This week saw some aftershocks from recent revelations about alarge-scale iOS hacking campaign. Brokers of so-called zero day exploits — the kind that companies haven’t yet patched — have startedcharging more for Android hacksthan iOS for the first time. AndApple finally released a statementthat both criticized Google’s characterization of the attacks and downplayed the significance of the targeted surveillance of at least thousands of iPhone owners.
We took a look at abug in Supermicro hardwarethat could let hackers pull off a USB attack virtually. Googleopen-sourced its differential privacy tool, to help any company that crunches big data sets invade your privacy less in the process. And speaking of privacy, we detailed the11 settings you need to check on Windows 10to preserve yours.
And while it feels like forever ago that Jack Dorsey’s Twitter account got hacked, it’sworth revisiting exactly how it happened. (Twitter this week closed the texting loophole at the heart of it.) We also took a look atJeremy Renner’s content moderation woes. Bet you weren’t expecting to see that sentence in your lifetime.
And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
Hackers Hit the US Power Grid With a Cyberattack
Let’s not overplay this: There was no blackout, and it’s not even clear that it was a specifically targeted attack. But hackersdiduse firewall vulnerabilities to cause periodic “blind spots” for grid operators in the western US for about 10 hours on March 5. It’s the first known time a cyberattack has that kind of disruption — which, again, did not affect the actual flow of electricity — at a US power grid company. The incident was originally referenced in a Department of Energyreportin April, but only in vague terms. A new North American Electric Reliability Corporation document described it in more detail, including the type of vulnerabilities that let hackers compromise the web portals in question. No need to panic about this incident specifically, but given the extent to whichRussia and otherscontinue to probe the power grid, it’s an unsettling reminder that weaknesses are out there.
Database With Over 400 Million Facebook User Phone Numbers Sat Exposed Online
A security researcher found a database containing 419 million or so phone numbers associated with Facebook accounts, yet another in a long string of Facebook losing control of the sensitive data with which you entrust it . Facebook told TechCrunch that the data set is “old,” which isn’t especially useful, for the obvious reason that most people don’t change their phone numbers very often.
DMVs Are Selling Driver Data to Private Buyers
Through public records requests, Motherboard has determined that when you give your name and address to the DMV, some of those agencies will sell it to private investigators. Several DMVs told Motherboard that at least they don’t also sell user photos and Social Security numbers, which, thanks? But they do sell records for as little as a penny. And all of this is somehow legal! Something else to fume about the next time you’re in line for a registration renewal.
Feds Demand App Stores Cough Up Names of Gun Scope App Users
According to court documents uncovered at Forbes, federal investigators have requested that Apple and Google turn over information about people who downloaded a gun scope app Obsidian 4. That’s at least 10, 000 on the Google Play Store alone. It’s part of a broader look into potential breaches of weapons export regulations, but privacy advocates have raised understandable concerns over the many thousands of totally innocent people who would be caught up in such a sweeping request.
Killjoy Hackers Compromised the XKCD Forums
Belovedinternet comic XKCDhad its fan forums breached recently; 560, 000 usernames, email addresses, and IP addresses were taken. That makes it a relatively small hack in the grand scheme of things, but still disappointing that someone chose that as a target. XKCD is great, leave it alone!
More Great WIRED Stories
- Nobody’s watching the bestgiant monster movies
- How to get the mostout of your smartphone battery
- You’reracing toward a wall. Should you brake hard — or swerve?
- A history of plans tonuke hurricanes(and other stuff too)
- For thesesword-wielding warriors, medieval battles live on
- 👁 Facial recognitionis suddenly everywhere. Should you worry? Plus, read thelatest news on artificial intelligence
- ✨ Optimize your home life with our Gear team’s best picks, fromrobot vacuumstoaffordable mattressestosmart speakers.
GIPHY App Key not set. Please check settings