These holes are designed in as “features.”
Security is “not required?”
Alexa, Siri
are easily hacked, you won’t even hear it coming
… Chinese researchers have demonstrated that
Alexa, Siri, Cortana, and Google Assistant can be easily told to do
things without the knowledge, much less permission, of their owners.
All by saying commands that no human can actually hear.
Like any kind of wave, sound covers a wide range
of frequencies, only a small part of which is actually audible to
humans. Anything below 20 Hz and above 20 kHz is imperceptible to
our ears that, for all intents and purposes, they might not as well
be nonexistent. But the mics in our phones and smart speakers are
completely capable of detecting sound beyond those ranges and, in
fact, use them for some purposes. Sadly, that fact can be exploited
to give them commands that will put users at risk.
The researchers were able to set up a device using
nothing more than an off the shelf smartphone and around $3 worth of
parts like an amp and a speaker. Within a certain distance, they
were not only able to trigger the personal assistants, they were also
able to get them to do actions. Imagine getting your phone to visit
a malicious website or get your smart speaker to open the door.
There is one major caveat to this attack,
nicknamed “DolphinAttack” that does minimize its effectivity.
The attacker has to be within a certain distance from the phone or
speaker for it to work, from a few inches to a few feet. Still, that
might be far enough to do some damage.
Unfortunately, the companies developing these
voice assistants can’t simply tell them to ignore any audio coming
from outside the normal human range. These platforms use higher,
imperceptible frequencies in order to better analyze audible voice
commands. Some also use these “unused” frequencies for features
like seemingly magical instant connectivity. It’s not an easy hole
to plug, but considering how large a gaping hole it is, the
developers should get scrambling to work on a fix.
(Related).
Vocal theft
on the horizon
Your voice is yours alone – as unique to you as
your fingerprints, eyeballs and DNA.
Unfortunately, that doesn’t mean it can’t be
spoofed. And that reality could undermine one of the promised
security benefits of multi-factor
authentication, which requires “something you are,” along
with something you have or you know. In theory, even if attackers
can steal passwords, they can’t turn into you.
But given the march of technology, that is no
longer a sure thing. Fingerprints
are no longer an entirely hack-proof method of authentication –
they can be spoofed.
That will soon be true of your voice as well.
The risk goes well beyond recent warnings from the
Federal Communications Commission (FCC) and Better Business Bureau
(BBB) about spam
callers trying to get a victim to say the word “yes,” which
they record and then use to authorize fraudulent credit card or
utility charges, or to “prove” that the victim owes them money
for services never ordered.
Something for my students to consider (before they
start applying for jobs)?
… there are several ways you can delete your
social media accounts and history. You aren’t only limited to the
traditional means, such as deleting your profile through Facebook.
In fact, there are lots of online services and apps that can help you
with this task.
And it wasn’t even Justin Bieber?
Joe Dahlke reports:
Five nurses at Denver Health Medical Center were suspended for three weeks after opening a bag to inappropriately view a deceased patient’s genitals, a hospital spokesman said Tuesday.
The incident was reported after a different nurse overheard one of the suspended nurses make a comment about it, according to a Denver Health spokesman.
Read more on KDVR.
(Related). What is our obsession with nudity?
ITV reports:
The Duke and Duchess of Cambridge have said they are “pleased” a French court found in their favour after topless pictures of Kate were published in French Closer.
A court court awarded the Duke and Duchess almost £95,000 in damages following the pictures being made public.
Read more on ITV.
So, they only did it once (on this flight) and the
DoT only fines for multiple incidents of rule breaking?
Feds won’t
fine United over dragging incident, despite finding rules violations
The federal government will not fine United
Airlines in the violent dragging of a passenger off one of its
airplanes after the man refused to give up his seat to a crew member
in April, according to a letter obtained by an airline passengers’
rights group.
In the letter, dated May 12 and released Wednesday
by nonprofit advocacy group Flyers Rights, the U.S. Department of
Transportation explains that while United violated some rules
concerning overbooking procedures, there was no evidence of race or
nationality-based discrimination in the incident, and United hadn’t
engaged in a pattern of rule-breaking that would warrant a fine.
… “The airlines really have only one
regulator — and that’s the DOT,” Hudson said in an interview
Wednesday. “In addition to the bumping rule, they’re supposed to
enforce and prohibit any unfair or deceptive conduct by airlines.”
Hudson called Dao’s dragging off the airplane
“egregious” and said the finding of no action reflected poorly on
the DOT.
… In its letter, DOT argued that while United
flouted certain regulations, the airline remedied the compensation
error 10 days later, and Dao wasn’t properly given written notice
of the federal rules because he needed immediate medical care for his
injuries.
No, they haven’t suddenly become vegetarians.
If the pesticide never touches the crop, can they call it “Organic?”
Why John
Deere Just Spent $305 Million on a Lettuce-Farming Robot
Look out weeds. Tractor giant John Deere just
spent $305 million to acquire a startup that makes robots capable of
identifying unwanted plants, and shooting them with deadly,
high-precision
squirts of herbicide.
… Pesticides and other chemicals are
traditionally applied blindly across a whole field or crop. Blue
River’s systems are agricultural sharp shooters that direct
chemicals only where they are needed.
The startup’s robots are towed behind a regular
tractor like conventional spraying equipment. But they have cameras
on board that use machine-learning software to distinguish between
crops and weeds, and automated sprayers to target unwanted plants.
… Willy Pell, director of new technology at
Blue River, says the system has shown it can reduce herbicide use by
90 percent.
Sharpen your spreadsheets! How much would it be
worth to have Amazon here in Denver?
Amazon is
looking for a 2nd headquarter city, a ‘full equal to Seattle’
Today the company
announced
that it is opening a search for a city in North America to make its
second headquarters, envisioned as a “full equal” to Amazon’s
existing home in Seattle, Washington.
At full-capacity, the site would be expected to be
of similar, or even bigger, size to the Seattle operation, which
today is a major cornerstone of Seattle’s business life, employing
40,000 people, covering 8.1 million square feet with 33 buildings
including 24 restaurants. HQ2, as Amazon is calling the new
headquarters, is expected to employ 50,000 and will get $5 billion in
investment, the company said.
… “Amazon HQ2 will bring billions of dollars
in up-front and ongoing investments, and tens of thousands of
high-paying jobs.
I’m thinking about a “How to pass this class”
infographic.
Robot overlords have an upside?
No comments:
Post a Comment