Weekly Axis Of Easy #136
Last Week’s Quote was “Nothing can now be believed which is seen in a newspaper. Truth itself becomes suspicious by being put into that polluted vehicle.” by Thomas Jefferson. Winner was Del Blanchard. We also awarded the previous week’s quote (Arthur Miller) to Tony King.
This Week’s Quote: (Special emergency rate cut edition) “We are all Keynesians now” …by ????
THE RULES: No searching up the answer, must be posted to the blog
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
- Kr00k bug puts over a billion WiFi devices at risk
- AirBnB conducts undisclosed personality tests and profiling on renters
- Leap year bug crashes Robinhood, missing two biggest trading days in stock market history
- Legal services giant Epiq Global offline after ransomware attack
- New FAA rule requires all drones to broadcast location over internet
- Florida man becomes crime suspect thanks to his fitness app location data
- The role of Big Data and surveillance in tracking in coronavirus response
At a presentation at the RSA 2020 Conference, researchers disclosed how a bug called Kr00k (revealed in CVE-2019-15126) can be used to intercept WiFi packets. The vulnerability exists in chips manufactured by Broadcom and Cypress and are used in about a billion devices globally, everything from WiFi points themselves to the devices that connect to them. This includes: laptops, smartphones, tablets and IoT devices, from pretty well all manufacturers.
ESET researchers showed how vulnerable devices can be forced to use an all zero encryption key, allowing an attacker to decrypt part of the data stream.
Ready to rent that apartment through AirBnB? Just hold on a minute while their proprietary system evaluates your personality by scraping your social media, your blog posts and anything else you author online and runs an analysis to see if you posses any traits of “The Dark Triad” (narcissism, psychopathy, Machiavellianism). AirBnB will then use that to generate your renter score which uses predictive analytics to help AirBnB “flag and investigate suspicious activity before it happens”.
I think I saw this movie already, but I’m not much of a Tom Cruise fan. These are the revelations disclosed via a complaint filed by Electronic Privacy Information Center (EPIC), which alleges that the company secretly rates customers trustworthiness based on a patent that describes evaluating personalities using factors such as “authoring online content with negative language.” The complaint alleges that the practice is deceptive, unfair and violates the FTC’s Fair Credit Reporting Act.
I don’t know much about the Robinhood trading platform, other than it’s apparently free for trades, and that it’s the platform of choice for young, inexperienced day traders who think buying short dated at-the-money calls on FAANG stocks with margin is a really really easy way to make a lot of money, really fast. As the old adage goes, “it works until it doesn’t”. We may now be entering an era where the word “risk” is dusted off from the trash bin of history and put back into the lexicon.
Last week Robinhood crashed on Monday, missing the largest single day gain (as measured by the DJIA) in stock market history. The reason? Early rumours were that a bug in the code having to do with the leap year which fell over the weekend, but Robinhood later denied that. They issued a “mea culpa”, only to crash again on Tuesday, missing the second largest down day in stock market history. Unless you count today’s opening (yesterday, by the time you read this), which would then make last week’s second crash the third largest down day in history and Monday morning’s opening the largest down day in history, but it doesn’t really matter because Robinhood crashed again so nobody using them could do anything about it anyway (maybe this time they forgot to set their clock ahead).
The e-discovery and legal documents service provider Epiq Global went offline last weekend, locking innumerable legal personnel out of their documents with client and legal deadlines looming. Originally reported by legal reporter Bob Ambrogi as an “unauthorized usage” which led to the shutdown, the story that emerged via BleepingComputer indicates that as per Epiq’s follow up announcement, it was a ransomware attack.
The ransomware started with a Trickbot infection which then installed a Ryuk reverse shell the morning of the attack.
Aviation and drone hobbyists are in an uproar over a new FAA rule which will require nearly all drones to constantly broadcast their locations over the internet. A public comment period (which ended yesterday, sorry), garnered over 34,000 comments from hobbyists and drone aficionados who were unanimously opposed to the proposed regulations, saying that it will effectively destroy the market for hobbyists and ruin the activity completely.
The new framework is also said to be hostile toward small business entrants and solo entrepreneurs trying to innovate in the space.
A cyclist in Gainesville, Florida received an email notice from Google that they were about to comply with a Law Enforcement Agency request demanding information about his account. Authorities there used a “geofence warrant”, which is “a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data — drawn from users’ GPS, Bluetooth, Wi-Fi and cellular connections — from everyone nearby” a crime scene. In this case a burglary of an elderly woman’s house, which the cyclist passed several times on the day of the burglary as it was part of his exercise route.
Geofence warrants of this type are being used with increasing frequency, and even Google considers them “a significant incursion on privacy”.
This piece looks at the role that ubiquitous State surveillance played in China’s efforts to contain the COVID19 outbreak in the Wuhan province.
“China quarantined 50 million people in cities like Wuhan and used WeChat and Alipay to track people’s movement and keep infected individuals from traveling. The government also deployed facial recognition and thermal sensors in drones and helmets.”
Recall also last week’s #AxisOfEasy where we reported more detail on that Alipay app and mentioned thermometers and facial recognition devices installed on buses in a southern province.
Where does privacy fit in all this? While the existential threat posed by the outbreak would seemingly excuse heavy handed surveillance and quarantine methods to contain it, anybody paying attention to history knows that there is no such thing as a temporary government measure. Once society recovers from the Coronavirus outbreak, don’t hold your breath waiting for whatever surveillance and monitoring capabilities governments deploy to deal with it to simply wind them down until another emergency comes along.