Small stickers on the ground trick Tesla autopilot into steering into opposing traffic lane

Researchers from Tencent Keen Security Lab have published a report detailing their successful attacks on Tesla firmware, including remote control over the steering, and an adversarial example attack on the autopilot that confuses the car into driving into the oncoming traffic lane. Read the rest

Banksy's art authentication system displays top-notch cryptographic nous

Banksy's anonymity makes it hard to authenticate his pieces and prints, so Banksy has created a nonprofit called "Pest Control" that issues certificates of authenticity: you send them an alleged Banksy print and £65 and if they agree that it's authentic, they'll return it with a certificate that has a torn-in-half "Di-faced" fake banknote with Lady Diana's face on it, with a handwritten ID number across the bill. Read the rest

Researchers find mountains of sensitive data on totalled Teslas in junkyards

Teslas are incredibly data-hungry, storing massive troves of data about their owners, including videos of crashes, location history, contacts and calendar entries from paired phones, photos of the driver and passengers taken with interior cameras, and other data; this data is stored without encryption, and it is not always clear when Teslas are gathering data, and the only way to comprehensively switch off data-gathering also de-activates over-the-air software updates for the cars, which have historically shipped with limited or buggy features that needed the over-the-air updates to fix them. Read the rest

Former NSA contractor Harold Martin pleads guilty to 'willful retention of national defense information'

Former NSA contractor Harold Martin today changed his plea to guilty, on charges of willful retention of national defense information. Read the rest

NSA domestic surveillance debate returns to Congress with 'Ending Mass Collection of Americans’ Phone Records Act'

“It’s time, finally, to put a stake in the heart of this unnecessary government surveillance program and start to restore some of Americans’ liberties,” Wyden said in a statement.

Front-line programmers default to insecure practices unless they are instructed to do otherwise

It's always sort of baffling when security breaches reveal that a company has stored millions of users' passwords in unencrypted form, or put their data on an insecure cloud drive, or transmitted it between the users' devices and the company's servers without encryption, or left an API wide open, or some other elementary error: how does anyone in this day and age deploy something so insecure? Read the rest

Unnamed stalkerware company has left gigabytes of sensitive personal info unprotected on the web and can't be reached to fix it

Security researcher Cian Heasley discovered an unprotected online storage folder accessible via the web that contains all the data that stalkers and snoops took from their victims' devices via a commercial program that steals photos and recordings from their devices. Read the rest

Wireless vulns in Medtronic's implanted defibrillators allow remote shocks, shutdown, denial-of-service battery attacks and data theft

Medtronic is the most notorious maker of insecure medical implants in America, with a long history of inserting computers into people's bodies with insecure wireless interfaces, toolchains and update paths, and nothing has changed. Read the rest

Jared Kushner uses WhatsApp to talk with foreign leaders, claims Cummings

But her emails.

Beto O'Rourke was in the Cult of the Dead Cow and his t-files are still online

Investigative tech journalist Joseph Menn's (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be "America's oldest hacking group." Read the rest

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption. Read the rest

Letterlocking: the long-lost art of using paper-folding to foil snoops

"Letterlocking" is a term coined by MIT Libraries conservator Jana Dambrogio after she discovered a trove of letters while spelunking in the conservation lab of the Vatican Secret Archives; the letters had been ingeniously folded and sealed so that they couldn't be opened and re-closed without revealing that they had been read. Some even contained "booby traps" to catch the unwary. Read the rest

There is a federal criminal investigation into Facebook's data-sharing deals

The Eastern District of New York empaneled a Grand Jury into the dirty data dealings of Facebook.

Security researcher reveals grotesque vulnerabilities in "Yelp-for-MAGA" app and its snowflake owner calls in the FBI

63Red Safe is an app affiliated with 63red, a far-right news site, that is a sort of Green Book for racists, identifying restaurants and other establishments that will serve people sporting MAGA hats and other modern Klan-hood-alikes without calling them out on their overt racist symbology. Read the rest

Defect in car security system aids carjackers, thieves

Since 2016, there have been multiple instances of attacks on keyless entry car-locks, and there's a burgeoning industry of expensive ($5000) aftermarket alarm systems that are billed as protecting your car from these radio attacks on its security. Read the rest

Towards a general theory of "adversarial examples," the bizarre, hallucinatory motes in machine learning's all-seeing eye

For several years, I've been covering the bizarre phenomenon of "adversarial examples (AKA "adversarial preturbations"), these being often tiny changes to data than can cause machine-learning classifiers to totally misfire: imperceptible squeaks that make speech-to-text systems hallucinate phantom voices; or tiny shifts to a 3D image of a helicopter that makes image-classifiers hallucinate a rifle Read the rest

Email firm left 809 million records exposed online

Security researchers announced at RSAC today announced they have discovered a trove of 809 million personal records exposed on the internet. This time more than just emails and passwords were exposed -- data also includes physical addresses, personal mortgage details, social media accounts, and credit score analysis. Read the rest

More posts