Security News This Week: Hero Chatbot Lawyer Overturns 160,000 Parking Tickets
It was a week marked by some innovative hacks in the security world. After a slew of hi-profile Twitter account takeovers, we talked to OurMine, the group responsible. Researchers found a way to glean data from an air-gapped laptop by modulating the fan. And we took a look at why two-factor authentication using text messages doesn’t add as much protection as you think.
Other security disappointments? Symantec turns out to be riddled with vulnerabilities, as is often the case with antivirus software. And a bad anti-hacking law is preventing anti-discrimination researchers from doing important work—so they’re suing.
There were some silver linings though. Google embraced opt-in with its latest ad-tracking changes, and gave you more control over what ads you see where. A Congressional report talked some common sense about encryption. And however bad a precedent Peter Thiel’s Gawker lawsuits set, a reminder that the free press will always find a way to publish.
But there was more: Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Just shy of two years ago, a chatbot called DoNotPay began appealing parking fines, for free, on behalf of Joe Driverperson. It’s very, very good at its job. To date, DoNotPay has contested 160,000 parking tickets and won, collectively saving people millions in fines. Its 64 percent success rate is far from perfect, and it currently only works in London and New York (Seattle’s coming soon). But, again, it’s a free chatbot! Take what you can get.
One way to get Internet wanderers to stop by your business is to create hundreds or thousands of fake online reviews and listings, to improve its Google search ranking. A recent practitioner of this shady practice, reports Brian Krebs, appears to be Narconon International, a Scientology-leaning addiction treatment organization that deploys “a rather bizarre cocktail consisting mainly of vitamins and long hours in extremely hot saunas.” And if patients join Scientology along the way, all the better. In this case, a researcher found that one Narconon-employed SEO professional alone had written 82 five-star reviews for drug treatment centers around the country.
Most CCTV fears tend to be Panopticon-heavy, but why limit ourselves? Sucuri Security recently found a CCTV-powered botnet that threw 50,000 HTTP requests per second at the site of a brick and mortar jewelry shop for days. Researchers found a total of 25,513 unique IP addresses, all of which were CCTV devices.
CCTV botnets aren’t new, but a CCTV-powered botnet of this scope certainly appears to be. Maybe it shouldn’t be surprising, though, given how infrequently CCTVs are secured. In fact, it’s something to look forward to as the Internet of Things continues to proliferate: Devices that are equally adept at improving our lives and DDoS attacks.
A small pilot program that let Uber use drivers’ phones to check in on whether they were speeding has expanded pretty dramatically. Uber drivers in dozens of cities will will soon find their phones tattling on them for speeding, aggressive breaking, and whether they were texting during the ride. The plus side should be safer Uber drivers. The obvious negative, though, is that the program digs aggressively into a driver’s privacy—especially daunting given that they technically aren’t even employees.