WeWork’s Wi-Fi Is Woefully Insecure
Credit to Author: Brian Barrett| Date: Sat, 21 Sep 2019 13:00:00 +0000
The Saudi oil strike, a license plate privacy disaster, and more of the week's top security news.
This week, we talked to Edward Snowden about his years in exile—and reviewed Permanent Record, his new book about the same. And that's just for starters!
The Air Force has made it official: It's bringing a satellite to the Defcon hacking conference next year for poking and prodding. Teams will have to submit an initial proposal and show their mettle in a "flat sat" situation, where all the satellite components are arrayed on the ground. And the chosen few who pass those steps will get to try to hack a satellite in real time in Las Vegas.
Elsewhere, DDoS attackers have gotten even more clever, which could lead to big problems. New research shows that Roku and Amazon Fire TV channels track user behavior even when you ask them not to. And Huawei has been shut out of an international cybersecurity group, which could leave the company's devices more exposed in the long run.
Lastly, it's well worth your time to read this feature from our October issue about a murder case in which a Fitbit played the role of star witness.
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
It's been a tough stretch for WeWork, between embarrassing revelations about its founder, Adam Neumann, and a delayed initial public offering. Add to the pile its Wi-Fi security practices, which recent scans have shown leave documents potentially exposed to anyone else who shares the space. WeWork does offer some enhanced networking security features, like a private VLAN or private office network, but those cost extra. Not ideal when your shared office space also could mean sharing sensitive data with strangers.
It's still not entirely clear what struck the Saudi Arabian oil facilities on September 14 that disrupted a significant portion of Saudi production—or, importantly, where it came from. But Ars Technica has done its level best to work through the intricacies of which drones and missiles may have come from which parties. The picture still isn't in perfect focus, but at least you can see the likeliest culprits based on the best information available.
If you thought the problem of license plate readers tracking you for profit might have somehow gotten better this decade, surprise! It has in fact gotten worse. Motherboard tapped into a system called the Digital Recognition Network, which lets private investigators and the federal government alike keep tabs on cars through space and time, powered in part by "hundreds of repo men" who drive around with cameras that capture the plates of any passing cars. It's easy to overuse "Panopticon" as a point of reference, but really, what else would this be?
It's a fairly standard practice these days to hire security professionals to look for holes in your security protections. It's known as penetration testing, or a "pen-test." In Iowa, one such endeavor appears to have gone a bit off the rails, as two men hired by the Dallas County court administration system to attempt to steal court records were arrested in connecting with burglary charges. The people who hired the security team say that they didn't intend for anyone to actually enter the building. At the very least, now they know their alarm system works.