It’s late summer, which means it’s Black Hat and DefCon week! Hackers, researchers, cybersecurity companies, and government officials descended on Las Vegas for two of the world’s biggest security conferences. A huge amount of news has come out of the event, and we’ve been all over it.
For starters, a researcher revealed it is possible to hack into Elon Musk’s Starlink terminals using just $25 worth of hardware. The flaw is one of the first major vulnerabilities found in the satellite internet device. And the Ofrak reverse engineering tool, which allows firmware analysis of IoT devices, was finally released—a decade after it was first announced.
Next, we detailed an anti-tracking tool that can tell whether people are following you. We looked at how Android’s red team broke into the Pixel 6 before it was released and discovered multiple critical bugs. And we examined the API flaws in some of the biggest 5G and IoT platforms that companies aren’t taking seriously enough.
There’s more: We highlighted a “disturbing” uptick in flawed software patches and notifications, a macOS vulnerability that gave a researcher full access to a machine’s files, and exposed a zero-day vulnerability in Zoom for MacOS.
Last but not least, we broke the news of the US government naming and shaming members of the Conti ransomware gang for the first time.
This week’s security news didn’t just come out of Vegas, however. Facebook handed over data to cops in June after it received a warrant in an abortion-related case, leading to criticism for not protecting more people’s messages with end-to-end encryption. Soon after those reports—although Meta says it was not related—the company rolled out more encryption on Messenger.
In recent months there’s been a rise in supply chain attacks against open source code, which makes up key parts of thousands of apps and services. However, when much of this code is downloaded it isn’t verified as official before it is used in apps. So starting this week, GitHub is moving to roll out code signing that will protect open source projects.
That’s not all though. In a news-filled week, we looked at the big takeaways from the FBI’s raid on Donald Trump’s Mar-a-Lago Florida home. As WIRED contributing editor Garrett M. Graff writes: “The bottom line of Monday’s search is that the FBI and the Justice Department must have been inordinately clear that they had the goods—and someone’s legal trouble is just beginning.” And after news broke that FBI agents were reportedly searching Mar-a-Lago for “nuclear documents,” Graff explained what the heck that might mean. According to the search warrant, Trump is under investigation for potentially obstructing a federal procedure and possibly violating the Espionage Act—a flawed law used to charge both former NSA contractor Reality Winner and WikiLeaks founder Julian Assange.