Tesla is in the news again this week, but this time it has nothing to do with fires or Twitter or Elon Musk smoking weed. Instead, it’s because hackers figured out how to steal a Tesla Model S by cloning its key fob. WIRED’s resident car-hacking reporter Andy Greenberg broke that news, and explains why the attack might also work on cars from McLaren and Karma.
Lily Hay Newman has the behind-the-scenes story on how hackers got past British Airways defenses in August, plus an alarming report about how a decade-old technique can break the encryption of just about any computer. Yikes.
Former US Secretary of Defense Ash Carter wrote an op-ed in WIRED Friday arguing that big tech and the government have to find a way to work together or everyone will be screwed. And Trump introduced a new executive order aimed at election interference, but we explain why it’s more a bandaid than a cure.
Plenty of other things happened in the security world this week, too. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Some Apps Geared Toward Kids Are Tracking Their Location
Data tracking is creepy. But data tracking children? Much worse. This week, New Mexico's attorney general filed a lawsuit against Tiny Lab, an app developer behind games like Fun Kid Racing, as well as advertising companies including Google and Twitter, alleging that they violated children’s privacy laws by tracking and sharing data for users under the age of 13. When New York Times reporters looked at other apps aimed at young kids on both Google Android and Apple iOS, they found more examples that potentially violate privacy laws by sending children's data to tracking companies. All of this might not surprise you. As the Times notes, it's also in line with academic research that found thousands of Android games and apps for kids shared their data with outside companies in possible violation of the Children’s Online Privacy and Protection Act.
The State Department Is Less Secure Than WIRED’s Twitter Account
A bipartisan group of senators sent Secretary of State Mike Pompeo a letter this week asking him why on earth the State Department hasn’t instituted basic cybersecurity best practices. According to CNET, the senators are concerned that a recent inspection found only 11 percent of the department's required devices have multi-factor authentication enabled. Which is crazy. Nation state hackers all over the world would love to get access to accounts and devices at State. The least American leaders could do to protect the country from prying eyes is follow some rudimentary security tips.
EU Law Would Fine Tech Firms if Terror Propaganda Isn’t Removed Fast Enough
A proposed law in the European Union would require social media platforms and tech companies to remove terror propaganda from their sites within one hour of it being reported to them. If they failed to do so, the companies would face fines up to 4 percent of their worldwide revenue, according to the Wall Street Journal. That would be, uh, a lot: for Alphabet, $4.43 billion; Facebook, $1.63 billion. EU member states still need to sign off, as does the parliament. In the meantime, social networks like Facebook and YouTube are working to improve their moderation systems. Last May, Facebook reported that in Q1 of 2018, nearly 100 percent of the terror-related content it removed had been flagged by the company before users reported it.
Google’s Sketchy Location Tracking Under Investigation in Arizona
Last month, the Associated Press reported that Google was still tracking you even after you turned off location tracking in Google Maps or on your Android device. (We explained how to go about actually turning it off.) People were outraged and felt misled. Now the Arizona attorney general is investigating the matter, according to the Washington Post.
UK Spying Practices Found in Violation of European Law
The European Court of Human Rights ruled on Thursday that the UK’s mass surveillance practices violated human rights law. Those practices came to light in 2013, when Edward Snowden revealed that intelligence agencies in the UK were collecting social media, messages, and phone calls, including people not under suspicion for any crimes. The court found that the program violated the right to privacy, according to Gizmodo, due to "insufficient oversight."