal detection system on a LEO satellite.
“We believe this is comparable to when GPS was first made available for public use.” —Alex Haro, Hubble Network
The caveat, however, is that the connection is device-to-satellite only. The satellite can’t ping devices back on Earth to say “signal received,” for example. This is because location-tracking tags operate on tiny energy budgets—often powered by button-sized batteries and running on a single charge for months or even years at a stretch. Tags are also able to perform only minimal signal processing. That means that tracking devices cannot include the sensitive phased-array antennas and digital beamforming needed to tease out a vanishingly tiny Bluetooth signal racing through the stratosphere.
“There is a massive enterprise and industrial market for ‘send only’ applications,” says Alex Haro, CEO of Hubble Network. “Once deployed, these sensors and devices don’t need Internet connectivity except to send out their location and telemetry data, such as temperature, humidity, shock, and moisture. Hubble enables sensors and asset trackers to be deployed globally in a very battery- and cost-efficient manner.”
Other applications for the company’s technologies, Haro says, include asset tracking, environmental monitoring, container and pallet tracking, predictive maintenance, smart agriculture applications, fleet management, smart buildings, and electrical grid monitoring.
“To give you a sense of how much better Hubble Network is compared to existing satellite providers like Globalstar,” Haro says, “We are 50 times cheaper and have 20 times longer battery life. For example, we can build a Tile device that is locatable anywhere in the world without any cellular reception and lasts for years on a single coin cell battery. This will be a game-changer in the AirTag market for consumers.”
Hubble Network chief space officer John Kim (left) and two company engineers perform tests on the company’s signal-sensing satellite technology. Hubble Network
The Hubble Network system—and presumably the enhanced Life360 Tags that should follow today’s announcement—use a lower energy iteration of the familiar Bluetooth wireless protocol.
Like its more famous cousin, Bluetooth Low-Energy (BLE) uses the 2.4 gigahertz band—a globally unlicensed spectrum band that many Wi-Fi routers, microwave ovens, baby monitors, wireless microphones, and other consumer devices also use.
Haro says BLE offered the most compelling, supposedly “short-range” wireless standard for Hubble Network’s purposes. By contrast, he says, the long-range, wide-area network LoRaWAN operates on a communications band, 900 megahertz, that some countries and regions regulate differently from others—making a potentially global standard around it that much more difficult to establish and maintain. Plus, he says, 2.4 GHz antennas can be roughly one-third the size of a standard LoRaWAN antenna, which makes a difference when launching material into space, when every gram matters.
Haro says that Hubble Network’s technology does require changing the sending device’s software in order to communicate with a BLE receiver satellite in orbit. And it doesn’t require any hardware modifications of the device, save one—adding a standard BLE antenna. “This is the first time that a Bluetooth chip can send data from the ground to a satellite in orbit,” Haro says. “We require the Hubble software stack loaded onto the chip to make this possible, but no physical modifications are needed. Off-the-shelf BLE chips are now capable of communicating directly with LEO satellites.”
“We believe this is comparable to when GPS was first made available for public use,” Haro adds. “It was a groundbreaking moment in technology history that significantly impacted everyday users in ways previously unavailable.”
What remains, of course, is the next hardest part: Launching all of the satellites needed to create a globally available tracking network. As to whether other companies or countries will be developing their own competitor technologies, now that Bluetooth has been revealed to have long-range communication capabilities, Haro did not speculate beyond what he envisions for his own company’s LEO ambitions.
“We currently have our first two satellites in orbit as of 4 March,” Haro says. “We plan to continue launching more satellites, aiming to have 32 in orbit by early 2026. Our pilot customers are already updating and testing their devices on our network, and we will continue to scale our constellation over the next 3 to 5 years.”
Digital Chinese-language keyboards that are vulnerable to spying and eavesdropping have been used by 1 billion smartphone users, according to a new report. The widespread threats these leaky systems reveal could also present a concerning new kind of exploit for cyberattacks, whether the device uses a Chinese-language keyboard, an English keyboard, or any other.
Last year, the University of Toronto’s Citizen Lab released a study of a proprietary Chinese keyboard system owned by the Shenzhen-based tech giant Tencent. Citizen Lab’s “Sogou Keyboard” report exposed the widespread range of attacks possible on the keyboard, which could leak a user’s key presses to outside eavesdroppers. Now, in the group’s new study, released last week, the same researchers have discovered that essentially all the world’s popular Chinese smartphone keyboards have suffered similar vulnerabilities.
“Whatever Chinese-language users of your app might have typed into it has been exposed for years.” —Jedidiah Crandall, Arizona State University
And while the specific bugs the two reports have uncovered have been fixed in most instances, the researchers’ findings—and in particular, their recommendations—point to substantially larger gaps in the systems that extend into software developed around the world, no matter the language.
“All of these keyboards were also using custom network protocols,” says Mona Wang, a computer science Ph.D. student at Princeton University and coauthor of the report. “Because I had studied these sort of custom network protocols before, then this immediately screamed to me that there was something really terrible going on.”
Jedidiah Crandall, an associate professor of computing and augmented intelligence at Arizona State University in Tempe, who was consulted in the report’s preparation but was not on the research team, says these vulnerabilities matter for nearly any coder or development team that releases their work to the world. “If you are a developer of a privacy-focused chat app or an app for tracking something health related, whatever Chinese language users of your app might have typed into it has been exposed for years,” he says.
The Chinese keyboard problem
Chinese, a language of tens of thousands of characters with some 4,000 or more in common use, represents a distinct challenge for keyboard input. A range of different keyboard systems have been developed in the digital era—sometimes called pinyin keyboards, named after a popular romanization system for standard Chinese. Ideally, these creative approaches to digital input enable a profoundly complex language to be straightforwardly phoneticized and transliterated via a compact, often QWERTY-style keyboard format.
“Even competent and well-resourced people get encryption wrong, because it’s really hard to do correctly.” —Mona Wang, Princeton University
Computational and AI smarts can help transform key presses into Chinese characters on the screen. But Chinese keyboards often involve many interchanges across the Internet between cloud servers and other assistive networked apps, just to make it possible for a Chinese-speaking person to be able to type the characters.
According to the report—and an FAQ the researchers released explaining the technical points in plain language—the Chinese keyboards studied all used character-prediction features, which in turn relied on cloud-computing resources. The researchers found that improperly secured communications between a device’s keyboard app and those external cloud servers meant that users’ keystrokes (and therefore their messages) could be accessed in transit.
Jeffrey Knockel, a senior research associate at Citizen Lab and the report coauthor, says cloud-based character prediction is a particularly attractive feature for Chinese-language keyboards, given the vast array of possible characters that any given QWERTY keystroke sequence might be attempting to represent. “If you’re typing in English or any language where there’s enough keys on a keyboard for all your letters, that’s already a much simpler task to design a keyboard around than an ideographic language where you might have over 10,000 characters,” he says.
Chinese-language keyboards are often “pinyin keyboards,” which allow for thousands of characters to be typed using a QWERTY-style approach.Zamoeux/Wikimedia
Sarah Scheffler, a postdoctoral associate at MIT, expressed concern also about other kinds of data vulnerabilities that the Citizen Lab report reveals—beyond keyboards and Chinese-language specific applications necessarily. “The vulnerabilities [identified by the report] are not at all specific to pinyin keyboards,” she says. “It applies to any application sending data over the Internet. Any app sending unencrypted—or badly encrypted—information would have similar issues.”
Wang says the chief problem the researchers uncovered concerns the fact that so many Chinese-keyboard protocols transmit data using inferior and sometimes custom-made encryption.
“These encryption protocols are probably developed by very, very competent and very well-resourced people,” Wang says. “But even competent and well-resourced people get encryption wrong, because it’s really hard to do correctly.”
Beyond the vulnerabilities exposed
Scheffler points to the two-decades-long testing, iteration, and development of the transport layer security (TLS) system underlying much of the Internet’s secure communications, including websites that use the Hypertext Transfer Protocol Secure (HTTPS) protocol. (The first version of TLS was specified and released in 1999.) “All these Chinese Internet companies who are rolling their own [cryptography] or using their own encryption algorithms are sort of missing out on all those 20 years of standard encryption development,” Wang says.
Crandall says the report may have also inadvertently highlighted assumptions about security protocols that may not always apply in every corner of the globe. “Protocols like TLS sometimes make assumptions that don’t suit the needs of developers in certain parts of the world,” he says. For instance, he adds, custom-made, non-TLS security systems may be more attractive “where the network delay is high or where people may spend large amounts of time in areas where the network is not accessible.”
Scheffler says the Chinese-language keyboard problem could even represent a kind of canary in the coal mine for a range of computer, smartphone, and software systems. Because of their reliance on extensive Internet communications, such systems—while perhaps overlooked or relegated to the background by developers—also still represent potential cybersecurity attack surfaces.
“Anecdotally, a lot of these security failures arise from groups that don’t think they’re doing anything that requires security or don’t have much security expertise,” Scheffler says.
Scheffler identifies “Internet-based predictive-text keyboards in any language, and maybe some of the Internet-based AI features that have crept into apps over the years” as possible places concealing cybersecurity vulnerabilities similar to those that the Citizen Lab team discovered in Chinese-language keyboards. This category could include voice recognition, speech-to-text, text-to-speech, and generative AI tools, she adds.
“Security and privacy isn’t many people’s first thought when they’re building their cool image-editing application,” says Scheffler. ”Maybe it shouldn’t be the first thought, but it should definitely be a thought by the time the application makes it to users.”