{"id":17798,"date":"2020-02-22T10:45:28","date_gmt":"2020-02-22T18:45:28","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/02\/22\/news-11531\/"},"modified":"2020-02-22T10:45:28","modified_gmt":"2020-02-22T18:45:28","slug":"news-11531","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2020\/02\/22\/news-11531\/","title":{"rendered":"A Tiny Piece of Tape Tricked Teslas Into Speeding Up 50 MPH"},"content":{"rendered":"

<\/p>\n

Credit to Author: Brian Barrett| Date: Sat, 22 Feb 2020 14:00:00 +0000<\/strong><\/p>\n

Brian Barrett<\/span><\/a><\/span> <\/span><\/p>\n

An MGM Resorts breach, natural gas ransomware, and more of the week's top security news.<\/p>\n

This week was filled with wide-scale calamity. Hundreds of millions of PCs<\/a> have components whose firmware is vulnerable to hacking\u2014which is to say, pretty much all of them. It's a problem that's been known about for years, but doesn't seem to get any better.<\/p>\n

Likewise, Bluetooth implementation mistakes in seven SoC\u2014system on chips\u2014have exposed at least 480 internet of things devices to a range of attacks<\/a>. IoT manufacturers will often outsource components, so a mistake in one SoC can impact a wide range of connected doodads. The most troubling part, though, is that medical devices like pacemakers and blood glucose monitors are among the affected tech.<\/p>\n

YouTube Gaming, meanwhile, wants to take Twitch's crown as the king of videogame streaming. But its most-viewed channels are almost all scams and cheats<\/a>, a moderation challenge that it'll have to take more seriously if it wants the legitimacy it's spending big money to attain<\/a>. In another corner of Alphabet's world, hundreds of Chrome extensions were caught siphoning data from people who installed them, part of a sprawling adware scheme.<\/p>\n

WIRED reported exclusively this week<\/a> that US officials have pinned a wave of cyberattacks against the country of Georgia on Russia's notorious Sandworm hackers. The hack itself was brazen\u2014defacing 15,000 websites and disrupting two TV networks\u2014but the attribution serves mostly as a warning to Russia that it shouldn't attempt the same sort of malarky stateside.<\/p>\n

With the firing of director of national intelligence Joseph Maguire this week, Donald Trump has continued his gutting of senior national intelligence positions<\/a>. Probably not a great strategy in the long run, especially since Russia is actively supporting both Trump and Bernie Sanders this year<\/a>, just like they did in 2016. (In fairness, they only want Trump to actually win.)<\/p>\n

And that's not all! Every Saturday we round up the security and privacy stories that we didn\u2019t break or report on in depth but think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.<\/p>\n

Researchers at McAfee have demonstrated a new spin on an old trick. By subtly tampering with a speed limit sign\u2014in this case, literally adding a two-inch strip of black tape\u2014they were able to trick the Mobileye EyeQ3 camera on a 2016 Tesla Model X and Model S into feeding bad information to the vehicles' autonomous driving features, sending both cars into a rapid acceleration. It's a low-tech version of the well-known problem of adversarial examples<\/a>, image alterations that cause machine learning systems to misinterpret data. (Intel, which owns Mobileye, disputes that it's an adversarial attack, since the tape could have fooled a human eye as well.) The good news is that the problem doesn't affect 2020 Teslas, which no longer use Mobileye technology, and newer versions of the Mobileye camera seem impervious as well. That doesn't help older models, though, which remain susceptible to the shenanigans below:<\/p>\n