![](\"https:\/\/media.wired.com\/photos\/59e13169e926957a1ec521ab\/master\/pass\/PhoneHackedDate-HP-531403996.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Sat, 14 Oct 2017 12:00:00 +0000<\/strong><\/p>\n This week was <\/span>one of revelations in the security world, most of them centered around nation-states pulling off ambitious hacks. In the wake of reports that Russia had used Kaspersky Lab software to steal NSA secrets, we took a look at the antivirus paradox<\/a> that applies to every company selling it. And given reports that North Korea had attempted to hack a US energy utility, we looked at when exactly grid-attacks should freak you out<\/a>.<\/p>\n In addition to break-ins, we took a look at a few things that are broken, like Donald Trump\u2019s attempt to use Richard Nixon\u2019s \u201cmadman\u201d playbook<\/a> against North Korea. (It didn\u2019t work so great for Nixon, either.) Cyberattacks don\u2019t really work against North Korea anymore, because there\u2019s not much internet to work with. Social Security numbers are a bad system that\u2019ll be hard to replace<\/a>\u2014but not impossible. Voting tech reforms have started coming in drips<\/a>, but we need to crank the faucet all the way.<\/p>\n There\u2019s at least some good news though: A method exists that would have helped stop the Equifax megabreach and others like it<\/a>. If only more companies would use it.<\/p>\n And yet there's more! As always, we\u2019ve rounded up all the news we didn\u2019t break or cover in depth this week. Click on the headlines to read the full stories.<\/p>\n You know how annoying it is when you\u2019re just futzing along on your iPhone and suddenly a pop-up prompts you to enter your Apple ID password for no good reason? As developer Felix Krause illustrates, that reason might well be \u201ca bad guy wants to steal your info.\u201d Krause says that it\u2019s \u201cshockingly easy\u201d for a shady developer to prompt people to enter their passwords using iOS\u2019s UIAlertController, which lets developers create pop-ups that also happen to mimic the system dialog. How to protect yourself? Don\u2019t download untrusted apps first of all. But you can also hit the home button when a pop-up asks for your password. If the app quits, someone was phishing you. If not, it\u2019s a real-deal iOS request.<\/p>\n The already absurd Equifax situation seemingly grows a little more so every day. Earlier this week, the company\u2019s site delivered<\/a> bogus Flash updates to users; if you clicked, your device came down with a nasty case of adware. This time, at least, the company paid a price: The IRS has suspended the $7.5 million (no-bid) contract it first awarded Equifax to \u201cvery taxpayer identity\u201d in the aftermath of the initial debacle. It could be reinstated after a review, but in the meantime the service Equifax had proved, called Secure Access, is down.<\/p>\n One of the original low-cost, high-quality smartphones out of China, OnePlus has a reputation for solid design and an at times archaic order process. It also uses OxygenOS, a forked version of Android with perfectly decent usability and, apparently, one nasty little surprise: It tracks users, but doesn\u2019t anonymize that data. All smartphones send location and other data back to their servers, but they also take precautions not to link that data with a specific phone, because it would enable the kind of privacy overreaches that consumers rightly find deeply unsettling. According to security researcher Christopher Moore<\/a>, though, OxygenOS recorded the device\u2019s unique identifiers, battery status, timestamps, detailed app usage information, and more. At least now we know what the \u201cplus\u201d stands stands for.<\/p>\n The Daily Beast takes a look this week at Danny Manupassa, a security products vendor who, the report says, has sold phones that \u201chave been linked to assassinations, armed robbery, money laundering, and other serious crimes.\u201d More than a look at just one supplier, the story looks at the underworld use of encrypted, hard to trace smartphones. It\u2019s a cutthroat business in a murky legal territory, and worth spending a little time with.<\/p>\n