Dr. T's security brief
dtau...@gmail.com
Millions of Wi-Fi Routers Vulnerable to Hacker Attack
Tom's Guide
Paul Wagensell
January 12, 2022
Researchers at endpoint protection platform Sentinel Labs warn that millions of home Wi-Fi routers worldwide could be hacked over the Internet via a security vulnerability, although no known exploits have appeared in the wild as yet. The flaw resides in NetUSB, a Linux kernel module developed by Taiwanese universal serial bus (USB) software company KCodes that lets devices access local networks through the router's USB port. Sentinel Labs' Max van Amerongen found hackers could create a memory-buffer overflow by transmitting NetUSB-specific commands on port 20005, commandeering the router's Linux kernel. The flaw affects routers from Netgear, and the researchers think Edimax, D-Link, Tenda, TP-Link, and Western Digital products also are affected. Netgear has released patches for its three affected models; the other manufacturers have not yet done so.
Third-Party Software for Teslas Can Be Hacked, German Teen Says
Bloomberg
Katrina Nicholas; Jordan Robertson
January 12, 2022
German teenager David Colombo claims to have discovered flaws in third-party software that could allow hackers to remotely hijack certain functions of Tesla cars. He tweeted that the software insecurely stores data required to link the cars to the software, which hackers could steal and use to send malicious commands to the vehicles. Colombo reportedly exploited the vulnerability to unlock doors and windows, start cars without keys, and deactivate their security; he also said he could see if a driver was in the vehicle, turn on stereo systems, and flash headlights. Colombo said he was able to access over 25 Teslas in at least 13 countries via the flaw. He asked Bloomberg not to publish specifics of the exploit, as the company that makes the affected software has not yet released a patch.
Smart Guns Arriving in the U.S.
Reuters
Daniel Trotta
January 11, 2022
Smart guns are beginning to become available to U.S. consumers, with smart gun maker LodeStar Works unveiling a 9-millimeter smart handgun. Smart guns could prevent accidental shootings, reduce suicides, and render lost or stolen guns worthless, as they use technology to authenticate the user’s identity and will disable a gun if an unauthorized person tries to fire it. Early prototypes used either fingerprint unlocking or a radio frequency identification (RFID) system that allows firing only when a chip in the gun interacts with a chip worn by the user. LodeStar's latest model combines a fingerprint reader, a phone application-activated near-field communication chip, and a personal identification number pad. Smart firearms from SmartGunz are secured by RFID, while Colorado-based Biofire is developing a smart gun incorporating a fingerprint reader.
The End of Car Keys, Passwords, Fumbling with Phones at Checkout
The Wall Street Journal
Christopher Mims
January 8, 2022
Ultra-wideband (UWB) technology being developed by the nonprofit FiRa Consortium could revolutionize interaction with devices, if privacy and other issues can be addressed. UWB adds a centimeter-level sense of location to three-dimensional space by triangulating objects' positions through radio waves' travel times between devices and beacons. Companies like Apple, luxury automaker BMW, and others have used UWB to allow users to unlock and start cars via handheld devices. University of California, San Diego researchers demonstrated that a new type of beacon could speed UWB about 10-fold and reduce power consumption commensurately. FiRa's Ardavan Tehrani said overcoming privacy concerns about objects and devices constantly broadcasting locations would remove a key hurdle to augmenting awareness through smart glasses and other interfaces.
*May Require Paid Registration
Sweden’s Psychological Defense Agency to Fight Fake News, Foreign Interference
The Washington Post
Adela Suliman
January 6, 2022
Sweden on Jan. 1 created the Swedish Psychological Defense Agency to fight the spread of disinformation campaigns. The agency will work alongside the Swedish military and government in battling fake news and disinformation. The agency’s Magnus Hjort said it aims to bolster the country’s “ability to identify and counter foreign malign information influence, disinformation, and other dissemination of misleading information directed at Sweden." Hjort explained the agency will work to "protect Sweden against foreign malign information influence" ahead of the country's elections in September. Among the skeptics to the new agency’s agenda is the London School of Economics and Political Science’s Martin Bauer, who said, “I suspect policing the Internet is indeed a lost cause.”
Amazon, Google, Apple Execs To Discuss Software Security In White House Meeting
Reuters 
(1/13, Bose) reports the White House will meet with Amazon, Google, and Apple executives “on Thursday to discuss software security after the United States suffered several major cyberattacks last year.” Last month, “White House National Security Advisor Jake Sullivan sent a letter to chief executives of tech firms after the discovery of a security vulnerability in open-source software called Log4j that organizations around the world use to log data in their applications.” Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger will host Thursday’s meeting, which “will discuss concerns around the security of open-source software and how it can be improved, the White House said in a statement.”
Fox Business (1/13, Singman) reports that in addition to Amazon, Google, and Apple, Administration officials will meet with representatives from Akamai, Apache, Cloudfare, Meta, GitHub, Google, IBM, Linux Open Source Foundation, Microsoft, Oracle, RedHat, and VMWare. Meeting with the businesses “will be senior leaders and senior open-source software experts from leading agencies, including the Departments of Commerce and Homeland Security, the Pentagon, the Cybersecurity and Infrastructure Security Agency, the Department of Energy and more.”