Tech Brew Ride Home - Thu. 03/31 – Hackers Forging Emergency Data Requests

Episode Date: March 31, 2022

Another day of all the hacking news. Now the hackers are forging Emergency Data Requests. Apparently there have been vulnerabilities in Wyze security cameras that no one bothered to fix. TSMC warns of... a tech slowdown. Masa Son orders his lieutenants to slow down investing just a bit. And yes, burrito delivery by drone, but probably more impressive is FedEx getting into the drone game. Sponsors: Linode.com/techmeme Links: Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests (Bloomberg) Wyze Cam flaw lets hackers remotely access your saved videos (BleepingComputer) Google Search’s new highly cited label helps you get to the source of a story (The Verge) TSMC says demand for smartphones, PCs starting to slow (Nikkei Asia) SoftBank to slow investments following crash in tech holdings (FT) Look up: Your burrito is arriving by drone (Axios) FedEx will test autonomous cargo flights next year (Engadget) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the tech meme right home for Thursday, March 31st, 2022. I'm Brian McCullough today. Another day of all the hacking news. Now the hackers are forging emergency data requests. And apparently there have been vulnerabilities in wise security cameras that no one bothered to fix. TSM warns of a tech slowdown. Masasan orders his lieutenants to slow down investing. And yes, burrito delivery by drone, but probably more impressive is FedEx getting into the drone game. Here's what you missed today in the the world of tech. Seems like every week for the last month or so, there's been one day where half of the stories on the show could be about hacks. Today is no different. I could tell you about how
Starting point is 00:01:17 IT and software developer, Globent, says its code repo was partially breached after Lapsis shared 70 gigabytes of allegedly stolen data. Globent's stock closed down 10% on that news. I could also go more in depth about bridge-related hacking, like we saw with Axy Infinity yesterday and how apparently more than $1 billion has been stolen in just the last year via bridge hacks. But let's stick to these two headlines for now. Sources say Apple and meta gave user data to hackers in response to forged emergency data requests. Discord also says it has also fulfilled a forged legal request, quoting Bloomberg. Apple and meta provided basic subscriber details such as a customer's address, phone number, and IP address in mid-2020
Starting point is 00:02:07 in response to the forged emergency data requests. Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to people familiar with the matter. However, the emergency requests don't require a court order. Snap received a forged legal request from the same hackers, but it isn't known whether the company provided data in response. It's also not clear how many times the company's provided data prompted by forged. legal requests. Cyber security researchers suspect that some of the hackers sending the forge requests are minors located in the UK and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsis, which hacked Microsoft, Samsung, and Invidia, among others, the people
Starting point is 00:02:49 said. City of London police recently arrested seven people in connection with an investigation into the Lapsis hacking group. The probe is ongoing. Law enforcement around the world routinely asks social media platforms for information about users as part of criminal investigations. In the U.S., such requests usually include a signed order from a judge. The emergency requests are intended to be used in cases of imminent danger and don't require a judge to sign off on it. Hackers affiliated with a cybercrime group known as Recursion Team are believed to be behind some of the forged legal requests, which were sent to companies throughout 2021, according to three people who are involved in the investigation. Recursion team is no longer active, but many of its members continue to carry out hacks under different names,
Starting point is 00:03:32 including as part of lapses, the people said. The information obtained by the hackers using the Forge legal requests has been used to enable harassment campaigns, according to one of the people familiar with the inquiry. The three people said it may be primarily used to facilitate financial fraud schemes. By knowing the victim's information, the hackers could use it to assist in attempting to bypass account security. The Forge requests were made to appear legitimate. In some instances, the documents included the forged signatures of real or fictional law enforcement officers, according to two of the people. By compromising law enforcement email systems, the hackers may have found legitimate legal requests and used them as a template to create forgeries,
Starting point is 00:04:10 according to one of the people. In every instance where these companies messed up, at the core of it, there was a person trying to do the right thing, said Allison Nixon, chief research officer at the cyber firm Unit 221B. I can't tell you how many times trust and safety teams have quietly saved lives because employees had the legal flexibility to rapidly respond to a tragic situation unfolding for a user, she said, end quote. And according to bleeping computer, home camera maker Wise, has been aware of several vulnerabilities in its home security cameras for months or even years without fixing them, despite being warned by Bit Defender.
Starting point is 00:04:53 A Wise cam, internet camera vulnerability allows unauthenticated remote access to videos and images stored on local memory cards and has remained unfixed for almost three years. The bug, which has not been assigned a CVE ID, allowed remote users to access the contents of the SD card in the camera via a web server listening on Port 80 without requiring authentication. Upon inserting an SD card on the Wise Cam IOT, a SIM link to it is automatically created in the WWW directory, which is served by the web server but without any access restrictions. The SD card typically contains video, images, and audio recordings, but can include various other information the user may have saved on the SD card. The card also stores all the log files of the device, which contain the UID and the ENR.
Starting point is 00:05:42 Their disclosure may result in unobstructed remote connections to the device. The flaw was discovered and reported to the vendor by researchers at Bit Defender in March 2019, along with another two vulnerabilities, an authentication bypass and a remote control execution flaw. considering that internet-connected devices are typically used according to the set and forget mindset, most WISE cam owners might still be running a vulnerable firmware version. To locate trustworthy firmware updates for your camera model, check out the available releases on Wise's official download portal. It should be noted that the security updates have been made available only for the Wise Cam V2
Starting point is 00:06:19 and V3 released in February 2018 and October 2020, respectively, and not for Wise Cam V1 released in August 26. The older model has reached end of life in 2020, and since Wise hadn't fixed the issue until then, those devices will remain vulnerable to exploitation forever, end quote. Google has announced new highly cited labels for search results available soon in the U.S. on mobile and in the coming weeks globally, quoting the verge. Anything from local news stories to interviews, announcements, and even press releases will be eligible for the new label being added to the search results preview image,
Starting point is 00:07:00 so long as other websites are linking to it. More info is also being added to searches rapidly evolving topics and about this result notices. The search giants hope is that its highly cited label will help highlight original reporting, which can include important contexts that's stripped out when a story gets picked up more widely. But it should also be helpful to find press releases
Starting point is 00:07:21 where you can get information directly from companies themselves. Google says it hopes the label will help readers find, quote, the most helpful or relevant information for a news story, It'll launch soon in the U.S. on mobile for English-speaking users and will start appearing globally in the coming weeks. Alongside the highly cited label, Google is expanding its attempts to help search users critically evaluate the results they're being shown. The notice it shows on searches relating to rapidly evolving topics will now remind users to check whether a source is trusted or simply tell them to come back later when more information is available. This change is launching today for English searches in the U.S., end quote. Actually, if you know the history of Google's search technology generally, there's something poetic
Starting point is 00:08:04 about them coming full circle back to using citations to determine authority. TSM Chairman Mark Liu says consumer demand for smartphones, PCs, and TVs is slowing down, especially in China as the cost of components and materials rise, quoting Mac rumors. TSMC or Taiwan Semiconductor manufacturing company is one of Apple's main suppliers responsible for the AC. series and M-series chips that go in Apple devices. Liu's comments were delivered at the Taiwan Semiconductor Industry Association and were shared by Niki. Consumer interest in smartphones is falling in China specifically, with Liu also warning about the rising costs of components and materials. Production costs are going up for chip companies, and Liu believes the, quote, pressure could
Starting point is 00:08:53 eventually be passed on to consumers, a scenario that could also see demand impacted by higher costs. Quoting Liu directly, everyone in the industry is worried about rising costs across the overall supply chain. The semiconductor industry already and directly experienced that cost increased, Leo said, adding that the industry is also concerned about macroeconomic uncertainties this year. Leo also said that TSM is not changing its growth targets and is still unable to meet customers' demand with its current capacity. TSM plans to reorganize and prioritize orders for, quote, areas that still see healthy demand, end quote. Signs of a dip in customer demand surface this week amid rumors that Apple is planning to
Starting point is 00:09:32 cut iPhone SE production. Just weeks after releasing the iPhone SE, Apple allegedly told suppliers that it wants to cut back on iPhone SE production by as much as 2 to 3 million units because of a, quote, weaker than expected demand, though, some suppliers have refuted this report, end quote. Sources are telling the Financial Times that Masayoshi Son has told his soft bank leadership team that the company needs to slow down investing amid the Ukraine war following tech stocks and China's crackdown on tech companies generally, quoting FT. The Japanese billionaire made the remarks to his leadership team at a recent meeting, according to people briefed on the discussions, as the group responds to the massive hit to the value of its holdings in recent months.
Starting point is 00:10:20 Rising interest rates and the war in Ukraine have ravaged its holdings and the plummeting value of its China investments served as a stark reminder of how Sons' personal fortunes have become entwined with the company he founded and its $100 billion fund beholden to the global appetite for tech risk. The estimated write-down at the Japanese group for this quarter stood at $30 billion, although a recent uptick in some shares meant it was now closer to around $20 billion, the people said. Valuations for Chinese companies listed overseas have collapsed, said one person close to SoftBank's China team. We don't expect a turnaround anytime soon. One person familiar with the company's plans added that SoftBank is pushing to raise cash
Starting point is 00:10:58 and is evaluating assets that could be liquidated. During the sell-off, Son became alarmed over his personal borrowings against SoftBank shares, people close to him said. SoftBank declined to comment. Some analysts believe SoftBank should be able to weather the storm, pointing to an estimated $23 billion in cash on hand held by the group. That, according to New Street research, is enough to, quote, cover interest, bond redemptions and a potential $6 billion dollar Alibaba margin call and continue the share buyback program and fresh investments, although at a slower pace. SoftBank's financial policy also includes having a cash position covering bond redemptions for at least the next two years. The Saudi Arabia and Abu Dhabi-backed
Starting point is 00:11:36 Vision Fund was originally intended to be the first in a string of funds run by SoftBank's investment arm. Its image was severely dented by its freewheeling culture, and after some of its high-profile bets, including one on Office Sharing Group WeWork imploded. For its second Vision Fund, SoftBank failed to raise outside money. SoftBank's shares have fallen more than 40% in the last year, a metric showing its net debt compared to the value of its holdings, closely monitored, by Son as a gauge of the company's financial health has jumped from under 10% in mid-2020 to 22% creeping close to the 25% threshold, Son has vowed to not cross, in quote, normal times, end quote. And finally today, yes, thank you all of you who sent me the article about Flytrex,
Starting point is 00:12:24 the Israeli startup that is partnering with restaurants in Texas to literally make burrito delivery by flying drones possible, quoting Axios. Co-founder and CEO Yarev Bash describes FlyTrek's service as DoorDash, but with drones. Customers use the FlyTrek's app to place their order from the menus of participating restaurants. In Granbury, Texas, they're starting with it's just wings. FlyTrek's employees working out of a parking lot, grab the food, clip the bag to a cable, and load it into the drone delivery box. It can handle up to 6.6 pounds, enough for a family meal of burgers, fries, and beverages,
Starting point is 00:13:00 or a motherload of wings. The drone flies autonomously to the destination, which must be within a mile of the takeoff location, while a trained drone operator monitors the flight. Upon arrival, the drone hovers around 80 feet off the ground, lowers the bag to the ground, via cable, then releases the clip. Hangary customers never interact directly with the drone. Flight Trek's expansion into Texas comes on the heels of it, receiving a waiver from the Federal Aviation Administration to expand its service to 10,000
Starting point is 00:13:28 homes across North Carolina, end quote. Now, initially, I didn't think that that was really enough of a story to merit a full segment about, but when I combined that with this, it crossed my minimum viable segment bar, because I can see this eventually becoming standard and common. FedEx has announced that it has partnered with a startup called Elroy Air to trial the Chaparral C-1 Autonomous Vertical Takeoff and Landing or VTOL drone, which can carry up to 500 pounds to move packages between FedEx Depos and also in Texas, starting next year, quoting in Gadget.
Starting point is 00:14:08 Elroy Air unveiled the Chaparral C-1 drone in January. The company claims the hybrid electric system has a range of up to 300 miles and can carry a load of up to 500 pounds in its cargo pod, so FedEx would need a lot of them if it plans to eventually replace planes. The drone has 12 electric motors and 12 propellers. FedEx noted in a press release that the Chaparral C-1 doesn't need specific infrastructure like an airport or dedicated charging station. It added that adopting the aircraft lines up with its goal of making operations carbon neutral by 2040. The companies have been collaborating for over two years and they're working on securing certifications to use the Chopperall C-1 commercially.
Starting point is 00:14:46 All going well, the plan is to start test flights in 2023 in Fort Worth, Texas. Autonomous cargo flights could enable FedEx to move packages between sorting centers more efficiently than by on-the-ground transportation. The Chaparral C-1 is in a pre-production phase. The cruise speed is unknown as of yet. If it works as promised, FedEx would be able to fly cargo by drone from Fort Worth to Oklahoma City, end quote. Not sure if I've ever mentioned this before, but the only real job in quotes that I ever had before starting my first company was the six months that I spent on the loading dock at a FedEx location in Florida. And it's not all about shipping everything by plane to Tennessee to the central hub in Memphis, we would often load cargo into trucks that would
Starting point is 00:15:33 just drive, you know, three hours or so up the interstate to a place like Orlando. So I can see this being very, very useful to a company like FedEx. For years, I've been saying this on Twitter, but for years, one of my professional aspirations has been to go on one of those movie recap podcasts and talk about my favorite movie of all time, which is Glenn Gary, Glenn Ross. But I just heard Brian Copleman do just that. He went on DoonPod to talk Glenn Gary, and he did it miles better than I ever could have. So I guess now, if anybody wants to have me on their movie podcast to recap my second favorite movie, Miller's Crossing, that's all I've got left, but I am available, though, I suppose I'm probably qualified
Starting point is 00:16:27 to talk about any of those recent WeWork, Uber, or Serenos shows to. frankly, it's been a while since I've guested on another podcast. So if there's a podcast you love that takes a guess and you'd think they'd have me on to talk about something tech-related, not just movie tech-related, pitch me to the hosts. It should probably be getting out there more. Talk to you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.