A Bug in Popular Android Phones Gives Hackers Full Control - WIRED
|WIRED 05 Oct 2019 at 10:55|
The theme of this week is by now a familiar one: "Things keep getting worse." Starting with the security of countless so-called real time operating systems that all . That makes them all vulnerable to the set of Urgent/11 vulnerabilities we had reported on just the other week. And as is so often the case with these sort of devices and ancient code, there s really no good way to fix them. And that was just the start of the week.
As a bookend, the attorney general encouraging them not to go forward with its plans for cross-platform end-to-end encryption, in the process reigniting the decades-old encryption debate . But while Barr had his counterparts from the UK and Australia backing up his push, it s unclear what if any actual authority he would have to weaken encryption without laws on the books forcing it. (Also, it would be a truly terrible idea.)
In slightly brighter social media news, we looked at how from the next Cambridge Analytica. And we explained how the new Incognito Mode for Google Maps helps cover your tracks—and more importantly, all the ways in which it doesn t. Speaking of covering tracks, we took a look at how the Ukraine whistle-blower did everything meticulously by the book , and the potential dangers in the Trump administration s repeated insistence that he or she did not. We also for some perspective on what the current one must be going through. The consensus: his or her life will be forever changed.
The Trump campaign, meanwhile, appears to have been the target of Iranian hackers , although Microsoft says the phishing attempts it spotted were unsuccessful. Lastly, if you re thinking about ... don t! You re welcome.
And there s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
The bug boffins at Google s Project Zero have identified a vulnerability in popular Android handsets like the Google Pixel 2, Samsung Galaxy S9, and Moto Z3. Not only that, but the researchers have spotted evidence that hackers are exploiting that bug in the wild. This isn t quite as dire as, say, the . For one thing, the affected devices are mostly older, although in many cases still widely in use. And for the attack to work, it needs either to be paired with a second Chrome browser exploit, or victim needs to download a malicious app. Still, the potential consequences are devastating, especially given that it s actively in use: a full compromise of the device, meaning access to any of its data and more. Google says it plans to patch the vulnerability in its October security update.
In the heated, high stakes debate over net neutrality , the FCC comment period became a prime battleground. Unfortunately, as was , that process was also overwhelmed by bots . A Buzzfeed News investigation shows how two small firms appear to have been behind the bulk of the misrepresentation.
Security experts broadly agree that voting by app is not a great idea, electoral-integrity-wise. Still, an app called Voatz entered that particular thunderdome in West Virginia last fall, allowing members of the military from that state serving abroad to cast their ballots with their smartphones. Now, CNN reports that the FBI is investigating an apparent attempt to hack into Voatz—although it may have been as . Either way, it s a nice reminder of why everyone s so uncomfortable with this whole digital voting idea in the first place.
German authorities raided and shut down a "bulletproof" Dark Web hosting operating comprising hundreds of servers housed in an former NATO bunker in late September. Seven were arrested in connection with hosting the sites—which included “Cannabis Road,” “Wall Street Market,” and “Orange Chemicals”—including the 59-year-old Dutchman alleged to be the operation s ringleader.
Brian Barrett is the digital director at WIRED, covering security, consumer technology, and anything else that seems interesting. Prior to WIRED he was the editor in chief of the tech and culture site Gizmodo and was a business reporter for the Yomiuri Shimbun, Japan’s largest daily newspaper.