Day: April 2, 2022

“Ipsa scientia potestas est,” 16th-century philosopher and statesman Sir Frances Bacon famously wrote in his 1597 work, Meditationes Sacrae. Knowledge itself is power. The aphorism, cliché as it may be, takes on a palpable truth in times of war. 

Just ask the people of Mariupol, a city in southeastern Ukraine, where Russia’s devastating attacks have cut off the flow of information in and out of the city. Meanwhile, in Russia, the government has banned Facebook and Instagram amid its crackdown on news without the state’s stamp of approval. But as we explained this week, building a full China-style splinternet is far more difficult than the Kremlin might like to admit. 

We further explored the power of information—and the power to keep information secret—this week with a look at a new idea for creating digital cash in the US—no, not Bitcoin or any other cryptocurrency. Actual digital cash that, crucially, has the same built-in privacy as the bills in your actual wallet. We also dove into the pitfalls of knowing where your children and other loved ones are at any moment through the use of tracking apps, which you should probably stop using. And following last week’s approval of the Digital Markets Act in Europe, we parsed the tricky business of forcing encrypted messaging apps to work together, as the law requires. 

To round things out, we got our mitts on some leaked internal documents that shed new light on the Lapsus$ extortion gang’s Okta hack. And we took a look at how researchers used a decommissioned satellite to broadcast hacker TV. 

But that’s not all, folks. Read along below for the rest of the top security stories of the week.

In one of the more creative ploys we’ve seen recently, hackers reportedly duped Apple and Meta into handing over sensitive user data, including names, phone numbers, and IP addresses, Bloomberg reports. The hackers did so by exploiting so-called emergency data requests (EDRs), which police use to access data when someone is potentially in immediate danger, such as an abducted child, and which do not require a judge’s signature. Civil liberty watchdogs have long criticized EDRs are ripe for abuse by law enforcement, but this is the first we’ve heard of hackers using the data-privacy loophole to steal people’s data.

According to security journalist Brian Krebs, the hackers gained access to police systems to send the fraudulent EDRs, which, because of their urgent nature, are allegedly difficult for tech companies to verify. (Both Apple and Meta told Bloomberg they have systems in place to validate requests from police.) Adding another layer to the saga: Some of the hackers involved in these scams were later part of the Lapsus$ group, both Bloomberg and Krebs reported, which is in the news again this week for entirely other reasons.

Following last week’s arrest-and-release of seven young people in the UK related to the string of high-profile Lapsus$ hacks and extortion attempts, City of London police announced on Friday that it had charged two teenagers, a 16-year-old and a 17-year-old, in connection with the gang’s crimes. Each teenager faces three counts of unauthorized access to a computer and one count of fraud. The 16-year-old also faces “one count of causing a computer to perform a function to secure unauthorized access to a program,” police said. Because of strict privacy rules in the UK, the teens have not been named publicly.

Despite the narrative that Russia hasn’t used its hacking might as part of its unprovoked war against Ukraine, increasing evidence shows that isn’t true. First, Viasat released new details about the attack on its network at the start of Russia’s war against Ukraine in late February, which knocked offline some Ukrainian military communications and tens of thousands of people across Europe. Viasat also confirmed an analysis by SentinelLabs, which found that the attackers used a modem wiper malware known as AcidRain. That malware, the researchers found, may have “developmental similarities” to another malware, VPNFilter, which US national intelligence has linked to Russian GRU hacker group Sandworm. 

Then came the most significant cyberattack since Russia began its war. Ukraine’s State Service of Special Communication announced on Monday that state-owned internet provider Ukrtelecom suffered a “powerful” cyberattack on its core infrastructure. While the SSSC said Ukrtelecom was able to fend off the attack and begin recovery, internet-monitoring service NetBlock said on Twitter that it witnessed a “connectivity collapsing” nationwide. 

“Wyze Cam” internet-connected cameras have been exposed for almost three years, thanks to a vulnerability that could have let attackers remotely access videos and other images stored on device memory cards. Such vulnerabilities are, unfortunately, not unusual in internet-of-things devices, including IP cameras specifically. The situation was particularly significant, though, because researchers from the Romanian security firm Bitdefender have been trying to disclose the vulnerability to Wyze and get the company to issue a patch since March 2019. It’s unclear why the researchers didn’t go public with the findings sooner, as is standard in vulnerability disclosure after three months, to call more attention to the situation. Wyze issued patches for the flaw on January 29 for its V2 and V3 cameras. The company no longer supports its V1 camera, though, which is also vulnerable. The bug is remotely exploitable, but not directly on the open internet. Attackers would first need to compromise the local network the camera is on before targeting the Wyze vulnerability itself.

---

More Great WIRED Stories

The idea of using electricity to treat mental illness has understandably come with some stigma, given the grim and sometimes abusive history of “shock therapy” in the earliest days of psychiatry. But in the modern day, various methods of brain stimulation have shown real promise in improving depression and other illnesses that otherwise looked untreatable. These treatments, it’s theorized, can somewhat reset or stabilize the erratic brain activity associated with neuropsychiatric disorders. And scientists seem to be getting better at fine-tuning this tech.

Last October, a research team published results showing that their personalized deep brain stimulation technique, which involves implanting a pacemaker-like device in the brain, had successfully helped treat a woman’s decades-long bout with severe depression. “When I first received stimulation, the ‘aha’ moment occurred, I felt the most intensely joyous sensation, and my depression was a distant nightmare for a moment,” the woman, identified as Sarah, said at a press conference announcing the findings.

This technology, for now, is still very expensive, invasive, and likely only suitable for people without any other options. But in time, what we learn from patients like Sarah may lead to new discoveries about how the brain works and how to help people with depression.

Most people associate drones with recreational flying, military use, and even delivering packages, but recently one company set its sights on utilizing autonomous drone flight technology to deliver medical help to hard-to-reach hospitals. Zipline was founded to create a system that aids people by quickly responding to medical needs. The intent is to replace medical supply vehicles that have to rely on traversing harsh roads. The Zipline hospital distribution centers are equipped with medical supplies, blood pouches, vaccines, and more. Each contains a fleet of fully electric autonomous drones that can carry 4 pounds of supplies or 3 units of blood.

Once a hospital sends a request to a Zipline distribution center, the staff begins the process to ensure the supplies get in the air and on their way quickly. The electric drones are equipped with a custom-built navigation system and once one is fully loaded and scanned for liftoff, it’s then catapulted into the air, reaching speeds of up to 62 mph on its way to its destination. The drone is still autonomous, but it continues to be monitored from the distribution center, making sure that it does not interfere with any flights in the area or experience flight issues due to weather or mechanical malfunctions. 

When the drone is about to reach the remote hospital, it sends a text message to the receiver. Once it arrives, it drops the medical supplies and begins its return back to the Zipline distribution center to get ready for its next flight. Zipline claims that its distribution centers cover a 50-mile radius with the ability to reach hospitals in 30 minutes. Zipline’s system has helped people in Rwanda, Ghana, Nigeria, America, and Japan, with future plans to build a distribution center in Ireland.

For more content like this be sure to visit Your Future Car by Autoblog on Facebook or on YouTube. Subscribe for new videos every week.