Month: June 2019

Enlarge / Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, at a recent Senate hearing. Krebs issued a warning earlier this week on a surge in Iranian state-sponsored "malicious cyber activity." (credit: Tom Williams/CQ Roll Call via Getty Images)

Last weekend, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs issued a statement warning about elevated malicious Internet activity from state-sponsored actors in Iran. The notice corresponded to new warnings from private security research firms, including Recorded Future, of a surge in preparatory activity over the past three months by APT33, a threat group connected to the Iranian government and Iranian Revolutionary Guard Corps (IRGC, Iran's military).

In an interview with Ars, Krebs explained that the reason for the warning went beyond that "regional activity"—attacks on Saudi Arabian companies and other organizations in the Persian Gulf and South Asia.

"Over the course of the last couple of weeks, and in particular last week I'd say, [the activity] became specifically directed," he said. A "sense of the community"—reports from US intelligence and other agencies, as well as private sector cybersecurity vendors—showed a significant leap in spear-phishing attacks connected to infrastructure associated with APT33 against targets in the US over the past week, Krebs said. "So you combine that increase in activity with a historic intentionality and demonstrated ability, after previous destructive campaigns, and it was time to make a statement and say, 'Hey look, everybody, this is heating up. And politically it is also heating up... We need to step up our game.'"

Enlarge / An inside view of the new Mac Pro. (credit: Apple)

Apple is manufacturing the new Mac Pro in China, marking a change from the previous Mac Pro that was made in the US.

Apple made the previous Mac Pro in Austin, Texas beginning in 2013. But with the new Mac Pro unveiled this month being made in China, Apple is "shifting abroad production of what had been its only major device assembled in the US as trade tensions escalate between the Trump administration and Beijing," The Wall Street Journal reported today.

"The tech giant has tapped contractor Quanta Computer Inc. to manufacture the $6,000 desktop computer and is ramping up production at a factory near Shanghai," according to the Journal's sources. "Quanta's facility is close to other Apple suppliers across Asia, making it possible for Apple to achieve lower shipping costs than if it shipped components to the US."

Enlarge / Front row: PlayStation VR, Oculus Quest, Valve Index, Oculus Rift S. Back row: HTC Vive, Oculus Rift, HTC Vive Pro. (Only headsets from the front row made our recommended-in-2019 list.) (credit: Sam Machkovech)

Welcome to Ars Gaming Week 2019! As a staff full of gamers and game-lovers, we'll be serving up extra reviews, guides, interviews, and other stories all about gaming from August 19 to August 23. As part of Gaming Week, we wanted to resurface our definitive guide to the state of VR in 2019, which was published earlier this year in June 2019.

Virtual reality as a consumer-grade tech isn't going anywhere if the PC gaming titans at Valve Corporation have anything to say about it.

Today marks the company's launch of its own VR system, the Valve Index, and it's easily the company's biggest hardware launch ever. Valve has previously sold $50 controllers and set-top boxes, and they've partnered with other hardware makers to launch things like computers. But the Valve Index is another level entirely—it's priced at $999 for a full kit, built top to bottom at Valve's Seattle-area headquarters.

Enlarge / A Renault Captur in more idealistic conditions. (credit: Renault)

After a recent demo using GNSS spoofing confused a Tesla, a researcher from Cyber@BGU reached out about an alternative bit of car tech foolery. The Cyber@GBU team recently demonstrated an exploit against a Mobileye 630 PRO Advanced Driver Assist System (ADAS) installed on a Renault Captur, and the exploit relies on a drone with a projector faking street signs.

The Mobileye is a Level 0 system, which means it informs a human driver but does not automatically steer, brake, or accelerate the vehicle. This unfortunately limits the "wow factor" of Cyber@BGU's exploit video—below, we can see the Mobileye incorrectly inform its driver that the speed limit has jumped from 30 km/h to 90 km/h (18.6 to 55.9 mph), but we don't get to see the Renault take off like a scalded dog in the middle of a college campus. It's still a sobering demonstration of all the ways tricky humans can mess with immature, insufficiently-trained AI.

Ben Nassi, a PhD student at CBG and member of the team spoofing the ADAS, created both the video and a page succinctly laying out the security-related questions raised by this experiment. The detailed academic paper the university group prepared goes further than the video in interesting directions—for instance, the Mobileye ignored signs of the wrong shape, but the system turned out to be perfectly willing to detect signs of the wrong color and size. Even more interestingly, 100ms was enough display time to spoof the ADAS even if that's brief enough many humans wouldn't spot the fake sign at all. The Cyber@BGU team also tested the influence of ambient light on false detections: it was easier to spoof the system late in the afternoon or at night, but attacks were reasonably likely to succeed even in fairly bright conditions.