Security News This Week: Election Systems Are Way More Vulnerable Than We Thought

And there’s more. Every Saturday, we round up the security and privacy stories that we didn’t break or report on in depth, but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
US Election Systems Left Exposed Online
Election officials have long claimed that crucial voting systems never connect to the internet—and, therefore, that they're safe from hacking. But a group of security researchers told Motherboard this week they found what look like election infrastructure online in 10 states, including swing states like Wisconsin, Michigan, and Florida. The voting systems are made by Election Systems & Software, the top voting machine company in the US. Some of the equipment is used to transmit preliminary results on the night of an election, while other backend systems tabulate the official outcomes. ES&S claims the systems aren't connected to the public internet, but the research demonstrates how little federal election authorities understand about how voting technology actually works.A Marketing Firm Was Scraping Data From Instagram, Cambridge Analytica–Style
HYP3R was supposed to be one of Instagram’s “preferred marketing partners.” But according to a report in Business Insider, the San Francisco company was siphoning off data to create detailed consumer profiles, which included people’s locations, photographs, and more. Instagram has now taken HYP3R off its platform, and sent the firm a cease and desist notice. HYP3R disputes that it broke any of Instagram’s rules. The social media app, which is owned by Facebook, told Business Insider it also made a product change to prevent other companies from similarly scraping data in the future. But more than one year after the Cambridge Analytica scandal broke, the incident indicates that Facebook still needs to work to stop third parties from taking user data.This WhatsApp Flaw Lets Hackers Alter Messages
The cybersecurity firm Check Point Software Technologies says it’s identified a series of nasty bugs inside WhatsApp, according to a report in Bloomberg. The firm reportedly found three ways to covertly alter conversations, allowing someone to trick the person they're messaging. In one, which has been fixed, a person could send a fake private message to one member of a group chat disguised as a public message. When the person responded, their message would be shown to the entire group, instead of just the sender. The other two flaws have not been patched. WhatsApp disputes the issues amount to a security vulnerability, and said in a statement to Bloomberg that they’re “merely the mobile equivalent of altering replies in an email thread to make it look like something a person didn’t write.”- The weird, dark history of 8chan and its founder
- 8 ways overseas drug manufacturers dupe the FDA
- Listen, here’s why the value of China’s yuan really matters
- A Boeing code leak exposes security flaws deep in a 787
- The terrible anxiety of location sharing apps
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers , running gear (including shoes and socks ), and best headphones .
- 📩 Get even more of our inside scoops with our weekly Backchannel newsletter
- #security roundup