![](\"https:\/\/media.wired.com\/photos\/5ce87a6e3cd5de818555e369\/master\/pass\/Securtiy_SnapLion-apps-security-roundup.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Emily Dreyfuss| Date: Sat, 25 May 2019 13:00:00 +0000<\/strong><\/p>\n The Memorial Day <\/span>weekend begins on a dire note for constitutional protections. On Thursday, the US government indicted Wikileaks founder Julian Assange<\/a> for violating the Espionage Act. This is the first time in modern history that the US has charged the publisher of sensitive materials rather than the person who leaked it. The charges stunned even Assange\u2019s harshest critics, who argued that whether you think he\u2019s a journalist or not, the precedent set by his conviction could threaten the First Amendment itself.<\/p>\n In other dire news, facial recognition technology is scaring people so much that both Democrats and Republicans say something needs to be done. At a hearing before the House Committee on Oversight and Reform, lawmakers on both sides agreed that the US needs to regulate<\/a> the technology, fast.<\/p>\n Meanwhile in Washington, despite the 2020 presidential election ramping up and the looming threat of election tampering, both major political parties still have bad cybersecurity practices.<\/a> And despite Elizabeth Warren\u2019s call for a \u201cRight to Repair\u201d law, we\u2019re all currently tenants on the devices we thought we owned<\/a>.<\/p>\n Bluetooth is officially so complex that it\u2019s a security risk<\/a>. In fact, Google will replace<\/a> its Titan Security Keys because of a flaw in their Bluetooth Low Energy protocol. That\u2019s good. Not so good for Google? The company got caught storing passwords<\/a> in plaintext for, uh, 14 years!<\/p>\n And there\u2019s more! Each week we round up the news that we didn\u2019t break or cover in depth but that you should know about. As always, click on the headlines to read the full stories. And stay safe out there.<\/p>\n At Snap, like so many other consumer-focused platforms before it, the spying was coming from inside the house. Motherboard reports that according to former and current employees, Snapchat developed a tool called SnapLion to allow the company to access user accounts in order to comply with legitimate legal requests from law enforcement. According to two former employees, some of the platform's employees abused the SnapLion tool ago to inappropriately access user information. Before you completely panic: Motherboard also emphasizes that Snapchat has since cracked down on who can access SnapLion\u2014though it has also expanded what SnapLion can do and how it is used\u2014and has since introduced end-to-end encryption. The other thing to note is that insider spying is always a threat at companies like this, and though it\u2019s alarming to learn that Snapchat has a tool that gives a near-godlike-view of all user data, it\u2019s not out of the norm, and in fact is something the company needed to have in order to comply with court orders. Additionally, despite a trove of emails that show deep concern among employees at Snap over the years about the risk of insider spying, the former employees reported that the wrongdoing only happened a \u201chandful of times,\u201d but was carried out by multiple people.<\/p>\n At the beginning of May, hackers used sophisticated ransomware known as RobinHood to take control of Baltimore\u2019s city servers, on which much of the city\u2019s essential services are processed. The mayor refused to pay the bitcoin ransom\u2014worth roughly $100,000\u2014so the city has been at a bit of a standstill. It can\u2019t process payments to city agencies, government workers can\u2019t access their email, and no real estate transactions can be completed in the city at all. There have been at least 20 other cyberattacks on cities and towns in the US in 2019, according to NPR. Baltimore has reportedly reached out to city officials in Atlanta for advise, to learn how how that city coped with its own ransomware attack in 2018<\/a>. The city is also working with federal law enforcement and private security experts, though there are fears the deadlock could last a lot longer, given the sophistication of RobinHood.<\/p>\n Imagine if you\u2019d gone into a coma in the \u201890s and woke up to read the above headline. Ah, 2019, the year absurdity reigns. And the year in which golfing magazines have published multiple scoops about the president of the United States of America cheating at the game. The latest Golf news isn\u2019t about cheating, though; it\u2019s about the president\u2019s scores being hacked. According to Golf Week, a hacker uploaded false scores to Trump\u2019s official United States Golf Association\u2019s Golf Handicap Information Network site, which is a place golfers can post scores and calculate their handicaps. The scores were not good, making the president look bad, and were posted on a day he wasn\u2019t playing golf. The USGA confirmed that \u201cit appears someone has erroneously posted a number of scores on behalf of the GHIN user\u201d but it\u2019s not clear if it was a prank or an accident.<\/p>\n The US government uses license plate readers at borders, on highways, in cities, and all over the plate to spy on citizens, immigrants and visitors alike. One Tennessee-based company provides the government with almost all of these readers, and runs the servers and back-end that stores and process the images. And that company, Perceptics, was just hacked. In a statement to the UK newspaper The Register<\/em>, the company confirmed it had been breached. A hacker calling themselves Boris sent the newspaper stolen files from Perceptics, which included image, among many other file types. According to The Register<\/em>, the files had names that suggested an association with specific US government agencies, such as Immigrant and Customs Enforcement. Though The Register<\/em> confirmed the breach, it apparently didn\u2019t check what the files contained, writing at one point that \u201cmany of the image files, we're guessing, are license plate captures.\u201d<\/p>\n