Day: December 16, 2019

“Hey, I can see my house from up here!”

It’s a joke so tired you’ll hear it from someone jumping on a trampoline, but that’s what came into my head as I banked a small turboprop airplane above my neighborhood in the new version of a revived classic, Microsoft Flight Simulator.

Because there it was indeed: my house. And my neighbors’ houses, along with the shopping plaza down the road, the hospital complex, the farmland in the distance. All of it eerily accurate, thanks to the new program’s use of Microsoft’s voluminous mapping data. Even the trees, fences, and other features I know from my terrestrial explorations were present and accounted for—in full 3D.

Stay in the know with our Transportation newsletter. Sign up here!

Microsoft’s Flight Simulator is its longest-running software product, with the first iteration dating back to the 8-bit days of 1982. At the time, it offered little more than a green expanse of ground and a blue expanse of sky, with a gray strip representing your runway and some black and white blocks for buildings. Microsoft abandoned the franchise in 2012, the general consensus being that it was too niche of a product for the global giant to keep going. It sold the rights to the core sim technology to Lockheed Martin, which uses it for academic and training environments.

Its revival this past June was a surprise to both the software and aviation industry, given that the company hadn’t uttered a peep about the effort. The new game will likely arrive sometime next year, and is now in alpha testing. But even the early preview I got to play with made clear that Flight Simulator could be more than just a game. It could be a valuable learning tool for aspiring pilots.

That’s because of those details on the ground. Digital sightseeing is fun, but it also allows real-deal pilots to practice navigating using the landmarks they look for while airborne. Such flying is called VFR, for “visual flight rules”—meaning that instead of relying on instruments alone, you find your way by tracking certain buildings, roads, towers, mountains, rivers, and so on.

Though it can’t be used as a formal training tool, accurate, simulated VFR flight allows pilots to rehearse their flights beforehand, making the actual flights later more familiar. With most flight simulators,
real-world terrain modeling creates a heavy workload for the computer, and doesn’t keep up with a changing world. Back in the original days of Flight Simulator, every byte of graphics data had to be stored locally, whether downloaded or accessed on DVD, CD, or, yes, floppy disk. “This sim steps out of that model massively,” says Pete Wright, a pilot whose YouTube channel, Frooglesim, specializes in reviewing such software. “It’s stunning. It’s unbelievable.”

What changed for the new generation of Flight Simulator is Microsoft’s development of its Google Maps competitor. The game gets its 3D data from Bing Maps, pulling precise details for anywhere in the world from the cloud and rendering the graphics locally. The end result is a virtual world that’s as accurate as the most recent Bing data.

In fact, the Bing connection was the impetus for the whole effort. Jorg Neumann, head of Flight Simulator, says the revival began with an app he was developing for Microsoft’s HoloLens augmented reality goggles. “We wanted people to be able to use the goggles to go anywhere in the world for a tour,” Neumann said. “It used data from Bing, so the rendering capability was ready five years ago. Two years after that, we started in earnest transferring that idea to a new flight sim.”

He was on his way home from the grocery store when he got the call. After a weekend out of town, John’s kids were finally asleep in his Houston area home. His wife, too, had been getting ready for bed—until she heard a stranger’s voice echoing down the hallway.

“Is anyone home?” it asked.

“We’re gonna find out,” it promised.

The mysterious male voice was coming, she’d soon discovered, from a speaker on a camera posted near the TV in the living room. It had been there for a while, set up by the couple so they could monitor their babysitters remotely. It had brought them peace of mind. But that was over now.

Soon the voice paused and a loud alarm emanated from the device, piercing like a klaxon through the hallways, threatening to wake the kids. It had also begun taunting John’s dog.

The 33-year-old dad immediately pulled to the side of the road.

He rushed to open the Ring app on his phone. Disconnecting the five security cameras he’d placed around the house would do the trick, he hoped. As continued the drive, he wondered just how they had “broken in.” One scenario worried him more than the others.

If whoever had hacked his camera had broken in through his wifi, he thought to himself, then that means they must be close.

As he neared the driveway, John’s eyes darted up and down the street, searching for signs of anyone suspicious; a car perhaps, that didn’t belong. Inside, he peered into his backyard, scanning the fence line. But the light only stretched so far, and he was left wondering if someone was there, just beyond its reach.

“I slept with my gun next to my bed that night, which I never do,” he said.

“That was in the forefront of my mind and my wife’s mind, you know, with two kids and everything,” he continued. “I couldn’t see anybody in my front yard, on the street, and my backyard up until the fence. I didn’t see anybody. But beyond the fence its so dark. I didn’t know if somebody was spying on us to look for an opportunity to break in—or something. That’s the unnerving part.”

John’s family isn’t alone in their experience. In the past week, frightening tales of indoor cameras being hacked have gone viral. It’s now become apparent that Ring customers, in particular, are being targeted.

After buying one of the Amazon-owned company’s doorbell cameras, John installed four more Ring devices around the house: Two Stick Up cams to watch the kids and the doggy door, as well as two floodlights equipped with cameras outside. A rash of vehicle burglaries in the neighborhood had led to the purchase. Now he was forced to disconnect them all and then begin about the annoying task of changing the passwords on every internet-connected device he owned.

“You hear about celebrities being targeted,” John said. “But I didn’t think it would happen to me.”

A Ring official said by phone that the company’s own systems had not been compromised and that customers reusing old passwords, or whose passwords were too simple, to begin with, are the ones who are at risk.

“Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log in to some Ring accounts,” Ring said in a blog post. “Unfortunately, when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.”

Ring is advising users to change their passwords and to enable two-factor authentication.

In John’s case, the police weren’t called. He’s still on the fence about whether or not it’s worth it. “By the next morning we had moved on with our lives and didn’t think it was a big deal,” he said.

Ring initially responded quickly when he reported the incident, escalating the issue to its security team. But nearly a week has passed now and John’s yet to hear anything back. His Ring account predates his use of a password manager, he says, but important accounts are locked down and use randomized passwords. What he wants to know is if Ring has any actual evidence that his password was cracked. He’s gotten no answers so far. (A Ring official offered to speak directly with John after Gizmodo called the company for comment.)

Motherboard reported this week that hackers have developed dedicated software for breaking into Ring cameras. They appear to be doing it mostly for entertainment. A custom app that helps locate vulnerable cameras is being sold for a little as $6, the site reported, and a podcast on Discord, the voice app built for gamers, has taken to hacking the cameras live on air.

The hackers are brute-forcing their way in, according to Motherboard, “rapidly churning through usernames or email addresses and passwords and trying to use them to log into accounts.” None of the victims had set up two-factor authentication.

The seriousness of the hacking incidents became apparent after WMC 5, a local Tennessee news station, broadcast Ring footage taken in an 8-year-old girl’s bedroom that depicts a mysterious voice feeding her instructions. “It’s Santa. It’s your best friend,” the voice says.

In a separate incident in Florida, a camera hacker reportedly spewed racist slurs over a speaker.

Despite the hack, John said his cameras are now back online. He’s convinced all the steps he took to secure his network will prevent it from happening again. And his wife, he says, prefers having the ability to keep an eye on the kids.

“That’s a big deal to her, to make sure we don’t have any problematic baby sitters or anything like that. And I’m not sure she’s willing to give up that ability because of this. We don’t have it in bedrooms, obviously. I would never put one in the bedroom. We have baby monitors that satisfy that need that aren’t connected to the internet,” he said.

“We don’t do anything weird on the cameras. I’m kinda of the opinion that if you don’t do anything wrong, you have nothing to worry about. It’s not like there’s illicit drugs in my house. There’s not anything like that going on. So I don’t really care. But what I have a problem with is somebody getting access to live view and disrupting our lives,” he said.

“What could have been really bad is, had my wife gone to the camera. I told her the best thing she did was ignore it and walk away,” he said. “If she had gone to the camera they could have started to demand things, or say really threatening things, that could have taken that unnerving to another level.”

Asked if Ring could have done more, John said he didn’t remember ever receiving an email about setting up two-factor authentication. “That should be a mandatory thing, in my opinion,” he said. “It’s a real easy thing to set up and use.”

A Ring spokeswoman said that emails referencing the security measure are “definitely” sent out to customers after they sign up, but that she would check to see how the company is notifying its users about the option. “We’re always looking at ways we can be better for our customers,” she said.

When asked whether Ring is currently working with any law enforcement agencies to hunt down the hackers that are targeting its users, the official told Gizmodo that she currently had nothing to share.

Editor’s note: “John” is an alias used to protect the identity of the Ring footage’s owner.