A Boeing Code Leak Exposes Security Flaws Deep in a 787’s Guts

Late one night last September, security researcher Ruben Santamarta sat in his home office in Madrid and partook in some creative googling, searching for technical documents related to his years-long obsession: the cybersecurity of airplanes. He was surprised to discover a fully unprotected server on Boeing's network, seemingly full of code designed to run on the company's giant 737 and 787 passenger jets, left publicly accessible and open to anyone who found it. So he downloaded everything he could see. Now, nearly a year later, Santamarta claims that leaked code has led him to something unprecedented: security flaws in one of the 787 Dreamliner's components, deep in the plane's multi-tiered network. He suggests that for a hacker, exploiting those bugs …

Security News This Week: Browser Extensions Scraped Data From Millions of People

Europeans had to navigate by the stars this week—well, GPS, but still—after the continent's burgeoning Galileo satellite navigation network went dark for a full seven days. The incident is a warning for everyone of how fallible the infrastructure of our modern lives really is. In more uplifting news, security researchers made an app designed to kill, to prove a point about the intense risks of internet-connect health devices, and the need for the companies who make them to stop ignoring them. (Wait, sorry, murder apps are not uplifting.) We explained how to clear out your zombie apps and online accounts, and why Microsoft’s very serious BlueKeep bug hasn’t wreaked havoc on the Windows devices of the world, yet. Oh, and …

How Not To Prevent a Cyberwar With Russia

In the short span of years in which the threat of cyberwar has loomed, no one has quite figured out how to prevent one. As state-sponsored hackers find new ways to inflict disruption and paralysis on one another, that arms race has proven far easier to accelerate than to slow down. But security wonks tend to agree, at least, that there's one way not to prevent a cyberwar: launching a preemptive or disproportionate cyberattack on an opponent's civilian infrastructure. As the Trump administration increasingly beats its cyberwar drum, some former national security officials and analysts warn that even threatening that sort of attack could do far more to escalate a coming cyberwar than to deter it. Over the past weekend, …

Artificial Intelligence May Not ‘Hallucinate’ After All

Thanks to advances in machine learning, computers have gotten really good at identifying what’s in photographs. They started beating humans at the task years ago, and can now even generate fake images that look eerily real. While the technology has come a long way, it’s still not entirely foolproof. In particular, researchers have found that image detection algorithms remain susceptible to a class of problems called adversarial examples. Adversarial examples are like optical (or audio) illusions for AI. By altering a handful of pixels, a computer scientist can fool a machine learning classifier into thinking, say, a picture of a rifle is actually one of a helicopter. But to you or me, the image still would look like a gun—it …

Hacktivists Are on the Risebut Less Effective Than Ever

In the United States, the public discourse has lately centered around nation-state disinformation campaigns much more than hacktivism. But internationally, dramatic or destructive digital acts that call attention to particular issues continue to simmer—and boiled over in the lead-up to the ouster of longtime Sudanese dictator Omar al-Bashir. The #OpSudan effort did not directly lead to al-Bashir's arrest. But it's one of several recent campaigns that show how hacktivists can ride the waves of burgeoning geopolitical movements and garner legitimacy within their communities. "There has been an increase in hacktivism in general in the first quarter of 2019," says Adam Meyers, vice president of intelligence at the security firm Crowdstrike. "We did see quite a bit of geopolitically motivated hacktivism—Venezuela, …