RISKS-LIST: Risks-Forum Digest Tuesday 11 October 2022 Volume 33 : Issue 48

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.48>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Hospital networks computer outage in Pacific North West (Seattle Times)
Rivian recalls 13,000 EVs due to potential steering control problem
(Engadget)
Russian hackers attack US airport Websites (NPR)
Electronic gaming can trigger potentially lethal heart rhythm problems in
susceptible children (Medical Press)
Lufthansa Says Passengers Can't Use Apple AirTags to Track Checked Bags
(NYTimes)
Binance is hit by a $570M hack (Ephrat Livini)
Cleaning up Cryptomining (Ben Arnoldy)
Meta warns 1 million Facebook users their login info may have been
compromised (WashPost)
How a DJI Mini drone enabled a $147,000 ATM robbery (Dronedj)
Presumptions of Intercontinental Broadband Availability are a significant
business risk (RLGSC)
The Problem With Mental Health Bots (WiReD)
Uber bill for 35,000 GBP (Nick Brown)
Unpatched Zimbra flaw under attack is letting hackers backdoor servers
(Ars Technica)
A physical DDoS attack on the Australian Postal system (Auspost)
iPhones with iOS 14 call 911 from rollercoasters (The Verge)
iPhones calling 911 from owners' pockets on rollercoasters (Paul Cornish)
Are school "SWATting" calls discord attacks? (NPR)
AI-driven 'thermal attack' system reveals computer and smartphone passwords
in seconds (Techxplore)
Linux kernel 5.19.12 code could cause permanent damage to some laptop
displays (Ars Technica)
A judge has decided that jurors who are asked to decide whether a man killed
his wife in New Jersey will not be told that he was convicted earlier of
having killed his first wife in Ohio (WFMJ)
Twitter in China (Lauren Weinstein)
Re: Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related Deaths
(Barry Gold)
Re: Automakers are ignoring the simple solution to the rise of traffic
deaths (Wol)
Re: Automatic emergency braking is not great at preventing crashes at normal
speeds (Steve Lamont)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 11 Oct 2022 01:25:30 +0000 ()
From: danny burstein <dannyb@panix.com>
Subject: Hospital networks computer outage in Pacific North West
(Seattle Times)

No one's talking about what's going on.

Seattle-area patients frustrated by days of system outages at Virginia Mason
Franciscan Health facilities

8 Oct 2022 at 4:55 pm Updated Oct. 9, 2022 at 1:24 pm

Shaun D'Sylva was trying to get a handle on his stepfather's medical care
this past week by logging in to MyChart, a patient portal used by medical
providers for users to track appointments, test results, medications and
other health records.

The website wouldn't load.

Hospital-wide system outages, stemming from an IT security issue reported
by Virginia Mason Franciscan Health's parent company, have led to several
days of disruptions for patients and providers at VMFH facilities
throughout Puget Sound, with no estimated restoration date. Along with
outages of the MyChart system, appointments were canceled or rescheduled,
some with no notice because schedulers couldn't look up patients' contact
information in a database.

CommonSpirit Health, the company affiliated with 10 VMFH hospitals
throughout the Puget Sound region, said it has identified the security
issue but hasn't provided additional details on who or what may have
caused the issue.

CommonSpirit Health has 140 hospitals in 21 states and was created in 2019
when Catholic Health Initiatives and Dignity Health merged, according to
its website. It's unclear how many facilities have been affected, though
several have reported disruptions. In Iowa, ambulances were diverted from
MercyOne Des Moines Medical Center's emergency department because of a
system shutdown.

https://www.seattletimes.com/seattle-news/health/seattle-area-patients-frustrate
d-by-days-of-system-outages-at-virginia-mason-franciscan-health-facilities/

------------------------------

Date: Mon, 10 Oct 2022 14:42:58 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Rivian recalls 13,000 EVs due to potential steering control problem
(Engadget)

https://www.engadget.com/rivian-recall-13000-ev-steering-control-problem-095548602.html

------------------------------

Date: Tue, 11 Oct 2022 02:58:47 -0700
From: Rob Slade <rslade@gmail.com>
Subject: Russian hackers attack US airport Websites (NPR)

Killnet, a pro-Russian hacker group, called for hackers to mount a DDoS
(Distributed Denial of Service) attack against various American airport
Websites. A number of them were subsequently partially or fully
unavailable for a few hours.

This attack is part of a series of such attacks by Killnet, in opposition to
the US support of Ukraine following the Russian invasion, and may have been
prompted by the damage to the Kerch bridges.

Although the unavailability of the airport Websites may have been
inconvenient for travelers and friends wishing to check flight departure
and arrival times, no impact was seen on air operations, and the flight
information would have been available from other sources.

https://www.npr.org/2022/10/10/1127902795/airport-killnet-cyberattack-hacker-russia

------------------------------

Date: Tue, 11 Oct 2022 23:53:26 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Electronic gaming can trigger potentially lethal heart rhythm
problems in susceptible children (Medical Press)

https://medicalxpress.com/news/2022-10-electronic-gaming-trigger-potentially-let
hal.html

"The investigators performed a systematic review of literature and initiated
a multisite international outreach effort to identify cases of children with
sudden loss of consciousness while playing video games. Across the 22 cases
they found, multiplayer war gaming was the most frequent trigger. Some
children died following a cardiac arrest. Subsequent diagnoses of several
heart rhythm conditions put the children at continuing risk.
Catecholaminergic polymorphic ventricular tachycardia (CPVT) and congenital
long QT syndrome (LQTS) types 1 and 2 were the most common underlying
causes."

------------------------------

From: Jan Wolitzky <jan.wolitzky@gmail.com>
Date: Tue, 11 Oct 2022 19:37:19 -0400
Subject: Lufthansa Says Passengers Can't Use Apple AirTags to Track
Checked Bags (NYTimes)

It appears to be the sole airline saying that international standards don't
allow passengers to use the Bluetooth devices in the cargo hold. Apple said
that regulators allow their use for all baggage.

https://www.nytimes.com/2022/10/11/travel/lufthansa-apple-airtags-luggage.html

------------------------------

Date: Sat, 8 Oct 2022 20:02:11 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Binance is hit by a $570M hack (Ephrat Livini)

Ephrat Livini, *The New York Times*, 8 Oct 2022

Binance, the world's biggest crypto[currency] exchange, confirmed that $570
million had been stolen in a hack of a blockchain it runs that serves as a
bridge for asset transfers between networks. The attack on the Binance
Smart Chain network highlighted weaknesses in decentralized finance (DeFi),
where transactions are controlled by code. [...]

Vitalik Buterin, one of the founders of the Ethereum network -- and the
second-most popular cryptocurrency, Ether -- has been a vocal critic of
cross-chain bridges, noting that they have "fundamental security limits."

------------------------------

Date: Mon, 10 Oct 2022 12:47:34 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Cleaning up Cryptomining

Ben Arnoldy, Cleaning up Crypto, Earthjustice, Fall 2022, pp. 22--31
Some cryptocurrencies are using so much energy that they are bringing
dirty power plants out of retirement.

How CRYPTO is heating the Planet:

Miners around the world compete:
125,988,000,000,000,000,000,000 guesses

All of these guesses use about as much as 11 million U.S. homes.
The carbon footprint equals nearly 16-million cars on the road.
Most of that electricity comes from fossil fuels,
First miner to guess correctly gets 6.25 Bitcoins or $133,241 at press time.

------------------------------

Date: Sat, 8 Oct 2022 07:51:46 -0400
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Meta warns 1 million Facebook users their login info may have been
compromised (WashPost)

Facebook parent Meta is warning 1 million users that their login information
may have been compromised through malicious apps.

Meta's researchers found more than 400 malicious Android and Apple iOS apps
this year that were designed to steal the personal Facebook login
information of its users, the company said Friday in a blog post. Meta
spokesperson Gabby Curtis confirmed that Meta is warning 1 million users who
may have been affected by the apps.