Author: Sean Gallagher

There's a certain degree of doubt about whether it's possible to hack into an airplane's avionics from the in-flight Wi-Fi, as one security researcher claimed last year. But it's possible to do all sorts of things to fellow passengers—as USA Today columnist Steven Petrow recently found out. Following an American Airlines flight, Petrow was approached by a man who claimed to have gained access to the content of his e-mails, which showed communication with sources for a story Petrow was writing.

Petrow offered a bunch of advice on how to protect privacy on mobile devices (strong passwords, password managers, and encrypted communications apps). But none of these really addresses how he got "hacked"—the in-flight Wi-Fi provided a perfect environment for an attacker to undermine the security of other passengers' communications. It's something that could easily be fixed, but in-flight Internet providers are in no hurry to do so, because it's not in their interest.

When you're on any public Wi-Fi, you're bound to give up some personal information to anyone who might be watching the traffic (whether that be the company providing the service, for marketing purposes, or someone with more malicious intent). For example, in previous tests (such as the ones we conducted with NPR), we saw iPads and iPhones that identified themselves to the network by their owner's name, and Web requests to websites and mobile app traffic (some including personal data) were also visible. And as might have happened to Petrow, old-school POP/SMTP e-mail messages could be practically read off the wire.

File this under the category of "drone pilots trying to ruin it for everybody." According to a safety incident report published by the United Kingdom's Airprox air safety board, an Airbus A319 landing at Heathrow International Airport last September narrowly avoided a collision with a drone flying at an altitude of 500 feet as the jet was on its final approach. The pilots reported the small hovering helicopter-style drone passed about 25 yards to the left of the cockpit and just 20 feet above the aircraft.

The A319's wingspan is 112 feet, so that would mean the drone missed the airliner by as little as 30 feet. The pilot reported that there was no time once the drone was sighted to take evasive action. The pilot reported the drone to air traffic controllers, and the police were dispatched. However, the drone pilot was not found. The incident was classified as meeting risk category A—the highest level incident covered by the reporting system short of an actual collision.

The drone was not detected by air traffic control radar, so the only details of the event and how close the aircraft came to striking the drone are the pilot's estimate of distance. In the UK, drones are limited to flight below 400 feet and are banned from flying in controlled airspace (like that around Heathrow) without permission from air traffic controllers. As the report noted, UK Civil Aviation Authority rules require a drone to stay within visual line of sight of the pilot—a maximum of 500 meters (1,640 feet) horizontally and 400 feet vertically from the operator.

The aircraft to be built by Northrop Grumman for the US Air Force's Long Range Strike Bomber (LRS-B) has now been officially designated by the Air Force as the B-21. The first conceptual drawings of the bomber to be revealed look very familiar—almost like a carbon copy of the last bomber the Air Force bought in the 1980s and 1990s.

In a presentation at the Air Force Association's Air Warfare Symposium in Orlando on February 26, Air Force Secretary Deborah Lee James unveiled an initial conceptual drawing of the aircraft as well as its designation. James announced that the Air Force will be taking suggestions from service members for the official name of the bomber. The B-21 designation, she said, was in recognition of the LRS-B as the first bomber of the 21^st century.

“This aircraft represents the future for our Airmen," James said. “The Airman who submits the selected name will help me announce it at the conference this fall (the Air & Space Conference in September)."

There's been a lot of bluster about the ongoing encryption saga between the FBI and Apple. "So Apple recently joined ISIS," The Daily Show's Trevor Noah joked this week. CIA Director John Brennan's view was a tad more serious. "What would people say if a bank had a safe deposit box that individuals could use, access, and store things, but the government was not able to have any access to those environments?" he told NPR's Morning Edition. "Criminals, terrorists, whatever could use it. What is it about electronic communications that makes it unique in terms of it not being allowed to be accessed by the government when the law, the courts say the government should have access?"

Let's start with the facts. Apple is currently fighting a court order obtained by the FBI. The FBI wants Apple to build software to help bypass security software on a specific iPhone 5C. The FBI is trying to unlock this device—a phone provided by San Bernardino County to employee Syed Farook, the man who with his wife shot 36 people and killed 14—but it's obstructed by the phone's security feature, which might delete the contents of the phone after 10 failed attempts to guess the PIN passcode. For now, Apple is resisting this court order that asks the company to write code that would block the auto-delete feature and allow the FBI to "brute-force" the passcode.

Beyond the facts are various arguments about things like the limits of government power or the legal authority of law enforcement to gain access to evidence believed to be related to what has been labeled a terrorist act. Those questions will be resolved by the courts eventually. But both the FBI and Apple have tried to take the high ground in different ways within the court of public opinion—the FBI emphasizes the moral imperative of honoring the victims and fighting terrorism, while Apple proclaims an ethical duty it has to protect the privacy and security of millions of iPhone users worldwide.

Just weeks after North Korea successfully launched a satellite into orbit, Iran is preparing an attempt to match that effort—and rocket ahead in the development of its own ICBM technology in the process. Images obtained by Melissa Hanham, Catherine Dill, and Dr Jeffrey Lewis of Arms Control Wonk from Apollo Mapping and Airbus Defense and Space show that the Imam Khomeni Space Center near Semnan, Iran, is actively preparing for a launch. The Iranian government has issued a NOTAM (notice to airmen) warning them away from the area from March 1 to March 2.

The Khomeni Space Center is near Semnan, Iran—about 200 kilometers east of Tehran. The launch vehicle being stacked there, called the Simorgh, is designed to put a 100 kilogram payload (220 pounds) into a low-earth orbit of 500 kilometers (310 miles, or roughly 270 nautical miles).

The satellite, which was unveiled in February, is called the Friendship Testing Satellite. It's essentially a giant "cubesat" carrying a number of experiments. And like the North Korean Kwangmyŏngsŏng-4 satellite launched in February, the Friendship Testing Satellite is roughly the mass of a nuclear warhead.

A team of computer scientists and electrical engineers from the University of Washington has developed an extremely power-efficient version of Wi-Fi wireless networking technology that consumes 10,000 times less power than the current Wi-Fi components, allowing Wi-Fi networking to be built into a much wider range of devices. The team will present a paper (PDF) with the results of their research into what they have dubbed Passive Wi-Fi at the upcoming USENIX Symposium on Networked Systems Design and Implementation in March.

Passive Wi-Fi is, as the name suggests, partially passive—it takes in radio wave energy from an outside source and reflects that signal with its data added to it. Vamsi Talla, a UW electrical engineering doctoral student and co-author of the research, explained, "All the networking, heavy-lifting and power-consuming pieces are done by the one plugged-in device. The passive devices are only reflecting to generate the Wi-Fi packets, which is a really energy-efficient way to communicate."

The technology works much in the way Radio Frequency Identification (RFID) chips (and, more infamously, retroreflector bugs like the ones used by the Soviet Union to bug the US Embassy in Moscow) do—using a technique called backscatter communication.

The Office of Personnel Management's chief information officer, Donna Seymour, resigned Monday, two days before she was scheduled to face a House Oversight and Government Reform Committee hearing on the theft of data from OPM's network discovered last year. A spokesperson for the OPM confirmed to Ars that Seymour had resigned, saying "she has retired."

Seymour told colleagues at the OPM in an e-mail message that she was departing to make sure that her presence at OPM "does not distract from the great work this team does every single day for this agency and the American people," according to a report by USA Today's Erin Kelly.

House Oversight Committee chairman Jason Chaffetz (R-Utah) cancelled the planned hearing for Wednesday on the OPM hack. "Ms. Seymour’s retirement is good news and an important turning point for OPM," he commented in a prepared statement. "While I am disappointed Ms. Seymour will no longer appear before our Committee this week to answer to the American people, her retirement is necessary and long overdue. On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data. The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency."

At the Mobile World Congress in Barcelona, Facebook announced the launch of a new open source hardware effort to extend cellular wireless service and hopefully accelerate the scaling up of telecommunications infrastructure and the development of new wireless broadband technologies, including 5G wireless. The program, called the Telecom Infra Project (TIP), is also working on providing currently unserved rural communities with wireless network efforts. A pilot 4G network is already underway in the Philippines, and Facebook has a project in planning for the Scottish Highlands.

Modeled on the Open Compute Project, which tackled data center computing and networking hardware, TIP already has 30 participating members (including a number of telecommunications and networking hardware providers alongside global and regional telecommunications carriers). TIP will focus on open designs for three areas of telecommunications hardware and software: access points, the backhaul network to connect them, and network core and management systems.

"We know from our experience with the Open Compute Project that the best way to accelerate the pace of innovation is for companies to collaborate and to work in the open," Jay Parikh, Global Head of Engineering and Infrastructure at Facebook, wrote in a post announcing TIP. "To kick-start this work, TIP members such as Facebook, Intel, and Nokia have pledged to contribute an initial suite of reference designs, while other members such as operators Deutsche Telekom and SK Telecom will help define and deploy the technology as it fits their needs."

Hollywood Presbyterian Medical Center, the Los Angeles hospital held hostage by crypto-ransomware, has opted to pay a ransom of 40 bitcoins—the equivalent of $17,000—to the group that locked down access to the hospital's electronic medical records system and other computer systems. The decision came 10 days after the hospital lost access to patient records.

"HPMC has restored its EMR on Monday, February 15^th," President and CEO of Hollywood Presbyterian Medical Center Allen Stefanek wrote in a statement published by the hospital late Wednesday. "All clinical operations are utilizing the EMR system. All systems currently in use were cleared of the malware and thoroughly tested. We continue to work with our team of experts to understand more about this event."

The first signs of trouble at HPMC came on February 5, when hospital employees reported being unable to get onto the hospital's network. "Our IT department began an immediate investigation and determined we had been subject to a malware attack," Stefanek wrote. "The malware locked access to certain computer systems and prevented us from sharing communications electronically."

In an interview with Yahoo News chief investigative correspondent Michael Isikoff published today, National Security Agency director Michael Rogers declared that the terrorists involved in last November's attacks in Paris used at least some encrypted communications to plan their actions, preventing NSA from being able to warn French officials in advance. Because of encrypted communications, he said, "we did not generate the insights ahead of time. Clearly, had we known, Paris would not have happened."

Rogers did not explicitly re-launch the campaign waged by FBI director James Comey to force technology companies to provide a "golden key" to encrypted communications. Rogers called encryption "foundational to our future" and added that arguing over encryption backdoors was "a waste of time." But he did say that encryption was making the job of the NSA and law enforcement more difficult.

The interview comes shortly after the FBI won an order requiring Apple to provide technical means to bypass the security measures preventing them from unlocking the iPhone 5C belonging to Syed Rizwan Farook. Farook, along with his wife, are responsible for the December mass shooting in San Bernardino, California.