RISKS-LIST: Risks-Forum Digest Friday 27 May 2022 Volume 33 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.23>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
3+ Years Later and Millions of U.S. Patient X-Rays are Still Exposed to
Internet by Insecure PACS Servers" (Shawn Merdinger)
Artificial intelligence predicts patients' race from their medical images
(medicalxpress.com)
Touch Screens in Cars Solve a Problem We Didn't Have (Jay Caspian Kang)
Autonomous vehicles can be tricked into dangerous driving behavior
(techxplore.com)
Could contact lenses be the ultimate computer screen? (bbc.com)
Accused of Cheating by an Algorithm, and a Professor She Had Never Met
(NYTimes)
'Tough to Forge' Digital Driver's License Actually Easy to Forge
(Dan Goodin)
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a
Message (geoff goodfellow)
Cyber-attacks could jeopardize global food supplies (techxplore.com)
Crypto is a solution in search of a problem (WashPost)
How Influencers Hype Crypto, Without Disclosing Their Financial Ties
(NYTimes)
Researchers Find Backdoor in WordPress Plugin for Schools (Dan Goodin)
Scientists Learn to Kill Cyberattacks in Less Than a Second (Cardiff)
Vigilante scratching out QR codes on illegally parked scooters around Denver
(KMGH-TV)
Apple shipped me a 79-pound iPhone repair kit to fix a 1.1 ounce battery
(The Verge)
A Face Search Engine Anyone Can Use Is Alarmingly Accurate (NYTimes)
A tale of 31 burgers ordered from DoorDash by a 2-year old (WashPost)
Russia's laser weapon claim derided as propaganda (BBC News)
Russian Botnet Can Spam Social Media on 'Massive Scale' (Gizmodo)
This Hacktivist Site Lets You Prank Call Russian Officials (WiReD)
Is your face gay? Conservative? Criminal? AI researchers are asking the
wrong questions (Trenton W. Ford)
Grief fraud (Rob Slade)
ACM makes back archives available for free (Lauren Weinstein)
Cybercriminals target metaverse investors with phishing scams (CNBC)
'Elon Musk's Crash Course' shows the tragic cost of his leadership (NPR)
Re: ACM, Ethics, and Corporate Behavior (Richard Stein)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 19 May 2022 20:25:19 -0400
From: Shawn Merdinger <shawnmer@gmail.com>
Subject: 3+ Years Later and Millions of U.S. Patient X-Rays are Still
Exposed to Internet by Insecure PACS Servers"

Some readers might find this of interest.

https://www.linkedin.com/pulse/3-years-later-millions-us-patient-x-rays-still-pacs-shawn-merdinger/

------------------------------

Date: Sun, 22 May 2022 12:27:12 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Artificial intelligence predicts patients' race from their medical
images (medicalxpress.com)

https://medicalxpress.com/news/2022-05-artificial-intelligence-patients-medical-images.html

"For example, the bone density test used images where the thicker part of
the bone appeared white, and the thinner part appeared more gray or
translucent. Scientists assumed that since Black people generally have
higher bone mineral density, the color differences helped the AI models to
detect race. To cut that off, they clipped the images with a filter, so the
model couldn't color differences. It turned out that cutting off the color
supply didn't faze the model -- it still could accurately predict
races. (The "Area Under the Curve" value, meaning the measure of the
accuracy of a quantitative diagnostic test, was 0.94–0.96). As such, the
learned features of the model appeared to rely on all regions of the image,
meaning that controlling this type of algorithmic behavior presents a messy,
challenging problem."

Ethnic identity detection and determination via AI-enhanced diagnostic image
analysis may be applied to marginalize patient populations that postpone or
deny effective medical treatments.

------------------------------

Date: Tue, 24 May 2022 00:29:23 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Touch Screens in Cars Solve a Problem We Didn't Have
(Jay Caspian Kang)

Jay Caspian Kang, *The New York Times*, from a Subscriber-only Newsletter
https://www.nytimes.com/2022/05/23/opinion/touch-screens-cars.html

Despite my best efforts to stay young at heart, I have somehow reached the
point in my life - 42 years old, dad, mostly sedentary -- where I feel
perpetually assaulted by small changes in my daily routine.

This was certainly an expected development, but one I feel relatively
powerless against. And because I believe that a writer should age with his
audience (nothing is sadder than a columnist who spends a clueless decade or
so pretending like he's still one of the cool kids), I want to introduce
what will be a recurring segment in this newsletter. The official name is
still pending, but a good working title might be "Get Off My Lawn: A
42-Year-Old Dad Complains About Change." I make no promises about how often
these pieces will appear, but I hope to treat it like a Quaker meeting in
which I will speak when the spirit of small grievances moves me.

Today, I want to talk about the oversized touch screen in my Subaru Outback.
All my car's important functions, which once were controlled by perfectly
serviceable buttons, have now been relegated to a matrix of little boxes on
a glowing screen. And of course the screen does not even really comply with
my commands. Instead, it randomly changes its brightness and then
disconnects my phone at the exact moment when I actually need to look at the
navigation map.

https://www.nytimes.com/2022/05/23/opinion/touch-screens-cars.html

------------------------------

Date: Fri, 27 May 2022 07:20:32 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Autonomous vehicles can be tricked into dangerous driving behavior
(techxplore.com)

https://techxplore.com/news/2022-05-autonomous-vehicles-dangerous-behavior.html

"When a driverless car is in motion, one faulty decision by its
collision-avoidance system can lead to disaster, but researchers at the
University of California, Irvine have identified another possible risk:
Autonomous vehicles can be tricked into an abrupt halt or other undesired
driving behavior by the placement of an ordinary object on the side of the
road."

Without human-like, contextual interpretation and reasoning, an AV's CAS
cannot discriminate a cardboard box from a concrete block.

When an obstacle appears, the CAS will try to determine an avoidance path as
a deterministic outcome -- if there's no traffic in other lanes.

At highway speed with following traffic, a CAS stop-decision is dangerous.
The trolley problem at work.

[A scaredy-car?!]

------------------------------

Date: Fri, 20 May 2022 13:37:52 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Could contact lenses be the ultimate computer screen? (bbc.com)

https://www.bbc.com/news/business-61318460

Who wouldn't want the programmable super-eyesight of the "Cyborg" in Martin
Caidin's novel? Programmable contact lenses are under development. These
devices, hardware and apps, might one day be available off-the-shelf in your
supermarket or drugstore to imbue you with visual acuity rivaling "The 6
Million Dollar Man."

But more than vision enhancement, these eye-wearable plugins (eye-ins?) will
monitor your vital signs, live-stream your field of view, enable wireless
GUI navigation...the eye is the limit.

The US Centers for Disease Control estimates ~45M people in the US wear
contact lenses everyday.
https://www.cdc.gov/contactlenses/fast-facts.html retrieved on 20MAY2022.

Contact lenses are generally safe medical devices, but can injure (corneal
ulcers, keratitis, etc.), and also malfunction (lens crack, deformation,
scratch, etc.).

Patient death-by-contact lens medical device reports are not revealed by
searching the FDA MAUDE system between 01JAN2017 and 29APR2022 for product
codes LPL and LPM.

The Johnson and Johnson Vision Care Inc. recall of 27MAR2018 included 3
classes of daily wear contacts affecting ~500K lenses. See the LPL product
code records below. Other manufacturer recall notifications, which I did not
inspect in detail, apparently affect smaller numbers of lenses (generally).

MEDICAL DEVICE REPORTS PRODUCT CODE LPL -- lenses, soft contact, daily wear;
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=4497&min_report_year=2017

MDR Year,MDR Reports,MDR Events
2017,280,280
2018,257,257
2019,204,204
2020,117,117
2021,109,109
2022,40,40

RECALLS:

Manufacturer,Recall Class,Date Posted
Alden Optical,II,Mar-13-2018
Chengdu Ai Qin E-commerce Co., Ltd,II,Jul-27-2020
Clerio Vision,II,Apr-05-2021
Clerio Vision,II,Jan-08-2021
CooperVision Inc.,II,Jul-27-2021
Johnson & Johnson Vision Care, Inc.,II,Jun-16-2021
Johnson & Johnson Vision Care, Inc.,II,Apr-11-2019
Johnson & Johnson Vision Care, Inc.,II,Aug-23-2018
Johnson & Johnson Vision Care, Inc.,II,Mar-27-2018
The See Clear Company,II,Mar-03-201