It’s Black Hat and DefCon conference time again, when the world’s top security researchers descend on the den of iniquity that is Las Vegas in August and try to scare the bejeezus out of people with new research into ominous hacks. Hooray!
WIRED’s been there for a few days already. Lily Hay Newman discovered that several mobile credit card readers are rife with bugs, potentially leaving you exposed. She also reports that researchers found a way to hack new Mac computers right out of the box, and the hubs that power smart cities are so vulnerable they’re a hacker’s dream. Brian Barrett reports that online stock trading has some serious security holes, and millions of Android phones have insecurities built right in, thanks to bad firmware tweaks from carriers and manufacturers. Louise Matsakis explains how machine learning can ID anonymous coders based on the quirks of their style, and why touchscreens in your hotel room could be spying on you. Oh, and there’s a new way to hack Medtronic pacemakers that could kill people. Yeesh.
WIRED will be in Vegas all weekend covering the conferences, so check back for more stories.
This week wasn’t all news from the Sin City, though. We also suggested seven ways to stay safe on public Wi-Fi. We told you about an apparent assassination attempt when a drone carrying explosives allegedly detonated near Venezuelan president Nicholas Maduro. And security researchers are totally freaked out that West Virginia is going ahead with voting-by-app for some overseas service members in the midterms, even though online voting is known to be vulnerable.
But of course, there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Remember when the FCC’s website went down right as people were trying to comment about the plans to kill net neutrality? Of course you do. There was that whole John Oliver bit, where he told people to inundate the agency’s website with pro-net neutrality comments, but the many couldn’t because the site went dead. For a year, the FCC has alleged that the site got hit by a cyberattack. Well, a report from the FCC’s own inspector general this week found that there was none. “Rather than engaging in a concerted effort to understand better the systematic reasons for the incident, certain managers and staff at the Commission mischaracterized the event to the Office of the Chairman as resulting from a criminal act, rather than apparent shortcomings in the system,” it reads, concluding it was poor site design, lack of readiness to handle massive traffic, and a surge in visits that took the site down. The report says the FCC ignored warnings that Last Week Tonight fans would likely flood the site.
Taiwanese chipmaker TSMC was hit with what it says was a WannaCry-like virus last weekend, taking down at least three of its manufacturing plants. According to company reps, a supplier connected tainted software to their network, which then spread the virus to multiple plants. TSMC is in the middle of filling order for Apple’s next iPhone, Bloomberg reports, so the crashed systems came at a bad time. Systems were again by Monday, and analysts say there should be minimal impact on Apple’s timeline for the new phone.
Now, look, can you trust anything Wikileaks tweets? Debatable. We’ve extensively covered that site’s descent into unreliability and its giddy role in undermining the 2016 US presidential election, so we take this report with a grain of salt. But according to an image of a letter shared on its official account, the US Senate Intel Committee has asked WikiLeaks founder Julian Assange to testify about the website’s role in disseminating hacked information from the Democratic National Committee in 2016 on behalf of Russian agents. The intel committee wouldn’t verify. As Vox notes, “if that’s true, it’s a big deal.”
Golf tournaments are usually rather well-heeled affairs, with the biggest controversies centering on gets mad and throws their putter in a lake. But ahead of this week’s PGA Championship in Missouri, Golf Week reports that hackers took over PGA of America’s computer servers, locking down promotional materials unless the organization coughed up a ransom in bitcoin. The IT department was working to get those “extensive promotional banners and logos” back, but they hadn’t been successful by press time. (Though Golf Week reported this first, we want to give a shout-out to the pun-filled report British newspaper The Register
The Next Web reports that the proprietary source code for Snapchat may have been posted on GitHub for anyone to find for up to two months. Strangely, the person claiming responsibility for the hack and leak claims they are researcher who just wanted to alert Snap to a vulnerability but couldn’t find a way to get in touch. (TNW reports it’s pretty easy to get in touch with Snap, which runs a bug bounty program.) Either way, eventually Snap figured it out, sent GitHub a DMCA takedown notice and the data was removed.