Security News This Week: Facebook’s Most Adorable Bug Bounty Yet
This week in security, Craig Wright finally proved beyond any doubt that he is, in fact, elusive Bitcoin creator Satoshi Nakamoto. Just kidding! Fun joke. In fact, Wright tried to prove it, got yelled at, said he’d really double extra prove it, then opted for seclusion instead. Case… not closed.
Elsewhere, we rounded up a the key politicians who are shaping the encryption debate, and the laws that stem from it. Let’s hope they have better ideas there than federal courts did with Rule 41, which among other things dramatically broadens law enforcement’s powers to hack computers outside of their jurisdiction.
Otherwise, we weren’t all that surprised to learn that major smart home vulnerabilities exist; in this case, Samsung “smart” devices let hackers unlock doors remotely, which is… not good. But we were pleasantly surprised at some of the excellent password tips experts shared with us for World Password Day.
And there was more: Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Last month, two high-ranking defense officials—Kemp Ensor, NSA director of security, and Daniel Payne, director of the Pentagon’s Defense Security Service—noted that searches of NSA employee computers have yielded child pornography, among other unsavory digital items. The revelation was used to help explain why the agency should keep continuous tabs on employees, rather than just what they do during work hours, on agency-owned systems.
As NextGov points out, the conversation echoed a 2011 incident, first reported in the Boston Globe, in which 1,700 people suspected of downloading child pornography went unscreened for years. Several of those were military personnel, NSA employees, or were otherwise DoD-affiliated.
While Guccifer had previously been implicated in hacking Hillary Clinton’s private email server, the celebrihacker himself this week claimed to have done so. Speaking with Fox News, Guccifer said doing so was “easy for me, for everybody,” especially after he says he previously accessed Clinton-confidant Sydney Blumenthal’s email account by guessing the security question. From there, he was able to determine the originating IP, and probe the server for open ports. Et voila! Of course, there is no proof beyond Guccifer’s word that this hack actually happened, so, bear that in mind!
An Android vulnerability that’s been around since 2011, which gave apps access to data they shouldn’t have, has finally been sniffed out, and Google has released a security patch for it. That’s the good news! The bad news is that devices that don’t have a feature called Secure Enhancements for Android—which is anything running version 4.3 or earlier—won’t be able to get the fix yet and probably won’t ever. For some context, Android 4.3 came out all the way back in 2012, but around a third of Android devices are still saddled with it.
Michale Jace, who appeared on the TV show The Shield, is accused of murdering his wife in 2014. Sometime in early 2016, court documents show, the LAPD bypassed the security measures on the victim’s iPhone 5S. It’s unclear what version of iOS the phone was running, or what method was used. It’s also the second time the phone’s contents had been accessed; an Apple technician had retrieved the data previously in 2015. When they attempted to take another look at the beginning of this year, the phone “didn’t even turn on,” so the DA turned to an unidentified forensics expert to get in.
Facebook providing bug bounties is nothing new; the company has paid out more than $4 million in the last five years to researchers who find flaws in its armor. Recently, though, the social network doled out an award to its youngest-ever recipient: A 10-year-old Finnish lad who figured out how to delete other people’s Instagram comments, and somehow decided not to use those powers for tween pranks. He’ll receive $10,000, which adds up to a lot of salmiakki!