Menu

Timesdelhi.com

March 26, 2019
Category archive

Technology

It’s time to disrupt nuclear weapons

in Column/countries/Delhi/India/London/North Korea/Pakistan/Pentagon/Politics/president/Russia/Social Media Manipulation/TC/Technology/United States by

“Atomic bombs are primarily a means for the ruthless annihilation of cities.”

Those are the words of Leo Szilard, one of the scientists who pushed for the development of nuclear weapons. He wrote them as part of a petition signed by dozens of other scientists who had worked on the Manhattan Project pleading with President Harry Truman not to use the nuclear bomb on Japan.

Mere months after its introduction in 1945, the architects of today’s nuclear world feared the implications of the technology they had created.

Nearly 75 years later it’s time again to ask technologists, innovators, entrepreneurs and academics: will you be party to the ‘ruthless annihilation of cities’? Will you expend your talents in the service of nuclear weapons? Will you use technology to create or to destroy?

Our moment of choice

Humanity is at another turning point.

A new nuclear arms race has begun in earnest with the US and Russia leading the way; tearing up the promise of lasting peace in favor of a new Cold War. Russia’s latest weapon is built to destroy entire coast lines with a radioactive tsunami. The US is building new nuclear weapons that are ‘more likely to be used’.

Meanwhile, North Korea appears to again be building its nascent nuclear weapons program. And India and Pakistan stand on the verge of open nuclear conflict, which climate modeling shows could lead to a global famine killing upwards of 2 billion people.

An Indian student wearing a mask poses with her hands painted with a slogans for peace during a rally to mark Hiroshima Day, in Mumbai on August 6, 2018. (PUNIT PARANJPE/AFP/Getty Images)

How do we stop this march toward oblivion?

The Treaty on the Prohibition of Nuclear Weapons has created an opening — a chance to radically change course with the power of international law and shifting norms. The nuclear ban treaty will become international law once 50 nations have ratified it. We are already at 22.

The financial world is also recognizing the risk, with some of the world’s biggest pension funds divesting from nuclear weapons. But there is something even more powerful than the almighty dollar; human capital.

“It took innovation, technological disruption, and ingenuity to create the nuclear dawn. We will need those same forces in greater measure to bring about a nuclear dusk.”

The nuclear weapons industrial complex relies on the most talented scientists, engineers, physicists and technologists to build this deadly arsenal. As more of that talent moves into the tech sector, defense contractors and the Pentagon is seeking to work with major technology companies and disruptive startups, as well as continue their work with universities.

Without those talented technologists, there would be no new nuclear arms race. It’s time to divest human capital from nuclear weapons.

A mistake to end humanity?

Just over one year ago Hawaiians took cover and frantically Googled, “What to do during a nuclear attack”. Days later many Japanese mobile phone users also received a false alert for an inbound nuclear missile.

The combination of human error and technological flaws these incidents exposed makes accidental nuclear attacks an inevitability if we don’t move to end nuclear weapons before they end us.

The development of new machine learning technologies, autonomous weapons systems, cyber threats and social media manipulation are already destabilizing the global political order and potentially increasing the risk of a nuclear cataclysm. That is why it’s vital that the technology community collectively commits to using their skills and knowledge to protect us from nuclear eradication by joining the effort for global nuclear abolition.

A mock “killer robot” is pictured in central London on April 23, 2013 during the launching of the Campaign to Stop “Killer Robots,” which calls for the ban of lethal robot weapons that would be able to select and attack targets without any human intervention. The Campaign to Stop Killer Robots calls for a pre-emptive and comprehensive ban on the development, production, and use of fully autonomous weapons. (Photo: CARL COURT/AFP/Getty Images)

We need to stop this foolish nuclear escalation in its tracks. Our commitment must be to a nuclear weapons-free world, by disrupting the trajectory we are currently heading on. Business as usual will likely end in nuclear war.

It took innovation, technological disruption, and ingenuity to create the nuclear dawn. We will need those same forces in greater measure to bring about a nuclear dusk — the complete disarmament of nuclear-armed states and safeguards against future proliferation.

The belief that we can keep doing what we have done for seven decades for another seven decades is naive. It relies on a fanciful, misplaced faith in the illogical idea of deterrence. We are told simultaneously that nuclear weapons keep the world safe, by never being used. They bestow power, but only make certain states powerful.

This fallacy has been exposed by this moment in time. Thirty years after the end of the Cold War, nuclear weapons have proliferated. Key treaties have been torn up or are under threat. And even more states are threatening to develop nuclear weapons.

So I am putting out a call to you: join us with this necessary disruption; declare that you will not have a hand in our demise; declare that you will use technology for good.

News Source = techcrunch.com

Transportation Weekly: Waymo unleashes laser bear, Bird spreads its wings, Lyft tightens its belt

in alex roy/api/articles/Artificial Intelligence/austin/Automotive/AV/Barcelona/Cabify/california/Canada/ceo/China/Chris Urmson/Delhi/driver/DroneDeploy/Elon Musk/Emerging-Technologies/eurolines/Ford/France/General Partner/geneva/Google/India/Ingrid Lunden/internet connectivity/Kirsten Korosec/laser/latin america/Lidar/lucas matney/Lyft/Malcolm Gladwell/mercedes/mobike/Natasha Lomas/New Zealand/nvidia/operating system/OurCrowd/Ouster/Pandora/Politics/Quanergy/reporter/sacramento/Samsung/san jose/self-driving cars/simulation/spain/subscription services/TechCrunch/Technology/Tesla/transport/Transportation/Transportation Weekly/Travis VanderZanden/Uber/United Kingdom/United States/Velodyne/viper/VOI Technology/volkswagen/waymo/willows/zack Whittaker/Zipcar by

Welcome back to Transportation Weekly; I’m your host Kirsten Korosec, senior transportation reporter at TechCrunch . This is the fifth edition of our newsletter and we love the reader feedback. Keep it coming.

Never heard of TechCrunch’s Transportation Weekly? Catch up here, here and here. As I’ve written before, consider this a soft launch. Follow me on Twitter @kirstenkorosec to ensure you see it each week. (An email subscription is coming). 

This week, we explore the world of light detection and ranging sensors known as LiDAR, young drivers, trouble in Barcelona, autonomous trucks in California, and China among other things.


ONM …

There are OEMs in the automotive world. And here, (wait for it) there are ONMs — original news manufacturers. (Cymbal clash!) This is where investigative reporting, enterprise pieces and analysis on transportation lives.

This week, we’re going to put our on analysis hats as we explore the world of LiDAR, a sensor that measures distance using laser light to generate highly accurate 3D maps of the world around the car. LiDAR is considered by most in the self-driving car industry (Tesla CEO Elon Musk being one exception) a key piece of technology required to safely deploy robotaxis and other autonomous vehicles.

There are A LOT of companies working on LiDAR. Some counts track upwards of 70. For years now, Velodyne has been the primary supplier of LiDAR sensors to companies developing autonomous vehicles. Waymo, back when it was just the Google self-driving project, even used Velodyne LiDAR sensors until 2012.

Dozens of startups have sprung up with Velodyne in its sights. But now Waymo has changed the storyline.

To catch you up: Waymo announced this week that it will start selling its custom LiDAR sensors — the technology that was at the heart of a trade secrets lawsuit last year against Uber.

Waymo’s entry into the market doesn’t necessarily upend other companies’ plans. Waymo is going to sell its short range LiDAR, called Laser Bear Honeycomb, to companies outside of self-driving cars. It will initially target robotics, security and agricultural technology.

It does put pressure on startups, particularly those with less capital or those targeting the same customer base. Pitchbook ran the numbers for us to determine where the LiDAR industry sits at the moment. There are two stories here: there are a handful of well capitalized startups and we may have reached “peak” LiDAR. Last year, there were 28 VC deals in LiDAR technology valued at $650 million. The number of deals was slightly lower than in 2017, but the values jumped by nearly 34 percent.

The top global VC-backed LiDAR technology companies (by post valuation) are Quanergy, Velodyne (although mostly corporate backed), Aurora (not self-driving company Aurora Innovation), Ouster, and DroneDeploy. The graphic below, also courtesy of Pitchbook, shows the latest figures as of January 31, 2019.

Dig In

Researchers discovered that two popular car alarm systems were vulnerable to a manipulated server-side API that could be abused to take control of an alarm system’s user account and their vehicle.

The companies — Russian alarm maker Pandora and California-based Viper (or Clifford in the U.K.) — have fixed the  security vulnerabilities that allowed researchers to remotely track, hijack and take control of vehicles with the alarms installed. What does this all mean?

Our in-house security expert and reporter Zack Whittaker digs in and gives us a reality check. Follow him @zackwhittaker.

Since the first widely publicized car hack in 2015 proved hijacking and controlling a car was possible, it’s opened the door to understanding the wider threat to modern vehicles.

Most modern cars have internet connectivity, making their baseline surface area of attack far greater than a car that doesn’t. But the effort that goes into remotely controlling a vehicle is difficult and convoluted, and the attack — often done by chaining together a set of different vulnerabilities — can take weeks or even longer to develop.

Keyfob or replay attacks are far more likely than say remote attacks over the internet or cell network. A keyfob sends an “unlock” signal, a device captures that signal and replays it. By replaying it you can unlock the car.

This latest car hack, featuring flawed third-party car alarms, was far easier to exploit, because the alarm systems added a weakness to the vehicles that weren’t there to begin with. Car makers, with vast financial and research resources, do a far greater job at securing their vehicle than the small companies that focus on functionality over security. For now, the bigger risk comes from third parties in the automobile space, but the car makers can’t afford to drop their game either.


A little bird …

We hear a lot. But we’re not selfish. Let’s share.

blinky-cat-bird

The California Department Motor Vehicles is the government body that regulates autonomous vehicle testing on public roads. The job of enforcement falls to the California Highway Patrol.

In an effort to gauge the need for more robust testing guidelines, the California Highway Patrol decided to hold an event at its headquarters in Sacramento. Eight companies working on autonomous trucking technology were invited. It was supposed to be a large event with local and state politicians in attendance. And it was supposed to validate autonomous trucking as an emerging industry.

There’s just one problem: only one AV trucking company is willing and able to complete this course. We hear that this AV startup actually already went ahead and completed the test course.

The California Highway Patrol has postponed event, for now, presumably until more companies can join.

Got a tip or overheard something in the world of transportation? Email me or send a direct message to @kirstenkorosec.


Deal of the week

Instead of highlighting one giant deal, let’s step back and take a broader view of mobility this week. The upshot: 2018 saw a decline in total investments in the sector and money moved away from ride-hailing and towards two-wheeled transportation.

According to new research from EY, mobility investments in 2018 reached $39.1 billion, down from $55.2 billion in the previous year. (The figures EY provided was through November 2018).

Ride-hailing companies raised $7.1 billion in 2018, a 73 percent decline from the previous year when $26.7 billion poured into this sector.

Investors, it seems, are shifting their focus to other business models, notably first and last-mile connectivity. EY estimates $7 billion was invested in two-wheeler mobility companies such as bike-sharing and electric scooters in 2018. The U.S. and China together have contributed to more than 80 percent of overall two-wheeler mobility investments this year alone, according to EY research shared with TechCrunch.

Other deals:


Snapshot

Let’s talk about Generation Z, that group of young people born 1996 to the present, and one startup that is focused on turning that demographic into car owners.

There’s lots of talk and hand wringing about young people choosing not to get a driver’s license, or not buying a vehicle. In the UK, for instance, about 42 percent of young drivers aged 17 to 24, hold a driver’s license. That’s about 2.7 million people, according to the National Travel Survey 2018 (NTS) of the UK government’s department of transport. An additional 2.2 million have a provisional or learner license. Combined, that amounts to about 13 percent of the car driving population of the UK.

In the UK, evidence suggests that a rise in motoring costs have discouraged young people from learning. And there lies one opportunity that a new startup called Driver1 is targeting.

Driver 1 is a car subscription service designed exclusively for first car drivers aged 17 to 24. The company has been in stealth mode for about a year and is just now launching.

“The young driver market is being underserved by the car industry, Driver1 founder Tim Hammond told TechCrunch. “And primarily it’s the financing that’s not available for that age group. It’s also something that’s not really affordable for any of the car subscription models like Fair.com and it’s not suitable for the OEM subscription services either financially or from an age perspective for young drivers.”

The company’s own research has found this group wants a newer car for 12 to 15 months.

“The car is the extension of their device,” Hammond said, noting these drivers don’t want the old junkers. “They want their iPhones and they want the car that goes with it.”

The company is working directly with leasing companies — not dealerships — to provide young drivers with 3 to 5-year-old cars that have lost 60 percent or so of their value. Driver1 is targeting under $120 a month for the customer and has a partnership with remarketing company Manheim, which is owned by Cox Automotive.

The startup is focused on the UK for now and has about 600 members who have reserved their cars for purchase. Driver1 is aiming to capture about 10 percent of the 1 million or so young people in the UK who pass their learners permit each year. The company plans it expand to France and other European countries in the fall.


Tiny but mighty micromobility

Bird Rocking Out GIF - Find & Share on GIPHY

Ca-caw, ca-caw! That’s the sound of Bird gearing up to launch Bird Platform in New Zealand, Canada and Latin America in the coming weeks. The platform is part of Bird’s mission to bring its scooters across the world “and empower local entrepreneurs in regions where we weren’t planning to launch to run their own electric-scooter sharing program with Bird’s tech and vehicles,” Bird CEO Travis VanderZanden told TechCrunch.

MRD’s two cents: Bird Platform seems like a way for Bird to make extra cash without having to do any of the work i.e. charging the vehicles, maintaining them and working with city officials to get permits. Smart!

Meanwhile, the dolla dolla bills keep pouring into micromobility. European electric scooter startup Voi Technology raised an additional $30 million in capital. That was on top of a $50 million Series A round just three months ago.

Oh, and because micromobility isn’t just for startups, Volkswagen decided to launch a kind of weird-looking electric scooter in Geneva. Because, why not?

Megan Rose Dickey

One more thing …

Lyft is trimming staff to prepare for its IPO. TechCrunch’s Ingrid Lunden learned that the company has laid off about 50 staff in its bike and scooter division. It appears most of these folks are people who joined the Lyft through its acquisition of  electric bike sharing startup Motivate a deal that closed about three months ago.


Notable reads

It’s probably not smart to suggest another newsletter, but if you haven’t checked out Michael Dunne’s  The Chinese Are Coming newsletter, you should. Dunne has a unique perspective on what’s happening in China, particularly as it related to automotive and newer forms of mobility such as ride-hailing. One interesting nugget from his latest edition: there are more than 20 other new electric vehicle makers in China.

“Most will fall away within the next 3 to 4 years as cash runs out,” Dunne predicts.

Other quotable notables:

Here’s a fun read for the week. TechCrunch’s Lucas Matney wrote about a YC Combinator startup Jetpack Aviation.The startup has launched pre-orders this week for the moonshot of moonshots, the Speeder, a personal vertical take-off and landing vehicle with a svelte concept design that looks straight out of Star Wars or Halo.


Testing and deployments

Spanish ride-hailing firm Cabify is back operating in Barcelona, Spain despite issuing dire warnings that new regulations issued by local government would crush its business and force it to fire thousands of drivers and leave forever. Turns out forever is one month.

The Catalan Generalitat issued a decree last month imposing a wait time of at least 15 minutes between a booking being made and a passenger being picked up. The policy was made to ensure taxis and ride-hailing firms are not competing for the same passengers, following a series of taxi strikes, which included scenes of violence. Our boots on the ground reporter Natasha Lomas has the whole story.

Sure, Barcelona is just one city. But what happened in Barcelona isn’t an isolated incident. The early struggles between conventional taxis and ride-hailing operations might be over, but that doesn’t mean the matter has been settled altogether.

And it’s not likely to go away. Once, robotaxis actually hit the road en masse — and yes, that’ll be awhile — these same struggles will pop up again.

Other deployments, or, er, retreats ….

Bike share pioneer Mobike retreats to China

On the autonomous vehicle front:

China Post, the official postal service of China, and delivery and logistics companies Deppon Express, will begin autonomous package delivery services in April. The delivery trucks will operate on autonomous driving technologies developed by FABU Technology, an AI company focused on intelligent driving systems.


On our radar

There is a lot of transportation-related activity this month. Come find me.

SXSW in Austin: TechCrunch will be at SXSW. And there is a lot of mobility action here. Aurora CEO and co-founder Chris Urmson was on stage Saturday morning with Malcolm Gladwell. Mayors from a number of U.S. cities as well as companies like Ford and Mercedes are on the scene. Here’s where I’ll be. 

  • 2 p.m. to 6:30 p.m. (local time) March 9 at the Empire Garage for the Smart Mobility Summit, an annual event put on by Wards Intelligence and C3 Group. The Autonocast, the podcast I co-host with Alex Roy and Ed Niedermeyer, will also be on hand.
  • 9:30 a.m. to 10:30 a.m. (local time) March 12 at the JW Marriott. The Autonocast and founding general partner of Trucks VC, Reilly Brennan will hold a SXSW podcast panel on automated vehicle terminology and other stuff.
  • 3:30 p.m (local time) over at the Hilton Austin Downtown, I’ll be moderating a panel Re-inventing the Wheel: Own, Rent, Share, Subscribe. Sherrill Kaplan with Zipcar, Amber Quist, with Silvercar and Russell Lemmer with Dealerware will join me on stage.
  • TechCrunch is also hosting a SXSW party from 1 pm to 4 pm Sunday, March 10, 615 Red River St., that will feature musical guest Elderbrook. RSVP here

Nvidia GTC

TechCrunch (including yours truly) will also be at Nvidia’s annual GPU Technology Conference from March 18 to 21 in San Jose.

Self Racing Cars

The annual Self Racing Car event will be held March 23 and March 24 at Thunderhill Raceway near Willows, California.

There is still room for participants to test or demo their autonomous vehicles, drive train innovation, simulation, software, teleoperation, and sensors. Hobbyists are welcome. Sign up to participate or drop them a line at contact@selfracingcars.com.

Thanks for reading. There might be content you like or something you hate. Feel free to reach out to me at kirsten.korosec@techcrunch.com to share those thoughts, opinions or tips. 

Nos vemos la próxima vez.

News Source = techcrunch.com

Venture investors and startup execs say they don’t need Elizabeth Warren to defend them from big tech

in Amazon/AT&T/ben narasin/coinbase/Companies/Delhi/Economy/elizabeth warren/Entrepreneurship/Facebook/Federal Trade Commission/Google/IBM/India/kara nortman/Los Angeles/Microsoft/new enterprise associates/Politics/Private equity/social media/Startup company/TC/Technology/Technology Development/United States/upfront ventures/us government/venky ganesan/Venture Capital/Walmart/world wide web/zappos by

Responding to Elizabeth Warren’s call to regulate and break up some of the nation’s largest technology companies, the venture capitalists that invest in technology companies are advising the presidential hopeful to move slowly and not break anything.

Warren’s plan called for regulators to be appointed to oversee the unwinding of several acquisitions that were critical to the development of the core technology that make Alphabet’s Google and the social media giant Facebook so profitable… and Zappos.

Warren also wanted regulation in place that would block companies making over $25 billion that operate as social media or search platforms or marketplaces from owning companies that also sell services on those marketplaces.

As a whole, venture capitalists viewing the policy were underwhelmed.

“As they say on Broadway, ‘you gotta have a gimmick’ and this is clearly Warren’s,” says Ben Narasin, an investor at one of the nation’s largest investment firms,” New Enterprise Associates, which has $18 billion in assets under management and has invested in consumer companies like Jet, an online and mobile retailer that competed with Amazon and was sold to Walmart for $3.3 billion.

“Decades ago, at the peak of Japanese growth as a technology competitor on the global stage, the U.S. government sought to break up IBM . This is not a new model, and it makes no sense,” says Narasin. “We slow down our country, our economy and our ability to innovate when the government becomes excessively aggressive in efforts to break up technology companies, because they see them through a prior-decades lens, when they are operating in a future decade reality. This too shall pass.”

Balaji Sirinivasan, the chief technology officer of Coinbase, took to Twitter to offer his thoughts on the Warren plan. “If big companies like Google, Facebook and Amazon are prevented from acquiring startups, that actually reduces competition,” Sirinivasan writes.

“There are two separate issues here that are being conflated. One issue is do we need regulation on the full platform companies. And the answer is absolutely,” says Venky Ganesan, the managing director of Menlo Ventures. “These platforms have a huge impact on society at large and they have huge influence.”

But while the platforms need to be regulated, Ganesan says, Senator Warren’s approach is an exercise in overreach.

“That plan is like taking a bazooka to a knife fight. It’s overwhelming and it’s not commensurate with the issues,” Ganesan says. “I don’t think at the end of the day venture capital is worrying about competition from these big platform companies. [And] as the proposal is composed it would create more obstacles rather than less.”

Using Warren’s own example of the antitrust cases that were brought against companies like AT&T and Microsoft is a good model for how to proceed, Ganesan says. “We want to have the technocrats at the FTC figure out the right way to bring balance.”

Kara Nortman, a partner with the Los Angeles-based firm Upfront Ventures, is also concerned about the potential unforeseen consequences of Warren’s proposals.

“The specifics of the policy as presented strike me as having potentially negative consequences for innovation. These companies are funding massive innovation initiatives in our country. They’re creating jobs and taking risks in areas of technology development where we could potentially fall behind other countries and wind up reducing our quality of life,” Nortman says. “We’re not seeing that innovation or initiative come from the government — or that support for encouraging immigration and by extension embracing the talented foreign entrepreneurs that could develop new technologies and businesses.”

Nortman sees the Warren announcement as an attempt to start a dialog between government regulators and big technology companies.

“My hope is that this is the beginning of a dialogue that is constructive,” Nortman says. “And since Elizabeth Warren is a thoughtful policymaker, this is likely the first salvo toward an engagement with the technology community to work collaboratively on issues that we all want to see solved and that some of us are dedicating our career in venture to help solving.”

News Source = techcrunch.com

Google will bring its Assistant to Android Messages

in allo/Android/Apps/Artificial Intelligence/Assistant/computing/Delhi/Google/Google Allo/India/machine learning/messaging apps/mobile/mobile software/MWC 2018/operating system/Politics/Software/Technology by

It’s only been a few weeks since Google brought the Assistant to Google Maps to help you reply to messages, play music and more. This feature first launched in English and will soon start rolling out to all Assistant phone languages. In addition, Google also today announced that the Assistant will come to Android Messages, the standard text messaging app on Google’s mobile operating system, in the coming months.

If you remember Allo, Google’s last failed messaging app, then a lot of this will sound familiar. For Allo, after all, Assistant support was one of the marquee features. The different, though, is that for the time being, Google is mostly using the Assistant as an additional layer of smarts in Messages while in Allo, you could have full conversations with a special Assistant bot.

In Messages, the Assistant will automatically pop up suggestion chips when you are having conversations with somebody about movies, restaurants and the weather. That’s a pretty limited feature set for now, though Google tells us that it plans to expand it over time.

What’s important here is that the suggestions are generated on your phone (and that may be why the machine learning model is limited, too, since it has to run locally). Google is clearly aware that people don’t want the company to get any information about their private text chats. Once you tap on one of the Assistant suggestions, though, Google obviously knows that you were talking about a specific topic, even though the content of the conversation itself is never sent to Google’s servers. The person you are chatting with will only see the additional information when you push it to them.

News Source = techcrunch.com

New flaws in 4G, 5G allow attackers to intercept calls and track phone locations

in 5g/Asia/Delhi/Europe/GSM/India/mobile security/Politics/privacy/san diego/Security/spokesperson/surveillance/Technology/telecommunications/torpedo/United States/Verizon by

A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users.

The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as “stingrays.” But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users.

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch in an email.

Hussain, along with Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa are set to reveal their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.

“Any person with a little knowledge of cellular paging protocols can carry out this attack… such as phone call interception, location tracking, or targeted phishing attacks.” Syed Rafiul Hussain, Purdue University

The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location. Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like as Amber alerts or blocking messages altogether, the researchers say.

Torpedo opens the door to two other attacks: Piercer, which the researchers say allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the aptly named IMSI-Cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.

That puts even the newest 5G-capable devices at risk from stingrays, said Hussain, which law enforcement use to identify someone’s real-time location and log all the phones within its range. Some of the more advanced devices are believed to be able to intercept calls and text messages, he said.

According to Hussain, all four major U.S. operators — AT&T, Verizon (which owns TechCrunch), Sprint and T-Mobile — are affected by Torpedo, and the attacks can carried out with radio equipment costing as little as $200. One U.S. network, which he would not name, was also vulnerable to the Piercer attack.

The Torpedo attack — or “TRacking via Paging mEssage DistributiOn. (Image: supplied)

We contacted the big four cell giants, but none provided comment by the time of writing. If that changes, we’ll update.

Given two of the attacks exploit flaws in the 4G and 5G standards, almost all the cell networks outside the U.S. are vulnerable to these attacks, said Hussain.  Several networks in Europe and Asia are also vulnerable.

Given the nature of the attacks, he said, the researchers are not releasing the proof-of-concept code to exploit the flaws.

It’s the latest blow to cellular network security, which has faced intense scrutiny no more so than in the last year for flaws that have allowed the interception of calls and text messages. Vulnerabilities in Signaling System 7, used by cell networks to route calls and messages across networks, are under active exploitation by hackers. While 4G was meant to be more secure, research shows that it’s just as vulnerable as its 3G predecessor. And, 5G was meant to fix many of the intercepting capabilities but European data security authorities warned of similar flaws.

Hussain said the flaws were reported to the GSMA, an industry body that represents mobile operators. GSMA recognized the flaws, but a spokesperson was unable to provide comment when reached. It isn’t known when the flaws will be fixed.

Hussain said the Torpedo and IMSI-Cracking flaws would have to be first fixed by the GSMA, whereas a fix for Piercer depends solely on the carriers. Torpedo remains the priority as it precursors the other flaws, said Hussain.

The paper comes almost exactly a year after Hussain et al revealed ten separate weaknesses in 4G LTE that allowed eavesdropping on phone calls and text messages, and spoofing emergency alerts.

News Source = techcrunch.com

1 2 3 38
Go to Top