-
Forget login, fingerprint, or retinal scan: Your heart is the new identifier.
Forget fingerprint computer identification or retinal scanning. Researchers have developed a computer security system using the dimensions of your heart as your identifier. The system uses low-level Doppler radar to measure your heart, and then continually monitors your heart to make sure no one else has stepped in to run your computer. This new non-contact, remote biometric tool could be the next advance in computer security.
-
-
How does your cellphone know whether your finger is real or a fake?
Do you know how safe it is to use your finger as a security login? And have you wondered how your cell phone knows if your finger is real or a fake? Researchers are working to answer these questions and solve the biggest problems facing fingerprint recognition systems today: how secure they are and how to determine whether the finger being used is actually a human finger.
-
-
Breaking nuclear deal could bring hacking onslaught from Iran
If the Trump administration discarded the nuclear deal with Iran, Tehran could retaliate quickly – and inflict considerable damage – by unleashing its increasingly aggressive Iranian hacker army. Cyber-experts who track Tehran’s hackers warn that the attacks might target U.S. power plants, hospitals, airports, and other components of the country’s critical infrastructure. Iran’s current hacking against Western targets is limited almost entirely to commercial espionage and dissident surveillance, but Teheran could quickly redirect its efforts in the event of a rupture of the nuclear pact.
-
-
Election systems of 21 states targeted by Russian government hackers ahead of 2016 election: DHS
More revelations about the scope of the Russian government’s cyber-campaign on behalf of Donald Trump in the November 2016 presidential election came to light Friday afternoon, when DHS officials called election officials in twenty-one states to inform them that their states’ election systems had been targeted by Russian government hackers trying to influence the U.S. presidential election. Among the states whose election systems were targeted by Russian government operatives: Alabama, Arizona, Colorado, Connecticut, Illinois, Iowa, Maryland, Minnesota, Ohio, Oklahoma, Pennsylvania, Virginia, Washington, and Wisconsin.
-
-
Equifax breach is a reminder of society’s larger cybersecurity problems
The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures. We all must take a realistic look at the state of cybersecurity, admit the mistakes that have happened and change our thinking for the better. Only then can anyone – much less everyone – take on the task of devoting time, money and personnel to making the necessary changes for meaningful security improvements. It will take a long time, and will require inconvenience and hard work. But it’s the only way forward.
-
-
The security of fitness trackers could – and should – be improved
The security of wearable fitness trackers could be improved to better protect users’ personal data, a new study suggests. Vulnerabilities in the devices – which track heart rate, steps taken and calories burned – could threaten the privacy and security of the data they record, scientists say.
-
-
Can taking down websites really stop terrorists and hate groups?
Racists and terrorists, and many other extremists, have used the internet for decades and adapted as technology evolved, shifting from text-only discussion forums to elaborate and interactive websites, custom-built secure messaging systems and even entire social media platforms. Recent efforts to deny these groups online platforms will not kick hate groups, nor hate speech, off the web. In fact, some scholars theorize that attempts to shut down hate speech online may cause a backlash, worsening the problem and making hate groups more attractive to marginalized and stigmatized people, groups, and movements. The tech industry, law enforcement, and policymakers must develop a more measured and coordinated approach to the removal of extremist and terrorist content online. The only way to really eliminate this kind of online content is to decrease the number of people who support it.
-
-
Circuit simulation methods protect the power grid
In December 2015, Russian hackers pummeled Ukraine’s power grid, disrupting the flow of electricity for nearly a quarter-million Ukrainians. Then, in December 2016, roughly a year after the first attack, the hackers struck again. But this time, they targeted an electric transmission station in Kiev, the capital of Ukraine. Each cyberattack lasted no more than six hours, but security experts were still alarmed: hackers had just demonstrated their ability to infiltrate the grid and drastically alter the flow of society. Americans began to worry. If hackers could target Ukraine, then what would stop them from targeting other countries in western Europe or even the United States?
-
-
Using AI to prevent, minimize electric grid failures
A project led by the Department of Energy’s SLAC National Accelerator Laboratory will combine artificial intelligence with massive amounts of data and industry experience from a dozen U.S. partners to identify places where the electric grid is vulnerable to disruption, reinforce those spots in advance, and recover faster when failures do occur. It is the first project to employ AI to help the grid manage power fluctuations, resist damage and bounce back faster from storms, solar eclipses, cyberattacks, and other disruptions.
-
-
RT, Sputnik and Russia’s new theory of war
The 2016 Russian government’s disinformation campaign helped Donald Trump win the November election, and key to that effective campaign were lies expertly manufactured by Russian disinformation specialists and spread through two Russian government propaganda outlets, RT and Sputnik, and on social media. The U.S. intelligence community says that RT and the rest of the Russian information machine were working with “covert intelligence operations” to do no less than “undermine the U.S.-led liberal democratic order.” The U.S. intelligence assessment warned ominously, “Moscow will apply lessons learned from its Putin-ordered campaign aimed at the U.S. presidential election to future influence efforts worldwide, including against U.S. allies and their election processes.”
-
-
Safety of controlling critical infrastructures via mobile phone networks questioned
Critical infrastructures such as wind power stations are partially controlled via mobile phone networks. Using state-of-the-art tests, researchers are investigating how well protected that form of communication is from external attacks.
-
-
DHS instructs government agencies to stop using Kaspersky Lab’s software
DHS on Wednesday, referring to reports about the links between the Russian cybersecurity company and Russian intelligence agencies, ordered all U.S. government agencies to stop using Kaspersky Lab software products. DHS gave the agencies thirty days to identify any Kaspersky products they were using, and ninety days to remove all such products. A former FBI official, referring to Eugene Kaspersky, the company founder, said: “He wouldn’t help us at all… From the early 2000s, it was felt Kaspersky was an FSB [the successor agency of the KGB] guy and everything he’d developed was just a huge front.”
-
-
Is the new iPhone designed for cybersafety?
As eager customers meet the new iPhone, they’ll explore the latest installment in Apple’s decade-long drive to make sleeker and sexier phones. But to me as a scholar of cybersecurity, these revolutionary innovations have not come without compromises. Many of Apple’s decisions about the iPhone were driven by design – including wanting to be different or to make things simpler – rather than for practical reasons. Apple has steadily strengthened the encryption of the data on its phones, but other developments have made people less safe and secure. Today, unsafe decisions are far easier to make on your phone than on your computer. And more people now use their phones for doing more things than ever before. Making phones slimmer, shinier and sexier is great. But making sure every user can make cybersafe decisions is yet to be “Designed by Apple.” Here’s hoping the next iPhone does that.
-
-
Bolstering web security without compromising performance
Chances are, you are reading this article on a web browser that uses HTTPS, the protocol over which data is sent between a web browser and the website users are connected to. In fact, nearly half of all web traffic passes through HTTPS. Despite the “S” for security in “HTTPS,” this protocol is far from perfectly secure.
-
-
Russia used Facebook events to organize anti-immigrant rallies on U.S. soil
Shaping the minds of Americans by leaking hacked emails and pushing fake news was just one component of the Russian campaign to subvert American democracy and institutions. Russian government agents went a step further by trying to create behavior change. Hiding behind false identities, these Russian government operatives used Facebook’s event-management tool remotely to organize and promote political protests in the United States.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.