Security News This Week: Hackers Play Anti-Trump Song on Local Radio Stations Across the US
There’s a lot of international news to process lately, and some of it was refreshingly positive in the world of cybersecurity. Mozilla announced this week that the average quantity of encrypted internet traffic is finally larger than the average quantity of unencrypted traffic. Researchers at Google and domestic violence advocacy groups are working to understand how technology makers can develop their products to better aid survivors of intimate partner abuse. And a podcast app called RadiTo is working to circumvent censorship in Iran so citizens can access diverse international audio from within the country.
There was some bad news too, though. Ransomware attacks are on the rise, and are taking on larger targets than ever. A man filed a lawsuit against Grindr alleging that the company did nothing to help him deal with spoofed accounts masquerading as him that are disrupting his privacy and life. And police across the US are using cell data they can get without a warrant to track suspects’ whereabouts.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Hackers Use Known Vulnerability That Radio Stations Ignored to Put Anti-Trump Song on Local Airwaves
Hackers have been targeting a bug in a particular low-power FM radio transmitter to play the YG and Nipsey Hussle song “F–k Donald Trump” live on air on more than a dozen local radio stations around the country. The attacks take advantage of a vulnerability that was disclosed in April 2016, but that many stations still haven’t addressed. The vulnerability occurs when a certain model of Internet-connected transmitter doesn’t have a strong password restricting access and isn’t behind a firewall or VPN. The stations that use the equipment are all small-radius, low-power FM stations, though, so “F–k Donald Trump” probably won’t be coming to larger networks any time soon.
Browser Security Experts Increasingly Critical of Anti-Virus Software
More and more developers who work on securing browsers like Google Chrome and Mozilla Firefox have come out against antivirus software recently because they say it hinders deployment of new security features. Since AV attempts to monitor and secure an entire computing environment, it inserts itself into many programs and must be able to interoperate. As a result, software vendors have to work around it, and this process can delay or even stall security improvements. For consumers, it’s difficult to know what the right course of action is, because anti-virus software can do some good, but has many flaws. For now the answer seems to be simply making an informed choice, and, as always, keeping all software and devices current with the latest security updates from the developer. Anti-virus makers themselves have slowly been acknowledging that they need a new paradigm, but the shift can’t come quickly enough.
Treasury Implements Planned, Minor Exceptions to Sanctions Against Russian Spy Agency
On Thursday, the US Treasury slightly altered sanctions against the Russian intelligence agency FSB. The sanctions were created in response to Russia’s alleged political hacking during the 2016 presidential election. The change is meant to let companies interact with FSB for approval to import digital products to Russia. Under the revised rule, companies are only allowed to do transactions with FSB up to $5,000 for permits and certifications in a given year. The news sparked rumors that the White House was backing off of the sanctions, recently put in place by former President Obama. But President Trump said on Thursday that he’s “not easing anything.”
Smartphone-Cracking Software Leaks From Hacking Tool Dealer Cellebrite
The hacker who claimed in January to have nabbed 900GB of data from the servers of the smartphone analysis group Cellebrite has publicly leaked a collection of files from the breach that relate to doing forensic evaluations of Blackberry and Android handsets and some old iPhone models. Cellebrite is known for working with government law enforcement agencies, but also seems to have worked with authoritarian regimes like Russia and the United Arab Emirates. Some of the iOS tools are similar to and possibly based on software already publicly available among jailbreakers. The Cellebrite hacker told Motherboard that he or she wanted to release the data to show that hoarding hacking tools is dangerous because they’ll almost certainly leak.