The theme of this week is by now a familiar one: “Things keep getting worse.” Starting with the security of countless so-called real time operating systems that allshare some variation on the same decades-old code. That makes them all vulnerable to theset of Urgent / 11 vulnerabilitieswe had reported on just the other week. And as is so often the case with these sort of devices and ancient code, there’s really no good way to fix them. And that was just the start of the week.
As a bookend, the attorney generalWilliam Barr Friday sent a sternly worded letter to Facebookencouraging them not to go forward with its plans for cross-platform end-to-end encryption, in the process reigniting thedecades-old encryption debate. But while Barr had his counterparts from the UK and Australia backing up his push, it’s unclear what if any actual authority he would have to weaken encryption without laws on the books forcing it. (Also, it would be a truly terrible idea.)
In slightly brighter social media news, we looked at howadversarial examples could help protect your Facebook datafrom the next Cambridge Analytica. And we explained how the new Incognito Mode for Google Maps helps cover your tracks — and more importantly, all the ways in which it doesn’t. Speaking of covering tracks, we took a look at howthe Ukraine whistle-blower did everything meticulously by the book, and the potential dangers in the Trump administration’s repeated insistence that he or she did not. We alsotalked to two past whistle-blowersfor some perspective on what the current one must be going through. The consensus: his or her life will be forever changed.
The Trump campaign, meanwhile,appears to have been the target of Iranian hackers, although Microsoft says the phishing attempts it spotted were unsuccessful. Lastly, if you’re thinking aboutsideloading Google apps onto a Huawei device… don’t! You’re welcome.
And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
An Android Zero Day Affects Popular Pixel and Galaxy Smartphones
Thebug boffins at Google’s Project Zerohave identified a vulnerability in popular Android handsets like the Google Pixel 2, Samsung Galaxy S9, and Moto Z3. Not only that, but the researchers have spotted evidence that hackers are exploiting that bug in the wild. This isn’t quite as dire as, say, therecent revelations about widespread iOS hacking. For one thing, the affected devices are mostly older, although in many cases still widely in use. And for the attack to work, it needs either to be paired with a second Chrome browser exploit, or victim needs to download a malicious app. Still, the potential consequences are devastating, especially given that it’s actively in use: a full compromise of the device, meaning access to any of its data and more. Google says it plans to patch the vulnerability in its October security update.
How Political Operatives Overran the FCC With Fake Comments
In the heated,high stakes debate over net neutrality, the FCC comment period became a prime battleground. Unfortunately, as waswidely reported at the time, that process was alsooverwhelmed by bots. ABuzzfeed News investigationshows how two small firms appear to have been behind the bulk of the misrepresentation.
Hackers — or College Students— May Have Tried to Rock the Voatz
Security experts broadly agree that voting by app is not a great idea, electoral -integrity-wise. Still,an app called Voatzentered that particular thunderdome in West Virginia last fall, allowing members of the military from that state serving abroad to cast their ballots with their smartphones. Now, CNN reports that the FBI is investigating an apparent attempt to hack into Voatz — although it may have been asinnocuous as a University of Michigan student experiment. Either way, it’s a nice reminder of why everyone’s so uncomfortable with this whole digital voting idea in the first place.
Dark Web Data Center Housed in Old NATO Bunker Gets Taken Down
German authorities raided and shut down a “bulletproof” Dark Web hosting operating comprising hundreds of servers housed in an former NATO bunker in late September. Seven were arrested in connection with hosting the sites — which included “Cannabis Road,” “Wall Street Market,” and “Orange Chemicals” —including the 59 – year-old Dutchman alleged to be the operation’s ringleader.
More Great WIRED Stories
- Blind spots in AI just might helpprotect your privacy
- The best tech and accessoriesfor your dog
- The game-changing tech behindGemini Man‘s“young” Will Smith
- The Icelandic village where thesun never sets in summer
- A detox drug promises miracles –if it doesn’t kill you first
- 👁 If computers are so smart,how come they can’t read? Plus, check out thelatest news on artificial intelligence
- 🎧 Things not sounding right? Check out our favoritewireless headphones, (soundbars) , and (Bluetooth speakers
GIPHY App Key not set. Please check settings