there are several of them to worry in today’s world, so I apologize in advance for this added level of existential stress: New research indicates that in the event of super solar storm, the kind that hit in 1859, the internet could collapse entirely, and take even longer than the power grid to restore. The risk lies mainly in the submarine cables that connect the continents, which are grounded inconsistently and rely on components that a geomagnetic overvoltage could disturb. Although solar storms of this magnitude are rare, they do occur and the internet infrastructure has never been tested against it.
Cheerful! Although it sure doesn’t get much better from there. Medical devices have a poor cybersecurity record, and researchers this week shared details about vulnerabilities in an infusion pump that could allow hackers to administer additional doses. It’s a complicated attack to perform, but a less sophisticated version of it could still allow a ransomware attack on a hospital network.
A non-privacy-friendly default setting in Microsoft Power Apps, a feature meant to simplify the creation of web apps, has resulted in the exposure of 38 million records in thousands of organizations. The data included Covid-19 contact tracing information from the state of Indiana, as well as a payroll database from Microsoft itself.
Another IOS Zero Click Attack Revealed This Week in a report by the Citizen Lab at the University of Toronto. These hacks do not require any interaction from the victims: no attachments opened, no links clicked. It is the latest in a series of nation-state surveillance attacks on dissidents who take advantage of Apple’s iMessage security loopholes. The company could do a lot to make the courier service more secure for its most-at-risk victims; the question is how far it is prepared to go.
While geofence warrants, which target anyone in a certain area at a certain time, have long been a concern of privacy advocates, new data released by Google recently shows just how Basically, the police deployed them. The number of geofencing warrant requests the company has received since 2018 has increased tenfold, and they now represent 25% of incoming warrant requests overall.
And there’s more ! Each week, we collect all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.
A man in the Los Angeles area pleaded guilty this month to four crimes related to a scheme that resulted in the theft of more than 620,000 iCloud photos and videos of more than 300 victims. Rather than a vulnerability in iCloud itself, the author relied on phishing and social engineering, sending “customer support” emails from Gmail addresses such as “applebackupicloud” and “backupagenticloud”. He procured the private files both for his own purposes and on demand – designating photos and videos containing nudity as “wins” – promoting a service “icloudripper4you” which offered to s’ introduce in iCloud accounts. He now faces up to 20 years in prison.
The the Wall Street newspaper this week, an interview with the alleged hacker behind this month’s devastating crisis T-Mobile data breach. In it, the 21-year-old American describes T-Mobile’s security as “horrible”, but does not confirm whether he actually sold the data he stole and advertised on the dark web. The story details the hacker’s background and the state of violations in general; it is definitely worth setting aside some time to read.
The good news is that there is no sign that a hacker has actually abused the latest Microsoft Azure bug. The bad news is that if they had, they would have gotten a frightening amount of access – read / write privileges that could have allowed them to view, edit, or delete as they pleased – to every base. platform data. Microsoft has since patched the vulnerability, but it’s a big deal to have missed in the first place.
Speaking of Microsoft and security! A Razer bug made it possible to gain system-level privileges on a Windows 10 device by simply plugging in a $ 20 mouse. Razer said this would eliminate the vulnerability, but it raises broader concerns over similar software that relies on Windows’ plug-and-play configuration.
More great WIRED stories