The thermometer showed a 103.5-degree fever, and her 10-year-old’s asthma was flaring up. Mary Bolender, who lives in Las Vegas, needed to get her daughter to an emergency room, but her 2005 Chrysler van would not start.
The cause was not a mechanical problem — it was her lender.
Ms. Bolender was three days behind on her monthly car payment. Her lender, C.A.G. Acceptance of Mesa, Ariz., remotely activated a device in her car’s dashboard that prevented her car from starting. Before she could get back on the road, she had to pay more than $389, money she did not have that morning in March.
“I felt absolutely helpless,” said Ms. Bolender, a single mother who stopped working to care for her daughter. It was not the only time this happened: Her car was shut down that March, once in April and again in June.
This new technology is bringing auto loans — and Wall Street’s version of Big Brother — into the lives of people with credit scores battered by the financial downturn.
Auto loans to borrowers considered subprime, those with credit scores at or below 640, have spiked in the last five years. The jump has been driven in large part by the demand among investors for securities backed by the loans, which offer high returns at a time of low interest rates. Roughly 25 percent of all new auto loans made last year were subprime, and the volume of subprime auto loans reached more than $145 billion in the first three months of this year.
But before they can drive off the lot, many subprime borrowers like Ms. Bolender must have their car outfitted with a so-called starter interrupt device, which allows lenders to remotely disable the ignition. Using the GPS technology on the devices, the lenders can also track the cars’ location and movements.
The devices, which have been installed in about two million vehicles, are helping feed the subprime boom by enabling more high-risk borrowers to get loans. But there is a big catch. By simply clicking a mouse or tapping a smartphone, lenders retain the ultimate control. Borrowers must stay current with their payments, or lose access to their vehicle.
“I have disabled a car while I was shopping at Walmart,” said Lionel M. Vead Jr., the head of collections at First Castle Federal Credit Union in Covington, La. Roughly 30 percent of customers with an auto loan at the credit union have starter interrupt devices.
Now used in about one-quarter of subprime auto loans nationwide, the devices are reshaping the dynamics of auto lending by making timely payments as vital to driving a car as gasoline.
Seizing on such technological advances, lenders are reaching deeper and deeper into the ranks of Americans on the financial margins, with interest rates on some of the loans exceeding 29 percent. Concerns raised by regulators and some rating firms about loose lending standards have disturbing echoes of the subprime-mortgage crisis.
As the ignition devices proliferate, so have complaints from troubled borrowers, many of whom are finding that credit comes at a steep price to their privacy and, at times, their dignity, according to interviews with state and federal regulators, borrowers and consumer lawyers.
Some borrowers say their cars were disabled when they were only a few days behind on their payments, leaving them stranded in dangerous neighborhoods. Others said their cars were shut down while idling at stoplights. Some described how they could not take their children to school or to doctor’s appointments. One woman in Nevada said her car was shut down while she was driving on the freeway.
Beyond the ability to disable a vehicle, the devices have tracking capabilities that allow lenders and others to know the movements of borrowers, a major concern for privacy advocates. And the warnings the devices emit — beeps that become more persistent as the due date for the loan payment approaches — are seen by some borrowers as more degrading than helpful.
“No middle-class person would ever be hounded for being a day late,” said Robert Swearingen, a lawyer with Legal Services of Eastern Missouri, in St. Louis. “But for poor people, there is a debt collector right there in the car with them.”
Lenders and manufacturers of the technology say borrowers consent to having these devices installed in their cars. And without them, they say, millions of Americans might not qualify for a car loan at all.
A Virtual Repo Man
From his office outside New Orleans, Mr. Vead can monitor the movements of about 880 subprime borrowers on a computerized map that shows the location of their cars with a red marker. Mr. Vead can spot drivers who have fallen behind on their payments and remotely disable their vehicles on his computer or mobile phone.
The devices are reshaping how people like Mr. Vead collect on debts. He can quickly locate the collateral without relying on a repo man to hunt down delinquent borrowers.
Gone are the days when Mr. Vead, a debt collector for nearly 20 years, had to hire someone to scour neighborhoods for cars belonging to delinquent borrowers. Sometimes locating one could take years. Now, within minutes of a car’s ignition being disabled, Mr. Vead said, the borrower calls him offering to pay.
“It gets their attention,” he said.
Mr. Vead, who has a coffee cup that reads “The GPS Man,” has been encouraging other credit unions to use the technology. And the devices — one version was first used to help pet owners keep track of their animals — are catching on with a range of subprime auto lenders, including companies backed by private equity firms and credit unions.
Mr. Vead says that first, he tries reaching a delinquent borrower on the phone or in person. Then, only after at least 30 days of missed payments, he typically shuts down cars when they are parked at the borrower’s house or workplace. If there is an emergency, he says, he will turn a car back on.
None of the borrowers or consumer lawyers interviewed by The New York Times raised concerns about the way Mr. Vead’s credit union uses the devices. But other lenders, they said, were not as considerate, marooning drivers in far-flung places and often giving no advance notice of a shut-off. Lenders say that they exercise caution when disabling vehicles and that the devices enable them to extend more credit.
Without the use of such devices, said John Pena, general manager of C.A.G. Acceptance, “we would be unable to extend loans because of the high-risk nature of the loans.”
The growth in the subprime market has been good for the devices’ manufacturers. At Lender Systems of Temecula, Calif., which sells a range of starter interrupt devices, revenue has more than doubled so far this year, buoyed by an influx of new credit union customers, said David Sailors, the company’s executive vice president.
Mr. Sailors noted that GPS tracking on his company’s devices could be turned on only when borrowers were in default — a policy, he said, that has cost it business.
The devices, manufacturers say, are selling well because they are proving effective in coaxing payments from even the most troubled borrowers.
A leading device maker, PassTime of Littleton, Colo., says its technology has reduced late payments to roughly 7 percent from nearly 29 percent. Spireon, which offers a GPS device called the Talon, has a tool on its website where lenders can calculate their return on capital.
Fears of Surveillance
While the devices make life easier for lenders, their ability to track drivers’ movements has struck a nerve with a number of borrowers and some government authorities, who say they are a particularly troubling example of personal-data gathering and surveillance.
At its extreme, consumer lawyers say, such surveillance can compromise borrowers’ safety. In Austin, Tex., a large subprime lender used a device to track down and repossess the car of a woman who had fled to a shelter to escape her abusive husband, said her lawyer, Amy Clark Kleinpeter.
The move to the shelter violated a clause in her auto loan contract that restricted her from driving outside a four-county radius, and that prompted the lender to send a tow truck to take back the vehicle. If the lender could so easily locate the client, Ms. Kleinpeter said, what was stopping her husband?
“She was terrified her husband would be able to find out where she was from the tow truck company,” said Ms. Kleinpeter, a consumer lawyer in Austin, who said a growing number of her clients had the devices installed in their cars.
Lenders and manufacturers emphasize that they have strict guidelines in place to protect drivers’ information. The GPS devices, they say, are predominantly intended to help lenders and car dealerships locate a car if they need to repossess it, not to put borrowers under surveillance.
Spireon says it can help lenders identify signs of trouble by analyzing data on a borrower’s behavior. Lenders using Spireon’s software can create “geo-fences” that alert them if borrowers are no longer traveling to their regular place of employment — a development that could affect a person’s ability to repay the loan.
A Spireon spokeswoman said the company takes privacy seriously and works to ensure that it complies with all state regulations.
Corinne Kirkendall, vice president for compliance and public relations for PassTime, which has sold 1.5 million devices worldwide, says the company also calls lenders “if we see an excessive use” of the tracking device.
Even though the device made her squeamish, Michelle Fahy of Jacksonville, Fla., agreed to have one installed in her 2001 Dodge Ram because she needed the pickup truck for her job delivering pizza.
Shortly after picking up her four children from school one afternoon in January, Ms. Fahy, 42, said she pulled into a gas station to fill up. But when she tried to restart the truck, she was not able to do so.
Then she looked at her cellphone and noticed a string of missed calls from her lender. She called back and asked, “Did you just shut down my truck?” and the response was “Yes, I did.”
To get her truck restarted, Ms. Fahy had to agree to pay the $255.99 she owed. As she pleaded for more time, her children grew confused and worried. “They were in panic mode,” she said. Finally, she said she would pay, and within minutes she was able to start her engine.
Borrowers are typically provided with codes that are supposed to restart the vehicle for 24 hours in case of an emergency. But some drivers say the codes fail. Others say they are given only one code a month, even though their cars are shut down more often.
Some drivers take matters into their own hands. Homemade videos on the Internet teach borrowers how to disable their devices, and Spireon has started selling lenders a fake GPS device called the Decoy, which is meant to trick borrowers into thinking they have removed the actual tracking system, which is installed along with the Decoy.
Oscar Fabela Jr., who said his 2007 Dodge Magnum was routinely shut down even when he was current on his $362 monthly car payment, discovered a way to circumvent the system.
That trick came in handy when he returned from seeing a movie with a date, only to find his car would not start and the payment reminder was screaming like a burglar alarm.
“It sounded like I was breaking into my own car,” said Mr. Fabela, 26, who works at a phone company in San Antonio.
While his date turned the ignition switch, Mr. Fabela used a screwdriver to rig the starter, allowing him to bypass the starter interruption device.
Mr. Fabela’s car eventually started, but it was their only date.
“It didn’t end well,” he said.
Across the country, state and federal authorities are grappling with how to regulate the new technology.
Consumer lawyers, including dozens whose clients’ cars have been shut down, argue that the devices amount to “electronic repossession” and their use should be governed by state laws, which outline how much time borrowers have before their cars can be seized.
State laws governing repossession typically prevent lenders from seizing cars until the borrowers are in default, which often means that they have not made their payments for at least 30 days.
The devices, lawyers for borrowers argue, violate those laws because they may effectively repossess the car only days after a missed payment. Payment records show that Ms. Bolender, the Las Vegas mother with the sick daughter, was not in default in any of the four instances her ignition was disabled this year.
PassTime and the other manufacturers say they ensure that their devices comply with state laws. C.A.G. declined to comment on Ms. Bolender’s experiences.
State regulators are also examining whether a defective device could endanger the borrowers or other drivers on the road, according to people with knowledge of the matter who spoke on the condition of anonymity.
Last year, Nevada’s Legislature heard testimony from T. Candice Smith, 31, who said she thought she was going to die when her car suddenly shut down, sending her careening across a three-lane Las Vegas highway.
“It was horrifying,” she recalled.
Ms. Smith said that her lender, C.A.G. Acceptance, had remotely activated her ignition interruption device.
“It’s a safety hazard for the driver and for all others on the road,” said her lawyer, Sophia A. Medina, with the Legal Aid Center of Southern Nevada.
Mr. Pena of C.A.G. Acceptance said, “It is impossible to cause a vehicle to shut off while it is operating,” He added, “We take extra precautions to try and work with and be professional with our customers.” While PassTime, the device’s maker, declined to comment on Ms. Smith’s case, the company emphasized that its products were designed to prevent a car from starting, not to shut it down while it was in operation.
“PassTime has no recognition of our devices shutting off a customer while driving,” Ms. Kirkendall of PassTime said.
In her testimony, Ms. Smith, who reached a confidential settlement with C.A.G., said the device made her feel helpless.
“I felt like even though I made my payments and was never late under my contract, these people could do whatever they wanted,” she testified, “and there was nothing I could do to stop them.”
DRIVEN INTO DEBT Articles in this series are examining the boom in subprime auto loans.
Journalists and dissidents are under the microscope of intelligence agencies, Wikileaks revealed in its fourth SpyFiles series. A German software company that produces computer intrusion systems has supplied many secret agencies worldwide.
The weaponized surveillance malware, popular among intelligence agencies for spying on “journalists, activists and political dissidents,” is produced by FinFisher, a German company. Until late 2013, FinFisher used to be part of the UK-based Gamma Group International, revealed WikiLeaks in the latest published batch of secret documents.
FinFisher’s spyware exploits and monitors systems remotely. It’s capable of intercepting communications and data from OS X, Windows and Linux computers, as well as Android, iOS, BlackBerry, Symbian and Windows Mobile portable devices. Three back-end programs are required for the spy program to operate. FinFisher Relay and FinSpy Proxy programs are FinFisher suite components that route and manage intercepted traffic, redirecting it to the FinSpy Master collection program. The spyware can steal keystrokes, Skype conversations, and even connect to your webcam and watch you in real time.
The whistleblower has a list of FinFisher surveillance software buyers. Among the German malware developer’s clients are intelligence agencies and police forces from Australia, Bosnia, Estonia, Hungary, Italy, Mongolia, the Netherlands, Pakistan and Qatar.
According to WikiLeaks’ estimates, FinFisher has already earned about 50 million euros in sales.
“FinFisher continues to operate brazenly from Germany selling weaponized surveillance malware to some of the most abusive regimes in the world,” the founder and editor-in-chief of Wikileaks, Julian Assange, said.
Earlier this year, the tapping of Chancellor Angela Merkel’s mobile phone by the American National Security Agency (NSA) created a scandal that rocked the German political establishment: a revelation made thanks to documents exposed by the former NSA contractor and whistleblower Edward Snowden.
Yet, despite all this, FinFisher continues its activities in Germany unhindered.
“The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?” Assange asked.
Assange is calling for an ‘antidote’ to the German-made FinFisher FinSpy PC spyware, saying a tool is needed to repel such activities and expose those who do the surveillance by tracking down spying command and control centers.
WikiLeaks has made newly indexed FinFisher breach material public via torrents, “including new brochures and a database of the customer support website, that provide updated details on their product line and a unique insight into the company’s customer-base.”
“In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated support tickets and acquired licenses, along with the estimated costs calculated from FinFisher’s price list,” the WikiLeaks memo said.
After the scandal that followed revelations of mass NSA spying worldwide, Germany and France came up with an idea to build a trustworthy data protection network in Europe to avoid data passing through the US.
The US slammed such plans to construct an EU-centric communication system, designed to prevent emails and phone calls from being swept up by the NSA, warning that such a move is a violation of trade laws.
Prepare yourself for a future filled with real-life pew pew! The Defense Advanced Research Projects Agency is working with Lockheed Martin to test “a new beam control turret… to give 360-degree coverage for high-energy laser weapons operating on military aircraft.”
In other words, it stuck a primitive (by rebel standards) “Star Wars”-style laser cannon on a fighter jet and flew it over Michigan eight times.
“These initial flight tests validate the performance of our ABC turret design,” Lockheed’s Doug Graham said. in a release.
That ABC stands for Aero-adaptive Aero-optic Beam Control, which is designed to allow high-energy lasers to fire on enemy aircraft and missiles from a full 360 degrees — above, below, and behind the aircraft.
The test flights demonstrated the airworthiness of the turret, but it doesn’t appear that anyone or anything in the Great Lakes region was actually zapped as part of testing.
Still, this represents a significant move toward the inevitable merging of the “Star Wars” universe with our own so-called “reality.” We’ve already seen the Navy’s laser weapon that’s set to deploy, and science has discovered how to create a real-life lightsaber, so perhaps it would be wise to start scanning the galaxies not just for potentiallyhabitable exoplanets, but for planet-size super weapons as well.
A Samsung Group subsidiary has worked on a robot sentry that they call the SGR-A1, and this particular robot will carry a fair amount of weapons that ought to make you think twice about crossing the borders of South Korea illegally – as it has been tested out at the demilitarized zone along the border over with its neighbor, North Korea. The SGR-A1 will be able to detect intruders with the help of machine vision (read: cameras), alongside a combination of heat and motion sensors.
The whole idea of the Samsung SGR-A1 is to let this military robot sentry do the work of its human counterparts over at the demilitarized zone at the South and North Korea border, so that there will be a minimal loss of life on the South Korean side just in case things turn sour between the two neighbors.
First announced in 2006 (where obvious improvements have been made since, and I am not surprised if much of it remained as classified information), this $200,000, all weather, 5.56 mm robotic machine gun also sports an optional grenade launcher. It will make use of its IR and visible light cameras to track multiple targets and remains under the control of a human operator from a remote location. Basically, it claims to be able to “identify and shoot a target automatically from over two miles (3.2 km) away.” Scary! When used on the DMZ, this robot will not distinguish between friend or foe – anyone who crosses the line is deemed as an enemy.
The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand for user data that the company believed was unconstitutional, according to court documents unsealed Thursday. (Justin Sullivan/Getty Images)
The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user communications — a request the company believed was unconstitutional — according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the National Security Agency’s controversial PRISM program.
The documents, roughly 1,500 pages worth, outline a secret and ultimately unsuccessful legal battle by Yahoo to resist the government’s demands. The company’s loss required Yahoo to become one of the first to begin providing information to PRISM, a program that gave the NSA extensive access to records of online communications by users of Yahoo and other U.S.-based technology firms.
The ruling by the Foreign Intelligence Surveillance Court of Review became a key moment in the development of PRISM, helping government officials to convince other Silicon Valley companies that unprecedented data demands had been tested in the courts and found constitutionally sound. Eventually, most major U.S. tech companies, including Google, Facebook, Apple and AOL, complied. Microsoft had joined earlier, before the ruling, NSA documents have shown.
A version of the court ruling had been released in 2009 but was so heavily redacted that observers were unable to discern which company was involved, what the stakes were and how the court had wrestled with many of the issues involved.
“We already knew that this was a very, very important decision by the FISA Court of Review, but we could only guess at why,” said Stephen Vladeck, a law professor at American University.
PRISM was first revealed by former NSA contractor Edward Snowden last year, prompting intense backlash and a wrenching national debate over allegations of overreach in government surveillance.
Documents made it clear that the program allowed the NSA to order U.S.-based tech companies to turn over e-mails and other communications to or from foreign targets without search warrants for each of those targets. Other NSA programs gave even more wide-ranging access to personal information of people worldwide, by collecting data directly from fiber-optic connections.
In the aftermath of the revelations, the companies have struggled to defend themselves against accusations that they were willing participants in government surveillance programs — an allegation that has been particularly damaging to the reputations of these companies overseas, including in lucrative markets in Europe.
Yahoo, which endured heavy criticism after The Washington Post and Britain’s Guardian newspaper used Snowden’s documents to reveal the existence of PRISM last year, was legally bound from revealing its efforts in attempting to resist government pressure. The New York Times first reported Yahoo’s role in the case in June 2013, a week after the initial PRISM revelations.
Both the Foreign Intelligence Surveillance Court and the Foreign Intelligence Surveillance Court of Review, an appellate court, ordered declassification of the case last year, amid a broad effort to make public the legal reasoning behind NSA programs that had stirred national and international anger. Judge William C. Bryson, presiding judge of the Foreign Intelligence Surveillance Court of Review, ordered the documents from the legal battle unsealed Thursday. Documents from the case in the lower court have not been released.
Yahoo hailed the decision in a Tumblr post Thursday afternoon. “The released documents underscore how we had to fight every step of the way to challenge the U.S. Government’s surveillance efforts,” Ron Bell, the company’s general counsel, wrote in the post.
The Justice Department and the Office of the Director of National Intelligence published their own Tumblr post Thursday evening offering a detailed description of the court proceedings and posting several related documents. It noted that both the Foreign Intelligence Surveillance Court and the appeals court sided with the government on the main questions at issue, and added that a subsequent law added more protections, making it “even more protective of the Fourth Amendment rights of U.S. persons than the statute upheld by the [appeals court] as constitutional.”
At issue in the original court case was a recently passed law, the Protect America Act of 2007, that allowed the government to collect data for significant foreign intelligence purposes on targets “reasonably believed” to be outside of the United States. Individual search warrants were not required for each target. That law has lapsed but became the foundation for the FISA Amendments Act of 2008, which created the legal authority for some of the NSA programs later revealed by Snowden.
The order requiring data from Yahoo came in 2007, soon after the Protect America Act passed. It set off alarms at the company because it sidestepped the traditional requirement that each target be subject to court review before surveillance could begin. The order also went beyond “metadata” — records of communications but not their actual content — to include the full e-mails.
A government filing from February 2008 described the order to Yahoo as including “certain types of communications while those communications are in transmission.” It also made clear that while this was intended to target people outside the United States, there inevitably would be “incidental collection” of the communications of Americans. The government promised “stringent minimization procedures to protect the privacy interests of United States persons.”
Rather than immediately comply with the sweeping order, Yahoo sued.
Central to the case was whether the Protect America Act overstepped constitutional bounds, particularly the Fourth Amendment prohibition on unreasonable searches and seizures without a warrant. An early Yahoo filing said the case was “of tremendous national importance. The issues at stake in this litigation are the most serious issues that this Nation faces today — to what extent must the privacy rights guaranteed by the United States Constitution yield to protect our national security.”
The appeals court, however, ruled that the government had put in place adequate safeguards to avoid constitutional violations.
“We caution that our decision does not constitute an endorsement of broad-based, indiscriminate executive power,” the court wrote on Aug. 22, 2008. “Rather, our decision recognizes that where the government has instituted several layers of serviceable safeguards to protect individuals against unwarranted harms and to minimize incidental intrusions, its efforts to protect national security should not be frustrated by the courts. This is such a case.”
The government threatened Yahoo with the $250,000-a-day fine after the company had lost an initial round before the Foreign Intelligence Surveillance Court but was still pursuing an appeal. Faced with the fine, Yahoo began complying with the legal order as it continued with the appeal, which it lost several months later.
Stewart Baker, a former NSA general counsel and Bush administration Department of Homeland Security official, said it’s not unusual for courts to order compliance with rulings while appeals continue before higher courts.
“I’m always astonished how people are willing to abstract these decisions from the actual stakes,” Baker said. “We’re talking about trying to gather information about people who are trying to kill us and who will succeed if we don’t have robust information about their activities.”
The American Civil Liberties Union applauded Thursday’s move to release the documents but said it was long overdue.
“The public can’t understand what a law means if it doesn’t know how the courts are interpreting that law,” said Patrick Toomey, a staff attorney with the ACLU’s National Security Project.
Several high-profile websites — including Kickstarter, Etsy, Reddit, Mozilla, and Meetup — will display spinning-wheel icons on Wednesday in an attempt to show visitors the Internet slow lanes they say will appear if the U.S. Federal Communications Commission doesn’t pass strong Net neutrality regulations.
The symbolic Internet slowdown will include the dreaded site-loading spinning icon to symbolize what Net neutrality advocates believe the Web could look like without strong rules. Participating sites, which won’t really slow down their load times, will encourage visitors to call or email U.S. policymakers in support of Net neutrality rules.
(CNN) — Hundreds of children across the United States have been hospitalized with a serious respiratory illness. Scientists say they believe the bug to blame is Enterovirus D68, also known as EV-D68.
Enteroviruses are common, especially in September, but this particular type is not. There have been fewer than 100 cases recorded since it was identified in the 1960s, according to the Centers for Disease Control and Prevention.
WASHINGTON (CBS) – Teflon tape, molded plastic explosives and handguns are all concealment tricks that a group of researchers were able to pull off on the Rapiscan Secure 1000 machines previously used at TSA checkpoints and currently used at courthouses, prisons and other government security stops.
Researchers from the University of California, San Diego, the University of Michigan and Johns Hopkins University maneuvered weapons past the full-body X-ray scanners that were deployed at U.S. airports between 2009 and 2013 – at a cost of more than $1 billion.
“Frankly, we were shocked by what we found,” said J. Alex Halderman, a professor of computer science at the University of Michigan, in a statement. “A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques.”
Rapiscan Systems labels the Secure 1000 machines as “the most effective and most widely deployed image-based people screening solution,” although the scanners were removed from TSA airport checkpoints last year because of privacy complaints stemming from the near-naked images it produced of passengers.
But the study authors say that the machines have been transferred to government buildings, jails and courthouses across the country.
The researchers were able to conceal a .380 ACP pistol and plastic explosives from the full-body X-ray scanners in addition to installing malware to produce fake “all-clear” images. They were also able to pull off a series of weapon concealment tricks, including the use of Teflon tape to conceal weapons against a person’s spine. In one test, a 200 gram pancake of plastic explosive-like material was molded to a passenger’s torso to avoid detection.
Another scanner image failed to reveal a pistol hidden behind a person’s knee and a pistol that was sewn into a pant leg. A knife and the C-4 explosive simulator material were also invisible to the scanners.
The scanning operator sees no difference between test images with and without the weapons and explosive material.
Another troubling element of the machine’s vulnerability is the ease in which the researchers were able to even test it in the first place. They purchased the government surplus scanner from eBay.
In a statement, UC San Diego computer scientist Hovav Shacham said, “The (scanner’s) designers seem to have assumed that attackers would not have access to a Secure 1000 to test and refine their attacks.”
“These machines were tested in secret, presumably without this kind of adversarial mindset, thinking about how an attacker would adapt to the techniques being used,” Halderman told Wired, prior to a research presentation at the Usenix Security Conference on Thursday. “They might stop a naive attacker. But someone who applied just a bit of cleverness to the problem would be able to bypass them. And if they had access to a machine to test their attacks, they could render their ability to detect contraband virtually useless.”
In 2012, TSA cautioned reporters from citing a video produced by blogger Jonathan Corbett that showed TSA’s Rapiscan full-body scanners being duped by a series of simple weapon concealment tricks.
A California bill that would require cellphone makers to install a “kill switch” to render stolen devices inoperable has passed the state legislature, and now moves to the governor’s office for consideration.
The bill won Senate approval Monday by a vote of 27-8. If Gov. Jerry Brown signs the bill, it would be among the first such laws in the nation (Minnesota has adopted a similar anti-theft requirement).
An earlier version of the “kill switch” bill died in the Senate this spring, amid criticism that its language was so broad it would have imposed the requirement on a number of devices beyond smartphones.
TommL | Vetta | Getty Images
Several device manufacturers and wireless carriers withdrew their opposition once the bill was amended to exclude tablets and exempt smartphone models introduced before Jan. 1, 2015, that could not “reasonably be re-engineered” to incorporate the anti-theft technology.
If the bill is signed into law, manufacturers will have until July 1, 2015, to incorporate the theft deterrent, which users would be asked to turn on when they set up their new devices.
State Sen. Mark Leno, D-San Francisco, introduced the bill to address the epidemic of smartphone thefts, which the Federal Communications Commission estimates to account for 30 percent to 40 percent of thefts in major cities.
In San Francisco, more than half of all robberies in 2012 involved the theft of a mobile device, according to the city district attorney’s office.
“Our goal is to swiftly take the wind out of the sails of thieves who have made the theft of smartphones one of the most prevalent street crimes in California’s big cities,” Leno said in a statement.
Amid heightened concerns about smartphone theft, several key players in the industry took steps to address the problem ahead of legislation.
Security researcher Barnaby Jack has passed away in San Francisco, only days before a scheduled appearance at a Las Vegas hacker conference where he intended to show how an ordinary pacemaker could be compromised in order to kill a man.
Jack, who previously presented hacks involving ATMs and insulin pumps at the annual Black Hat conference in Vegas, was confirmed dead Friday morning by the San Francisco Medical Examiner’s office, Reuters reported. He passed away Thursday this week, but the office declined to offer any more details at this time.
Jack’s death came one week to the day before he was scheduled to detail one of his most recent exploits in a Black Hat talk called “Implantable Medical Devices: Hacking Humans.”
“I was intrigued by the fact that these critical life devices communicate wirelessly. I decided to look at pacemakers and ICDs (implantable cardioverter defibrillators) to see if they communicated securely and if it would be possible for an attacker to remotely control these devices,” Jack told Vice last month.
In theory, a hacker could use a plane’s onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications. (Associated Press)
Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems – a claim that, if confirmed, could prompt a review of aircraft security.
‘These devices are wide open.’- Ruben Santamarta, IOActive
Santamarta, a consultant with cybersecurity firm IOActive, is scheduled to lay out the technical details of his research at this week’s Black Hat hacking conference in Las Vegas, an annual convention where thousands of hackers and security experts meet to discuss emerging cyber threats and improve security measures.
His presentation on Thursday on vulnerabilities in satellite communications systems used in aerospace and other industries is expected to be one of the most widely watched at the conference.
“These devices are wide open. The goal of this talk is to help change that situation,” Santamarta, 32, told Reuters.
The researcher said he discovered the vulnerabilities by “reverse engineering” – or decoding – highly specialized software known as firmware, used to operate communications equipment made by Cobham Plc, Harris Corp, EchoStar Corp’s Hughes Network Systems, Iridium Communications Inc and Japan Radio Co Ltd.
In theory, a hacker could use a plane’s onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft’s navigation and safety systems, Santamarta said.
Hacks tested in controlled environments
He acknowledged that his hacks have only been tested in controlled environments, such as IOActive’s Madrid laboratory, and they might be difficult to replicate in the real world. Santamarta said he decided to go public to encourage manufacturers to fix what he saw as risky security flaws.
Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta’s research and confirmed some of his findings, but downplayed the risks.
For instance, Cobham, whose Aviation 700 aircraft satellite communications equipment was the focus of Santamarta’s research, said it is not possible for hackers to use WiFi signals to interfere with critical systems that rely on satellite communications for navigation and safety. The hackers must have physical access to Cobham’s equipment, according to Cobham spokesman Greg Caires.
“In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only,” said Caires.
A Japan Radio Co spokesman declined to comment, saying information on such vulnerabilities was not public.
Black Hat, which was founded in 1997, has often been a venue for hackers to present breakthrough research. In 2009, Charlie Miller and Collin Mulliner demonstrated a method for attacking iPhones with malicious text messages, prompting Apple Inc to release a patch. In 2011, Jay Radcliffe demonstrated methods for attacking Medtronic Inc’s insulin pumps, which helped prompt an industry review of security.
Santamarta published a 25-page research report in April that detailed what he said were multiple bugs in firmware used in satellite communications equipment made by Cobham, Harris, Hughes, Iridium and Japan Radio Co for a wide variety of industries, including aerospace, military, maritime transportation, energy and communications.
The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat.
Risk ‘very small’
Harris spokesman Jim Burke said the company had reviewed Santamarta’s paper. “We concluded that the risk of compromise is very small,” he said.
Iridium spokesman Diane Hockenberry said, “We have determined that the risk to Iridium subscribers is minimal, but we are taking precautionary measures to safeguard our users.”
One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of “hardcoded” log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password.
The problem is that hackers can retrieve those passwords by hacking into the firmware, then use the credentials to access sensitive systems, Santamarta said.
Hughes spokeswoman Judy Blake said hardcoded credentials were “a necessary” feature for customer service. The worst a hacker could do is to disable the communication link, she said.
Santamarta said he will respond to the comments from manufacturers during his presentation, then take questions during an open Q&A session after his talk.
Vincenzo Iozzo, a member of Black Hat’s review board, said Santamarta’s paper marked the first time a researcher had identified potentially devastating vulnerabilities in satellite communications equipment.
“I am not sure we can actually launch an attack from the passenger inflight entertainment system into the cockpit,” he said. “The core point is the type of vulnerabilities he discovered are pretty scary just because they involve very basic security things that vendors should already be aware of.”