Pro-Trump Trolls Flooded the Iowa Caucus Phone Lines
Credit to Author: Brian Barrett| Date: Sat, 08 Feb 2020 14:00:00 +0000
Google photo sharing, Wacom tracking, and more of the week's top security news.
The week kicked off with the Iowa caucuses, which went very poorly, in so many ways! We'll talk about a few of them below, but the main takeaway is that adding unvetted technology to the voting process—or anything—rarely makes things better. Other states, please take note! Actually, Nevada and New Hampshire already have. It's a start.
In another unwelcome technological evolution, ransomware has started targeting industrial control systems, which bodes poorly for critical infrastructure. And flaws in a widely used Cisco protocol have put millions of workplace phones, routers, and network switches at risk.
On the lighter side of hacking—well, it's all relative—artist Simon Weckert fooled Google Maps into thinking there was a traffic jam in Berlin by carting around 99 smartphones in little red wagon. It's a fun visual, but comes with an important message about how technology shapes the human experience. Secure internet company Dashlane has a message, too; it ponied up for a reported $5.6 million Super Bowl ad, signaling that the password manager wars have arrived. Everybody wins!
That's less than Facebook paid out in bug bounties last year, but at least the incentive helped catch a bug that put the data of 9.5 million users. And now that Trump has the Mueller investigation and impeachment both in the rearview, there's little left to restrain him from engaging in the type of activities that prompted them in the first place.
OK, back to Iowa. The problems with the app were bad enough, but precinct captains also faced hours-long wait times when they tried to call in the results. Some of that's due to understaffing and people calling with legitimate gripes about the app itself. But the phone number Iowa Democratic officials used to received results also appeared online. As NBC News reported this week, that means pro-Trump trolls from 4Chan and other message boards were able to mount campaigns to jam up the works. Except more organized chaos throughout the election season, because clearly no one has learned anything since 2016.
One more on Iowa, sorry, it really was just such a mess. Motherboard did yeoman's work this week, getting not just screenshots of the IowaReporterApp install at the heart of this mess but publishing the full APK file. Experts who reviewed the code found no shortage of flaws, which was already obvious from the performance, but it's still nice to see precisely what went wrong.
Over the course of a few days last November, if you used Google Takeout to request backups of your Google Photos, the search giant may have inadvertently shared some of your videos with a stranger. Google suggests you delete the export attempt and try again. And if someone else's videos wound up in your archive unexpectedly, please don't watch?
Ah, the smart home. Makes life easier, no? Instead of turning your lights on with a switch, you can use an app! Except for the never-ending parade of security vulnerabilities. Latest entrant: Philips Hue bulbs, which had a vulnerability that would have let an attacker use the IoT component as a springboard to jump to the rest of the network. The flaw has since been patched, but as always please think twice before you connect something to the internet. (Which, not to belabor this, but hello Iowa.)
Wacom tablets track which apps you use. That's the story. But take a few minutes to read the investigation that brought Robert Heaton to that conclusion, and remember that you might be signing away more than you think when you click "accept" on that privacy policy.