RISKS-LIST: Risks-Forum Digest Saturday 27 August 2022 Volume 33 : Issue 42

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.42>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Another Post-Quantum approach bites the dust. VERY CLEVER.
(Quantum Magazine)
The Crypto[currency] World Can't Wait for Ethereum's Merge (The NY Times)
5G Networks Are Worryingly Hackable (Edd Gent)
The next wave of wireless security worries: API-driven (Light Reading)
Eight-Year-Old Linux Kernel Vulnerability Uncovered (Ravie Lakshmanan)
Experimental Attack Can Steal Data from Air-Gapped Computers (Carly Page)
Tesla demands video of cars hitting child-size mannequins be taken down
(WashPost)
Why are Tesla fanatics putting their children in the path of moving
cars? (Arwa Mahdawi)
Scanning students' homes during remote testing is unconstitutional -- judge
says (Ars Technica)
Congress approved $386 million to retrain veterans. Only 397
benefited. (WashPost)
Weaponizing Middleboxes for TCP Reflected Amplification (Geoff Goodfellow)
Keeping Up With the Vacuum Cleaners (Rob Slade)
Let's think step by step in ML Reasoning (via Tom Van Vleck)
3D gun printing operation busted in Calgary (Jose Maria Mateos)
Danger: Metaverse Ahead! -- Part 2 (Rob Slade)
Dangers of the Metaverse -- Part 2b: "White voice?" (Rob Slade)
Re: Startup uses AI to transform call center workers' accents into
"white voice" (Gabe Goldberg)
Re: A Janet Jackson Song Could Crash Windows XP Laptops (Steve Bacher)
Re: Scans of Students' Homes During Tests Are Deemed Unconstitutional
(Gabe Goldberg)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 25 Aug 2022 16:44:03 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Another Post-Quantum approach bites the dust. VERY CLEVER.
(Quantum Magazine)

Second of the proposed post-quantum crypto approaches for NIST to consider,
that has been broken on relatively small and cheap hardware (a laptop) in
minutes or hours.

https://www.quantamagazine.org/post-quantum-cryptography-scheme-is-cracked-on-a-laptop-20220824/

"It's a bit of a bummer", said Christopher Peikert, a cryptographer at
the University of Michigan.

[It's Summer, So maybe its Summer or Bummer cum laude? PGN]

------------------------------

Date: Sat, 27 Aug 2022 16:08:13 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Crypto[currency] World Can't Wait for Ethereum's Merge
(NYTimes)

A long-awaited upgrade to Ethereum, the most popular crypto[currency]
platform, may make the technology more environmentally sustainable. But it
comes with risks.

The cryptocurrency industry has endured a terrible year. A devastating crash
wiped nearly $1 trillion from the market, draining the savings of thousands
of people. Several companies filed for bankruptcy.

Now the industry is fixated on a potential saving grace: a long-awaited
software upgrade to the most popular cryptocurrency platform, Ethereum,
which provides the technological backbone for thousands of crypto-projects.
The upgrade -- known as the Merge -- has gained near-mythical status after
years of delays that left some insiders questioning whether it would ever
happen.

But if all goes according to plan, the Merge will take place around 15 Sep
2022, more than eight years after it was initially discussed. The change
would shift Ethereum to a more energy-efficient infrastructure, addressing
the widespread criticism that crypto[currency]'s climate impact outweighs
its possible benefits. And it would lay the foundation for future upgrades
to reduce the hefty fees required to conduct transactions in Ether, the
platform's signature currency and the second-most valuable digital asset
after Bitcoin.

https://www.nytimes.com/2022/08/26/technology/crypto-ethereum-the-merge.html

------------------------------

Date: Fri, 26 Aug 2022 12:21:17 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: 5G Networks Are Worryingly Hackable

Edd Gent, *IEEE Spectrum*, 24 Aug 2022, via ACM TechNews, 26 Aug 2022

German security researchers determined 5G networks can be hacked, having
breached and hijacked live networks in a series of "red teaming" exercises.
Poorly configured cloud technology made the exploits possible, they said,
and Karsten Nohl at Germany's Security Research Labs cited a failure to
implement basic cloud security. He suggested telecommunications companies
may be taking shortcuts that could prevent 5G networks' "containers" from
functioning properly. The emergence of 5G has escalated demand for
virtualization, especially for radio access networks that link end-user
devices to the network core. Nohl said 5G networks respond to the greater
complexity with more automated network management, which makes exploitation
easier.

https://orange.hosting.lsoft.com/trk/click?refznwrbbrs9_6-2f1abx235868x069445&

------------------------------

Date: Wed, 24 Aug 2022 10:40:01 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The next wave of wireless security worries: API-driven IoT devices

Wireless carriers may be the next cast of characters to learn the hard way
about the security risks created by IoT devices. This warning came in a
recent briefing
<https://www.blackhat.com/us-22/briefings/schedule/#attacks-from-a-new-front-door-in-g--g-mobile-networks-26971>
at the Black Hat information-security conference
<https://www.blackhat.com/us-22/briefings/schedule/> here by Altaf Shaik, a
senior security researcher at Technische Universit=C3=A4t Berlin.

"There is increased threat when it comes to 5G, and the impact is also
quite bigger because here the hacker gets to target the industry and not
just a single user," Shaik said at the start of this 40-minute presentation.
<https://i.blackhat.com/USA-22/Wednesday/US-22-Shaik-Attacks-From-a-New-Front-Door-in-4G-5G-Mobile-Networks.pdf>

The core issue here is 5G's utility in connecting not just people (who stand
to get notable privacy upgrades with 5G, as Shaik explored in a presentation
at last year's Black Hat conference
<https://www.lightreading.com/security/5g-defends-against-imsi-catchers---but-implementation-is-critical/d/d-id/771471>)
but machines. Carriers are now moving to turn that latter feature into new
lines of business
<https://www.lightreading.com/iot/t-mobile-venture-aims-to-bring-uncarrier-simplicity-to-enterprise-iot/d/d-id/775451>
by offering IoT services to businesses that these customers can manage
directly through new APIs.

"For the first time, 4G and 5G networks are trying to bring this network
exposure," Shaik said. "The proprietary interfaces are now changing and
slowly moving to generalized or commoditized technologies like APIs."

"So now any external entity can actually control their smart devices by
using the service APIs and going through the 4G or 5G core network," Shaik
said, citing a Vodafone test of drones in Germany. "This exposure layer
provides APIs and shares information for the drone control center."

Carriers sell these IoT services to businesses (as verified with a tax ID)
willing to buy IoT SIMs in bulk purchases of a thousand or more. These
business customers, in turn, can manage these SIMs through an IoT
connectivity management web interface, with an IoT service platform web
interface providing account-wide controls.

"You can do plenty of stuff, provided you have access to these APIs,"
summed up Shaik.

Open to compromise

However, poorly configured or administered APIs can open the IoT devices of
other customers and even perhaps a carrier's core network to compromise.
For example, an attacker could start by exploiting vulnerabilities "to gain
data of arbitrary users hosted on the same platform," then attempt to
compromise a carrier's application server -- and then possibly "penetrate
from there into the mobile core network, because they are connected," Shaik
continued. [...]

https://www.lightreading.com/iot/the-next-wave-of-wireless-security-worries-api-driven-iot-devices/d/d-id/779825

------------------------------

Date: Wed, 24 Aug 2022 12:08:32 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Eight-Year-Old Linux Kernel Vulnerability Uncovered
(Ravie Lakshmanan)

Ravie Lakshmanan, *The Hacker News*, 22 Aug 2022, via ACM Tech News

Northwestern University researchers have discovered an eight-year-old
vulnerability in the Linux kernel, dubbed DirtyCred, that exploits a
previous unknown flaw to escalate user privileges to their maximum. The
researchers described DirtyCred as "a kernel exploitation concept that swaps
unprivileged kernel credentials with privileged ones to escalate
privilege. Instead of overwriting any critical data fields on kernel heap,
DirtyCred abuses the heap memory reuse mechanism to get privileged." They
added that it "is like the dirty pipe that could bypass all the kernel
protections, [but] our exploitation method could even demonstrate the
ability to escape the container actively that Dirty Pipe is not capable of."