Month: January 2016

This is what cyber looks like. (credit: CSI: Cyber / CBS)

There are lots of cringeworthy technology moments on television, especially when the words "hacking" and "cyber" are introduced into the plot. But of all the broadcast and cable networks, CBS is the biggest purveyor of techno-idiocy, proving again and again that none of the producers behind its stable of pseudo-procedural dramas has a clue about how anything on that crazy thing called the Internet works. NCIS set the benchmark with its two-people-on-one-keyboard-to-out-hack-a-hacker scene, but then the network doubled down and launched CSI:Cyber, which returned last night.

The future of Cyber is currently in doubt. CBS has pulled its timeslot to make room for a midseason replacement, so there may well be only a few more opportunities for the latest CSI franchise to cyber-scare network viewers with plots loosely based on something producers read about on Yahoo Answers. OK, to be fair, Cyber's writers are at least occasionally inspired by actual vulnerabilities that have been ripped from the headlines. It's just often these headlines are several years old.

Throughout its run thus far, the show has offered hat-tips to real security researchers. An episode late last year involved a "jackpotting" hack of ATMs at "Barnaby Bank," named for a security researcher who demonstrated that vulnerability—Barnaby Jack. Jack would afterward serve as director of embedded device security research at IOActive until his death in 2013. But the road to entertainment hell is paved with good intentions.

BMW's Holger Hampf explains the thinking behind the i Vision Future Interaction concept car at CES. Video shot/edited by Jennifer Hahn. (video link)

LAS VEGAS—As auto engineers are hard at work on the technology behind self-driving cars, their colleagues in the design studios are also tackling the problem. One thing is becoming increasingly clear—the idea of a pod where the seat swivels 180 degrees when the car is in autonomous mode just isn't realistic in the near- or even mid-term future. What's also becoming clear is that each car company has different ideas for autonomous vehicles—they're all going to be quite different, reflecting each marque's values and DNA. At CES last week we got a chance to talk to Holger Hampf, head of user experience at BMW, about his company's i Vision Future Interaction concept.

Antivirus provider TrendMicro has released an emergency product update that fixes critical defects that allow attackers to execute malicious code and to view contents of a password manager built in to the malware protection program. The release came after a Google security researcher publicly castigated a TrendMicro official for the threat.

Details of the flaws became public last week after Tavis Ormandy, a researcher with Google's Project Zero vulnerability research team, published a scathing critique disclosing the shortcomings. While the code execution vulnerabilities were contained in the password manager included with the antivirus package, they could be maliciously exploited even if end users never make use of the password feature. Those who did use it were also susceptible to hacks that allowed attackers to view hashed passwords and the plaintext Internet domains they belonged to.

"I don't even know what to say—how could you enable this thing *by default* on all your customer machines without getting an audit from a competent security consultant?" Ormandy wrote in an exchange with a TrendMicro official. "You need to come up with a plan for fixing this right now. Frankly, it also looks like you're exposing all the stored passwords to the internet, but let's worry about that screw up after you get the remote code execution under control."

Wayne Williams from Ford shows us one of the company's fully autonomous Fusion research vehicles. Video shot/edited by Nathan Fitch. (video link)

LAS VEGAS—As we've noted elsewhere, CES has now evolved to be part car show. But not just any car show—the focus is on how technology is transforming the car, and nowhere is that more evident than in autonomous driving. The goal is to get to "level four"—the National Highway Traffic Safety Administration's highest level of self-driving vehicle, capable of getting from point A to point B without any human driver intervention. We're not there yet—no one in the industry Ars has spoken to recently thinks the tech challenges are quite solved yet—but research vehicles from companies like Google, Delphi, Audi, and Ford are testing out the hardware and software necessary to get us to that point. With that in mind, we spoke to Wayne Williams, who gave us a quick tour of one of Ford's fully autonomous hybrid Fusions.

Surveillance video shows two suspects during bank robberies across the US Southeast. (credit: FBI)

A woman charged in connection to a string of armed jewelry store heists was arrested after the authorities analyzed cell-site data of telephone calls made during the nine-month robbery spree across the US Southeast, the Federal Bureau of Investigation said.

The bureau said in court documents that the 24-year-old suspect, Abigail Kemp, wore an earpiece and was talking into it during several of the robberies. Store employees were tied up and shoppers were held at gunpoint during the robberies. At one incident in Florida in August, in which the Georgia woman allegedly netted $400,000 in jewelry, the FBI said (PDF) that the suspect "was observed with a cellular telephone and wearing a cellular telephone earpiece during the robbery and was heard speaking to someone. At one point during the robbery, the earpiece fell out of the white female's ear and she promptly put it back in."

"Based on an analysis of cellular tower information obtained by law enforcement, telephone number (404) 630-2685 appeared at or near all of the robbery locations in Panama City Beach, Florida, Woodstock, Georgia, and Blufton, South Carolina, during the time that the robberies discussed above were being committed," according to an FBI arrest warrant. "A check of law enforcement databases revealed telephone number (404) 630-2685 is associated with an individual named Abigail Kemp." Ars called that number and left a voice message.