Hackers Can Silently Control Siri From 16 Feet Away

Hackers Can Silently Control Siri From 16 Feet Away

Well this is concerning:

A pair of researchers at ANSSI, a French government agency devoted to information security, have shown that they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has Google Now or Siri enabled, if it also has a pair of headphones with a microphone plugged into its jack. Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone. Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker’s number to turn the phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.

You can disable Siri whenever your iOS device is locked by going to Settings > Touch ID & Passcode > Allow Access When Locked and toggling the Siri switch to the “off” (as in not green) position. This doesn’t guarantee a hack like the one deascribed above won’t work on your device, but it does guarantee you’ll see Siri doing something weird and can thus be alerted to the hackery.

Federal Court’s data breach decision shows new tilt toward victims, class-action lawsuits

Federal Court’s data breach decision shows new tilt toward victims, class-action lawsuits

John Fontana writes at ZDNet:

In an interesting twist, the Court said the fact Neiman Marcus offered free credit monitoring services was evidence that there was harm to these victims. The ruling turned on its head the way courts historically view such services as compensation for harm while negating a victim’s right to file a lawsuit (re: standing).

This may get very interesting very fast: if companies are at risk of being held ot have tacitly admitted liability by offering credit protection services to potential breach victims, they will stop offering that stuff.

The possibility of class actions instead of free credit monitoring may appeal to those whose data has been stolen, but it’s not really a great trade at all. Credit monitoring is expensive and the industry is still suffering growing pains, but class actions usually net plaintiffs an insignificant amount of money in damages while making lawyers very, very rich.

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

This is starting to look like a concerted effort to gather a specific data set for some sort of coordinated use:

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.

Employees sue Sony over email leaks

Employees sue Sony over email leaks

MIT wants pre-release review of Secret Service file on Aaron Swartz

MIT wants pre-release review of Secret Service file on Aaron Swartz

China is very serious about cyberespionage

China is very serious about cyberespionage