Posted in business, cybercrime/malcode, employment, government, surveillance | Leave a Comment on Did China hack US motherboards?; Industrial-base report, previewed; New tool to fight fake news; ‘Light footprints’ mean shaky intel; And a bit more
China put tiny spy chips on many U.S. servers. That’s the word from Bloomberg Businessweek, whose cover story published Thursday asserts that Beijing persuaded Chinese hardware manufacturers to install a surveillance chip, half the size of a grain of rice, on the motherboards of hundreds of thousands of data servers sold around the world by a U.S. company called Supermicro, including to Amazon and Apple.
Quantum computing technology is slated to revolutionize our ability to manipulate and analyze data, fundamentally changing the way that countless industries from cybersecurity and telecommunications to pharmaceutical development and transportation logistics will operate in the future. Even the US Senate is getting in on the action.
While the rest of the country has been transfixed by the Brett Kavanagh confirmation drama, the White House was quietly but steadily taking major steps to secure America’s high-tech future.
The first was the release of the National Cybersecurity Strategy last week, which I discussed in a previous column. This week came the National Strategic Overview for Quantum Information Science (QIS), released by a subcommittee of the Committee on Science for the National Science and Technology Council. This document is a big win for Jacob Taylor, the White House Office of Science and Technology Policy’s point man on all things quantum, and a major win for America.
California Governor Jerry Brown has signed a cybersecurity law covering “smart” devices, making California the first state with such a law. The bill, SB-327, was introduced last year and passed the state senate in late August.
Starting on January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to guess.
The bill has been praised as a good first step by some and criticized by others for its vagueness. Cybersecurity expert Robert Graham has been one of its harshest critics. He’s argued that it gets security issues backwards by focusing on adding “good” features instead of removing bad ones that open devices up to attacks. He praised the password requirement, but said it doesn’t cover the whole range of authentication systems that “may or may not be called passwords,” which could still let manufacturers leave the kind of security holes that allowed the devastating Mirai botnet to spread in 2016.
Answer: Quite possibly because Facebook’s already forced you to log out and back into your account today.
The news: Facebook said hackers exploited a software flaw to access the records of almost 50 million customers. The firm said it had fixed the vulnerability and reported the breach to law enforcement.
The hack: The company said that the hackers had exploited a coding glitch that affected the service’s “View As” feature, which lets people see what their own profile looks like when someone else takes a look at it online. This allowed them to get hold of digital “tokens,” which are software keys that let people access their account without having to log back in every time.
ABERDEEN PROVING GROUND, Md. — Future American Soldiers will be better protected in combat by stronger and lighter body armor thanks to innovative work at the U.S. Army Research Laboratory. Materials science engineers are using nature as the inspiration for breakthroughs in additive manufacturing.
“My project is to design a system that can 3D print armor ceramics that will allow production of parts with graded structures similar to an abalone structure in nature that will improve the ceramic armor’s toughness and survivability with lower weight,” said Joshua Pelz, a materials science and engineering doctoral candidate at the University of California San Diego. He spent this summer working with Army scientists at ARL’s Rodman Materials Science Laboratory at APG to design and build a unique 3D printer.
Two syringes containing distinct, viscous ceramic slurries are connected to a custom-made auger and print head. Pelz took advantage of his computer programming skills to hack into the 3D printer, tricking it into using its own fan controls to manipulate the ratio of materials being printed. He designed a custom auger and print head and even used the same 3D printer to create those parts.
As corporations struggle to fight off hackers and contain data breaches, some are looking to artificial intelligence for a solution.
They’re using machine learning to sort through millions of malware files, searching for common characteristics that will help them identify new attacks. They’re analyzing people’s voices, fingerprints and typing styles to make sure that only authorized users get into their systems. And they’re hunting for clues to figure out who launched cyberattacks—and make sure they can’t do it again.
As hackers get smarter and more determined, artificial intelligence is going to be an important part of the solution.
I woke up this morning to the sad news that maker-pal and pioneering hobby roboticist, Gordon McComb, had passed away. I wrote a brief eulogy on Make:
It is with a heavy heart that we here at Make: announce the passing of hobby robotics pioneer, Gordon McComb. He died on Monday, Sept 10th, apparently of a heart attack. Gordon was a great friend to Make: and to makers and robotics hobbyists from around the world.
Gordon’s Robot Builder’s Bonanza book, first published in 1987, arguably marks the beginning of hobby robotics as a significant maker category. It was the book that I bought in the late 80s that got me into robot building, and by extension, all forms of hardware hacking…
We write often here about the security vulnerabilities of Android devices that are due, at least in part, to how much of a delay there can be in the latest software updates making the rounds. Which can leave some handsets dangerously vulnerable if the device manufacturer is slow on the uptake.
Which means we’re constantly writing posts like this one: Researchers from Nightwatch Cybersecurity this week put out an advisory about an Android vulnerability that purportedly exposes information about a user’s device to all applications running on the device. There’s a fix for it, but not if you’re running a too-old version of Android.
According to the advisory, the information includes “the Wi-Fi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.”
