A Boeing Code Leak Exposes Security Flaws Deep in a 787’s Guts

Late one night last September, security researcher Ruben Santamarta sat in his home office in Madrid and partook in some creative googling, searching for technical documents related to his years-long obsession: the cybersecurity of airplanes. He was surprised to discover a fully unprotected server on Boeing's network, seemingly full of code designed to run on the company's giant 737 and 787 passenger jets, left publicly accessible and open to anyone who found it. So he downloaded everything he could see. Now, nearly a year later, Santamarta claims that leaked code has led him to something unprecedented: security flaws in one of the 787 Dreamliner's components, deep in the plane's multi-tiered network. He suggests that for a hacker, exploiting those bugs …

The Marines New Drone-Killer Aces Its First Real World Test

Last Thursday, nearly a month after Iran shot a $220 million US drone out of the sky, the US Marine Corps took down an Iranian UAV of its own. But the significance lies less in heightened tensions in the region than it does in the weapon of choice. The strike marks the first reported successful use of the Light Marine Air Defense Integrated System, an energy weapon that blasts not artillery or lasers but radio signals. According to remarks by President Donald Trump last week, the drone had come within 1,000 yards of the USS Boxer, an amphibious Navy assault ship, and ignored “multiple calls to stand down.” When the drone continued its approach, the Boxer turned to its LMADIS. …

Security News This Week: Browser Extensions Scraped Data From Millions of People

Europeans had to navigate by the stars this week—well, GPS, but still—after the continent's burgeoning Galileo satellite navigation network went dark for a full seven days. The incident is a warning for everyone of how fallible the infrastructure of our modern lives really is. In more uplifting news, security researchers made an app designed to kill, to prove a point about the intense risks of internet-connect health devices, and the need for the companies who make them to stop ignoring them. (Wait, sorry, murder apps are not uplifting.) We explained how to clear out your zombie apps and online accounts, and why Microsoft’s very serious BlueKeep bug hasn’t wreaked havoc on the Windows devices of the world, yet. Oh, and …

The App Creeping on Your IG Location, Jakartas Insurance Crisis, and More News

The new app that creeps on your Instagram location, why Jakarta is sinking, and all things Comic Con. Fast. Here's the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every weekday? Sign up here! Today's Headlines This app lets your Instagram followers track your location Wherever you go, Instagram's there too. A new app called Who's in Town offers its users an interactive map of every place the people they follow have geotagged themselves in Instagram posts and stories. While this information is ostensibly available already if you search through someone's posts, Who's in Town transforms data into a chronological log of the to-ings and fro-ings of anyone who …

Airport Facial Recognition, How Abusers Exploit Basic Apps, and More News

Stalkers have ways of tracking you even without fancy malware, airport facial recognition is becoming more common, and WIRED has some advice on how to take the very best fireworks photos. Here's the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every weekday? Sign up here! Today's Headlines Opting out of facial recognition at the airport isn't easy. Flying this weekend? In at least 17 airports—if you're flying airlines that include Delta, JetBlue, American Airlines, and others—you may be asked to submit to a facial recognition scan in lieu of passport scanners before boarding. The Department of Homeland Security reports that the facial recognition program being deployed in airports …

I Scraped Millions of Venmo Payments. Your Data Is at Risk

Like many people, I use Venmo to pay for stuff: to split the check at dinner, to send my roommate my portion of the utility bills each month, to reimburse friends for concert tickets. It's a useful app for sending and receiving money, regardless of who you bank with. Last summer, after paying my portion of the electric bill via Venmo, I started to wonder if there were holes I could poke in the app. I was a grad student studying information security at the time, and I thought I might make some extra cash. Venmo is owned by PayPal, which has a public bug bounty program—that is, it pays hackers to report security vulnerabilities in its products. After proxying …

How Not To Prevent a Cyberwar With Russia

In the short span of years in which the threat of cyberwar has loomed, no one has quite figured out how to prevent one. As state-sponsored hackers find new ways to inflict disruption and paralysis on one another, that arms race has proven far easier to accelerate than to slow down. But security wonks tend to agree, at least, that there's one way not to prevent a cyberwar: launching a preemptive or disproportionate cyberattack on an opponent's civilian infrastructure. As the Trump administration increasingly beats its cyberwar drum, some former national security officials and analysts warn that even threatening that sort of attack could do far more to escalate a coming cyberwar than to deter it. Over the past weekend, …

Hackers Target US Power, Amazon Clones a Neighborhood, and More News

Amazon cloned an entire neighborhood, a dangerous hacker group takes aim at the US electrical grid, and the world remembers a running great. Here's the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every week day? Sign up here! Today's Headlines The highly dangerous "Triton" hackers have probed the US grid Security experts have been tracking a sophisticated hacker group that has apparently been looking for entry points to the US electrical grid. Usually scans like these wouldn't be newsworthy, but in this case we're talking about the group behind a reckless, nearly lethal oil refinery cyberattack in 2017. Experts call it "easily the most dangerous threat activity publicly …

Russia and Iran Plan to Fundamentally Isolate the Internet

For years, countries have spoken in vague terms about creating domestic internets that could be isolated from the world at will. Now we’re seeing some begin to execute that vision. Last month Iran announced that its "national information network"—essentially a domestic internet—is 80 percent complete. Earlier this year, Russia launched a major initiative to build a domestic Russian internet, purportedly to defend against cybersecurity threats—though also a likely expansion on the Kremlin’s desire to control the flow of information within its borders. With Russia and Iran spearheading a new level of internet fragmentation, they’re not just threatening the global network architecture (cables, servers) or working to allow the government to greatly control information flows and crack down on freedoms; their …

Robert Mueller Speaks, Amazons New Echo Show, and More News

Robert Mueller breaks his silence, Amazon unveils a new device with more privacy features, and we pontificate on the philanthropy of billionaires. Here's the news you need to know, in two minutes or less. Today's Headlines Robert Mueller finally speaks We all learned what Robert Mueller's voice actually sounds like when the special counsel made a surprise appearance this morning to discuss his two-year investigation into Russian interference in the 2016 election, and whether the president obstructed justice. Summarizing his findings, Mueller explained that DOJ policy precluded his team from charging a sitting president with a crime, and that "if we had confidence that the President clearly did not commit a crime, we would have said that." Mueller ended his …

Artificial Intelligence May Not ‘Hallucinate’ After All

Thanks to advances in machine learning, computers have gotten really good at identifying what’s in photographs. They started beating humans at the task years ago, and can now even generate fake images that look eerily real. While the technology has come a long way, it’s still not entirely foolproof. In particular, researchers have found that image detection algorithms remain susceptible to a class of problems called adversarial examples. Adversarial examples are like optical (or audio) illusions for AI. By altering a handful of pixels, a computer scientist can fool a machine learning classifier into thinking, say, a picture of a rifle is actually one of a helicopter. But to you or me, the image still would look like a gun—it …

Hack Brief: Hackers Stole $40 Million from Binance Cryptocurrency Exchange

Binance is one of the world’s biggest cryptocurrency exchanges. As of Tuesday, it’s now also the scene of a major cryptocurrency theft. In what the company calls a “large-scale security breach,” hackers stole not only 7,000 bitcoin—equivalent to over $40 million—but also some user two-factor authentication codes and API tokens. Theft has long been endemic to cryptocurrency; hackers stole more than $356 million from exchanges and infrastructure in the first three months of 2019 alone, according to a recent report from blockchain intelligence company Ciphertrace. But it’s less common to see an established exchange like Binance get hacked—and for the attackers to get so much other information along the way. The Hack Binance has been fairly forthcoming about the hack, …

Hacktivists Are on the Risebut Less Effective Than Ever

In the United States, the public discourse has lately centered around nation-state disinformation campaigns much more than hacktivism. But internationally, dramatic or destructive digital acts that call attention to particular issues continue to simmer—and boiled over in the lead-up to the ouster of longtime Sudanese dictator Omar al-Bashir. The #OpSudan effort did not directly lead to al-Bashir's arrest. But it's one of several recent campaigns that show how hacktivists can ride the waves of burgeoning geopolitical movements and garner legitimacy within their communities. "There has been an increase in hacktivism in general in the first quarter of 2019," says Adam Meyers, vice president of intelligence at the security firm Crowdstrike. "We did see quite a bit of geopolitically motivated hacktivism—Venezuela, …