We at WIRED are wrapping up for the year and gearing up for what is sure to be an eventful 2023. But 2022 will not go down without a fight.
This week, following another wave of chaos on Twitter, we’ve explored exactly why the public needs real-time flights, even if Elon Musk claims it’s the equivalent of doxing. The crucial transparency that this publicly available data provides far outweighs the limited privacy value that censorship would bring to the world’s rich and powerful. Unfortunately, Musk’s threats of legal action against the developer of the @ElonJet tracker have wider chilling effects.
Meanwhile, Iran’s internet outages — in response to widespread civil rights protests — are sabotaging the country’s economy, according to a new assessment from the US State Department. Due to heavy sanctions against Iranian entities, the exact economic impact of Tehran’s internet outage is difficult to calculate. But experts agree it’s not good.
You may have come across the Flipper Zero in a recent viral TikTok video, but don’t believe everything you see. WIRED’s Dhruv Mehrotra got his hands on the palm-sized device, which contains an array of antennas that allow you to copy and broadcast signals from all types of devices, such as RFID chips, NFC cards, and more. We found that while the Flipper Zero can’t drain money from an ATM, for example, you can do plenty of other things with it that could get you in trouble. But most of the time, you can see the radio wave-filled world around you like never before.
But that is not everything. Each week we round up the security stories we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
Between long hours, medallion costs, and the rise of Uber and Lyft, the life of a cab driver in New York City is hard enough. Now it appears that Russian hackers — and a few of their entrepreneurial partners in Queens — were trying to get their own share of those drivers’ fares.
According to prosecutors, two Queens men, Daniel Abayev and Peter Leyman, teamed up with Russian hackers to gain access to the taxi dispatch system for New York’s JFK airport. They then allegedly created a group chat where drivers could secretly pay $10 to skip the sometimes hours-long line to be assigned a pickup — about one-fifth of the $52 flat fee passengers pay for rides from the airport to elsewhere in NYC. The charges against the two men do not name the Russians or describe exactly how they gained access to JFK’s dispatch system. But it notes that since 2019, Abayev and Leyman have reportedly been plotting to gain access to the system in a variety of ways, including bribing someone to insert a USB drive containing malware into one of the dispatch operators’ computers. allowing unauthorized access to their systems via Wi-Fi. Fi, and stealing one of their tablet computers. “I know the Pentagon is being hacked,” Abayev wrote to his Russian contacts in November 2019, the indictment said. So, can’t we hack the taxi industry?[?]”
Before the plan was dropped, prosecutors said it allowed drivers to make up to 1,000 fraudulent line skips a day,
It’s hardly a secret that Cyber Command, the NSA’s more cyber-attack-focused sister organization, often engages in “hunting forward,” as Cybercom director Paul Nakasone put it. That means pre-emptively hacking foreign hackers to disrupt their operations, often ahead of an event like a US election. So maybe it’s not a surprise, like The Washington Post reports that Cybercom was targeted by Russian and Iranian hackers during the 2022 midterm elections. It’s not clear exactly how those hackers got disrupted, but an official told the After that the operations mostly target the basic tools the hackers use to operate, including their computers, internet connections and malware. In some cases, that foreign malware is discovered abroad by Cybercom and shared with potential targets in the US for easier detection.
While foreign hacking of US elections has declined since its peak in 2016 — when Russia hacked the Democratic National Committee, Clinton campaign, and many other targets — it certainly hasn’t disappeared. Cybersecurity firm Mandiant reported this week that Russia’s military intelligence agency appears to have attacked election websites with distributed denial-of-service attacks during the midterm elections, despite Cyber Command’s best efforts.
On Monday, federal prosecutors charged two men — one from Wisconsin, the other from North Carolina — for allegedly participating in a whacking plan that targeted the owners of more than a dozen compromised Ring home security cameras for a week. According to the indictment, Kya Christian Nelson, 21, and James Thomas Andrew McCarty, 20, used leaked Yahoo account credentials to access Ring accounts of individuals across the country. The defendants then allegedly called false reports to police claiming to dispatchers that a violent incident took place at the victim’s home, and then livestreamed the police response to the hoax. In several incidents, the two men taunted responding police officers and victims through the Ring device’s microphone, the indictment said.
Nelson, who went by the alias “ChumLul,” is currently jailed in Kentucky on an unrelated case. McCarty, who went by the alias “Aspertaine,” was arrested last week on federal charges filed in the Arizona District. Nelson and McCarty are both charged with conspiracy to intentionally gain unauthorized access to computers. Nelson has also been charged with two counts of intentional access to a computer without permission and two counts of aggravated identity theft. If convicted, they could each face up to five years in prison, with Nelson receiving an additional seven years for the additional charges.
In March 2017, Netflix tweeted a simple message: “Love is sharing a password.” Now, five years later, that sentiment is at the end of its life. According to a Wall Street Journal report this week, the streaming service plans to restrict password sharing in early 2023. Netflix has been testing ways to prevent households in Latin America from sharing passwords in 2022, and the report suggests it’s ready to expand the measures. Netflix says more than 100 million viewers watch its TV shows and movies using someone else’s passwords, and it wants to monetize those views. “Make no mistake, I don’t think consumers will love it right away,” said the log Netflix co-CEO Ted Sarandos told investors earlier this year. Elsewhere, the This is reported by the Intellectual Property Office of the British government it believes that sharing passwords for online streaming services may violate copyright laws. However, it is unlikely that anyone will ever be prosecuted.
The Roomba J7 home robot uses “PrecisionVision Navigation” to avoid objects in your home, such as piles of clothes on the floor or accidental piles of dog poop. The robot can do this partly by means of a built-in camera and computer vision. However, if MIT Technology Review reported this week, gig economy workers in Venezuela posted photos of the robots online, including an image of a woman on the toilet. The photos and videos were taken by a development version of the J7 robot in 2020 and shared with a startup that contracts workers to tag the images, which helps train computer vision systems. Those using the development machines agreed that their data would be shared. Roomba maker iRobot, which is being bought by Amazon, said it is ending its contract with the startup that leaked the footage and is investigating what happened. However, the incident highlights some of the potential privacy risks with the massive datasets used to train artificial intelligence applications.
All Kelly Conlon wanted to do was watch the Rockettes with her daughter’s Boy Scout troop. But thanks to a Madison Square Garden Entertainment facial recognition system, Conlon was summarily kicked out of Radio City Music Hall for being unknowingly banned from the venue. The problem, according to MSG Entertainment, is that Conlon is an attorney at a law firm that is currently embroiled in a lawsuit against the company. (Conlon said she’s not personally involved in that process.) “They knew my name before I told them. They knew the company I was dealing with before I told them. And they told me not to be there,” Conlon told NBC New York. MSG Entertainment, meanwhile, defended the lawyer’s eviction as necessary to avoid an “inherently adverse environment.” The episode raises concerns about the use of facial recognition technology, which remains so underregulated that a company could use it to punish its enemies. Happy Holidays!
