Speaking of flaws, mistakes in open-source libraries could have exposed cryptocurrency exchanges to denial-of-service attacks or worse. A British AI tool intended to predict violent crime turned out not to work as advertised. And we looked at the increasingly sophisticated methods ATM hackers have used for "jackpotting," which is when they make the money machine go brrrrr.We continued our Dark Patterns series with a dive into how Facebook and other social media sites capture your attention—and erode your privacy. And in the magazine we detailed the FBI's heart-pounding hunt for Cesar Sayoc, known as the "MAGA bomber."
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.The NSA and FBI Expose a Sneaky Russian Hacking ToolThe National Security Agency is not known for being especially chatty. But it has made some useful public overtures of late; last week it offered tips to limit location tracking on your smartphone , and this week it followed up by going public with sneaky new Russian malware it discovered alongside the FBI. The announcement links the so-called Drovorub malware to Fancy Bear , the elite hacking group behind the hack of the Democratic National Committee in 2016 and more. Russia allegedly used Drovorub to plant backdoors; the versatile malware consisted of an implant, kernel module rootkit, file transfer and port forwarding tool, and command and control server. By shining a light on the malware, the US agencies hope to better enable potential targets to defend themselves.
TikTok Dodged Google's Rules to Track Android UsersThe Wall Street Journal this week reported that TikTok used a banned method to track users for advertising purposes until last November. TikTok collected so-called MAC addresses using a security loophole that let it circumvent measures Android has in place to prevent that behavior. A MAC address is significant because it can be used to track a user even if they uninstall an app and reinstall it later. Perhaps more significant, though, is a line is the Journal report that TikTok sent those MAC addresses and other data back to ByteDance, the app's Chinese parent company. TikTok has repeatedly insisted that it does not, has not, and will not share user data with ByteDance. President Donald Trump has ordered ByteDance to sell TikTok by September 15 , or the administration will take steps to shut down the app in the US.
The ReVoLTE Attack Requires Just $7,000 of Equipment to Eavesdrop on CallsIn the era of 4G, many mobile phone conversations happen over Voice over LTE. Not only does VoLTE offer more bandwidth than the 3G calls of yesteryear, it also has a built-in layer of encryption that protects your calls from snoops. A team of researchers, though, has figured out how to undermine that security, using radio equipment that costs about $7,000 to grab that encrypted data as it heads to a cell tower and unscramble it. The attack has some important limitations, but it's a good reminder that modern telephony still has more than its share of security holes—and 5G isn't looking that much better .
Crooks Use 'Russian SIMs' to Outfox Law EnforcementMotherboard this week took a deep dive down the rabbit hole of Russian SIMs, also known as white SIMs, that let criminals spoof phone numbers at will, or in some cases allow for real-time voice manipulation. While not illegal in and of themselves, the SIMs are a boon to phishing scams and other social engineering attacks.
- San Francisco was uniquely prepared for Covid-19
- How courthouse break-ins landed two white hat hackers in jail
- Tips to make your video calls look and sound better
- How to spot—and avoid—dark patterns on the web
- The fantasy and the cyberpunk futurism of Singapore
- 🎙️ Listen to Get WIRED , our new podcast about how the future is realized. Catch the latest episodes and subscribe to the 📩 newsletter to keep up with all our shows
- ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums to affordable mattresses to smart speakers
After claiming for months that Apple alone could unlock the two iPhones of Pensacola, Florida shooter Mohammed Saeed Alshamrani, the agency announced today that it had managed to do so without Cupertino’s help—and without undermining the encryption that protects over 1 billion iOS devices worldwide.