Security News This Week: ATM Thieves Steal Millions With Malware
After a long stretch of gloom, there was at least one positive development in the security world this week: Mr. Robot is back! We spoke with one of the show’s writers to help preview the upcoming season for you, and also took a look at how the show manages to get so much right about hacking—especially when so many others get it wrong.
Over in the real world, Fiat Chrysler announced its first “bug bounty” program, making it also the first major automaker to pay out for hacker-found flaws in its security. Don’t get too excited though; the max payout is $1,500. Another defense measure against vehicular vulnerabilities is this prototype tool, developed by a team of University of Michigan researchers, that helps block external attempts to take over a car’s control system.
Elsewhere, an appeals court gave privacy advocates a major win, declaring that the Justice Department can’t use a search warrant to collect data from outside the US (in this case, a Microsoft server based in Ireland). And of course, there was a Pokémon angle: After launching with sweeping access to iOS player Google accounts, Pokémon Go pulled back its permissions in an update this week. Go ahead and download that before you catch your next Clefairy.
But there was more: Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
In Taiwan this week, officials suspect two Russians of pilfering over three dozen ATMs for a cumulative haul of over two million dollars. CCTV footage captured the thieves holding up cellphones to the cash-dispensers before looting them, raising suspicion that the pair used malware to overcome security measures. In response, Taiwanese banks have frozen withdrawals from the 1,000 or so ATMs that come from the same manufacturer as those affected in the heists.
The National Institute of Justice has released its official guidelines for “smart gun” technology, which will help guide the weapons used by law enforcement in the future. The goal is the introduction of a “security device” that would ensure that only authorized personnel are able to fire the gun in question. Right now it’s just a draft proposal; DOJ and DHS will review the guidelines in August, after which they’ll be revised before being finalized. Even then, they’ll be strictly guidelines, which is to say, neither mandatory nor legally enforceable.
This week’s tragic attack in Nice has led European countries, including Germany, Spain, and Italy, to tighten security along their respective borders with France. All have affirmed their longterm commitment to an open border, reports the Wall Street Journal, but they’ll be less so than in recent months, and for an indefinite period of time.
Following Tor developer Jacob Applebaum’s resignation over accusations of abuse, the non-profit has opted for a fresh start, appointing a new slate of directors. Among the new leadership luminaries are cryptographers Bruce Schneier and Matt Blaze, EFF executive director Cindy Cohn, and developer Linus Nordberg.
Your car presents more risks than just opening you to being hacked, the blackbox that logs activity in your vehicle can also tattle on you. A Pennsylvania Tesla driver apparently forgot that when he claimed that his car’s autopilot was engaged when it crashed. According to the car’s logs, the car took itself out of autopilot 25 seconds before the crash because he took his hands of the steering wheel—Tesla warns drivers not to remove their hands from the wheel when their car is in autopilot. The car produced visual and audio alerts to warn the driver to return his hands to the wheel but he didn’t so in time before the autopilot engaged. Tesla CEO Elon Musk sent out a tweet saying that “the crash would not have occurred if [the autopilot] was on.”