How Safari and iMessage Have Made iPhones Less Secure

How Safari and iMessage Have Made iPhones Less Secure

"If you want to compromise an iPhone, these are the best ways to do it," says independent security researcher Linus Henze of the two apps.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Watch a Drone Take Over a Nearby Smart TV

Watch a Drone Take Over a Nearby Smart TV

At the Defcon hacker conference today, independent security researcher Pedro Cabrera showed off in a series of hacking proofs-of-concept attacks how modern TVs—and particularly Smart TVs that use the internet-connected HbbTV standard implemented in his native Spain, across Europe, and much of the rest of the world—remain vulnerable to hackers.

Election Systems Are Even More Vulnerable Than We Thought

Election Systems Are Even More Vulnerable Than We Thought

But a group of security researchers told Motherboard this week they found what look like election infrastructure online in 10 states, including swing states like Wisconsin, Michigan, and Florida.

Hackers Can Break Into an iPhone Just by Sending a Text

Hackers Can Break Into an iPhone Just by Sending a Text

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

Browser Extensions Scraped Data From Millions of People

Browser Extensions Scraped Data From Millions of People

Ars Technica reporter Dan Goodin brings the news of a major new privacy failure recently unearthed by security researchers: widely used Chrome and Firefox browser extensions scraped and sold the data of more than 4.1 million people, until the researcher alerted Google and Mozilla.

A Likely Chinese Hacker Crew Targeted 10 Phone Carriers to Steal Metadata

A Likely Chinese Hacker Crew Targeted 10 Phone Carriers to Steal Metadata

Cybereason says that the company found no evidence that the hackers stole the actual content of communications from victims, but the firm's principal security researcher Amit Serper argues that the metadata alone—device and SIM identifiers, call records, and which cell tower a phone connected to at any given time—can provide a frighteningly high-resolution picture of a target's life.

Tricky Scam Plants Phishing Links in Your Google Calendar

Tricky Scam Plants Phishing Links in Your Google Calendar

Scammers are taking advantage of default calendar settings to try to trick users into clicking malicious links. "For the calendar attack, the scammers use a prepared email list to send their fraudulent invitations," says Maria Vergelis, a security researcher at Kaspersky who has been following the method.

Cellebrite Now Says It Can Unlock Any iPhone for Cops

Cellebrite Now Says It Can Unlock Any iPhone for Cops

Cellebrite, too, has likely possessed the ability to unlock iOS 12.3 devices prior to this announcement, says Dan Guido, the founder of the New York-based security firm Trail of Bits and a longtime iOS-focused security researcher.

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

In early February, an 18-year-old German security researcher named Linus Henze demonstrated a macOS attack that would allow a malicious application to grab passwords from Apple's protected keychain.

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

When security researcher Rob Graham scanned the entire public internet for BlueKeep-vulnerable machines on Monday, using a tool he built, he found that 923,671 machines hadn't been patched, and were thus still exposed to any potential worm.

Artificial Intelligence May Not 'Hallucinate' After All

Artificial Intelligence May Not 'Hallucinate' After All

Louise Matsakis covers cybersecurity, internet law, and online culture for WIRED.Now, a leading group of researchers from MIT have found a different answer, in a paper that was presented earlier this week: adversarial examples only look like hallucinations to people .

What Israel's Strike on Hamas Hackers Means For Cyberwar

What Israel's Strike on Hamas Hackers Means For Cyberwar

State-backed hacking and physical warfare have been on a slow but steady path toward convergence for about two decades, and both information security and warfare researchers say that it was only a matter of time before a nation launched a kinetic attack against enemy hackers.

Google Play Store’s Malware Problem, and More Security News This Week

Google Play Store’s Malware Problem, and More Security News This Week

Security News This Week: Google Play Store Has a Malware Problem. Working together with security researchers, a Motherboard investigation found that more than 20 Android apps in the Google Play Store were actually spyware that may have been developed for the Italian government.

A Guide to LockerGoga, the Ransomware Crippling Industrial Firms

A Guide to LockerGoga, the Ransomware Crippling Industrial Firms

LockerGoga, which was named for a file path in its source code by security research group MalwareHunterTeam, remains relatively rare and targeted compared to older forms of ransomware like SamSam and Ryuk, says Charles Carmakal, who leads a team of incident responders at FireEye who have dealt with multiple infestations.

Here's What It's Like to Accidentally Expose the Data of 230M People

Here's What It's Like to Accidentally Expose the Data of 230M People

"As you can imagine," Hardigree says, "I went into panic mode." The day before that scrum, WIRED had revealed that Exactis exposed a database of 340 million records on the open internet, as first spotted by an independent security researcher named Vinny Troia.

An Email Marketing Company Left 809 Million Records Exposed Online

An Email Marketing Company Left 809 Million Records Exposed Online

"This is just another case where someone has my data, and hundreds of millions of other people’s data, and I’ve absolutely no idea how they got it." Security Researcher Troy Hunt In the exposed database, the researchers also found some of what appear to be Verifications.io’s own internal tools like test email accounts, hundreds of SMTP (email sending) servers, the text of emails, anti-spam evasion infrastructure, keywords to avoid, and IP addresses to blacklist.

An Email Marketing Company Left 809 Million Records Exposed Online

An Email Marketing Company Left 809 Million Records Exposed Online

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes-worth of detailed, plaintext marketing data—including 763 million unique email addresses. The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described.

Hackers Listen In on What Synthetic DNA Machines Are Printing

Hackers Listen In on What Synthetic DNA Machines Are Printing

In new work they presented at last week’s Network & Distributed System Security Symposium, a team of researchers from UC Irvine and UC Riverside unveiled a so-called acoustic side-channel attack on a popular DNA-making machine, a vulnerability they say could imperil the up-and-coming synthetic biology and DNA-based data storage industries.

Hackers Can Slip Invisible Malware into 'Bare Metal' Cloud Computers

Hackers Can Slip Invisible Malware into 'Bare Metal' Cloud Computers

"Once the firmware is infected, there’s really no way to know if it is still infected or to recover from it." Karsten Nohl, Security Research Labs In their experiments, Eclypsium's researchers would rent an IBM bare metal cloud server, and then make a harmless alteration to its BMC's firmware, simply changing one bit in its code.

Chinese Surveillance, Facebook Tracking, and More Security News This Week

Chinese Surveillance, Facebook Tracking, and More Security News This Week

LEARN MORE The WIRED Guide to Data Breaches This week, a security researcher found that Chinese company SenseNets, which allegedly facilitates that facial recognition tracking, had left a database containing the associated data completely exposed online.

An Astonishing 773 Million Records Exposed in Monster Breach

An Astonishing 773 Million Records Exposed in Monster Breach

The data set was first reported by security researcher Troy Hunt , who maintains Have I Been Pwned , a way to search whether your own email or password has been compromised by a breach at any point.

News Article: FAO and University of Chile will promote sustainable development in the agri-food sector

News Article: FAO and University of Chile will promote sustainable development in the agri-food sector

FAO and University of Chile will promote sustainable development in the agri-food sector New agreement will foster knowledge-sharing and technology transfer to address climate change and food security 8 January 2019, Santiago, Chile - The Food and Agriculture Organization of the United Nations (FAO) and the University of Chile will join efforts in the areas of research, training, and technology transfer.

The Elite Intel Team Still Fighting Meltdown and Spectre

The Elite Intel Team Still Fighting Meltdown and Spectre

"In the past no one was aware of these issues, so they weren’t willing to sacrifice any performance for security." Jon Masters, Red Hat At the center of these efforts for Intel is STORM, the company's strategic offensive research and mitigation group, a team of hackers from around the world tasked with heading off next-generation security threats.

Australia's Encryption-Busting Law Could Impact the World

Australia's Encryption-Busting Law Could Impact the World

All of Australia's intelligence allies—the United States, the United Kingdom, Canada, and New Zealand, known collectively as the Five Eyes—have spent decades lobbying for these mechanisms."The debate about simplifying lawful access to encrypted communication carries a considerable risk of regulations spilling to other countries," says Lukasz Olejnik, a security and privacy researcher and member of the W3C Technical Architecture Group.

A Decade-Old Attack Can Break the Encryption of Most PCs

A Decade-Old Attack Can Break the Encryption of Most PCs

It's not super technically challenging."Segerdahl notes that the findings have particular implications for corporations and other institutions that manage a large number of computers, and could have their whole network compromised off of one lost or stolen laptop.'It's pretty quick and very doable for a knowledgable hacker.'Olle Segerdahl, F-SecureTo carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation.