Skip to content Skip to navigation

Friday Cyber News, April 5 2019

Cyber technology-related news and links from around the web, for the week of 3/30 - 4/5:

1. Verification and trust between states in cyberspace is difficult, and signatories to the Cybersecurity Tech Accord are promoting confidence-building measures to improve stability by building that trust. These measures include appointing a “cyber ambassador” to facilitate engagement and monitor evolutions in capabilities, developing a list of facilities that are off limits for cyber-attacks, establishing channels of communication to respond to requests for assistance from other states, and exercising cybersecurity scenarios, within the government, with key national stakeholders, and with other nations. [CyberTechAccord]

2. A Chinese citizen was arrested at Mar-a-Lago with two passports, four cell phones, a computer, a hard drive, and a thumb drive allegedly containing malware. In other China news, trade negotiations have included US attempts to receive an exemption from parts of China's cybersecurity law that require in-country storage of data and preferences for Chinese-made networking equipment. [WSJ x2]

3. New technologies need to be better understood by old people, as those 65 and older will be the largest demographic group for decades to come, but also the most susceptible to fake news, online scams, and hyperpartisan content. [Buzzfeed News]

4. Yuval Elovici, this newsletter's favorite magician of novel exploits, has demonstrated the ability to intercept and manipulate CT scans, adding and removing evidence of lung cancer and fooling radiologists, in an active hospital network, via a covert penetration test. [Arxiv]

5. A new study from researchers at USC, Upturn, and Northeastern shows that Facebook's ad display calculations can themselves produce discriminatory ad display characteristics, even if advertisers select broad and inclusive categories. [Arxiv; The Intercept]

6. In an op-ed that could have been subtitled "somebody stop me", Mark Zuckerberg asks for stronger governmental regulation of internet companies, addressing data portability, election integrity, harmful content, and privacy. [The Verge]

7. Now Alexa is HIPAA-compliant and can provide medical test results or allow remote checking on a patient's in-hospital progress. Concurrently, the FDA has released a "Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device." See also: Machine Learning in Medicine, a review of the field and suggestions to improve cross-specialty coordination. [CNBC; NEJM; Regulations.gov]

8. Ross Anderson, this newsletter's second-favorite magician of novel exploits, has discovered an acoustic side channel attack that can hear what you type on your phone: "When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen. Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device" [Arxiv]

9. Don't call it a crypto comeback, but...BlackRock is reorganizing to focus on alternative investments, including cryptocurrencies, and A16Z is re-registering itself as a firm of financial advisors, rather than VCs, to allow it to invest more heavily in crypto assets. [Forbes x2]

10. UpGuard found Facebook app developers were storing FB users' data on unsecured AWS servers. Arxan found vulnerabilities in 30 popular financial services apps. Tencent Keen Security Lab found that three small stickers on a roadway can fool Tesla's autopilot into steering into oncoming traffic. MIT, UT Austin, and Harvard have found a way to use machine learning to make basil taste better. [Bloomberg; Arxan; Boingboing; Technology Review]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)