"evil maid"

Teen's devastating bug-report on a "tamper-proof" cryptocurrency wallet shows why companies can't be left in charge of bad news about their products

Saleem Rashid is a 15 year old self-taught British programmer who discovered a fatal defect in the Ledger Nano S, an offline cryptocurrency wallet that is marketed as being "tamper-proof." Read the rest

Intel's Management Engine, a secure-computer-within-your-computer, is really, really insecure

Back in 2016, we published a good technological explainer about Intel's Management Engine, an evolution of the decade-plus old idea of "Trusted Computing," in which a separate, isolated system-on-a-chip lives alongside of your computer, performing cryptographic work and overseeing the functions of your computer. Read the rest

Snowden helped design an app that turns your old phone into a surveillance device to help solve the "evil maid" problem

In cryptographic and security circles, the "evil maid" problem describes a class of attacks in which a piece of unguarded hardware, is tampered with by someone who gains physical access to it: for example, a hotel chambermaid who can access your laptop while you're out of the room. Read the rest

Securing driverless taxis is going to be really, really hard

Charlie Miller made headlines in 2015 as part of the team that showed it was possible to remote-drive a Jeep Cherokee over the internet, triggering a 1.4 million vehicle recall; now, he's just quit a job at Uber where he was working on security for future self-driving taxis, and he's not optimistic about the future of this important task. Read the rest

Ed Snowden and Andrew "bunnie" Huang announce a malware-detecting smartphone case

Exiled NSA whistleblower Edward Snowden and legendary hardware hacker Andrew bunnie" Huang have published a paper detailing their new "introspection engine" for the Iphone, an external hardware case that clips over the phone and probes its internal components with a miniature oscilloscope that reads all the radio traffic in and out of the device to see whether malicious software is secretly keeping the radio on after you put it in airplane mode. Read the rest

:)